OXIESEC PANEL

Name	Size	Modified	Perms
📁 ..	-	02/03/2022 06:37:41 AM	rwxr-xr-x
📄 __init__.py	14.23 KB	11/15/2017 07:42:13 AM	rw-r--r--
📄 __init__.pyc	17.38 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 auth.py	2.36 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 auth.pyc	2.47 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 auth_log.py	56.47 KB	08/15/2017 07:16:59 AM	rw-r--r--
📄 auth_log.pyc	40.28 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 auth_log_base.py	4.18 KB	08/15/2017 07:16:59 AM	rw-r--r--
📄 auth_log_base.pyc	4.1 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 auth_log_ncalrpc.py	4.07 KB	08/15/2017 07:16:59 AM	rw-r--r--
📄 auth_log_ncalrpc.pyc	3.79 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 auth_log_netlogon.py	5.05 KB	08/15/2017 07:16:59 AM	rw-r--r--
📄 auth_log_netlogon.pyc	4.56 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 auth_log_netlogon_bad_creds.py	7.06 KB	08/15/2017 07:16:59 AM	rw-r--r--
📄 auth_log_netlogon_bad_creds.pyc	6.55 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 auth_log_pass_change.py	12.91 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 auth_log_pass_change.pyc	10.67 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 auth_log_samlogon.py	6.66 KB	08/15/2017 07:16:59 AM	rw-r--r--
📄 auth_log_samlogon.pyc	6.19 KB	02/03/2022 06:37:41 AM	rw-r--r--
📁 blackbox	-	02/03/2022 06:37:41 AM	rwxr-xr-x
📄 common.py	3.04 KB	02/07/2018 08:37:51 AM	rw-r--r--
📄 common.pyc	2.86 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 core.py	2.7 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 core.pyc	3.77 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 credentials.py	19.83 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 credentials.pyc	19.06 KB	02/03/2022 06:37:41 AM	rw-r--r--
📁 dcerpc	-	02/03/2022 06:37:41 AM	rwxr-xr-x
📄 dns.py	51.4 KB	01/25/2022 03:20:03 PM	rw-r--r--
📄 dns.pyc	36.48 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 dns_base.py	13.99 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 dns_base.pyc	13.28 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 dns_forwarder.py	21.23 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 dns_forwarder.pyc	20.21 KB	02/03/2022 06:37:41 AM	rw-r--r--
📁 dns_forwarder_helpers	-	02/03/2022 06:37:41 AM	rwxr-xr-x
📄 dns_packet.py	6.6 KB	01/25/2022 03:20:03 PM	rw-r--r--
📄 dns_packet.pyc	6.97 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 dns_tkey.py	7.24 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 dns_tkey.pyc	6.13 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 dns_wildcard.py	10.9 KB	11/02/2017 11:38:36 AM	rw-r--r--
📄 dns_wildcard.pyc	8.4 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 docs.py	13.95 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 docs.pyc	11.37 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 dsdb.py	18.84 KB	08/15/2017 07:16:59 AM	rw-r--r--
📄 dsdb.pyc	14.93 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 dsdb_schema_attributes.py	7.93 KB	11/02/2017 11:38:36 AM	rw-r--r--
📄 dsdb_schema_attributes.pyc	6.96 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 gensec.py	7.85 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 gensec.pyc	6.61 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 get_opt.py	1.86 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 get_opt.pyc	1.75 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 glue.py	2.59 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 glue.pyc	3.43 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 hostconfig.py	2.15 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 hostconfig.pyc	3.45 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 join.py	6.5 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 join.pyc	5.45 KB	02/03/2022 06:37:41 AM	rw-r--r--
📁 kcc	-	02/03/2022 06:37:41 AM	rwxr-xr-x
