From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 20 Mar 2023 11:04:37 +0000 (+0100)
Subject: s4:dsdb/tests: let OwnerGroupDescriptorTests.test_141() set the required ACE explicitly
X-Git-Tag: talloc-2.4.1~1345
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7b0d5285361e6dc40e09bc0d36bb2aae5d5a86a7;p=thirdparty%2Fsamba.git

s4:dsdb/tests: let OwnerGroupDescriptorTests.test_141() set the required ACE explicitly

All other tests use the same logic and run before, which means the ACE
is already there and is implicitly required.

As we want to cleanup the ACE after each test in the next step,
as the tests should not have side effects for other tests, e.g.
'blackbox.dbcheck'.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15338

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/source4/dsdb/tests/python/sec_descriptor.py b/source4/dsdb/tests/python/sec_descriptor.py
index bc432bdaa74..2c197a846a5 100755
--- a/source4/dsdb/tests/python/sec_descriptor.py
+++ b/source4/dsdb/tests/python/sec_descriptor.py
@@ -868,6 +868,9 @@ class OwnerGroupDescriptorTests(DescriptorTests):
         self.check_user_belongs(self.get_users_domain_dn(user_name), [])
         # Open Ldb connection with the tested user
         _ldb = self.get_ldb_connection(user_name, "samba123@")
+        # Change Schema partition descriptor
+        mod = "(A;;CC;;;AU)"
+        self.sd_utils.dacl_add_ace(self.schema_dn, mod)
         # Create a custom security descriptor
         # NB! Problematic owner part won't accept DA only <User Sid> !!!
         user_sid = self.sd_utils.get_object_sid(self.get_users_domain_dn(user_name))