1
0

test_win_dacl.py 29 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680
  1. # -*- coding: utf-8 -*-
  2. # Import Python Libs
  3. from __future__ import absolute_import, unicode_literals, print_function
  4. import os
  5. import tempfile
  6. # Import Salt Testing Libs
  7. from tests.support.helpers import generate_random_name, patch
  8. from tests.support.mixins import LoaderModuleMockMixin
  9. from tests.support.unit import TestCase, skipIf
  10. # Import Salt Libs
  11. import salt.utils.platform
  12. import salt.utils.win_dacl as win_dacl
  13. import salt.utils.win_reg as win_reg
  14. import pytest
  15. try:
  16. import pywintypes
  17. import win32security
  18. HAS_WIN32 = True
  19. except ImportError:
  20. HAS_WIN32 = False
  21. FAKE_KEY = 'SOFTWARE\\{0}'.format(generate_random_name('SaltTesting-'))
  22. @skipIf(not HAS_WIN32, 'Requires pywin32')
  23. @skipIf(not salt.utils.platform.is_windows(), 'System is not Windows')
  24. class WinDaclTestCase(TestCase):
  25. '''
  26. Test cases for salt.utils.win_dacl in the registry
  27. '''
  28. def test_get_sid_string(self):
  29. '''
  30. Validate getting a pysid object from a name
  31. '''
  32. sid_obj = win_dacl.get_sid('Administrators')
  33. self.assertTrue(
  34. isinstance(sid_obj, pywintypes.SIDType))
  35. self.assertEqual(
  36. win32security.LookupAccountSid(None, sid_obj)[0],
  37. 'Administrators')
  38. def test_get_sid_sid_string(self):
  39. '''
  40. Validate getting a pysid object from a SID string
  41. '''
  42. sid_obj = win_dacl.get_sid('S-1-5-32-544')
  43. self.assertTrue(isinstance(sid_obj, pywintypes.SIDType))
  44. self.assertEqual(win32security.LookupAccountSid(None, sid_obj)[0],
  45. 'Administrators')
  46. def test_get_sid_string_name(self):
  47. '''
  48. Validate getting a pysid object from a SID string
  49. '''
  50. sid_obj = win_dacl.get_sid('Administrators')
  51. self.assertTrue(isinstance(sid_obj, pywintypes.SIDType))
  52. self.assertEqual(win_dacl.get_sid_string(sid_obj), 'S-1-5-32-544')
  53. def test_get_sid_string_none(self):
  54. '''
  55. Validate getting a pysid object from None (NULL SID)
  56. '''
  57. sid_obj = win_dacl.get_sid(None)
  58. self.assertTrue(isinstance(sid_obj, pywintypes.SIDType))
  59. self.assertEqual(win_dacl.get_sid_string(sid_obj), 'S-1-0-0')
  60. def test_get_name(self):
  61. '''
  62. Get the name
  63. '''
  64. # Case
  65. self.assertEqual(win_dacl.get_name('adMiniStrAtorS'), 'Administrators')
  66. # SID String
  67. self.assertEqual(win_dacl.get_name('S-1-5-32-544'), 'Administrators')
  68. # SID Object
  69. sid_obj = win_dacl.get_sid('Administrators')
  70. self.assertTrue(isinstance(sid_obj, pywintypes.SIDType))
  71. self.assertEqual(win_dacl.get_name(sid_obj), 'Administrators')
  72. @skipIf(not HAS_WIN32, 'Requires pywin32')
  73. @skipIf(not salt.utils.platform.is_windows(), 'System is not Windows')
  74. class WinDaclRegTestCase(TestCase, LoaderModuleMockMixin):
  75. obj_name = 'HKLM\\' + FAKE_KEY
  76. obj_type = 'registry'
  77. '''
  78. Test cases for salt.utils.win_dacl in the registry
  79. '''
  80. def setup_loader_modules(self):
  81. return {win_dacl: {}}
  82. def setUp(self):
  83. self.assertTrue(win_reg.set_value(hive='HKLM',
  84. key=FAKE_KEY,
  85. vname='fake_name',
  86. vdata='fake_data'))
  87. def tearDown(self):
  88. win_reg.delete_key_recursive(hive='HKLM', key=FAKE_KEY)
  89. @pytest.mark.destructive_test
  90. def test_owner(self):
  91. '''
  92. Test the set_owner function
