r26197: Add bindings for libsecurity.
authorJelmer Vernooij <jelmer@samba.org>
Thu, 29 Nov 2007 13:49:47 +0000 (14:49 +0100)
committerStefan Metzmacher <metze@samba.org>
Fri, 21 Dec 2007 04:46:47 +0000 (05:46 +0100)
14 files changed:
.bzrignore
source/autogen.sh
source/lib/ldb/ldb_ildap/config.mk
source/lib/ldb/ldb_tdb/ldb_tdb_wrap.c [deleted file]
source/lib/ldb_wrap.c [deleted file]
source/lib/talloc/config.mk
source/lib/talloc/talloc.i
source/lib/tdb_wrap.c [deleted file]
source/libcli/security/config.mk
source/libcli/security/security.i [new file with mode: 0644]
source/libcli/security/tests/bindings.py [new file with mode: 0644]
source/scripting/python/config.mk
source/scripting/python/sidmodule.c [deleted file]
source/selftest/samba4_tests.sh

index 270f318..dd96e82 100644 (file)
@@ -230,3 +230,5 @@ source/libcli/swig/libcli_smb_wrap.c
 source/libcli/swig/libcli_nbt_wrap.c
 source/lib/events/events.py
 source/lib/events/events_wrap.c
+source/libcli/security/security_wrap.c
+source/libcli/security/security.py
index 9288cba..667ac89 100755 (executable)
@@ -65,7 +65,7 @@ rm -rf autom4te*.cache
 
 # Run swig if it is available
 SWIG=swig
-SWIG_FILES="./scripting/python/misc.i ./auth/auth.i ./auth/credentials/credentials.i ./lib/talloc/talloc.i ./lib/ldb/ldb.i ./lib/registry/registry.i ./lib/tdb/tdb.i ./libcli/swig/libcli_smb.i ./libcli/swig/libcli_nbt.i ./librpc/rpc/dcerpc.i lib/events/events.i"
+SWIG_FILES="./scripting/python/misc.i ./auth/auth.i ./auth/credentials/credentials.i ./lib/ldb/ldb.i ./lib/registry/registry.i ./lib/tdb/tdb.i ./libcli/swig/libcli_smb.i ./libcli/swig/libcli_nbt.i ./librpc/rpc/dcerpc.i lib/events/events.i libcli/security/security.i"
 if which $SWIG >/dev/null 2>&1; then
        for I in $SWIG_FILES
        do
index 71887c1..f7ed346 100644 (file)
@@ -3,6 +3,7 @@
 [MODULE::ldb_ildap]
 SUBSYSTEM = LIBLDB
 CFLAGS = -Ilib/ldb/include
+OUTPUT_TYPE = SHARED_LIBRARY
 PRIVATE_DEPENDENCIES = LIBTALLOC LIBCLI_LDAP
 INIT_FUNCTION = ldb_ildap_init
 ALIASES = ldapi ldaps ldap
diff --git a/source/lib/ldb/ldb_tdb/ldb_tdb_wrap.c b/source/lib/ldb/ldb_tdb/ldb_tdb_wrap.c
deleted file mode 100644 (file)
index 654574c..0000000
+++ /dev/null
@@ -1,153 +0,0 @@
-/* 
-   ldb database library
-
-   Copyright (C) Andrew Tridgell  2005
-
-     ** NOTE! The following LGPL license applies to the ldb
-     ** library. This does NOT imply that all of Samba is released
-     ** under the LGPL
-   
-   This library is free software; you can redistribute it and/or
-   modify it under the terms of the GNU Lesser General Public
-   License as published by the Free Software Foundation; either
-   version 3 of the License, or (at your option) any later version.
-
-   This library is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-   Lesser General Public License for more details.
