summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rwxr-xr-xsource4/dsdb/tests/python/acl.py64
-rw-r--r--source4/scripting/python/samba/samdb.py12
2 files changed, 31 insertions, 45 deletions
diff --git a/source4/dsdb/tests/python/acl.py b/source4/dsdb/tests/python/acl.py
index 691f358d80..fb6676693e 100755
--- a/source4/dsdb/tests/python/acl.py
+++ b/source4/dsdb/tests/python/acl.py
@@ -736,16 +736,13 @@ class AclSearchTests(AclTests):
self.create_clean_ou("OU=ou1," + self.base_dn)
mod = "(A;;LC;;;%s)(A;;LC;;;%s)" % (str(self.user_sid), str(self.group_sid))
self.dacl_add_ace("OU=ou1," + self.base_dn, mod)
- self.ldb_admin.create_ou("OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod)
- self.ldb_admin.create_ou("OU=ou3,OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod)
- self.ldb_admin.create_ou("OU=ou4,OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod)
- self.ldb_admin.create_ou("OU=ou5,OU=ou3,OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod)
- self.ldb_admin.create_ou("OU=ou6,OU=ou4,OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod)
+ tmp_desc = security.descriptor.from_sddl("D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod,
+ self.domain_sid)
+ self.ldb_admin.create_ou("OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+ self.ldb_admin.create_ou("OU=ou3,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+ self.ldb_admin.create_ou("OU=ou4,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+ self.ldb_admin.create_ou("OU=ou5,OU=ou3,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+ self.ldb_admin.create_ou("OU=ou6,OU=ou4,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
#regular users must see only ou1 and ou2
res = self.ldb_user3.search("OU=ou1," + self.base_dn, expression="(objectClass=*)",
@@ -807,16 +804,13 @@ class AclSearchTests(AclTests):
self.create_clean_ou("OU=ou1," + self.base_dn)
mod = "(A;CI;LC;;;%s)(A;CI;LC;;;%s)" % (str(self.user_sid), str(self.group_sid))
self.dacl_add_ace("OU=ou1," + self.base_dn, mod)
- self.ldb_admin.create_ou("OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
- self.ldb_admin.create_ou("OU=ou3,OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
- self.ldb_admin.create_ou("OU=ou4,OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
- self.ldb_admin.create_ou("OU=ou5,OU=ou3,OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
- self.ldb_admin.create_ou("OU=ou6,OU=ou4,OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
+ tmp_desc = security.descriptor.from_sddl("D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod,
+ self.domain_sid)
+ self.ldb_admin.create_ou("OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+ self.ldb_admin.create_ou("OU=ou3,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+ self.ldb_admin.create_ou("OU=ou4,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+ self.ldb_admin.create_ou("OU=ou5,OU=ou3,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+ self.ldb_admin.create_ou("OU=ou6,OU=ou4,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
print "Testing correct behavior on nonaccessible search base"
try:
@@ -861,16 +855,13 @@ class AclSearchTests(AclTests):
self.create_clean_ou("OU=ou1," + self.base_dn)
mod = "(A;CI;CC;;;%s)" % (str(self.user_sid))
self.dacl_add_ace("OU=ou1," + self.base_dn, mod)
- self.ldb_user.create_ou("OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
- self.ldb_user.create_ou("OU=ou3,OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
- self.ldb_user.create_ou("OU=ou4,OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
- self.ldb_user.create_ou("OU=ou5,OU=ou3,OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
- self.ldb_user.create_ou("OU=ou6,OU=ou4,OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
+ tmp_desc = security.descriptor.from_sddl("D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod,
+ self.domain_sid)
+ self.ldb_user.create_ou("OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+ self.ldb_user.create_ou("OU=ou3,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+ self.ldb_user.create_ou("OU=ou4,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+ self.ldb_user.create_ou("OU=ou5,OU=ou3,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+ self.ldb_user.create_ou("OU=ou6,OU=ou4,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
ok_list = [Dn(self.ldb_admin, "OU=ou2,OU=ou1," + self.base_dn),
Dn(self.ldb_admin, "OU=ou1," + self.base_dn)]
@@ -891,8 +882,9 @@ class AclSearchTests(AclTests):
self.create_clean_ou("OU=ou1," + self.base_dn)
mod = "(A;CI;LC;;;%s)" % (str(self.user_sid))
self.dacl_add_ace("OU=ou1," + self.base_dn, mod)
- self.ldb_admin.create_ou("OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod)
+ tmp_desc = security.descriptor.from_sddl("D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod,
+ self.domain_sid)
+ self.ldb_admin.create_ou("OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
# assert user can only see dn
res = self.ldb_user.search("OU=ou2,OU=ou1," + self.base_dn, expression="(objectClass=*)",
scope=SCOPE_SUBTREE)
@@ -935,10 +927,10 @@ class AclSearchTests(AclTests):
self.create_clean_ou("OU=ou1," + self.base_dn)
mod = "(A;CI;LCCC;;;%s)" % (str(self.user_sid))
self.dacl_add_ace("OU=ou1," + self.base_dn, mod)
- self.ldb_admin.create_ou("OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod)
- self.ldb_user.create_ou("OU=ou3,OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
+ tmp_desc = security.descriptor.from_sddl("D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod,
+ self.domain_sid)
+ self.ldb_admin.create_ou("OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+ self.ldb_user.create_ou("OU=ou3,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
res = self.ldb_user.search("OU=ou1," + self.base_dn, expression="(ou=ou3)",
scope=SCOPE_SUBTREE)
diff --git a/source4/scripting/python/samba/samdb.py b/source4/scripting/python/samba/samdb.py
index 109e948d5c..df1af165ac 100644
--- a/source4/scripting/python/samba/samdb.py
+++ b/source4/scripting/python/samba/samdb.py
@@ -663,16 +663,10 @@ accountExpires: %u
"objectClass": "organizationalUnit"}
if description:
- m["description"] = description
+ m["description"] = description
if name:
- m["name"] = name
+ m["name"] = name
if sd:
- assert(isinstance(sd, str) or isinstance(sd, security.descriptor))
- if isinstance(sd, str):
- sid = security.dom_sid(self.get_domain_sid())
- tmp_desc = security.descriptor.from_sddl(sd, sid)
- m["nTSecurityDescriptor"] = ndr_pack(tmp_desc)
- elif isinstance(sd, security.descriptor):
- m["nTSecurityDescriptor"] = ndr_pack(sd)
+ m["nTSecurityDescriptor"] = ndr_pack(sd)
self.add(m)
generated by cgit (git 2.34.1) at 2024-12-02 03:42:31 +0000