[SCM] Samba Shared Repository - branch master updated
Nadezhda Ivanova
nivanova at samba.org
Tue Nov 23 06:20:02 MST 2010
The branch, master has been updated
via 5d27aee s4-tests: Modified sec_descriptor.py to use SamDB.create_ou()
via 868dd26 s4-tests: Modified acl.py to use SamDB.create_ou()
via 0c22316 s4-dsdb: Added a python method to SamDB for creating organizationalUnits
from f6adad4 wintest: tidyups and new conf variables
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 5d27aee10733a7928726c5e052234c19b617f6fd
Author: Nadezhda Ivanova <nivanova at samba.org>
Date: Tue Nov 23 14:33:11 2010 +0200
s4-tests: Modified sec_descriptor.py to use SamDB.create_ou()
Autobuild-User: Nadezhda Ivanova <nivanova at samba.org>
Autobuild-Date: Tue Nov 23 14:19:34 CET 2010 on sn-devel-104
commit 868dd26efdca5a44b5e91bc8693638720b8a8e14
Author: Nadezhda Ivanova <nivanova at samba.org>
Date: Tue Nov 23 14:32:42 2010 +0200
s4-tests: Modified acl.py to use SamDB.create_ou()
commit 0c22316ccfc2e20c39ef2fa3a2c195e931ec1509
Author: Nadezhda Ivanova <nivanova at samba.org>
Date: Tue Nov 23 14:31:34 2010 +0200
s4-dsdb: Added a python method to SamDB for creating organizationalUnits
-----------------------------------------------------------------------
Summary of changes:
source4/dsdb/tests/python/acl.py | 154 ++++++++++++---------------
source4/dsdb/tests/python/sec_descriptor.py | 55 ++++------
source4/scripting/python/samba/samdb.py | 30 +++++-
3 files changed, 119 insertions(+), 120 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/dsdb/tests/python/acl.py b/source4/dsdb/tests/python/acl.py
index 2b805d6..0ef7cb6 100755
--- a/source4/dsdb/tests/python/acl.py
+++ b/source4/dsdb/tests/python/acl.py
@@ -96,20 +96,6 @@ replace: nTSecurityDescriptor
mod += "nTSecurityDescriptor:: %s" % base64.b64encode(ndr_pack(desc))
self.ldb_admin.modify_ldif(mod)
- def create_ou(self, _ldb, ou_dn, desc=None):
- ldif = """
-dn: """ + ou_dn + """
-ou: """ + ou_dn.split(",")[0][3:] + """
-objectClass: organizationalUnit
-url: www.example.com
-"""
- if desc:
- assert(isinstance(desc, str) or isinstance(desc, security.descriptor))
- if isinstance(desc, str):
- ldif += "nTSecurityDescriptor: %s" % desc
- elif isinstance(desc, security.descriptor):
- ldif += "nTSecurityDescriptor:: %s" % base64.b64encode(ndr_pack(desc))
- _ldb.add_ldif(ldif)
def create_active_user(self, _ldb, user_dn):
ldif = """
@@ -267,8 +253,8 @@ class AclAddTests(AclTests):
"""Testing OU with the rights of Doman Admin not creator of the OU """
self.assert_top_ou_deleted()
# Change descriptor for top level OU
- self.create_ou(self.ldb_owner, "OU=test_add_ou1," + self.base_dn)
- self.create_ou(self.ldb_owner, "OU=test_add_ou2,OU=test_add_ou1," + self.base_dn)
+ self.ldb_owner.create_ou("OU=test_add_ou1," + self.base_dn)
+ self.ldb_owner.create_ou("OU=test_add_ou2,OU=test_add_ou1," + self.base_dn)
user_sid = self.get_object_sid(self.get_user_dn(self.usr_admin_not_owner))
mod = "(D;CI;WPCC;;;%s)" % str(user_sid)
self.dacl_add_ace("OU=test_add_ou1," + self.base_dn, mod)
@@ -287,8 +273,8 @@ class AclAddTests(AclTests):
"""Testing OU with the regular user that has no rights granted over the OU """
self.assert_top_ou_deleted()