📄 libsmb_samba_internal.py	2.38 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 libsmb_samba_internal.pyc	2.71 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 lsa_string.py	2.52 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 lsa_string.pyc	2.21 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 messaging.py	4.97 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 messaging.pyc	5.37 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 net_join.py	2.29 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 net_join.pyc	2.22 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 net_join_no_spnego.py	3.34 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 net_join_no_spnego.pyc	3.15 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 netcmd.py	3 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 netcmd.pyc	3.95 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 netlogonsvc.py	2.43 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 netlogonsvc.pyc	2.14 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 ntacls.py	4.09 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 ntacls.pyc	4.69 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 ntlmauth.py	3 KB	08/29/2017 04:12:36 AM	rw-r--r--
📄 ntlmauth.pyc	2.73 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 pam_winbind.py	1.67 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 pam_winbind.pyc	1.43 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 param.py	3.59 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 param.pyc	4.8 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 password_hash.py	12.44 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 password_hash.pyc	7.84 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 password_hash_fl2003.py	7.38 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 password_hash_fl2003.pyc	5.48 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 password_hash_fl2008.py	7.94 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 password_hash_fl2008.pyc	5.66 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 password_hash_gpgme.py	8.78 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 password_hash_gpgme.pyc	6.41 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 password_hash_ldap.py	4.85 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 password_hash_ldap.pyc	4.63 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 policy.py	1.15 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 policy.pyc	1.03 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 posixacl.py	37.62 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 posixacl.pyc	26.85 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 provision.py	6.22 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 provision.pyc	9.79 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 py_credentials.py	13.71 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 py_credentials.pyc	10.64 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 registry.py	1.73 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 registry.pyc	2.37 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 samba3.py	8.24 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 samba3.pyc	11.54 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 samba3sam.py	48.33 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 samba3sam.pyc	31.65 KB	02/03/2022 06:37:41 AM	rw-r--r--
📁 samba_tool	-	02/03/2022 06:37:41 AM	rwxr-xr-x
📄 samdb.py	3.51 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 samdb.pyc	3.11 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 security.py	5.36 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 security.pyc	7.81 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 source.py	8.06 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 source.pyc	7.48 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 strings.py	4.12 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 strings.pyc	2.96 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 subunitrun.py	2.33 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 subunitrun.pyc	1.84 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 unicodenames.py	1.07 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 unicodenames.pyc	555 bytes	02/03/2022 06:37:41 AM	rw-r--r--
📄 upgrade.py	1.36 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 upgrade.pyc	1.28 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 upgradeprovision.py	6.66 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 upgradeprovision.pyc	6.57 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 upgradeprovisionneeddc.py	7.29 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 upgradeprovisionneeddc.pyc	8.08 KB	02/03/2022 06:37:41 AM	rw-r--r--
📄 xattr.py	4.11 KB	07/04/2017 10:05:25 AM	rw-r--r--
📄 xattr.pyc	4.57 KB	02/03/2022 06:37:41 AM	rw-r--r--