  93. Test the get_owner function
  94. '''
  95. self.assertTrue(win_dacl.set_owner(obj_name=self.obj_name,
  96. principal='Backup Operators',
  97. obj_type=self.obj_type))
  98. self.assertEqual(win_dacl.get_owner(obj_name=self.obj_name,
  99. obj_type=self.obj_type),
  100. 'Backup Operators')
  101. @pytest.mark.destructive_test
  102. def test_primary_group(self):
  103. '''
  104. Test the set_primary_group function
  105. Test the get_primary_group function
  106. '''
  107. self.assertTrue(win_dacl.set_primary_group(obj_name=self.obj_name,
  108. principal='Backup Operators',
  109. obj_type=self.obj_type))
  110. self.assertEqual(win_dacl.get_primary_group(obj_name=self.obj_name,
  111. obj_type=self.obj_type),
  112. 'Backup Operators')
  113. @pytest.mark.destructive_test
  114. def test_set_permissions(self):
  115. '''
  116. Test the set_permissions function
  117. '''
  118. self.assertTrue(win_dacl.set_permissions(obj_name=self.obj_name,
  119. principal='Backup Operators',
  120. permissions='full_control',
  121. access_mode='grant',
  122. obj_type=self.obj_type,
  123. reset_perms=False,
  124. protected=None))
  125. expected = {
  126. 'Not Inherited': {
  127. 'Backup Operators': {
  128. 'grant': {
  129. 'applies to': 'This key and subkeys',
  130. 'permissions': 'Full Control'}}}}
  131. self.assertEqual(win_dacl.get_permissions(obj_name=self.obj_name,
  132. principal='Backup Operators',
  133. obj_type=self.obj_type),
  134. expected)
  135. @pytest.mark.destructive_test
  136. def test_get_permissions(self):
  137. '''
  138. Test the get_permissions function
  139. '''
  140. self.assertTrue(win_dacl.set_permissions(obj_name=self.obj_name,
  141. principal='Backup Operators',
  142. permissions='full_control',
  143. access_mode='grant',
  144. obj_type=self.obj_type,
  145. reset_perms=False,
  146. protected=None))
  147. expected = {
  148. 'Not Inherited': {
  149. 'Backup Operators': {
  150. 'grant': {
  151. 'applies to': 'This key and subkeys',
  152. 'permissions': 'Full Control'}}}}
  153. self.assertEqual(win_dacl.get_permissions(obj_name=self.obj_name,
  154. principal='Backup Operators',
  155. obj_type=self.obj_type),
  156. expected)
  157. @pytest.mark.destructive_test
  158. def test_has_permission(self):
  159. '''
  160. Test the has_permission function
  161. '''
  162. self.assertTrue(win_dacl.set_permissions(obj_name=self.obj_name,
  163. principal='Backup Operators',
  164. permissions='full_control',
  165. access_mode='grant',
  166. obj_type=self.obj_type,
  167. reset_perms=False,
  168. protected=None))
  169. # Test has_permission exact
  170. self.assertTrue(win_dacl.has_permission(obj_name=self.obj_name,
  171. principal='Backup Operators',
  172. permission='full_control',
  173. access_mode='grant',
  174. obj_type=self.obj_type,
  175. exact=True))
  176. # Test has_permission contains
  177. self.assertTrue(win_dacl.has_permission(obj_name=self.obj_name,
  178. principal='Backup Operators',
  179. permission='read',
  180. access_mode='grant',
  181. obj_type=self.obj_type,
  182. exact=False))
  183. @pytest.mark.destructive_test
  184. def test_rm_permissions(self):
  185. '''
  186. Test the rm_permissions function
  187. '''
  188. self.assertTrue(win_dacl.set_permissions(obj_name=self.obj_name,
  189. principal='Backup Operators',
  190. permissions='full_control',
  191. access_mode='grant',
  192. obj_type=self.obj_type,
  193. reset_perms=False,
  194. protected=None))
