git.samba.org / sfrench / samba-autobuild / .git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
s4:Added a test to make sure we ignore ACEs with ID flag set.
[sfrench/samba-autobuild/.git] / source4 / lib / ldb / tests / python / sec_descriptor.py
diff --git a/source4/lib/ldb/tests/python/sec_descriptor.py b/source4/lib/ldb/tests/python/sec_descriptor.py
index 30f82e6a87172971d2991765587360758645613c..4a683f1b2eace06a93417cb3711a6546462eea5a 100755 (executable)
--- a/source4/lib/ldb/tests/python/sec_descriptor.py
+++ b/source4/lib/ldb/tests/python/sec_descriptor.py
@@ -1699,6 +1699,19 @@ class DaclDescriptorTests(DescriptorTests):
         self.assertTrue("(D;ID;WP;;;DA)" in desc_sddl)
         self.assertTrue("(D;CIIOID;WP;;;CO)" in desc_sddl)
 
+    def test_210(self):
+        """ OU with protected flag, provide ACEs with ID flag raised. Should be ignored.
+        """
+        ou_dn = "OU=test_inherit_ou," + self.base_dn
+        group_dn = "CN=test_inherit_group," + ou_dn
+        self.create_clean_ou(ou_dn)
+        # Add some custom  ACE
+        mod = "D:(D;CIIO;WP;;;CO)(A;ID;WP;;;AU)"
+        self.create_domain_group(self.ldb_admin, group_dn, mod)
+        # Make sure created group object does not contain the ID ace
+        desc_sddl = self.get_desc_sddl(group_dn)
+        self.assertFalse("(A;ID;WP;;;AU)" in desc_sddl)
+
     ########################################################################################
 
 
Unnamed repository; edit this file 'description' to name the repository.