Editing: posixacl.py

# Unix SMB/CIFS implementation. Tests for NT and posix ACL manipulation
# Copyright (C) Matthieu Patou <mat@matws.net> 2009-2010
# Copyright (C) Andrew Bartlett 2012
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
#

"""Tests for the Samba3 NT -> posix ACL layer"""

from samba.ntacls import setntacl, getntacl, checkset_backend
from samba.dcerpc import xattr, security, smb_acl, idmap
from samba.param import LoadParm
from samba.tests import TestCaseInTempDir
from samba import provision
import random
import os
from samba.samba3 import smbd, passdb
from samba.samba3 import param as s3param

# To print a posix ACL use:
#        for entry in posix_acl.acl:
#            print "a_type: %d" % entry.a_type
#            print "a_perm: %o" % entry.a_perm
#            if entry.a_type == smb_acl.SMB_ACL_USER:
#                print "uid: %d" % entry.uid
#            if entry.a_type == smb_acl.SMB_ACL_GROUP:
#                print "gid: %d" % entry.gid

class PosixAclMappingTests(TestCaseInTempDir):

def print_posix_acl(self, posix_acl):
        aclstr = ""
        for entry in posix_acl.acl:
            aclstr += "a_type: %d\n" % entry.a_type
            aclstr += "a_perm: %o\n" % entry.a_perm
            if entry.a_type == smb_acl.SMB_ACL_USER:
                aclstr += "uid: %d\n" % entry.info.uid
            if entry.a_type == smb_acl.SMB_ACL_GROUP:
                aclstr += "gid: %d\n" % entry.info.gid
        return aclstr

def test_setntacl(self):
        acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
        setntacl(self.lp, self.tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=False)

def test_setntacl_smbd_getntacl(self):
        acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
        setntacl(self.lp, self.tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=True)
        facl = getntacl(self.lp, self.tempf, direct_db_access=True)
        anysid = security.dom_sid(security.SID_NT_SELF)
        self.assertEquals(facl.as_sddl(anysid),acl)

def test_setntacl_smbd_setposixacl_getntacl(self):
        acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
        setntacl(self.lp, self.tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=True)

# This will invalidate the ACL, as we have a hook!
        smbd.set_simple_acl(self.tempf, 0640)

# However, this only asks the xattr
        try:
            facl = getntacl(self.lp, self.tempf, direct_db_access=True)
            self.assertTrue(False)
        except TypeError:
            pass

def test_setntacl_invalidate_getntacl(self):
        acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
        setntacl(self.lp, self.tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=True)

# This should invalidate the ACL, as we include the posix ACL in the hash
        (backend_obj, dbname) = checkset_backend(self.lp, None, None)
        backend_obj.wrap_setxattr(dbname,
                                  self.tempf, "system.fake_access_acl", "")

#however, as this is direct DB access, we do not notice it
        facl = getntacl(self.lp, self.tempf, direct_db_access=True)
        anysid = security.dom_sid(security.SID_NT_SELF)
        self.assertEquals(acl, facl.as_sddl(anysid))

def test_setntacl_invalidate_getntacl_smbd(self):
        acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
        setntacl(self.lp, self.tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=False)

#the hash would break, and we return an ACL based only on the mode, except we set the ACL using the 'ntvfs' mode that doesn't include a hash
        facl = getntacl(self.lp, self.tempf)
        anysid = security.dom_sid(security.SID_NT_SELF)
        self.assertEquals(acl, facl.as_sddl(anysid))

def test_setntacl_smbd_invalidate_getntacl_smbd(self):
        acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
        simple_acl_from_posix = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)(A;;0x001200a9;;;S-1-5-21-2212615479-2695158682-2101375467-513)(A;;;;;WD)"
        os.chmod(self.tempf, 0750)
        setntacl(self.lp, self.tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=False)

#the hash will break, and we return an ACL based only on the mode
        facl = getntacl(self.lp, self.tempf, direct_db_access=False)
        anysid = security.dom_sid(security.SID_NT_SELF)
        self.assertEquals(simple_acl_from_posix, facl.as_sddl(anysid))

def test_setntacl_smbd_dont_invalidate_getntacl_smbd(self):
        # set an ACL on a tempfile
        acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
        os.chmod(self.tempf, 0750)
        setntacl(self.lp, self.tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=False)

# now influence the POSIX ACL->SD mapping it returns something else than
        # what was set previously
        # this should not invalidate the hash and the complete ACL should still
        # be returned
        self.lp.set("profile acls", "yes")
        # we should still get back the ACL (and not one mapped from POSIX ACL)
        facl = getntacl(self.lp, self.tempf, direct_db_access=False)
        self.lp.set("profile acls", "no")
        anysid = security.dom_sid(security.SID_NT_SELF)
        self.assertEquals(acl, facl.as_sddl(anysid))

def test_setntacl_getntacl_smbd(self):
        acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
        setntacl(self.lp, self.tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=True)
        facl = getntacl(self.lp, self.tempf, direct_db_access=False)
        anysid = security.dom_sid(security.SID_NT_SELF)
        self.assertEquals(facl.as_sddl(anysid),acl)

