[PATCH] Port of samba.security Python module

Lumir Balhar lbalhar at redhat.com
Thu Aug 24 11:21:27 UTC 2017 

On 08/08/2017 11:47 AM, Lumir Balhar via samba-technical wrote:
> On 08/08/2017 10:47 AM, Stefan Metzmacher wrote:
>> Hi Lumir,
>>
>>> +
>>> +class CheckAccessTests(samba.tests.TestCase):
>>> +
>>> +    def test_check_access(self):
>>> +        desc = 
>>> security.descriptor.from_sddl("O:AOG:DAD:(A;;RPWPCCDCLCSWRCWDWOGA;;;S-1-0-0)", 
>>> security.dom_sid("S-2-0-0"))
>>> +        token = security.token()
>>> +
>>> +        self.assertEqual(access_check(desc, token, 0), 0)
>>> +
>>> +        params = (
>>> +            (-1, -1073741727, 'A required privilege is not held by 
>>> the client.'),
>>> +            (1, -1073741790, '{Access Denied} A process has 
>>> requested access to an object but has not been granted those access 
>>> rights.')
>>> +        )
>> Can you use string constants for the integer values?
>>
>> I guess you can use
>> security.SEC_FLAG_SYSTEM_SECURITY/ntstatus.NT_STATUS_PRIVILEGE_NOT_HELD
>> and
>> security.SEC_STD_READ_CONTROL/ntstatus.NT_STATUS_ACCESS_DENIED
>>
>> And I guess checking the status code is enough, we don't
>> need to assert on the error message.
>>
>> metze
>>
>>
>>
> Thank you for the review. Yes, I can use constants instead of integers 
> - good idea - but samba.ntstatus module is not ready for Python 3 yet. 
> It is not a big problem because I am working on samba.ntstatus and 
> samba.werror modules right now so I am gonna send another patchset 
> today and when it will be merged I'll fix these test.
>
> Thank you one more time and have a nice day.
> Lumír
>
Hello.

Because samba.ntstatus module is now available for Python 3 in master, I 
tried your suggestion and I replaced integers values with constants from 
samba.dcerpc.security and samba.ntstatus.

Replaced arguments SEC_FLAG_SYSTEM_SECURITY and SEC_STD_READ_CONTROL are 
working well but exceptions contain different error numbers than 
NT_STATUS_PRIVILEGE_NOT_HELD and NT_STATUS_ACCESS_DENIED and I cannot 
find the right ones.

NT_STATUS_PRIVILEGE_NOT_HELD = 3221225569 but exception contains -1073741727
NT_STATUS_ACCESS_DENIED = 3221225506 but exception contains -1073741790

Please, where do I find the right constants?

Thank you and have a nice day.
Lumír

More information about the samba-technical mailing list