[PATCH] Port of samba.security Python module

Lumir Balhar lbalhar at redhat.com
Tue Aug 8 09:47:08 UTC 2017


On 08/08/2017 10:47 AM, Stefan Metzmacher wrote:
> Hi Lumir,
>
>> +
>> +class CheckAccessTests(samba.tests.TestCase):
>> +
>> +    def test_check_access(self):
>> +        desc = security.descriptor.from_sddl("O:AOG:DAD:(A;;RPWPCCDCLCSWRCWDWOGA;;;S-1-0-0)", security.dom_sid("S-2-0-0"))
>> +        token = security.token()
>> +
>> +        self.assertEqual(access_check(desc, token, 0), 0)
>> +
>> +        params = (
>> +            (-1, -1073741727, 'A required privilege is not held by the client.'),
>> +            (1, -1073741790, '{Access Denied} A process has requested access to an object but has not been granted those access rights.')
>> +        )
> Can you use string constants for the integer values?
>
> I guess you can use
> security.SEC_FLAG_SYSTEM_SECURITY/ntstatus.NT_STATUS_PRIVILEGE_NOT_HELD
> and
> security.SEC_STD_READ_CONTROL/ntstatus.NT_STATUS_ACCESS_DENIED
>
> And I guess checking the status code is enough, we don't
> need to assert on the error message.
>
> metze
>
>
>
Thank you for the review. Yes, I can use constants instead of integers - 
good idea - but samba.ntstatus module is not ready for Python 3 yet. It 
is not a big problem because I am working on samba.ntstatus and 
samba.werror modules right now so I am gonna send another patchset today 
and when it will be merged I'll fix these test.

Thank you one more time and have a nice day.
Lumír



More information about the samba-technical mailing list