diff options
Diffstat (limited to 'source4/dsdb/tests/python/sec_descriptor.py')
-rwxr-xr-x | source4/dsdb/tests/python/sec_descriptor.py | 55 |
1 files changed, 20 insertions, 35 deletions
diff --git a/source4/dsdb/tests/python/sec_descriptor.py b/source4/dsdb/tests/python/sec_descriptor.py index b61afd3b2e..3b09d0b44e 100755 --- a/source4/dsdb/tests/python/sec_descriptor.py +++ b/source4/dsdb/tests/python/sec_descriptor.py @@ -85,21 +85,6 @@ replace: nTSecurityDescriptor mod += "nTSecurityDescriptor:: %s" % base64.b64encode(ndr_pack(desc)) _ldb.modify_ldif(mod, controls) - def create_domain_ou(self, _ldb, ou_dn, desc=None, controls=None): - ldif = """ -dn: """ + ou_dn + """ -ou: """ + ou_dn.split(",")[0][3:] + """ -objectClass: organizationalUnit -url: www.example.com -""" - if desc: - assert(isinstance(desc, str) or isinstance(desc, security.descriptor)) - if isinstance(desc, str): - ldif += "nTSecurityDescriptor: %s" % desc - elif isinstance(desc, security.descriptor): - ldif += "nTSecurityDescriptor:: %s" % base64.b64encode(ndr_pack(desc)) - _ldb.add_ldif(ldif, controls) - def create_domain_user(self, _ldb, user_dn, desc=None): ldif = """ dn: """ + user_dn + """ @@ -506,7 +491,7 @@ class OwnerGroupDescriptorTests(DescriptorTests): _ldb = self.get_ldb_connection(user_name, "samba123@") object_dn = "OU=test_domain_ou1," + self.base_dn self.delete_force(self.ldb_admin, object_dn) - self.create_domain_ou(self.ldb_admin, object_dn) + self.ldb_admin.create_ou(object_dn) user_sid = self.get_object_sid( self.get_users_domain_dn(user_name) ) mod = "(A;CI;WPWDCC;;;%s)" % str(user_sid) self.dacl_add_ace(object_dn, mod) @@ -529,7 +514,7 @@ class OwnerGroupDescriptorTests(DescriptorTests): _ldb = self.get_ldb_connection(user_name, "samba123@") object_dn = "OU=test_domain_ou1," + self.base_dn self.delete_force(self.ldb_admin, object_dn) - self.create_domain_ou(self.ldb_admin, object_dn) + self.ldb_admin.create_ou(object_dn) user_sid = self.get_object_sid( self.get_users_domain_dn(user_name) ) mod = "(A;CI;WPWDCC;;;%s)" % str(user_sid) self.dacl_add_ace(object_dn, mod) @@ -646,7 +631,7 @@ class OwnerGroupDescriptorTests(DescriptorTests): _ldb = self.get_ldb_connection(user_name, "samba123@") object_dn = "OU=test_domain_ou1," + self.base_dn self.delete_force(self.ldb_admin, object_dn) - self.create_domain_ou(self.ldb_admin, object_dn) + self.ldb_admin.create_ou(object_dn) user_sid = self.get_object_sid( self.get_users_domain_dn(user_name) ) mod = "(A;CI;WOWDCC;;;%s)" % str(user_sid) self.dacl_add_ace(object_dn, mod) @@ -671,7 +656,7 @@ class OwnerGroupDescriptorTests(DescriptorTests): _ldb = self.get_ldb_connection(user_name, "samba123@") object_dn = "OU=test_domain_ou1," + self.base_dn self.delete_force(self.ldb_admin, object_dn) - self.create_domain_ou(self.ldb_admin, object_dn) + self.ldb_admin.create_ou(object_dn) user_sid = self.get_object_sid( self.get_users_domain_dn(user_name) ) mod = "(A;CI;WOWDCC;;;%s)" % str(user_sid) self.dacl_add_ace(object_dn, mod) @@ -755,7 +740,7 @@ class OwnerGroupDescriptorTests(DescriptorTests): user_name = "Administrator" object_dn = "OU=test_domain_ou1," + self.base_dn