diff options
author | Nadezhda Ivanova <nadezhda.ivanova@postpath.com> | 2009-09-20 13:50:34 -0700 |
---|---|---|
committer | Nadezhda Ivanova <nadezhda.ivanova@postpath.com> | 2009-09-20 15:16:17 -0700 |
commit | 6283f2caaa42c7238bdc9c2e8bc1246207645019 (patch) | |
tree | ee794f628d78b9325abcda5820ed4ec2716d97f2 /source4/lib/ldb | |
parent | ae56b0f2f96cea7a77b0a19c0d16d94ad971fb3f (diff) | |
download | samba-6283f2caaa42c7238bdc9c2e8bc1246207645019.tar.gz samba-6283f2caaa42c7238bdc9c2e8bc1246207645019.tar.bz2 samba-6283f2caaa42c7238bdc9c2e8bc1246207645019.zip |
Initial implementation of security descriptor creation in DS
TODO's:
ACE sorting and clarifying the inheritance of object specific ace's.
Diffstat (limited to 'source4/lib/ldb')
-rw-r--r-- | source4/lib/ldb/tests/python/sec_descriptor.py | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/source4/lib/ldb/tests/python/sec_descriptor.py b/source4/lib/ldb/tests/python/sec_descriptor.py index 58a345450b..71c17d17e6 100644 --- a/source4/lib/ldb/tests/python/sec_descriptor.py +++ b/source4/lib/ldb/tests/python/sec_descriptor.py @@ -249,7 +249,10 @@ userAccountControl: %s""" % userAccountControl desc_sddl = desc.as_sddl( self.domain_sid ) if ace in desc_sddl: return - desc_sddl = desc_sddl[0:desc_sddl.index("(")] + ace + desc_sddl[desc_sddl.index("("):] + if desc_sddl.find("(") >= 0: + desc_sddl = desc_sddl[0:desc_sddl.index("(")] + ace + desc_sddl[desc_sddl.index("("):] + else: + desc_sddl = desc_sddl + ace self.modify_desc(object_dn, desc_sddl) def get_desc_sddl(self, object_dn): @@ -809,13 +812,11 @@ member: """ + user_dn #mod = "" self.dacl_add_ace(object_dn, mod) desc_sddl = self.get_desc_sddl(object_dn) - #print desc_sddl # Create additional object into the first one object_dn = "OU=test_domain_ou2," + object_dn self.delete_force(self.ldb_admin, object_dn) self.create_domain_ou(self.ldb_admin, object_dn) desc_sddl = self.get_desc_sddl(object_dn) - #print desc_sddl ## Tests for SCHEMA @@ -1397,6 +1398,10 @@ class DaclDescriptorTests(DescriptorTests): # Add flag 'protected' in both DACL and SACL so no inherit ACEs # can propagate from above desc_sddl = desc_sddl.replace(":AI", ":AIP") + # colon at the end breaks ldif parsing, fix it + res = re.findall(".*?S:", desc_sddl) + if res: + desc_sddl = desc_sddl.replace("S:", "") self.modify_desc(object_dn, desc_sddl) # Verify all inheritable ACEs are gone desc_sddl = self.get_desc_sddl(object_dn) @@ -1429,6 +1434,7 @@ class DaclDescriptorTests(DescriptorTests): self.create_domain_group(self.ldb_admin, group_dn, sddl) # Make sure created group descriptor has NO additional ACEs desc_sddl = self.get_desc_sddl(group_dn) + print "group descriptor: " + desc_sddl self.assertEqual(desc_sddl, sddl) def test_202(self): @@ -1590,7 +1596,6 @@ class DaclDescriptorTests(DescriptorTests): # Make sure created group object contains only the above inherited ACE(s) # that we've added manually desc_sddl = self.get_desc_sddl(group_dn) - #print desc_sddl self.assertTrue("(D;ID;WP;;;AU)" in desc_sddl) self.assertTrue("(D;CIIOID;WP;;;CO)" in desc_sddl) |