mirror of
https://github.com/valitydev/salt.git
synced 2024-11-07 08:58:59 +00:00
684 lines
29 KiB
Python
684 lines
29 KiB
Python
# -*- coding: utf-8 -*-
|
|
|
|
# Import Python Libs
|
|
from __future__ import absolute_import, unicode_literals, print_function
|
|
import os
|
|
import tempfile
|
|
|
|
# Import Salt Testing Libs
|
|
from tests.support.helpers import destructiveTest, generate_random_name, patch
|
|
from tests.support.mixins import LoaderModuleMockMixin
|
|
from tests.support.mock import NO_MOCK, NO_MOCK_REASON
|
|
from tests.support.unit import TestCase, skipIf
|
|
|
|
# Import Salt Libs
|
|
import salt.utils.platform
|
|
import salt.utils.win_dacl as win_dacl
|
|
import salt.utils.win_reg as win_reg
|
|
|
|
try:
|
|
import pywintypes
|
|
import win32security
|
|
HAS_WIN32 = True
|
|
except ImportError:
|
|
HAS_WIN32 = False
|
|
|
|
FAKE_KEY = 'SOFTWARE\\{0}'.format(generate_random_name('SaltTesting-'))
|
|
|
|
|
|
@skipIf(NO_MOCK, NO_MOCK_REASON)
|
|
@skipIf(not HAS_WIN32, 'Requires pywin32')
|
|
@skipIf(not salt.utils.platform.is_windows(), 'System is not Windows')
|
|
class WinDaclTestCase(TestCase):
|
|
'''
|
|
Test cases for salt.utils.win_dacl in the registry
|
|
'''
|
|
def test_get_sid_string(self):
|
|
'''
|
|
Validate getting a pysid object from a name
|
|
'''
|
|
sid_obj = win_dacl.get_sid('Administrators')
|
|
self.assertTrue(
|
|
isinstance(sid_obj, pywintypes.SIDType))
|
|
self.assertEqual(
|
|
win32security.LookupAccountSid(None, sid_obj)[0],
|
|
'Administrators')
|
|
|
|
def test_get_sid_sid_string(self):
|
|
'''
|
|
Validate getting a pysid object from a SID string
|
|
'''
|
|
sid_obj = win_dacl.get_sid('S-1-5-32-544')
|
|
self.assertTrue(isinstance(sid_obj, pywintypes.SIDType))
|
|
self.assertEqual(win32security.LookupAccountSid(None, sid_obj)[0],
|
|
'Administrators')
|
|
|
|
def test_get_sid_string_name(self):
|
|
'''
|
|
Validate getting a pysid object from a SID string
|
|
'''
|
|
sid_obj = win_dacl.get_sid('Administrators')
|
|
self.assertTrue(isinstance(sid_obj, pywintypes.SIDType))
|
|
self.assertEqual(win_dacl.get_sid_string(sid_obj), 'S-1-5-32-544')
|
|
|
|
def test_get_sid_string_none(self):
|
|
'''
|
|
Validate getting a pysid object from None (NULL SID)
|
|
'''
|
|
sid_obj = win_dacl.get_sid(None)
|
|
self.assertTrue(isinstance(sid_obj, pywintypes.SIDType))
|
|
self.assertEqual(win_dacl.get_sid_string(sid_obj), 'S-1-0-0')
|
|
|
|
def test_get_name(self):
|
|
'''
|
|
Get the name
|
|
'''
|
|
# Case
|
|
self.assertEqual(win_dacl.get_name('adMiniStrAtorS'), 'Administrators')
|
|
# SID String
|
|
self.assertEqual(win_dacl.get_name('S-1-5-32-544'), 'Administrators')
|
|
# SID Object
|
|
sid_obj = win_dacl.get_sid('Administrators')
|
|
self.assertTrue(isinstance(sid_obj, pywintypes.SIDType))
|
|