-
-   You should have received a copy of the GNU Lesser General Public
-   License along with this library; if not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "ldb_includes.h"
-
-#include "ldb_tdb.h"
-
-/*
-  the purpose of this code is to work around the braindead posix locking
-  rules, to allow us to have a ldb open more than once while allowing 
-  locking to work
-*/
-
-struct ltdb_wrap {
-       struct ltdb_wrap *next, *prev;
-       struct tdb_context *tdb;
-       dev_t device;
-       ino_t inode;
-};
-
-static struct ltdb_wrap *tdb_list;
-
-/* destroy the last connection to a tdb */
-static int ltdb_wrap_destructor(struct ltdb_wrap *w)
-{
-       tdb_close(w->tdb);
-       if (w->next) {
-               w->next->prev = w->prev;
-       }
-       if (w->prev) {
-               w->prev->next = w->next;
-       }
-       if (w == tdb_list) {
-               tdb_list = w->next;
-       }
-       return 0;
-}                               
-
-static void ltdb_log_fn(struct tdb_context *tdb, enum tdb_debug_level level, const char *fmt, ...) PRINTF_ATTRIBUTE(3, 4);
-static void ltdb_log_fn(struct tdb_context *tdb, enum tdb_debug_level level, const char *fmt, ...)
-{
-       va_list ap;
-       const char *name = tdb_name(tdb);
-       struct ldb_context *ldb = talloc_get_type(tdb_get_logging_private(tdb), struct ldb_context);
-       enum ldb_debug_level ldb_level;
-       char *message; 
-       va_start(ap, fmt);
-       message = talloc_vasprintf(ldb, fmt, ap);
-       va_end(ap);
-
-       switch (level) {
-       case TDB_DEBUG_FATAL:
-               ldb_level = LDB_DEBUG_FATAL;
-               break;
-       case TDB_DEBUG_ERROR:
-               ldb_level = LDB_DEBUG_ERROR;
-               break;
-       case TDB_DEBUG_WARNING:
-               ldb_level = LDB_DEBUG_WARNING;
-               break;
-       case TDB_DEBUG_TRACE:
-               ldb_level = LDB_DEBUG_TRACE;
-               break;
-       default:
-               ldb_level = LDB_DEBUG_FATAL;
-       }
-
-       ldb_debug(ldb, ldb_level, "ltdb: tdb(%s): %s", name, message);
-       talloc_free(message);
-}
-
-/*
-  wrapped connection to a tdb database. The caller should _not_ free
-  this as it is not a talloc structure (as tdb does not use talloc
-  yet). It will auto-close when the caller frees the mem_ctx that is
-  passed to this call
- */
-struct tdb_context *ltdb_wrap_open(TALLOC_CTX *mem_ctx,
-                                  const char *path, int hash_size, 
-                                  int tdb_flags,
-                                  int open_flags, mode_t mode, 
-                                  struct ldb_context *ldb)
-{
-       struct ltdb_wrap *w;
-       struct stat st;
-       struct tdb_logging_context log_ctx;
-
-       log_ctx.log_fn = ltdb_log_fn;
-       log_ctx.log_private = ldb;
-
-       if (stat(path, &st) == 0) {
-               for (w=tdb_list;w;w=w->next) {
-                       if (st.st_dev == w->device && st.st_ino == w->inode) {
-                               if (!talloc_reference(mem_ctx, w)) {
-                                       return NULL;
-                               }
-                               return w->tdb;
-                       }
-               }
-       }
-
-       w = talloc(mem_ctx, struct ltdb_wrap);
-       if (w == NULL) {
-               return NULL;
-       }
-
-       w->tdb = tdb_open_ex(path, hash_size, tdb_flags, open_flags, mode, &log_ctx, NULL);
-       if (w->tdb == NULL) {
-               talloc_free(w);
-               return NULL;
-       }
-
-       if (fstat(tdb_fd(w->tdb), &st) != 0) {
-               tdb_close(w->tdb);
-               talloc_free(w);
-               return NULL;
-       }
-
-       w->device = st.st_dev;
-       w->inode  = st.st_ino;
-
-       talloc_set_destructor(w, ltdb_wrap_destructor);
-
-       w->next = tdb_list;
-       w->prev = NULL;
-       if (tdb_list) {
-               tdb_list->prev = w;
-       }
-       tdb_list = w;
-       
-       return w->tdb;
-}
-
diff --git a/source/lib/ldb_wrap.c b/source/lib/ldb_wrap.c
deleted file mode 100644 (file)
index 21ca049..0000000
+++ /dev/null
@@ -1,186 +0,0 @@
-/* 
-   Unix SMB/CIFS implementation.
