1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

pytest:sid_strings: test SID DNs with ldb parsing

By using an ldb.Dn as an intermediary, we get to see which SIDs
Samba thinks are OK but Windows thinks are bad.
It is things like "S-0-5-32-579".

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Douglas Bagnall 2023-04-13 12:11:48 +12:00 committed by Andrew Bartlett
parent 953ad43f15
commit 866069172b
2 changed files with 83 additions and 0 deletions

View File

@ -468,6 +468,81 @@ class SidStringsAsDnInSearchBase(SidStringBase):
self.assertIsNone(expected)
@DynamicTestCase
class SidStringsAsDnSearchWithDnObject(SidStringBase):
"""How does a bad <SID=x> dn work as a search base, if at all?
This time we parse the DN in ldb first.
"""
skip_local = True
cases = {' S-1-1-1-1-1-1-1': ('parse error', None),
'S-0-5-32-579': (None, ldb.ERR_INVALID_DN_SYNTAX),
'S-000000000001-5-20-243': ('parse error', None),
'S-000000001-5-32-579': ('parse error', None),
'S-01-05-020-0243': (None, ldb.ERR_NO_SUCH_OBJECT),
'S-0x1-0-0-579': ('parse error', None),
'S-0x1-0x5-020-0243': ('parse error', None),
'S-0x1-5-20-243': ('parse error', None),
'S-0x1-5-40-579': ('parse error', None),
'S-0x1-500000000-20-243': ('parse error', None),
'S-1-0': (None, ldb.ERR_NO_SUCH_OBJECT),
'S-1-0-0-579': (None, ldb.ERR_NO_SUCH_OBJECT),
'S-1-0x05-32-579': (None, None),
'S-1-0x5-0x20-0x243': (None, ldb.ERR_NO_SUCH_OBJECT),
'S-1-0x50000000-32-579': (None, ldb.ERR_NO_SUCH_OBJECT),
'S-1-0x500000000-0x500000000-579': (None, ldb.ERR_NO_SUCH_OBJECT),
'S-1-0x500000000-32-579': (None, ldb.ERR_NO_SUCH_OBJECT),
'S-1-0xABcDef123-0xABCDef123-579': (None, ldb.ERR_NO_SUCH_OBJECT),
'S-1-1-1-1-1-1-1': (None, ldb.ERR_NO_SUCH_OBJECT),
'S-1-21474836480-32-579': (None, ldb.ERR_NO_SUCH_OBJECT),
'S-1-22': (None, ldb.ERR_NO_SUCH_OBJECT),
'S-1-22-1': (None, ldb.ERR_NO_SUCH_OBJECT),
'S-1-22-1-0': (None, ldb.ERR_NO_SUCH_OBJECT),
'S-1-281474976710655-579': (None, ldb.ERR_NO_SUCH_OBJECT),
'S-1-281474976710656-579': ('parse error', None),
'S-1-3-0': (None, ldb.ERR_NO_SUCH_OBJECT),
'S-1-3-99': (None, ldb.ERR_NO_SUCH_OBJECT),
'S-1-5-0-579': (None, ldb.ERR_NO_SUCH_OBJECT),
'S-1-5-040-579': (None, ldb.ERR_NO_SUCH_OBJECT),
'S-1-5-0x20-579': (None, ldb.ERR_NO_SUCH_OBJECT),
'S-1-5-11111111111111111111111111111111111-579': ('parse error', None),
'S-1-5-18446744073709551615-579': ('parse error', None),
'S-1-5-18446744073709551616-579': ('parse error', None),
'S-1-5-3 2-579': (None, ldb.ERR_NO_SUCH_OBJECT),
'S-1-5-32- 579': ('parse error', None),
'S-1-5-32--579': ('parse error', None),
'S-1-5-4294967295-579': (None, ldb.ERR_NO_SUCH_OBJECT),
'S-1-5-9999999999-579': ('parse error', None),
'S-1-99999999999999999999999999999999999999-32-11111111111': ('parse error',
None),
'S-10-5-32-579': (None, ldb.ERR_INVALID_DN_SYNTAX),
'S-2-5-32-579': (None, ldb.ERR_INVALID_DN_SYNTAX),
's-1-5-32-579': ('parse error', None),
}
def _test_sid_string_with_args(self, code, expected):
dn_err, search_err = expected
dn_str = f"<SID={code}>"
try:
dn = ldb.Dn(self.ldb, dn_str)
except ValueError:
self.assertEqual(dn_err, 'parse error')
return
except ldb.LdbError as e:
self.assertEqual(dn_err, e.args[0])
return
self.assertIsNone(dn_err)
try:
self.ldb.search(dn, scope=ldb.SCOPE_BASE, attrs=['*'])
except ldb.LdbError as e:
self.assertEqual(search_err, e.args[0])
return
self.assertIsNone(search_err)
if __name__ == '__main__':
global_asn1_print = False
global_hexdump = False

View File

@ -56,6 +56,14 @@
^samba.tests.sid_strings.+.SidStringsAsDnInSearchBase.test_sid_string_S-1-5-3.2-579.ad_dc
^samba.tests.sid_strings.+.SidStringsAsDnInSearchBase.test_sid_string_S-10-5-32-579.ad_dc
^samba.tests.sid_strings.+.SidStringsAsDnInSearchBase.test_sid_string_S-2-5-32-579.ad_dc
^samba.tests.sid_strings.+.SidStringsAsDnSearchWithDnObject.test_sid_string_S-0-5-32-579.ad_dc
^samba.tests.sid_strings.+.SidStringsAsDnSearchWithDnObject.test_sid_string_S-000000000001-5-20-243.ad_dc
^samba.tests.sid_strings.+.SidStringsAsDnSearchWithDnObject.test_sid_string_S-000000001-5-32-579.ad_dc
^samba.tests.sid_strings.+.SidStringsAsDnSearchWithDnObject.test_sid_string_S-1-0x05-32-579.ad_dc
^samba.tests.sid_strings.+.SidStringsAsDnSearchWithDnObject.test_sid_string_S-1-3-0.ad_dc
^samba.tests.sid_strings.+.SidStringsAsDnSearchWithDnObject.test_sid_string_S-1-5-3.2-579.ad_dc
^samba.tests.sid_strings.+.SidStringsAsDnSearchWithDnObject.test_sid_string_S-10-5-32-579.ad_dc
^samba.tests.sid_strings.+.SidStringsAsDnSearchWithDnObject.test_sid_string_S-2-5-32-579.ad_dc
^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_.S-1-1-1-1-1-1-1.ad_dc
^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_S-1-0.ad_dc
^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_S-1-0x05-32-579.ad_dc