self.assertEqual(win_dacl.get_name(sid_obj), 'Administrators')
|
|
|
|
|
|
@skipIf(NO_MOCK, NO_MOCK_REASON)
|
|
@skipIf(not HAS_WIN32, 'Requires pywin32')
|
|
@skipIf(not salt.utils.platform.is_windows(), 'System is not Windows')
|
|
class WinDaclRegTestCase(TestCase, LoaderModuleMockMixin):
|
|
obj_name = 'HKLM\\' + FAKE_KEY
|
|
obj_type = 'registry'
|
|
'''
|
|
Test cases for salt.utils.win_dacl in the registry
|
|
'''
|
|
def setup_loader_modules(self):
|
|
return {win_dacl: {}}
|
|
|
|
def setUp(self):
|
|
self.assertTrue(win_reg.set_value(hive='HKLM',
|
|
key=FAKE_KEY,
|
|
vname='fake_name',
|
|
vdata='fake_data'))
|
|
|
|
def tearDown(self):
|
|
win_reg.delete_key_recursive(hive='HKLM', key=FAKE_KEY)
|
|
|
|
@destructiveTest
|
|
def test_owner(self):
|
|
'''
|
|
Test the set_owner function
|
|
Test the get_owner function
|
|
'''
|
|
self.assertTrue(win_dacl.set_owner(obj_name=self.obj_name,
|
|
principal='Backup Operators',
|
|
obj_type=self.obj_type))
|
|
self.assertEqual(win_dacl.get_owner(obj_name=self.obj_name,
|
|
obj_type=self.obj_type),
|
|
'Backup Operators')
|
|
|
|
@destructiveTest
|
|
def test_primary_group(self):
|
|
'''
|
|
Test the set_primary_group function
|
|
Test the get_primary_group function
|
|
'''
|
|
self.assertTrue(win_dacl.set_primary_group(obj_name=self.obj_name,
|
|
principal='Backup Operators',
|
|
obj_type=self.obj_type))
|
|
self.assertEqual(win_dacl.get_primary_group(obj_name=self.obj_name,
|
|
obj_type=self.obj_type),
|
|
'Backup Operators')
|
|
|
|
@destructiveTest
|
|
def test_set_permissions(self):
|
|
'''
|
|
Test the set_permissions function
|
|
'''
|
|
self.assertTrue(win_dacl.set_permissions(obj_name=self.obj_name,
|
|
principal='Backup Operators',
|
|
permissions='full_control',
|
|
access_mode='grant',
|
|
obj_type=self.obj_type,
|
|
reset_perms=False,
|
|
protected=None))
|
|
expected = {
|
|
'Not Inherited': {
|
|
'Backup Operators': {
|
|
'grant': {
|
|
'applies to': 'This key and subkeys',
|
|
'permissions': 'Full Control'}}}}
|
|
self.assertEqual(win_dacl.get_permissions(obj_name=self.obj_name,
|
|
principal='Backup Operators',
|
|
obj_type=self.obj_type),
|
|
expected)
|
|
|
|
@destructiveTest
|
|
def test_get_permissions(self):
|
|
'''
|
|
Test the get_permissions function
|
|
'''
|
|
self.assertTrue(win_dacl.set_permissions(obj_name=self.obj_name,
|
|
principal='Backup Operators',
|
|
permissions='full_control',
|
|
access_mode='grant',
|
|
obj_type=self.obj_type,
|
|
reset_perms=False,
|
|
protected=None))
|
|
expected = {
|
|
'Not Inherited': {
|
|
'Backup Operators': {
|
|
'grant': {
|
|
'applies to': 'This key and subkeys',
|
|
'permissions': 'Full Control'}}}}
|
|
self.assertEqual(win_dacl.get_permissions(obj_name=self.obj_name,
|
|
principal='Backup Operators',
|
|
obj_type=self.obj_type),
|
|
expected)
|
