s4-acl-test: use symbolic names for groupType

author Andrew Tridgell <tridge@samba.org>

Fri, 5 Aug 2011 04:03:58 +0000 (14:03 +1000)

committer Andrew Bartlett <abartlet@samba.org>

Tue, 9 Aug 2011 09:56:23 +0000 (11:56 +0200)
author Andrew Tridgell <tridge@samba.org>
Fri, 5 Aug 2011 04:03:58 +0000 (14:03 +1000)
committer Andrew Bartlett <abartlet@samba.org>
Tue, 9 Aug 2011 09:56:23 +0000 (11:56 +0200)
diff --git a/source4/dsdb/tests/python/acl.py b/source4/dsdb/tests/python/acl.py

index b131951047b23a4a0e0a098a042444f71cf57a6a..0714178209f3691abbbdd0887215457f3098eabf 100755 (executable)
--- a/source4/dsdb/tests/python/acl.py
+++ b/source4/dsdb/tests/python/acl.py
@@ -31,6 +31,7 @@ import samba.tests
  from samba.tests import delete_force
  from subunit.run import SubunitTestRunner
  import unittest
+import samba.dsdb
  
  parser = optparse.OptionParser("acl.py [options] <host>")
  sambaopts = options.SambaOptions(parser)
@@ -167,7 +168,7 @@ class AclAddTests(AclTests):
          # Test user and group creation with another domain admin's credentials
          self.ldb_notowner.newuser(self.test_user1, self.user_pass, userou=self.ou2)
          self.ldb_notowner.newgroup("test_add_group1", groupou="OU=test_add_ou2,OU=test_add_ou1",
-                                   grouptype=4)
+                                   grouptype=samba.dsdb.GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP)
          # Make sure we HAVE created the two objects -- user and group
          # !!! We should not be able to do that, but however beacuse of ACE ordering our inherited Deny ACE
          # !!! comes after explicit (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA) that comes from somewhere
@@ -186,7 +187,7 @@ class AclAddTests(AclTests):
          try:
              self.ldb_user.newuser(self.test_user1, self.user_pass, userou=self.ou2)
              self.ldb_user.newgroup("test_add_group1", groupou="OU=test_add_ou2,OU=test_add_ou1",
-                                   grouptype=4)
+                                   grouptype=samba.dsdb.GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP)
          except LdbError, (num, _):
              self.assertEquals(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
          else:
@@ -210,7 +211,7 @@ class AclAddTests(AclTests):
          self.ldb_user.newuser(self.test_user1, self.user_pass, userou=self.ou2, setpassword=False)
          try:
              self.ldb_user.newgroup("test_add_group1", groupou="OU=test_add_ou2,OU=test_add_ou1",
-                                   grouptype=4)
+                                   grouptype=samba.dsdb.GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP)
          except LdbError, (num, _):
              self.assertEquals(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
          else:
@@ -234,7 +235,7 @@ class AclAddTests(AclTests):
          self.ldb_owner.create_ou("OU=test_add_ou2,OU=test_add_ou1," + self.base_dn)
          self.ldb_owner.newuser(self.test_user1, self.user_pass, userou=self.ou2)
          self.ldb_owner.newgroup("test_add_group1", groupou="OU=test_add_ou2,OU=test_add_ou1",
-                                 grouptype=4)
+                                 grouptype=samba.dsdb.GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP)
          # Make sure we have successfully created the two objects -- user and group
          res = self.ldb_admin.search(self.base_dn, expression="(distinguishedName=%s,%s)" % ("CN=test_add_user1,OU=test_add_ou2,OU=test_add_ou1", self.base_dn))
          self.assertTrue(len(res) > 0)
@@ -267,8 +268,8 @@ class AclModifyTests(AclTests):
          self.ldb_user2 = self.get_ldb_connection(self.user_with_sm, self.user_pass)
          self.ldb_user3 = self.get_ldb_connection(self.user_with_group_sm, self.user_pass)
          self.user_sid = self.sd_utils.get_object_sid( self.get_user_dn(self.user_with_wp))
-        self.ldb_admin.newgroup("test_modify_group2", grouptype=4)
-        self.ldb_admin.newgroup("test_modify_group3", grouptype=4)
+        self.ldb_admin.newgroup("test_modify_group2", grouptype=samba.dsdb.GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP)
+        self.ldb_admin.newgroup("test_modify_group3", grouptype=samba.dsdb.GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP)
          self.ldb_admin.newuser("test_modify_user2", self.user_pass)
  
