[PATCH] Pythonbindings: provide a function to calculate the nTsecurityDescriptor from a defaultSecurityDescriptor
Matthieu Patou
mat at matws.net
Thu Sep 17 13:01:39 MDT 2009
Contain also unit tests for this function and correct a typo in unit tests.
---
source4/libcli/security/tests/bindings.py | 20 ++++++++++++-
source4/librpc/ndr/py_security.c | 45 +++++++++++++++++++++++++++++
2 files changed, 64 insertions(+), 1 deletions(-)
diff --git a/source4/libcli/security/tests/bindings.py b/source4/libcli/security/tests/bindings.py
index 00fa05d..1a31f38 100644
--- a/source4/libcli/security/tests/bindings.py
+++ b/source4/libcli/security/tests/bindings.py
@@ -19,6 +19,7 @@
import unittest
from samba.dcerpc import security
+from samba.auth import system_session
class SecurityTokenTests(unittest.TestCase):
def setUp(self):
@@ -63,7 +64,7 @@ class SecurityDescriptorTests(unittest.TestCase):
def test_from_sddl_invalidtype1(self):
self.assertRaises(TypeError,security.descriptor.from_sddl, security.dom_sid('S-2-0-0-512'),security.dom_sid("S-2-0-0"))
- def test_from_sddl_invalidtype1(self):
+ def test_from_sddl_invalidtype2(self):
sddl = "O:AOG:DAD:(A;;RPWPCCDCLCSWRCWDWOGA;;;S-1-0-0)"
self.assertRaises(TypeError,security.descriptor.from_sddl, sddl,"S-2-0-0")
@@ -100,6 +101,23 @@ class SecurityDescriptorTests(unittest.TestCase):
desc1 = security.descriptor.from_sddl(text, dom)
self.assertNotEqual(desc1.as_sddl(), desc1.as_sddl(dom))
+ def test_ntsd_from_defaultsd(self):
+ session = system_session()
+ domsid = security.dom_sid("S-2-0-0")
+ desc = security.descriptor.from_sddl("O:SYG:BAD:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)",domsid)
+ defaultSD = "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)"
+ self.assertEqual(security.descriptor.ntsd_from_defaultsd(defaultSD, domsid,session).as_sddl(domsid),desc.as_sddl(domsid))
+
+ def test_ntsd_from_defaultsd_invalidtype1(self):
+ session = system_session()
+ self.assertRaises(TypeError,security.descriptor.ntsd_from_defaultsd, security.dom_sid('S-2-0-0-512'),security.dom_sid("S-2-0-0"),session)
+
+ def test_ntsd_from_defaultsd_invalidtype2(self):
+ session = system_session()
+ self.assertRaises(TypeError,security.descriptor.ntsd_from_defaultsd, "","S-2-0-0",session)
+
+ def test_ntsd_from_defaultsd_invalidtype3(self):
+ self.assertRaises(TypeError,security.descriptor.ntsd_from_defaultsd, "",security.dom_sid("S-2-0-0"),security.dom_sid("S-2-0-0"))
class DomSidTests(unittest.TestCase):
def test_parse_sid(self):
diff --git a/source4/librpc/ndr/py_security.c b/source4/librpc/ndr/py_security.c
index 02dc059..4a3e96c 100644
--- a/source4/librpc/ndr/py_security.c
+++ b/source4/librpc/ndr/py_security.c
@@ -18,7 +18,9 @@
*/
#include <Python.h>
#include "libcli/security/security.h"
+#include "auth/session.h"
+static PyTypeObject *PyAuthSession = NULL;
#ifndef Py_RETURN_NONE
#define Py_RETURN_NONE return Py_INCREF(Py_None), Py_None
#endif
@@ -211,6 +213,47 @@ static PyObject *py_descriptor_as_sddl(PyObject *self, PyObject *args)
return ret;
}
+static void py_get_pyauthsession_type(void)
+{
+ PyObject *dep_auth;
+
+ dep_auth = PyImport_ImportModule("samba.auth");
+ if (dep_auth == NULL)
+ return;
+
+ PyAuthSession = (PyTypeObject *)PyObject_GetAttrString(dep_auth, "AuthSession");
+}
+static PyObject *py_descriptor_ntsd_from_defaultsd(PyObject *self, PyObject *args)
+{
+ struct security_descriptor *secdesc;
+ char *sddl;
+ PyObject *py_sid;
+ PyObject *py_session;
+ struct dom_sid *sid;
+ struct auth_session_info *session;
+
+ if (PyAuthSession == NULL)
+ py_get_pyauthsession_type();
+ if (PyAuthSession == NULL)
+ return NULL;
+ if (!PyArg_ParseTuple(args, "sO!O!", &sddl, &dom_sid_Type, &py_sid, PyAuthSession ,&py_session))
+ return NULL;
+
+ sid = py_talloc_get_ptr(py_sid);
+ session = py_talloc_get_ptr(py_session);
+
+ secdesc = sddl_decode(NULL, sddl, sid);
+ if (secdesc == NULL) {
+ PyErr_SetString(PyExc_TypeError, "Unable to parse SDDL");
+ return NULL;
+ }
+
+ secdesc->owner_sid = session->security_token->user_sid;
+ secdesc->group_sid = session->security_token->group_sid;
+
+ return py_talloc_steal((PyTypeObject *)self, secdesc);
+}
+
static PyMethodDef py_descriptor_extra_methods[] = {
{ "sacl_add", (PyCFunction)py_descriptor_sacl_add, METH_VARARGS,
@@ -226,6 +269,8 @@ static PyMethodDef py_descriptor_extra_methods[] = {
NULL },
{ "as_sddl", (PyCFunction)py_descriptor_as_sddl, METH_VARARGS,
NULL },
+ { "ntsd_from_defaultsd", (PyCFunction)py_descriptor_ntsd_from_defaultsd, METH_VARARGS|METH_CLASS|METH_CLASS,
+ NULL },
{ NULL }
};
--
1.6.0.4
--------------070906030808070503010108--
More information about the samba-technical
mailing list