The branch, master has been updated
via 91b687d s4-tests: Modified acl.py to use samdb.newgroup instead of
custom methods.
via e95a350 s4-dsdb: Changed filter to find the account of a user by
samAccountName
from 5e0130c Fix bug #7785 - atime limit.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 91b687d42b66c53bf81d49bb41b4597ab1a93b30
Author: Nadezhda Ivanova <nivan...@samba.org>
Date: Tue Nov 23 21:59:39 2010 +0200
s4-tests: Modified acl.py to use samdb.newgroup instead of custom methods.
Autobuild-User: Nadezhda Ivanova <nivan...@samba.org>
Autobuild-Date: Tue Nov 23 21:46:07 CET 2010 on sn-devel-104
commit e95a350682f965780841712527e8e0cac282218d
Author: Nadezhda Ivanova <nivan...@samba.org>
Date: Tue Nov 23 21:54:09 2010 +0200
s4-dsdb: Changed filter to find the account of a user by samAccountName
In newuser, a filter by dn was given to setpassword to find the account
whose password is to be reset.
It appears however that if given filter of type (dn=CN=smth) Windows fails
to return the entry, and the
tests that use newuser fail against it. Changed to use samAccountName
instead.
-----------------------------------------------------------------------
Summary of changes:
source4/dsdb/tests/python/acl.py | 58 ++++++++-----------------------
source4/scripting/python/samba/samdb.py | 3 +-
2 files changed, 16 insertions(+), 45 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/dsdb/tests/python/acl.py b/source4/dsdb/tests/python/acl.py
index 34c4e55..c45399a 100755
--- a/source4/dsdb/tests/python/acl.py
+++ b/source4/dsdb/tests/python/acl.py
@@ -96,38 +96,6 @@ replace: nTSecurityDescriptor
mod += "nTSecurityDescriptor:: %s" %
base64.b64encode(ndr_pack(desc))
self.ldb_admin.modify_ldif(mod)
- def create_group(self, _ldb, group_dn, desc=None):
- ldif = """
-dn: """ + group_dn + """
-objectClass: group
-sAMAccountName: """ + group_dn.split(",")[0][3:] + """
-groupType: 4
-url: www.example.com
-"""
- if desc:
- assert(isinstance(desc, str) or isinstance(desc,
security.descriptor))
- if isinstance(desc, str):
- ldif += "nTSecurityDescriptor: %s" % desc
- elif isinstance(desc, security.descriptor):
- ldif += "nTSecurityDescriptor:: %s" %
base64.b64encode(ndr_pack(desc))
- _ldb.add_ldif(ldif)
-
- def create_security_group(self, _ldb, group_dn, desc=None):
- ldif = """
-dn: """ + group_dn + """
-objectClass: group
-sAMAccountName: """ + group_dn.split(",")[0][3:] + """
-groupType: -2147483646
-url: www.example.com
-"""
- if desc:
- assert(isinstance(desc, str) or isinstance(desc,
security.descriptor))
- if isinstance(desc, str):
- ldif += "nTSecurityDescriptor: %s" % desc
- elif isinstance(desc, security.descriptor):
- ldif += "nTSecurityDescriptor:: %s" %
base64.b64encode(ndr_pack(desc))
- _ldb.add_ldif(ldif)
-
def read_desc(self, object_dn):
res = self.ldb_admin.search(object_dn, SCOPE_BASE, None,
["nTSecurityDescriptor"])
desc = res[0]["nTSecurityDescriptor"][0]
@@ -235,7 +203,8 @@ class AclAddTests(AclTests):
self.dacl_add_ace("OU=test_add_ou1," + self.base_dn, mod)
# Test user and group creation with another domain admin's credentials
self.ldb_notowner.newuser(self.test_user1, self.user_pass,
userou=self.ou2)
- self.create_group(self.ldb_notowner,
"CN=test_add_group1,OU=test_add_ou2,OU=test_add_ou1," + self.base_dn)
+ self.ldb_notowner.newgroup("test_add_group1",
groupou="OU=test_add_ou2,OU=test_add_ou1",
+ grouptype=4)
# Make sure we HAVE created the two objects -- user and group
# !!! We should not be able to do that, but however beacuse of ACE
ordering our inherited Deny ACE
# !!! comes after explicit (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA) that
comes from somewhere
@@ -253,7 +222,8 @@ class AclAddTests(AclTests):
# Test user and group creation with regular user credentials
try:
self.ldb_user.newuser(self.test_user1, self.user_pass,
userou=self.ou2)
- self.create_group(self.ldb_user,
"CN=test_add_group1,OU=test_add_ou2,OU=test_add_ou1," + self.base_dn)
+ self.ldb_user.newgroup("test_add_group1",
groupou="OU=test_add_ou2,OU=test_add_ou1",
+ grouptype=4)
except LdbError, (num, _):
self.assertEquals(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
else:
@@ -276,7 +246,8 @@ class AclAddTests(AclTests):
# Test user and group creation with granted user only to one of the
objects
self.ldb_user.newuser(self.test_user1, self.user_pass,
userou=self.ou2, setpassword=False)
try:
- self.create_group(self.ldb_user,
"CN=test_add_group1,OU=test_add_ou2,OU=test_add_ou1," + self.base_dn)
+ self.ldb_user.newgroup("test_add_group1",
