[PATCH] Failure to modify nTSecurityDescriptor attribute ussing
ldb.modify_ldif()
Zahari Zahariev
zahari.zahariev at postpath.com
Tue Jun 30 06:34:10 MDT 2009
Hello Samba4,
Method ldb.modify_ldif() does not work at all if you try to use it for
nTSecurityDescriptor modification.
The patch below implements a simple unittest for this behavior. First
step is to create a regular user then save its nTSecurityDescriptor in
SDDL format. Next we create a "samba.security.descriptor" python object
which is ndr_packed() and included in ldb.modify_ldif() request changing
our previously created user's descriptor. After this we look up the same
user nTSecurityDescriptor then transform it into SDDL format and
assertNotEqual() both this and the initial value. If ldb.modify_ldif()
operation is successful then the the two SDDL representations must be
different but as this functionality fails in our case they are the same!
Another interesting observation is that ldb.modify_ldif() fails to
change a security descriptor attribute with absolutely no warning or
error in other words if you do not look it up afterwards you would have
no clue that this operation fails.
Regards,
Zahari
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Test-that-tries-to-modify-nTSecurityDescriptor-using.patch
Type: text/x-patch
Size: 2822 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20090630/469189ee/0001-Test-that-tries-to-modify-nTSecurityDescriptor-using.bin
More information about the samba-technical
mailing list