diff options
author | Nadezhda Ivanova <nivanova@samba.org> | 2011-02-10 12:43:35 +0200 |
---|---|---|
committer | Nadezhda Ivanova <nivanova@samba.org> | 2011-02-10 12:31:34 +0100 |
commit | b5a2f956c6f9ac8d37a77e0f20e9d3c87ab50f9d (patch) | |
tree | 6083e1236071683dccd7ade2f7a95e5e53ba4ddd | |
parent | c3f6cc9993f7fd45cff63c6a5fefde084a6cc173 (diff) | |
download | samba-b5a2f956c6f9ac8d37a77e0f20e9d3c87ab50f9d.tar.gz samba-b5a2f956c6f9ac8d37a77e0f20e9d3c87ab50f9d.tar.bz2 samba-b5a2f956c6f9ac8d37a77e0f20e9d3c87ab50f9d.zip |
s4-tests: Some tests that prove behavior for INHERITED user-provided ACEs is different if the P flag is set.
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Thu Feb 10 12:31:34 CET 2011 on sn-devel-104
-rwxr-xr-x | source4/dsdb/tests/python/sec_descriptor.py | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/source4/dsdb/tests/python/sec_descriptor.py b/source4/dsdb/tests/python/sec_descriptor.py index 2db33ae340..705bf89581 100755 --- a/source4/dsdb/tests/python/sec_descriptor.py +++ b/source4/dsdb/tests/python/sec_descriptor.py @@ -1655,6 +1655,40 @@ class DaclDescriptorTests(DescriptorTests): self.assertTrue("(A;CIID;WP;;;DU)" in desc_sddl) self.assertFalse("(A;CIIOID;WP;;;DU)" in desc_sddl) + def test_216(self): + """ Make sure ID ACES provided by user are ignored + """ + ou_dn = "OU=test_inherit_ou," + self.base_dn + group_dn = "CN=test_inherit_group," + ou_dn + mod = "D:P(A;;WPRPLCCCDCWDRC;;;DA)" + tmp_desc = security.descriptor.from_sddl(mod, self.domain_sid) + self.ldb_admin.create_ou(ou_dn, sd=tmp_desc) + # Add some custom ACE + mod = "D:(D;ID;WP;;;AU)" + tmp_desc = security.descriptor.from_sddl(mod, self.domain_sid) + self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4, sd=tmp_desc) + # Make sure created group object does not contain the ID ace + desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn) + self.assertFalse("(A;ID;WP;;;AU)" in desc_sddl) + self.assertFalse("(A;;WP;;;AU)" in desc_sddl) + + def test_217(self): + """ Make sure ID ACES provided by user are not ignored if P flag is set + """ + ou_dn = "OU=test_inherit_ou," + self.base_dn + group_dn = "CN=test_inherit_group," + ou_dn + mod = "D:P(A;;WPRPLCCCDCWDRC;;;DA)" + tmp_desc = security.descriptor.from_sddl(mod, self.domain_sid) + self.ldb_admin.create_ou(ou_dn, sd=tmp_desc) + # Add some custom ACE + mod = "D:P(A;ID;WP;;;AU)" + tmp_desc = security.descriptor.from_sddl(mod, self.domain_sid) + self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4, sd=tmp_desc) + # Make sure created group object does not contain the ID ace + desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn) + self.assertFalse("(A;ID;WP;;;AU)" in desc_sddl) + self.assertTrue("(A;;WP;;;AU)" in desc_sddl) + ######################################################################################## |