diff options
| author | Nadezhda Ivanova <nivanova@samba.org> | 2010-11-25 19:57:51 +0200 |
|---|---|---|
| committer | Nadezhda Ivanova <nivanova@samba.org> | 2010-11-25 19:46:42 +0100 |
| commit | 1e9a7882bead2a87eedcd5ddfe2b4df6a2b57306 (patch) | |
| tree | e2ac591d5c20218ccc34cec1d3025b94341b2a4c /source4/dsdb/tests | |
| parent | db403ac35dde415231498aee41b2306dfbe6a983 (diff) | |
| download | samba-1e9a7882bead2a87eedcd5ddfe2b4df6a2b57306.tar.gz samba-1e9a7882bead2a87eedcd5ddfe2b4df6a2b57306.tar.bz2 samba-1e9a7882bead2a87eedcd5ddfe2b4df6a2b57306.zip | |
s4-tests: Modified create_ou to only accept security.descriptor type for sd to avoid confusion
It used to work with sddl as well, but this is confusing and could lead to errors. It also caused a message about tallocing a security descriptor to appear.
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Thu Nov 25 19:46:42 CET 2010 on sn-devel-104
Diffstat (limited to 'source4/dsdb/tests')
| -rwxr-xr-x | source4/dsdb/tests/python/acl.py | 64 |
1 files changed, 28 insertions, 36 deletions
diff --git a/source4/dsdb/tests/python/acl.py b/source4/dsdb/tests/python/acl.py index 691f358d80..fb6676693e 100755 --- a/source4/dsdb/tests/python/acl.py +++ b/source4/dsdb/tests/python/acl.py @@ -736,16 +736,13 @@ class AclSearchTests(AclTests): self.create_clean_ou("OU=ou1," + self.base_dn) mod = "(A;;LC;;;%s)(A;;LC;;;%s)" % (str(self.user_sid), str(self.group_sid)) self.dacl_add_ace("OU=ou1," + self.base_dn, mod) - self.ldb_admin.create_ou("OU=ou2,OU=ou1," + self.base_dn, - "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod) - self.ldb_admin.create_ou("OU=ou3,OU=ou2,OU=ou1," + self.base_dn, - "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod) - self.ldb_admin.create_ou("OU=ou4,OU=ou2,OU=ou1," + self.base_dn, - "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod) - self.ldb_admin.create_ou("OU=ou5,OU=ou3,OU=ou2,OU=ou1," + self.base_dn, - "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod) - self.ldb_admin.create_ou("OU=ou6,OU=ou4,OU=ou2,OU=ou1," + self.base_dn, - "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod) + tmp_desc = security.descriptor.from_sddl("D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod, + self.domain_sid) + self.ldb_admin.create_ou("OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc) + self.ldb_admin.create_ou("OU=ou3,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc) + self.ldb_admin.create_ou("OU=ou4,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc) + self.ldb_admin.create_ou("OU=ou5,OU=ou3,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc) + self.ldb_admin.create_ou("OU=ou6,OU=ou4,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc) #regular users must see only ou1 and ou2 res = self.ldb_user3.search("OU=ou1," + self.base_dn, expression="(objectClass=*)", @@ -807,16 +804,13 @@ class AclSearchTests(AclTests): self.create_clean_ou("OU=ou1," + self.base_dn) mod = "(A;CI;LC;;;%s)(A;CI;LC;;;%s)" % (str(self.user_sid), str(self.group_sid)) self.dacl_add_ace("OU=ou1," + self.base_dn, mod) - self.ldb_admin.create_ou("OU=ou2,OU=ou1," + self.base_dn, - "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)") - self.ldb_admin.create_ou("OU=ou3,OU=ou2,OU=ou1," + self.base_dn, - "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)") - self.ldb_admin.create_ou("OU=ou4,OU=ou2,OU=ou1," + self.base_dn, - "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)") - self.ldb_admin.create_ou("OU=ou5,OU=ou3,OU=ou2,OU=ou1," + self.base_dn, - "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)") - self.ldb_admin.create_ou("OU=ou6,OU=ou4,OU=ou2,OU=ou1," + self.base_dn, - "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)") + tmp_desc = security.descriptor.from_sddl("D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod, + self.domain_sid) + self.ldb_admin.create_ou("OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc) + self.ldb_admin.create_ou("OU=ou3,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc) + self.ldb_admin.create_ou("OU=ou4,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc) + self.ldb_admin.create_ou("OU=ou5,OU=ou3,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc) + self.ldb_admin.create_ou("OU=ou6,OU=ou4,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc) print "Testing correct behavior on nonaccessible search base" try: @@ -861,16 +855,13 @@ class AclSearchTests(AclTests): self.create_clean_ou("OU=ou1," + self.base_dn) mod = "(A;CI;CC;;;%s)" % (str(self.user_sid)) self.dacl_add_ace("OU=ou1," + self.base_dn, mod) - self.ldb_user.create_ou("OU=ou2,OU=ou1," + self.base_dn, - "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)") - self.ldb_user.create_ou("OU=ou3,OU=ou2,OU=ou1," + self.base_dn, - "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)") - self.ldb_user.create_ou("OU=ou4,OU=ou2,OU=ou1," + self.base_dn, - "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)") - self.ldb_user.create_ou("OU=ou5,OU=ou3,OU=ou2,OU=ou1," + self.base_dn, - "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)") - self.ldb_user.create_ou("OU=ou6,OU=ou4,OU=ou2,OU=ou1," + self.base_dn, - "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)") + tmp_desc = security.descriptor.from_sddl("D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod, + self.domain_sid) + self.ldb_user.create_ou("OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc) + self.ldb_user.create_ou("OU=ou3,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc) + self.ldb_user.create_ou("OU=ou4,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc) + self.ldb_user.create_ou("OU=ou5,OU=ou3,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc) + self.ldb_user.create_ou("OU=ou6,OU=ou4,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc) ok_list = [Dn(self.ldb_admin, "OU=ou2,OU=ou1," + self.base_dn), Dn(self.ldb_admin, "OU=ou1," + self.base_dn)] @@ -891,8 +882,9 @@ class AclSearchTests(AclTests): self.create_clean_ou("OU=ou1," + self.base_dn) mod = "(A;CI;LC;;;%s)" % (str(self.user_sid)) self.dacl_add_ace("OU=ou1," + self.base_dn, mod) - self.ldb_admin.create_ou("OU=ou2,OU=ou1," + self.base_dn, - "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod) + tmp_desc = security.descriptor.from_sddl("D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod, + self.domain_sid) + self.ldb_admin.create_ou("OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc) # assert user can only see dn res = self.ldb_user.search("OU=ou2,OU=ou1," + self.base_dn, expression="(objectClass=*)", scope=SCOPE_SUBTREE) @@ -935,10 +927,10 @@ class AclSearchTests(AclTests): self.create_clean_ou("OU=ou1," + self.base_dn) mod = "(A;CI;LCCC;;;%s)" % (str(self.user_sid)) self.dacl_add_ace("OU=ou1," + self.base_dn, mod) - self.ldb_admin.create_ou("OU=ou2,OU=ou1," + self.base_dn, - "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod) - self.ldb_user.create_ou("OU=ou3,OU=ou2,OU=ou1," + self.base_dn, - "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)") + tmp_desc = security.descriptor.from_sddl("D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod, + self.domain_sid) + self.ldb_admin.create_ou("OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc) + self.ldb_user.create_ou("OU=ou3,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc) res = self.ldb_user.search("OU=ou1," + self.base_dn, expression="(ou=ou3)", scope=SCOPE_SUBTREE) |