mod += "nTSecurityDescriptor:: %s" % base64.b64encode(ndr_pack(desc))
_ldb.modify_ldif(mod, controls)
- def create_domain_ou(self, _ldb, ou_dn, desc=None, controls=None):
- ldif = """
-dn: """ + ou_dn + """
-ou: """ + ou_dn.split(",")[0][3:] + """
-objectClass: organizationalUnit
-url: www.example.com
-"""
- if desc:
- assert(isinstance(desc, str) or isinstance(desc, security.descriptor))
- if isinstance(desc, str):
- ldif += "nTSecurityDescriptor: %s" % desc
- elif isinstance(desc, security.descriptor):
- ldif += "nTSecurityDescriptor:: %s" % base64.b64encode(ndr_pack(desc))
- _ldb.add_ldif(ldif, controls)
-
def create_domain_user(self, _ldb, user_dn, desc=None):
ldif = """
dn: """ + user_dn + """
_ldb = self.get_ldb_connection(user_name, "samba123@")
object_dn = "OU=test_domain_ou1," + self.base_dn
self.delete_force(self.ldb_admin, object_dn)
- self.create_domain_ou(self.ldb_admin, object_dn)
+ self.ldb_admin.create_ou(object_dn)
user_sid = self.get_object_sid( self.get_users_domain_dn(user_name) )
mod = "(A;CI;WPWDCC;;;%s)" % str(user_sid)
self.dacl_add_ace(object_dn, mod)
_ldb = self.get_ldb_connection(user_name, "samba123@")
object_dn = "OU=test_domain_ou1," + self.base_dn
self.delete_force(self.ldb_admin, object_dn)
- self.create_domain_ou(self.ldb_admin, object_dn)
+ self.ldb_admin.create_ou(object_dn)
user_sid = self.get_object_sid( self.get_users_domain_dn(user_name) )
mod = "(A;CI;WPWDCC;;;%s)" % str(user_sid)
self.dacl_add_ace(object_dn, mod)
_ldb = self.get_ldb_connection(user_name, "samba123@")
object_dn = "OU=test_domain_ou1," + self.base_dn
self.delete_force(self.ldb_admin, object_dn)
- self.create_domain_ou(self.ldb_admin, object_dn)
+ self.ldb_admin.create_ou(object_dn)
user_sid = self.get_object_sid( self.get_users_domain_dn(user_name) )
mod = "(A;CI;WOWDCC;;;%s)" % str(user_sid)
self.dacl_add_ace(object_dn, mod)
_ldb = self.get_ldb_connection(user_name, "samba123@")
object_dn = "OU=test_domain_ou1," + self.base_dn
self.delete_force(self.ldb_admin, object_dn)
- self.create_domain_ou(self.ldb_admin, object_dn)
+ self.ldb_admin.create_ou(object_dn)
user_sid = self.get_object_sid( self.get_users_domain_dn(user_name) )
mod = "(A;CI;WOWDCC;;;%s)" % str(user_sid)
self.dacl_add_ace(object_dn, mod)
user_name = "Administrator"
object_dn = "OU=test_domain_ou1," + self.base_dn
self.delete_force(self.ldb_admin, object_dn)
- self.create_domain_ou(self.ldb_admin, object_dn)
+ self.ldb_admin.create_ou(object_dn)
user_sid = self.get_object_sid( self.get_users_domain_dn(user_name) )
mod = "(D;CI;WP;;;S-1-3-0)"
#mod = ""
# Create additional object into the first one
object_dn = "OU=test_domain_ou2," + object_dn
self.delete_force(self.ldb_admin, object_dn)
- self.create_domain_ou(self.ldb_admin, object_dn)
+ self.ldb_admin.create_ou(object_dn)
desc_sddl = self.get_desc_sddl(object_dn)
## Tests for SCHEMA
expression="distinguishedName=%s" % object_dn)
# Make sure top testing OU has been deleted before starting the test
self.assertEqual(res, [])
- self.create_domain_ou(self.ldb_admin, object_dn)
+ self.ldb_admin.create_ou(object_dn)
desc_sddl = self.get_desc_sddl(object_dn)
# Make sure there are inheritable ACEs initially
self.assertTrue("CI" in desc_sddl or "OI" in desc_sddl)
See that only the owner has been changed.
"""
ou_dn = "OU=test_sdflags_ou," + self.base_dn
- self.create_domain_ou(self.ldb_admin, ou_dn)
+ self.ldb_admin.create_ou(ou_dn)
self.modify_desc(self.ldb_admin, ou_dn, self.test_descr, controls=["sd_flags:1:%d" % (SECINFO_OWNER)])
desc_sddl = self.get_desc_sddl(ou_dn)
# make sure we have modified the owner
See that only the owner has been changed.
"""
ou_dn = "OU=test_sdflags_ou," + self.base_dn
- self.create_domain_ou(self.ldb_admin, ou_dn)
+ self.ldb_admin.create_ou(ou_dn)
self.modify_desc(self.ldb_admin, ou_dn, self.test_descr, controls=["sd_flags:1:%d" % (SECINFO_GROUP)])
desc_sddl = self.get_desc_sddl(ou_dn)
# make sure we have modified the group
See that only the owner has been changed.
