[SCM] Samba Shared Repository - branch master updated
Nadezhda Ivanova
nivanova at samba.org
Thu Nov 25 11:47:01 MST 2010
The branch, master has been updated
via 1e9a788 s4-tests: Modified create_ou to only accept security.descriptor type for sd to avoid confusion
from db403ac s4-dsdb: Switched to using a dictionary in create_ou for consistency.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 1e9a7882bead2a87eedcd5ddfe2b4df6a2b57306
Author: Nadezhda Ivanova <nivanova at samba.org>
Date: Thu Nov 25 19:57:51 2010 +0200
s4-tests: Modified create_ou to only accept security.descriptor type for sd to avoid confusion
It used to work with sddl as well, but this is confusing and could lead to errors. It also caused a message about tallocing a security descriptor to appear.
Autobuild-User: Nadezhda Ivanova <nivanova at samba.org>
Autobuild-Date: Thu Nov 25 19:46:42 CET 2010 on sn-devel-104
-----------------------------------------------------------------------
Summary of changes:
source4/dsdb/tests/python/acl.py | 64 +++++++++++++-----------------
source4/scripting/python/samba/samdb.py | 12 +----
2 files changed, 31 insertions(+), 45 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/dsdb/tests/python/acl.py b/source4/dsdb/tests/python/acl.py
index 691f358..fb66766 100755
--- a/source4/dsdb/tests/python/acl.py
+++ b/source4/dsdb/tests/python/acl.py
@@ -736,16 +736,13 @@ class AclSearchTests(AclTests):
self.create_clean_ou("OU=ou1," + self.base_dn)
mod = "(A;;LC;;;%s)(A;;LC;;;%s)" % (str(self.user_sid), str(self.group_sid))
self.dacl_add_ace("OU=ou1," + self.base_dn, mod)
- self.ldb_admin.create_ou("OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod)
- self.ldb_admin.create_ou("OU=ou3,OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod)
- self.ldb_admin.create_ou("OU=ou4,OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod)
- self.ldb_admin.create_ou("OU=ou5,OU=ou3,OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod)
- self.ldb_admin.create_ou("OU=ou6,OU=ou4,OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod)
+ tmp_desc = security.descriptor.from_sddl("D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod,
+ self.domain_sid)
+ self.ldb_admin.create_ou("OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+ self.ldb_admin.create_ou("OU=ou3,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+ self.ldb_admin.create_ou("OU=ou4,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+ self.ldb_admin.create_ou("OU=ou5,OU=ou3,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+ self.ldb_admin.create_ou("OU=ou6,OU=ou4,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
#regular users must see only ou1 and ou2
res = self.ldb_user3.search("OU=ou1," + self.base_dn, expression="(objectClass=*)",
@@ -807,16 +804,13 @@ class AclSearchTests(AclTests):
self.create_clean_ou("OU=ou1," + self.base_dn)
mod = "(A;CI;LC;;;%s)(A;CI;LC;;;%s)" % (str(self.user_sid), str(self.group_sid))
self.dacl_add_ace("OU=ou1," + self.base_dn, mod)
- self.ldb_admin.create_ou("OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
- self.ldb_admin.create_ou("OU=ou3,OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
- self.ldb_admin.create_ou("OU=ou4,OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
- self.ldb_admin.create_ou("OU=ou5,OU=ou3,OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
- self.ldb_admin.create_ou("OU=ou6,OU=ou4,OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
+ tmp_desc = security.descriptor.from_sddl("D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod,
+ self.domain_sid)
+ self.ldb_admin.create_ou("OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+ self.ldb_admin.create_ou("OU=ou3,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+ self.ldb_admin.create_ou("OU=ou4,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+ self.ldb_admin.create_ou("OU=ou5,OU=ou3,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+ self.ldb_admin.create_ou("OU=ou6,OU=ou4,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