# Create a parent-child OU structure with domain admin credentials
- self.create_ou(self.ldb_owner, "OU=test_add_ou1," + self.base_dn)
- self.create_ou(self.ldb_owner, "OU=test_add_ou2,OU=test_add_ou1," + self.base_dn)
+ self.ldb_owner.create_ou("OU=test_add_ou1," + self.base_dn)
+ self.ldb_owner.create_ou("OU=test_add_ou2,OU=test_add_ou1," + self.base_dn)
# Test user and group creation with regular user credentials
try:
self.create_test_user(self.ldb_user, "CN=test_add_user1,OU=test_add_ou2,OU=test_add_ou1," + self.base_dn)
@@ -307,11 +293,11 @@ class AclAddTests(AclTests):
"""Testing OU with the rights of regular user granted the right 'Create User child objects' """
self.assert_top_ou_deleted()
# Change descriptor for top level OU
- self.create_ou(self.ldb_owner, "OU=test_add_ou1," + self.base_dn)
+ self.ldb_owner.create_ou("OU=test_add_ou1," + self.base_dn)
user_sid = self.get_object_sid(self.get_user_dn(self.regular_user))
mod = "(OA;CI;CC;bf967aba-0de6-11d0-a285-00aa003049e2;;%s)" % str(user_sid)
self.dacl_add_ace("OU=test_add_ou1," + self.base_dn, mod)
- self.create_ou(self.ldb_owner, "OU=test_add_ou2,OU=test_add_ou1," + self.base_dn)
+ self.ldb_owner.create_ou("OU=test_add_ou2,OU=test_add_ou1," + self.base_dn)
# Test user and group creation with granted user only to one of the objects
self.create_test_user(self.ldb_user, "CN=test_add_user1,OU=test_add_ou2,OU=test_add_ou1," + self.base_dn)
try:
@@ -335,8 +321,8 @@ class AclAddTests(AclTests):
def test_add_u4(self):
""" 4 Testing OU with the rights of Doman Admin creator of the OU"""
self.assert_top_ou_deleted()
- self.create_ou(self.ldb_owner, "OU=test_add_ou1," + self.base_dn)
- self.create_ou(self.ldb_owner, "OU=test_add_ou2,OU=test_add_ou1," + self.base_dn)
+ self.ldb_owner.create_ou("OU=test_add_ou1," + self.base_dn)
+ self.ldb_owner.create_ou("OU=test_add_ou2,OU=test_add_ou1," + self.base_dn)
self.create_test_user(self.ldb_owner, "CN=test_add_user1,OU=test_add_ou2,OU=test_add_ou1," + self.base_dn)
self.create_group(self.ldb_owner, "CN=test_add_group1,OU=test_add_ou2,OU=test_add_ou1," + self.base_dn)
# Make sure we have successfully created the two objects -- user and group
@@ -408,7 +394,7 @@ displayName: test_changed"""
# Third test object -- Organizational Unit
print "Testing modify on OU object"
#self.delete_force(self.ldb_admin, "OU=test_modify_ou1," + self.base_dn)
- self.create_ou(self.ldb_admin, "OU=test_modify_ou1," + self.base_dn)
+ self.ldb_admin.create_ou("OU=test_modify_ou1," + self.base_dn)
self.dacl_add_ace("OU=test_modify_ou1," + self.base_dn, mod)
ldif = """
dn: OU=test_modify_ou1,""" + self.base_dn + """
@@ -480,7 +466,7 @@ url: www.samba.org"""
self.fail()
# Second test object -- Organizational Unit
print "Testing modify on OU object"
- self.create_ou(self.ldb_admin, "OU=test_modify_ou1," + self.base_dn)
+ self.ldb_admin.create_ou("OU=test_modify_ou1," + self.base_dn)
self.dacl_add_ace("OU=test_modify_ou1," + self.base_dn, mod)
ldif = """
dn: OU=test_modify_ou1,""" + self.base_dn + """
@@ -545,7 +531,7 @@ url: www.samba.org"""
# Second test object -- Organizational Unit
print "Testing modify on OU object"
#self.delete_force(self.ldb_admin, "OU=test_modify_ou1," + self.base_dn)
- self.create_ou(self.ldb_admin, "OU=test_modify_ou1," + self.base_dn)
+ self.ldb_admin.create_ou("OU=test_modify_ou1," + self.base_dn)