"""
ou_dn = "OU=test_sdflags_ou," + self.base_dn
- self.create_domain_ou(self.ldb_admin, ou_dn)
+ self.ldb_admin.create_ou(ou_dn)
self.modify_desc(self.ldb_admin, ou_dn, self.test_descr, controls=["sd_flags:1:%d" % (SECINFO_DACL)])
desc_sddl = self.get_desc_sddl(ou_dn)
# make sure we have modified the DACL
See that only the owner has been changed.
"""
ou_dn = "OU=test_sdflags_ou," + self.base_dn
- self.create_domain_ou(self.ldb_admin, ou_dn)
+ self.ldb_admin.create_ou(ou_dn)
self.modify_desc(self.ldb_admin, ou_dn, self.test_descr, controls=["sd_flags:1:%d" % (SECINFO_SACL)])
desc_sddl = self.get_desc_sddl(ou_dn)
# make sure we have modified the DACL
which is the same as 0xF
"""
ou_dn = "OU=test_sdflags_ou," + self.base_dn
- self.create_domain_ou(self.ldb_admin, ou_dn)
+ self.ldb_admin.create_ou(ou_dn)
self.modify_desc(self.ldb_admin, ou_dn, self.test_descr, controls=["sd_flags:1:0"])
desc_sddl = self.get_desc_sddl(ou_dn)
# make sure we have modified the DACL
""" Modify a descriptor with 0xF set.
"""
ou_dn = "OU=test_sdflags_ou," + self.base_dn
- self.create_domain_ou(self.ldb_admin, ou_dn)
+ self.ldb_admin.create_ou(ou_dn)
self.modify_desc(self.ldb_admin, ou_dn, self.test_descr, controls=["sd_flags:1:15"])
desc_sddl = self.get_desc_sddl(ou_dn)
# make sure we have modified the DACL
Only the owner part should be returned.
"""
ou_dn = "OU=test_sdflags_ou," + self.base_dn
- self.create_domain_ou(self.ldb_admin, ou_dn)
+ self.ldb_admin.create_ou(ou_dn)
desc_sddl = self.get_desc_sddl(ou_dn, controls=["sd_flags:1:%d" % (SECINFO_OWNER)])
# make sure we have read the owner
self.assertTrue("O:" in desc_sddl)
Only the group part should be returned.
"""
ou_dn = "OU=test_sdflags_ou," + self.base_dn
- self.create_domain_ou(self.ldb_admin, ou_dn)
+ self.ldb_admin.create_ou(ou_dn)
desc_sddl = self.get_desc_sddl(ou_dn, controls=["sd_flags:1:%d" % (SECINFO_GROUP)])
# make sure we have read the owner
self.assertTrue("G:" in desc_sddl)
Only the sacl part should be returned.
"""
ou_dn = "OU=test_sdflags_ou," + self.base_dn
- self.create_domain_ou(self.ldb_admin, ou_dn)
+ self.ldb_admin.create_ou(ou_dn)
desc_sddl = self.get_desc_sddl(ou_dn, controls=["sd_flags:1:%d" % (SECINFO_SACL)])
# make sure we have read the owner
self.assertTrue("S:" in desc_sddl)
Only the dacl part should be returned.
"""
ou_dn = "OU=test_sdflags_ou," + self.base_dn
- self.create_domain_ou(self.ldb_admin, ou_dn)
+ self.ldb_admin.create_ou(ou_dn)
desc_sddl = self.get_desc_sddl(ou_dn, controls=["sd_flags:1:%d" % (SECINFO_DACL)])
# make sure we have read the owner
self.assertTrue("D:" in desc_sddl)
def test_sDRightsEffective(self):
object_dn = "OU=test_domain_ou1," + self.base_dn
self.delete_force(self.ldb_admin, object_dn)
- self.create_domain_ou(self.ldb_admin, object_dn)
+ self.ldb_admin.create_ou(object_dn)
print self.get_users_domain_dn("testuser_attr")
user_sid = self.get_object_sid(self.get_users_domain_dn("testuser_attr"))
#give testuser1 read access so attributes can be retrieved
def test_allowedChildClassesEffective(self):
object_dn = "OU=test_domain_ou1," + self.base_dn
self.delete_force(self.ldb_admin, object_dn)
- self.create_domain_ou(self.ldb_admin, object_dn)
+ self.ldb_admin.create_ou(object_dn)
user_sid = self.get_object_sid(self.get_users_domain_dn("testuser_attr"))
#give testuser1 read access so attributes can be retrieved
mod = "(A;CI;RP;;;%s)" % str(user_sid)
def test_allowedAttributesEffective(self):
object_dn = "OU=test_domain_ou1," + self.base_dn
self.delete_force(self.ldb_admin, object_dn)
- self.create_domain_ou(self.ldb_admin, object_dn)
+ self.ldb_admin.create_ou(object_dn)
user_sid = self.get_object_sid(self.get_users_domain_dn("testuser_attr"))
#give testuser1 read access so attributes can be retrieved
mod = "(A;CI;RP;;;%s)" % str(user_sid)