sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-15 23:24:37 +03:00
Code

s4:ldap.py - check the write protection on LSA objects

Browse Source 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Jan 25 13:09:41 CET 2011 on sn-devel-104
This commit is contained in:
Matthias Dieter Wallnöfer 2011-01-17 13:52:00 +01:00 committed by Andrew Bartlett
parent 3468f8de1e
commit 932911e1e1
1 changed files with 30 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
source4/dsdb/tests/python/ldap.py
View File

@ -39,7 +39,7 @@ from subunit.run import SubunitTestRunner
import unittest import unittest
from samba.ndr import ndr_pack, ndr_unpack from samba.ndr import ndr_pack, ndr_unpack
from samba.dcerpc import security from samba.dcerpc import security, lsa
from samba.tests import delete_force from samba.tests import delete_force
parser = optparse.OptionParser("ldap.py [options] <host>") parser = optparse.OptionParser("ldap.py [options] <host>")
@ -95,7 +95,7 @@ class BasicTests(unittest.TestCase):
delete_force(self.ldb, "cn=ldaptestobject," + self.base_dn) delete_force(self.ldb, "cn=ldaptestobject," + self.base_dn)
delete_force(self.ldb, "description=xyz,cn=users," + self.base_dn) delete_force(self.ldb, "description=xyz,cn=users," + self.base_dn)
delete_force(self.ldb, "ou=testou,cn=users," + self.base_dn) delete_force(self.ldb, "ou=testou,cn=users," + self.base_dn)
delete_force(self.ldb, "cn=testsecret,cn=system," + self.base_dn) delete_force(self.ldb, "cn=Test Secret,cn=system," + self.base_dn)
def test_objectclasses(self): def test_objectclasses(self):
"""Test objectClass behaviour""" """Test objectClass behaviour"""
@ -104,7 +104,7 @@ class BasicTests(unittest.TestCase):
# We cannot create LSA-specific objects (oc "secret" or "trustedDomain") # We cannot create LSA-specific objects (oc "secret" or "trustedDomain")
try: try:
self.ldb.add({ self.ldb.add({
"dn": "cn=testsecret,cn=system," + self.base_dn, "dn": "cn=Test Secret,cn=system," + self.base_dn,
"objectClass": "secret" }) "objectClass": "secret" })
self.fail() self.fail()
except LdbError, (num, _): except LdbError, (num, _):
@ -369,14 +369,39 @@ class BasicTests(unittest.TestCase):
try: try:
self.ldb.add({ self.ldb.add({
"dn": "cn=testsecret,cn=system," + self.base_dn, "dn": "cn=Test Secret,cn=system," + self.base_dn,
"objectclass": "secret"}) "objectclass": "secret"})
self.fail() self.fail()
except LdbError, (num, _): except LdbError, (num, _):
self.assertEquals(num, ERR_UNWILLING_TO_PERFORM) self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
delete_force(self.ldb, "cn=ldaptestobject," + self.base_dn) delete_force(self.ldb, "cn=ldaptestobject," + self.base_dn)
delete_force(self.ldb, "cn=testsecret,cn=system," + self.base_dn) delete_force(self.ldb, "cn=Test Secret,cn=system," + self.base_dn)
# Create secret over LSA and try to change it
lsa_conn = lsa.lsarpc("ncacn_np:%s" % args[0], lp, creds)
lsa_handle = lsa_conn.OpenPolicy2(system_name="\\",
attr=lsa.ObjectAttribute(),
access_mask=security.SEC_FLAG_MAXIMUM_ALLOWED)
secret_name = lsa.String()
secret_name.string = "G$Test"
sec_handle = lsa_conn.CreateSecret(handle=lsa_handle,
name=secret_name,
access_mask=security.SEC_FLAG_MAXIMUM_ALLOWED)
lsa_conn.Close(lsa_handle)
m = Message()
m.dn = Dn(ldb, "cn=Test Secret,cn=system," + self.base_dn)
m["description"] = MessageElement("desc", FLAG_MOD_REPLACE,
"description")
try:
ldb.modify(m)
self.fail()
except LdbError, (num, _):
self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
delete_force(self.ldb, "cn=Test Secret,cn=system," + self.base_dn)
try: try:
self.ldb.add({ self.ldb.add({