print "Testing correct behavior on nonaccessible search base"
try:
@@ -861,16 +855,13 @@ class AclSearchTests(AclTests):
self.create_clean_ou("OU=ou1," + self.base_dn)
mod = "(A;CI;CC;;;%s)" % (str(self.user_sid))
self.dacl_add_ace("OU=ou1," + self.base_dn, mod)
- self.ldb_user.create_ou("OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
- self.ldb_user.create_ou("OU=ou3,OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
- self.ldb_user.create_ou("OU=ou4,OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
- self.ldb_user.create_ou("OU=ou5,OU=ou3,OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
- self.ldb_user.create_ou("OU=ou6,OU=ou4,OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
+ tmp_desc = security.descriptor.from_sddl("D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod,
+ self.domain_sid)
+ self.ldb_user.create_ou("OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+ self.ldb_user.create_ou("OU=ou3,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+ self.ldb_user.create_ou("OU=ou4,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+ self.ldb_user.create_ou("OU=ou5,OU=ou3,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+ self.ldb_user.create_ou("OU=ou6,OU=ou4,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
ok_list = [Dn(self.ldb_admin, "OU=ou2,OU=ou1," + self.base_dn),
Dn(self.ldb_admin, "OU=ou1," + self.base_dn)]
@@ -891,8 +882,9 @@ class AclSearchTests(AclTests):
self.create_clean_ou("OU=ou1," + self.base_dn)
mod = "(A;CI;LC;;;%s)" % (str(self.user_sid))
self.dacl_add_ace("OU=ou1," + self.base_dn, mod)
- self.ldb_admin.create_ou("OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod)
+ tmp_desc = security.descriptor.from_sddl("D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod,
+ self.domain_sid)
+ self.ldb_admin.create_ou("OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
# assert user can only see dn
res = self.ldb_user.search("OU=ou2,OU=ou1," + self.base_dn, expression="(objectClass=*)",
scope=SCOPE_SUBTREE)
@@ -935,10 +927,10 @@ class AclSearchTests(AclTests):
self.create_clean_ou("OU=ou1," + self.base_dn)
mod = "(A;CI;LCCC;;;%s)" % (str(self.user_sid))
self.dacl_add_ace("OU=ou1," + self.base_dn, mod)
- self.ldb_admin.create_ou("OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod)
- self.ldb_user.create_ou("OU=ou3,OU=ou2,OU=ou1," + self.base_dn,
- "D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)")
+ tmp_desc = security.descriptor.from_sddl("D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod,
+ self.domain_sid)
+ self.ldb_admin.create_ou("OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
+ self.ldb_user.create_ou("OU=ou3,OU=ou2,OU=ou1," + self.base_dn, sd=tmp_desc)
res = self.ldb_user.search("OU=ou1," + self.base_dn, expression="(ou=ou3)",
scope=SCOPE_SUBTREE)
diff --git a/source4/scripting/python/samba/samdb.py b/source4/scripting/python/samba/samdb.py
index 109e948..df1af16 100644
--- a/source4/scripting/python/samba/samdb.py
+++ b/source4/scripting/python/samba/samdb.py
@@ -663,16 +663,10 @@ accountExpires: %u
"objectClass": "organizationalUnit"}
if description:
- m["description"] = description
+ m["description"] = description
if name:
- m["name"] = name
+ m["name"] = name
if sd:
- assert(isinstance(sd, str) or isinstance(sd, security.descriptor))
- if isinstance(sd, str):
- sid = security.dom_sid(self.get_domain_sid())
- tmp_desc = security.descriptor.from_sddl(sd, sid)
- m["nTSecurityDescriptor"] = ndr_pack(tmp_desc)
- elif isinstance(sd, security.descriptor):
- m["nTSecurityDescriptor"] = ndr_pack(sd)
+ m["nTSecurityDescriptor"] = ndr_pack(sd)
self.add(m)
--
Samba Shared Repository
More information about the samba-cvs
mailing list