diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2017-08-09 13:56:07 +1200 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2017-08-29 07:23:28 +0200 |
| commit | 53512529beb3b05044cba3363eecb475ce36d610 (patch) | |
| tree | a7da5d4809fa8c217ca47d2fa2201c62072b9e4b | |
| parent | 2feea24061466d14002581ebe6f69956343941d0 (diff) | |
| download | samba-53512529beb3b05044cba3363eecb475ce36d610.tar.gz | |
selftest: Make dirsync test use symobolic name and OA not A
A is for Allow, OA is for Object Allow, which means check the GUID.
The previous ACE allowed all access, which was not the intention.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
| -rwxr-xr-x | source4/dsdb/tests/python/dirsync.py | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/source4/dsdb/tests/python/dirsync.py b/source4/dsdb/tests/python/dirsync.py index 168d5110dfb..e302c42d8bb 100755 --- a/source4/dsdb/tests/python/dirsync.py +++ b/source4/dsdb/tests/python/dirsync.py @@ -30,7 +30,7 @@ import base64 from ldb import LdbError, SCOPE_BASE from ldb import Message, MessageElement, Dn from ldb import FLAG_MOD_ADD, FLAG_MOD_DELETE -from samba.dcerpc import security, misc, drsblobs +from samba.dcerpc import security, misc, drsblobs, security from samba.ndr import ndr_unpack, ndr_pack from samba.auth import system_session @@ -119,7 +119,8 @@ class SimpleDirsyncTests(DirsyncBaseTests): self.desc_sddl = self.sd_utils.get_sd_as_sddl(self.base_dn) user_sid = self.sd_utils.get_object_sid(self.get_user_dn(self.dirsync_user)) - mod = "(A;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;%s)" % str(user_sid) + mod = "(OA;;CR;%s;;%s)" % (security.GUID_DRS_GET_CHANGES, + str(user_sid)) self.sd_utils.dacl_add_ace(self.base_dn, mod) # add admins to the Domain Admins group |