# Modify on attribute you do not have rights for granted
ldif = """
dn: OU=test_modify_ou1,""" + self.base_dn + """
@@ -712,7 +698,7 @@ class AclSearchTests(AclTests):
expression="distinguishedName=%s" % object_dn)
# Make sure top testing OU has been deleted before starting the test
self.assertEqual(res, [])
- self.create_ou(self.ldb_admin, object_dn)
+ self.ldb_admin.create_ou(object_dn)
desc_sddl = self.get_desc_sddl(object_dn)
# Make sure there are inheritable ACEs initially
self.assertTrue("CI" in desc_sddl or "OI" in desc_sddl)
@@ -786,10 +772,10 @@ class AclSearchTests(AclTests):
def test_search_anonymous3(self):
"""Set dsHeuristics and repeat"""
self.ldb_admin.set_dsheuristics("0000002")
- self.create_ou(self.ldb_admin, "OU=test_search_ou1," + self.base_dn)
+ self.ldb_admin.create_ou("OU=test_search_ou1," + self.base_dn)
mod = "(A;CI;LC;;;AN)"
self.dacl_add_ace("OU=test_search_ou1," + self.base_dn, mod)
- self.create_ou(self.ldb_admin, "OU=test_search_ou2,OU=test_search_ou1," + self.base_dn)
+ self.ldb_admin.create_ou("OU=test_search_ou2,OU=test_search_ou1," + self.base_dn)
res = self.anonymous.search("OU=test_search_ou2,OU=test_search_ou1," + self.base_dn,
expression="(objectClass=*)", scope=SCOPE_SUBTREE)
self.assertEquals(len(res), 1)
@@ -808,16 +794,16 @@ class AclSearchTests(AclTests):
self.create_clean_ou("OU=ou1," + self.base_dn)
mod = "(A;;LC;;;%s)(A;;LC;;;%s)" % (str(self.user_sid), str(self.group_sid))
self.dacl_add_ace("OU=ou1," + self.base_dn, mod)
- self.create_ou(self.ldb_admin, "OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod)
- self.create_ou(self.ldb_admin, "OU=ou3,OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod)
- self.create_ou(self.ldb_admin, "OU=ou4,OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod)
- self.create_ou(self.ldb_admin, "OU=ou5,OU=ou3,OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod)
- self.create_ou(self.ldb_admin, "OU=ou6,OU=ou4,OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod)
+ self.ldb_admin.create_ou("OU=ou2,OU=ou1," + self.base_dn,
+ "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod)
+ self.ldb_admin.create_ou("OU=ou3,OU=ou2,OU=ou1," + self.base_dn,
+ "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod)
+ self.ldb_admin.create_ou("OU=ou4,OU=ou2,OU=ou1," + self.base_dn,
+ "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod)
+ self.ldb_admin.create_ou("OU=ou5,OU=ou3,OU=ou2,OU=ou1," + self.base_dn,
+ "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod)
+ self.ldb_admin.create_ou("OU=ou6,OU=ou4,OU=ou2,OU=ou1," + self.base_dn,
+ "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod)
#regular users must see only ou1 and ou2
res = self.ldb_user3.search("OU=ou1," + self.base_dn, expression="(objectClass=*)",
@@ -845,11 +831,11 @@ class AclSearchTests(AclTests):
def test_search2(self):
"""Make sure users can't see us if access is explicitly denied"""
self.create_clean_ou("OU=ou1," + self.base_dn)
- self.create_ou(self.ldb_admin, "OU=ou2,OU=ou1," + self.base_dn)
- self.create_ou(self.ldb_admin, "OU=ou3,OU=ou2,OU=ou1," + self.base_dn)
- self.create_ou(self.ldb_admin, "OU=ou4,OU=ou2,OU=ou1," + self.base_dn)
- self.create_ou(self.ldb_admin, "OU=ou5,OU=ou3,OU=ou2,OU=ou1," + self.base_dn)
