summaryrefslogtreecommitdiffstats
path: root/source4/scripting/python/samba/tests/posixacl.py
Commit message (Collapse)AuthorAgeFilesLines
* Move python modules from source4/scripting/python/ to python/.Jelmer Vernooij2013-03-021-732/+0
| | | | | | | Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sat Mar 2 03:57:34 CET 2013 on sn-devel-104
* selftest: add a test that demonstrates how new ACL blob code helpsChristian Ambach2013-02-041-0/+17
| | | | | | | | this test shows that a change to POSIX ACL->SD mapping behavior does not invalidate the stored SD Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* smbd: Remove NT4 compatability handling in posix -> NT ACL conversionAndrew Bartlett2012-11-131-6/+6
| | | | | | | | | | | | | | | | | NT4 is long dead, and we should not change which ACL we return based on what we think the client is. The reason we should not do this, is that if we are using vfs_acl_xattr then the hash will break if we do. Additionally, it would require that the python VFS interface set the global remote_arch to fake up being a modern client. This instead seems cleaner and removes untested code (the tests are updated to then handle the results of the modern codepath). The supporting 'acl compatability' parameter is also removed. Andrew Bartlett Reviewed by: Jeremy Allison <jra@samba.org>
* selftest: Avoid test cross-contamination in samba.tests.posixaclAndrew Bartlett2012-11-121-81/+59
| | | | | | | | | | | This creates a new xattr.tdb per unit test, which avoids once and for all the issue of dev/inode reuse. For test_setposixacl_dir_getntacl_smbd the file ownership also set specifically. Andrew Bartlett Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
* selftest: Add tests for expected behaviour on directories as well as filesAndrew Bartlett2012-11-111-0/+197
| | | | | | | | | | | | | | | | | This is important because it covers the codepath which had the talloc error fixed by commit 60cf4cb5a630506747431ecbf00d890509baf2f3 (vfs_acl_common: In add_directory_inheritable_components allocate on psd as parent) Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sun Nov 11 15:48:10 CET 2012 on sn-devel-104
* pysmbd: Add SMB_ACL_EXECUTE to the mask set by make_simple_acl()Andrew Bartlett2012-11-121-2/+2
| | | | | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* sefltest: use TestCaseInTempDir and setUp/tearDown for posixacl.py temp fileAndrew Bartlett2012-10-271-170/+62
| | | | | | | | | | This manages the temp file more reliably, and reduces the repeated code in each test case. Pair-Programmed-With: Jelmer Vernooij <jelmer@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sat Oct 27 04:37:58 CEST 2012 on sn-devel-104
* pysmbd: Add hook for unlink() so python scripts can remove xattr.tdb entriesAndrew Bartlett2012-10-261-20/+20
| | | | | | If we do not provide a way to remove files from xattr.tdb, we can re-use the inode. Andrew Bartlett
* selftest: Always unlink the tempf in posixacl testAndrew Bartlett2012-10-251-1/+4
|
* selftest: Cover the important non-Samba invalidation of the NT ACLAndrew Bartlett2012-10-251-0/+23
| | | | | | | This covers the case where we have a valid hash of the posix ACL (or the NT ACL from the POSIX ACL) and we notice it no longer matches. Andrew Bartlett
* selftest: Cover one more NT ACL invalidation case and improve commentsAndrew Bartlett2012-10-251-8/+7
| | | | | | | This tries to show the difference between the cases where we trap the POSIX ACL change and where we actually detect an OS-level change. Andrew Bartlett
* selftest: Add many more tests for our posix ACL handlingAndrew Bartlett2012-10-251-1/+236
| | | | | | | | | | | This tests the mapping of posix ACLs to NT ACLs, the invalidation of NT ACLs stored as an xattr and ensures this security-critical code continues to work in the long term. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Oct 25 10:05:16 CEST 2012 on sn-devel-104
* provision: No longer use the wheel group in new AD DomainsAndrew Bartlett2012-10-181-4/+4
| | | | | | | | | | | The issue here is that if we set S-1-5-32-544 (administrators) to a GID only, then users cannot force a mandetory profile to be owned by administrators (which is a requirement). There is no particularly useful reason for us to enforce this matching a system group. Andrew Bartlett
* s4-python: Formatting fixes, break lines.Jelmer Vernooij2012-09-161-3/+3
| | | | | Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org> Autobuild-Date(master): Sun Sep 16 15:58:04 CEST 2012 on sn-devel-104
* smbd-posix_acls: Use a IDL union to store the ACL entryAndrew Bartlett2012-09-121-41/+11
| | | | | | | This is a clearer, long-term-stable structure we can hash without risking it changing. Andrew Bartlett
* s4-selftest: Try a more complex ACL - this example from a GPOAndrew Bartlett2012-09-041-0/+14
| | | | | | | Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Sep 4 11:30:17 CEST 2012 on sn-devel-104
* s4-selftest: Try to make ntacl unit tests better match their namesAndrew Bartlett2012-09-041-5/+5
| | | | | | | We are trying to test combinations of setting and getting via the VFS and directly to the underlying DB. Andrew Bartlett
* selftest: Cope with the multiple possible representations of -1 in posixacl.pyAndrew Bartlett2012-08-231-28/+29
|
* selftest: Extend posixacl test to check the actual ACLAndrew Bartlett2012-08-231-2/+274
| | | | | | | | | | | | | | | | | | | | Needing to be able to write this test is the primary reason I have been reworking the VFS and posix ACL layer over the past few weeks. By exposing the POSIX ACL as a IDL object we can eaisly manipulate it in python, and then verify that the ACL was handled correctly. This ensures the when we write an ACL in provision, that it will indeed allow that access at the FS layer. We need to extend this beyond just the critical two ACLs set during provision, to also include some special (hard) cases involving the merging of ACE entries, as this is the most delicate part of the ACL transfomation. A similar test should also be written to read the posix ACL and the mapped NT ACL on a file that has never had an NT ACL set. Andrew Bartlett
* selftest: Add a test of the NT ACL -> posix ACL mapping layerAndrew Bartlett2012-08-231-0/+131
This is the start of what will be a series of tests confirming exactly how some NT ACLs are mapped to posix ACLs. Andrew Bartlett
generated by cgit (git 2.34.1) at 2025-06-16 00:12:08 +0000