123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680 |
- # -*- coding: utf-8 -*-
- # Import Python Libs
- from __future__ import absolute_import, unicode_literals, print_function
- import os
- import tempfile
- # Import Salt Testing Libs
- from tests.support.helpers import generate_random_name, patch
- from tests.support.mixins import LoaderModuleMockMixin
- from tests.support.unit import TestCase, skipIf
- # Import Salt Libs
- import salt.utils.platform
- import salt.utils.win_dacl as win_dacl
- import salt.utils.win_reg as win_reg
- import pytest
- try:
- import pywintypes
- import win32security
- HAS_WIN32 = True
- except ImportError:
- HAS_WIN32 = False
- FAKE_KEY = 'SOFTWARE\\{0}'.format(generate_random_name('SaltTesting-'))
- @skipIf(not HAS_WIN32, 'Requires pywin32')
- @skipIf(not salt.utils.platform.is_windows(), 'System is not Windows')
- class WinDaclTestCase(TestCase):
- '''
- Test cases for salt.utils.win_dacl in the registry
- '''
- def test_get_sid_string(self):
- '''
- Validate getting a pysid object from a name
- '''
- sid_obj = win_dacl.get_sid('Administrators')
- self.assertTrue(
- isinstance(sid_obj, pywintypes.SIDType))
- self.assertEqual(
- win32security.LookupAccountSid(None, sid_obj)[0],
- 'Administrators')
- def test_get_sid_sid_string(self):
- '''
- Validate getting a pysid object from a SID string
- '''
- sid_obj = win_dacl.get_sid('S-1-5-32-544')
- self.assertTrue(isinstance(sid_obj, pywintypes.SIDType))
- self.assertEqual(win32security.LookupAccountSid(None, sid_obj)[0],
- 'Administrators')
- def test_get_sid_string_name(self):
- '''
- Validate getting a pysid object from a SID string
- '''
- sid_obj = win_dacl.get_sid('Administrators')
- self.assertTrue(isinstance(sid_obj, pywintypes.SIDType))
- self.assertEqual(win_dacl.get_sid_string(sid_obj), 'S-1-5-32-544')
- def test_get_sid_string_none(self):
- '''
- Validate getting a pysid object from None (NULL SID)
- '''
- sid_obj = win_dacl.get_sid(None)
- self.assertTrue(isinstance(sid_obj, pywintypes.SIDType))
- self.assertEqual(win_dacl.get_sid_string(sid_obj), 'S-1-0-0')
- def test_get_name(self):
- '''
- Get the name
- '''
- # Case
- self.assertEqual(win_dacl.get_name('adMiniStrAtorS'), 'Administrators')
- # SID String
- self.assertEqual(win_dacl.get_name('S-1-5-32-544'), 'Administrators')
- # SID Object
- sid_obj = win_dacl.get_sid('Administrators')
- self.assertTrue(isinstance(sid_obj, pywintypes.SIDType))
- self.assertEqual(win_dacl.get_name(sid_obj), 'Administrators')
- @skipIf(not HAS_WIN32, 'Requires pywin32')
- @skipIf(not salt.utils.platform.is_windows(), 'System is not Windows')
- class WinDaclRegTestCase(TestCase, LoaderModuleMockMixin):
- obj_name = 'HKLM\\' + FAKE_KEY
- obj_type = 'registry'
- '''
- Test cases for salt.utils.win_dacl in the registry
- '''
- def setup_loader_modules(self):
- return {win_dacl: {}}
- def setUp(self):
- self.assertTrue(win_reg.set_value(hive='HKLM',
- key=FAKE_KEY,
- vname='fake_name',
- vdata='fake_data'))
- def tearDown(self):
- win_reg.delete_key_recursive(hive='HKLM', key=FAKE_KEY)
- @pytest.mark.destructive_test
- def test_owner(self):
- '''
- Test the set_owner function
- Test the get_owner function
- '''
- self.assertTrue(win_dacl.set_owner(obj_name=self.obj_name,
- principal='Backup Operators',
- obj_type=self.obj_type))
- self.assertEqual(win_dacl.get_owner(obj_name=self.obj_name,
- obj_type=self.obj_type),
- 'Backup Operators')
- @pytest.mark.destructive_test
- def test_primary_group(self):
- '''
- Test the set_primary_group function
- Test the get_primary_group function
- '''
- self.assertTrue(win_dacl.set_primary_group(obj_name=self.obj_name,
