search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ctdb-scripts: Improve update and listing code
[samba4-gss.git] / python / samba / tests / blackbox / smbcacls_save_restore.py
blobb3995310f7c5d3e5c845984938f4f6b25141c172
1 # Blackbox tests for smbcacls
2 #
3 # Copyright (C) Noel Power noel.power@suse.com
4 #
5 # This program is free software; you can redistribute it and/or modify
6 # it under the terms of the GNU General Public License as published by
7 # the Free Software Foundation; either version 3 of the License, or
8 # (at your option) any later version.
9 #
10 # This program is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
14 #
15 # You should have received a copy of the GNU General Public License
16 # along with this program. If not, see <http://www.gnu.org/licenses/>.
17 #
18 from samba.tests.blackbox.smbcacls import SmbCaclsBlockboxTestBase
19 from samba.tests import BlackboxProcessError
20 import os
21
22 class SaveRestoreSmbCaclsTests(SmbCaclsBlockboxTestBase):
23
24 def setUp(self):
25 super().setUp()
26
27 # create toplevel testdir structure with desired ACL(s)
28 #
29 # +-tar_test_dir/ (OI)(CI)(I)(F)
30 # +-oi_dir/ (OI)(CI)(I)(F)
31 # | +-file.1 (I)(F)
32 # | +-nested/ (OI)(CI)(I)(F)
33 # | +-file.2 (I)(F)
34 # | +-nested_again/ (OI)(CI)(I)(F)
35 # | +-file.3 (I)(F)
36
37 self.toplevel = self.create_remote_test_file("tar_test_dir/file-0")
38 self.f1 = self.create_remote_test_file("tar_test_dir/oi_dir/file-1")
39 self.f2 = self.create_remote_test_file("tar_test_dir/oi_dir/nested/file-2")
40 self.f3 = self.create_remote_test_file("tar_test_dir/oi_dir/nested/nested_again/file-3")
41 self.tar_dir = os.path.split(self.toplevel)[0]
42 self.oi_dir = os.path.split(self.f1)[0]
43 self.nested_dir = os.path.split(self.f2)[0]
44 self.nested_again_dir = os.path.split(self.f3)[0]
45
46 dir_acl_str = "ACL:%s:ALLOWED/OI|CI/FULL" % self.user
47 inherited_dir_acl_str = "ACL:%s:ALLOWED/OI|CI|I/FULL" % self.user
48 file_acl_str = "ACL:%s:ALLOWED/I/FULL" % self.user
49
50 self.smb_cacls(["--modify", dir_acl_str, self.tar_dir])
51 self.smb_cacls(["--modify", inherited_dir_acl_str, self.oi_dir])
52 self.smb_cacls(["--modify", inherited_dir_acl_str, self.nested_dir])
53 self.smb_cacls(["--modify", inherited_dir_acl_str, self.nested_again_dir])
54 self.smb_cacls(["--modify", file_acl_str, self.f1])
55 self.smb_cacls(["--modify", file_acl_str, self.f2])
56 self.smb_cacls(["--modify", file_acl_str, self.f3])
57
58 def tearDown(self):
59 # tmp is the default share which has an existing testdir smbcacls
60 # we need to be prepared to deal with a 'custom' share (which also
61 # would have an existing testdir)
62 if self.share != "tmp":
63 self.dirpath = os.path.join(os.environ["LOCAL_PATH"],self.share)
64 self.dirpath = os.path.join(self.dirpath,self.testdir)
65 super().tearDown()
66
67 def test_simple_save_dir(self):
68 try:
69 # simple test to just store dacl of directory
70 with self.mktemp() as tmpfile:
71 out = self.smb_cacls(["--save", tmpfile,
72 self.oi_dir])
73 with open(tmpfile, 'rb') as infile:
74 contents = infile.read().decode('utf16')
75 lines = contents.splitlines()
76 # should be 2 lines
77 self.assertEqual(len(lines), 2)
78 # first line should be the path
79 self.assertEqual(self.oi_dir.replace('/','\\'), lines[0])
80
81 except BlackboxProcessError as e:
82 self.fail(str(e))
83
84 def test_simple_save_dir_r(self):
85 try:
86 # simple test to just store dacl of directory (recursively)
87 with self.mktemp() as tmpfile:
88 out = self.smb_cacls(["--recurse", "--save", tmpfile,
89 self.oi_dir])
90 with open(tmpfile, 'rb') as infile:
91 contents = infile.read().decode('utf16')