  195. self.assertTrue(win_dacl.rm_permissions(obj_name=self.obj_name,
  196. principal='Backup Operators',
  197. obj_type=self.obj_type))
  198. self.assertEqual(win_dacl.get_permissions(obj_name=self.obj_name,
  199. principal='Backup Operators',
  200. obj_type=self.obj_type),
  201. {})
  202. @pytest.mark.destructive_test
  203. def test_inheritance(self):
  204. '''
  205. Test the set_inheritance function
  206. Test the get_inheritance function
  207. '''
  208. self.assertTrue(win_dacl.set_inheritance(obj_name=self.obj_name,
  209. enabled=True,
  210. obj_type=self.obj_type,
  211. clear=False))
  212. self.assertTrue(win_dacl.get_inheritance(obj_name=self.obj_name,
  213. obj_type=self.obj_type))
  214. self.assertTrue(win_dacl.set_inheritance(obj_name=self.obj_name,
  215. enabled=False,
  216. obj_type=self.obj_type,
  217. clear=False))
  218. self.assertFalse(win_dacl.get_inheritance(obj_name=self.obj_name,
  219. obj_type=self.obj_type))
  220. @pytest.mark.destructive_test
  221. def test_check_perms(self):
  222. '''
  223. Test the check_perms function
  224. '''
  225. with patch.dict(win_dacl.__opts__, {"test": False}):
  226. result = win_dacl.check_perms(
  227. obj_name=self.obj_name,
  228. obj_type=self.obj_type,
  229. ret={},
  230. owner='Users',
  231. grant_perms={'Backup Operators': {'perms': 'read'}},
  232. deny_perms={'Backup Operators': {'perms': ['delete']},
  233. 'NETWORK SERVICE': {'perms': ['delete',
  234. 'set_value',
  235. 'write_dac',
  236. 'write_owner']}},
  237. inheritance=True,
  238. reset=False)
  239. expected = {'changes': {'owner': 'Users',
  240. 'perms': {'Backup Operators': {'grant': 'read',
  241. 'deny': ['delete']},
  242. 'NETWORK SERVICE': {'deny': ['delete',
  243. 'set_value',
  244. 'write_dac',
  245. 'write_owner']}}},
  246. 'comment': '',
  247. 'name': self.obj_name,
  248. 'result': True}
  249. self.assertDictEqual(result, expected)
  250. expected = {
  251. 'Not Inherited': {
  252. 'Backup Operators': {
  253. 'grant': {
  254. 'applies to': 'This key and subkeys',
  255. 'permissions': 'Read'},
  256. 'deny': {
  257. 'applies to': 'This key and subkeys',
  258. 'permissions': ['Delete']}}}}
  259. self.assertDictEqual(
  260. win_dacl.get_permissions(
  261. obj_name=self.obj_name,
  262. principal='Backup Operators',
  263. obj_type=self.obj_type),
  264. expected)
  265. expected = {
  266. 'Not Inherited': {
  267. 'NETWORK SERVICE': {
  268. 'deny': {
  269. 'applies to': 'This key and subkeys',
  270. 'permissions': ['Delete',
  271. 'Set Value',
  272. 'Write DAC',
  273. 'Write Owner']}}}}
  274. self.assertDictEqual(
  275. win_dacl.get_permissions(
  276. obj_name=self.obj_name,
  277. principal='NETWORK SERVICE',
  278. obj_type=self.obj_type),
  279. expected)
  280. self.assertEqual(
  281. win_dacl.get_owner(
  282. obj_name=self.obj_name,
  283. obj_type=self.obj_type),
  284. 'Users')
  285. @pytest.mark.destructive_test
  286. def test_check_perms_test_true(self):
  287. '''
  288. Test the check_perms function
  289. '''
  290. with patch.dict(win_dacl.__opts__, {"test": True}):
  291. result = win_dacl.check_perms(
  292. obj_name=self.obj_name,
  293. obj_type=self.obj_type,
  294. ret=None,
  295. owner='Users',
  296. grant_perms={'Backup Operators': {'perms': 'read'}},
  297. deny_perms={'NETWORK SERVICE': {'perms': ['delete',
  298. 'set_value',
  299. 'write_dac',
  300. 'write_owner']},
  301. 'Backup Operators': {'perms': ['delete']}},
  302. inheritance=True,
