sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-26 10:04:02 +03:00
Code

s4:dsdb/tests/sec_descriptor: verify the nTSecurityDescriptor and sd_flags interaction

Browse Source 
This is a regression test for bug #9470.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
This commit is contained in:
Stefan Metzmacher 2012-12-06 14:04:47 +01:00 committed by Michael Adam
parent 6bc2caed8b
commit e617a3fecb
1 changed files with 116 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

116
source4/dsdb/tests/python/sec_descriptor.py
View File

@ -1848,6 +1848,122 @@ class SdFlagsDescriptorTests(DescriptorTests):
self.assertFalse("S:" in desc_sddl)
self.assertFalse("G:" in desc_sddl)
def test_311(self):
sd_flags = (SECINFO_OWNER |
SECINFO_GROUP |
SECINFO_DACL |
SECINFO_SACL)
res = self.ldb_admin.search(self.base_dn, SCOPE_BASE, None,
[], controls=None)
self.assertFalse("nTSecurityDescriptor" in res[0])
res = self.ldb_admin.search(self.base_dn, SCOPE_BASE, None,
["name"], controls=None)
self.assertFalse("nTSecurityDescriptor" in res[0])
res = self.ldb_admin.search(self.base_dn, SCOPE_BASE, None,
["name"], controls=["sd_flags:1:%d" % (sd_flags)])
self.assertFalse("nTSecurityDescriptor" in res[0])
res = self.ldb_admin.search(self.base_dn, SCOPE_BASE, None,
[], controls=["sd_flags:1:%d" % (sd_flags)])
self.assertTrue("nTSecurityDescriptor" in res[0])
tmp = res[0]["nTSecurityDescriptor"][0]
sd = ndr_unpack(security.descriptor, tmp)
sddl = sd.as_sddl(self.sd_utils.domain_sid)
self.assertTrue("O:" in sddl)
self.assertTrue("G:" in sddl)
self.assertTrue("D:" in sddl)
self.assertTrue("S:" in sddl)
res = self.ldb_admin.search(self.base_dn, SCOPE_BASE, None,
["*"], controls=["sd_flags:1:%d" % (sd_flags)])
self.assertTrue("nTSecurityDescriptor" in res[0])
tmp = res[0]["nTSecurityDescriptor"][0]
sd = ndr_unpack(security.descriptor, tmp)
sddl = sd.as_sddl(self.sd_utils.domain_sid)
self.assertTrue("O:" in sddl)
self.assertTrue("G:" in sddl)
self.assertTrue("D:" in sddl)
self.assertTrue("S:" in sddl)
res = self.ldb_admin.search(self.base_dn, SCOPE_BASE, None,
["nTSecurityDescriptor", "*"], controls=["sd_flags:1:%d" % (sd_flags)])
self.assertTrue("nTSecurityDescriptor" in res[0])
tmp = res[0]["nTSecurityDescriptor"][0]
sd = ndr_unpack(security.descriptor, tmp)
sddl = sd.as_sddl(self.sd_utils.domain_sid)
self.assertTrue("O:" in sddl)
self.assertTrue("G:" in sddl)
self.assertTrue("D:" in sddl)
self.assertTrue("S:" in sddl)
res = self.ldb_admin.search(self.base_dn, SCOPE_BASE, None,
["*", "nTSecurityDescriptor"], controls=["sd_flags:1:%d" % (sd_flags)])
self.assertTrue("nTSecurityDescriptor" in res[0])
tmp = res[0]["nTSecurityDescriptor"][0]
sd = ndr_unpack(security.descriptor, tmp)
sddl = sd.as_sddl(self.sd_utils.domain_sid)
self.assertTrue("O:" in sddl)
self.assertTrue("G:" in sddl)
self.assertTrue("D:" in sddl)
self.assertTrue("S:" in sddl)
res = self.ldb_admin.search(self.base_dn, SCOPE_BASE, None,
["nTSecurityDescriptor", "name"], controls=["sd_flags:1:%d" % (sd_flags)])
self.assertTrue("nTSecurityDescriptor" in res[0])
tmp = res[0]["nTSecurityDescriptor"][0]
sd = ndr_unpack(security.descriptor, tmp)
sddl = sd.as_sddl(self.sd_utils.domain_sid)
self.assertTrue("O:" in sddl)
self.assertTrue("G:" in sddl)
self.assertTrue("D:" in sddl)
self.assertTrue("S:" in sddl)
res = self.ldb_admin.search(self.base_dn, SCOPE_BASE, None,
["name", "nTSecurityDescriptor"], controls=["sd_flags:1:%d" % (sd_flags)])
self.assertTrue("nTSecurityDescriptor" in res[0])
tmp = res[0]["nTSecurityDescriptor"][0]
sd = ndr_unpack(security.descriptor, tmp)
sddl = sd.as_sddl(self.sd_utils.domain_sid)
self.assertTrue("O:" in sddl)
self.assertTrue("G:" in sddl)
self.assertTrue("D:" in sddl)
self.assertTrue("S:" in sddl)
res = self.ldb_admin.search(self.base_dn, SCOPE_BASE, None,
["nTSecurityDescriptor"], controls=None)
self.assertTrue("nTSecurityDescriptor" in res[0])
tmp = res[0]["nTSecurityDescriptor"][0]
sd = ndr_unpack(security.descriptor, tmp)
sddl = sd.as_sddl(self.sd_utils.domain_sid)
self.assertTrue("O:" in sddl)
self.assertTrue("G:" in sddl)
self.assertTrue("D:" in sddl)
self.assertTrue("S:" in sddl)
res = self.ldb_admin.search(self.base_dn, SCOPE_BASE, None,
["name", "nTSecurityDescriptor"], controls=None)
self.assertTrue("nTSecurityDescriptor" in res[0])
tmp = res[0]["nTSecurityDescriptor"][0]
sd = ndr_unpack(security.descriptor, tmp)
sddl = sd.as_sddl(self.sd_utils.domain_sid)
self.assertTrue("O:" in sddl)
self.assertTrue("G:" in sddl)
self.assertTrue("D:" in sddl)
self.assertTrue("S:" in sddl)
res = self.ldb_admin.search(self.base_dn, SCOPE_BASE, None,
["nTSecurityDescriptor", "name"], controls=None)
self.assertTrue("nTSecurityDescriptor" in res[0])
tmp = res[0]["nTSecurityDescriptor"][0]
sd = ndr_unpack(security.descriptor, tmp)
sddl = sd.as_sddl(self.sd_utils.domain_sid)
self.assertTrue("O:" in sddl)
self.assertTrue("G:" in sddl)
self.assertTrue("D:" in sddl)
self.assertTrue("S:" in sddl)
class RightsAttributesTests(DescriptorTests):