From ac8b8e5539b79407292a5ef19bdd2aaf86b92884 Mon Sep 17 00:00:00 2001 From: Nadezhda Ivanova Date: Tue, 4 Nov 2014 20:08:58 +0200 Subject: s4-dsdb: Tests for security checks on undelete operation Implemented according to MS-ADTS 3.1.1.5.3.7.1. Unfortunately it appears LC is also necessary, and it is not granted by default to anyone but System and Administrator, so tests had to be done negatively Signed-off-by: Nadezhda Ivanova Reviewed-by: Andrew Bartlett Reviewed-by: Garming Sam Change-Id: Ic03b8fc4e222e7842ec8a9645a1bb33e7df9c438 --- python/samba/sd_utils.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'python/samba/sd_utils.py') diff --git a/python/samba/sd_utils.py b/python/samba/sd_utils.py index ded9bfc192..7592a2982a 100644 --- a/python/samba/sd_utils.py +++ b/python/samba/sd_utils.py @@ -62,7 +62,7 @@ class SDUtils(object): def dacl_add_ace(self, object_dn, ace): """Add an ACE to an objects security descriptor """ - desc = self.read_sd_on_dn(object_dn) + desc = self.read_sd_on_dn(object_dn,["show_deleted:1"]) desc_sddl = desc.as_sddl(self.domain_sid) if ace in desc_sddl: return @@ -71,10 +71,10 @@ class SDUtils(object): desc_sddl[desc_sddl.index("("):]) else: desc_sddl = desc_sddl + ace - self.modify_sd_on_dn(object_dn, desc_sddl) + self.modify_sd_on_dn(object_dn, desc_sddl, ["show_deleted:1"]) - def get_sd_as_sddl(self, object_dn, controls=None): + def get_sd_as_sddl(self, object_dn, controls=[]): """Return object nTSecutiryDescriptor in SDDL format """ - desc = self.read_sd_on_dn(object_dn, controls=controls) + desc = self.read_sd_on_dn(object_dn, controls + ["show_deleted:1"]) return desc.as_sddl(self.domain_sid) -- cgit