def test_setntacl_smbd_getntacl_smbd(self):
        acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
        setntacl(self.lp, self.tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=False)
        facl = getntacl(self.lp, self.tempf, direct_db_access=False)
        anysid = security.dom_sid(security.SID_NT_SELF)
        self.assertEquals(facl.as_sddl(anysid),acl)

def test_setntacl_smbd_setposixacl_getntacl_smbd(self):
        acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
        simple_acl_from_posix = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;;0x001f019f;;;S-1-5-21-2212615479-2695158682-2101375467-512)(A;;0x00120089;;;S-1-5-21-2212615479-2695158682-2101375467-513)(A;;;;;WD)"
        setntacl(self.lp, self.tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=False)
        # This invalidates the hash of the NT acl just set because there is a hook in the posix ACL set code
        smbd.set_simple_acl(self.tempf, 0640)
        facl = getntacl(self.lp, self.tempf, direct_db_access=False)
        anysid = security.dom_sid(security.SID_NT_SELF)
        self.assertEquals(simple_acl_from_posix, facl.as_sddl(anysid))

def test_setntacl_smbd_setposixacl_group_getntacl_smbd(self):
        acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
        BA_sid = security.dom_sid(security.SID_BUILTIN_ADMINISTRATORS)
        simple_acl_from_posix = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;;0x001f019f;;;S-1-5-21-2212615479-2695158682-2101375467-512)(A;;0x00120089;;;BA)(A;;0x00120089;;;S-1-5-21-2212615479-2695158682-2101375467-513)(A;;;;;WD)"
        setntacl(self.lp, self.tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=False)
        # This invalidates the hash of the NT acl just set because there is a hook in the posix ACL set code
        s4_passdb = passdb.PDB(self.lp.get("passdb backend"))
        (BA_gid,BA_type) = s4_passdb.sid_to_id(BA_sid)
        smbd.set_simple_acl(self.tempf, 0640, BA_gid)

# This should re-calculate an ACL based on the posix details
        facl = getntacl(self.lp,self.tempf, direct_db_access=False)
        anysid = security.dom_sid(security.SID_NT_SELF)
        self.assertEquals(simple_acl_from_posix, facl.as_sddl(anysid))

def test_setntacl_smbd_getntacl_smbd_gpo(self):
        acl = "O:DAG:DUD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)"
        setntacl(self.lp, self.tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=False)
        facl = getntacl(self.lp, self.tempf, direct_db_access=False)
        domsid = security.dom_sid("S-1-5-21-2212615479-2695158682-2101375467")
        self.assertEquals(facl.as_sddl(domsid),acl)

def test_setntacl_getposixacl(self):
        acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
        setntacl(self.lp, self.tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467", use_ntvfs=False)
        facl = getntacl(self.lp, self.tempf)
        anysid = security.dom_sid(security.SID_NT_SELF)
        self.assertEquals(facl.as_sddl(anysid),acl)
        posix_acl = smbd.get_sys_acl(self.tempf, smb_acl.SMB_ACL_TYPE_ACCESS)

def test_setposixacl_getposixacl(self):
        smbd.set_simple_acl(self.tempf, 0640)
        posix_acl = smbd.get_sys_acl(self.tempf, smb_acl.SMB_ACL_TYPE_ACCESS)
        self.assertEquals(posix_acl.count, 4, self.print_posix_acl(posix_acl))

self.assertEquals(posix_acl.acl[0].a_type, smb_acl.SMB_ACL_USER_OBJ)
        self.assertEquals(posix_acl.acl[0].a_perm, 6)

self.assertEquals(posix_acl.acl[1].a_type, smb_acl.SMB_ACL_GROUP_OBJ)
        self.assertEquals(posix_acl.acl[1].a_perm, 4)

self.assertEquals(posix_acl.acl[2].a_type, smb_acl.SMB_ACL_OTHER)
        self.assertEquals(posix_acl.acl[2].a_perm, 0)

