]> git.ipfire.org Git - thirdparty/samba.git/commitdiff
projects / thirdparty / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 42b8899)
python security: Add unit tests for comparing ACEs and exporting as SDDL
authorChristian Merten <christian@merten.dev>
Mon, 19 Sep 2022 21:22:04 +0000 (23:22 +0200)
committerJeremy Allison <jra@samba.org>
Tue, 27 Sep 2022 16:46:35 +0000 (16:46 +0000)
Added two unit tests for the python functions to compare ACEs and to
export an ACE as SDDL.

Signed-off-by: Christian Merten <christian@merten.dev>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
python/samba/tests/security.py patch | blob | blame | history

diff --git a/python/samba/tests/security.py b/python/samba/tests/security.py
index 2be58e0962a62151213b7882b5c5083fbd460faf..cb310a116b742a9503deafc1656866f391d42dd5 100644 (file)
--- a/python/samba/tests/security.py
+++ b/python/samba/tests/security.py
@@ -168,3 +168,38 @@ class CheckAccessTests(samba.tests.TestCase):
                 self.assertEqual(num, e_num)
             else:
                 self.fail()
+
+
+class SecurityAceTests(samba.tests.TestCase):
+    sddl       = "(OA;CIIO;RPWP;aaaaaaaa-1111-bbbb-2222-dddddddddddd;33333333-eeee-4444-ffff-555555555555;PS)"
+    sddl2      = "(OA;CIIO;RPWP;cccccccc-9999-ffff-8888-eeeeeeeeeeee;77777777-dddd-6666-bbbb-555555555555;PS)"
+    sddl3      = "(OA;CIIO;RPWP;aaaaaaaa-1111-bbbb-2222-dddddddddddd;77777777-dddd-6666-bbbb-555555555555;PS)"
+    sddl_uc    = "(OA;CIIO;RPWP;AAAAAAAA-1111-BBBB-2222-DDDDDDDDDDDD;33333333-EEEE-4444-FFFF-555555555555;PS)"
+    sddl_mc    = "(OA;CIIO;RPWP;AaAaAAAa-1111-BbBb-2222-DDddDDdDDDDD;33333333-EeeE-4444-FffF-555555555555;PS)"
+    sddl_sid   = "(OA;CIIO;RPWP;aaaaaaaa-1111-bbbb-2222-dddddddddddd;33333333-eeee-4444-ffff-555555555555;S-1-5-10)"
+
+    def setUp(self):
+        super(SecurityAceTests, self).setUp()
+        self.dom = security.dom_sid("S-2-0-0")
+
+    def test_equality(self):
+        ace = security.descriptor.from_sddl("D:" + self.sddl, self.dom).dacl.aces[0]
+        ace2 = security.descriptor.from_sddl("D:" + self.sddl2, self.dom).dacl.aces[0]
+        ace3 = security.descriptor.from_sddl("D:" + self.sddl3, self.dom).dacl.aces[0]
+        ace_uc = security.descriptor.from_sddl("D:" + self.sddl_uc, self.dom).dacl.aces[0]
+        ace_mc = security.descriptor.from_sddl("D:" + self.sddl_mc, self.dom).dacl.aces[0]
+        ace_sid = security.descriptor.from_sddl("D:" + self.sddl_sid, self.dom).dacl.aces[0]
+        self.assertTrue(ace == ace_uc, "Case should not matter.")
+        self.assertTrue(ace == ace_mc, "Case should not matter.")
+        self.assertTrue(ace != ace2, "Different ACEs should be unequal.")
+        self.assertTrue(ace2 != ace3, "Different ACEs should be unequal.")
+        self.assertTrue(ace == ace_sid, "Different ways of specifying SID should not matter.")
+
+    def test_as_sddl(self):
+        ace = security.descriptor.from_sddl("D:" + self.sddl, self.dom).dacl.aces[0]
+        ace_sddl = ace.as_sddl(self.dom)
+        # compare created SDDL with original one (we need to strip the parenthesis from the original
+        # since as_sddl does not create them)
+        self.assertEqual(ace_sddl, self.sddl[1:-1])
+        ace_new = security.descriptor.from_sddl("D:(" + ace_sddl + ")", self.dom).dacl.aces[0]
+        self.assertTrue(ace == ace_new, "Exporting ace as SDDl and reading back should result in same ACE.")
Mirror of https://github.com/samba-team/samba.git