groupou="OU=test_add_ou2,OU=test_add_ou1",
+ grouptype=4)
except LdbError, (num, _):
self.assertEquals(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
else:
@@ -299,7 +270,8 @@ class AclAddTests(AclTests):
self.ldb_owner.create_ou("OU=test_add_ou1," + self.base_dn)
self.ldb_owner.create_ou("OU=test_add_ou2,OU=test_add_ou1," +
self.base_dn)
self.ldb_owner.newuser(self.test_user1, self.user_pass,
userou=self.ou2)
- self.create_group(self.ldb_owner,
"CN=test_add_group1,OU=test_add_ou2,OU=test_add_ou1," + self.base_dn)
+ self.ldb_owner.newgroup("test_add_group1",
groupou="OU=test_add_ou2,OU=test_add_ou1",
+ grouptype=4)
# Make sure we have successfully created the two objects -- user and
group
res = self.ldb_admin.search(self.base_dn,
expression="(distinguishedName=%s,%s)" %
("CN=test_add_user1,OU=test_add_ou2,OU=test_add_ou1", self.base_dn))
self.assertTrue(len(res) > 0)
@@ -322,8 +294,8 @@ class AclModifyTests(AclTests):
self.ldb_user2 = self.get_ldb_connection(self.user_with_sm,
self.user_pass)
self.ldb_user3 = self.get_ldb_connection(self.user_with_group_sm,
self.user_pass)
self.user_sid = self.get_object_sid(
self.get_user_dn(self.user_with_wp))
- self.create_group(self.ldb_admin, "CN=test_modify_group2,CN=Users," +
self.base_dn)
- self.create_group(self.ldb_admin, "CN=test_modify_group3,CN=Users," +
self.base_dn)
+ self.ldb_admin.newgroup("test_modify_group2", grouptype=4)
+ self.ldb_admin.newgroup("test_modify_group3", grouptype=4)
self.ldb_admin.newuser("test_modify_user2", self.user_pass)
def tearDown(self):
@@ -356,7 +328,7 @@ displayName: test_changed"""
self.assertEqual(res[0]["displayName"][0], "test_changed")
# Second test object -- Group
print "Testing modify on Group object"
- self.create_group(self.ldb_admin, "CN=test_modify_group1,CN=Users," +
self.base_dn)
+ self.ldb_admin.newgroup("test_modify_group1", grouptype=4)
self.dacl_add_ace("CN=test_modify_group1,CN=Users," + self.base_dn,
mod)
ldif = """
dn: CN=test_modify_group1,CN=Users,""" + self.base_dn + """
@@ -414,7 +386,7 @@ url: www.samba.org"""
self.fail()
# Second test object -- Group
print "Testing modify on Group object"
- self.create_group(self.ldb_admin, "CN=test_modify_group1,CN=Users," +
self.base_dn)
+ self.ldb_admin.newgroup("test_modify_group1", grouptype=4)
self.dacl_add_ace("CN=test_modify_group1,CN=Users," + self.base_dn,
mod)
ldif = """
dn: CN=test_modify_group1,CN=Users,""" + self.base_dn + """
@@ -488,7 +460,7 @@ url: www.samba.org"""
# Second test object -- Group
print "Testing modify on Group object"
- self.create_group(self.ldb_admin, "CN=test_modify_group1,CN=Users," +
self.base_dn)
+ self.ldb_admin.newgroup("test_modify_group1", grouptype=4)
# Modify on attribute you do not have rights for granted
ldif = """
dn: CN=test_modify_group1,CN=Users,""" + self.base_dn + """
@@ -652,7 +624,7 @@ class AclSearchTests(AclTests):
self.ldb_admin.newuser(self.u1, self.user_pass)
self.ldb_admin.newuser(self.u2, self.user_pass)
self.ldb_admin.newuser(self.u3, self.user_pass)
- self.create_security_group(self.ldb_admin,
self.get_user_dn(self.group1))
+ self.ldb_admin.newgroup(self.group1, grouptype=-2147483646)
self.ldb_admin.add_remove_group_members(self.group1, self.u2,
add_members_operation=True)
self.ldb_user = self.get_ldb_connection(self.u1, self.user_pass)
@@ -1596,7 +1568,7 @@ class AclExtendedTests(AclTests):
mod = "(A;;LC;;;%s)" % str(self.user_sid2)
self.dacl_add_ace("OU=ext_ou1," + self.base_dn, mod)
#create a group under that, grant RP to u2
- self.create_group(self.ldb_user1, "CN=ext_group1,OU=ext_ou1," +
self.base_dn)
+ self.ldb_user1.newgroup("ext_group1", groupou="OU=ext_ou1",
grouptype=4)
mod = "(A;;RP;;;%s)" % str(self.user_sid2)
self.dacl_add_ace("CN=ext_group1,OU=ext_ou1," + self.base_dn, mod)
#u2 must not read the descriptor
diff --git a/source4/scripting/python/samba/samdb.py
b/source4/scripting/python/samba/samdb.py
index 98ae679..668c600 100644
--- a/source4/scripting/python/samba/samdb.py
+++ b/source4/scripting/python/samba/samdb.py
@@ -337,7 +337,7 @@ member: %s
# Sets the password for it
if setpassword:
- self.setpassword("(dn=" + user_dn + ")", password,
+ self.setpassword("(samAccountName=%s)" % username, password,
force_password_change_at_next_login_req)
except:
self.transaction_cancel()
@@ -362,7 +362,6 @@ member: %s
raise Exception('Unable to find user "%s"' % (username or
search_filter))
assert(len(res) == 1)
user_dn = res[0].dn
-
setpw = """
dn: %s
changetype: modify
--
Samba Shared Repository
