Merge branch 'master' of git://git.samba.org/samba
authorNadezhda Ivanova <nadezhda.ivanova@postpath.com>
Mon, 21 Sep 2009 00:43:46 +0000 (17:43 -0700)
committerNadezhda Ivanova <nadezhda.ivanova@postpath.com>
Mon, 21 Sep 2009 00:43:46 +0000 (17:43 -0700)
1  2 
source4/lib/ldb/tests/python/sec_descriptor.py

index 71c17d17e634733b1248ffe80514817cd3b10b1d,01df86e9099aeba922f5147f0442f07a022cf282..155b65f4abd1992e4d9640eb9b0d2fa768035145
mode 100644,100755..100755
@@@ -24,11 -24,11 +24,11 @@@ from samba.ndr import ndr_pack, ndr_unp
  from samba.dcerpc import security
  
  from samba.auth import system_session
- from samba import Ldb, DS_BEHAVIOR_WIN2008
+ from samba import Ldb, DS_DOMAIN_FUNCTION_2008
  from subunit import SubunitTestRunner
  import unittest
  
- parser = optparse.OptionParser("ldap [options] <host>")
+ parser = optparse.OptionParser("sec_descriptor [options] <host>")
  sambaopts = options.SambaOptions(parser)
  parser.add_option_group(sambaopts)
  parser.add_option_group(options.VersionOptions(parser))
@@@ -249,10 -249,7 +249,10 @@@ userAccountControl: %s""" % userAccount
          desc_sddl = desc.as_sddl( self.domain_sid )
          if ace in desc_sddl:
              return
 -        desc_sddl = desc_sddl[0:desc_sddl.index("(")] + ace + desc_sddl[desc_sddl.index("("):]
 +        if desc_sddl.find("(") >= 0:
 +            desc_sddl = desc_sddl[0:desc_sddl.index("(")] + ace + desc_sddl[desc_sddl.index("("):]
 +        else:
 +            desc_sddl = desc_sddl + ace
          self.modify_desc(object_dn, desc_sddl)
  
      def get_desc_sddl(self, object_dn):
@@@ -377,7 -374,7 +377,7 @@@ changetype: ad
  member: """ + user_dn
              self.ldb_admin.modify_ldif(ldif)
          self.results = {
-             # msDS-Behavior-Version < DS_BEHAVIOR_WIN2008
+             # msDS-Behavior-Version < DS_DOMAIN_FUNCTION_2008
              "ds_behavior_win2003" : {
                  "100" : "O:EAG:DU",
                  "101" : "O:DAG:DU",
          res = self.ldb_admin.search(base=self.base_dn, expression="distinguishedName=%s" % self.base_dn, \
                  attrs=['msDS-Behavior-Version'])
          res = int(res[0]['msDS-Behavior-Version'][0])
-         if res < DS_BEHAVIOR_WIN2008:
+         if res < DS_DOMAIN_FUNCTION_2008:
              self.DS_BEHAVIOR = "ds_behavior_win2003"
          else:
              self.DS_BEHAVIOR = "ds_behavior_win2008"
          #mod = ""
          self.dacl_add_ace(object_dn, mod)
          desc_sddl = self.get_desc_sddl(object_dn)
 -        #print desc_sddl
          # Create additional object into the first one
          object_dn = "OU=test_domain_ou2," + object_dn
          self.delete_force(self.ldb_admin, object_dn)
          self.create_domain_ou(self.ldb_admin, object_dn)
          desc_sddl = self.get_desc_sddl(object_dn)
 -        #print desc_sddl
  
      ## Tests for SCHEMA
  
@@@ -1398,10 -1397,6 +1398,10 @@@ class DaclDescriptorTests(DescriptorTes
          # Add flag 'protected' in both DACL and SACL so no inherit ACEs
          # can propagate from above
          desc_sddl = desc_sddl.replace(":AI", ":AIP")
 +        # colon at the end breaks ldif parsing, fix it
 +        res = re.findall(".*?S:", desc_sddl)
 +        if res:
 +            desc_sddl = desc_sddl.replace("S:", "")
          self.modify_desc(object_dn, desc_sddl)
          # Verify all inheritable ACEs are gone
          desc_sddl = self.get_desc_sddl(object_dn)
          self.create_domain_group(self.ldb_admin, group_dn, sddl)
          # Make sure created group descriptor has NO additional ACEs
          desc_sddl = self.get_desc_sddl(group_dn)
 +        print "group descriptor: " + desc_sddl
          self.assertEqual(desc_sddl, sddl)
  
      def test_202(self):
          # Make sure created group object contains only the above inherited ACE(s)
          # that we've added manually
          desc_sddl = self.get_desc_sddl(group_dn)
 -        #print desc_sddl
          self.assertTrue("(D;ID;WP;;;AU)" in desc_sddl)
          self.assertTrue("(D;CIIOID;WP;;;CO)" in desc_sddl)