|
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166 |
- # Tests for the win32security module.
- import unittest
-
- import ntsecuritycon
- import pywintypes
- import win32api
- import win32con
- import win32security
- import winerror
- from pywin32_testutil import TestSkipped, ob2memory, testmain
-
-
- class SecurityTests(unittest.TestCase):
- def setUp(self):
- self.pwr_sid = win32security.LookupAccountName("", "Power Users")[0]
- try:
- self.admin_sid = win32security.LookupAccountName("", "Administrator")[0]
- except pywintypes.error as exc:
- # in automation we see:
- # pywintypes.error: (1332, 'LookupAccountName', 'No mapping between account names and security IDs was done.')
- if exc.winerror != winerror.ERROR_NONE_MAPPED:
- raise
- self.admin_sid = None
-
- def tearDown(self):
- pass
-
- def testEqual(self):
- if self.admin_sid is None:
- raise TestSkipped("No 'Administrator' account is available")
- self.assertEqual(
- win32security.LookupAccountName("", "Administrator")[0],
- win32security.LookupAccountName("", "Administrator")[0],
- )
-
- def testNESID(self):
- self.assertTrue(self.pwr_sid == self.pwr_sid)
- if self.admin_sid:
- self.assertTrue(self.pwr_sid != self.admin_sid)
-
- def testNEOther(self):
- self.assertTrue(self.pwr_sid != None)
- self.assertTrue(None != self.pwr_sid)
- self.assertFalse(self.pwr_sid == None)
- self.assertFalse(None == self.pwr_sid)
- self.assertNotEqual(None, self.pwr_sid)
-
- def testSIDInDict(self):
- d = dict(foo=self.pwr_sid)
- self.assertEqual(d["foo"], self.pwr_sid)
-
- def testBuffer(self):
- if self.admin_sid is None:
- raise TestSkipped("No 'Administrator' account is available")
- self.assertEqual(
- ob2memory(win32security.LookupAccountName("", "Administrator")[0]),
- ob2memory(win32security.LookupAccountName("", "Administrator")[0]),
- )
-
- def testMemory(self):
- pwr_sid = self.pwr_sid
- admin_sid = self.admin_sid
- sd1 = win32security.SECURITY_DESCRIPTOR()
- sd2 = win32security.SECURITY_DESCRIPTOR()
- sd3 = win32security.SECURITY_DESCRIPTOR()
- dacl = win32security.ACL()
- dacl.AddAccessAllowedAce(
- win32security.ACL_REVISION, win32con.GENERIC_READ, pwr_sid
- )
- if admin_sid is not None:
- dacl.AddAccessAllowedAce(
- win32security.ACL_REVISION, win32con.GENERIC_ALL, admin_sid
- )
- sd4 = win32security.SECURITY_DESCRIPTOR()
- sacl = win32security.ACL()
- if admin_sid is not None:
- sacl.AddAuditAccessAce(
- win32security.ACL_REVISION, win32con.DELETE, admin_sid, 1, 1
- )
- sacl.AddAuditAccessAce(
- win32security.ACL_REVISION, win32con.GENERIC_ALL, pwr_sid, 1, 1
- )
- for x in range(0, 200000):
- if admin_sid is not None:
- sd1.SetSecurityDescriptorOwner(admin_sid, 0)
- sd2.SetSecurityDescriptorGroup(pwr_sid, 0)
- sd3.SetSecurityDescriptorDacl(1, dacl, 0)
- sd4.SetSecurityDescriptorSacl(1, sacl, 0)
-
-
- class DomainTests(unittest.TestCase):
- def setUp(self):
- self.ds_handle = None
- try:
- # saving the handle means the other test itself should bind faster.
- self.ds_handle = win32security.DsBind()
- except win32security.error as exc:
- if exc.winerror != winerror.ERROR_NO_SUCH_DOMAIN:
- raise
- raise TestSkipped(exc)
-
- def tearDown(self):
- if self.ds_handle is not None:
- self.ds_handle.close()
-
-
- class TestDS(DomainTests):
- def testDsGetDcName(self):
- # Not sure what we can actually test here! At least calling it
- # does something :)
- win32security.DsGetDcName()
-
- def testDsListServerInfo(self):
- # again, not checking much, just exercising the code.
- h = win32security.DsBind()
- for status, ignore, site in win32security.DsListSites(h):
- for status, ignore, server in win32security.DsListServersInSite(h, site):
- info = win32security.DsListInfoForServer(h, server)
- for status, ignore, domain in win32security.DsListDomainsInSite(h, site):
- pass
-
- def testDsCrackNames(self):
- h = win32security.DsBind()
- fmt_offered = ntsecuritycon.DS_FQDN_1779_NAME
- name = win32api.GetUserNameEx(fmt_offered)
- result = win32security.DsCrackNames(h, 0, fmt_offered, fmt_offered, (name,))
- self.assertEqual(name, result[0][2])
-
- def testDsCrackNamesSyntax(self):
- # Do a syntax check only - that allows us to avoid binding.
- # But must use DS_CANONICAL_NAME (or _EX)
- expected = win32api.GetUserNameEx(win32api.NameCanonical)
- fmt_offered = ntsecuritycon.DS_FQDN_1779_NAME
- name = win32api.GetUserNameEx(fmt_offered)
- result = win32security.DsCrackNames(
- None,
- ntsecuritycon.DS_NAME_FLAG_SYNTACTICAL_ONLY,
- fmt_offered,
- ntsecuritycon.DS_CANONICAL_NAME,
- (name,),
- )
- self.assertEqual(expected, result[0][2])
-
-
- class TestTranslate(DomainTests):
- def _testTranslate(self, fmt_from, fmt_to):
- name = win32api.GetUserNameEx(fmt_from)
- expected = win32api.GetUserNameEx(fmt_to)
- got = win32security.TranslateName(name, fmt_from, fmt_to)
- self.assertEqual(got, expected)
-
- def testTranslate1(self):
- self._testTranslate(win32api.NameFullyQualifiedDN, win32api.NameSamCompatible)
-
- def testTranslate2(self):
- self._testTranslate(win32api.NameSamCompatible, win32api.NameFullyQualifiedDN)
-
- def testTranslate3(self):
- self._testTranslate(win32api.NameFullyQualifiedDN, win32api.NameUniqueId)
-
- def testTranslate4(self):
- self._testTranslate(win32api.NameUniqueId, win32api.NameFullyQualifiedDN)
-
-
- if __name__ == "__main__":
- testmain()
|