# User is not a member of any additional groups but default
res = self.ldb_admin.search(user_dn, attrs=["*"])
res = [x.upper() for x in res[0].keys()]
- self.assertFalse("MEMBEROF" in res)
+ self.assertNotIn("MEMBEROF", res)
def check_modify_inheritance(self, _ldb, object_dn, owner_group=""):
# Modify
sd_user_utils.modify_sd_on_dn(object_dn, "D:" + ace)
# Make sure the modify operation has been applied
desc_sddl = self.sd_utils.get_sd_as_sddl(object_dn)
- self.assertTrue(ace in desc_sddl)
+ self.assertIn(ace, desc_sddl)
# Make sure we have identical result for both "add" and "modify"
res = re.search("(O:.*G:.*?)D:", desc_sddl).group(1)
print(self._testMethodName)
self.sd_utils.modify_sd_on_dn(object_dn, desc_sddl)
# Verify all inheritable ACEs are gone
desc_sddl = self.sd_utils.get_sd_as_sddl(object_dn)
- self.assertFalse("CI" in desc_sddl)
- self.assertFalse("OI" in desc_sddl)
+ self.assertNotIn("CI", desc_sddl)
+ self.assertNotIn("OI", desc_sddl)
def test_200(self):
""" OU with protected flag and child group. See if the group has inherit ACEs.
self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4)
# Make sure created group object contains NO inherit ACEs
desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
- self.assertFalse("ID" in desc_sddl)
+ self.assertNotIn("ID", desc_sddl)
def test_201(self):
""" OU with protected flag and no inherit ACEs, child group with custom descriptor.
# Make sure created group object contains NO inherit ACEs
# also make sure the added above non-inheritable ACEs are absent too
desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
- self.assertFalse("ID" in desc_sddl)
+ self.assertNotIn("ID", desc_sddl)
for x in re.findall(r"\(.*?\)", mod):
- self.assertFalse(x in desc_sddl)
+ self.assertNotIn(x, desc_sddl)
try:
self.sd_utils.modify_sd_on_dn(group_dn, "D:" + moded)
except LdbError as e:
self.fail(str(e))
desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
- self.assertFalse("ID" in desc_sddl)
+ self.assertNotIn("ID", desc_sddl)
for x in re.findall(r"\(.*?\)", mod):
- self.assertFalse(x in desc_sddl)
+ self.assertNotIn(x, desc_sddl)
def test_203(self):
""" OU with protected flag and add 'CI' ACE, child group.
# that we've added manually
desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
mod = mod.replace(";CI;", ";CIID;")
- self.assertTrue(mod in desc_sddl)
+ self.assertIn(mod, desc_sddl)
try:
self.sd_utils.modify_sd_on_dn(group_dn, "D:" + moded)
except LdbError as e:
self.fail(str(e))
desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
- self.assertTrue(moded in desc_sddl)
- self.assertTrue(mod in desc_sddl)
+ self.assertIn(moded, desc_sddl)
+ self.assertIn(mod, desc_sddl)
def test_204(self):
""" OU with protected flag and add 'OI' ACE, child group.
# that we've added manually
desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
mod = mod.replace(";OI;", ";OIIOID;") # change it how it's gonna look like
- self.assertTrue(mod in desc_sddl)
+ self.assertIn(mod, desc_sddl)
try:
self.sd_utils.modify_sd_on_dn(group_dn, "D:" + moded)
except LdbError as e:
self.fail(str(e))
desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
- self.assertTrue(moded in desc_sddl)
- self.assertTrue(mod in desc_sddl)
+ self.assertIn(moded, desc_sddl)
+ self.assertIn(mod, desc_sddl)
def test_205(self):
""" OU with protected flag and add 'OA' for GUID & 'CI' ACE, child group.
