diff options
Diffstat (limited to 'source4/lib/ldb/tests/python')
-rwxr-xr-x | source4/lib/ldb/tests/python/sec_descriptor.py | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/source4/lib/ldb/tests/python/sec_descriptor.py b/source4/lib/ldb/tests/python/sec_descriptor.py index 609fca86ab..f26df07df1 100755 --- a/source4/lib/ldb/tests/python/sec_descriptor.py +++ b/source4/lib/ldb/tests/python/sec_descriptor.py @@ -1725,6 +1725,39 @@ class DaclDescriptorTests(DescriptorTests): desc_sddl = self.get_desc_sddl(group_dn) self.assertTrue("(D;;WP;;;DA)(D;CIIO;WP;;;CO)" in desc_sddl) + def test_212(self): + """ Provide ACE with IO flag, should be ignored + """ + ou_dn = "OU=test_inherit_ou," + self.base_dn + group_dn = "CN=test_inherit_group," + ou_dn + # Create inheritable-free OU + self.create_clean_ou(ou_dn) + # Add some custom 'CI' ACE + mod = "D:(D;CIIO;WP;;;CO)" + self.create_domain_group(self.ldb_admin, group_dn, mod) + # Make sure created group object contains only the above inherited ACE(s) + # that we've added manually + desc_sddl = self.get_desc_sddl(group_dn) + print desc_sddl + self.assertTrue("(D;CIIO;WP;;;CO)" in desc_sddl) + self.assertFalse("(D;;WP;;;DA)" in desc_sddl) + self.assertFalse("(D;CIIO;WP;;;CO)(D;CIIO;WP;;;CO)" in desc_sddl) + + def test_213(self): + """ Provide ACE with IO flag, should be ignored + """ + ou_dn = "OU=test_inherit_ou," + self.base_dn + group_dn = "CN=test_inherit_group," + ou_dn + # Create inheritable-free OU + self.create_clean_ou(ou_dn) + mod = "D:(D;IO;WP;;;DA)" + self.create_domain_group(self.ldb_admin, group_dn, mod) + # Make sure created group object contains only the above inherited ACE(s) + # that we've added manually + desc_sddl = self.get_desc_sddl(group_dn) + print desc_sddl + self.assertFalse("(D;IO;WP;;;DA)" in desc_sddl) + ######################################################################################## |