HACK sec_destrictor

diff --git a/source4/dsdb/tests/python/sec_descriptor.py b/source4/dsdb/tests/python/sec_descriptor.py
index c49b3b07c3ee45f24682d2f6b8ab223bb5fd164e..6851b0ef39090c3fd818a93e929cf94dc767b66a 100755 (executable)
--- a/source4/dsdb/tests/python/sec_descriptor.py
+++ b/source4/dsdb/tests/python/sec_descriptor.py
@@ -1708,14 +1708,23 @@ class SdFlagsDescriptorTests(DescriptorTests):
         """
         ou_dn = "OU=test_sdflags_ou," + self.base_dn
         self.ldb_admin.create_ou(ou_dn)
-        self.sd_utils.modify_sd_on_dn(ou_dn, "O:BAG:BA", controls=["sd_flags:1:%d" % (SECINFO_OWNER)])
+        self.sd_utils.modify_sd_on_dn(ou_dn, self.test_descr, controls=["sd_flags:1:%d" % (SECINFO_OWNER)])
         desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn)
         # make sure we have modified the owner
-        self.assertTrue("BA" in desc_sddl)
+        self.assertTrue("O:AU" in desc_sddl)
         # make sure nothing else has been modified
         self.assertFalse("G:AU" in desc_sddl)
         self.assertFalse("D:(D;;CC;;;LG)" in desc_sddl)
-        self.assertFalse("(OU;;WP;;;AU)" in desc_sddl)
+        self.assertFalse("S:(OU;;WP;;;AU)" in desc_sddl)
+
+        self.sd_utils.modify_sd_on_dn(ou_dn, "O:SO", controls=["sd_flags:1:%d" % (SECINFO_OWNER)])
+        desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn)
+        # make sure we have modified the owner
+        self.assertTrue("O:SO" in desc_sddl)
+        # make sure nothing else has been modified
+        self.assertTrue("G:" in desc_sddl)
+        self.assertTrue("D:(" in desc_sddl)
+        self.assertTrue("S:(" in desc_sddl)
 
     def test_302(self):
         """ Modify a descriptor with GROUP_SECURITY_INFORMATION set.
@@ -1732,12 +1741,30 @@ class SdFlagsDescriptorTests(DescriptorTests):
         self.assertFalse("D:(D;;CC;;;LG)" in desc_sddl)
         self.assertFalse("(OU;;WP;;;AU)" in desc_sddl)
 
+        self.sd_utils.modify_sd_on_dn(ou_dn, "G:SO", controls=["sd_flags:1:%d" % (SECINFO_GROUP)])
+        desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn)
+        # make sure we have modified the owner
+        self.assertTrue("G:SO" in desc_sddl)
+        # make sure nothing else has been modified
+        self.assertTrue("U:" in desc_sddl)
+        self.assertTrue("D:(" in desc_sddl)
+        self.assertTrue("S:(" in desc_sddl)
+
     def test_303(self):
         """ Modify a descriptor with SACL_SECURITY_INFORMATION set.
             See that only the owner has been changed.
         """
         ou_dn = "OU=test_sdflags_ou," + self.base_dn
         self.ldb_admin.create_ou(ou_dn)
+        self.sd_utils.modify_sd_on_dn(ou_dn, self.test_descr, controls=["sd_flags:1:%d" % (SECINFO_DACL)])
+        desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn)
+        # make sure we have modified the DACL
+        self.assertTrue("D:(D;;CC;;;LG)" in desc_sddl)
+        # make sure nothing else has been modified
+        self.assertFalse("O:AU" in desc_sddl)
+        self.assertFalse("G:AU" in desc_sddl)
+        self.assertFalse("S:(OU;;WP;;;AU)" in desc_sddl)
+
         self.sd_utils.modify_sd_on_dn(ou_dn, self.test_descr, controls=["sd_flags:1:%d" % (SECINFO_DACL)])
         desc_sddl = self.sd_utils.get_sd_as_sddl(ou_dn)
         # make sure we have modified the DACL