      def tearDown(self):
@@ -302,7 +303,8 @@ displayName: test_changed"""
          self.assertEqual(res[0]["displayName"][0], "test_changed")
          # Second test object -- Group
          print "Testing modify on Group object"
-        self.ldb_admin.newgroup("test_modify_group1", grouptype=4)
+        self.ldb_admin.newgroup("test_modify_group1",
+                                grouptype=samba.dsdb.GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP)
          self.sd_utils.dacl_add_ace("CN=test_modify_group1,CN=Users," + self.base_dn, mod)
          ldif = """
  dn: CN=test_modify_group1,CN=Users,""" + self.base_dn + """
@@ -360,7 +362,8 @@ url: www.samba.org"""
              self.fail()
          # Second test object -- Group
          print "Testing modify on Group object"
-        self.ldb_admin.newgroup("test_modify_group1", grouptype=4)
+        self.ldb_admin.newgroup("test_modify_group1",
+                                grouptype=samba.dsdb.GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP)
          self.sd_utils.dacl_add_ace("CN=test_modify_group1,CN=Users," + self.base_dn, mod)
          ldif = """
  dn: CN=test_modify_group1,CN=Users,""" + self.base_dn + """
@@ -434,7 +437,8 @@ url: www.samba.org"""
  
          # Second test object -- Group
          print "Testing modify on Group object"
-        self.ldb_admin.newgroup("test_modify_group1", grouptype=4)
+        self.ldb_admin.newgroup("test_modify_group1",
+                                grouptype=samba.dsdb.GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP)
          # Modify on attribute you do not have rights for granted
          ldif = """
  dn: CN=test_modify_group1,CN=Users,""" + self.base_dn + """
@@ -607,7 +611,7 @@ class AclSearchTests(AclTests):
          self.ldb_admin.newuser(self.u1, self.user_pass)
          self.ldb_admin.newuser(self.u2, self.user_pass)
          self.ldb_admin.newuser(self.u3, self.user_pass)
-        self.ldb_admin.newgroup(self.group1, grouptype=-2147483646)
+        self.ldb_admin.newgroup(self.group1, grouptype=samba.dsdb.GTYPE_SECURITY_GLOBAL_GROUP)
          self.ldb_admin.add_remove_group_members(self.group1, self.u2,
                                                  add_members_operation=True)
          self.ldb_user = self.get_ldb_connection(self.u1, self.user_pass)
@@ -1541,7 +1545,8 @@ class AclExtendedTests(AclTests):
          mod = "(A;;LC;;;%s)" % str(self.user_sid2)
          self.sd_utils.dacl_add_ace("OU=ext_ou1," + self.base_dn, mod)
          #create a group under that, grant RP to u2
-        self.ldb_user1.newgroup("ext_group1", groupou="OU=ext_ou1", grouptype=4)
+        self.ldb_user1.newgroup("ext_group1", groupou="OU=ext_ou1",
+                                grouptype=samba.dsdb.GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP)
          mod = "(A;;RP;;;%s)" % str(self.user_sid2)
          self.sd_utils.dacl_add_ace("CN=ext_group1,OU=ext_ou1," + self.base_dn, mod)
          #u2 must not read the descriptor
author	Andrew Tridgell <tridge@samba.org>
	Fri, 5 Aug 2011 04:03:58 +0000 (14:03 +1000)
committer	Andrew Bartlett <abartlet@samba.org>
	Tue, 9 Aug 2011 09:56:23 +0000 (11:56 +0200)