  303. reset=False)
  304. expected = {
  305. 'changes': {'owner': 'Users',
  306. 'perms': {'Backup Operators': {'grant': 'read',
  307. 'deny': ['delete']},
  308. 'NETWORK SERVICE': {'deny': ['delete',
  309. 'set_value',
  310. 'write_dac',
  311. 'write_owner']}}},
  312. 'comment': '',
  313. 'name': self.obj_name,
  314. 'result': None}
  315. self.assertDictEqual(result, expected)
  316. self.assertNotEqual(
  317. win_dacl.get_owner(
  318. obj_name=self.obj_name,
  319. obj_type=self.obj_type),
  320. 'Users')
  321. self.assertEqual(
  322. win_dacl.get_permissions(
  323. obj_name=self.obj_name,
  324. principal='Backup Operators',
  325. obj_type=self.obj_type),
  326. {})
  327. def test_set_perms(self):
  328. '''
  329. Test the set_perms function
  330. '''
  331. result = win_dacl.set_perms(
  332. obj_name=self.obj_name,
  333. obj_type=self.obj_type,
  334. grant_perms={'Backup Operators': {'perms': 'read'}},
  335. deny_perms={'NETWORK SERVICE': {'perms': ['delete',
  336. 'set_value',
  337. 'write_dac',
  338. 'write_owner']}},
  339. inheritance=True,
  340. reset=False)
  341. expected = {
  342. 'deny': {'NETWORK SERVICE': {'perms': ['delete',
  343. 'set_value',
  344. 'write_dac',
  345. 'write_owner']}},
  346. 'grant': {'Backup Operators': {'perms': 'read'}}}
  347. self.assertDictEqual(result, expected)
  348. @skipIf(not HAS_WIN32, 'Requires pywin32')
  349. @skipIf(not salt.utils.platform.is_windows(), 'System is not Windows')
  350. class WinDaclFileTestCase(TestCase, LoaderModuleMockMixin):
  351. obj_name = ''
  352. obj_type = 'file'
  353. '''
  354. Test cases for salt.utils.win_dacl in the file system
  355. '''
  356. def setup_loader_modules(self):
  357. return {win_dacl: {}}
  358. def setUp(self):
  359. config_file_fd, self.obj_name = tempfile.mkstemp(prefix='SaltTesting-',
  360. suffix='txt')
  361. os.close(config_file_fd)
  362. def tearDown(self):
  363. os.remove(self.obj_name)
  364. @pytest.mark.destructive_test
  365. def test_owner(self):
  366. '''
  367. Test the set_owner function
  368. Test the get_owner function
  369. '''
  370. self.assertTrue(win_dacl.set_owner(obj_name=self.obj_name,
  371. principal='Backup Operators',
  372. obj_type=self.obj_type))
  373. self.assertEqual(win_dacl.get_owner(obj_name=self.obj_name,
  374. obj_type=self.obj_type),
  375. 'Backup Operators')
  376. @pytest.mark.destructive_test
  377. def test_primary_group(self):
  378. '''
  379. Test the set_primary_group function
  380. Test the get_primary_group function
  381. '''
  382. self.assertTrue(win_dacl.set_primary_group(obj_name=self.obj_name,
  383. principal='Backup Operators',
  384. obj_type=self.obj_type))
  385. self.assertEqual(win_dacl.get_primary_group(obj_name=self.obj_name,
  386. obj_type=self.obj_type),
  387. 'Backup Operators')
  388. @pytest.mark.destructive_test
  389. def test_set_permissions(self):
  390. '''
  391. Test the set_permissions function
  392. '''
  393. self.assertTrue(win_dacl.set_permissions(obj_name=self.obj_name,
  394. principal='Backup Operators',
  395. permissions='full_control',
  396. access_mode='grant',
  397. obj_type=self.obj_type,
  398. reset_perms=False,
  399. protected=None))
  400. expected = {
  401. 'Not Inherited': {
  402. 'Backup Operators': {
  403. 'grant': {
  404. 'applies to': 'Not Inherited (file)',
  405. 'permissions': 'Full control'}}}}
  406. self.assertEqual(win_dacl.get_permissions(obj_name=self.obj_name,
  407. principal='Backup Operators',