- self.create_ou(self.ldb_admin, "OU=ou6,OU=ou4,OU=ou2,OU=ou1," + self.base_dn)
+ self.ldb_admin.create_ou("OU=ou2,OU=ou1," + self.base_dn)
+ self.ldb_admin.create_ou("OU=ou3,OU=ou2,OU=ou1," + self.base_dn)
+ self.ldb_admin.create_ou("OU=ou4,OU=ou2,OU=ou1," + self.base_dn)
+ self.ldb_admin.create_ou("OU=ou5,OU=ou3,OU=ou2,OU=ou1," + self.base_dn)
+ self.ldb_admin.create_ou("OU=ou6,OU=ou4,OU=ou2,OU=ou1," + self.base_dn)
mod = "(D;;LC;;;%s)(D;;LC;;;%s)" % (str(self.user_sid), str(self.group_sid))
self.dacl_add_ace("OU=ou2,OU=ou1," + self.base_dn, mod)
res = self.ldb_user3.search("OU=ou1," + self.base_dn, expression="(objectClass=*)",
@@ -879,16 +865,16 @@ class AclSearchTests(AclTests):
self.create_clean_ou("OU=ou1," + self.base_dn)
mod = "(A;CI;LC;;;%s)(A;CI;LC;;;%s)" % (str(self.user_sid), str(self.group_sid))
self.dacl_add_ace("OU=ou1," + self.base_dn, mod)
- self.create_ou(self.ldb_admin, "OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
- self.create_ou(self.ldb_admin, "OU=ou3,OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
- self.create_ou(self.ldb_admin, "OU=ou4,OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
- self.create_ou(self.ldb_admin, "OU=ou5,OU=ou3,OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
- self.create_ou(self.ldb_admin, "OU=ou6,OU=ou4,OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
+ self.ldb_admin.create_ou("OU=ou2,OU=ou1," + self.base_dn,
+ "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
+ self.ldb_admin.create_ou("OU=ou3,OU=ou2,OU=ou1," + self.base_dn,
+ "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
+ self.ldb_admin.create_ou("OU=ou4,OU=ou2,OU=ou1," + self.base_dn,
+ "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
+ self.ldb_admin.create_ou("OU=ou5,OU=ou3,OU=ou2,OU=ou1," + self.base_dn,
+ "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
+ self.ldb_admin.create_ou("OU=ou6,OU=ou4,OU=ou2,OU=ou1," + self.base_dn,
+ "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
print "Testing correct behavior on nonaccessible search base"
try:
@@ -933,16 +919,16 @@ class AclSearchTests(AclTests):
self.create_clean_ou("OU=ou1," + self.base_dn)
mod = "(A;CI;CC;;;%s)" % (str(self.user_sid))
self.dacl_add_ace("OU=ou1," + self.base_dn, mod)
- self.create_ou(self.ldb_user, "OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
- self.create_ou(self.ldb_user, "OU=ou3,OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
- self.create_ou(self.ldb_user, "OU=ou4,OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
- self.create_ou(self.ldb_user, "OU=ou5,OU=ou3,OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
- self.create_ou(self.ldb_user, "OU=ou6,OU=ou4,OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
+ self.ldb_user.create_ou("OU=ou2,OU=ou1," + self.base_dn,
+ "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
+ self.ldb_user.create_ou("OU=ou3,OU=ou2,OU=ou1," + self.base_dn,
+ "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
+ self.ldb_user.create_ou("OU=ou4,OU=ou2,OU=ou1," + self.base_dn,
+ "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
+ self.ldb_user.create_ou("OU=ou5,OU=ou3,OU=ou2,OU=ou1," + self.base_dn,
+ "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
+ self.ldb_user.create_ou("OU=ou6,OU=ou4,OU=ou2,OU=ou1," + self.base_dn,
