[SCM] Samba Shared Repository - branch master updated

Nadezhda Ivanova nivanova at samba.org
Wed Nov 24 09:39:01 MST 2010


The branch, master has been updated
       via  dab4e00 s4-tests: Modified sec_descriptor to use samdb.newgroup instead of locally defined method.
       via  c89ecfc s4-dsdb: Extended samdb.newgroup to set the group's security descriptor.
      from  650c967 s3:winbind correct a copy&paste error

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit dab4e008a0d133cd1fcbe96cab134fd9b13faac5
Author: Nadezhda Ivanova <nivanova at samba.org>
Date:   Wed Nov 24 17:18:09 2010 +0200

    s4-tests: Modified sec_descriptor to use samdb.newgroup instead of locally defined method.
    
    Autobuild-User: Nadezhda Ivanova <nivanova at samba.org>
    Autobuild-Date: Wed Nov 24 17:38:28 CET 2010 on sn-devel-104

commit c89ecfc2adee20d8f77af45fe2a45985be0fe3ae
Author: Nadezhda Ivanova <nivanova at samba.org>
Date:   Wed Nov 24 17:17:15 2010 +0200

    s4-dsdb: Extended samdb.newgroup to set the group's security descriptor.

-----------------------------------------------------------------------

Summary of changes:
 source4/dsdb/tests/python/sec_descriptor.py |   98 ++++++++++++++-------------
 source4/scripting/python/samba/samdb.py     |    6 ++-
 2 files changed, 55 insertions(+), 49 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/dsdb/tests/python/sec_descriptor.py b/source4/dsdb/tests/python/sec_descriptor.py
index f74ac17..8b47175 100755
--- a/source4/dsdb/tests/python/sec_descriptor.py
+++ b/source4/dsdb/tests/python/sec_descriptor.py
@@ -85,22 +85,6 @@ replace: nTSecurityDescriptor
             mod += "nTSecurityDescriptor:: %s" % base64.b64encode(ndr_pack(desc))
         _ldb.modify_ldif(mod, controls)
 