  408. obj_type=self.obj_type),
  409. expected)
  410. @pytest.mark.destructive_test
  411. def test_get_permissions(self):
  412. '''
  413. Test the get_permissions function
  414. '''
  415. self.assertTrue(win_dacl.set_permissions(obj_name=self.obj_name,
  416. principal='Backup Operators',
  417. permissions='full_control',
  418. access_mode='grant',
  419. obj_type=self.obj_type,
  420. reset_perms=False,
  421. protected=None))
  422. expected = {
  423. 'Not Inherited': {
  424. 'Backup Operators': {
  425. 'grant': {
  426. 'applies to': 'Not Inherited (file)',
  427. 'permissions': 'Full control'}}}}
  428. self.assertEqual(win_dacl.get_permissions(obj_name=self.obj_name,
  429. principal='Backup Operators',
  430. obj_type=self.obj_type),
  431. expected)
  432. @pytest.mark.destructive_test
  433. def test_has_permission(self):
  434. '''
  435. Test the has_permission function
  436. '''
  437. self.assertTrue(win_dacl.set_permissions(obj_name=self.obj_name,
  438. principal='Backup Operators',
  439. permissions='full_control',
  440. access_mode='grant',
  441. obj_type=self.obj_type,
  442. reset_perms=False,
  443. protected=None))
  444. # Test has_permission exact
  445. self.assertTrue(win_dacl.has_permission(obj_name=self.obj_name,
  446. principal='Backup Operators',
  447. permission='full_control',
  448. access_mode='grant',
  449. obj_type=self.obj_type,
  450. exact=True))
  451. # Test has_permission contains
  452. self.assertTrue(win_dacl.has_permission(obj_name=self.obj_name,
  453. principal='Backup Operators',
  454. permission='read',
  455. access_mode='grant',
  456. obj_type=self.obj_type,
  457. exact=False))
  458. @pytest.mark.destructive_test
  459. def test_rm_permissions(self):
  460. '''
  461. Test the rm_permissions function
  462. '''
  463. self.assertTrue(win_dacl.set_permissions(obj_name=self.obj_name,
  464. principal='Backup Operators',
  465. permissions='full_control',
  466. access_mode='grant',
  467. obj_type=self.obj_type,
  468. reset_perms=False,
  469. protected=None))
  470. self.assertTrue(win_dacl.rm_permissions(obj_name=self.obj_name,
  471. principal='Backup Operators',
  472. obj_type=self.obj_type))
  473. self.assertEqual(win_dacl.get_permissions(obj_name=self.obj_name,
  474. principal='Backup Operators',
  475. obj_type=self.obj_type),
  476. {})
  477. @pytest.mark.destructive_test
  478. def test_inheritance(self):
  479. '''
  480. Test the set_inheritance function
  481. Test the get_inheritance function
  482. '''
  483. self.assertTrue(win_dacl.set_inheritance(obj_name=self.obj_name,
  484. enabled=True,
  485. obj_type=self.obj_type,
  486. clear=False))
  487. self.assertTrue(win_dacl.get_inheritance(obj_name=self.obj_name,
  488. obj_type=self.obj_type))
  489. self.assertTrue(win_dacl.set_inheritance(obj_name=self.obj_name,
  490. enabled=False,
  491. obj_type=self.obj_type,
  492. clear=False))
  493. self.assertFalse(win_dacl.get_inheritance(obj_name=self.obj_name,
  494. obj_type=self.obj_type))
  495. @pytest.mark.destructive_test
  496. def test_check_perms(self):
  497. '''
  498. Test the check_perms function
  499. '''
  500. with patch.dict(win_dacl.__opts__, {"test": False}):
  501. result = win_dacl.check_perms(
  502. obj_name=self.obj_name,
  503. obj_type=self.obj_type,
  504. ret={},
  505. owner='Users',
  506. grant_perms={'Backup Operators': {'perms': 'read'}},
  507. deny_perms={'Backup Operators': {'perms': ['delete']},
  508. 'NETWORK SERVICE': {'perms': ['delete',
