diff options
author | Nadezhda Ivanova <nivanova@symas.com> | 2013-10-15 02:06:38 +0300 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2013-10-25 09:45:57 +1300 |
commit | daefca2a1aaa9f4e0ca2f17ef4c9a71412c081ea (patch) | |
tree | 85c9087d550b656abf6f2b075baa9234784ac380 /source4/dsdb/tests/python/ldap.py | |
parent | 2d51424569a9fbb60215957bf5c17a1f0a9bb9ca (diff) | |
download | samba-daefca2a1aaa9f4e0ca2f17ef4c9a71412c081ea.tar.gz samba-daefca2a1aaa9f4e0ca2f17ef4c9a71412c081ea.tar.bz2 samba-daefca2a1aaa9f4e0ca2f17ef4c9a71412c081ea.zip |
s4-dsacl: Fixed incorrect handling of privileges in sec_access_check_ds
Restore and backup privileges are not relevant to ldap
access checks, and the TakeOwnership privilege should
grant write_owner right
Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4/dsdb/tests/python/ldap.py')
-rwxr-xr-x | source4/dsdb/tests/python/ldap.py | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/source4/dsdb/tests/python/ldap.py b/source4/dsdb/tests/python/ldap.py index 63c422a7a2..643830fed7 100755 --- a/source4/dsdb/tests/python/ldap.py +++ b/source4/dsdb/tests/python/ldap.py @@ -2649,7 +2649,7 @@ nTSecurityDescriptor:: """ + desc_base64) user_dn = "CN=%s,CN=Users,%s" % (user_name, self.base_dn) delete_force(self.ldb, user_dn) try: - sddl = "O:DUG:DUD:PAI(A;;RPWP;;;AU)S:PAI" + sddl = "O:DUG:DUD:AI(A;;RPWP;;;AU)S:PAI" desc = security.descriptor.from_sddl(sddl, security.dom_sid('S-1-5-21')) desc_base64 = base64.b64encode( ndr_pack(desc) ) self.ldb.add_ldif(""" @@ -2659,6 +2659,10 @@ sAMAccountName: """ + user_name + """ nTSecurityDescriptor:: """ + desc_base64) res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"]) self.assertTrue("nTSecurityDescriptor" in res[0]) + desc = res[0]["nTSecurityDescriptor"][0] + desc = ndr_unpack(security.descriptor, desc) + desc_sddl = desc.as_sddl(self.domain_sid) + self.assertTrue("O:S-1-5-21-513G:S-1-5-21-513D:AI(A;;RPWP;;;AU)" in desc_sddl) finally: delete_force(self.ldb, user_dn) |