tests/krb5: Allow specifying an encoded security descriptor

If we get a string, we’ll still assume it’s a DN and create a security
descriptor using it.

This is useful in cases where we don’t have a DN (e.g., the account is
not created yet).

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py
index abb577fa9686b8ac6e024e84c10b7c628799d4fa..bc7a510d1172ddc5e59402f9117cadb1556bef6a 100644 (file)
--- a/python/samba/tests/krb5/kdc_base_test.py
+++ b/python/samba/tests/krb5/kdc_base_test.py
@@ -1770,10 +1770,11 @@ class KDCBaseTest(RawKerberosTest):
             details['msDS-AllowedToDelegateTo'] = delegation_to_spn
 
         if delegation_from_dn:
-            security_descriptor = self.get_security_descriptor(
-                delegation_from_dn)
+            if isinstance(delegation_from_dn, str):
+                delegation_from_dn = self.get_security_descriptor(
+                    delegation_from_dn)
             details['msDS-AllowedToActOnBehalfOfOtherIdentity'] = (
-                security_descriptor)
+                delegation_from_dn)
 
         if spn is None and account_type is not self.AccountType.USER:
             spn = 'host/' + user_name