self.assertEquals(posix_acl.acl[3].a_type, smb_acl.SMB_ACL_MASK)
        self.assertEquals(posix_acl.acl[3].a_perm, 6)

def test_setposixacl_getntacl(self):
        acl = ""
        smbd.set_simple_acl(self.tempf, 0750)
        try:
            facl = getntacl(self.lp, self.tempf)
            self.assertTrue(False)
        except TypeError:
            # We don't expect the xattr to be filled in in this case
            pass

def test_setposixacl_getntacl_smbd(self):
        s4_passdb = passdb.PDB(self.lp.get("passdb backend"))
        group_SID = s4_passdb.gid_to_sid(os.stat(self.tempf).st_gid)
        user_SID = s4_passdb.uid_to_sid(os.stat(self.tempf).st_uid)
        smbd.set_simple_acl(self.tempf, 0640)
        facl = getntacl(self.lp, self.tempf, direct_db_access=False)
        acl = "O:%sG:%sD:(A;;0x001f019f;;;%s)(A;;0x00120089;;;%s)(A;;;;;WD)" % (user_SID, group_SID, user_SID, group_SID)
        anysid = security.dom_sid(security.SID_NT_SELF)
        self.assertEquals(acl, facl.as_sddl(anysid))

def test_setposixacl_dir_getntacl_smbd(self):
        s4_passdb = passdb.PDB(self.lp.get("passdb backend"))
        user_SID = s4_passdb.uid_to_sid(os.stat(self.tempdir).st_uid)
        BA_sid = security.dom_sid(security.SID_BUILTIN_ADMINISTRATORS)
        s4_passdb = passdb.PDB(self.lp.get("passdb backend"))
        (BA_id,BA_type) = s4_passdb.sid_to_id(BA_sid)
        self.assertEquals(BA_type, idmap.ID_TYPE_BOTH)
        SO_sid = security.dom_sid(security.SID_BUILTIN_SERVER_OPERATORS)
        (SO_id,SO_type) = s4_passdb.sid_to_id(SO_sid)
        self.assertEquals(SO_type, idmap.ID_TYPE_BOTH)
        smbd.chown(self.tempdir, BA_id, SO_id)
        smbd.set_simple_acl(self.tempdir, 0750)
        facl = getntacl(self.lp, self.tempdir, direct_db_access=False)
        acl = "O:BAG:SOD:(A;;0x001f01ff;;;BA)(A;;0x001200a9;;;SO)(A;;;;;WD)(A;OICIIO;0x001f01ff;;;CO)(A;OICIIO;0x001200a9;;;CG)(A;OICIIO;0x001200a9;;;WD)"

anysid = security.dom_sid(security.SID_NT_SELF)
        self.assertEquals(acl, facl.as_sddl(anysid))

def test_setposixacl_group_getntacl_smbd(self):
        BA_sid = security.dom_sid(security.SID_BUILTIN_ADMINISTRATORS)
        s4_passdb = passdb.PDB(self.lp.get("passdb backend"))
        (BA_gid,BA_type) = s4_passdb.sid_to_id(BA_sid)
        group_SID = s4_passdb.gid_to_sid(os.stat(self.tempf).st_gid)
        user_SID = s4_passdb.uid_to_sid(os.stat(self.tempf).st_uid)
        self.assertEquals(BA_type, idmap.ID_TYPE_BOTH)
        smbd.set_simple_acl(self.tempf, 0640, BA_gid)
        facl = getntacl(self.lp, self.tempf, direct_db_access=False)
        domsid = passdb.get_global_sam_sid()
        acl = "O:%sG:%sD:(A;;0x001f019f;;;%s)(A;;0x00120089;;;BA)(A;;0x00120089;;;%s)(A;;;;;WD)" % (user_SID, group_SID, user_SID, group_SID)
        anysid = security.dom_sid(security.SID_NT_SELF)
        self.assertEquals(acl, facl.as_sddl(anysid))

self.assertEquals(posix_acl.acl[0].a_type, smb_acl.SMB_ACL_USER_OBJ)
        self.assertEquals(posix_acl.acl[0].a_perm, 6)

