Funktionierender Prototyp des Serious Games zur Vermittlung von Wissen zu Software-Engineering-Arbeitsmodellen.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

test_security.py 5.9KB

1 year ago
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166
  1. # Tests for the win32security module.
  2. import unittest
  3. import ntsecuritycon
  4. import pywintypes
  5. import win32api
  6. import win32con
  7. import win32security
  8. import winerror
  9. from pywin32_testutil import TestSkipped, ob2memory, testmain
  10. class SecurityTests(unittest.TestCase):
  11. def setUp(self):
  12. self.pwr_sid = win32security.LookupAccountName("", "Power Users")[0]
  13. try:
  14. self.admin_sid = win32security.LookupAccountName("", "Administrator")[0]
  15. except pywintypes.error as exc:
  16. # in automation we see:
  17. # pywintypes.error: (1332, 'LookupAccountName', 'No mapping between account names and security IDs was done.')
  18. if exc.winerror != winerror.ERROR_NONE_MAPPED:
  19. raise
  20. self.admin_sid = None
  21. def tearDown(self):
  22. pass
  23. def testEqual(self):
  24. if self.admin_sid is None:
  25. raise TestSkipped("No 'Administrator' account is available")
  26. self.assertEqual(
  27. win32security.LookupAccountName("", "Administrator")[0],
  28. win32security.LookupAccountName("", "Administrator")[0],
  29. )
  30. def testNESID(self):
  31. self.assertTrue(self.pwr_sid == self.pwr_sid)
  32. if self.admin_sid:
  33. self.assertTrue(self.pwr_sid != self.admin_sid)
  34. def testNEOther(self):
  35. self.assertTrue(self.pwr_sid != None)
  36. self.assertTrue(None != self.pwr_sid)
  37. self.assertFalse(self.pwr_sid == None)
  38. self.assertFalse(None == self.pwr_sid)
  39. self.assertNotEqual(None, self.pwr_sid)
  40. def testSIDInDict(self):
  41. d = dict(foo=self.pwr_sid)
  42. self.assertEqual(d["foo"], self.pwr_sid)
  43. def testBuffer(self):
  44. if self.admin_sid is None:
  45. raise TestSkipped("No 'Administrator' account is available")
  46. self.assertEqual(
  47. ob2memory(win32security.LookupAccountName("", "Administrator")[0]),
  48. ob2memory(win32security.LookupAccountName("", "Administrator")[0]),
  49. )
  50. def testMemory(self):
  51. pwr_sid = self.pwr_sid
  52. admin_sid = self.admin_sid
  53. sd1 = win32security.SECURITY_DESCRIPTOR()
  54. sd2 = win32security.SECURITY_DESCRIPTOR()
  55. sd3 = win32security.SECURITY_DESCRIPTOR()
  56. dacl = win32security.ACL()
  57. dacl.AddAccessAllowedAce(
  58. win32security.ACL_REVISION, win32con.GENERIC_READ, pwr_sid
  59. )
  60. if admin_sid is not None:
  61. dacl.AddAccessAllowedAce(
  62. win32security.ACL_REVISION, win32con.GENERIC_ALL, admin_sid
  63. )
  64. sd4 = win32security.SECURITY_DESCRIPTOR()
  65. sacl = win32security.ACL()
  66. if admin_sid is not None:
  67. sacl.AddAuditAccessAce(
  68. win32security.ACL_REVISION, win32con.DELETE, admin_sid, 1, 1
  69. )
  70. sacl.AddAuditAccessAce(
  71. win32security.ACL_REVISION, win32con.GENERIC_ALL, pwr_sid, 1, 1
  72. )
  73. for x in range(0, 200000):
  74. if admin_sid is not None:
  75. sd1.SetSecurityDescriptorOwner(admin_sid, 0)
  76. sd2.SetSecurityDescriptorGroup(pwr_sid, 0)
  77. sd3.SetSecurityDescriptorDacl(1, dacl, 0)
  78. sd4.SetSecurityDescriptorSacl(1, sacl, 0)
  79. class DomainTests(unittest.TestCase):
  80. def setUp(self):
  81. self.ds_handle = None
  82. try:
  83. # saving the handle means the other test itself should bind faster.
  84. self.ds_handle = win32security.DsBind()
  85. except win32security.error as exc:
  86. if exc.winerror != winerror.ERROR_NO_SUCH_DOMAIN:
  87. raise
  88. raise TestSkipped(exc)
  89. def tearDown(self):
  90. if self.ds_handle is not None:
  91. self.ds_handle.close()
  92. class TestDS(DomainTests):
  93. def testDsGetDcName(self):
  94. # Not sure what we can actually test here! At least calling it
  95. # does something :)
  96. win32security.DsGetDcName()
  97. def testDsListServerInfo(self):
  98. # again, not checking much, just exercising the code.
  99. h = win32security.DsBind()
  100. for status, ignore, site in win32security.DsListSites(h):
  101. for status, ignore, server in win32security.DsListServersInSite(h, site):
  102. info = win32security.DsListInfoForServer(h, server)
  103. for status, ignore, domain in win32security.DsListDomainsInSite(h, site):
  104. pass
  105. def testDsCrackNames(self):
  106. h = win32security.DsBind()
  107. fmt_offered = ntsecuritycon.DS_FQDN_1779_NAME
  108. name = win32api.GetUserNameEx(fmt_offered)
  109. result = win32security.DsCrackNames(h, 0, fmt_offered, fmt_offered, (name,))
  110. self.assertEqual(name, result[0][2])
  111. def testDsCrackNamesSyntax(self):
  112. # Do a syntax check only - that allows us to avoid binding.
  113. # But must use DS_CANONICAL_NAME (or _EX)
  114. expected = win32api.GetUserNameEx(win32api.NameCanonical)
  115. fmt_offered = ntsecuritycon.DS_FQDN_1779_NAME
  116. name = win32api.GetUserNameEx(fmt_offered)
  117. result = win32security.DsCrackNames(
  118. None,
  119. ntsecuritycon.DS_NAME_FLAG_SYNTACTICAL_ONLY,
  120. fmt_offered,
  121. ntsecuritycon.DS_CANONICAL_NAME,
  122. (name,),
  123. )
  124. self.assertEqual(expected, result[0][2])
  125. class TestTranslate(DomainTests):
  126. def _testTranslate(self, fmt_from, fmt_to):
  127. name = win32api.GetUserNameEx(fmt_from)
  128. expected = win32api.GetUserNameEx(fmt_to)
  129. got = win32security.TranslateName(name, fmt_from, fmt_to)
  130. self.assertEqual(got, expected)
  131. def testTranslate1(self):
  132. self._testTranslate(win32api.NameFullyQualifiedDN, win32api.NameSamCompatible)
  133. def testTranslate2(self):
  134. self._testTranslate(win32api.NameSamCompatible, win32api.NameFullyQualifiedDN)
  135. def testTranslate3(self):
  136. self._testTranslate(win32api.NameFullyQualifiedDN, win32api.NameUniqueId)
  137. def testTranslate4(self):
  138. self._testTranslate(win32api.NameUniqueId, win32api.NameFullyQualifiedDN)
  139. if __name__ == "__main__":
  140. testmain()