python/samba/tests/upgradeprovision.py

   1 # Unix SMB/CIFS implementation.
   2 # Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007-2008
   3 #
   4 # This program is free software; you can redistribute it and/or modify
   5 # it under the terms of the GNU General Public License as published by
   6 # the Free Software Foundation; either version 3 of the License, or
   7 # (at your option) any later version.
   8 #
   9 # This program is distributed in the hope that it will be useful,
  10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12 # GNU General Public License for more details.
  13 #
  14 # You should have received a copy of the GNU General Public License
  15 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
  16 #
  17
  18 """Tests for samba.upgradeprovision."""
  19
  20 import os
  21 from samba.upgradehelpers import (usn_in_range, dn_sort,
  22                                   update_secrets,
  23                                   construct_existor_expr)
  24 from samba.descriptor import get_diff_sds
  25 from samba.tests.provision import create_dummy_secretsdb
  26 from samba.tests import TestCaseInTempDir
  27 from samba import Ldb
  28 from ldb import SCOPE_BASE
  29 import samba.tests
  30 from samba.dcerpc import security
  31
  32
  33 def dummymessage(a=None, b=None):
  34     pass
  35
  36
  37 class UpgradeProvisionTestCase(TestCaseInTempDir):
  38     """Some simple tests for individual functions in the provisioning code.
  39     """
  40     def test_usn_in_range(self):
  41         range = [5, 25, 35, 55]
  42
  43         vals = [3, 26, 56]
  44
  45         for v in vals:
  46             self.assertFalse(usn_in_range(v, range))
  47
  48         vals = [5, 20, 25, 35, 36]
  49
  50         for v in vals:
  51             self.assertTrue(usn_in_range(v, range))
  52
  53     def test_dn_sort(self):
  54         # higher level comes after lower even if lexicographicaly closer
  55         # ie dc=tata,dc=toto (2 levels), comes after dc=toto
  56         # even if dc=toto is lexicographicaly after dc=tata, dc=toto
  57         self.assertEqual(dn_sort("dc=tata,dc=toto", "dc=toto"), 1)
  58         self.assertEqual(dn_sort("dc=zata", "dc=tata"), 1)
  59         self.assertEqual(dn_sort("dc=toto,dc=tata",
  60                                   "cn=foo,dc=toto,dc=tata"), -1)
  61         self.assertEqual(dn_sort("cn=bar, dc=toto,dc=tata",
  62                                   "cn=foo, dc=toto,dc=tata"), -1)
  63
  64     def test_get_diff_sds(self):
  65         domsid = security.dom_sid('S-1-5-21')
  66
  67         sddl = "O:SAG:DUD:AI(A;CI;CCLCSWRPWPLOCRRCWDWO;;;SA)\
  68 (A;CI;RPLCLORC;;;AU)(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)S:AI(AU;CISA;WP;;;WD)"
  69         sddl1 = "O:SAG:DUD:AI(A;CI;CCLCSWRPWPLOCRRCWDWO;;;SA)\
  70 (A;CI;RPLCLORC;;;AU)(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)S:AI(AU;CISA;WP;;;WD)"
  71         sddl2 = "O:BAG:DUD:AI(A;CI;CCLCSWRPWPLOCRRCWDWO;;;SA)\
  72 (A;CI;RPLCLORC;;;AU)(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)S:AI(AU;CISA;WP;;;WD)"
  73         sddl3 = "O:SAG:BAD:AI(A;CI;CCLCSWRPWPLOCRRCWDWO;;;SA)\
  74 (A;CI;RPLCLORC;;;AU)(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)S:AI(AU;CISA;WP;;;WD)"
  75         sddl4 = "O:SAG:DUD:AI(A;CI;CCLCSWRPWPLOCRRCWDWO;;;BA)\
  76 (A;CI;RPLCLORC;;;AU)(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)S:AI(AU;CISA;WP;;;WD)"
  77         sddl5 = "O:SAG:DUD:AI(A;CI;CCLCSWRPWPLOCRRCWDWO;;;SA)\
  78 (A;CI;RPLCLORC;;;AU)(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)"
  79         sddl6 = "O:SAG:DUD:AI(A;CIID;CCLCSWRPWPLOCRRCWDWO;;;SA)\
  80 (A;CIID;RPLCLORC;;;AU)(A;CIID;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)\
  81 (A;CI;CCLCSWRPWPLOCRRCWDWO;;;SA)\