|
|
|
@destructiveTest
|
|
def test_has_permission(self):
|
|
'''
|
|
Test the has_permission function
|
|
'''
|
|
self.assertTrue(win_dacl.set_permissions(obj_name=self.obj_name,
|
|
principal='Backup Operators',
|
|
permissions='full_control',
|
|
access_mode='grant',
|
|
obj_type=self.obj_type,
|
|
reset_perms=False,
|
|
protected=None))
|
|
# Test has_permission exact
|
|
self.assertTrue(win_dacl.has_permission(obj_name=self.obj_name,
|
|
principal='Backup Operators',
|
|
permission='full_control',
|
|
access_mode='grant',
|
|
obj_type=self.obj_type,
|
|
exact=True))
|
|
# Test has_permission contains
|
|
self.assertTrue(win_dacl.has_permission(obj_name=self.obj_name,
|
|
principal='Backup Operators',
|
|
permission='read',
|
|
access_mode='grant',
|
|
obj_type=self.obj_type,
|
|
exact=False))
|
|
|
|
@destructiveTest
|
|
def test_rm_permissions(self):
|
|
'''
|
|
Test the rm_permissions function
|
|
'''
|
|
self.assertTrue(win_dacl.set_permissions(obj_name=self.obj_name,
|
|
principal='Backup Operators',
|
|
permissions='full_control',
|
|
access_mode='grant',
|
|
obj_type=self.obj_type,
|
|
reset_perms=False,
|
|
protected=None))
|
|
self.assertTrue(win_dacl.rm_permissions(obj_name=self.obj_name,
|
|
principal='Backup Operators',
|
|
obj_type=self.obj_type))
|
|
self.assertEqual(win_dacl.get_permissions(obj_name=self.obj_name,
|
|
principal='Backup Operators',
|
|
obj_type=self.obj_type),
|
|
{})
|
|
|
|
@destructiveTest
|
|
def test_inheritance(self):
|
|
'''
|
|
Test the set_inheritance function
|
|
Test the get_inheritance function
|
|
'''
|
|
self.assertTrue(win_dacl.set_inheritance(obj_name=self.obj_name,
|
|
enabled=True,
|
|
obj_type=self.obj_type,
|
|
clear=False))
|
|
self.assertTrue(win_dacl.get_inheritance(obj_name=self.obj_name,
|
|
obj_type=self.obj_type))
|
|
self.assertTrue(win_dacl.set_inheritance(obj_name=self.obj_name,
|
|
enabled=False,
|
|
obj_type=self.obj_type,
|
|
clear=False))
|
|
self.assertFalse(win_dacl.get_inheritance(obj_name=self.obj_name,
|
|
obj_type=self.obj_type))
|
|
|
|
@destructiveTest
|
|
def test_check_perms(self):
|
|
'''
|
|
Test the check_perms function
|
|
'''
|
|
with patch.dict(win_dacl.__opts__, {"test": False}):
|
|
result = win_dacl.check_perms(
|
|
obj_name=self.obj_name,
|
|
obj_type=self.obj_type,
|
|
ret={},
|
|
owner='Users',
|
|
grant_perms={'Backup Operators': {'perms': 'read'}},
|
|
deny_perms={'Backup Operators': {'perms': ['delete']},
|
|
'NETWORK SERVICE': {'perms': ['delete',
|
|
'set_value',
|
|
'write_dac',
|
|
'write_owner']}},
|
|
inheritance=True,
|
|
reset=False)
|
|
|
|
expected = {'changes': {'owner': 'Users',
|
|
'perms': {'Backup Operators': {'grant': 'read',
|
|
'deny': ['delete']},
|
|
'NETWORK SERVICE': {'deny': ['delete',
|
|
'set_value',
|
|
'write_dac',
|
|
'write_owner']}}},
