sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-22 22:04:08 +03:00
Code

s4-selftest/drs: Confirm GetNCChanges REPL_SECRET works with a DummyDN and real GUID

Browse Source 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
Andrew Bartlett 2022-12-15 16:02:55 +13:00 committed by Stefan Metzmacher
parent 539221dda3
commit 7c43388576
3 changed files with 50 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
selftest/knownfail.d/getncchanges
View File

@ -14,3 +14,4 @@ samba4.drs.getncchanges.python\(promoted_dc\).getncchanges.DrsReplicaSyncIntegri
^samba4.drs.getnc_exop.python\(.*\).getnc_exop.DrsReplicaSyncTestCase.test_DummyDN_valid_GUID_REPL_SECRET
^samba4.drs.getncchanges.python\(.*\).getncchanges.DrsReplicaSyncIntegrityTestCase.test_DummyDN_valid_GUID_full_repl
^samba4.drs.getncchanges.python\(.*\).getncchanges.DrsReplicaSyncIntegrityTestCase.test_InvalidNC_DummyDN_InvalidGUID_full_repl
^samba4.drs.repl_rodc.python\(.*\).repl_rodc.DrsRodcTestCase.test_admin_repl_secrets_DummyDN_GUID

4
source4/torture/drs/python/drs_base.py
View File

@ -464,13 +464,15 @@ class DrsBaseTestCase(SambaToolCmdTest):
def _getnc_req10(self, dest_dsa, invocation_id, nc_dn_str, exop,
replica_flags=0, max_objects=0, partial_attribute_set=None,
partial_attribute_set_ex=None, mapping_ctr=None,
more_flags=0):
more_flags=0, nc_guid=None):
req10 = drsuapi.DsGetNCChangesRequest10()
req10.destination_dsa_guid = misc.GUID(dest_dsa) if dest_dsa else misc.GUID()
req10.source_dsa_invocation_id = misc.GUID(invocation_id)
req10.naming_context = drsuapi.DsReplicaObjectIdentifier()
req10.naming_context.dn = str(nc_dn_str)
if nc_guid is not None:
req10.naming_context.guid = nc_guid
req10.highwatermark = drsuapi.DsReplicaHighWaterMark()
req10.highwatermark.tmp_highest_usn = 0
req10.highwatermark.reserved_usn = 0

46
source4/torture/drs/python/repl_rodc.py
View File

@ -159,6 +159,52 @@ class DrsRodcTestCase(drs_base.DrsBaseTestCase):
# Check that the user has been added to msDSRevealedUsers
self._assert_in_revealed_users(user_dn, expected_user_attributes)
def test_admin_repl_secrets_DummyDN_GUID(self):
"""
When a secret attribute is set to be replicated to an RODC with the
admin credentials, it should always replicate regardless of whether
or not it's in the Allowed RODC Password Replication Group.
"""
rand = random.randint(1, 10000000)
expected_user_attributes = [drsuapi.DRSUAPI_ATTID_lmPwdHistory,
drsuapi.DRSUAPI_ATTID_supplementalCredentials,
drsuapi.DRSUAPI_ATTID_ntPwdHistory,
drsuapi.DRSUAPI_ATTID_unicodePwd,
drsuapi.DRSUAPI_ATTID_dBCSPwd]
user_name = "test_rodcA_%s" % rand
user_dn = "CN=%s,%s" % (user_name, self.ou)
self.ldb_dc1.add({
"dn": user_dn,
"objectclass": "user",
"sAMAccountName": user_name
})
res = self.ldb_dc1.search(base=user_dn, scope=ldb.SCOPE_BASE,
attrs=["objectGUID"])
user_guid = misc.GUID(res[0]["objectGUID"][0])
# Store some secret on this user
self.ldb_dc1.setpassword("(sAMAccountName=%s)" % user_name, 'penguin12#', False, user_name)
req10 = self._getnc_req10(dest_dsa=str(self.rodc_ctx.ntds_guid),
invocation_id=self.ldb_dc1.get_invocation_id(),
nc_dn_str="DummyDN",
nc_guid=user_guid,
exop=drsuapi.DRSUAPI_EXOP_REPL_SECRET,
partial_attribute_set=drs_get_rodc_partial_attribute_set(self.ldb_dc1, self.tmp_samdb),
max_objects=133,
replica_flags=0)
try:
(level, ctr) = self.drs.DsGetNCChanges(self.drs_handle, 10, req10)
except WERRORError as e1:
(enum, estr) = e1.args
self.fail(f"DsGetNCChanges failed with {estr}")
# Check that the user has been added to msDSRevealedUsers
self._assert_in_revealed_users(user_dn, expected_user_attributes)
def test_rodc_repl_secrets(self):
"""
When a secret attribute is set to be replicated to an RODC with