  509. 'change_permissions',
  510. 'write_attributes',
  511. 'write_data']}},
  512. inheritance=True,
  513. reset=False)
  514. expected = {
  515. 'changes': {'owner': 'Users',
  516. 'perms': {'Backup Operators': {'grant': 'read',
  517. 'deny': ['delete']},
  518. 'NETWORK SERVICE': {'deny': ['delete',
  519. 'change_permissions',
  520. 'write_attributes',
  521. 'write_data']}}},
  522. 'comment': '',
  523. 'name': self.obj_name,
  524. 'result': True}
  525. self.assertDictEqual(result, expected)
  526. expected = {
  527. 'Not Inherited': {
  528. 'Backup Operators': {
  529. 'grant': {
  530. 'applies to': 'Not Inherited (file)',
  531. 'permissions': 'Read'},
  532. 'deny': {
  533. 'applies to': 'Not Inherited (file)',
  534. 'permissions': ['Delete']}}}}
  535. self.assertDictEqual(
  536. win_dacl.get_permissions(
  537. obj_name=self.obj_name,
  538. principal='Backup Operators',
  539. obj_type=self.obj_type),
  540. expected)
  541. expected = {
  542. 'Not Inherited': {
  543. 'NETWORK SERVICE': {
  544. 'deny': {
  545. 'applies to': 'Not Inherited (file)',
  546. 'permissions': ['Change permissions',
  547. 'Create files / write data',
  548. 'Delete',
  549. 'Write attributes']}}}}
  550. self.assertDictEqual(
  551. win_dacl.get_permissions(
  552. obj_name=self.obj_name,
  553. principal='NETWORK SERVICE',
  554. obj_type=self.obj_type),
  555. expected)
  556. self.assertEqual(
  557. win_dacl.get_owner(
  558. obj_name=self.obj_name,
  559. obj_type=self.obj_type),
  560. 'Users')
  561. @pytest.mark.destructive_test
  562. def test_check_perms_test_true(self):
  563. '''
  564. Test the check_perms function
  565. '''
  566. with patch.dict(win_dacl.__opts__, {"test": True}):
  567. result = win_dacl.check_perms(
  568. obj_name=self.obj_name,
  569. obj_type=self.obj_type,
  570. ret=None,
  571. owner='Users',
  572. grant_perms={'Backup Operators': {'perms': 'read'}},
  573. deny_perms={'NETWORK SERVICE': {'perms': ['delete',
  574. 'set_value',
  575. 'write_dac',
  576. 'write_owner']},
  577. 'Backup Operators': {'perms': ['delete']}},
  578. inheritance=True,
  579. reset=False)
  580. expected = {
  581. 'changes': {'owner': 'Users',
  582. 'perms': {'Backup Operators': {'grant': 'read',
  583. 'deny': ['delete']},
  584. 'NETWORK SERVICE': {'deny': ['delete',
  585. 'set_value',
  586. 'write_dac',
  587. 'write_owner']}}},
  588. 'comment': '',
  589. 'name': self.obj_name,
  590. 'result': None}
  591. self.assertDictEqual(result, expected)
  592. self.assertNotEqual(
  593. win_dacl.get_owner(
  594. obj_name=self.obj_name,
  595. obj_type=self.obj_type),
  596. 'Users')
  597. self.assertEqual(
  598. win_dacl.get_permissions(
  599. obj_name=self.obj_name,
  600. principal='Backup Operators',
  601. obj_type=self.obj_type),
  602. {})
  603. def test_set_perms(self):
  604. '''
  605. Test the set_perms function
  606. '''
  607. result = win_dacl.set_perms(
  608. obj_name=self.obj_name,
  609. obj_type=self.obj_type,
  610. grant_perms={'Backup Operators': {'perms': 'read'}},
  611. deny_perms={'NETWORK SERVICE': {'perms': ['delete',
  612. 'change_permissions',
  613. 'write_attributes',
  614. 'write_data']}},
  615. inheritance=True,
  616. reset=False)
  617. expected = {
  618. 'deny': {'NETWORK SERVICE': {'perms': ['delete',
  619. 'change_permissions',
  620. 'write_attributes',
  621. 'write_data']}},
  622. 'grant': {'Backup Operators': {'perms': 'read'}}}
  623. self.assertDictEqual(result, expected)