pytest:sddl Samba had the wrong value for FA, now fix the tests

author Andrew Bartlett <abartlet@samba.org>

Wed, 26 Apr 2023 04:27:38 +0000 (16:27 +1200)

committer Andrew Bartlett <abartlet@samba.org>

Fri, 28 Apr 2023 02:15:36 +0000 (02:15 +0000)
author Andrew Bartlett <abartlet@samba.org>
Wed, 26 Apr 2023 04:27:38 +0000 (16:27 +1200)
committer Andrew Bartlett <abartlet@samba.org>
Fri, 28 Apr 2023 02:15:36 +0000 (02:15 +0000)
diff --git a/python/samba/tests/sddl.py b/python/samba/tests/sddl.py

index c1996de75ce03d80c007292de6705f74c355f76e..2e945b8799e552b95e5e107c9260aa49eac4451e 100644 (file)
--- a/python/samba/tests/sddl.py
+++ b/python/samba/tests/sddl.py
@@ -578,6 +578,44 @@ class SddlNonCanonical(SddlDecodeEncodeBase):
          ("D:AI(A;CI;RP LCLO  RC;;;AU)", "D:AI(A;CI;LCRPLORC;;;AU)"),
          # space before string flags is ignored.
          ("D:(A;; GA;;;LG)", "D:(A;;GA;;;LG)"),
+
+        # from 'samba3.blackbox.large_acl.NT1.able to retrieve a large ACL if VFS supports it'
+        (("D:(A;;0x001f01ff;;;WD)" +
+          ''.join(f"(A;;0x001f01ff;;;S-1-5-21-11111111-22222222-33333333-{i})"
+                  for i in range(1001, 1201))),
+         ("D:(A;;FA;;;WD)" +
+          ''.join(f"(A;;FA;;;S-1-5-21-11111111-22222222-33333333-{i})"
+                  for i in range(1001, 1201)))
+         ),
+
+        # from samba4.blackbox.samba-tool_ntacl, but using 0x1f01ff in place of FA (which it will become)
+        (("O:S-1-5-21-2212615479-2695158682-2101375468-512"
+          "G:S-1-5-21-2212615479-2695158682-2101375468-513"
+          "D:P(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375468-512)"
+          "(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375468-519)"
+          "(A;OICIIO;0x001f01ff;;;CO)"
+          "(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375468-512)"
+          "(A;OICI;0x001f01ff;;;SY)"
+          "(A;OICI;0x001200a9;;;AU)"
+          "(A;OICI;0x001200a9;;;ED)"
+          "S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;"
+          "bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
+          "(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;"
+          "bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"),
+         ("O:S-1-5-21-2212615479-2695158682-2101375468-512"
+          "G:S-1-5-21-2212615479-2695158682-2101375468-513"
+          "D:P(A;OICI;FA;;;S-1-5-21-2212615479-2695158682-2101375468-512)"
+          "(A;OICI;FA;;;S-1-5-21-2212615479-2695158682-2101375468-519)"
+          "(A;OICIIO;FA;;;CO)"
+          "(A;OICI;FA;;;S-1-5-21-2212615479-2695158682-2101375468-512)"
+          "(A;OICI;FA;;;SY)"
+          "(A;OICI;0x1200a9;;;AU)"
+          "(A;OICI;0x1200a9;;;ED)"
+          "S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;"
+          "bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
+          "(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;"
+          "bf967aa5-0de6-11d0-a285-00aa003049e2;WD)")),
+
      ]
  
  
@@ -611,6 +649,7 @@ class SddlCanonical(SddlDecodeEncodeBase):
          "O:S-1-2-512D:",
          "D:PARAI(A;;GA;;;SY)",
          "D:P(A;;GA;;;LG)(A;;GX;;;AA)",
+        "D:(A;;FA;;;WD)"
      ]
  
  
@@ -752,115 +791,6 @@ class SddlWindowsIsLessFussy(SddlDecodeEncodeBase):
      ]
  