# that we've added manually
desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
mod = mod.replace(";CI;", ";CIID;") # change it how it's gonna look like
- self.assertTrue(mod in desc_sddl)
+ self.assertIn(mod, desc_sddl)
try:
self.sd_utils.modify_sd_on_dn(group_dn, "D:" + moded)
except LdbError as e:
self.fail(str(e))
desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
- self.assertTrue(moded in desc_sddl)
- self.assertTrue(mod in desc_sddl)
+ self.assertIn(moded, desc_sddl)
+ self.assertIn(mod, desc_sddl)
def test_206(self):
""" OU with protected flag and add 'OA' for GUID & 'OI' ACE, child group.
# that we've added manually
desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
mod = mod.replace(";OI;", ";OIIOID;") # change it how it's gonna look like
- self.assertTrue(mod in desc_sddl)
+ self.assertIn(mod, desc_sddl)
try:
self.sd_utils.modify_sd_on_dn(group_dn, "D:" + moded)
except LdbError as e:
self.fail(str(e))
desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
- self.assertTrue(moded in desc_sddl)
- self.assertTrue(mod in desc_sddl)
+ self.assertIn(moded, desc_sddl)
+ self.assertIn(mod, desc_sddl)
def test_207(self):
""" OU with protected flag and add 'OA' for OU specific GUID & 'CI' ACE, child group.
# that we've added manually
desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
mod = mod.replace(";CI;", ";CIID;") # change it how it's gonna look like
- self.assertTrue(mod in desc_sddl)
+ self.assertIn(mod, desc_sddl)
try:
self.sd_utils.modify_sd_on_dn(group_dn, "D:" + moded)
except LdbError as e:
self.fail(str(e))
desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
- self.assertTrue(moded in desc_sddl)
- self.assertTrue(mod in desc_sddl)
+ self.assertIn(moded, desc_sddl)
+ self.assertIn(mod, desc_sddl)
def test_208(self):
""" OU with protected flag and add 'OA' for OU specific GUID & 'OI' ACE, child group.
# that we've added manually
desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
mod = mod.replace(";OI;", ";OIIOID;") # change it how it's gonna look like
- self.assertTrue(mod in desc_sddl)
+ self.assertIn(mod, desc_sddl)
try:
self.sd_utils.modify_sd_on_dn(group_dn, "D:(OA;OI;WP;bf967a39-0de6-11d0-a285-00aa003049e2;;DU)" + moded)
except LdbError as e:
self.fail(str(e))
desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
- self.assertTrue(moded in desc_sddl)
- self.assertTrue(mod in desc_sddl)
+ self.assertIn(moded, desc_sddl)
+ self.assertIn(mod, desc_sddl)
def test_209(self):
""" OU with protected flag and add 'CI' ACE with 'CO' SID, child group.
# Make sure created group object contains only the above inherited ACE(s)
# that we've added manually
desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
- self.assertTrue("(D;ID;WP;;;AU)" in desc_sddl)
- self.assertTrue("(D;CIIOID;WP;;;CO)" in desc_sddl)
+ self.assertIn("(D;ID;WP;;;AU)", desc_sddl)
+ self.assertIn("(D;CIIOID;WP;;;CO)", desc_sddl)
try:
self.sd_utils.modify_sd_on_dn(group_dn, "D:" + moded)
except LdbError as e:
self.fail(str(e))
desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
- self.assertTrue(moded in desc_sddl)
- self.assertTrue("(D;ID;WP;;;DA)" in desc_sddl)
- self.assertTrue("(D;CIIOID;WP;;;CO)" in desc_sddl)
+ self.assertIn(moded, desc_sddl)
+ self.assertIn("(D;ID;WP;;;DA)", desc_sddl)
+ self.assertIn("(D;CIIOID;WP;;;CO)", desc_sddl)
def test_210(self):
""" OU with protected flag, provide ACEs with ID flag raised. Should be ignored.