self.assertEquals(posix_acl.acl[1].a_type, smb_acl.SMB_ACL_GROUP_OBJ)
        self.assertEquals(posix_acl.acl[1].a_perm, 4)

self.assertEquals(posix_acl.acl[2].a_type, smb_acl.SMB_ACL_OTHER)
        self.assertEquals(posix_acl.acl[2].a_perm, 0)

self.assertEquals(posix_acl.acl[3].a_type, smb_acl.SMB_ACL_MASK)
        self.assertEquals(posix_acl.acl[3].a_perm, 7)

def test_setposixacl_dir_getposixacl(self):
        smbd.set_simple_acl(self.tempdir, 0750)
        posix_acl = smbd.get_sys_acl(self.tempdir, smb_acl.SMB_ACL_TYPE_ACCESS)
        self.assertEquals(posix_acl.count, 4, self.print_posix_acl(posix_acl))

self.assertEquals(posix_acl.acl[0].a_type, smb_acl.SMB_ACL_USER_OBJ)
        self.assertEquals(posix_acl.acl[0].a_perm, 7)

self.assertEquals(posix_acl.acl[1].a_type, smb_acl.SMB_ACL_GROUP_OBJ)
        self.assertEquals(posix_acl.acl[1].a_perm, 5)

self.assertEquals(posix_acl.acl[2].a_type, smb_acl.SMB_ACL_OTHER)
        self.assertEquals(posix_acl.acl[2].a_perm, 0)

self.assertEquals(posix_acl.acl[3].a_type, smb_acl.SMB_ACL_MASK)
        self.assertEquals(posix_acl.acl[3].a_perm, 7)

def test_setposixacl_group_getposixacl(self):
        BA_sid = security.dom_sid(security.SID_BUILTIN_ADMINISTRATORS)
        s4_passdb = passdb.PDB(self.lp.get("passdb backend"))
        (BA_gid,BA_type) = s4_passdb.sid_to_id(BA_sid)
        self.assertEquals(BA_type, idmap.ID_TYPE_BOTH)
        smbd.set_simple_acl(self.tempf, 0670, BA_gid)
        posix_acl = smbd.get_sys_acl(self.tempf, smb_acl.SMB_ACL_TYPE_ACCESS)

self.assertEquals(posix_acl.count, 5, self.print_posix_acl(posix_acl))

self.assertEquals(posix_acl.acl[0].a_type, smb_acl.SMB_ACL_USER_OBJ)
        self.assertEquals(posix_acl.acl[0].a_perm, 6)

self.assertEquals(posix_acl.acl[1].a_type, smb_acl.SMB_ACL_GROUP_OBJ)
        self.assertEquals(posix_acl.acl[1].a_perm, 7)

self.assertEquals(posix_acl.acl[2].a_type, smb_acl.SMB_ACL_OTHER)
        self.assertEquals(posix_acl.acl[2].a_perm, 0)

self.assertEquals(posix_acl.acl[3].a_type, smb_acl.SMB_ACL_GROUP)
        self.assertEquals(posix_acl.acl[3].a_perm, 7)
        self.assertEquals(posix_acl.acl[3].info.gid, BA_gid)

self.assertEquals(posix_acl.acl[4].a_type, smb_acl.SMB_ACL_MASK)
        self.assertEquals(posix_acl.acl[4].a_perm, 7)

def test_setntacl_sysvol_check_getposixacl(self):
        acl = provision.SYSVOL_ACL
        domsid = passdb.get_global_sam_sid()
        setntacl(self.lp, self.tempf,acl,str(domsid), use_ntvfs=False)
        facl = getntacl(self.lp, self.tempf)
        self.assertEquals(facl.as_sddl(domsid),acl)
        posix_acl = smbd.get_sys_acl(self.tempf, smb_acl.SMB_ACL_TYPE_ACCESS)

nwrap_module_so_path = os.getenv('NSS_WRAPPER_MODULE_SO_PATH')
        nwrap_module_fn_prefix = os.getenv('NSS_WRAPPER_MODULE_FN_PREFIX')

nwrap_winbind_active = (nwrap_module_so_path != "" and
                nwrap_module_fn_prefix == "winbind")

