summaryrefslogtreecommitdiff
path: root/python
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2013-02-17 22:03:18 +1100
committerStefan Metzmacher <metze@samba.org>2013-03-04 08:33:08 +0100
commit5074b98714c9e038cc31872111508c1d92562841 (patch)
tree06c5ebd2131a9a6d5968bb541a75797a4cbb87a0 /python
parent787a6aacc3003731784b29fd92c683036c8730a7 (diff)
downloadsamba-5074b98714c9e038cc31872111508c1d92562841.tar.gz
samba-5074b98714c9e038cc31872111508c1d92562841.tar.bz2
samba-5074b98714c9e038cc31872111508c1d92562841.zip
scripting: Rework samba.upgradehelpers.get_diff_sddls to be get_diff_sds
This moves the SDDL conversion inside the get_diff_sds function and prepares for removing inherited ACEs from the SD before comparison. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'python')
-rw-r--r--python/samba/tests/upgradeprovision.py27
-rw-r--r--python/samba/upgradehelpers.py7
2 files changed, 25 insertions, 9 deletions
diff --git a/python/samba/tests/upgradeprovision.py b/python/samba/tests/upgradeprovision.py
index 93a6731c83..f0d34b12f4 100644
--- a/python/samba/tests/upgradeprovision.py
+++ b/python/samba/tests/upgradeprovision.py
@@ -19,7 +19,7 @@
import os
from samba.upgradehelpers import (usn_in_range, dn_sort,
- get_diff_sddls, update_secrets,
+ get_diff_sds, update_secrets,
construct_existor_expr)
from samba.tests.provision import create_dummy_secretsdb
@@ -27,6 +27,7 @@ from samba.tests import TestCaseInTempDir
from samba import Ldb
from ldb import SCOPE_BASE
import samba.tests
+from samba.dcerpc import security
def dummymessage(a=None, b=None):
pass
@@ -59,7 +60,9 @@ class UpgradeProvisionTestCase(TestCaseInTempDir):
self.assertEquals(dn_sort("cn=bar, dc=toto,dc=tata",
"cn=foo, dc=toto,dc=tata"), -1)
- def test_get_diff_sddl(self):
+ def test_get_diff_sds(self):
+ domsid = security.dom_sid('S-1-5-21')
+
sddl = "O:SAG:DUD:AI(A;CIID;RPWPCRCCLCLORCWOWDSW;;;SA)\
(A;CIID;RP LCLORC;;;AU)(A;CIID;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)S:AI(AU;CIIDSA;WP;;;WD)"
sddl1 = "O:SAG:DUD:AI(A;CIID;RPWPCRCCLCLORCWOWDSW;;;SA)\
@@ -73,18 +76,28 @@ class UpgradeProvisionTestCase(TestCaseInTempDir):
sddl5 = "O:SAG:DUD:AI(A;CIID;RPWPCRCCLCLORCWOWDSW;;;SA)\
(A;CIID;RP LCLORC;;;AU)(A;CIID;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)"
- self.assertEquals(get_diff_sddls(sddl, sddl1), "")
- txt = get_diff_sddls(sddl, sddl2)
+ self.assertEquals(get_diff_sds(security.descriptor.from_sddl(sddl, domsid),
+ security.descriptor.from_sddl(sddl1, domsid),
+ domsid), "")
+ txt = get_diff_sds(security.descriptor.from_sddl(sddl, domsid),
+ security.descriptor.from_sddl(sddl2, domsid),
+ domsid)
self.assertEquals(txt, "\tOwner mismatch: SA (in ref) BA(in current)\n")
- txt = get_diff_sddls(sddl, sddl3)
+ txt = get_diff_sds(security.descriptor.from_sddl(sddl, domsid),
+ security.descriptor.from_sddl(sddl3, domsid),
+ domsid)
self.assertEquals(txt, "\tGroup mismatch: DU (in ref) BA(in current)\n")
- txt = get_diff_sddls(sddl, sddl4)
+ txt = get_diff_sds(security.descriptor.from_sddl(sddl, domsid),
+ security.descriptor.from_sddl(sddl4, domsid),
+ domsid)
txtmsg = "\tPart dacl is different between reference and current here\
is the detail:\n\t\t(A;CIID;RPWPCRCCLCLORCWOWDSW;;;BA) ACE is not present in\
the reference\n\t\t(A;CIID;RPWPCRCCLCLORCWOWDSW;;;SA) ACE is not present in\
the current\n"
self.assertEquals(txt, txtmsg)
- txt = get_diff_sddls(sddl, sddl5)
+ txt = get_diff_sds(security.descriptor.from_sddl(sddl, domsid),
+ security.descriptor.from_sddl(sddl5, domsid),
+ domsid)
self.assertEquals(txt, "\tCurrent ACL hasn't a sacl part\n")
def test_construct_existor_expr(self):
diff --git a/python/samba/upgradehelpers.py b/python/samba/upgradehelpers.py
index 1ec19d4ab6..88182bd4a1 100644
--- a/python/samba/upgradehelpers.py
+++ b/python/samba/upgradehelpers.py
@@ -346,8 +346,8 @@ def chunck_sddl(sddl):
return hash
-def get_diff_sddls(refsddl, cursddl, checkSacl = True):
- """Get the difference between 2 sddl
+def get_diff_sds(refsd, cursd, domainsid, checkSacl = True):
+ """Get the difference between 2 sd
This function split the textual representation of ACL into smaller
chunck in order to not to report a simple permutation as a difference
@@ -358,6 +358,9 @@ def get_diff_sddls(refsddl, cursddl, checkSacl = True):
:return: A string that explain difference between sddls
"""
+ cursddl = cursd.as_sddl(domainsid)
+ refsddl = refsd.as_sddl(domainsid)
+
txt = ""
hash_cur = chunck_sddl(cursddl)
hash_ref = chunck_sddl(refsddl)