-
-   LDB wrap functions
-
-   Copyright (C) Andrew Tridgell 2004
-   
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 3 of the License, or
-   (at your option) any later version.
-   
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-   
-   You should have received a copy of the GNU General Public License
-   along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
-/*
-  the stupidity of the unix fcntl locking design forces us to never
-  allow a database file to be opened twice in the same process. These
-  wrappers provide convenient access to a tdb or ldb, taking advantage
-  of talloc destructors to ensure that only a single open is done
-*/
-
-#include "includes.h"
-#include "lib/events/events.h"
-#include "lib/ldb/include/ldb.h"
-#include "lib/ldb/include/ldb_errors.h"
-#include "lib/ldb-samba/ldif_handlers.h"
-#include "ldb_wrap.h"
-#include "dsdb/samdb/samdb.h"
-#include "param/param.h"
-
-/*
-  this is used to catch debug messages from ldb
-*/
-static void ldb_wrap_debug(void *context, enum ldb_debug_level level, 
-                          const char *fmt, va_list ap)  PRINTF_ATTRIBUTE(3,0);
-
-static void ldb_wrap_debug(void *context, enum ldb_debug_level level, 
-                          const char *fmt, va_list ap)
-{
-       int samba_level;
-       char *s = NULL;
-       switch (level) {
-       case LDB_DEBUG_FATAL:
-               samba_level = 0;
-               break;
-       case LDB_DEBUG_ERROR:
-               samba_level = 1;
-               break;
-       case LDB_DEBUG_WARNING:
-               samba_level = 2;
-               break;
-       case LDB_DEBUG_TRACE:
-               samba_level = 5;
-               break;
-               
-       };
-       vasprintf(&s, fmt, ap);
-       if (!s) return;
-       DEBUG(level, ("ldb: %s\n", s));
-       free(s);
-}
-
-/* check for memory leaks on the ldb context */
-static int ldb_wrap_destructor(struct ldb_context *ldb)
-{
-       size_t *startup_blocks = (size_t *)ldb_get_opaque(ldb, "startup_blocks");
-       if (startup_blocks &&
-           talloc_total_blocks(ldb) > *startup_blocks + 400) {
-               DEBUG(0,("WARNING: probable memory leak in ldb %s - %lu blocks (startup %lu) %lu bytes\n",
-                        (char *)ldb_get_opaque(ldb, "wrap_url"), 
-                        (unsigned long)talloc_total_blocks(ldb), 
-                        (unsigned long)*startup_blocks,
-                        (unsigned long)talloc_total_size(ldb)));
-#if 0
-               talloc_report_full(ldb, stdout);
-               call_backtrace();
-               smb_panic("probable memory leak in ldb");
-#endif
-       }
-       return 0;
-}                               
-
-/*
-  wrapped connection to a ldb database
-  to close just talloc_free() the returned ldb_context
-
-  TODO:  We need an error_string parameter
- */
-struct ldb_context *ldb_wrap_connect(TALLOC_CTX *mem_ctx,
-                                    struct loadparm_context *lp_ctx,
-                                    const char *url,
-                                    struct auth_session_info *session_info,
-                                    struct cli_credentials *credentials,
-                                    unsigned int flags,
-                                    const char *options[])
-{
-       struct ldb_context *ldb;
-       int ret;
-       struct event_context *ev;
-       char *real_url = NULL;
-       size_t *startup_blocks;
-
-       ldb = ldb_init(mem_ctx);
-       if (ldb == NULL) {
-               return NULL;
-       }
-
-       ldb_set_modules_dir(ldb, 
-                           talloc_asprintf(ldb, "%s/ldb", lp_modulesdir(lp_ctx)));
-
-       /* we want to use the existing event context if possible. This
-          relies on the fact that in smbd, everything is a child of
-          the main event_context */
-       ev = event_context_find(ldb);
-