self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4, sd=tmp_desc)
# Make sure created group object does not contain the ID ace
desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
- self.assertFalse("(A;ID;WP;;;AU)" in desc_sddl)
+ self.assertNotIn("(A;ID;WP;;;AU)", desc_sddl)
def test_211(self):
""" Provide ACE with CO SID, should be expanded and replaced
tmp_desc = security.descriptor.from_sddl(mod, self.domain_sid)
self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4, sd=tmp_desc)
desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
- self.assertTrue("(D;;WP;;;DA)" in desc_sddl)
- self.assertTrue("(D;CIIO;WP;;;CO)" in desc_sddl)
+ self.assertIn("(D;;WP;;;DA)", desc_sddl)
+ self.assertIn("(D;CIIO;WP;;;CO)", desc_sddl)
def test_212(self):
""" Provide ACE with IO flag, should be ignored
# Make sure created group object contains only the above inherited ACE(s)
# that we've added manually
desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
- self.assertTrue("(D;CIIO;WP;;;CO)" in desc_sddl)
- self.assertFalse("(D;;WP;;;DA)" in desc_sddl)
- self.assertFalse("(D;CIIO;WP;;;CO)(D;CIIO;WP;;;CO)" in desc_sddl)
+ self.assertIn("(D;CIIO;WP;;;CO)", desc_sddl)
+ self.assertNotIn("(D;;WP;;;DA)", desc_sddl)
+ self.assertNotIn("(D;CIIO;WP;;;CO)(D;CIIO;WP;;;CO)", desc_sddl)
def test_213(self):
""" Provide ACE with IO flag, should be ignored
# Make sure created group object contains only the above inherited ACE(s)
# that we've added manually
desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
- self.assertFalse("(D;IO;WP;;;DA)" in desc_sddl)
+ self.assertNotIn("(D;IO;WP;;;DA)", desc_sddl)
def test_214(self):
""" Test behavior of ACEs containing generic rights
desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn1)
self.assertIn("(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;DU)", desc_sddl)
- self.assertTrue("(A;CIIO;GA;;;DU)" in desc_sddl)
+ self.assertIn("(A;CIIO;GA;;;DU)", desc_sddl)
desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn2)
self.assertNotIn("(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;DU)", desc_sddl)
- self.assertTrue("(A;CIIO;GA;;;DU)" in desc_sddl)
+ self.assertIn("(A;CIIO;GA;;;DU)", desc_sddl)
desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn3)
self.assertIn("(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;DU)", desc_sddl)
- self.assertFalse("(A;CIIO;GA;;;DU)" in desc_sddl)
+ self.assertNotIn("(A;CIIO;GA;;;DU)", desc_sddl)
desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn4)
self.assertNotIn("(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;DU)", desc_sddl)
- self.assertFalse("(A;CIIO;GA;;;DU)" in desc_sddl)
+ self.assertNotIn("(A;CIIO;GA;;;DU)", desc_sddl)
desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn5)
self.assertIn("(A;ID;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;DU)", desc_sddl)
- self.assertTrue("(A;CIIOID;GA;;;DU)" in desc_sddl)
+ self.assertIn("(A;CIIOID;GA;;;DU)", desc_sddl)
desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn6)
self.assertIn("(A;ID;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;DU)", desc_sddl)
- self.assertTrue("(A;CIIOID;GA;;;DU)" in desc_sddl)
+ self.assertIn("(A;CIIOID;GA;;;DU)", desc_sddl)
def test_215(self):
""" Make sure IO flag is removed in child objects
self.ldb_admin.create_ou(ou_dn1, sd=tmp_desc)
self.ldb_admin.create_ou(ou_dn5)
desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn5)
- self.assertTrue("(A;CIID;WP;;;DU)" in desc_sddl)
- self.assertFalse("(A;CIIOID;WP;;;DU)" in desc_sddl)
+ self.assertIn("(A;CIID;WP;;;DU)", desc_sddl)
+ self.assertNotIn("(A;CIIOID;WP;;;DU)", desc_sddl)
def test_216(self):
