diff options
author | Nadezhda Ivanova <nivanova@symas.com> | 2014-11-04 20:08:58 +0200 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2015-02-03 05:02:11 +0100 |
commit | ac8b8e5539b79407292a5ef19bdd2aaf86b92884 (patch) | |
tree | 0c67cc6518fbbe7aa1bfb7c33d3581cab24e6a1c /python | |
parent | def9d268681625c2431e53d842f22a01af72c95c (diff) | |
download | samba-ac8b8e5539b79407292a5ef19bdd2aaf86b92884.tar.gz |
s4-dsdb: Tests for security checks on undelete operation
Implemented according to MS-ADTS 3.1.1.5.3.7.1. Unfortunately it appears
LC is also necessary, and it is not granted by default to anyone but
System and Administrator, so tests had to be done negatively
Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Change-Id: Ic03b8fc4e222e7842ec8a9645a1bb33e7df9c438
Diffstat (limited to 'python')
-rw-r--r-- | python/samba/sd_utils.py | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/python/samba/sd_utils.py b/python/samba/sd_utils.py index ded9bfc1926..7592a2982a4 100644 --- a/python/samba/sd_utils.py +++ b/python/samba/sd_utils.py @@ -62,7 +62,7 @@ class SDUtils(object): def dacl_add_ace(self, object_dn, ace): """Add an ACE to an objects security descriptor """ - desc = self.read_sd_on_dn(object_dn) + desc = self.read_sd_on_dn(object_dn,["show_deleted:1"]) desc_sddl = desc.as_sddl(self.domain_sid) if ace in desc_sddl: return @@ -71,10 +71,10 @@ class SDUtils(object): desc_sddl[desc_sddl.index("("):]) else: desc_sddl = desc_sddl + ace - self.modify_sd_on_dn(object_dn, desc_sddl) + self.modify_sd_on_dn(object_dn, desc_sddl, ["show_deleted:1"]) - def get_sd_as_sddl(self, object_dn, controls=None): + def get_sd_as_sddl(self, object_dn, controls=[]): """Return object nTSecutiryDescriptor in SDDL format """ - desc = self.read_sd_on_dn(object_dn, controls=controls) + desc = self.read_sd_on_dn(object_dn, controls + ["show_deleted:1"]) return desc.as_sddl(self.domain_sid) |