Is selftest the best framework for writing permissions and Privileges regression tests?

[Jelmer Vernooij]

On 03/06/2012 11:06 PM, Jelmer Vernooij wrote:
> On 03/06/2012 10:13 PM, Richard Sharpe wrote:
>> Hi folks,
>>
>> At Metze's urging, I am thinking of a bunch of regression tests for
>> ACLS, permissions and Privileges.
>>
>> These tests should be able to:
>>
>> 1. Create files and apply SDs that specify owner SID and any sort of
>> ACL (ie, a bunch of ACEs etc with ALLOW and DENY entries and empty
>> DACLs etc)
>>
>> 2. Try to access these files as various users specified in the DACL
>> (or eventually the SACL and even handle Mandatory stuff) and ensure
>> that the correct access is allowed
>>
>> 3. Grant privileges to certain users and then try to access files
>> where access would be denied to ensure that the granted privileges
>> allow that access.
>>
>> Now, my questions are:
>>
>> a. Is selftest the best place for these tests?
> selftest is merely the infrastructure that takes care of running our
> tests against our own code, including setting up our server side code so
> that this can be done easily.
>
> It invokes various kinds of tests, whether they are part of smbtorture,
> written in python, shell or another sort of executable (e.g. masktest,
> etc).
>
> If you're adding tests that apply to Samba itself, they should really be
> added to selftest.
>
>> b. Does the Python infrastructure have the ability to allow me to
>> create SDs, apply them, grant privilege etc?
> Assuming you want to do this over SMB (rather than testing our local
> code that can write these to xattrs, etc) you should have a look at the
> "samba.smb" module. You might have to extend it to expose all the
> functionality you need, though.

See http://www.samba.org/~jelmer/samba4-python/samba.smb.SMB.html
<http://www.samba.org/%7Ejelmer/samba4-python/samba.smb.SMB.html>

for the current API documentation.

Cheers,

Jelmer