-    def create_domain_group(self, _ldb, group_dn, desc=None):
-        ldif = """
-dn: """ + group_dn + """
-objectClass: group
-sAMAccountName: """ + group_dn.split(",")[0][3:] + """
-groupType: 4
-url: www.example.com
-"""
-        if desc:
-            assert(isinstance(desc, str) or isinstance(desc, security.descriptor))
-            if isinstance(desc, str):
-                ldif += "nTSecurityDescriptor: %s" % desc
-            elif isinstance(desc, security.descriptor):
-                ldif += "nTSecurityDescriptor:: %s" % base64.b64encode(ndr_pack(desc))
-        _ldb.add_ldif(ldif)
-
     def get_unique_schema_class_name(self):
         while True:
             class_name = "test-class%s" % random.randint(1,100000)
@@ -430,7 +414,7 @@ class OwnerGroupDescriptorTests(DescriptorTests):
         _ldb = self.get_ldb_connection(user_name, "samba123@")
         object_dn = "CN=test_domain_group1,CN=Users," + self.base_dn
         self.delete_force(self.ldb_admin, object_dn)
-        self.create_domain_group(_ldb, object_dn)
+        _ldb.newgroup("test_domain_group1", grouptype=4)
         desc_sddl = self.get_desc_sddl(object_dn)
         res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
         self.assertEqual(self.results[self.DS_BEHAVIOR][self._testMethodName[5:]], res)
@@ -445,7 +429,7 @@ class OwnerGroupDescriptorTests(DescriptorTests):
         _ldb = self.get_ldb_connection(user_name, "samba123@")
         object_dn = "CN=test_domain_group1,CN=Users," + self.base_dn
         self.delete_force(self.ldb_admin, object_dn)
-        self.create_domain_group(_ldb, object_dn)
+        _ldb.newgroup("test_domain_group1", grouptype=4)
         desc_sddl = self.get_desc_sddl(object_dn)
         res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
         self.assertEqual(self.results[self.DS_BEHAVIOR][self._testMethodName[5:]], res)
@@ -508,7 +492,7 @@ class OwnerGroupDescriptorTests(DescriptorTests):
         _ldb = self.get_ldb_connection(user_name, "samba123@")
         object_dn = "CN=test_domain_group1,CN=Users," + self.base_dn
         self.delete_force(self.ldb_admin, object_dn)
-        self.create_domain_group(_ldb, object_dn)
+        _ldb.newgroup("test_domain_group1", grouptype=4)
         desc_sddl = self.get_desc_sddl(object_dn)
         res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
         self.assertEqual(self.results[self.DS_BEHAVIOR][self._testMethodName[5:]], res)
@@ -523,7 +507,7 @@ class OwnerGroupDescriptorTests(DescriptorTests):
         _ldb = self.get_ldb_connection(user_name, "samba123@")
         object_dn = "CN=test_domain_group1,CN=Users," + self.base_dn
         self.delete_force(self.ldb_admin, object_dn)
-        self.create_domain_group(_ldb, object_dn)
+        _ldb.newgroup("test_domain_group1", grouptype=4)
         desc_sddl = self.get_desc_sddl(object_dn)
         res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
         self.assertEqual(self.results[self.DS_BEHAVIOR][self._testMethodName[5:]], res)
@@ -538,7 +522,7 @@ class OwnerGroupDescriptorTests(DescriptorTests):
         _ldb = self.get_ldb_connection(user_name, "samba123@")
         object_dn = "CN=test_domain_group1,CN=Users," + self.base_dn
         self.delete_force(self.ldb_admin, object_dn)
-        self.create_domain_group(_ldb, object_dn)
+        _ldb.newgroup("test_domain_group1", grouptype=4)
         desc_sddl = self.get_desc_sddl(object_dn)
         res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
         self.assertEqual(self.results[self.DS_BEHAVIOR][self._testMethodName[5:]], res)
@@ -553,7 +537,7 @@ class OwnerGroupDescriptorTests(DescriptorTests):
         _ldb = self.get_ldb_connection(user_name, "samba123@")
         object_dn = "CN=test_domain_group1,CN=Users," + self.base_dn
         self.delete_force(self.ldb_admin, object_dn)
-        self.create_domain_group(_ldb, object_dn)
+        _ldb.newgroup("test_domain_group1", grouptype=4)
         desc_sddl = self.get_desc_sddl(object_dn)
         res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
         self.assertEqual(self.results[self.DS_BEHAVIOR][self._testMethodName[5:]], res)
@@ -571,8 +555,9 @@ class OwnerGroupDescriptorTests(DescriptorTests):
         object_dn = "CN=test_domain_group1,CN=Users," + self.base_dn
         self.delete_force(self.ldb_admin, object_dn)
         # Create a custom security descriptor
-        desc_sddl = "O:DAG:DAD:(A;;RP;;;DU)"
-        self.create_domain_group(_ldb, object_dn, desc_sddl)
+        sddl = "O:DAG:DAD:(A;;RP;;;DU)"
+        tmp_desc = security.descriptor.from_sddl(sddl, self.domain_sid)
+        _ldb.newgroup("test_domain_group1", grouptype=4, sd=tmp_desc)
         desc_sddl = self.get_desc_sddl(object_dn)
         res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
         self.assertEqual(self.results[self.DS_BEHAVIOR][self._testMethodName[5:]], res)
@@ -587,8 +572,9 @@ class OwnerGroupDescriptorTests(DescriptorTests):
         object_dn = "CN=test_domain_group1,CN=Users," + self.base_dn
         self.delete_force(self.ldb_admin, object_dn)
         # Create a custom security descriptor
-        desc_sddl = "O:DAG:DAD:(A;;RP;;;DU)"