""" Make sure ID ACES provided by user are ignored
self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4, sd=tmp_desc)
# Make sure created group object does not contain the ID ace
desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
- self.assertFalse("(A;ID;WP;;;AU)" in desc_sddl)
- self.assertFalse("(A;;WP;;;AU)" in desc_sddl)
+ self.assertNotIn("(A;ID;WP;;;AU)", desc_sddl)
+ self.assertNotIn("(A;;WP;;;AU)", desc_sddl)
def test_217(self):
""" Make sure ID ACES provided by user are not ignored if P flag is set
self.ldb_admin.newgroup("test_inherit_group", groupou="OU=test_inherit_ou", grouptype=4, sd=tmp_desc)
# Make sure created group object does not contain the ID ace
desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
- self.assertFalse("(A;ID;WP;;;AU)" in desc_sddl)
- self.assertTrue("(A;;WP;;;AU)" in desc_sddl)
+ self.assertNotIn("(A;ID;WP;;;AU)", desc_sddl)
+ self.assertIn("(A;;WP;;;AU)", desc_sddl)
########################################################################################
self.sd_utils.modify_sd_on_dn(ou_dn, self.test_descr, controls=["sd_flags:1:%d" % (SECINFO_OWNER)])
desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn)
# make sure we have modified the owner
- self.assertTrue("O:AU" in desc_sddl)
+ self.assertIn("O:AU", desc_sddl)
# make sure nothing else has been modified
- self.assertFalse("G:AU" in desc_sddl)
- self.assertFalse("D:(D;;CC;;;LG)" in desc_sddl)
- self.assertFalse("(OU;;WP;;;AU)" in desc_sddl)
+ self.assertNotIn("G:AU", desc_sddl)
+ self.assertNotIn("D:(D;;CC;;;LG)", desc_sddl)
+ self.assertNotIn("(OU;;WP;;;AU)", desc_sddl)
def test_302(self):
""" Modify a descriptor with GROUP_SECURITY_INFORMATION set.
self.sd_utils.modify_sd_on_dn(ou_dn, self.test_descr, controls=["sd_flags:1:%d" % (SECINFO_GROUP)])
desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn)
# make sure we have modified the group
- self.assertTrue("G:AU" in desc_sddl)
+ self.assertIn("G:AU", desc_sddl)
# make sure nothing else has been modified
- self.assertFalse("O:AU" in desc_sddl)
- self.assertFalse("D:(D;;CC;;;LG)" in desc_sddl)
- self.assertFalse("(OU;;WP;;;AU)" in desc_sddl)
+ self.assertNotIn("O:AU", desc_sddl)
+ self.assertNotIn("D:(D;;CC;;;LG)", desc_sddl)
+ self.assertNotIn("(OU;;WP;;;AU)", desc_sddl)
def test_303(self):
""" Modify a descriptor with SACL_SECURITY_INFORMATION set.
self.sd_utils.modify_sd_on_dn(ou_dn, self.test_descr, controls=["sd_flags:1:%d" % (SECINFO_DACL)])
desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn)
# make sure we have modified the DACL
- self.assertTrue("(D;;CC;;;LG)" in desc_sddl)
+ self.assertIn("(D;;CC;;;LG)", desc_sddl)
# make sure nothing else has been modified
- self.assertFalse("O:AU" in desc_sddl)
- self.assertFalse("G:AU" in desc_sddl)
- self.assertFalse("(OU;;WP;;;AU)" in desc_sddl)
+ self.assertNotIn("O:AU", desc_sddl)
+ self.assertNotIn("G:AU", desc_sddl)
+ self.assertNotIn("(OU;;WP;;;AU)", desc_sddl)
def test_304(self):
""" Modify a descriptor with SACL_SECURITY_INFORMATION set.
self.sd_utils.modify_sd_on_dn(ou_dn, self.test_descr, controls=["sd_flags:1:%d" % (SECINFO_SACL)])
desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn)
# make sure we have modified the DACL
- self.assertTrue("(OU;;WP;;;AU)" in desc_sddl)
+ self.assertIn("(OU;;WP;;;AU)", desc_sddl)
# make sure nothing else has been modified
- self.assertFalse("O:AU" in desc_sddl)
- self.assertFalse("G:AU" in desc_sddl)
- self.assertFalse("(D;;CC;;;LG)" in desc_sddl)
+ self.assertNotIn("O:AU", desc_sddl)
+ self.assertNotIn("G:AU", desc_sddl)
+ self.assertNotIn("(D;;CC;;;LG)", desc_sddl)
def test_305(self):
""" Modify a descriptor with 0x0 set.
