[PATCH] Pythonbindings: provide a function to calculate the nTsecurityDescriptor from a defaultSecurityDescriptor

Matthieu Patou mat at matws.net
Thu Sep 17 13:01:39 MDT 2009 

  Contain also unit tests for this function and correct a typo in unit tests.
---
 source4/libcli/security/tests/bindings.py |   20 ++++++++++++-
 source4/librpc/ndr/py_security.c          |   45 +++++++++++++++++++++++++++++
 2 files changed, 64 insertions(+), 1 deletions(-)

diff --git a/source4/libcli/security/tests/bindings.py b/source4/libcli/security/tests/bindings.py
index 00fa05d..1a31f38 100644
--- a/source4/libcli/security/tests/bindings.py
+++ b/source4/libcli/security/tests/bindings.py
@@ -19,6 +19,7 @@
 
 import unittest
 from samba.dcerpc import security
+from samba.auth import system_session
 
 class SecurityTokenTests(unittest.TestCase):
     def setUp(self):
@@ -63,7 +64,7 @@ class SecurityDescriptorTests(unittest.TestCase):
     def test_from_sddl_invalidtype1(self):
         self.assertRaises(TypeError,security.descriptor.from_sddl, security.dom_sid('S-2-0-0-512'),security.dom_sid("S-2-0-0"))
 
-    def test_from_sddl_invalidtype1(self):
+    def test_from_sddl_invalidtype2(self):
         sddl = "O:AOG:DAD:(A;;RPWPCCDCLCSWRCWDWOGA;;;S-1-0-0)"
         self.assertRaises(TypeError,security.descriptor.from_sddl, sddl,"S-2-0-0")
 
@@ -100,6 +101,23 @@ class SecurityDescriptorTests(unittest.TestCase):
         desc1 = security.descriptor.from_sddl(text, dom)
         self.assertNotEqual(desc1.as_sddl(), desc1.as_sddl(dom))
 
+    def test_ntsd_from_defaultsd(self):
+        session = system_session()
+        domsid = security.dom_sid("S-2-0-0")
+        desc = security.descriptor.from_sddl("O:SYG:BAD:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)",domsid)
+        defaultSD = "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)"
+        self.assertEqual(security.descriptor.ntsd_from_defaultsd(defaultSD, domsid,session).as_sddl(domsid),desc.as_sddl(domsid))
+
+    def test_ntsd_from_defaultsd_invalidtype1(self):
+        session = system_session()
+        self.assertRaises(TypeError,security.descriptor.ntsd_from_defaultsd, security.dom_sid('S-2-0-0-512'),security.dom_sid("S-2-0-0"),session)
+
+    def test_ntsd_from_defaultsd_invalidtype2(self):
+        session = system_session()
+        self.assertRaises(TypeError,security.descriptor.ntsd_from_defaultsd, "","S-2-0-0",session)
+
+    def test_ntsd_from_defaultsd_invalidtype3(self):
+        self.assertRaises(TypeError,security.descriptor.ntsd_from_defaultsd, "",security.dom_sid("S-2-0-0"),security.dom_sid("S-2-0-0"))
 
 class DomSidTests(unittest.TestCase):
     def test_parse_sid(self):
diff --git a/source4/librpc/ndr/py_security.c b/source4/librpc/ndr/py_security.c
index 02dc059..4a3e96c 100644
--- a/source4/librpc/ndr/py_security.c
+++ b/source4/librpc/ndr/py_security.c
@@ -18,7 +18,9 @@
 */
 #include <Python.h>
 #include "libcli/security/security.h"
+#include "auth/session.h"
 
+static PyTypeObject *PyAuthSession = NULL;
 #ifndef Py_RETURN_NONE
 #define Py_RETURN_NONE return Py_INCREF(Py_None), Py_None
 #endif
@@ -211,6 +213,47 @@ static PyObject *py_descriptor_as_sddl(PyObject *self, PyObject *args)
 
 	return ret;
 }
+static void py_get_pyauthsession_type(void)
+{
+        PyObject *dep_auth;
+
+        dep_auth = PyImport_ImportModule("samba.auth");
+        if (dep_auth == NULL)
+                return;
+
+        PyAuthSession = (PyTypeObject *)PyObject_GetAttrString(dep_auth, "AuthSession");
+}
+static PyObject *py_descriptor_ntsd_from_defaultsd(PyObject *self, PyObject *args)
+{
+	struct security_descriptor *secdesc;
+	char *sddl;
+	PyObject *py_sid;
+	PyObject *py_session;
+	struct dom_sid *sid;
+        struct auth_session_info *session;
+	
+	if (PyAuthSession == NULL)
+		py_get_pyauthsession_type();
+	if (PyAuthSession == NULL)
+		return NULL;
+	if (!PyArg_ParseTuple(args, "sO!O!", &sddl, &dom_sid_Type, &py_sid, PyAuthSession ,&py_session))
+		return NULL;
+
+	sid = py_talloc_get_ptr(py_sid);
+	session = py_talloc_get_ptr(py_session);
+
+	secdesc = sddl_decode(NULL, sddl, sid);
+	if (secdesc == NULL) {
+		PyErr_SetString(PyExc_TypeError, "Unable to parse SDDL");
+		return NULL;
+	}
+
+	secdesc->owner_sid = session->security_token->user_sid;
+        secdesc->group_sid = session->security_token->group_sid;
+
+	return py_talloc_steal((PyTypeObject *)self, secdesc);
+}
+
 
 static PyMethodDef py_descriptor_extra_methods[] = {
 	{ "sacl_add", (PyCFunction)py_descriptor_sacl_add, METH_VARARGS,
@@ -226,6 +269,8 @@ static PyMethodDef py_descriptor_extra_methods[] = {
 		NULL },
 	{ "as_sddl", (PyCFunction)py_descriptor_as_sddl, METH_VARARGS,
 		NULL },
+	{ "ntsd_from_defaultsd", (PyCFunction)py_descriptor_ntsd_from_defaultsd, METH_VARARGS|METH_CLASS|METH_CLASS,
+		NULL },
 	{ NULL }
 };
 
-- 
1.6.0.4


--------------070209040901070100090600
Content-Type: text/x-patch;
 name="0003-s4-Script-for-upgrading-a-previous-provision.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
 filename*0="0003-s4-Script-for-upgrading-a-previous-provision.patch"

More information about the samba-technical mailing list