  
-@DynamicTestCase
-class SddlWindowsFlagsAreDifferent(SddlDecodeEncodeBase):
-    """On Windows the 'FA' symbol means 0x1f01ff, while on Samba it means
-    0x1ff (Samba is SEC_FILE_ALL, Windows is SEC_FILE_ALL |
-    SEC_STD_ALL).
-
-    https://lists.samba.org/archive/cifs-protocol/2010-February/001387.html
-    is maybe relevant.
-    """
-    name = "windows_flags_are_different"
-    should_succeed = True
-    strings = [
-        # from 'samba3.blackbox.large_acl.NT1.able to retrieve a large ACL if VFS supports it'
-        (("D:(A;;0x001f01ff;;;WD)" +
-          ''.join(f"(A;;0x001f01ff;;;S-1-5-21-11111111-22222222-33333333-{i})"
-                  for i in range(1001, 1201))),
-         ("D:(A;;FA;;;WD)" +
-          ''.join(f"(A;;FA;;;S-1-5-21-11111111-22222222-33333333-{i})"
-                  for i in range(1001, 1201)))
-         ),
-        # from samba4.blackbox.samba-tool_ntacl, but using FA in place of 0x1f01ff
-        (("O:S-1-5-21-2212615479-2695158682-2101375468-512"
-          "G:S-1-5-21-2212615479-2695158682-2101375468-513"
-          "D:P(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375468-512)"
-          "(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375468-519)"
-          "(A;OICIIO;0x001f01ff;;;CO)"
-          "(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375468-512)"
-          "(A;OICI;0x001f01ff;;;SY)"
-          "(A;OICI;0x001200a9;;;AU)"
-          "(A;OICI;0x001200a9;;;ED)"
-          "S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;"
-          "bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
-          "(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;"
-          "bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"),
-         ("O:S-1-5-21-2212615479-2695158682-2101375468-512"
-          "G:S-1-5-21-2212615479-2695158682-2101375468-513"
-          "D:P(A;OICI;FA;;;S-1-5-21-2212615479-2695158682-2101375468-512)"
-          "(A;OICI;FA;;;S-1-5-21-2212615479-2695158682-2101375468-519)"
-          "(A;OICIIO;FA;;;CO)"
-          "(A;OICI;FA;;;S-1-5-21-2212615479-2695158682-2101375468-512)"
-          "(A;OICI;FA;;;SY)"
-          "(A;OICI;0x1200a9;;;AU)"
-          "(A;OICI;0x1200a9;;;ED)"
-          "S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;"
-          "bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
-          "(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;"
-          "bf967aa5-0de6-11d0-a285-00aa003049e2;WD)")),
-
-        ("D:(A;;FA;;;WD)", "D:(A;;FA;;;WD)"),
-    ]
-
-
-@DynamicTestCase
-class SddlSambaDoesItsOwnThing(SddlDecodeEncodeBase):
-    """Samba's corresponding strings for the "windows flags are different"
-    examples.
-    """
-    name = "samba_does_its_own_thing"
-    should_succeed = True
-    strings = [
-        # from 'samba3.blackbox.large_acl.NT1.able to retrieve a large ACL if VFS supports it'
-        (("D:(A;;0x001f01ff;;;WD)" +
-          ''.join(f"(A;;0x001f01ff;;;S-1-5-21-11111111-22222222-33333333-{i})"
-                  for i in range(1001, 1201))),
-         ("D:(A;;0x1f01ff;;;WD)" +
-          ''.join(f"(A;;0x1f01ff;;;S-1-5-21-11111111-22222222-33333333-{i})"
-                  for i in range(1001, 1201)))
-         ),
-        # On Samba this is like a canonical test (same string
-        # returned), but Windows will turn all the 0x1f01ff into FA.
-        (("D:(A;;0x1f01ff;;;WD)" +
-          ''.join(f"(A;;0x1f01ff;;;S-1-5-21-11111111-22222222-33333333-{i})"
-                  for i in range(1001, 1201))),
-         ("D:(A;;0x1f01ff;;;WD)" +
-          ''.join(f"(A;;0x1f01ff;;;S-1-5-21-11111111-22222222-33333333-{i})"
-                  for i in range(1001, 1201)))
-         ),
-        # from samba4.blackbox.samba-tool_ntacl, removing 00 padding in 0x flags
-        (("O:S-1-5-21-2212615479-2695158682-2101375468-512"
-          "G:S-1-5-21-2212615479-2695158682-2101375468-513"
-          "D:P(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375468-512)"
-          "(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375468-519)"
-          "(A;OICIIO;0x001f01ff;;;CO)"
-          "(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375468-512)"
-          "(A;OICI;0x001f01ff;;;SY)"
-          "(A;OICI;0x001200a9;;;AU)"
-          "(A;OICI;0x001200a9;;;ED)"
-          "S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;"
-          "bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
-          "(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;"
-          "bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"),
-         ("O:S-1-5-21-2212615479-2695158682-2101375468-512"
-          "G:S-1-5-21-2212615479-2695158682-2101375468-513"
-          "D:P(A;OICI;0x1f01ff;;;S-1-5-21-2212615479-2695158682-2101375468-512)"
-          "(A;OICI;0x1f01ff;;;S-1-5-21-2212615479-2695158682-2101375468-519)"
-          "(A;OICIIO;0x1f01ff;;;CO)"
-          "(A;OICI;0x1f01ff;;;S-1-5-21-2212615479-2695158682-2101375468-512)"
-          "(A;OICI;0x1f01ff;;;SY)"
-          "(A;OICI;0x1200a9;;;AU)"
-          "(A;OICI;0x1200a9;;;ED)"
-          "S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;"
-          "bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
-          "(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;"
-          "bf967aa5-0de6-11d0-a285-00aa003049e2;WD)")),
-
-        ("D:(A;;FA;;;WD)", "D:(A;;CCDCLCSWRPWPDTLOCR;;;WD)"),
-    ]
-
-
  @DynamicTestCase
  class SddlWindowsIsWeird(SddlDecodeEncodeBase):
      """Windows will accept some very misleading SDDL strings.
diff --git a/selftest/knownfail.d/sddl b/selftest/knownfail.d/sddl

