"""
ou_dn = "OU=test_sdflags_ou," + self.base_dn
self.ldb_admin.create_ou(ou_dn)
- self.sd_utils.modify_sd_on_dn(ou_dn, "O:BAG:BA", controls=["sd_flags:1:%d" % (SECINFO_OWNER)])
+ self.sd_utils.modify_sd_on_dn(ou_dn, self.test_descr, controls=["sd_flags:1:%d" % (SECINFO_OWNER)])
desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn)
# make sure we have modified the owner
- self.assertTrue("BA" in desc_sddl)
+ self.assertTrue("O:AU" in desc_sddl)
# make sure nothing else has been modified
self.assertFalse("G:AU" in desc_sddl)
self.assertFalse("D:(D;;CC;;;LG)" in desc_sddl)
- self.assertFalse("(OU;;WP;;;AU)" in desc_sddl)
+ self.assertFalse("S:(OU;;WP;;;AU)" in desc_sddl)
+
+ self.sd_utils.modify_sd_on_dn(ou_dn, "O:SO", controls=["sd_flags:1:%d" % (SECINFO_OWNER)])
+ desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn)
+ # make sure we have modified the owner
+ self.assertTrue("O:SO" in desc_sddl)
+ # make sure nothing else has been modified
+ self.assertTrue("G:" in desc_sddl)
+ self.assertTrue("D:(" in desc_sddl)
+ self.assertTrue("S:(" in desc_sddl)
def test_302(self):
""" Modify a descriptor with GROUP_SECURITY_INFORMATION set.
self.assertFalse("D:(D;;CC;;;LG)" in desc_sddl)
self.assertFalse("(OU;;WP;;;AU)" in desc_sddl)
+ self.sd_utils.modify_sd_on_dn(ou_dn, "G:SO", controls=["sd_flags:1:%d" % (SECINFO_GROUP)])
+ desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn)
+ # make sure we have modified the owner
+ self.assertTrue("G:SO" in desc_sddl)
+ # make sure nothing else has been modified
+ self.assertTrue("U:" in desc_sddl)
+ self.assertTrue("D:(" in desc_sddl)
+ self.assertTrue("S:(" in desc_sddl)
+
def test_303(self):
""" Modify a descriptor with SACL_SECURITY_INFORMATION set.
See that only the owner has been changed.
"""
ou_dn = "OU=test_sdflags_ou," + self.base_dn
self.ldb_admin.create_ou(ou_dn)
+ self.sd_utils.modify_sd_on_dn(ou_dn, self.test_descr, controls=["sd_flags:1:%d" % (SECINFO_DACL)])
+ desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn)
+ # make sure we have modified the DACL
+ self.assertTrue("D:(D;;CC;;;LG)" in desc_sddl)
+ # make sure nothing else has been modified
+ self.assertFalse("O:AU" in desc_sddl)
+ self.assertFalse("G:AU" in desc_sddl)
+ self.assertFalse("S:(OU;;WP;;;AU)" in desc_sddl)
+
self.sd_utils.modify_sd_on_dn(ou_dn, self.test_descr, controls=["sd_flags:1:%d" % (SECINFO_DACL)])
desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn)
# make sure we have modified the DACL