+ "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
ok_list = [Dn(self.ldb_admin, "OU=ou2,OU=ou1," + self.base_dn),
Dn(self.ldb_admin, "OU=ou1," + self.base_dn)]
@@ -963,8 +949,8 @@ class AclSearchTests(AclTests):
self.create_clean_ou("OU=ou1," + self.base_dn)
mod = "(A;CI;LC;;;%s)" % (str(self.user_sid))
self.dacl_add_ace("OU=ou1," + self.base_dn, mod)
- self.create_ou(self.ldb_admin, "OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod)
+ self.ldb_admin.create_ou("OU=ou2,OU=ou1," + self.base_dn,
+ "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod)
# assert user can only see dn
res = self.ldb_user.search("OU=ou2,OU=ou1," + self.base_dn, expression="(objectClass=*)",
scope=SCOPE_SUBTREE)
@@ -1007,10 +993,10 @@ class AclSearchTests(AclTests):
self.create_clean_ou("OU=ou1," + self.base_dn)
mod = "(A;CI;LCCC;;;%s)" % (str(self.user_sid))
self.dacl_add_ace("OU=ou1," + self.base_dn, mod)
- self.create_ou(self.ldb_admin, "OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod)
- self.create_ou(self.ldb_user, "OU=ou3,OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
+ self.ldb_admin.create_ou("OU=ou2,OU=ou1," + self.base_dn,
+ "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod)
+ self.ldb_user.create_ou("OU=ou3,OU=ou2,OU=ou1," + self.base_dn,
+ "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
res = self.ldb_user.search("OU=ou1," + self.base_dn, expression="(ou=ou3)",
scope=SCOPE_SUBTREE)
@@ -1124,7 +1110,7 @@ class AclRenameTests(AclTests):
def test_rename_u1(self):
"""Regular user fails to rename 'User object' within single OU"""
# Create OU structure
- self.create_ou(self.ldb_admin, "OU=test_rename_ou1," + self.base_dn)
+ self.ldb_admin.create_ou("OU=test_rename_ou1," + self.base_dn)
self.create_test_user(self.ldb_admin, "CN=test_rename_user1,OU=test_rename_ou1," + self.base_dn)
try:
self.ldb_user.rename("CN=test_rename_user1,OU=test_rename_ou1," + self.base_dn, \
@@ -1140,7 +1126,7 @@ class AclRenameTests(AclTests):
user_dn = "CN=test_rename_user1," + ou_dn
rename_user_dn = "CN=test_rename_user5," + ou_dn
# Create OU structure
- self.create_ou(self.ldb_admin, ou_dn)
+ self.ldb_admin.create_ou(ou_dn)
self.create_test_user(self.ldb_admin, user_dn)
mod = "(A;;WP;;;AU)"
self.dacl_add_ace(user_dn, mod)
@@ -1159,7 +1145,7 @@ class AclRenameTests(AclTests):
user_dn = "CN=test_rename_user1," + ou_dn
rename_user_dn = "CN=test_rename_user5," + ou_dn
# Create OU structure
- self.create_ou(self.ldb_admin, ou_dn)
+ self.ldb_admin.create_ou(ou_dn)
self.create_test_user(self.ldb_admin, user_dn)
sid = self.get_object_sid(self.get_user_dn(self.regular_user))
mod = "(A;;WP;;;%s)" % str(sid)
@@ -1180,8 +1166,8 @@ class AclRenameTests(AclTests):
user_dn = "CN=test_rename_user2," + ou1_dn
rename_user_dn = "CN=test_rename_user5," + ou2_dn
# Create OU structure
- self.create_ou(self.ldb_admin, ou1_dn)
- self.create_ou(self.ldb_admin, ou2_dn)
+ self.ldb_admin.create_ou(ou1_dn)
+ self.ldb_admin.create_ou(ou2_dn)
self.create_test_user(self.ldb_admin, user_dn)
mod = "(A;;WPSD;;;AU)"
self.dacl_add_ace(user_dn, mod)
@@ -1203,8 +1189,8 @@ class AclRenameTests(AclTests):
user_dn = "CN=test_rename_user2," + ou1_dn
rename_user_dn = "CN=test_rename_user5," + ou2_dn