- principal='Backup Operators',
- obj_type=self.obj_type))
- self.assertEqual(win_dacl.get_primary_group(obj_name=self.obj_name,
- obj_type=self.obj_type),
- 'Backup Operators')
- @pytest.mark.destructive_test
- def test_set_permissions(self):
- '''
- Test the set_permissions function
- '''
- self.assertTrue(win_dacl.set_permissions(obj_name=self.obj_name,
- principal='Backup Operators',
- permissions='full_control',
- access_mode='grant',
- obj_type=self.obj_type,
- reset_perms=False,
- protected=None))
- expected = {
- 'Not Inherited': {
- 'Backup Operators': {
- 'grant': {
- 'applies to': 'This key and subkeys',
- 'permissions': 'Full Control'}}}}
- self.assertEqual(win_dacl.get_permissions(obj_name=self.obj_name,
- principal='Backup Operators',
- obj_type=self.obj_type),
- expected)
- @pytest.mark.destructive_test
- def test_get_permissions(self):
- '''
- Test the get_permissions function
- '''
- self.assertTrue(win_dacl.set_permissions(obj_name=self.obj_name,
- principal='Backup Operators',
- permissions='full_control',
- access_mode='grant',
- obj_type=self.obj_type,
- reset_perms=False,
- protected=None))
- expected = {
- 'Not Inherited': {
- 'Backup Operators': {
- 'grant': {
- 'applies to': 'This key and subkeys',
- 'permissions': 'Full Control'}}}}
- self.assertEqual(win_dacl.get_permissions(obj_name=self.obj_name,
- principal='Backup Operators',
- obj_type=self.obj_type),
- expected)
- @pytest.mark.destructive_test
- def test_has_permission(self):
- '''
- Test the has_permission function
- '''
- self.assertTrue(win_dacl.set_permissions(obj_name=self.obj_name,
- principal='Backup Operators',
- permissions='full_control',
- access_mode='grant',
- obj_type=self.obj_type,
- reset_perms=False,
- protected=None))
- # Test has_permission exact
- self.assertTrue(win_dacl.has_permission(obj_name=self.obj_name,
- principal='Backup Operators',
- permission='full_control',
- access_mode='grant',
- obj_type=self.obj_type,
- exact=True))
- # Test has_permission contains
- self.assertTrue(win_dacl.has_permission(obj_name=self.obj_name,
- principal='Backup Operators',
- permission='read',
- access_mode='grant',
- obj_type=self.obj_type,
- exact=False))
- @pytest.mark.destructive_test
- def test_rm_permissions(self):
- '''
- Test the rm_permissions function
- '''
- self.assertTrue(win_dacl.set_permissions(obj_name=self.obj_name,
- principal='Backup Operators',
- permissions='full_control',
- access_mode='grant',
- obj_type=self.obj_type,
- reset_perms=False,
- protected=None))
- self.assertTrue(win_dacl.rm_permissions(obj_name=self.obj_name,
- principal='Backup Operators',
- obj_type=self.obj_type))
- self.assertEqual(win_dacl.get_permissions(obj_name=self.obj_name,
- principal='Backup Operators',
- obj_type=self.obj_type),
- {})
- @pytest.mark.destructive_test
- def test_inheritance(self):
- '''
- Test the set_inheritance function
- Test the get_inheritance function
- '''
- self.assertTrue(win_dacl.set_inheritance(obj_name=self.obj_name,
- enabled=True,
- obj_type=self.obj_type,
- clear=False))
- self.assertTrue(win_dacl.get_inheritance(obj_name=self.obj_name,
- obj_type=self.obj_type))
- self.assertTrue(win_dacl.set_inheritance(obj_name=self.obj_name,
- enabled=False,
- obj_type=self.obj_type,
- clear=False))
- self.assertFalse(win_dacl.get_inheritance(obj_name=self.obj_name,
- obj_type=self.obj_type))
- @pytest.mark.destructive_test
- def test_check_perms(self):
- '''
- Test the check_perms function
- '''
- with patch.dict(win_dacl.__opts__, {"test": False}):
- result = win_dacl.check_perms(
- obj_name=self.obj_name,
- obj_type=self.obj_type,