self.sd_utils.modify_sd_on_dn(ou_dn, self.test_descr, controls=["sd_flags:1:0"])
desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn)
# make sure we have modified the DACL
- self.assertTrue("(OU;;WP;;;AU)" in desc_sddl)
+ self.assertIn("(OU;;WP;;;AU)", desc_sddl)
# make sure nothing else has been modified
- self.assertTrue("O:AU" in desc_sddl)
- self.assertTrue("G:AU" in desc_sddl)
- self.assertTrue("(D;;CC;;;LG)" in desc_sddl)
+ self.assertIn("O:AU", desc_sddl)
+ self.assertIn("G:AU", desc_sddl)
+ self.assertIn("(D;;CC;;;LG)", desc_sddl)
def test_306(self):
""" Modify a descriptor with 0xF set.
self.sd_utils.modify_sd_on_dn(ou_dn, self.test_descr, controls=["sd_flags:1:15"])
desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn)
# make sure we have modified the DACL
- self.assertTrue("(OU;;WP;;;AU)" in desc_sddl)
+ self.assertIn("(OU;;WP;;;AU)", desc_sddl)
# make sure nothing else has been modified
- self.assertTrue("O:AU" in desc_sddl)
- self.assertTrue("G:AU" in desc_sddl)
- self.assertTrue("(D;;CC;;;LG)" in desc_sddl)
+ self.assertIn("O:AU", desc_sddl)
+ self.assertIn("G:AU", desc_sddl)
+ self.assertIn("(D;;CC;;;LG)", desc_sddl)
def test_307(self):
""" Read a descriptor with OWNER_SECURITY_INFORMATION
self.ldb_admin.create_ou(ou_dn)
desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn, controls=["sd_flags:1:%d" % (SECINFO_OWNER)])
# make sure we have read the owner
- self.assertTrue("O:" in desc_sddl)
+ self.assertIn("O:", desc_sddl)
# make sure we have read nothing else
- self.assertFalse("G:" in desc_sddl)
- self.assertFalse("D:" in desc_sddl)
- self.assertFalse("S:" in desc_sddl)
+ self.assertNotIn("G:", desc_sddl)
+ self.assertNotIn("D:", desc_sddl)
+ self.assertNotIn("S:", desc_sddl)
def test_308(self):
""" Read a descriptor with GROUP_SECURITY_INFORMATION
self.ldb_admin.create_ou(ou_dn)
desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn, controls=["sd_flags:1:%d" % (SECINFO_GROUP)])
# make sure we have read the owner
- self.assertTrue("G:" in desc_sddl)
+ self.assertIn("G:", desc_sddl)
# make sure we have read nothing else
- self.assertFalse("O:" in desc_sddl)
- self.assertFalse("D:" in desc_sddl)
- self.assertFalse("S:" in desc_sddl)
+ self.assertNotIn("O:", desc_sddl)
+ self.assertNotIn("D:", desc_sddl)
+ self.assertNotIn("S:", desc_sddl)
def test_309(self):
""" Read a descriptor with SACL_SECURITY_INFORMATION
self.ldb_admin.create_ou(ou_dn)
desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn, controls=["sd_flags:1:%d" % (SECINFO_SACL)])
# make sure we have read the owner
- self.assertTrue("S:" in desc_sddl)
+ self.assertIn("S:", desc_sddl)
# make sure we have read nothing else
- self.assertFalse("O:" in desc_sddl)
- self.assertFalse("D:" in desc_sddl)
- self.assertFalse("G:" in desc_sddl)
+ self.assertNotIn("O:", desc_sddl)
+ self.assertNotIn("D:", desc_sddl)
+ self.assertNotIn("G:", desc_sddl)
def test_310(self):
""" Read a descriptor with DACL_SECURITY_INFORMATION
self.ldb_admin.create_ou(ou_dn)
desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn, controls=["sd_flags:1:%d" % (SECINFO_DACL)])
# make sure we have read the owner
- self.assertTrue("D:" in desc_sddl)
