Skip to content

Commit

Permalink
tests/dsdb.py: verify that foreignSecurityPrincipal objects require t…
Browse files Browse the repository at this point in the history 
…he provision control

Windows rejects creating foreignSecurityPrincipal objects directly.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300

Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
  • Loading branch information
@metze-samba @cryptomilk
metze-samba authored and cryptomilk committed Mar 19, 2018
1 parent 470044b commit 856504c
Show file tree
Hide file tree
Showing 2 changed files with 43 additions and 4 deletions.
46 changes: 42 additions & 4 deletions python/samba/tests/dsdb.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -215,19 +215,57 @@ def test_duplicate_objectSIDs_allowed_on_foreign_security_principals(self):
c = "9"
else:
c = "0"
sid = str(dom_sid)[:-1] + c + "-1000"
sid_str = str(dom_sid)[:-1] + c + "-1000"
sid = ndr_pack(security.dom_sid(sid_str))
basedn = self.samdb.get_default_basedn()
dn = "CN=%s,CN=ForeignSecurityPrincipals,%s" % (sid, basedn)
dn = "CN=%s,CN=ForeignSecurityPrincipals,%s" % (sid_str, basedn)

#
# First without control
#

try:
self.samdb.add({
"dn": dn,
"objectClass": "foreignSecurityPrincipal"})
self.fail("No exception should get ERR_OBJECT_CLASS_VIOLATION")
except ldb.LdbError as e:
(code, msg) = e.args
self.assertEqual(code, ldb.ERR_OBJECT_CLASS_VIOLATION, str(e))
werr = "%08X" % werror.WERR_DS_MISSING_REQUIRED_ATT
self.assertTrue(werr in msg, msg)

try:
self.samdb.add({
"dn": dn,
"objectClass": "foreignSecurityPrincipal",
"objectSid": sid})
self.fail("No exception should get ERR_UNWILLING_TO_PERFORM")
except ldb.LdbError as e:
(code, msg) = e.args
self.assertEqual(code, ldb.ERR_UNWILLING_TO_PERFORM, str(e))
werr = "%08X" % werror.WERR_DS_ILLEGAL_MOD_OPERATION
self.assertTrue(werr in msg, msg)

#
# We need to use the provision control
# in order to add foreignSecurityPrincipal
# objects
#

controls = ["provision:0"]
self.samdb.add({
"dn": dn,
"objectClass": "foreignSecurityPrincipal"})
"objectClass": "foreignSecurityPrincipal"},
controls=controls)

self.samdb.delete(dn)

try:
self.samdb.add({
"dn": dn,
"objectClass": "foreignSecurityPrincipal"})
"objectClass": "foreignSecurityPrincipal"},
controls=controls)
except ldb.LdbError as e:
(code, msg) = e.args
self.fail("Got unexpected exception %d - %s "
Expand Down
1 change: 1 addition & 0 deletions selftest/knownfail.d/duplicate_objectSIDs
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
^samba.tests.dsdb.*samba.tests.dsdb.DsdbTests.test_duplicate_objectSIDs_allowed_on_foreign_security_principals

0 comments on commit 856504c

Please sign in to comment.