- ret={},
- owner='Users',
- grant_perms={'Backup Operators': {'perms': 'read'}},
- deny_perms={'Backup Operators': {'perms': ['delete']},
- 'NETWORK SERVICE': {'perms': ['delete',
- 'set_value',
- 'write_dac',
- 'write_owner']}},
- inheritance=True,
- reset=False)
- expected = {'changes': {'owner': 'Users',
- 'perms': {'Backup Operators': {'grant': 'read',
- 'deny': ['delete']},
- 'NETWORK SERVICE': {'deny': ['delete',
- 'set_value',
- 'write_dac',
- 'write_owner']}}},
- 'comment': '',
- 'name': self.obj_name,
- 'result': True}
- self.assertDictEqual(result, expected)
- expected = {
- 'Not Inherited': {
- 'Backup Operators': {
- 'grant': {
- 'applies to': 'This key and subkeys',
- 'permissions': 'Read'},
- 'deny': {
- 'applies to': 'This key and subkeys',
- 'permissions': ['Delete']}}}}
- self.assertDictEqual(
- win_dacl.get_permissions(
- obj_name=self.obj_name,
- principal='Backup Operators',
- obj_type=self.obj_type),
- expected)
- expected = {
- 'Not Inherited': {
- 'NETWORK SERVICE': {
- 'deny': {
- 'applies to': 'This key and subkeys',
- 'permissions': ['Delete',
- 'Set Value',
- 'Write DAC',
- 'Write Owner']}}}}
- self.assertDictEqual(
- win_dacl.get_permissions(
- obj_name=self.obj_name,
- principal='NETWORK SERVICE',
- obj_type=self.obj_type),
- expected)
- self.assertEqual(
- win_dacl.get_owner(
- obj_name=self.obj_name,
- obj_type=self.obj_type),
- 'Users')
- @pytest.mark.destructive_test
- def test_check_perms_test_true(self):
- '''
- Test the check_perms function
- '''
- with patch.dict(win_dacl.__opts__, {"test": True}):
- result = win_dacl.check_perms(
- obj_name=self.obj_name,
- obj_type=self.obj_type,
- ret=None,
- owner='Users',
- grant_perms={'Backup Operators': {'perms': 'read'}},
- deny_perms={'NETWORK SERVICE': {'perms': ['delete',
- 'set_value',
- 'write_dac',
- 'write_owner']},
- 'Backup Operators': {'perms': ['delete']}},
- inheritance=True,
- reset=False)
- expected = {
- 'changes': {'owner': 'Users',
- 'perms': {'Backup Operators': {'grant': 'read',
- 'deny': ['delete']},
- 'NETWORK SERVICE': {'deny': ['delete',
- 'set_value',
- 'write_dac',
- 'write_owner']}}},
- 'comment': '',
- 'name': self.obj_name,
- 'result': None}
- self.assertDictEqual(result, expected)
- self.assertNotEqual(
- win_dacl.get_owner(
- obj_name=self.obj_name,
- obj_type=self.obj_type),
- 'Users')
- self.assertEqual(
- win_dacl.get_permissions(
- obj_name=self.obj_name,
- principal='Backup Operators',
- obj_type=self.obj_type),
- {})
- def test_set_perms(self):
- '''
- Test the set_perms function
- '''
- result = win_dacl.set_perms(
- obj_name=self.obj_name,
- obj_type=self.obj_type,
- grant_perms={'Backup Operators': {'perms': 'read'}},
- deny_perms={'NETWORK SERVICE': {'perms': ['delete',
- 'set_value',
- 'write_dac',
- 'write_owner']}},
- inheritance=True,
- reset=False)
- expected = {
- 'deny': {'NETWORK SERVICE': {'perms': ['delete',
- 'set_value',
- 'write_dac',
- 'write_owner']}},
- 'grant': {'Backup Operators': {'perms': 'read'}}}
- self.assertDictEqual(result, expected)
- @skipIf(not HAS_WIN32, 'Requires pywin32')
- @skipIf(not salt.utils.platform.is_windows(), 'System is not Windows')
- class WinDaclFileTestCase(TestCase, LoaderModuleMockMixin):
- obj_name = ''
- obj_type = 'file'
- '''
- Test cases for salt.utils.win_dacl in the file system
- '''
- def setup_loader_modules(self):
- return {win_dacl: {}}
- def setUp(self):
- config_file_fd, self.obj_name = tempfile.mkstemp(prefix='SaltTesting-',
- suffix='txt')
- os.close(config_file_fd)
- def tearDown(self):
- os.remove(self.obj_name)
- @pytest.mark.destructive_test
- def test_owner(self):
- '''
