From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Thu, 27 Apr 2023 04:20:25 +0000 (+1200)
Subject: tests/krb5: Allow specifying an encoded security descriptor
X-Git-Tag: talloc-2.4.1~743
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ab8a3e87bbe4d1f46aca3895dc3d91277eb28486;p=thirdparty%2Fsamba.git

tests/krb5: Allow specifying an encoded security descriptor

If we get a string, we’ll still assume it’s a DN and create a security
descriptor using it.

This is useful in cases where we don’t have a DN (e.g., the account is
not created yet).

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py
index abb577fa968..bc7a510d117 100644
--- a/python/samba/tests/krb5/kdc_base_test.py
+++ b/python/samba/tests/krb5/kdc_base_test.py
@@ -1770,10 +1770,11 @@ class KDCBaseTest(RawKerberosTest):
             details['msDS-AllowedToDelegateTo'] = delegation_to_spn
 
         if delegation_from_dn:
-            security_descriptor = self.get_security_descriptor(
-                delegation_from_dn)
+            if isinstance(delegation_from_dn, str):
+                delegation_from_dn = self.get_security_descriptor(
+                    delegation_from_dn)
             details['msDS-AllowedToActOnBehalfOfOtherIdentity'] = (
-                security_descriptor)
+                delegation_from_dn)
 
         if spn is None and account_type is not self.AccountType.USER:
             spn = 'host/' + user_name