From f6077f23b773d521938539fe142cd2675c3978b3 Mon Sep 17 00:00:00 2001
From: Nadezhda Ivanova <nivanova@samba.org>
Date: Tue, 18 Jan 2011 15:58:18 +0200
Subject: s4-tests: Added a test for correct inheritance of IO flagged ACEs.

Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Tue Jan 18 15:53:46 CET 2011 on sn-devel-104
---
 source4/dsdb/tests/python/sec_descriptor.py | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

(limited to 'source4/dsdb')

diff --git a/source4/dsdb/tests/python/sec_descriptor.py b/source4/dsdb/tests/python/sec_descriptor.py
index bab047671e..de71daee69 100755
--- a/source4/dsdb/tests/python/sec_descriptor.py
+++ b/source4/dsdb/tests/python/sec_descriptor.py
@@ -1637,6 +1637,24 @@ class DaclDescriptorTests(DescriptorTests):
         self.assertTrue("(A;ID;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DU)" in desc_sddl)
         self.assertTrue("(A;CIIOID;GA;;;DU)" in desc_sddl)
 
+    def test_215(self):
+        """ Make sure IO flag is removed in child objects
+        """
+        ou_dn = "OU=test_inherit_ou_p," + self.base_dn
+        ou_dn1 = "OU=test_inherit_ou1," + ou_dn
+        ou_dn5 = "OU=test_inherit_ou5," + ou_dn1
+        # Create inheritable-free OU
+        mod = "D:P(A;CI;WPRPLCCCDCWDRC;;;DA)"
+        tmp_desc = security.descriptor.from_sddl(mod, self.domain_sid)
+        self.ldb_admin.create_ou(ou_dn, sd=tmp_desc)
+        mod = "D:(A;CIIO;WP;;;DU)"
+        tmp_desc = security.descriptor.from_sddl(mod, self.domain_sid)
+        self.ldb_admin.create_ou(ou_dn1, sd=tmp_desc)
+        self.ldb_admin.create_ou(ou_dn5)
+        desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn5)
+        self.assertTrue("(A;CIID;WP;;;DU)" in desc_sddl)
+        self.assertFalse("(A;CIIOID;WP;;;DU)" in desc_sddl)
+
     ########################################################################################
 
 
-- 
cgit