# Create OU structure
- self.create_ou(self.ldb_admin, ou1_dn)
- self.create_ou(self.ldb_admin, ou2_dn)
+ self.ldb_admin.create_ou(ou1_dn)
+ self.ldb_admin.create_ou(ou2_dn)
self.create_test_user(self.ldb_admin, user_dn)
sid = self.get_object_sid(self.get_user_dn(self.regular_user))
mod = "(A;;WPSD;;;%s)" % str(sid)
@@ -1227,8 +1213,8 @@ class AclRenameTests(AclTests):
user_dn = "CN=test_rename_user2," + ou1_dn
rename_user_dn = "CN=test_rename_user2," + ou2_dn
# Create OU structure
- self.create_ou(self.ldb_admin, ou1_dn)
- self.create_ou(self.ldb_admin, ou2_dn)
+ self.ldb_admin.create_ou(ou1_dn)
+ self.ldb_admin.create_ou(ou2_dn)
#mod = "(A;CI;DCWP;;;AU)"
mod = "(A;;DC;;;AU)"
self.dacl_add_ace(ou1_dn, mod)
@@ -1254,9 +1240,9 @@ class AclRenameTests(AclTests):
user_dn = "CN=test_rename_user2," + ou1_dn
rename_user_dn = "CN=test_rename_user5," + ou3_dn
# Create OU structure
- self.create_ou(self.ldb_admin, ou1_dn)
- self.create_ou(self.ldb_admin, ou2_dn)
- self.create_ou(self.ldb_admin, ou3_dn)
+ self.ldb_admin.create_ou(ou1_dn)
+ self.ldb_admin.create_ou(ou2_dn)
+ self.ldb_admin.create_ou(ou3_dn)
mod = "(A;CI;WPDC;;;AU)"
self.dacl_add_ace(ou1_dn, mod)
mod = "(A;;CC;;;AU)"
@@ -1277,8 +1263,8 @@ class AclRenameTests(AclTests):
ou2_dn = "OU=test_rename_ou2," + ou1_dn
ou3_dn = "OU=test_rename_ou3," + ou1_dn
# Create OU structure
- self.create_ou(self.ldb_admin, ou1_dn)
- self.create_ou(self.ldb_admin, ou2_dn)
+ self.ldb_admin.create_ou(ou1_dn)
+ self.ldb_admin.create_ou(ou2_dn)
sid = self.get_object_sid(self.get_user_dn(self.regular_user))
mod = "(OA;;WP;bf967a0e-0de6-11d0-a285-00aa003049e2;;%s)" % str(sid)
self.dacl_add_ace(ou2_dn, mod)
@@ -1621,7 +1607,7 @@ class AclExtendedTests(AclTests):
def test_ntSecurityDescriptor(self):
#create empty ou
- self.create_ou(self.ldb_admin, "ou=ext_ou1," + self.base_dn)
+ self.ldb_admin.create_ou("ou=ext_ou1," + self.base_dn)
#give u1 Create children access
mod = "(A;;CC;;;%s)" % str(self.user_sid1)
self.dacl_add_ace("OU=ext_ou1," + self.base_dn, mod)
diff --git a/source4/dsdb/tests/python/sec_descriptor.py b/source4/dsdb/tests/python/sec_descriptor.py
index b61afd3..3b09d0b 100755
--- a/source4/dsdb/tests/python/sec_descriptor.py
+++ b/source4/dsdb/tests/python/sec_descriptor.py
@@ -85,21 +85,6 @@ replace: nTSecurityDescriptor
mod += "nTSecurityDescriptor:: %s" % base64.b64encode(ndr_pack(desc))
_ldb.modify_ldif(mod, controls)
- def create_domain_ou(self, _ldb, ou_dn, desc=None, controls=None):
- ldif = """
-dn: """ + ou_dn + """
-ou: """ + ou_dn.split(",")[0][3:] + """
-objectClass: organizationalUnit
-url: www.example.com
-"""
- if desc:
- assert(isinstance(desc, str) or isinstance(desc, security.descriptor))
- if isinstance(desc, str):
- ldif += "nTSecurityDescriptor: %s" % desc
- elif isinstance(desc, security.descriptor):
- ldif += "nTSecurityDescriptor:: %s" % base64.b64encode(ndr_pack(desc))
- _ldb.add_ldif(ldif, controls)
-
def create_domain_user(self, _ldb, user_dn, desc=None):
ldif = """
dn: """ + user_dn + """
@@ -506,7 +491,7 @@ class OwnerGroupDescriptorTests(DescriptorTests):
_ldb = self.get_ldb_connection(user_name, "samba123@")
object_dn = "OU=test_domain_ou1," + self.base_dn
self.delete_force(self.ldb_admin, object_dn)
- self.create_domain_ou(self.ldb_admin, object_dn)
