summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNadezhda Ivanova <nivanova@samba.org>2011-02-10 12:43:35 +0200
committerNadezhda Ivanova <nivanova@samba.org>2011-02-10 12:31:34 +0100
commitb5a2f956c6f9ac8d37a77e0f20e9d3c87ab50f9d (patch)
tree6083e1236071683dccd7ade2f7a95e5e53ba4ddd
parentc3f6cc9993f7fd45cff63c6a5fefde084a6cc173 (diff)
downloadsamba-b5a2f956c6f9ac8d37a77e0f20e9d3c87ab50f9d.tar.gz
samba-b5a2f956c6f9ac8d37a77e0f20e9d3c87ab50f9d.tar.bz2
samba-b5a2f956c6f9ac8d37a77e0f20e9d3c87ab50f9d.zip
s4-tests: Some tests that prove behavior for INHERITED user-provided ACEs is different if the P flag is set.
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Thu Feb 10 12:31:34 CET 2011 on sn-devel-104
-rwxr-xr-xsource4/dsdb/tests/python/sec_descriptor.py34
1 files changed, 34 insertions, 0 deletions
diff --git a/source4/dsdb/tests/python/sec_descriptor.py b/source4/dsdb/tests/python/sec_descriptor.py
index 2db33ae340..705bf89581 100755
--- a/source4/dsdb/tests/python/sec_descriptor.py
+++ b/source4/dsdb/tests/python/sec_descriptor.py
@@ -1655,6 +1655,40 @@ class DaclDescriptorTests(DescriptorTests):
self.assertTrue("(A;CIID;WP;;;DU)" in desc_sddl)
self.assertFalse("(A;CIIOID;WP;;;DU)" in desc_sddl)
+ def test_216(self):
+ """ Make sure ID ACES provided by user are ignored
+ """
+ ou_dn = "OU=test_inherit_ou," + self.base_dn
+ group_dn = "CN=test_inherit_group," + ou_dn
+ mod = "D:P(A;;WPRPLCCCDCWDRC;;;DA)"
+ tmp_desc = security.descriptor.from_sddl(mod, self.domain_sid)
+ self.ldb_admin.create_ou(ou_dn, sd=tmp_desc)
+ # Add some custom ACE
+ mod = "D:(D;ID;WP;;;AU)"
+ tmp_desc = security.descriptor.from_sddl(mod, self.domain_sid)
+ self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4, sd=tmp_desc)
+ # Make sure created group object does not contain the ID ace
+ desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+ self.assertFalse("(A;ID;WP;;;AU)" in desc_sddl)
+ self.assertFalse("(A;;WP;;;AU)" in desc_sddl)
+
+ def test_217(self):
+ """ Make sure ID ACES provided by user are not ignored if P flag is set
+ """
+ ou_dn = "OU=test_inherit_ou," + self.base_dn
+ group_dn = "CN=test_inherit_group," + ou_dn
+ mod = "D:P(A;;WPRPLCCCDCWDRC;;;DA)"
+ tmp_desc = security.descriptor.from_sddl(mod, self.domain_sid)
+ self.ldb_admin.create_ou(ou_dn, sd=tmp_desc)
+ # Add some custom ACE
+ mod = "D:P(A;ID;WP;;;AU)"
+ tmp_desc = security.descriptor.from_sddl(mod, self.domain_sid)
+ self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4, sd=tmp_desc)
+ # Make sure created group object does not contain the ID ace
+ desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
+ self.assertFalse("(A;ID;WP;;;AU)" in desc_sddl)
+ self.assertTrue("(A;;WP;;;AU)" in desc_sddl)
+
########################################################################################