diff options
author | Nadezhda Ivanova <nivanova@samba.org> | 2011-01-11 12:23:57 +0200 |
---|---|---|
committer | Nadezhda Ivanova <nivanova@samba.org> | 2011-01-11 12:10:25 +0100 |
commit | db7e38d59a88f2d42a816f365719a76dcaee89f1 (patch) | |
tree | 84d699e0706aef9ceb1d62cb8925a87e8405b1ef | |
parent | 980f68a6f26070270313a4c7a4c0430f2bb3f078 (diff) | |
download | samba-db7e38d59a88f2d42a816f365719a76dcaee89f1.tar.gz samba-db7e38d59a88f2d42a816f365719a76dcaee89f1.tar.bz2 samba-db7e38d59a88f2d42a816f365719a76dcaee89f1.zip |
s4-tests: Tests for expansion of ACEs containing generic information.
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Tue Jan 11 12:10:25 CET 2011 on sn-devel-104
-rwxr-xr-x | source4/dsdb/tests/python/sec_descriptor.py | 61 |
1 files changed, 59 insertions, 2 deletions
diff --git a/source4/dsdb/tests/python/sec_descriptor.py b/source4/dsdb/tests/python/sec_descriptor.py index c08035b204..bab047671e 100755 --- a/source4/dsdb/tests/python/sec_descriptor.py +++ b/source4/dsdb/tests/python/sec_descriptor.py @@ -1238,12 +1238,19 @@ class OwnerGroupDescriptorTests(DescriptorTests): self.assertEqual("O:DAG:DA", res) ######################################################################################## - # Inharitance tests for DACL + # Inheritance tests for DACL class DaclDescriptorTests(DescriptorTests): def deleteAll(self): delete_force(self.ldb_admin, "CN=test_inherit_group,OU=test_inherit_ou," + self.base_dn) + delete_force(self.ldb_admin, "OU=test_inherit_ou5,OU=test_inherit_ou1,OU=test_inherit_ou_p," + self.base_dn) + delete_force(self.ldb_admin, "OU=test_inherit_ou6,OU=test_inherit_ou2,OU=test_inherit_ou_p," + self.base_dn) + delete_force(self.ldb_admin, "OU=test_inherit_ou1,OU=test_inherit_ou_p," + self.base_dn) + delete_force(self.ldb_admin, "OU=test_inherit_ou2,OU=test_inherit_ou_p," + self.base_dn) + delete_force(self.ldb_admin, "OU=test_inherit_ou3,OU=test_inherit_ou_p," + self.base_dn) + delete_force(self.ldb_admin, "OU=test_inherit_ou4,OU=test_inherit_ou_p," + self.base_dn) + delete_force(self.ldb_admin, "OU=test_inherit_ou_p," + self.base_dn) delete_force(self.ldb_admin, "OU=test_inherit_ou," + self.base_dn) def setUp(self): @@ -1545,7 +1552,8 @@ class DaclDescriptorTests(DescriptorTests): tmp_desc = security.descriptor.from_sddl(mod, self.domain_sid) self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4, sd=tmp_desc) desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn) - self.assertTrue("(D;;WP;;;DA)(D;CIIO;WP;;;CO)" in desc_sddl) + self.assertTrue("(D;;WP;;;DA)" in desc_sddl) + self.assertTrue("(D;CIIO;WP;;;CO)" in desc_sddl) def test_212(self): """ Provide ACE with IO flag, should be ignored @@ -1580,6 +1588,55 @@ class DaclDescriptorTests(DescriptorTests): desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn) self.assertFalse("(D;IO;WP;;;DA)" in desc_sddl) + def test_214(self): + """ Test behavior of ACEs containing generic rights + """ + ou_dn = "OU=test_inherit_ou_p," + self.base_dn + ou_dn1 = "OU=test_inherit_ou1," + ou_dn + ou_dn2 = "OU=test_inherit_ou2," + ou_dn + ou_dn3 = "OU=test_inherit_ou3," + ou_dn + ou_dn4 = "OU=test_inherit_ou4," + ou_dn + ou_dn5 = "OU=test_inherit_ou5," + ou_dn1 + ou_dn6 = "OU=test_inherit_ou6," + ou_dn2 + # Create inheritable-free OU + mod = "D:P(A;CI;WPRPLCCCDCWDRC;;;DA)" + tmp_desc = security.descriptor.from_sddl(mod, self.domain_sid) + self.ldb_admin.create_ou(ou_dn, sd=tmp_desc) + mod = "D:(A;CI;GA;;;DU)" + tmp_desc = security.descriptor.from_sddl(mod, self.domain_sid) + self.ldb_admin.create_ou(ou_dn1, sd=tmp_desc) + mod = "D:(A;CIIO;GA;;;DU)" + tmp_desc = security.descriptor.from_sddl(mod, self.domain_sid) + self.ldb_admin.create_ou(ou_dn2, sd=tmp_desc) + mod = "D:(A;;GA;;;DU)" + tmp_desc = security.descriptor.from_sddl(mod, self.domain_sid) + self.ldb_admin.create_ou(ou_dn3, sd=tmp_desc) + mod = "D:(A;IO;GA;;;DU)" + tmp_desc = security.descriptor.from_sddl(mod, self.domain_sid) + self.ldb_admin.create_ou(ou_dn4, sd=tmp_desc) + + self.ldb_admin.create_ou(ou_dn5) + self.ldb_admin.create_ou(ou_dn6) + + desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn1) + self.assertTrue("(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DU)" in desc_sddl) + self.assertTrue("(A;CIIO;GA;;;DU)" in desc_sddl) + desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn2) + self.assertFalse("(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DU)" in desc_sddl) + self.assertTrue("(A;CIIO;GA;;;DU)" in desc_sddl) + desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn3) + self.assertTrue("(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DU)" in desc_sddl) + self.assertFalse("(A;CIIO;GA;;;DU)" in desc_sddl) + desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn4) + self.assertFalse("(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DU)" in desc_sddl) + self.assertFalse("(A;CIIO;GA;;;DU)" in desc_sddl) + desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn5) + self.assertTrue("(A;ID;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DU)" in desc_sddl) + self.assertTrue("(A;CIIOID;GA;;;DU)" in desc_sddl) + desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn6) + self.assertTrue("(A;ID;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DU)" in desc_sddl) + self.assertTrue("(A;CIIOID;GA;;;DU)" in desc_sddl) + ######################################################################################## |