-       if (ldb_set_opaque(ldb, "EventContext", ev)) {
-               talloc_free(ldb);
-               return NULL;
-       }
-
-       if (ldb_set_opaque(ldb, "sessionInfo", session_info)) {
-               talloc_free(ldb);
-               return NULL;
-       }
-
-       if (ldb_set_opaque(ldb, "credentials", credentials)) {
-               talloc_free(ldb);
-               return NULL;
-       }
-       
-       if (strcmp(lp_sam_url(lp_ctx), url) == 0) {
-               dsdb_set_global_schema(ldb);
-       }
-
-       ret = ldb_register_samba_handlers(ldb);
-       if (ret == -1) {
-               talloc_free(ldb);
-               return NULL;
-       }
-
-       ldb_set_debug(ldb, ldb_wrap_debug, NULL);
-
-       ldb_set_utf8_fns(ldb, NULL, wrap_casefold);
-
-       real_url = private_path(ldb, lp_ctx, url);
-       if (real_url == NULL) {
-               talloc_free(ldb);
-               return NULL;
-       }
-
-       /* allow admins to force non-sync ldb for all databases */
-       if (lp_parm_bool(lp_ctx, NULL, "ldb", "nosync", false)) {
-               flags |= LDB_FLG_NOSYNC;
-       }
-
-       /* we usually want Samba databases to be private. If we later
-          find we need one public, we will need to add a parameter to
-          ldb_wrap_connect() */
-       ldb_set_create_perms(ldb, 0600);
-       
-       ret = ldb_connect(ldb, real_url, flags, options);
-       if (ret != LDB_SUCCESS) {
-               talloc_free(ldb);
-               return NULL;
-       }
-
-       /* setup for leak detection */
-       ldb_set_opaque(ldb, "wrap_url", real_url);
-       startup_blocks = talloc(ldb, size_t);
-       *startup_blocks = talloc_total_blocks(ldb);
-       ldb_set_opaque(ldb, "startup_blocks", startup_blocks);
-       
-       talloc_set_destructor(ldb, ldb_wrap_destructor);
-
-       return ldb;
-}
-
-
-
index 714ad72..942ced6 100644 (file)
@@ -1,13 +1,8 @@
-################################################
-# Start LIBRARY LIBTALLOC
 [LIBRARY::LIBTALLOC]
-VERSION = 0.0.1
-SO_VERSION = 0
+VERSION = 1.0.0
+SO_VERSION = 1
 OBJ_FILES = talloc.o
 MANPAGE = talloc.3
 CFLAGS = -Ilib/talloc
 PUBLIC_HEADERS = talloc.h
 DESCRIPTION = A hierarchical pool based memory system with destructors
-#
-# End LIBRARY LIBTALLOC
-################################################
index 593c204..c35d5d2 100644 (file)
@@ -19,8 +19,6 @@
 /* Don't expose talloc contexts in Python code. Python does reference 
    counting for us, so just create a new top-level talloc context.
  */
-%module talloc;
-
 %typemap(in, numinputs=0) TALLOC_CTX * {
     $1 = NULL;
 }
diff --git a/source/lib/tdb_wrap.c b/source/lib/tdb_wrap.c
deleted file mode 100644 (file)
index 37095df..0000000
+++ /dev/null
@@ -1,117 +0,0 @@
-/* 
-   Unix SMB/CIFS implementation.
-   TDB wrap functions
-
-   Copyright (C) Andrew Tridgell 2004
-   Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
-   
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 3 of the License, or
-   (at your option) any later version.
-   
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-   
-   You should have received a copy of the GNU General Public License
-   along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "includes.h"
-#include "lib/tdb/include/tdb.h"
-#include "lib/util/dlinklist.h"
-#include "tdb_wrap.h"
-#include "tdb.h"
-
-static struct tdb_wrap *tdb_list;
-
-/* destroy the last connection to a tdb */
-static int tdb_wrap_destructor(struct tdb_wrap *w)
-{
-       tdb_close(w->tdb);
-       DLIST_REMOVE(tdb_list, w);
-       return 0;
-}                               
-
-/*
- Log tdb messages via DEBUG().
-*/
-static void tdb_wrap_log(TDB_CONTEXT *tdb, enum tdb_debug_level level, 
-                        const char *format, ...) PRINTF_ATTRIBUTE(3,4);
-
-static void tdb_wrap_log(TDB_CONTEXT *tdb, enum tdb_debug_level level, 
-                        const char *format, ...)
