import base64
import re
import random
+import time
sys.path.append("bin/python")
sys.path.append("../lib/subunit/python")
_ldb.add_ldif(ldif)
def read_desc(self, object_dn):
- res = self.ldb_admin.search(base=object_dn, attrs=["nTSecurityDescriptor"])
+ res = self.ldb_admin.search(base=object_dn, scope=SCOPE_BASE, attrs=["nTSecurityDescriptor"])
desc = res[0]["nTSecurityDescriptor"][0]
- return ndr_unpack( security.descriptor, desc )
+ return ndr_unpack(security.descriptor, desc)
def enable_account(self, user_dn):
"""Enable an account.
self.SAMBA = True
else:
self.WIN2003 = True
- #print "self.SAMBA:", self.SAMBA
- #print "self.WIN2003:", self.WIN2003
################################################################################################
"113" : "O:DAG:DA",
"114" : "O:DAG:DA",
"115" : "O:DAG:DA",
- "130" : "",
+ "130" : "0:EAG:EA",
"131" : "",
"132" : "",
"133" : "%s",
self.assertEqual(self.results[self.DS_BEHAVIOR]["100"], res)
def test_101(self):
- """ Dmain admin group member creates object (default nTSecurityDescriptor) in DOMAIN
+ """ Domain admin group member creates object (default nTSecurityDescriptor) in DOMAIN
"""
user_name = "testuser2"
self.check_user_belongs(self.get_users_domain_dn(user_name), ["Domain Admins"])
DescriptorTests.setUp(self)
def tearDown(self):
- self.delete_force(self.ldb_admin, "CN=test_inherit_group,OU=test_inherit_ou," + self.base_dn)
- self.delete_force(self.ldb_admin, "OU=test_inherit_ou," + self.base_dn)
+ self.delete_force(self.ldb_admin, "CN=_test_inherit_group,OU=test_inherit_ou," + self.base_dn)
+ self.delete_force(self.ldb_admin, "OU=_test_inherit_ou," + self.base_dn)
def create_clean_ou(self, object_dn):
""" Base repeating setup for unittests to follow """
desc_sddl = desc_sddl.replace(x, "")
# Add flag 'protected' in both DACL and SACL so no inherit ACEs
# can propagate from above
+ # remove SACL, we are not interested
desc_sddl = desc_sddl.replace(":AI", ":AIP")
- # colon at the end breaks ldif parsing, fix it
- res = re.findall(".*?S:", desc_sddl)
- if res:
- desc_sddl = desc_sddl.replace("S:", "")
self.modify_desc(object_dn, desc_sddl)
# Verify all inheritable ACEs are gone
desc_sddl = self.get_desc_sddl(object_dn)