  82 (A;CI;RPLCLORC;;;AU)(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)S:AI(AU;CISA;WP;;;WD)(AU;CIIDSA;WP;;;WD)"
  83
  84         self.assertEqual(get_diff_sds(security.descriptor.from_sddl(sddl, domsid),
  85                                        security.descriptor.from_sddl(sddl1, domsid),
  86                                        domsid), "")
  87         txt = get_diff_sds(security.descriptor.from_sddl(sddl, domsid),
  88                            security.descriptor.from_sddl(sddl2, domsid),
  89                            domsid)
  90         self.assertEqual(txt, "\tOwner mismatch: SA (in ref) BA(in current)\n")
  91         txt = get_diff_sds(security.descriptor.from_sddl(sddl, domsid),
  92                            security.descriptor.from_sddl(sddl3, domsid),
  93                            domsid)
  94         self.assertEqual(txt, "\tGroup mismatch: DU (in ref) BA(in current)\n")
  95         txt = get_diff_sds(security.descriptor.from_sddl(sddl, domsid),
  96                            security.descriptor.from_sddl(sddl4, domsid),
  97                            domsid)
  98         txtmsg = "\tPart dacl is different between reference and current here\
  99  is the detail:\n\t\t(A;CI;CCLCSWRPWPLOCRRCWDWO;;;BA) ACE is not present in\
 100  the reference\n\t\t(A;CI;CCLCSWRPWPLOCRRCWDWO;;;SA) ACE is not present in\
 101  the current\n"
 102         self.assertEqual(txt, txtmsg)
 103
 104         txt = get_diff_sds(security.descriptor.from_sddl(sddl, domsid),
 105                            security.descriptor.from_sddl(sddl5, domsid),
 106                            domsid)
 107         self.assertEqual(txt, "\tCurrent ACL hasn't a sacl part\n")
 108         self.assertEqual(get_diff_sds(security.descriptor.from_sddl(sddl, domsid),
 109                                        security.descriptor.from_sddl(sddl6, domsid),
 110                                        domsid), "")
 111
 112     def test_construct_existor_expr(self):
 113         res = construct_existor_expr([])
 114         self.assertEqual(res, "")
 115
 116         res = construct_existor_expr(["foo"])
 117         self.assertEqual(res, "(|(foo=*))")
 118
 119         res = construct_existor_expr(["foo", "bar"])
 120         self.assertEqual(res, "(|(foo=*)(bar=*))")
 121
 122
 123 class UpdateSecretsTests(samba.tests.TestCaseInTempDir):
 124
 125     def setUp(self):
 126         super().setUp()
 127         self.referencedb = create_dummy_secretsdb(
 128             os.path.join(self.tempdir, "ref.ldb"))
 129
 130     def _getEmptyDb(self):
 131         return Ldb(os.path.join(self.tempdir, "secrets.ldb"))
 132
 133     def _getCurrentFormatDb(self):
 134         return create_dummy_secretsdb(
 135             os.path.join(self.tempdir, "secrets.ldb"))
 136
 137     def test_trivial(self):
 138         # Test that updating an already up-to-date secretsdb works fine
 139         self.secretsdb = self._getCurrentFormatDb()
 140         self.assertEqual(None,
 141                           update_secrets(self.referencedb, self.secretsdb, dummymessage))
 142
 143     def test_update_modules(self):
 144         empty_db = self._getEmptyDb()
 145         update_secrets(self.referencedb, empty_db, dummymessage)
 146         newmodules = empty_db.search(base="@MODULES", scope=SCOPE_BASE)
 147         refmodules = self.referencedb.search(base="@MODULES", scope=SCOPE_BASE)
 148         self.assertEqual(newmodules.msgs, refmodules.msgs)
 149
 150     def tearDown(self):
 151         for name in ["ref.ldb", "secrets.ldb", "secrets.tdb", "secrets.tdb.bak", "secrets.ntdb"]:
 152             path = os.path.join(self.tempdir, name)
 153             if os.path.exists(path):
 154                 os.unlink(path)
 155         super().tearDown()