|
|
'comment': '',
|
|
'name': self.obj_name,
|
|
'result': True}
|
|
self.assertDictEqual(result, expected)
|
|
|
|
expected = {
|
|
'Not Inherited': {
|
|
'Backup Operators': {
|
|
'grant': {
|
|
'applies to': 'This key and subkeys',
|
|
'permissions': 'Read'},
|
|
'deny': {
|
|
'applies to': 'This key and subkeys',
|
|
'permissions': ['Delete']}}}}
|
|
self.assertDictEqual(
|
|
win_dacl.get_permissions(
|
|
obj_name=self.obj_name,
|
|
principal='Backup Operators',
|
|
obj_type=self.obj_type),
|
|
expected)
|
|
|
|
expected = {
|
|
'Not Inherited': {
|
|
'NETWORK SERVICE': {
|
|
'deny': {
|
|
'applies to': 'This key and subkeys',
|
|
'permissions': ['Set Value',
|
|
'Delete',
|
|
'Write Owner',
|
|
'Write DAC']}}}}
|
|
self.assertDictEqual(
|
|
win_dacl.get_permissions(
|
|
obj_name=self.obj_name,
|
|
principal='NETWORK SERVICE',
|
|
obj_type=self.obj_type),
|
|
expected)
|
|
|
|
self.assertEqual(
|
|
win_dacl.get_owner(
|
|
obj_name=self.obj_name,
|
|
obj_type=self.obj_type),
|
|
'Users')
|
|
|
|
@destructiveTest
|
|
def test_check_perms_test_true(self):
|
|
'''
|
|
Test the check_perms function
|
|
'''
|
|
with patch.dict(win_dacl.__opts__, {"test": True}):
|
|
result = win_dacl.check_perms(
|
|
obj_name=self.obj_name,
|
|
obj_type=self.obj_type,
|
|
ret=None,
|
|
owner='Users',
|
|
grant_perms={'Backup Operators': {'perms': 'read'}},
|
|
deny_perms={'NETWORK SERVICE': {'perms': ['delete',
|
|
'set_value',
|
|
'write_dac',
|
|
'write_owner']},
|
|
'Backup Operators': {'perms': ['delete']}},
|
|
inheritance=True,
|
|
reset=False)
|
|
|
|
expected = {
|
|
'changes': {'owner': 'Users',
|
|
'perms': {'Backup Operators': {'grant': 'read',
|
|
'deny': ['delete']},
|
|
'NETWORK SERVICE': {'deny': ['delete',
|
|
'set_value',
|
|
'write_dac',
|
|
'write_owner']}}},
|
|
'comment': '',
|
|
'name': self.obj_name,
|
|
'result': None}
|
|
self.assertDictEqual(result, expected)
|
|
|
|
self.assertNotEqual(
|
|
win_dacl.get_owner(
|
|
obj_name=self.obj_name,
|
|
obj_type=self.obj_type),
|
|
'Users')
|
|
|
|
self.assertEqual(
|
|
win_dacl.get_permissions(
|
|
obj_name=self.obj_name,
|
|
principal='Backup Operators',
|
|
obj_type=self.obj_type),
|
|
{})
|
|
|
|
def test_set_perms(self):
|
|
'''
|
|
Test the set_perms function
|
|
'''
|
|
result = win_dacl.set_perms(
|
|
obj_name=self.obj_name,
|
|
obj_type=self.obj_type,
|
|
grant_perms={'Backup Operators': {'perms': 'read'}},
|
|
deny_perms={'NETWORK SERVICE': {'perms': ['delete',
|
|
'set_value',
|
|
'write_dac',
|
|
'write_owner']}},
|
|
inheritance=True,
|
|
reset=False)
|
|
|
|
expected = {
|
|
'deny': {'NETWORK SERVICE': {'perms': ['delete',
|
|
'set_value',
|
|
'write_dac',
|
|
'write_owner']}},
|
|
'grant': {'Backup Operators': {'perms': 'read'}}}
|
|
|
|
self.assertDictEqual(result, expected)
|
|