-        self.create_domain_group(_ldb, object_dn, desc_sddl)
+        sddl = "O:DAG:DAD:(A;;RP;;;DU)"
+        tmp_desc = security.descriptor.from_sddl(sddl, self.domain_sid)
+        _ldb.newgroup("test_domain_group1", grouptype=4, sd=tmp_desc)
         desc_sddl = self.get_desc_sddl(object_dn)
         res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
         self.assertEqual(self.results[self.DS_BEHAVIOR][self._testMethodName[5:]], res)
@@ -657,8 +643,9 @@ class OwnerGroupDescriptorTests(DescriptorTests):
         object_dn = "CN=test_domain_group1,CN=Users," + self.base_dn
         self.delete_force(self.ldb_admin, object_dn)
         # Create a custom security descriptor
-        desc_sddl = "O:DAG:DAD:(A;;RP;;;DU)"
-        self.create_domain_group(_ldb, object_dn, desc_sddl)
+        sddl = "O:DAG:DAD:(A;;RP;;;DU)"
+        tmp_desc = security.descriptor.from_sddl(sddl, self.domain_sid)
+        _ldb.newgroup("test_domain_group1", grouptype=4, sd=tmp_desc)
         desc_sddl = self.get_desc_sddl(object_dn)
         res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
         self.assertEqual(self.results[self.DS_BEHAVIOR][self._testMethodName[5:]], res)
@@ -673,8 +660,9 @@ class OwnerGroupDescriptorTests(DescriptorTests):
         object_dn = "CN=test_domain_group1,CN=Users," + self.base_dn
         self.delete_force(self.ldb_admin, object_dn)
         # Create a custom security descriptor
-        desc_sddl = "O:DAG:DAD:(A;;RP;;;DU)"
-        self.create_domain_group(_ldb, object_dn, desc_sddl)
+        sddl = "O:DAG:DAD:(A;;RP;;;DU)"
+        tmp_desc = security.descriptor.from_sddl(sddl, self.domain_sid)
+        _ldb.newgroup("test_domain_group1", grouptype=4, sd=tmp_desc)
         desc_sddl = self.get_desc_sddl(object_dn)
         res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
         self.assertEqual(self.results[self.DS_BEHAVIOR][self._testMethodName[5:]], res)
@@ -689,8 +677,9 @@ class OwnerGroupDescriptorTests(DescriptorTests):
         object_dn = "CN=test_domain_group1,CN=Users," + self.base_dn
         self.delete_force(self.ldb_admin, object_dn)
         # Create a custom security descriptor
-        desc_sddl = "O:DAG:DAD:(A;;RP;;;DU)"
-        self.create_domain_group(_ldb, object_dn, desc_sddl)
+        sddl = "O:DAG:DAD:(A;;RP;;;DU)"
+        tmp_desc = security.descriptor.from_sddl(sddl, self.domain_sid)
+        _ldb.newgroup("test_domain_group1", grouptype=4, sd=tmp_desc)
         desc_sddl = self.get_desc_sddl(object_dn)
         res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
         self.assertEqual(self.results[self.DS_BEHAVIOR][self._testMethodName[5:]], res)
@@ -705,8 +694,9 @@ class OwnerGroupDescriptorTests(DescriptorTests):
         object_dn = "CN=test_domain_group1,CN=Users," + self.base_dn
         self.delete_force(self.ldb_admin, object_dn)
         # Create a custom security descriptor
-        desc_sddl = "O:DAG:DAD:(A;;RP;;;DU)"
-        self.create_domain_group(_ldb, object_dn, desc_sddl)
+        sddl = "O:DAG:DAD:(A;;RP;;;DU)"
+        tmp_desc = security.descriptor.from_sddl(sddl, self.domain_sid)
+        _ldb.newgroup("test_domain_group1", grouptype=4, sd=tmp_desc)
         desc_sddl = self.get_desc_sddl(object_dn)
         res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
         self.assertEqual(self.results[self.DS_BEHAVIOR][self._testMethodName[5:]], res)
@@ -1339,7 +1329,7 @@ class DaclDescriptorTests(DescriptorTests):
         # Create inheritable-free OU
         self.create_clean_ou(ou_dn)
         # Create group child object
-        self.create_domain_group(self.ldb_admin, group_dn)
+        self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4)
         # Make sure created group object contains NO inherit ACEs
         desc_sddl = self.get_desc_sddl(group_dn)
         self.assertFalse("ID" in desc_sddl)
@@ -1354,7 +1344,8 @@ class DaclDescriptorTests(DescriptorTests):
         self.create_clean_ou(ou_dn)
         # Create group child object using custom security descriptor
         sddl = "O:AUG:AUD:AI(D;;WP;;;DU)"
-        self.create_domain_group(self.ldb_admin, group_dn, sddl)
+        tmp_desc = security.descriptor.from_sddl(sddl, self.domain_sid)
+        self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4, sd=tmp_desc)
         # Make sure created group descriptor has NO additional ACEs
         desc_sddl = self.get_desc_sddl(group_dn)
         self.assertEqual(desc_sddl, sddl)
@@ -1378,7 +1369,7 @@ class DaclDescriptorTests(DescriptorTests):
         # Verify all inheritable ACEs are gone
         desc_sddl = self.get_desc_sddl(ou_dn)
         # Create group child object
-        self.create_domain_group(self.ldb_admin, group_dn)
+        self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4)
         # Make sure created group object contains NO inherit ACEs
         # also make sure the added above non-inheritable ACEs are absent too
         desc_sddl = self.get_desc_sddl(group_dn)
@@ -1405,7 +1396,8 @@ class DaclDescriptorTests(DescriptorTests):
         self.dacl_add_ace(ou_dn, mod)
         desc_sddl = self.get_desc_sddl(ou_dn)
         # Create group child object