- Test the set_owner function
- Test the get_owner function
- '''
- self.assertTrue(win_dacl.set_owner(obj_name=self.obj_name,
- principal='Backup Operators',
- obj_type=self.obj_type))
- self.assertEqual(win_dacl.get_owner(obj_name=self.obj_name,
- obj_type=self.obj_type),
- 'Backup Operators')
- @pytest.mark.destructive_test
- def test_primary_group(self):
- '''
- Test the set_primary_group function
- Test the get_primary_group function
- '''
- self.assertTrue(win_dacl.set_primary_group(obj_name=self.obj_name,
- principal='Backup Operators',
- obj_type=self.obj_type))
- self.assertEqual(win_dacl.get_primary_group(obj_name=self.obj_name,
- obj_type=self.obj_type),
- 'Backup Operators')
- @pytest.mark.destructive_test
- def test_set_permissions(self):
- '''
- Test the set_permissions function
- '''
- self.assertTrue(win_dacl.set_permissions(obj_name=self.obj_name,
- principal='Backup Operators',
- permissions='full_control',
- access_mode='grant',
- obj_type=self.obj_type,
- reset_perms=False,
- protected=None))
- expected = {
- 'Not Inherited': {
- 'Backup Operators': {
- 'grant': {
- 'applies to': 'Not Inherited (file)',
- 'permissions': 'Full control'}}}}
- self.assertEqual(win_dacl.get_permissions(obj_name=self.obj_name,
- principal='Backup Operators',
- obj_type=self.obj_type),
- expected)
- @pytest.mark.destructive_test
- def test_get_permissions(self):
- '''
- Test the get_permissions function
- '''
- self.assertTrue(win_dacl.set_permissions(obj_name=self.obj_name,
- principal='Backup Operators',
- permissions='full_control',
- access_mode='grant',
- obj_type=self.obj_type,
- reset_perms=False,
- protected=None))
- expected = {
- 'Not Inherited': {
- 'Backup Operators': {
- 'grant': {
- 'applies to': 'Not Inherited (file)',
- 'permissions': 'Full control'}}}}
- self.assertEqual(win_dacl.get_permissions(obj_name=self.obj_name,
- principal='Backup Operators',
- obj_type=self.obj_type),
- expected)
- @pytest.mark.destructive_test
- def test_has_permission(self):
- '''
- Test the has_permission function
- '''
- self.assertTrue(win_dacl.set_permissions(obj_name=self.obj_name,
- principal='Backup Operators',
- permissions='full_control',
- access_mode='grant',
- obj_type=self.obj_type,
- reset_perms=False,
- protected=None))
- # Test has_permission exact
- self.assertTrue(win_dacl.has_permission(obj_name=self.obj_name,
- principal='Backup Operators',
- permission='full_control',
- access_mode='grant',
- obj_type=self.obj_type,
- exact=True))
- # Test has_permission contains
- self.assertTrue(win_dacl.has_permission(obj_name=self.obj_name,
- principal='Backup Operators',
- permission='read',
- access_mode='grant',
- obj_type=self.obj_type,
- exact=False))
- @pytest.mark.destructive_test
- def test_rm_permissions(self):
- '''
- Test the rm_permissions function
- '''
- self.assertTrue(win_dacl.set_permissions(obj_name=self.obj_name,
- principal='Backup Operators',
- permissions='full_control',
- access_mode='grant',
- obj_type=self.obj_type,
- reset_perms=False,
- protected=None))
- self.assertTrue(win_dacl.rm_permissions(obj_name=self.obj_name,
- principal='Backup Operators',
- obj_type=self.obj_type))
- self.assertEqual(win_dacl.get_permissions(obj_name=self.obj_name,
- principal='Backup Operators',
- obj_type=self.obj_type),
- {})
- @pytest.mark.destructive_test
- def test_inheritance(self):
- '''
- Test the set_inheritance function
- Test the get_inheritance function
- '''
- self.assertTrue(win_dacl.set_inheritance(obj_name=self.obj_name,
- enabled=True,
- obj_type=self.obj_type,
- clear=False))
- self.assertTrue(win_dacl.get_inheritance(obj_name=self.obj_name,
