[PATCH] Port of samba.security Python module
Lumir Balhar
lbalhar at redhat.com
Tue Aug 8 09:47:08 UTC 2017
On 08/08/2017 10:47 AM, Stefan Metzmacher wrote:
> Hi Lumir,
>
>> +
>> +class CheckAccessTests(samba.tests.TestCase):
>> +
>> + def test_check_access(self):
>> + desc = security.descriptor.from_sddl("O:AOG:DAD:(A;;RPWPCCDCLCSWRCWDWOGA;;;S-1-0-0)", security.dom_sid("S-2-0-0"))
>> + token = security.token()
>> +
>> + self.assertEqual(access_check(desc, token, 0), 0)
>> +
>> + params = (
>> + (-1, -1073741727, 'A required privilege is not held by the client.'),
>> + (1, -1073741790, '{Access Denied} A process has requested access to an object but has not been granted those access rights.')
>> + )
> Can you use string constants for the integer values?
>
> I guess you can use
> security.SEC_FLAG_SYSTEM_SECURITY/ntstatus.NT_STATUS_PRIVILEGE_NOT_HELD
> and
> security.SEC_STD_READ_CONTROL/ntstatus.NT_STATUS_ACCESS_DENIED
>
> And I guess checking the status code is enough, we don't
> need to assert on the error message.
>
> metze
>
>
>
Thank you for the review. Yes, I can use constants instead of integers -
good idea - but samba.ntstatus module is not ready for Python 3 yet. It
is not a big problem because I am working on samba.ntstatus and
samba.werror modules right now so I am gonna send another patchset today
and when it will be merged I'll fix these test.
Thank you one more time and have a nice day.
LumÃr
More information about the samba-technical
mailing list