-        self.create_domain_group(self.ldb_admin, group_dn, "O:AUG:AUD:AI(A;;CC;;;AU)")
+        tmp_desc = security.descriptor.from_sddl("O:AUG:AUD:AI(A;;CC;;;AU)", self.domain_sid)
+        self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4, sd=tmp_desc)
         # Make sure created group object contains only the above inherited ACE
         # that we've added manually
         desc_sddl = self.get_desc_sddl(group_dn)
@@ -1430,7 +1422,8 @@ class DaclDescriptorTests(DescriptorTests):
         self.dacl_add_ace(ou_dn, mod)
         desc_sddl = self.get_desc_sddl(ou_dn)
         # Create group child object
-        self.create_domain_group(self.ldb_admin, group_dn, "O:AUG:AUD:AI(A;;CC;;;AU)")
+        tmp_desc = security.descriptor.from_sddl("O:AUG:AUD:AI(A;;CC;;;AU)", self.domain_sid)
+        self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4, sd=tmp_desc)
         # Make sure created group object contains only the above inherited ACE
         # that we've added manually
         desc_sddl = self.get_desc_sddl(group_dn)
@@ -1455,7 +1448,8 @@ class DaclDescriptorTests(DescriptorTests):
         self.dacl_add_ace(ou_dn, mod)
         desc_sddl = self.get_desc_sddl(ou_dn)
         # Create group child object
-        self.create_domain_group(self.ldb_admin, group_dn, "O:AUG:AUD:AI(A;;CC;;;AU)")
+        tmp_desc = security.descriptor.from_sddl("O:AUG:AUD:AI(A;;CC;;;AU)", self.domain_sid)
+        self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4, sd=tmp_desc)
         # Make sure created group object contains only the above inherited ACE
         # that we've added manually
         desc_sddl = self.get_desc_sddl(group_dn)
@@ -1480,7 +1474,8 @@ class DaclDescriptorTests(DescriptorTests):
         self.dacl_add_ace(ou_dn, mod)
         desc_sddl = self.get_desc_sddl(ou_dn)
         # Create group child object
-        self.create_domain_group(self.ldb_admin, group_dn, "O:AUG:AUD:AI(A;;CC;;;AU)")
+        tmp_desc = security.descriptor.from_sddl("O:AUG:AUD:AI(A;;CC;;;AU)", self.domain_sid)
+        self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4, sd=tmp_desc)
         # Make sure created group object contains only the above inherited ACE
         # that we've added manually
         desc_sddl = self.get_desc_sddl(group_dn)
@@ -1505,7 +1500,8 @@ class DaclDescriptorTests(DescriptorTests):
         self.dacl_add_ace(ou_dn, mod)
         desc_sddl = self.get_desc_sddl(ou_dn)
         # Create group child object
-        self.create_domain_group(self.ldb_admin, group_dn, "O:AUG:AUD:AI(A;;CC;;;AU)")
+        tmp_desc = security.descriptor.from_sddl("O:AUG:AUD:AI(A;;CC;;;AU)", self.domain_sid)
+        self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4, sd=tmp_desc)
         # Make sure created group object contains only the above inherited ACE
         # that we've added manually
         desc_sddl = self.get_desc_sddl(group_dn)
@@ -1530,7 +1526,8 @@ class DaclDescriptorTests(DescriptorTests):
         self.dacl_add_ace(ou_dn, mod)
         desc_sddl = self.get_desc_sddl(ou_dn)
         # Create group child object
-        self.create_domain_group(self.ldb_admin, group_dn, "O:AUG:AUD:AI(A;;CC;;;AU)")
+        tmp_desc = security.descriptor.from_sddl("O:AUG:AUD:AI(A;;CC;;;AU)", self.domain_sid)
+        self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4, sd=tmp_desc)
         # Make sure created group object contains only the above inherited ACE
         # that we've added manually
         desc_sddl = self.get_desc_sddl(group_dn)
@@ -1555,7 +1552,8 @@ class DaclDescriptorTests(DescriptorTests):
         self.dacl_add_ace(ou_dn, mod)
         desc_sddl = self.get_desc_sddl(ou_dn)
         # Create group child object
-        self.create_domain_group(self.ldb_admin, group_dn, "O:AUG:AUD:AI(A;;CC;;;AU)")
+        tmp_desc = security.descriptor.from_sddl("O:AUG:AUD:AI(A;;CC;;;AU)", self.domain_sid)
+        self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4, sd=tmp_desc)
         # Make sure created group object contains only the above inherited ACE(s)
         # that we've added manually
         desc_sddl = self.get_desc_sddl(group_dn)
@@ -1575,7 +1573,8 @@ class DaclDescriptorTests(DescriptorTests):
         self.create_clean_ou(ou_dn)
         # Add some custom  ACE
         mod = "D:(D;CIIO;WP;;;CO)(A;ID;WP;;;AU)"
-        self.create_domain_group(self.ldb_admin, group_dn, mod)
+        tmp_desc = security.descriptor.from_sddl(mod, self.domain_sid)
+        self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4, sd=tmp_desc)
         # Make sure created group object does not contain the ID ace
         desc_sddl = self.get_desc_sddl(group_dn)
         self.assertFalse("(A;ID;WP;;;AU)" in desc_sddl)
@@ -1589,7 +1588,8 @@ class DaclDescriptorTests(DescriptorTests):
         self.create_clean_ou(ou_dn)
         # Add some custom 'CI' ACE
         mod = "D:(D;CI;WP;;;CO)"
-        self.create_domain_group(self.ldb_admin, group_dn, mod)
+        tmp_desc = security.descriptor.from_sddl(mod, self.domain_sid)
+        self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4, sd=tmp_desc)
         desc_sddl = self.get_desc_sddl(group_dn)
         self.assertTrue("(D;;WP;;;DA)(D;CIIO;WP;;;CO)" in desc_sddl)
 