|
|
|
|
@skipIf(NO_MOCK, NO_MOCK_REASON)
|
|
@skipIf(not HAS_WIN32, 'Requires pywin32')
|
|
@skipIf(not salt.utils.platform.is_windows(), 'System is not Windows')
|
|
class WinDaclFileTestCase(TestCase, LoaderModuleMockMixin):
|
|
obj_name = ''
|
|
obj_type = 'file'
|
|
'''
|
|
Test cases for salt.utils.win_dacl in the file system
|
|
'''
|
|
def setup_loader_modules(self):
|
|
return {win_dacl: {}}
|
|
|
|
def setUp(self):
|
|
config_file_fd, self.obj_name = tempfile.mkstemp(prefix='SaltTesting-',
|
|
suffix='txt')
|
|
os.close(config_file_fd)
|
|
|
|
def tearDown(self):
|
|
os.remove(self.obj_name)
|
|
|
|
@destructiveTest
|
|
def test_owner(self):
|
|
'''
|
|
Test the set_owner function
|
|
Test the get_owner function
|
|
'''
|
|
self.assertTrue(win_dacl.set_owner(obj_name=self.obj_name,
|
|
principal='Backup Operators',
|
|
obj_type=self.obj_type))
|
|
self.assertEqual(win_dacl.get_owner(obj_name=self.obj_name,
|
|
obj_type=self.obj_type),
|
|
'Backup Operators')
|
|
|
|
@destructiveTest
|
|
def test_primary_group(self):
|
|
'''
|
|
Test the set_primary_group function
|
|
Test the get_primary_group function
|
|
'''
|
|
self.assertTrue(win_dacl.set_primary_group(obj_name=self.obj_name,
|
|
principal='Backup Operators',
|
|
obj_type=self.obj_type))
|
|
self.assertEqual(win_dacl.get_primary_group(obj_name=self.obj_name,
|
|
obj_type=self.obj_type),
|
|
'Backup Operators')
|
|
|
|
@destructiveTest
|
|
def test_set_permissions(self):
|
|
'''
|
|
Test the set_permissions function
|
|
'''
|
|
self.assertTrue(win_dacl.set_permissions(obj_name=self.obj_name,
|
|
principal='Backup Operators',
|
|
permissions='full_control',
|
|
access_mode='grant',
|
|
obj_type=self.obj_type,
|
|
reset_perms=False,
|
|
protected=None))
|
|
expected = {
|
|
'Not Inherited': {
|
|
'Backup Operators': {
|
|
'grant': {
|
|
'applies to': 'Not Inherited (file)',
|
|
'permissions': 'Full control'}}}}
|
|
self.assertEqual(win_dacl.get_permissions(obj_name=self.obj_name,
|
|
principal='Backup Operators',
|
|
obj_type=self.obj_type),
|
|
expected)
|
|
|
|
@destructiveTest
|
|
def test_get_permissions(self):
|
|
'''
|
|
Test the get_permissions function
|
|
'''
|
|
self.assertTrue(win_dacl.set_permissions(obj_name=self.obj_name,
|
|
principal='Backup Operators',
|
|
permissions='full_control',
|
|
access_mode='grant',
|
|
obj_type=self.obj_type,
|
|
reset_perms=False,
|
|
protected=None))
|
|
expected = {
|
|
'Not Inherited': {
|
|
'Backup Operators': {
|
|
'grant': {
|
|
'applies to': 'Not Inherited (file)',
|
|
'permissions': 'Full control'}}}}
|
|
self.assertEqual(win_dacl.get_permissions(obj_name=self.obj_name,
|
|
principal='Backup Operators',
|
|
obj_type=self.obj_type),
|
|
expected)
|
|
|
|
@destructiveTest
|
|
def test_has_permission(self):
|
|
'''
|
|
Test the has_permission function