+ self.assertIn("D:", desc_sddl)
# make sure we have read nothing else
- self.assertFalse("O:" in desc_sddl)
- self.assertFalse("S:" in desc_sddl)
- self.assertFalse("G:" in desc_sddl)
+ self.assertNotIn("O:", desc_sddl)
+ self.assertNotIn("S:", desc_sddl)
+ self.assertNotIn("G:", desc_sddl)
def test_311(self):
sd_flags = (SECINFO_OWNER |
res = self.ldb_admin.search(self.base_dn, SCOPE_BASE, None,
[], controls=None)
- self.assertFalse("nTSecurityDescriptor" in res[0])
+ self.assertNotIn("nTSecurityDescriptor", res[0])
res = self.ldb_admin.search(self.base_dn, SCOPE_BASE, None,
["name"], controls=None)
- self.assertFalse("nTSecurityDescriptor" in res[0])
+ self.assertNotIn("nTSecurityDescriptor", res[0])
res = self.ldb_admin.search(self.base_dn, SCOPE_BASE, None,
["name"], controls=["sd_flags:1:%d" % (sd_flags)])
- self.assertFalse("nTSecurityDescriptor" in res[0])
+ self.assertNotIn("nTSecurityDescriptor", res[0])
res = self.ldb_admin.search(self.base_dn, SCOPE_BASE, None,
controls=["sd_flags:1:%d" % (sd_flags)])
- self.assertTrue("nTSecurityDescriptor" in res[0])
+ self.assertIn("nTSecurityDescriptor", res[0])
tmp = res[0]["nTSecurityDescriptor"][0]
sd = ndr_unpack(security.descriptor, tmp)
sddl = sd.as_sddl(self.sd_utils.domain_sid)
- self.assertTrue("O:" in sddl)
- self.assertTrue("G:" in sddl)
- self.assertTrue("D:" in sddl)
- self.assertTrue("S:" in sddl)
+ self.assertIn("O:", sddl)
+ self.assertIn("G:", sddl)
+ self.assertIn("D:", sddl)
+ self.assertIn("S:", sddl)
res = self.ldb_admin.search(self.base_dn, SCOPE_BASE, None,
["*"], controls=["sd_flags:1:%d" % (sd_flags)])
- self.assertTrue("nTSecurityDescriptor" in res[0])
+ self.assertIn("nTSecurityDescriptor", res[0])
tmp = res[0]["nTSecurityDescriptor"][0]
sd = ndr_unpack(security.descriptor, tmp)
sddl = sd.as_sddl(self.sd_utils.domain_sid)
- self.assertTrue("O:" in sddl)
- self.assertTrue("G:" in sddl)
- self.assertTrue("D:" in sddl)
- self.assertTrue("S:" in sddl)
+ self.assertIn("O:", sddl)
+ self.assertIn("G:", sddl)
+ self.assertIn("D:", sddl)
+ self.assertIn("S:", sddl)
res = self.ldb_admin.search(self.base_dn, SCOPE_BASE, None,
["nTSecurityDescriptor", "*"], controls=["sd_flags:1:%d" % (sd_flags)])
- self.assertTrue("nTSecurityDescriptor" in res[0])
+ self.assertIn("nTSecurityDescriptor", res[0])
tmp = res[0]["nTSecurityDescriptor"][0]
sd = ndr_unpack(security.descriptor, tmp)
sddl = sd.as_sddl(self.sd_utils.domain_sid)
- self.assertTrue("O:" in sddl)
- self.assertTrue("G:" in sddl)
- self.assertTrue("D:" in sddl)
- self.assertTrue("S:" in sddl)
+ self.assertIn("O:", sddl)
+ self.assertIn("G:", sddl)
+ self.assertIn("D:", sddl)
+ self.assertIn("S:", sddl)
res = self.ldb_admin.search(self.base_dn, SCOPE_BASE, None,
["*", "nTSecurityDescriptor"], controls=["sd_flags:1:%d" % (sd_flags)])
- self.assertTrue("nTSecurityDescriptor" in res[0])
+ self.assertIn("nTSecurityDescriptor", res[0])
tmp = res[0]["nTSecurityDescriptor"][0]
sd = ndr_unpack(security.descriptor, tmp)
sddl = sd.as_sddl(self.sd_utils.domain_sid)
- self.assertTrue("O:" in sddl)
- self.assertTrue("G:" in sddl)
- self.assertTrue("D:" in sddl)