@@ -1602,7 +1602,8 @@ class DaclDescriptorTests(DescriptorTests):
         self.create_clean_ou(ou_dn)
         # Add some custom 'CI' ACE
         mod = "D:(D;CIIO;WP;;;CO)"
-        self.create_domain_group(self.ldb_admin, group_dn, mod)
+        tmp_desc = security.descriptor.from_sddl(mod, self.domain_sid)
+        self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4, sd=tmp_desc)
         # Make sure created group object contains only the above inherited ACE(s)
         # that we've added manually
         desc_sddl = self.get_desc_sddl(group_dn)
@@ -1618,7 +1619,8 @@ class DaclDescriptorTests(DescriptorTests):
         # Create inheritable-free OU
         self.create_clean_ou(ou_dn)
         mod = "D:(D;IO;WP;;;DA)"
-        self.create_domain_group(self.ldb_admin, group_dn, mod)
+        tmp_desc = security.descriptor.from_sddl(mod, self.domain_sid)
+        self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4, sd=tmp_desc)
         # Make sure created group object contains only the above inherited ACE(s)
         # that we've added manually
         desc_sddl = self.get_desc_sddl(group_dn)
diff --git a/source4/scripting/python/samba/samdb.py b/source4/scripting/python/samba/samdb.py
index 668c600..a59494f 100644
--- a/source4/scripting/python/samba/samdb.py
+++ b/source4/scripting/python/samba/samdb.py
@@ -113,7 +113,7 @@ pwdLastSet: 0
         self.modify_ldif(mod)
 
     def newgroup(self, groupname, groupou=None, grouptype=None,
-                 description=None, mailaddress=None, notes=None):
+                 description=None, mailaddress=None, notes=None, sd=None):
         """Adds a new group with additional parameters
 
         :param groupname: Name of the new group
@@ -121,6 +121,7 @@ pwdLastSet: 0
         :param description: Description of the new group
         :param mailaddress: Email address of the new group
         :param notes: Notes of the new group
+        :param sd: security descriptor of the object
         """
 
         group_dn = "CN=%s,%s,%s" % (groupname, (groupou or "CN=Users"), self.domain_dn())
@@ -143,6 +144,9 @@ pwdLastSet: 0
         if notes is not None:
             ldbmessage["info"] = notes
 
+        if sd is not None:
+            ldbmessage["nTSecurityDescriptor"] = ndr_pack(sd)
+
         self.add(ldbmessage)
 
     def deletegroup(self, groupname):


-- 
Samba Shared Repository


More information about the samba-cvs mailing list