- obj_type=self.obj_type))
- self.assertTrue(win_dacl.set_inheritance(obj_name=self.obj_name,
- enabled=False,
- obj_type=self.obj_type,
- clear=False))
- self.assertFalse(win_dacl.get_inheritance(obj_name=self.obj_name,
- obj_type=self.obj_type))
- @pytest.mark.destructive_test
- def test_check_perms(self):
- '''
- Test the check_perms function
- '''
- with patch.dict(win_dacl.__opts__, {"test": False}):
- result = win_dacl.check_perms(
- obj_name=self.obj_name,
- obj_type=self.obj_type,
- ret={},
- owner='Users',
- grant_perms={'Backup Operators': {'perms': 'read'}},
- deny_perms={'Backup Operators': {'perms': ['delete']},
- 'NETWORK SERVICE': {'perms': ['delete',
- 'change_permissions',
- 'write_attributes',
- 'write_data']}},
- inheritance=True,
- reset=False)
- expected = {
- 'changes': {'owner': 'Users',
- 'perms': {'Backup Operators': {'grant': 'read',
- 'deny': ['delete']},
- 'NETWORK SERVICE': {'deny': ['delete',
- 'change_permissions',
- 'write_attributes',
- 'write_data']}}},
- 'comment': '',
- 'name': self.obj_name,
- 'result': True}
- self.assertDictEqual(result, expected)
- expected = {
- 'Not Inherited': {
- 'Backup Operators': {
- 'grant': {
- 'applies to': 'Not Inherited (file)',
- 'permissions': 'Read'},
- 'deny': {
- 'applies to': 'Not Inherited (file)',
- 'permissions': ['Delete']}}}}
- self.assertDictEqual(
- win_dacl.get_permissions(
- obj_name=self.obj_name,
- principal='Backup Operators',
- obj_type=self.obj_type),
- expected)
- expected = {
- 'Not Inherited': {
- 'NETWORK SERVICE': {
- 'deny': {
- 'applies to': 'Not Inherited (file)',
- 'permissions': ['Change permissions',
- 'Create files / write data',
- 'Delete',
- 'Write attributes']}}}}
- self.assertDictEqual(
- win_dacl.get_permissions(
- obj_name=self.obj_name,
- principal='NETWORK SERVICE',
- obj_type=self.obj_type),
- expected)
- self.assertEqual(
- win_dacl.get_owner(
- obj_name=self.obj_name,
- obj_type=self.obj_type),
- 'Users')
- @pytest.mark.destructive_test
- def test_check_perms_test_true(self):
- '''
- Test the check_perms function
- '''
- with patch.dict(win_dacl.__opts__, {"test": True}):
- result = win_dacl.check_perms(
- obj_name=self.obj_name,
- obj_type=self.obj_type,
- ret=None,
- owner='Users',
- grant_perms={'Backup Operators': {'perms': 'read'}},
- deny_perms={'NETWORK SERVICE': {'perms': ['delete',
- 'set_value',
- 'write_dac',
- 'write_owner']},
- 'Backup Operators': {'perms': ['delete']}},
- inheritance=True,
- reset=False)
- expected = {
- 'changes': {'owner': 'Users',
- 'perms': {'Backup Operators': {'grant': 'read',
- 'deny': ['delete']},
- 'NETWORK SERVICE': {'deny': ['delete',
- 'set_value',
- 'write_dac',
- 'write_owner']}}},
- 'comment': '',
- 'name': self.obj_name,
- 'result': None}
- self.assertDictEqual(result, expected)
- self.assertNotEqual(
- win_dacl.get_owner(
- obj_name=self.obj_name,
- obj_type=self.obj_type),
- 'Users')
- self.assertEqual(
- win_dacl.get_permissions(
- obj_name=self.obj_name,
- principal='Backup Operators',
- obj_type=self.obj_type),
- {})
- def test_set_perms(self):
- '''
- Test the set_perms function
- '''
- result = win_dacl.set_perms(
- obj_name=self.obj_name,
- obj_type=self.obj_type,
- grant_perms={'Backup Operators': {'perms': 'read'}},
- deny_perms={'NETWORK SERVICE': {'perms': ['delete',
- 'change_permissions',
- 'write_attributes',
- 'write_data']}},
- inheritance=True,
- reset=False)
- expected = {
- 'deny': {'NETWORK SERVICE': {'perms': ['delete',
- 'change_permissions',
- 'write_attributes',
- 'write_data']}},
- 'grant': {'Backup Operators': {'perms': 'read'}}}
- self.assertDictEqual(result, expected)
|