- self.assertTrue("S:" in sddl)
+ self.assertIn("O:", sddl)
+ self.assertIn("G:", sddl)
+ self.assertIn("D:", sddl)
+ self.assertIn("S:", sddl)
res = self.ldb_admin.search(self.base_dn, SCOPE_BASE, None,
["nTSecurityDescriptor", "name"], controls=["sd_flags:1:%d" % (sd_flags)])
- self.assertTrue("nTSecurityDescriptor" in res[0])
+ self.assertIn("nTSecurityDescriptor", res[0])
tmp = res[0]["nTSecurityDescriptor"][0]
sd = ndr_unpack(security.descriptor, tmp)
sddl = sd.as_sddl(self.sd_utils.domain_sid)
- self.assertTrue("O:" in sddl)
- self.assertTrue("G:" in sddl)
- self.assertTrue("D:" in sddl)
- self.assertTrue("S:" in sddl)
+ self.assertIn("O:", sddl)
+ self.assertIn("G:", sddl)
+ self.assertIn("D:", sddl)
+ self.assertIn("S:", sddl)
res = self.ldb_admin.search(self.base_dn, SCOPE_BASE, None,
["name", "nTSecurityDescriptor"], controls=["sd_flags:1:%d" % (sd_flags)])
- self.assertTrue("nTSecurityDescriptor" in res[0])
+ self.assertIn("nTSecurityDescriptor", res[0])
tmp = res[0]["nTSecurityDescriptor"][0]
sd = ndr_unpack(security.descriptor, tmp)
sddl = sd.as_sddl(self.sd_utils.domain_sid)
- self.assertTrue("O:" in sddl)
- self.assertTrue("G:" in sddl)
- self.assertTrue("D:" in sddl)
- self.assertTrue("S:" in sddl)
+ self.assertIn("O:", sddl)
+ self.assertIn("G:", sddl)
+ self.assertIn("D:", sddl)
+ self.assertIn("S:", sddl)
res = self.ldb_admin.search(self.base_dn, SCOPE_BASE, None,
["nTSecurityDescriptor"], controls=None)
- self.assertTrue("nTSecurityDescriptor" in res[0])
+ self.assertIn("nTSecurityDescriptor", res[0])
tmp = res[0]["nTSecurityDescriptor"][0]
sd = ndr_unpack(security.descriptor, tmp)
sddl = sd.as_sddl(self.sd_utils.domain_sid)
- self.assertTrue("O:" in sddl)
- self.assertTrue("G:" in sddl)
- self.assertTrue("D:" in sddl)
- self.assertTrue("S:" in sddl)
+ self.assertIn("O:", sddl)
+ self.assertIn("G:", sddl)
+ self.assertIn("D:", sddl)
+ self.assertIn("S:", sddl)
res = self.ldb_admin.search(self.base_dn, SCOPE_BASE, None,
["name", "nTSecurityDescriptor"], controls=None)
- self.assertTrue("nTSecurityDescriptor" in res[0])
+ self.assertIn("nTSecurityDescriptor", res[0])
tmp = res[0]["nTSecurityDescriptor"][0]
sd = ndr_unpack(security.descriptor, tmp)
sddl = sd.as_sddl(self.sd_utils.domain_sid)
- self.assertTrue("O:" in sddl)
- self.assertTrue("G:" in sddl)
- self.assertTrue("D:" in sddl)
- self.assertTrue("S:" in sddl)
+ self.assertIn("O:", sddl)
+ self.assertIn("G:", sddl)
+ self.assertIn("D:", sddl)
+ self.assertIn("S:", sddl)
res = self.ldb_admin.search(self.base_dn, SCOPE_BASE, None,
["nTSecurityDescriptor", "name"], controls=None)
- self.assertTrue("nTSecurityDescriptor" in res[0])
+ self.assertIn("nTSecurityDescriptor", res[0])
tmp = res[0]["nTSecurityDescriptor"][0]
sd = ndr_unpack(security.descriptor, tmp)
sddl = sd.as_sddl(self.sd_utils.domain_sid)
- self.assertTrue("O:" in sddl)
- self.assertTrue("G:" in sddl)
- self.assertTrue("D:" in sddl)
- self.assertTrue("S:" in sddl)
+ self.assertIn("O:", sddl)
+ self.assertIn("G:", sddl)
+ self.assertIn("D:", sddl)
+ self.assertIn("S:", sddl)
def test_312(self):
"""This search is done by the windows dc join..."""