LA_sid = security.dom_sid(str(domsid)+"-"+str(security.DOMAIN_RID_ADMINISTRATOR))
        BA_sid = security.dom_sid(security.SID_BUILTIN_ADMINISTRATORS)
        SO_sid = security.dom_sid(security.SID_BUILTIN_SERVER_OPERATORS)
        SY_sid = security.dom_sid(security.SID_NT_SYSTEM)
        AU_sid = security.dom_sid(security.SID_NT_AUTHENTICATED_USERS)

s4_passdb = passdb.PDB(self.lp.get("passdb backend"))

# These assertions correct for current ad_dc selftest
        # configuration.  When other environments have a broad range of
        # groups mapped via passdb, we can relax some of these checks
        (LA_uid,LA_type) = s4_passdb.sid_to_id(LA_sid)
        self.assertEquals(LA_type, idmap.ID_TYPE_UID)
        (BA_gid,BA_type) = s4_passdb.sid_to_id(BA_sid)
        self.assertEquals(BA_type, idmap.ID_TYPE_BOTH)
        (SO_gid,SO_type) = s4_passdb.sid_to_id(SO_sid)
        self.assertEquals(SO_type, idmap.ID_TYPE_BOTH)
        (SY_gid,SY_type) = s4_passdb.sid_to_id(SY_sid)
        self.assertEquals(SO_type, idmap.ID_TYPE_BOTH)
        (AU_gid,AU_type) = s4_passdb.sid_to_id(AU_sid)
        self.assertEquals(AU_type, idmap.ID_TYPE_BOTH)

self.assertEquals(posix_acl.count, 13, self.print_posix_acl(posix_acl))

self.assertEquals(posix_acl.acl[0].a_type, smb_acl.SMB_ACL_GROUP)
        self.assertEquals(posix_acl.acl[0].a_perm, 7)
        self.assertEquals(posix_acl.acl[0].info.gid, BA_gid)

self.assertEquals(posix_acl.acl[1].a_type, smb_acl.SMB_ACL_USER)
        if nwrap_winbind_active:
            self.assertEquals(posix_acl.acl[1].a_perm, 7)
        else:
            self.assertEquals(posix_acl.acl[1].a_perm, 6)
        self.assertEquals(posix_acl.acl[1].info.uid, LA_uid)

self.assertEquals(posix_acl.acl[2].a_type, smb_acl.SMB_ACL_OTHER)
        self.assertEquals(posix_acl.acl[2].a_perm, 0)

self.assertEquals(posix_acl.acl[3].a_type, smb_acl.SMB_ACL_USER_OBJ)
        if nwrap_winbind_active:
            self.assertEquals(posix_acl.acl[3].a_perm, 7)
        else:
            self.assertEquals(posix_acl.acl[3].a_perm, 6)

self.assertEquals(posix_acl.acl[4].a_type, smb_acl.SMB_ACL_USER)
        self.assertEquals(posix_acl.acl[4].a_perm, 7)
        self.assertEquals(posix_acl.acl[4].info.uid, BA_gid)

self.assertEquals(posix_acl.acl[5].a_type, smb_acl.SMB_ACL_GROUP_OBJ)
        self.assertEquals(posix_acl.acl[5].a_perm, 7)

self.assertEquals(posix_acl.acl[6].a_type, smb_acl.SMB_ACL_USER)
        self.assertEquals(posix_acl.acl[6].a_perm, 5)
        self.assertEquals(posix_acl.acl[6].info.uid, SO_gid)

self.assertEquals(posix_acl.acl[7].a_type, smb_acl.SMB_ACL_GROUP)
        self.assertEquals(posix_acl.acl[7].a_perm, 5)
        self.assertEquals(posix_acl.acl[7].info.gid, SO_gid)

