summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNadezhda Ivanova <nivanova@samba.org>2010-11-25 19:57:51 +0200
committerNadezhda Ivanova <nivanova@samba.org>2010-11-25 19:46:42 +0100
commit1e9a7882bead2a87eedcd5ddfe2b4df6a2b57306 (patch)
treee2ac591d5c20218ccc34cec1d3025b94341b2a4c
parentdb403ac35dde415231498aee41b2306dfbe6a983 (diff)
downloadsamba-1e9a7882bead2a87eedcd5ddfe2b4df6a2b57306.tar.gz
samba-1e9a7882bead2a87eedcd5ddfe2b4df6a2b57306.tar.bz2
samba-1e9a7882bead2a87eedcd5ddfe2b4df6a2b57306.zip
s4-tests: Modified create_ou to only accept security.descriptor type for sd to avoid confusion
It used to work with sddl as well, but this is confusing and could lead to errors. It also caused a message about tallocing a security descriptor to appear. Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Thu Nov 25 19:46:42 CET 2010 on sn-devel-104
-rwxr-xr-xsource4/dsdb/tests/python/acl.py64
-rw-r--r--source4/scripting/python/samba/samdb.py12
2 files changed, 31 insertions, 45 deletions
diff --git a/source4/dsdb/tests/python/acl.py b/source4/dsdb/tests/python/acl.py
index 691f358d80..fb6676693e 100755
--- a/source4/dsdb/tests/python/acl.py
+++ b/source4/dsdb/tests/python/acl.py
@@ -736,16 +736,13 @@ class AclSearchTests(AclTests):
self.create_clean_ou("OU=ou1," + self.base_dn)
mod = "(A;;LC;;;%s)(A;;LC;;;%s)" % (str(self.user_sid), str(self.group_sid))
self.dacl_add_ace("OU=ou1," + self.base_dn, mod)
- self.ldb_admin.create_ou("OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod)
- self.ldb_admin.create_ou("OU=ou3,OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod)
- self.ldb_admin.create_ou("OU=ou4,OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod)
- self.ldb_admin.create_ou("OU=ou5,OU=ou3,OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod)
- self.ldb_admin.create_ou("OU=ou6,OU=ou4,OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod)
+ tmp_desc = security.descriptor.from_sddl("D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod,
+ self.domain_sid)
+ self.ldb_admin.create_ou("OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+ self.ldb_admin.create_ou("OU=ou3,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+ self.ldb_admin.create_ou("OU=ou4,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+ self.ldb_admin.create_ou("OU=ou5,OU=ou3,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+ self.ldb_admin.create_ou("OU=ou6,OU=ou4,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
#regular users must see only ou1 and ou2
res = self.ldb_user3.search("OU=ou1," + self.base_dn, expression="(objectClass=*)",
@@ -807,16 +804,13 @@ class AclSearchTests(AclTests):
self.create_clean_ou("OU=ou1," + self.base_dn)
mod = "(A;CI;LC;;;%s)(A;CI;LC;;;%s)" % (str(self.user_sid), str(self.group_sid))
self.dacl_add_ace("OU=ou1," + self.base_dn, mod)
- self.ldb_admin.create_ou("OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
- self.ldb_admin.create_ou("OU=ou3,OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
- self.ldb_admin.create_ou("OU=ou4,OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
- self.ldb_admin.create_ou("OU=ou5,OU=ou3,OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
- self.ldb_admin.create_ou("OU=ou6,OU=ou4,OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
+ tmp_desc = security.descriptor.from_sddl("D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod,
+ self.domain_sid)
+ self.ldb_admin.create_ou("OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+ self.ldb_admin.create_ou("OU=ou3,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+ self.ldb_admin.create_ou("OU=ou4,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+ self.ldb_admin.create_ou("OU=ou5,OU=ou3,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+ self.ldb_admin.create_ou("OU=ou6,OU=ou4,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
print "Testing correct behavior on nonaccessible search base"
try:
@@ -861,16 +855,13 @@ class AclSearchTests(AclTests):
self.create_clean_ou("OU=ou1," + self.base_dn)
mod = "(A;CI;CC;;;%s)" % (str(self.user_sid))
self.dacl_add_ace("OU=ou1," + self.base_dn, mod)
- self.ldb_user.create_ou("OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
- self.ldb_user.create_ou("OU=ou3,OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
- self.ldb_user.create_ou("OU=ou4,OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
- self.ldb_user.create_ou("OU=ou5,OU=ou3,OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
- self.ldb_user.create_ou("OU=ou6,OU=ou4,OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
+ tmp_desc = security.descriptor.from_sddl("D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod,
+ self.domain_sid)
+ self.ldb_user.create_ou("OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+ self.ldb_user.create_ou("OU=ou3,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+ self.ldb_user.create_ou("OU=ou4,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+ self.ldb_user.create_ou("OU=ou5,OU=ou3,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+ self.ldb_user.create_ou("OU=ou6,OU=ou4,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
ok_list = [Dn(self.ldb_admin, "OU=ou2,OU=ou1," + self.base_dn),
Dn(self.ldb_admin, "OU=ou1," + self.base_dn)]
@@ -891,8 +882,9 @@ class AclSearchTests(AclTests):
self.create_clean_ou("OU=ou1," + self.base_dn)
mod = "(A;CI;LC;;;%s)" % (str(self.user_sid))
self.dacl_add_ace("OU=ou1," + self.base_dn, mod)
- self.ldb_admin.create_ou("OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod)
+ tmp_desc = security.descriptor.from_sddl("D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod,
+ self.domain_sid)
+ self.ldb_admin.create_ou("OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
# assert user can only see dn
res = self.ldb_user.search("OU=ou2,OU=ou1," + self.base_dn, expression="(objectClass=*)",
scope=SCOPE_SUBTREE)
@@ -935,10 +927,10 @@ class AclSearchTests(AclTests):
self.create_clean_ou("OU=ou1," + self.base_dn)
mod = "(A;CI;LCCC;;;%s)" % (str(self.user_sid))
self.dacl_add_ace("OU=ou1," + self.base_dn, mod)
- self.ldb_admin.create_ou("OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod)
- self.ldb_user.create_ou("OU=ou3,OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
+ tmp_desc = security.descriptor.from_sddl("D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod,
+ self.domain_sid)
+ self.ldb_admin.create_ou("OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+ self.ldb_user.create_ou("OU=ou3,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
res = self.ldb_user.search("OU=ou1," + self.base_dn, expression="(ou=ou3)",
scope=SCOPE_SUBTREE)
diff --git a/source4/scripting/python/samba/samdb.py b/source4/scripting/python/samba/samdb.py
index 109e948d5c..df1af165ac 100644
--- a/source4/scripting/python/samba/samdb.py
+++ b/source4/scripting/python/samba/samdb.py
@@ -663,16 +663,10 @@ accountExpires: %u
"objectClass": "organizationalUnit"}
if description:
- m["description"] = description
+ m["description"] = description
if name:
- m["name"] = name
+ m["name"] = name
if sd:
- assert(isinstance(sd, str) or isinstance(sd, security.descriptor))
- if isinstance(sd, str):
- sid = security.dom_sid(self.get_domain_sid())
- tmp_desc = security.descriptor.from_sddl(sd, sid)
- m["nTSecurityDescriptor"] = ndr_pack(tmp_desc)
- elif isinstance(sd, security.descriptor):
- m["nTSecurityDescriptor"] = ndr_pack(sd)
+ m["nTSecurityDescriptor"] = ndr_pack(sd)
self.add(m)