From 1e9a7882bead2a87eedcd5ddfe2b4df6a2b57306 Mon Sep 17 00:00:00 2001
From: Nadezhda Ivanova <nivanova@samba.org>
Date: Thu, 25 Nov 2010 19:57:51 +0200
Subject: s4-tests: Modified create_ou to only accept security.descriptor type
 for sd to avoid confusion

It used to work with sddl as well, but this is confusing and could lead to errors. It also caused a message about tallocing a security descriptor to appear.

Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Thu Nov 25 19:46:42 CET 2010 on sn-devel-104
---
 source4/dsdb/tests/python/acl.py | 64 ++++++++++++++++++----------------------
 1 file changed, 28 insertions(+), 36 deletions(-)

(limited to 'source4/dsdb')

diff --git a/source4/dsdb/tests/python/acl.py b/source4/dsdb/tests/python/acl.py
index 691f358d80..fb6676693e 100755
--- a/source4/dsdb/tests/python/acl.py
+++ b/source4/dsdb/tests/python/acl.py
@@ -736,16 +736,13 @@ class AclSearchTests(AclTests):
         self.create_clean_ou("OU=ou1," + self.base_dn)
         mod = "(A;;LC;;;%s)(A;;LC;;;%s)" % (str(self.user_sid), str(self.group_sid))
         self.dacl_add_ace("OU=ou1," + self.base_dn, mod)
-        self.ldb_admin.create_ou("OU=ou2,OU=ou1," + self.base_dn,
-                                 "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod)
-        self.ldb_admin.create_ou("OU=ou3,OU=ou2,OU=ou1," + self.base_dn,
-                                 "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod)
-        self.ldb_admin.create_ou("OU=ou4,OU=ou2,OU=ou1," + self.base_dn,
-                                 "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod)
-        self.ldb_admin.create_ou("OU=ou5,OU=ou3,OU=ou2,OU=ou1," + self.base_dn,
-                                 "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod)
-        self.ldb_admin.create_ou("OU=ou6,OU=ou4,OU=ou2,OU=ou1," + self.base_dn,
-                                 "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod)
+        tmp_desc = security.descriptor.from_sddl("D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod,
+                                                 self.domain_sid)
+        self.ldb_admin.create_ou("OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+        self.ldb_admin.create_ou("OU=ou3,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+        self.ldb_admin.create_ou("OU=ou4,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+        self.ldb_admin.create_ou("OU=ou5,OU=ou3,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+        self.ldb_admin.create_ou("OU=ou6,OU=ou4,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
 
         #regular users must see only ou1 and ou2
         res = self.ldb_user3.search("OU=ou1," + self.base_dn, expression="(objectClass=*)",
@@ -807,16 +804,13 @@ class AclSearchTests(AclTests):
         self.create_clean_ou("OU=ou1," + self.base_dn)
         mod = "(A;CI;LC;;;%s)(A;CI;LC;;;%s)" % (str(self.user_sid), str(self.group_sid))
         self.dacl_add_ace("OU=ou1," + self.base_dn, mod)
-        self.ldb_admin.create_ou("OU=ou2,OU=ou1," + self.base_dn,
-                                 "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
-        self.ldb_admin.create_ou("OU=ou3,OU=ou2,OU=ou1," + self.base_dn,
-                                 "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
-        self.ldb_admin.create_ou("OU=ou4,OU=ou2,OU=ou1," + self.base_dn,
-                                 "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
-        self.ldb_admin.create_ou("OU=ou5,OU=ou3,OU=ou2,OU=ou1," + self.base_dn,
-                                 "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
-        self.ldb_admin.create_ou("OU=ou6,OU=ou4,OU=ou2,OU=ou1," + self.base_dn,
-                                 "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
+        tmp_desc = security.descriptor.from_sddl("D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod,
+                                                 self.domain_sid)
+        self.ldb_admin.create_ou("OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+        self.ldb_admin.create_ou("OU=ou3,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+        self.ldb_admin.create_ou("OU=ou4,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+        self.ldb_admin.create_ou("OU=ou5,OU=ou3,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+        self.ldb_admin.create_ou("OU=ou6,OU=ou4,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
 
         print "Testing correct behavior on nonaccessible search base"
         try:
@@ -861,16 +855,13 @@ class AclSearchTests(AclTests):
         self.create_clean_ou("OU=ou1," + self.base_dn)
         mod = "(A;CI;CC;;;%s)" % (str(self.user_sid))
         self.dacl_add_ace("OU=ou1," + self.base_dn, mod)
-        self.ldb_user.create_ou("OU=ou2,OU=ou1," + self.base_dn,
-                                "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
-        self.ldb_user.create_ou("OU=ou3,OU=ou2,OU=ou1," + self.base_dn,
-                                "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
-        self.ldb_user.create_ou("OU=ou4,OU=ou2,OU=ou1," + self.base_dn,
-                                "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
-        self.ldb_user.create_ou("OU=ou5,OU=ou3,OU=ou2,OU=ou1," + self.base_dn,
-                                "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
-        self.ldb_user.create_ou("OU=ou6,OU=ou4,OU=ou2,OU=ou1," + self.base_dn,
-                                "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
+        tmp_desc = security.descriptor.from_sddl("D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod,
+                                                 self.domain_sid)
+        self.ldb_user.create_ou("OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+        self.ldb_user.create_ou("OU=ou3,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+        self.ldb_user.create_ou("OU=ou4,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+        self.ldb_user.create_ou("OU=ou5,OU=ou3,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+        self.ldb_user.create_ou("OU=ou6,OU=ou4,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
 
         ok_list = [Dn(self.ldb_admin,  "OU=ou2,OU=ou1," + self.base_dn),
                    Dn(self.ldb_admin,  "OU=ou1," + self.base_dn)]
@@ -891,8 +882,9 @@ class AclSearchTests(AclTests):
         self.create_clean_ou("OU=ou1," + self.base_dn)
         mod = "(A;CI;LC;;;%s)" % (str(self.user_sid))
         self.dacl_add_ace("OU=ou1," + self.base_dn, mod)
-        self.ldb_admin.create_ou("OU=ou2,OU=ou1," + self.base_dn,
-                                 "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod)
+        tmp_desc = security.descriptor.from_sddl("D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod,
+                                                 self.domain_sid)
+        self.ldb_admin.create_ou("OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
         # assert user can only see dn
         res = self.ldb_user.search("OU=ou2,OU=ou1," + self.base_dn, expression="(objectClass=*)",
                                     scope=SCOPE_SUBTREE)
@@ -935,10 +927,10 @@ class AclSearchTests(AclTests):
         self.create_clean_ou("OU=ou1," + self.base_dn)
         mod = "(A;CI;LCCC;;;%s)" % (str(self.user_sid))
         self.dacl_add_ace("OU=ou1," + self.base_dn, mod)
-        self.ldb_admin.create_ou("OU=ou2,OU=ou1," + self.base_dn,
-                                 "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod)
-        self.ldb_user.create_ou("OU=ou3,OU=ou2,OU=ou1," + self.base_dn,
-                                "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
+        tmp_desc = security.descriptor.from_sddl("D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod,
+                                                 self.domain_sid)
+        self.ldb_admin.create_ou("OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+        self.ldb_user.create_ou("OU=ou3,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
 
         res = self.ldb_user.search("OU=ou1," + self.base_dn, expression="(ou=ou3)",
                                     scope=SCOPE_SUBTREE)
-- 
cgit