92 print("contents = %s" % contents)
93 lines = contents.splitlines()
94 # should be 12 lines
95 self.assertEqual(len(lines), 12)
96 paths = [
97 self.oi_dir.replace('/','\\'),
98 self.f1.replace('/','\\'),
99 self.nested_dir.replace('/','\\'),
100 self.f2.replace('/','\\'),
101 self.nested_again_dir.replace('/','\\'),
102 self.f3.replace('/','\\')
103 ]
104 i = 0
105 for line in lines:
106 if not i % 2:
107 paths.remove(line)
108 i = i + 1
109 self.assertEqual(0, len(paths))
110
111 except BlackboxProcessError as e:
112 self.fail(str(e))
113
114 def test_simple_restore_dir(self):
115 try:
116 # simple test to just store dacl of directory
117 orig_saved = None
118 modified = None
119 restored = None
120 with self.mktemp() as tmpfile:
121 self.smb_cacls(["--save", tmpfile,
122 self.oi_dir])
123 with open(tmpfile, 'rb') as infile:
124 orig_saved = infile.read()
125
126 # modify directory structure
127 dir_add_acl_str = "ACL:%s:ALLOWED/OI|CI/READ" % self.user
128 self.smb_cacls(["--propagate-inheritance", "--add",
129 dir_add_acl_str, self.oi_dir])
130
131 # save modified directory dacls to file
132 with self.mktemp() as tmpfile:
133 self.smb_cacls(["--save", tmpfile,
134 self.oi_dir])
135 with open(tmpfile, 'rb') as infile:
136 modified = infile.read()
137
138 # compare orig and unmodified dacls
139 # they shouldn't match
140 self.assertNotEqual(orig_saved.decode('utf16'), modified.decode('utf16'))
141 # restore original dacls from file
142 with self.mktemp() as tmpfile:
143 with open(tmpfile, 'wb') as outfile:
144 outfile.write(orig_saved)
145 outfile.close()
146 out = self.smb_cacls([".", "--restore", tmpfile])
147
148 # save newly restored dacls to file
149 with self.mktemp() as tmpfile:
150 self.smb_cacls(["--save", tmpfile,
151 self.oi_dir])
152 with open(tmpfile, 'rb') as infile:
153 restored = infile.read()
154
155 # after restoring the dalcs, orig unmodified dacls should match
156 # restored dacls
157 self.assertEqual(orig_saved.decode('utf16'), restored.decode('utf16'))
158
159 except BlackboxProcessError as e:
160 self.fail(str(e))
161
162 def test_simple_restore_dir_r(self):
163 try:
164 # simple test to just store dacl(s) of directory recursively
165 orig_saved = None
166 modified = None
167 restored = None
168 with self.mktemp() as tmpfile:
169 self.smb_cacls(["--recurse", "--save", tmpfile,
170 self.oi_dir])
171 with open(tmpfile, 'rb') as infile:
172 orig_saved = infile.read()
173
174 # modify directory's dacls recursively
175 dir_add_acl_str = "ACL:%s:ALLOWED/OI|CI/READ" % self.user
176 self.smb_cacls(["--propagate-inheritance", "--add",
177 dir_add_acl_str, self.oi_dir])
178
179 # save modified directories dacls recursively
180 with self.mktemp() as tmpfile:
181 self.smb_cacls(["--recurse", "--save", tmpfile,
182 self.oi_dir])
183 with open(tmpfile, 'rb') as infile:
184 modified = infile.read()
185
186 # the unmodified stringified dacls shouldn't match
187 # modified
188 self.assertNotEqual(orig_saved.decode('utf16'), modified.decode('utf16'))
189 # restore original dacls from file
190 with self.mktemp() as tmpfile:
191 with open(tmpfile, 'wb') as outfile:
192 outfile.write(orig_saved)
193 outfile.close()
194 out = self.smb_cacls([".", "--restore", tmpfile])
195
196 with self.mktemp() as tmpfile:
197 out = self.smb_cacls(["--recurse", "--save", tmpfile,
198 self.oi_dir])
199 with open(tmpfile, 'rb') as infile:
200 restored = infile.read()
201 # after restoring the dalcs orig unmodified dacls should match
202 # current dacls
203 self.assertEqual(orig_saved.decode('utf16'), restored.decode('utf16'))
204 except BlackboxProcessError as e:
205 self.fail(str(e))
GSS-enabled samba4