self.delete_force(self.ldb_admin, object_dn) - self.create_domain_ou(self.ldb_admin, object_dn) + self.ldb_admin.create_ou(object_dn) user_sid = self.get_object_sid( self.get_users_domain_dn(user_name) ) mod = "(D;CI;WP;;;S-1-3-0)" #mod = "" @@ -764,7 +749,7 @@ class OwnerGroupDescriptorTests(DescriptorTests): # Create additional object into the first one object_dn = "OU=test_domain_ou2," + object_dn self.delete_force(self.ldb_admin, object_dn) - self.create_domain_ou(self.ldb_admin, object_dn) + self.ldb_admin.create_ou(object_dn) desc_sddl = self.get_desc_sddl(object_dn) ## Tests for SCHEMA @@ -1352,7 +1337,7 @@ class DaclDescriptorTests(DescriptorTests): expression="distinguishedName=%s" % object_dn) # Make sure top testing OU has been deleted before starting the test self.assertEqual(res, []) - self.create_domain_ou(self.ldb_admin, object_dn) + self.ldb_admin.create_ou(object_dn) desc_sddl = self.get_desc_sddl(object_dn) # Make sure there are inheritable ACEs initially self.assertTrue("CI" in desc_sddl or "OI" in desc_sddl) @@ -1681,7 +1666,7 @@ class SdFlagsDescriptorTests(DescriptorTests): See that only the owner has been changed. """ ou_dn = "OU=test_sdflags_ou," + self.base_dn - self.create_domain_ou(self.ldb_admin, ou_dn) + self.ldb_admin.create_ou(ou_dn) self.modify_desc(self.ldb_admin, ou_dn, self.test_descr, controls=["sd_flags:1:%d" % (SECINFO_OWNER)]) desc_sddl = self.get_desc_sddl(ou_dn) # make sure we have modified the owner @@ -1696,7 +1681,7 @@ class SdFlagsDescriptorTests(DescriptorTests): See that only the owner has been changed. """ ou_dn = "OU=test_sdflags_ou," + self.base_dn - self.create_domain_ou(self.ldb_admin, ou_dn) + self.ldb_admin.create_ou(ou_dn) self.modify_desc(self.ldb_admin, ou_dn, self.test_descr, controls=["sd_flags:1:%d" % (SECINFO_GROUP)]) desc_sddl = self.get_desc_sddl(ou_dn) # make sure we have modified the group @@ -1711,7 +1696,7 @@ class SdFlagsDescriptorTests(DescriptorTests): See that only the owner has been changed. """ ou_dn = "OU=test_sdflags_ou," + self.base_dn - self.create_domain_ou(self.ldb_admin, ou_dn) + self.ldb_admin.create_ou(ou_dn) self.modify_desc(self.ldb_admin, ou_dn, self.test_descr, controls=["sd_flags:1:%d" % (SECINFO_DACL)]) desc_sddl = self.get_desc_sddl(ou_dn) # make sure we have modified the DACL @@ -1726,7 +1711,7 @@ class SdFlagsDescriptorTests(DescriptorTests): See that only the owner has been changed. """ ou_dn = "OU=test_sdflags_ou," + self.base_dn - self.create_domain_ou(self.ldb_admin, ou_dn) + self.ldb_admin.create_ou(ou_dn) self.modify_desc(self.ldb_admin, ou_dn, self.test_descr, controls=["sd_flags:1:%d" % (SECINFO_SACL)]) desc_sddl = self.get_desc_sddl(ou_dn) # make sure we have modified the DACL @@ -1742,7 +1727,7 @@ class SdFlagsDescriptorTests(DescriptorTests): which is the same as 0xF """ ou_dn = "OU=test_sdflags_ou," + self.base_dn - self.create_domain_ou(self.ldb_admin, ou_dn) + self.ldb_admin.create_ou(ou_dn) self.modify_desc(self.ldb_admin, ou_dn, self.test_descr, controls=["sd_flags:1:0"]) desc_sddl = self.get_desc_sddl(ou_dn) # make sure we have modified the DACL @@ -1756,7 +1741,7 @@ class SdFlagsDescriptorTests(DescriptorTests): """ Modify a descriptor with 0xF set. """ ou_dn = "OU=test_sdflags_ou," + self.base_dn - self.create_domain_ou(self.ldb_admin, ou_dn) + self.ldb_admin.create_ou(ou_dn) self.modify_desc(self.ldb_admin, ou_dn, self.test_descr, controls=["sd_flags:1:15"]) desc_sddl = self.get_desc_sddl(ou_dn) # make sure we have modified the DACL @@ -1771,7 +1756,7 @@ class SdFlagsDescriptorTests(DescriptorTests): Only the owner part should be returned. """ ou_dn = "OU=test_sdflags_ou," + self.base_dn - self.create_domain_ou(self.ldb_admin, ou_dn) + self.ldb_admin.create_ou(ou_dn) desc_sddl = self.get_desc_sddl(ou_dn, controls=["sd_flags:1:%d" % (SECINFO_OWNER)]) # make sure we have read the owner self.assertTrue("O:" in desc_sddl) @@ -1785,7 +1770,7 @@ class SdFlagsDescriptorTests(DescriptorTests): Only the group part should be returned. """ ou_dn = "OU=test_sdflags_ou," + self.base_dn - self.create_domain_ou(self.ldb_admin, ou_dn) + self.ldb_admin.create_ou(ou_dn) desc_sddl = self.get_desc_sddl(ou_dn, controls=["sd_flags:1:%d" % (SECINFO_GROUP)]) # make sure we have read the owner self.assertTrue("G:" in desc_sddl) @@ -1799,7 +1784,7 @@ class SdFlagsDescriptorTests(DescriptorTests): Only the sacl part should be returned. """ ou_dn = "OU=test_sdflags_ou," + self.base_dn - self.create_domain_ou(self.ldb_admin, ou_dn) + self.ldb_admin.create_ou(ou_dn) desc_sddl = self.get_desc_sddl(ou_dn, controls=["sd_flags:1:%d" % (SECINFO_SACL)]) # make sure we have read the owner self.assertTrue("S:" in desc_sddl) @@ -1813,7 +1798,7 @@ class SdFlagsDescriptorTests(DescriptorTests): Only the dacl part should be returned. """ ou_dn = "OU=test_sdflags_ou," + self.base_dn - self.create_domain_ou(self.ldb_admin, ou_dn) + self.ldb_admin.create_ou(ou_dn) desc_sddl = self.get_desc_sddl(ou_dn, controls=["sd_flags:1:%d" % (SECINFO_DACL)]) # make sure we have read the owner self.assertTrue("D:" in desc_sddl) @@ -1845,7 +1830,7 @@ class RightsAttributesTests(DescriptorTests): def test_sDRightsEffective(self): object_dn = "OU=test_domain_ou1," + self.base_dn self.delete_force(self.ldb_admin, object_dn) - self.create_domain_ou(self.ldb_admin, object_dn) + self.ldb_admin.create_ou(object_dn) print self.get_users_domain_dn("testuser_attr") user_sid = self.get_object_sid(self.get_users_domain_dn("testuser_attr")) #give testuser1 read access so attributes can be retrieved @@ -1885,7 +1870,7 @@ class RightsAttributesTests(DescriptorTests): def test_allowedChildClassesEffective(self): object_dn = "OU=test_domain_ou1," + self.base_dn self.delete_force(self.ldb_admin, object_dn) - self.create_domain_ou(self.ldb_admin, object_dn) + self.ldb_admin.create_ou(object_dn) user_sid = self.get_object_sid(self.get_users_domain_dn("testuser_attr")) #give testuser1 read access so attributes can be retrieved mod = "(A;CI;RP;;;%s)" % str(user_sid) @@ -1909,7 +1894,7 @@ class RightsAttributesTests(DescriptorTests): def test_allowedAttributesEffective(self): object_dn = "OU=test_domain_ou1," + self.base_dn self.delete_force(self.ldb_admin, object_dn) - self.create_domain_ou(self.ldb_admin, object_dn) + self.ldb_admin.create_ou(object_dn) user_sid = self.get_object_sid(self.get_users_domain_dn("testuser_attr")) #give testuser1 read access so attributes can be retrieved mod = "(A;CI;RP;;;%s)" % str(user_sid) |