sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-08-04 08:22:08 +03:00
Code Activity

s4-dsacl: Fixed incorrect handling of privileges in sec_access_check_ds

Browse Source 
Restore and backup privileges are not relevant to ldap
access checks, and the TakeOwnership privilege should
grant write_owner right

Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Nadezhda Ivanova
2013-10-15 02:06:38 +03:00
committed by Andrew Bartlett
parent 2d51424569
commit daefca2a1a
3 changed files with 35 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
source4/dsdb/tests/python/ldap.py
View File

@ -2649,7 +2649,7 @@ nTSecurityDescriptor:: """ + desc_base64)
user_dn = "CN=%s,CN=Users,%s" % (user_name, self.base_dn)
delete_force(self.ldb, user_dn)
try:
sddl = "O:DUG:DUD:PAI(A;;RPWP;;;AU)S:PAI"
sddl = "O:DUG:DUD:AI(A;;RPWP;;;AU)S:PAI"
desc = security.descriptor.from_sddl(sddl, security.dom_sid('S-1-5-21'))
desc_base64 = base64.b64encode( ndr_pack(desc) )
self.ldb.add_ldif("""
@ -2659,6 +2659,10 @@ sAMAccountName: """ + user_name + """
nTSecurityDescriptor:: """ + desc_base64)
res = self.ldb.search(base=user_dn, attrs=["nTSecurityDescriptor"])
self.assertTrue("nTSecurityDescriptor" in res[0])
desc = res[0]["nTSecurityDescriptor"][0]
desc = ndr_unpack(security.descriptor, desc)
desc_sddl = desc.as_sddl(self.domain_sid)
self.assertTrue("O:S-1-5-21-513G:S-1-5-21-513D:AI(A;;RPWP;;;AU)" in desc_sddl)
finally:
delete_force(self.ldb, user_dn)