|
|
'''
|
|
self.assertTrue(win_dacl.set_permissions(obj_name=self.obj_name,
|
|
principal='Backup Operators',
|
|
permissions='full_control',
|
|
access_mode='grant',
|
|
obj_type=self.obj_type,
|
|
reset_perms=False,
|
|
protected=None))
|
|
# Test has_permission exact
|
|
self.assertTrue(win_dacl.has_permission(obj_name=self.obj_name,
|
|
principal='Backup Operators',
|
|
permission='full_control',
|
|
access_mode='grant',
|
|
obj_type=self.obj_type,
|
|
exact=True))
|
|
# Test has_permission contains
|
|
self.assertTrue(win_dacl.has_permission(obj_name=self.obj_name,
|
|
principal='Backup Operators',
|
|
permission='read',
|
|
access_mode='grant',
|
|
obj_type=self.obj_type,
|
|
exact=False))
|
|
|
|
@destructiveTest
|
|
def test_rm_permissions(self):
|
|
'''
|
|
Test the rm_permissions function
|
|
'''
|
|
self.assertTrue(win_dacl.set_permissions(obj_name=self.obj_name,
|
|
principal='Backup Operators',
|
|
permissions='full_control',
|
|
access_mode='grant',
|
|
obj_type=self.obj_type,
|
|
reset_perms=False,
|
|
protected=None))
|
|
self.assertTrue(win_dacl.rm_permissions(obj_name=self.obj_name,
|
|
principal='Backup Operators',
|
|
obj_type=self.obj_type))
|
|
self.assertEqual(win_dacl.get_permissions(obj_name=self.obj_name,
|
|
principal='Backup Operators',
|
|
obj_type=self.obj_type),
|
|
{})
|
|
|
|
@destructiveTest
|
|
def test_inheritance(self):
|
|
'''
|
|
Test the set_inheritance function
|
|
Test the get_inheritance function
|
|
'''
|
|
self.assertTrue(win_dacl.set_inheritance(obj_name=self.obj_name,
|
|
enabled=True,
|
|
obj_type=self.obj_type,
|
|
clear=False))
|
|
self.assertTrue(win_dacl.get_inheritance(obj_name=self.obj_name,
|
|
obj_type=self.obj_type))
|
|
self.assertTrue(win_dacl.set_inheritance(obj_name=self.obj_name,
|
|
enabled=False,
|
|
obj_type=self.obj_type,
|
|
clear=False))
|
|
self.assertFalse(win_dacl.get_inheritance(obj_name=self.obj_name,
|
|
obj_type=self.obj_type))
|
|
|
|
@destructiveTest
|
|
def test_check_perms(self):
|
|
'''
|
|
Test the check_perms function
|
|
'''
|
|
with patch.dict(win_dacl.__opts__, {"test": False}):
|
|
result = win_dacl.check_perms(
|
|
obj_name=self.obj_name,
|
|
obj_type=self.obj_type,
|
|
ret={},
|
|
owner='Users',
|
|
grant_perms={'Backup Operators': {'perms': 'read'}},
|
|
deny_perms={'Backup Operators': {'perms': ['delete']},
|
|
'NETWORK SERVICE': {'perms': ['delete',
|
|
'change_permissions',
|
|
'write_attributes',
|
|
'write_data']}},
|
|
inheritance=True,
|
|
reset=False)
|
|
|
|
expected = {
|
|
'changes': {'owner': 'Users',
|
|
'perms': {'Backup Operators': {'grant': 'read',
|
|
'deny': ['delete']},
|
|
'NETWORK SERVICE': {'deny': ['delete',
|
|
'change_permissions',
|
|
'write_attributes',
|
|
'write_data']}}},
|
|
'comment': '',
|
|
'name': self.obj_name,
|
|