index 3c33617e793cc269ba76bf1673cbca6157d86eea..a6bcc5d27f7cd59344711174f353eec166c1f4fe 100644 (file)
--- a/selftest/knownfail.d/sddl
+++ b/selftest/knownfail.d/sddl
@@ -1,3 +1,3 @@
-^samba.tests.sddl.+.SddlWindowsFlagsAreDifferent.test_sddl_D:.A;;0x001f01ff;;;WD..A;;0x001f01ff;;;S-1-5-21-11111111-22222222-33333333-1001..A;;0x001f01ff;;;S-1.11522-more-characters.none
-^samba.tests.sddl.+.SddlWindowsFlagsAreDifferent.test_sddl_D:.A;;FA;;;WD..none
-^samba.tests.sddl.+.SddlWindowsFlagsAreDifferent.test_sddl_O:S-1-5-21-2212615479-2695158682-2101375468-512G:S-1-5-21-2212615479-2695158682-2101375468-513D:P.A;.482-more-characters.none
+^samba.tests.sddl.+.SddlCanonical.test_sddl_D:.A;;FA;;;WD..none
+^samba.tests.sddl.+.SddlNonCanonical.test_sddl_D:.A;;0x001f01ff;;;WD..A;;0x001f01ff;;;S-1-5-21-11111111-22222222-33333333-1001..A;;0x001f01ff;;;S-1+11522-more-characters.none
+^samba.tests.sddl.+.SddlNonCanonical.test_sddl_O:S-1-5-21-2212615479-2695158682-2101375468-512G:S-1-5-21-2212615479-2695158682-2101375468-513D:P.A;+482-more-characters.none
author	Andrew Bartlett <abartlet@samba.org>
	Wed, 26 Apr 2023 04:27:38 +0000 (16:27 +1200)
committer	Andrew Bartlett <abartlet@samba.org>
	Fri, 28 Apr 2023 02:15:36 +0000 (02:15 +0000)
python/samba/tests/sddl.py		patch \| blob \| blame \| history
selftest/knownfail.d/sddl		patch \| blob \| blame \| history