-{
-       va_list ap;
-       char *ptr = NULL;
-       int debug_level;
-
-       va_start(ap, format);
-       vasprintf(&ptr, format, ap);
-       va_end(ap);
-       
-       switch (level) {
-       case TDB_DEBUG_FATAL:
-               debug_level = 0;
-               break;
-       case TDB_DEBUG_ERROR:
-               debug_level = 1;
-               break;
-       case TDB_DEBUG_WARNING:
-               debug_level = 2;
-               break;
-       case TDB_DEBUG_TRACE:
-               debug_level = 5;
-               break;
-       default:
-               debug_level = 0;
-       }               
-
-       if (ptr != NULL) {
-               const char *name = tdb_name(tdb);
-               DEBUG(debug_level, ("tdb(%s): %s", name ? name : "unnamed", ptr));
-               free(ptr);
-       }
-}
-
-
-/*
-  wrapped connection to a tdb database
-  to close just talloc_free() the tdb_wrap pointer
- */
-struct tdb_wrap *tdb_wrap_open(TALLOC_CTX *mem_ctx,
-                              const char *name, int hash_size, int tdb_flags,
-                              int open_flags, mode_t mode)
-{
-       struct tdb_wrap *w;
-       struct tdb_logging_context log_ctx;
-       log_ctx.log_fn = tdb_wrap_log;
-
-       for (w=tdb_list;w;w=w->next) {
-               if (strcmp(name, w->name) == 0) {
-                       return talloc_reference(mem_ctx, w);
-               }
-       }
-
-       w = talloc(mem_ctx, struct tdb_wrap);
-       if (w == NULL) {
-               return NULL;
-       }
-
-       w->name = talloc_strdup(w, name);
-
-       w->tdb = tdb_open_ex(name, hash_size, tdb_flags, 
-                            open_flags, mode, &log_ctx, NULL);
-       if (w->tdb == NULL) {
-               talloc_free(w);
-               return NULL;
-       }
-
-       talloc_set_destructor(w, tdb_wrap_destructor);
-
-       DLIST_ADD(tdb_list, w);
-
-       return w;
-}
index 3c97ec4..ff7480c 100644 (file)
@@ -1,5 +1,3 @@
-#################################
-# Start SUBSYSTEM LIBSECURITY
 [SUBSYSTEM::LIBSECURITY]
 PRIVATE_PROTO_HEADER = proto.h
 OBJ_FILES = security_token.o \
@@ -9,5 +7,7 @@ OBJ_FILES = security_token.o \
                privilege.o \
                sddl.o
 PUBLIC_DEPENDENCIES = NDR_MISC
-# End SUBSYSTEM LIBSECURITY
-#################################
+
+[PYTHON::swig_security]
+SWIG_FILE = security.i
+PRIVATE_DEPENDENCIES = LIBSECURITY
diff --git a/source/libcli/security/security.i b/source/libcli/security/security.i
new file mode 100644 (file)
index 0000000..cc5afb4
--- /dev/null
@@ -0,0 +1,121 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+%module(package="samba.security") security
+
+%{
+#include "includes.h"
+#include "libcli/security/security.h"
+
+typedef struct dom_sid dom_sid;
+typedef struct security_token security_token;
+typedef struct security_descriptor security_descriptor;
+%}
+
+%import "../../lib/talloc/talloc.i"
+%import "../util/errors.i"
+%import "stdint.i"
+
+enum sec_privilege {
+       SEC_PRIV_SECURITY=1,
+       SEC_PRIV_BACKUP=2,
+       SEC_PRIV_RESTORE=3,