self.assertEquals(posix_acl.acl[8].a_type, smb_acl.SMB_ACL_USER)
        self.assertEquals(posix_acl.acl[8].a_perm, 7)
        self.assertEquals(posix_acl.acl[8].info.uid, SY_gid)

self.assertEquals(posix_acl.acl[9].a_type, smb_acl.SMB_ACL_GROUP)
        self.assertEquals(posix_acl.acl[9].a_perm, 7)
        self.assertEquals(posix_acl.acl[9].info.gid, SY_gid)

self.assertEquals(posix_acl.acl[10].a_type, smb_acl.SMB_ACL_USER)
        self.assertEquals(posix_acl.acl[10].a_perm, 5)
        self.assertEquals(posix_acl.acl[10].info.uid, AU_gid)

self.assertEquals(posix_acl.acl[11].a_type, smb_acl.SMB_ACL_GROUP)
        self.assertEquals(posix_acl.acl[11].a_perm, 5)
        self.assertEquals(posix_acl.acl[11].info.gid, AU_gid)

self.assertEquals(posix_acl.acl[12].a_type, smb_acl.SMB_ACL_MASK)
        self.assertEquals(posix_acl.acl[12].a_perm, 7)

# check that it matches:
# user::rwx
# user:root:rwx (selftest user actually)
# group::rwx
# group:Local Admins:rwx
# group:3000000:r-x
# group:3000001:rwx
# group:3000002:r-x
# mask::rwx
# other::---

#
# This is in this order in the NDR smb_acl (not re-orderded for display)
# a_type: GROUP
# a_perm: 7
# uid: -1
# gid: 10
# a_type: USER
# a_perm: 6
# uid: 0 (selftest user actually)
# gid: -1
# a_type: OTHER
# a_perm: 0
# uid: -1
# gid: -1
# a_type: USER_OBJ
# a_perm: 6
# uid: -1
# gid: -1
# a_type: GROUP_OBJ
# a_perm: 7
# uid: -1
# gid: -1
# a_type: GROUP
# a_perm: 5
# uid: -1
# gid: 3000020
# a_type: GROUP
# a_perm: 7
# uid: -1
# gid: 3000000
# a_type: GROUP
# a_perm: 5
# uid: -1
# gid: 3000001
# a_type: MASK
# a_perm: 7
# uid: -1
# gid: -1

def test_setntacl_sysvol_dir_check_getposixacl(self):
        acl = provision.SYSVOL_ACL
        domsid = passdb.get_global_sam_sid()
        setntacl(self.lp, self.tempdir,acl,str(domsid), use_ntvfs=False)
        facl = getntacl(self.lp, self.tempdir)
        self.assertEquals(facl.as_sddl(domsid),acl)
        posix_acl = smbd.get_sys_acl(self.tempdir, smb_acl.SMB_ACL_TYPE_ACCESS)

s4_passdb = passdb.PDB(self.lp.get("passdb backend"))

self.assertEquals(posix_acl.count, 13, self.print_posix_acl(posix_acl))

self.assertEquals(posix_acl.acl[0].a_type, smb_acl.SMB_ACL_GROUP)
        self.assertEquals(posix_acl.acl[0].a_perm, 7)
        self.assertEquals(posix_acl.acl[0].info.gid, BA_gid)

self.assertEquals(posix_acl.acl[1].a_type, smb_acl.SMB_ACL_USER)
        self.assertEquals(posix_acl.acl[1].a_perm, 7)
        self.assertEquals(posix_acl.acl[1].info.uid, LA_uid)

self.assertEquals(posix_acl.acl[2].a_type, smb_acl.SMB_ACL_OTHER)
        self.assertEquals(posix_acl.acl[2].a_perm, 0)

self.assertEquals(posix_acl.acl[3].a_type, smb_acl.SMB_ACL_USER_OBJ)
        self.assertEquals(posix_acl.acl[3].a_perm, 7)