1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

pytest:sid_strings: test SIDs as search base

As a way of testing the interpretation of a SID string in a remote
server, we search on the base DN "<SID=x>" where x is a non-existent
or malformed SID.

On Windows some or all malformed SIDs are detected before the search
begins, resulting in a complaint about DN syntax rather than one about
missing objects.

From this we can get a picture of what Windows considers to be
a proper SID in this context.

Samba does not make a distinction here, always returning NO_SUCH_OBJECT.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Douglas Bagnall 2023-04-13 11:21:38 +12:00 committed by Andrew Bartlett
parent f66b0f8688
commit 953ad43f15
2 changed files with 76 additions and 0 deletions

View File

@ -399,6 +399,75 @@ class SidStringBehavioursThatSambaPrefers(SidStringBase):
}
@DynamicTestCase
class SidStringsAsDnInSearchBase(SidStringBase):
"""How does a bad <SID=x> dn work as a search base, if at all?
This suggests that Windows does the SID parsing
(INVALID_DN_SYNTAX) before starting the search (NO_SUCH_OBJECT).
Currently Samba does not.
"""
skip_local = True
cases = {' S-1-1-1-1-1-1-1': ldb.ERR_INVALID_DN_SYNTAX,
'S-0-5-32-579': ldb.ERR_INVALID_DN_SYNTAX,
'S-000000000001-5-20-243': ldb.ERR_INVALID_DN_SYNTAX,
'S-000000001-5-32-579': ldb.ERR_INVALID_DN_SYNTAX,
'S-01-05-020-0243': ldb.ERR_NO_SUCH_OBJECT,
'S-01-5-32-11579': ldb.ERR_NO_SUCH_OBJECT,
'S-0x1-0-0-579': ldb.ERR_INVALID_DN_SYNTAX,
'S-0x1-0x5-020-0243': ldb.ERR_INVALID_DN_SYNTAX,
'S-0x1-5-20-243': ldb.ERR_INVALID_DN_SYNTAX,
'S-0x1-5-40-579': ldb.ERR_INVALID_DN_SYNTAX,
'S-0x1-500000000-20-243': ldb.ERR_INVALID_DN_SYNTAX,
'S-1-0': ldb.ERR_NO_SUCH_OBJECT,
'S-1-0-0-579': ldb.ERR_NO_SUCH_OBJECT,
'S-1-0x05-32-11579': ldb.ERR_NO_SUCH_OBJECT,
'S-1-0x5-0x20-0x243': ldb.ERR_NO_SUCH_OBJECT,
'S-1-0x50000000-32-579': ldb.ERR_NO_SUCH_OBJECT,
'S-1-0x500000000-0x500000000-579': ldb.ERR_NO_SUCH_OBJECT,
'S-1-0x500000000-32-579': ldb.ERR_NO_SUCH_OBJECT,
'S-1-0xABcDef123-0xABCDef123-579': ldb.ERR_NO_SUCH_OBJECT,
'S-1-1-1-1-1-1-1': ldb.ERR_NO_SUCH_OBJECT,
'S-1-21474836480-32-579': ldb.ERR_NO_SUCH_OBJECT,
'S-1-22': ldb.ERR_NO_SUCH_OBJECT,
'S-1-22-1': ldb.ERR_NO_SUCH_OBJECT,
'S-1-22-1-0': ldb.ERR_NO_SUCH_OBJECT,
'S-1-281474976710655-579': ldb.ERR_NO_SUCH_OBJECT,
'S-1-281474976710656-579': ldb.ERR_INVALID_DN_SYNTAX,
'S-1-3-0': ldb.ERR_NO_SUCH_OBJECT,
'S-1-3-99': ldb.ERR_NO_SUCH_OBJECT,
'S-1-5-0-579': ldb.ERR_NO_SUCH_OBJECT,
'S-1-5-040-579': ldb.ERR_NO_SUCH_OBJECT,
'S-1-5-0x20-579': ldb.ERR_NO_SUCH_OBJECT,
'S-1-5-11111111111111111111111111111111111-579': ldb.ERR_INVALID_DN_SYNTAX,
'S-1-5-18446744073709551615-579': ldb.ERR_INVALID_DN_SYNTAX,
'S-1-5-18446744073709551616-579': ldb.ERR_INVALID_DN_SYNTAX,
'S-1-5-3 2-579': ldb.ERR_NO_SUCH_OBJECT,
'S-1-5-32 -11111579': None,
'S-1-5-32- 579': ldb.ERR_INVALID_DN_SYNTAX,
'S-1-5-32--579': ldb.ERR_INVALID_DN_SYNTAX,
'S-1-5-32-11579': ldb.ERR_NO_SUCH_OBJECT,
'S-1-5-4294967295-579': ldb.ERR_NO_SUCH_OBJECT,
'S-1-5-9999999999-579': ldb.ERR_INVALID_DN_SYNTAX,
'S-1-99999999999999999999999999999999999999-32-11111111111': ldb.ERR_INVALID_DN_SYNTAX,
'S-10-5-32-579': ldb.ERR_INVALID_DN_SYNTAX,
'S-2-5-32-579': ldb.ERR_INVALID_DN_SYNTAX,
's-1-5-32-579': ldb.ERR_INVALID_DN_SYNTAX,
'AA': ldb.ERR_INVALID_DN_SYNTAX,
}
def _test_sid_string_with_args(self, code, expected):
try:
self.ldb.search(base=f"<SID={code}>",
scope=ldb.SCOPE_BASE,
attrs=[])
except ldb.LdbError as e:
self.assertEqual(e.args[0], expected)
else:
self.assertIsNone(expected)
if __name__ == '__main__':
global_asn1_print = False
global_hexdump = False

View File

@ -49,6 +49,13 @@
^samba.tests.sid_strings.+.SidStringTests.test_sid_string_internal_Aa.ad_dc
^samba.tests.sid_strings.+.SidStringTests.test_sid_string_internal_aA.ad_dc
^samba.tests.sid_strings.+.SidStringTests.test_sid_string_internal_aa.ad_dc
^samba.tests.sid_strings.+.SidStringsAsDnInSearchBase.test_sid_string_S-0-5-32-579.ad_dc
^samba.tests.sid_strings.+.SidStringsAsDnInSearchBase.test_sid_string_S-000000000001-5-20-243.ad_dc
^samba.tests.sid_strings.+.SidStringsAsDnInSearchBase.test_sid_string_S-000000001-5-32-579.ad_dc
^samba.tests.sid_strings.+.SidStringsAsDnInSearchBase.test_sid_string_S-1-3-0.ad_dc
^samba.tests.sid_strings.+.SidStringsAsDnInSearchBase.test_sid_string_S-1-5-3.2-579.ad_dc
^samba.tests.sid_strings.+.SidStringsAsDnInSearchBase.test_sid_string_S-10-5-32-579.ad_dc
^samba.tests.sid_strings.+.SidStringsAsDnInSearchBase.test_sid_string_S-2-5-32-579.ad_dc
^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_.S-1-1-1-1-1-1-1.ad_dc
^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_S-1-0.ad_dc
^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_S-1-0x05-32-579.ad_dc