+       SEC_PRIV_SYSTEMTIME=4,
+       SEC_PRIV_SHUTDOWN=5,
+       SEC_PRIV_REMOTE_SHUTDOWN=6,
+       SEC_PRIV_TAKE_OWNERSHIP=7,
+       SEC_PRIV_DEBUG=8,
+       SEC_PRIV_SYSTEM_ENVIRONMENT=9,
+       SEC_PRIV_SYSTEM_PROFILE=10,
+       SEC_PRIV_PROFILE_SINGLE_PROCESS=11,
+       SEC_PRIV_INCREASE_BASE_PRIORITY=12,
+       SEC_PRIV_LOAD_DRIVER=13,
+       SEC_PRIV_CREATE_PAGEFILE=14,
+       SEC_PRIV_INCREASE_QUOTA=15,
+       SEC_PRIV_CHANGE_NOTIFY=16,
+       SEC_PRIV_UNDOCK=17,
+       SEC_PRIV_MANAGE_VOLUME=18,
+       SEC_PRIV_IMPERSONATE=19,
+       SEC_PRIV_CREATE_GLOBAL=20,
+       SEC_PRIV_ENABLE_DELEGATION=21,
+       SEC_PRIV_INTERACTIVE_LOGON=22,
+       SEC_PRIV_NETWORK_LOGON=23,
+       SEC_PRIV_REMOTE_INTERACTIVE_LOGON=24
+};
+
+%rename(SecurityToken) security_token;
+
+typedef struct security_token { 
+    %extend {
+        security_token(TALLOC_CTX *mem_ctx) { return security_token_initialise(mem_ctx); }
+        ~security_token() { talloc_free($self); }
+        bool is_sid(const struct dom_sid *sid);
+        bool is_system();
+        bool is_anonymous();
+        bool has_sid(const struct dom_sid *sid);
+        bool has_builtin_administrators();
+        bool has_nt_authenticated_users();
+        bool has_privilege(enum sec_privilege privilege);
+        void set_privilege(enum sec_privilege privilege);
+    }
+} security_token;
+
+typedef struct security_descriptor {
+    %extend {
+        security_descriptor(TALLOC_CTX *mem_ctx) { return security_descriptor_initialise(mem_ctx); }
+        ~security_descriptor() { talloc_free($self); }
+        NTSTATUS sacl_add(const struct security_ace *ace);
+        NTSTATUS dacl_add(const struct security_ace *ace);
+        NTSTATUS dacl_del(const struct security_ace *ace);
+        NTSTATUS sacl_del(const struct security_ace *ace);
+#ifdef SWIGPYTHON
+        %rename(equal) __eq__;
+#endif
+        bool equal(const struct security_descriptor *other);
+    }
+} security_descriptor;
+
+%rename(Sid) dom_sid;
+
+typedef struct dom_sid {
+    %extend {
+        bool equal(const struct dom_sid *other);
+#ifdef SWIGPYTHON
+        const char *__str__(TALLOC_CTX *mem_ctx) {
+            return dom_sid_string(mem_ctx, $self);
+        }
+#endif
+    }
+} dom_sid;
+
+%inline %{
+static struct dom_sid *random_sid(TALLOC_CTX *mem_ctx)
+{
+    char *str = talloc_asprintf(mem_ctx, "S-1-5-21-%u-%u-%u", 
+                                (unsigned)generate_random(), 
+                                (unsigned)generate_random(), 
+                                (unsigned)generate_random());
+
+        return dom_sid_parse_talloc(mem_ctx, str);
+}
+%}
+
+%rename(privilege_name) sec_privilege_name;
+const char *sec_privilege_name(enum sec_privilege privilege);
+%rename(privilege_id) sec_privilege_id;
+enum sec_privilege sec_privilege_id(const char *name);
diff --git a/source/libcli/security/tests/bindings.py b/source/libcli/security/tests/bindings.py
new file mode 100644 (file)
index 0000000..15e2381
--- /dev/null
@@ -0,0 +1,65 @@
+#!/usr/bin/python
+
+# Unix SMB/CIFS implementation.
+# Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
+#   
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#   
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#   
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+import unittest
+import security
+
+class SecurityTokenTests(unittest.TestCase):
+    def setUp(self):
+        self.token = security.SecurityToken()
+
+    def test_is_system(self):
+        self.assertFalse(self.token.is_system())
+
+    def test_is_anonymous(self):
+        self.assertFalse(self.token.is_anonymous())
+
+    def test_has_builtin_administrators(self):
+        self.assertFalse(self.token.has_builtin_administrators())
+
+    def test_has_nt_authenticated_users(self):
+        self.assertFalse(self.token.has_nt_authenticated_users())
+
+    def test_has_priv(self):
+        self.assertFalse(self.token.has_privilege(security.SEC_PRIV_SHUTDOWN))
+
+    def test_set_priv(self):
+        self.assertFalse(self.token.has_privilege(security.SEC_PRIV_SHUTDOWN))
+        self.assertFalse(self.token.set_privilege(security.SEC_PRIV_SHUTDOWN))
+        self.assertTrue(self.token.has_privilege(security.SEC_PRIV_SHUTDOWN))
+
+
+class SecurityDescriptorTests(unittest.TestCase):
+    def setUp(self):
+        self.descriptor = security.SecurityDescriptor()
+
+
+class RandomSidTests(unittest.TestCase):
+    def test_random(self):
+        sid = security.random_sid()
+        self.assertTrue(str(sid).startswith("S-1-5-21-"))
+
+
+class PrivilegeTests(unittest.TestCase):
+    def test_privilege_name(self):
+        self.assertEquals("SeShutdownPrivilege", security.privilege_name(security.SEC_PRIV_SHUTDOWN))
+
+    def test_privilege_id(self):
+        self.assertEquals(security.SEC_PRIV_SHUTDOWN, security.privilege_id("SeShutdownPrivilege"))
+
index c396cf6..c175112 100644 (file)
@@ -6,10 +6,6 @@ OBJ_FILES = parammodule.o
 PRIVATE_DEPENDENCIES = LIBNDR 
 OBJ_FILES = uuidmodule.o
 
-[PYTHON::python_sid]
-PRIVATE_DEPENDENCIES = LIBNDR 
-OBJ_FILES = sidmodule.o
-
 [PYTHON::python_misc]
 PRIVATE_DEPENDENCIES = LIBNDR LIBLDB
 SWIG_FILE = misc.i
diff --git a/source/scripting/python/sidmodule.c b/source/scripting/python/sidmodule.c
deleted file mode 100644 (file)
index 4b199b1..0000000
+++ /dev/null
@@ -1,56 +0,0 @@
-/* 
-   Unix SMB/CIFS implementation.
-   Samba utility functions
-   Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
-   
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 3 of the License, or
-   (at your option) any later version.
-   
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-   
-   You should have received a copy of the GNU General Public License
-   along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "includes.h"
-#include "Python.h"
-#include "libcli/security/security.h"
-
-static PyObject *sid_random(PyObject *self, PyObject *args)
-{
-       char *str;
-
-       if (!PyArg_ParseTuple(args, ""))
-               return NULL;
-
-       str = talloc_asprintf(NULL, "S-1-5-21-%u-%u-%u", 
-                                 (unsigned)generate_random(), 
-                                 (unsigned)generate_random(), 
-                                 (unsigned)generate_random());
-
-       if (str == NULL) {
-               PyErr_SetString(PyExc_TypeError, "can't generate random sid");
-               return NULL;
-       }
-
-       return PyString_FromString(str);
-}
-
-static PyMethodDef methods[] = {
-       { "random", (PyCFunction)sid_random, METH_VARARGS, NULL},
-       { NULL, NULL }
-};
-
-PyDoc_STRVAR(param_doc, "SID helper routines");
-
-PyMODINIT_FUNC initsid(void)
-{
-       PyObject *mod = Py_InitModule3("sid", methods, param_doc);
-       if (mod == NULL)
-               return;
-}
index ac8f4dd..b0034f8 100755 (executable)
@@ -299,4 +299,5 @@ then
        plantest "registry.python" none PYTHONPATH=bin/python:scripting/python:lib/registry/tests/ scripting/bin/subunitrun bindings
        plantest "tdb.python" none PYTHONPATH=bin/python:scripting/python:lib/tdb/python/tests scripting/bin/subunitrun simple
        plantest "auth.python" none PYTHONPATH=bin/python:scripting/python:auth/tests/ scripting/bin/subunitrun bindings
+       plantest "security.python" none PYTHONPATH=bin/python:scripting/python:libcli/security/tests/ scripting/bin/subunitrun bindings
 fi