pytest:sddl: SDDL strings where Windows behaviour differs

These ones we might want to match. They are understandable behaviours,
like matching lowercase flags and coping with whitespace in some
places. These tests are set up to document the differences without
overwhelming the knownfails.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/python/samba/tests/sddl.py b/python/samba/tests/sddl.py
index 228829bea3099c502a8f608cbb099b9ee74b6a76..63883334755751cafd9734940b3441e3031c1cef 100644 (file)
--- a/python/samba/tests/sddl.py
+++ b/python/samba/tests/sddl.py
@@ -548,6 +548,68 @@ class SddlShouldFail(SddlDecodeEncodeBase):
     ]
 
 
+@DynamicTestCase
+class SddlWindowsIsFussy(SddlDecodeEncodeBase):
+    """Windows won't accept these strings, seemingly for semantic rather than
+    syntactic reasons.
+    """
+    name = "windows_is_fussy"
+    should_succeed = True
+    strings = [
+        # Windows doesn't seem to want AU type in DACL.
+        ("D:(A;;RP;;;WD)"
+         "(AU;SA;CR;;;BA)"
+         "(AU;SA;CR;;;DU)"),
+    ]
+
+
+@DynamicTestCase
+class SddlWindowsIsLessFussy(SddlDecodeEncodeBase):
+    """Windows will accept these seemingly malformed strings, but Samba
+    won't.
+    """
+    name = "windows_is_less_fussy"
+    should_succeed = False
+    strings = [
+        # whitespace is ignored, repaired on return
+        ("D:(A;;GA;;; LG)", "D:(A;;GA;;;LG)"),
+        ("D: (A;;GA;;;LG)", "D:(A;;GA;;;LG)"),
+        # whitespace before string flags is ignored.
+        ("D:(A;; GA;;;LG)", "D:(A;;GA;;;LG)"),
+        # wrong case on type is ignored, fixed
+        ("D:(a;;GA;;;LG)", "D:(A;;GA;;;LG)"),
+        ("D:(A;;GA;;;lg)", "D:(A;;GA;;;LG)"),
+        ("D:(A;;ga;;;LG)", "D:(A;;GA;;;LG)"),
+        ("D: S:","D:S:"),
+
+        # whitespace around ACL flags
+        ("D: P(A;;GA;;;LG)", "D:P(A;;GA;;;LG)"),
+        ("D:P (A;;GA;;;LG)", "D:P(A;;GA;;;LG)"),
+
+        # whitespace between ACES
+        ("D:P(A;;GA;;;LG) (A;;GX;;;AA)",
+         "D:P(A;;GA;;;LG)(A;;GX;;;AA)"),
+
+        # whitespace in absent ace flags
+        ("D:(A; ;GA;;;LG)","D:(A;;GA;;;LG)"),
+
+        # and more whitespace.
+        ("D:(A;;GA;;; WD)", "D:(A;;GA;;;WD)"),
+        ("D:(A;;GA;;;WD )", "D:(A;;GA;;;WD)"),
+        ("D:(A;;GA;;; S-1-3-4)", "D:(A;;GA;;;OW)"),
+        ("D:(A;;GA;; ;S-1-3-4)", "D:(A;;GA;;;OW)"),
+        ("D:(A;;GA; ;;S-1-3-4)", "D:(A;;GA;;;OW)"),
+        ("D:(A;;GA;;; S-1-333-4)", "D:(A;;GA;;;S-1-333-4)"),
+        ("D:(A;;GA; ;;S-1-333-4)", "D:(A;;GA;;;S-1-333-4)"),
+        (" O:AA", "O:AA"),
+        ("  O:AA  ", "O:AA"),
+        ("  O:AA G:WD ", "O:AAG:WD"),
+
+        # spaces in some parts of the SID (not subauth)
+        ("O:S- 1- 2-3", "O:S-1-2-3"),
+    ]
+
+
 @DynamicTestCase
 class SddlWindowsIsWeird(SddlDecodeEncodeBase):
     """Windows will accept some very misleading SDDL strings.

diff --git a/selftest/knownfail.d/sddl b/selftest/knownfail.d/sddl
index 1916efc4d22043f31fd47f90e114f495ad66a0d6..212d9a3381469dd12912fa1063cc4172481fe9c8 100644 (file)
--- a/selftest/knownfail.d/sddl
+++ b/selftest/knownfail.d/sddl
@@ -5,6 +5,10 @@
 ^samba.tests.sddl.+.SddlShouldFail.test_sddl_should_fail_D:.A;;GA.;;;LG..none
 ^samba.tests.sddl.+.SddlShouldFail.test_sddl_should_fail_D:.A;;GA;;;S-1-3-4...none
 ^samba.tests.sddl.+.SddlShouldFail.test_sddl_should_fail_D:.A;;RP.;;;LG..none
+^samba.tests.sddl.+.SddlWindowsIsLessFussy.test_sddl_should_fail_D:.A;.;GA;;;LG..none
+^samba.tests.sddl.+.SddlWindowsIsLessFussy.test_sddl_should_fail_D:.A;;.GA;;;LG..none
+^samba.tests.sddl.+.SddlWindowsIsLessFussy.test_sddl_should_fail_D:.A;;GA;;;WD...none
+^samba.tests.sddl.+.SddlWindowsIsLessFussy.test_sddl_should_fail_D:.A;;ga;;;LG..none
 ^samba.tests.sddl.+.SddlWindowsIsWeird.test_sddl_should_fail_D:.A;;-0xffffff55;;;LG..none
 ^samba.tests.sddl.+.SddlWindowsIsWeird.test_sddl_should_fail_D:.A;;-9876543210;;;LG..none
 ^samba.tests.sddl.+.SddlWindowsIsWeird.test_sddl_should_fail_D:.A;;-99;;;LG..none