+ self.ldb_admin.create_ou(object_dn)
user_sid = self.get_object_sid( self.get_users_domain_dn(user_name) )
mod = "(A;CI;WPWDCC;;;%s)" % str(user_sid)
self.dacl_add_ace(object_dn, mod)
@@ -529,7 +514,7 @@ class OwnerGroupDescriptorTests(DescriptorTests):
_ldb = self.get_ldb_connection(user_name, "samba123@")
object_dn = "OU=test_domain_ou1," + self.base_dn
self.delete_force(self.ldb_admin, object_dn)
- self.create_domain_ou(self.ldb_admin, object_dn)
+ self.ldb_admin.create_ou(object_dn)
user_sid = self.get_object_sid( self.get_users_domain_dn(user_name) )
mod = "(A;CI;WPWDCC;;;%s)" % str(user_sid)
self.dacl_add_ace(object_dn, mod)
@@ -646,7 +631,7 @@ class OwnerGroupDescriptorTests(DescriptorTests):
_ldb = self.get_ldb_connection(user_name, "samba123@")
object_dn = "OU=test_domain_ou1," + self.base_dn
self.delete_force(self.ldb_admin, object_dn)
- self.create_domain_ou(self.ldb_admin, object_dn)
+ self.ldb_admin.create_ou(object_dn)
user_sid = self.get_object_sid( self.get_users_domain_dn(user_name) )
mod = "(A;CI;WOWDCC;;;%s)" % str(user_sid)
self.dacl_add_ace(object_dn, mod)
@@ -671,7 +656,7 @@ class OwnerGroupDescriptorTests(DescriptorTests):
_ldb = self.get_ldb_connection(user_name, "samba123@")
object_dn = "OU=test_domain_ou1," + self.base_dn
self.delete_force(self.ldb_admin, object_dn)
- self.create_domain_ou(self.ldb_admin, object_dn)
+ self.ldb_admin.create_ou(object_dn)
user_sid = self.get_object_sid( self.get_users_domain_dn(user_name) )
mod = "(A;CI;WOWDCC;;;%s)" % str(user_sid)
self.dacl_add_ace(object_dn, mod)
@@ -755,7 +740,7 @@ class OwnerGroupDescriptorTests(DescriptorTests):
user_name = "Administrator"
object_dn = "OU=test_domain_ou1," + self.base_dn
self.delete_force(self.ldb_admin, object_dn)
- self.create_domain_ou(self.ldb_admin, object_dn)
+ self.ldb_admin.create_ou(object_dn)
user_sid = self.get_object_sid( self.get_users_domain_dn(user_name) )
mod = "(D;CI;WP;;;S-1-3-0)"
#mod = ""
@@ -764,7 +749,7 @@ class OwnerGroupDescriptorTests(DescriptorTests):
# Create additional object into the first one
object_dn = "OU=test_domain_ou2," + object_dn
self.delete_force(self.ldb_admin, object_dn)
- self.create_domain_ou(self.ldb_admin, object_dn)
+ self.ldb_admin.create_ou(object_dn)
desc_sddl = self.get_desc_sddl(object_dn)
## Tests for SCHEMA
@@ -1352,7 +1337,7 @@ class DaclDescriptorTests(DescriptorTests):
expression="distinguishedName=%s" % object_dn)
# Make sure top testing OU has been deleted before starting the test
self.assertEqual(res, [])
- self.create_domain_ou(self.ldb_admin, object_dn)
+ self.ldb_admin.create_ou(object_dn)
desc_sddl = self.get_desc_sddl(object_dn)
# Make sure there are inheritable ACEs initially
self.assertTrue("CI" in desc_sddl or "OI" in desc_sddl)
@@ -1681,7 +1666,7 @@ class SdFlagsDescriptorTests(DescriptorTests):
See that only the owner has been changed.
"""
ou_dn = "OU=test_sdflags_ou," + self.base_dn
- self.create_domain_ou(self.ldb_admin, ou_dn)
+ self.ldb_admin.create_ou(ou_dn)
self.modify_desc(self.ldb_admin, ou_dn, self.test_descr, controls=["sd_flags:1:%d" % (SECINFO_OWNER)])
desc_sddl = self.get_desc_sddl(ou_dn)
# make sure we have modified the owner
@@ -1696,7 +1681,7 @@ class SdFlagsDescriptorTests(DescriptorTests):
See that only the owner has been changed.
