summaryrefslogtreecommitdiff
path: root/source4/lib/ldb
diff options
context:
space:
mode:
authorNadezhda Ivanova <nadezhda.ivanova@postpath.com>2009-09-20 13:50:34 -0700
committerNadezhda Ivanova <nadezhda.ivanova@postpath.com>2009-09-20 15:16:17 -0700
commit6283f2caaa42c7238bdc9c2e8bc1246207645019 (patch)
treeee794f628d78b9325abcda5820ed4ec2716d97f2 /source4/lib/ldb
parentae56b0f2f96cea7a77b0a19c0d16d94ad971fb3f (diff)
downloadsamba-6283f2caaa42c7238bdc9c2e8bc1246207645019.tar.gz
samba-6283f2caaa42c7238bdc9c2e8bc1246207645019.tar.bz2
samba-6283f2caaa42c7238bdc9c2e8bc1246207645019.zip
Initial implementation of security descriptor creation in DS
TODO's: ACE sorting and clarifying the inheritance of object specific ace's.
Diffstat (limited to 'source4/lib/ldb')
-rw-r--r--source4/lib/ldb/tests/python/sec_descriptor.py13
1 files changed, 9 insertions, 4 deletions
diff --git a/source4/lib/ldb/tests/python/sec_descriptor.py b/source4/lib/ldb/tests/python/sec_descriptor.py
index 58a345450b..71c17d17e6 100644
--- a/source4/lib/ldb/tests/python/sec_descriptor.py
+++ b/source4/lib/ldb/tests/python/sec_descriptor.py
@@ -249,7 +249,10 @@ userAccountControl: %s""" % userAccountControl
desc_sddl = desc.as_sddl( self.domain_sid )
if ace in desc_sddl:
return
- desc_sddl = desc_sddl[0:desc_sddl.index("(")] + ace + desc_sddl[desc_sddl.index("("):]
+ if desc_sddl.find("(") >= 0:
+ desc_sddl = desc_sddl[0:desc_sddl.index("(")] + ace + desc_sddl[desc_sddl.index("("):]
+ else:
+ desc_sddl = desc_sddl + ace
self.modify_desc(object_dn, desc_sddl)
def get_desc_sddl(self, object_dn):
@@ -809,13 +812,11 @@ member: """ + user_dn
#mod = ""
self.dacl_add_ace(object_dn, mod)
desc_sddl = self.get_desc_sddl(object_dn)
- #print desc_sddl
# Create additional object into the first one
object_dn = "OU=test_domain_ou2," + object_dn
self.delete_force(self.ldb_admin, object_dn)
self.create_domain_ou(self.ldb_admin, object_dn)
desc_sddl = self.get_desc_sddl(object_dn)
- #print desc_sddl
## Tests for SCHEMA
@@ -1397,6 +1398,10 @@ class DaclDescriptorTests(DescriptorTests):
# Add flag 'protected' in both DACL and SACL so no inherit ACEs
# can propagate from above
desc_sddl = desc_sddl.replace(":AI", ":AIP")
+ # colon at the end breaks ldif parsing, fix it
+ res = re.findall(".*?S:", desc_sddl)
+ if res:
+ desc_sddl = desc_sddl.replace("S:", "")
self.modify_desc(object_dn, desc_sddl)
# Verify all inheritable ACEs are gone
desc_sddl = self.get_desc_sddl(object_dn)
@@ -1429,6 +1434,7 @@ class DaclDescriptorTests(DescriptorTests):
self.create_domain_group(self.ldb_admin, group_dn, sddl)
# Make sure created group descriptor has NO additional ACEs
desc_sddl = self.get_desc_sddl(group_dn)
+ print "group descriptor: " + desc_sddl
self.assertEqual(desc_sddl, sddl)
def test_202(self):
@@ -1590,7 +1596,6 @@ class DaclDescriptorTests(DescriptorTests):
# Make sure created group object contains only the above inherited ACE(s)
# that we've added manually
desc_sddl = self.get_desc_sddl(group_dn)
- #print desc_sddl
self.assertTrue("(D;ID;WP;;;AU)" in desc_sddl)
self.assertTrue("(D;CIIOID;WP;;;CO)" in desc_sddl)