1#!/usr/bin/python 2 3# Unix SMB/CIFS implementation. 4# Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007 5# 6# This program is free software; you can redistribute it and/or modify 7# it under the terms of the GNU General Public License as published by 8# the Free Software Foundation; either version 3 of the License, or 9# (at your option) any later version. 10# 11# This program is distributed in the hope that it will be useful, 12# but WITHOUT ANY WARRANTY; without even the implied warranty of 13# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14# GNU General Public License for more details. 15# 16# You should have received a copy of the GNU General Public License 17# along with this program. If not, see <http://www.gnu.org/licenses/>. 18# 19 20import unittest 21from samba.dcerpc import security 22 23class SecurityTokenTests(unittest.TestCase): 24 def setUp(self): 25 self.token = security.token() 26 27 def test_is_system(self): 28 self.assertFalse(self.token.is_system()) 29 30 def test_is_anonymous(self): 31 self.assertFalse(self.token.is_anonymous()) 32 33 def test_has_builtin_administrators(self): 34 self.assertFalse(self.token.has_builtin_administrators()) 35 36 def test_has_nt_authenticated_users(self): 37 self.assertFalse(self.token.has_nt_authenticated_users()) 38 39 def test_has_priv(self): 40 self.assertFalse(self.token.has_privilege(security.SEC_PRIV_SHUTDOWN)) 41 42 def test_set_priv(self): 43 self.assertFalse(self.token.has_privilege(security.SEC_PRIV_SHUTDOWN)) 44 self.assertFalse(self.token.set_privilege(security.SEC_PRIV_SHUTDOWN)) 45 self.assertTrue(self.token.has_privilege(security.SEC_PRIV_SHUTDOWN)) 46 47 48class SecurityDescriptorTests(unittest.TestCase): 49 def setUp(self): 50 self.descriptor = security.descriptor() 51 52 def test_from_sddl(self): 53 desc = security.descriptor.from_sddl("O:AOG:DAD:(A;;RPWPCCDCLCSWRCWDWOGA;;;S-1-0-0)", security.dom_sid("S-2-0-0")) 54 self.assertEquals(desc.group_sid, security.dom_sid('S-2-0-0-512')) 55 self.assertEquals(desc.owner_sid, security.dom_sid('S-1-5-32-548')) 56 self.assertEquals(desc.revision, 1) 57 self.assertEquals(desc.sacl, None) 58 self.assertEquals(desc.type, 0x8004) 59 60 def test_from_sddl_invalidsddl(self): 61 self.assertRaises(TypeError,security.descriptor.from_sddl, "foo",security.dom_sid("S-2-0-0")) 62 63 def test_from_sddl_invalidtype1(self): 64 self.assertRaises(TypeError,security.descriptor.from_sddl, security.dom_sid('S-2-0-0-512'),security.dom_sid("S-2-0-0")) 65 66 def test_from_sddl_invalidtype1(self): 67 sddl = "O:AOG:DAD:(A;;RPWPCCDCLCSWRCWDWOGA;;;S-1-0-0)" 68 self.assertRaises(TypeError,security.descriptor.from_sddl, sddl,"S-2-0-0") 69 70 def test_as_sddl(self): 71 text = "O:AOG:DAD:(A;;RPWPCCDCLCSWRCWDWOGA;;;S-1-0-0)" 72 dom = security.dom_sid("S-2-0-0") 73 desc1 = security.descriptor.from_sddl(text, dom) 74 desc2 = security.descriptor.from_sddl(desc1.as_sddl(dom), dom) 75 self.assertEquals(desc1.group_sid, desc2.group_sid) 76 self.assertEquals(desc1.owner_sid, desc2.owner_sid) 77 self.assertEquals(desc1.sacl, desc2.sacl) 78 self.assertEquals(desc1.type, desc2.type) 79 80 def test_as_sddl_invalid(self): 81 text = "O:AOG:DAD:(A;;RPWPCCDCLCSWRCWDWOGA;;;S-1-0-0)" 82 dom = security.dom_sid("S-2-0-0") 83 desc1 = security.descriptor.from_sddl(text, dom) 84 self.assertRaises(TypeError, desc1.as_sddl,text) 85 86 87 def test_as_sddl_no_domainsid(self): 88 dom = security.dom_sid("S-2-0-0") 89 text = "O:AOG:DAD:(A;;RPWPCCDCLCSWRCWDWOGA;;;S-1-0-0)" 90 desc1 = security.descriptor.from_sddl(text, dom) 91 desc2 = security.descriptor.from_sddl(desc1.as_sddl(), dom) 92 self.assertEquals(desc1.group_sid, desc2.group_sid) 93 self.assertEquals(desc1.owner_sid, desc2.owner_sid) 94 self.assertEquals(desc1.sacl, desc2.sacl) 95 self.assertEquals(desc1.type, desc2.type) 96 97 def test_domsid_nodomsid_as_sddl(self): 98 dom = security.dom_sid("S-2-0-0") 99 text = "O:AOG:DAD:(A;;RPWPCCDCLCSWRCWDWOGA;;;S-1-0-0)" 100 desc1 = security.descriptor.from_sddl(text, dom) 101 self.assertNotEqual(desc1.as_sddl(), desc1.as_sddl(dom)) 102 103 104class DomSidTests(unittest.TestCase): 105 def test_parse_sid(self): 106 sid = security.dom_sid("S-1-5-21") 107 self.assertEquals("S-1-5-21", str(sid)) 108 109 def test_sid_equal(self): 110 sid1 = security.dom_sid("S-1-5-21") 111 sid2 = security.dom_sid("S-1-5-21") 112 self.assertEquals(sid1, sid1) 113 self.assertEquals(sid1, sid2) 114 115 def test_random(self): 116 sid = security.random_sid() 117 self.assertTrue(str(sid).startswith("S-1-5-21-")) 118 119 def test_repr(self): 120 sid = security.random_sid() 121 self.assertTrue(repr(sid).startswith("dom_sid('S-1-5-21-")) 122 123 124class PrivilegeTests(unittest.TestCase): 125 def test_privilege_name(self): 126 self.assertEquals("SeShutdownPrivilege", security.privilege_name(security.SEC_PRIV_SHUTDOWN)) 127 128 def test_privilege_id(self): 129 self.assertEquals(security.SEC_PRIV_SHUTDOWN, security.privilege_id("SeShutdownPrivilege")) 130 131