'result': True}
|
|
self.assertDictEqual(result, expected)
|
|
|
|
expected = {
|
|
'Not Inherited': {
|
|
'Backup Operators': {
|
|
'grant': {
|
|
'applies to': 'Not Inherited (file)',
|
|
'permissions': 'Read'},
|
|
'deny': {
|
|
'applies to': 'Not Inherited (file)',
|
|
'permissions': ['Delete']}}}}
|
|
self.assertDictEqual(
|
|
win_dacl.get_permissions(
|
|
obj_name=self.obj_name,
|
|
principal='Backup Operators',
|
|
obj_type=self.obj_type),
|
|
expected)
|
|
|
|
expected = {
|
|
'Not Inherited': {
|
|
'NETWORK SERVICE': {
|
|
'deny': {
|
|
'applies to': 'Not Inherited (file)',
|
|
'permissions': ['Delete',
|
|
'Create files / write data',
|
|
'Write attributes',
|
|
'Change permissions']}}}}
|
|
self.assertDictEqual(
|
|
win_dacl.get_permissions(
|
|
obj_name=self.obj_name,
|
|
principal='NETWORK SERVICE',
|
|
obj_type=self.obj_type),
|
|
expected)
|
|
|
|
self.assertEqual(
|
|
win_dacl.get_owner(
|
|
obj_name=self.obj_name,
|
|
obj_type=self.obj_type),
|
|
'Users')
|
|
|
|
@destructiveTest
|
|
def test_check_perms_test_true(self):
|
|
'''
|
|
Test the check_perms function
|
|
'''
|
|
with patch.dict(win_dacl.__opts__, {"test": True}):
|
|
result = win_dacl.check_perms(
|
|
obj_name=self.obj_name,
|
|
obj_type=self.obj_type,
|
|
ret=None,
|
|
owner='Users',
|
|
grant_perms={'Backup Operators': {'perms': 'read'}},
|
|
deny_perms={'NETWORK SERVICE': {'perms': ['delete',
|
|
'set_value',
|
|
'write_dac',
|
|
'write_owner']},
|
|
'Backup Operators': {'perms': ['delete']}},
|
|
inheritance=True,
|
|
reset=False)
|
|
|
|
expected = {
|
|
'changes': {'owner': 'Users',
|
|
'perms': {'Backup Operators': {'grant': 'read',
|
|
'deny': ['delete']},
|
|
'NETWORK SERVICE': {'deny': ['delete',
|
|
'set_value',
|
|
'write_dac',
|
|
'write_owner']}}},
|
|
'comment': '',
|
|
'name': self.obj_name,
|
|
'result': None}
|
|
self.assertDictEqual(result, expected)
|
|
|
|
self.assertNotEqual(
|
|
win_dacl.get_owner(
|
|
obj_name=self.obj_name,
|
|
obj_type=self.obj_type),
|
|
'Users')
|
|
|
|
self.assertEqual(
|
|
win_dacl.get_permissions(
|
|
obj_name=self.obj_name,
|
|
principal='Backup Operators',
|
|
obj_type=self.obj_type),
|
|
{})
|
|
|
|
def test_set_perms(self):
|
|
'''
|
|
Test the set_perms function
|
|
'''
|
|
result = win_dacl.set_perms(
|
|
obj_name=self.obj_name,
|
|
obj_type=self.obj_type,
|
|
grant_perms={'Backup Operators': {'perms': 'read'}},
|
|
deny_perms={'NETWORK SERVICE': {'perms': ['delete',
|
|
'change_permissions',
|
|
'write_attributes',
|
|
'write_data']}},
|
|
inheritance=True,
|
|
reset=False)
|
|
|
|
expected = {
|
|
'deny': {'NETWORK SERVICE': {'perms': ['delete',
|
|
'change_permissions',
|
|
'write_attributes',
|
|
'write_data']}},
|
|
'grant': {'Backup Operators': {'perms': 'read'}}}
|
|
|
|
self.assertDictEqual(result, expected)
|