res = self.ldb_admin.search(self.base_dn, SCOPE_BASE, None, ["1.1"],
controls=["extended_dn:1:0", "sd_flags:1:0", "search_options:1:1"])
- self.assertFalse("nTSecurityDescriptor" in res[0])
+ self.assertNotIn("nTSecurityDescriptor", res[0])
class RightsAttributesTests(DescriptorTests):
attrs=["allowedChildClassesEffective"])
# there should be no allowed child classes
self.assertEqual(len(res), 1)
- self.assertFalse("allowedChildClassesEffective" in res[0].keys())
+ self.assertNotIn("allowedChildClassesEffective", res[0].keys())
# give the user the right to create children of type user
mod = "(OA;CI;CC;bf967aba-0de6-11d0-a285-00aa003049e2;;%s)" % str(user_sid)
self.sd_utils.dacl_add_ace(object_dn, mod)
attrs=["allowedAttributesEffective"])
# there should be no allowed attributes
self.assertEqual(len(res), 1)
- self.assertFalse("allowedAttributesEffective" in res[0].keys())
+ self.assertNotIn("allowedAttributesEffective", res[0].keys())
# give the user the right to write displayName and managedBy
mod2 = "(OA;CI;WP;bf967953-0de6-11d0-a285-00aa003049e2;;%s)" % str(user_sid)
mod = "(OA;CI;WP;0296c120-40da-11d1-a9c0-0000f80367c1;;%s)" % str(user_sid)
# value should only contain user and managedBy
self.assertEqual(len(res), 1)
self.assertEqual(len(res[0]["allowedAttributesEffective"]), 2)
- self.assertTrue(b"displayName" in res[0]["allowedAttributesEffective"])
- self.assertTrue(b"managedBy" in res[0]["allowedAttributesEffective"])
+ self.assertIn(b"displayName", res[0]["allowedAttributesEffective"])
+ self.assertIn(b"managedBy", res[0]["allowedAttributesEffective"])
class SdAutoInheritTests(DescriptorTests):
ou_sddl0 = ou_sd0.as_sddl(self.domain_sid)
sub_sddl0 = sub_sd0.as_sddl(self.domain_sid)
- self.assertFalse(ace in ou_sddl0)
- self.assertFalse(ace in sub_sddl0)
+ self.assertNotIn(ace, ou_sddl0)
+ self.assertNotIn(ace, sub_sddl0)
ou_sddl1 = (ou_sddl0[:ou_sddl0.index("(")] + ace +
ou_sddl0[ou_sddl0.index("("):])
print("sub0: %s" % sub_sddl0)
print("sub2: %s" % sub_sddl2)
- self.assertTrue(ace in ou_sddl2)
- self.assertTrue(sub_ace in sub_sddl2)
+ self.assertIn(ace, ou_sddl2)
+ self.assertIn(sub_ace, sub_sddl2)
ou_usn0 = int(ou_res0[0]["uSNChanged"][0])
ou_usn2 = int(ou_res2[0]["uSNChanged"][0])
- self.assertTrue(ou_usn2 > ou_usn0)
+ self.assertGreater(ou_usn2, ou_usn0)
sub_usn0 = int(sub_res0[0]["uSNChanged"][0])
sub_usn2 = int(sub_res2[0]["uSNChanged"][0])