[PATCH] Failure to modify nTSecurityDescriptor attribute ussing
ldb.modify_ldif()
Jelmer Vernooij
jelmer at samba.org
Tue Jun 30 12:04:35 MDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Zahari,
Zahari Zahariev wrote:
> Method ldb.modify_ldif() does not work at all if you try to use it
> for nTSecurityDescriptor modification.
>
> The patch below implements a simple unittest for this behavior.
> First step is to create a regular user then save its
> nTSecurityDescriptor in SDDL format. Next we create a
> "samba.security.descriptor" python object which is ndr_packed() and
> included in ldb.modify_ldif() request changing our previously
> created user's descriptor. After this we look up the same user
> nTSecurityDescriptor then transform it into SDDL format and
> assertNotEqual() both this and the initial value. If
> ldb.modify_ldif() operation is successful then the the two SDDL
> representations must be different but as this functionality fails in
> our case they are the same!
>
> Another interesting observation is that ldb.modify_ldif() fails to
> change a security descriptor attribute with absolutely no warning or
> error in other words if you do not look it up afterwards you would
> have no clue that this operation fails.
Have you tried modifying any other attributes than
nTSecurityDescriptor? Does that work ok? If it's specific to
nTSecurityDescriptor, it's probably a bug in the LDB module that
handles it. If it's a problem everywhere, it's more probably a bug in
ldb.modify().
Cheers,
Jelmer
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iJwEAQECAAYFAkpKU7EACgkQDLQl4QYPZuWg9QP/f+6jhLl/6viGJJalk42a2zcX
FU2gkhcnoDZd+WmDFymrsYtt3/2rzp/CkvcrxSO7hO0j1a6RqvY9aQJMMcalBhu8
x+nAUHUXKmlnNCFdxKgbBPmd2J43pJtAy3OneDj+0EuYc8uHStGGUVTcgClm5I9g
SVpsr8K8a22nyzYFERc=
=EhFS
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list