"""
ou_dn = "OU=test_sdflags_ou," + self.base_dn
- self.create_domain_ou(self.ldb_admin, ou_dn)
+ self.ldb_admin.create_ou(ou_dn)
self.modify_desc(self.ldb_admin, ou_dn, self.test_descr, controls=["sd_flags:1:%d" % (SECINFO_GROUP)])
desc_sddl = self.get_desc_sddl(ou_dn)
# make sure we have modified the group
@@ -1711,7 +1696,7 @@ class SdFlagsDescriptorTests(DescriptorTests):
See that only the owner has been changed.
"""
ou_dn = "OU=test_sdflags_ou," + self.base_dn
- self.create_domain_ou(self.ldb_admin, ou_dn)
+ self.ldb_admin.create_ou(ou_dn)
self.modify_desc(self.ldb_admin, ou_dn, self.test_descr, controls=["sd_flags:1:%d" % (SECINFO_DACL)])
desc_sddl = self.get_desc_sddl(ou_dn)
# make sure we have modified the DACL
@@ -1726,7 +1711,7 @@ class SdFlagsDescriptorTests(DescriptorTests):
See that only the owner has been changed.
"""
ou_dn = "OU=test_sdflags_ou," + self.base_dn
- self.create_domain_ou(self.ldb_admin, ou_dn)
+ self.ldb_admin.create_ou(ou_dn)
self.modify_desc(self.ldb_admin, ou_dn, self.test_descr, controls=["sd_flags:1:%d" % (SECINFO_SACL)])
desc_sddl = self.get_desc_sddl(ou_dn)
# make sure we have modified the DACL
@@ -1742,7 +1727,7 @@ class SdFlagsDescriptorTests(DescriptorTests):
which is the same as 0xF
"""
ou_dn = "OU=test_sdflags_ou," + self.base_dn
- self.create_domain_ou(self.ldb_admin, ou_dn)
+ self.ldb_admin.create_ou(ou_dn)
self.modify_desc(self.ldb_admin, ou_dn, self.test_descr, controls=["sd_flags:1:0"])
desc_sddl = self.get_desc_sddl(ou_dn)
# make sure we have modified the DACL
@@ -1756,7 +1741,7 @@ class SdFlagsDescriptorTests(DescriptorTests):
""" Modify a descriptor with 0xF set.
"""
ou_dn = "OU=test_sdflags_ou," + self.base_dn
- self.create_domain_ou(self.ldb_admin, ou_dn)
+ self.ldb_admin.create_ou(ou_dn)
self.modify_desc(self.ldb_admin, ou_dn, self.test_descr, controls=["sd_flags:1:15"])
desc_sddl = self.get_desc_sddl(ou_dn)
# make sure we have modified the DACL
@@ -1771,7 +1756,7 @@ class SdFlagsDescriptorTests(DescriptorTests):
Only the owner part should be returned.
"""
ou_dn = "OU=test_sdflags_ou," + self.base_dn
- self.create_domain_ou(self.ldb_admin, ou_dn)
+ self.ldb_admin.create_ou(ou_dn)
desc_sddl = self.get_desc_sddl(ou_dn, controls=["sd_flags:1:%d" % (SECINFO_OWNER)])
# make sure we have read the owner
self.assertTrue("O:" in desc_sddl)
@@ -1785,7 +1770,7 @@ class SdFlagsDescriptorTests(DescriptorTests):
Only the group part should be returned.
"""
ou_dn = "OU=test_sdflags_ou," + self.base_dn
- self.create_domain_ou(self.ldb_admin, ou_dn)
+ self.ldb_admin.create_ou(ou_dn)
desc_sddl = self.get_desc_sddl(ou_dn, controls=["sd_flags:1:%d" % (SECINFO_GROUP)])
# make sure we have read the owner
self.assertTrue("G:" in desc_sddl)
@@ -1799,7 +1784,7 @@ class SdFlagsDescriptorTests(DescriptorTests):
--
Samba Shared Repository
More information about the samba-cvs
mailing list