mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
pytest:sid_strings: test SIDs as search base
As a way of testing the interpretation of a SID string in a remote server, we search on the base DN "<SID=x>" where x is a non-existent or malformed SID. On Windows some or all malformed SIDs are detected before the search begins, resulting in a complaint about DN syntax rather than one about missing objects. From this we can get a picture of what Windows considers to be a proper SID in this context. Samba does not make a distinction here, always returning NO_SUCH_OBJECT. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
parent
f66b0f8688
commit
953ad43f15
@ -399,6 +399,75 @@ class SidStringBehavioursThatSambaPrefers(SidStringBase):
|
||||
}
|
||||
|
||||
|
||||
@DynamicTestCase
|
||||
class SidStringsAsDnInSearchBase(SidStringBase):
|
||||
"""How does a bad <SID=x> dn work as a search base, if at all?
|
||||
|
||||
This suggests that Windows does the SID parsing
|
||||
(INVALID_DN_SYNTAX) before starting the search (NO_SUCH_OBJECT).
|
||||
|
||||
Currently Samba does not.
|
||||
"""
|
||||
skip_local = True
|
||||
cases = {' S-1-1-1-1-1-1-1': ldb.ERR_INVALID_DN_SYNTAX,
|
||||
'S-0-5-32-579': ldb.ERR_INVALID_DN_SYNTAX,
|
||||
'S-000000000001-5-20-243': ldb.ERR_INVALID_DN_SYNTAX,
|
||||
'S-000000001-5-32-579': ldb.ERR_INVALID_DN_SYNTAX,
|
||||
'S-01-05-020-0243': ldb.ERR_NO_SUCH_OBJECT,
|
||||
'S-01-5-32-11579': ldb.ERR_NO_SUCH_OBJECT,
|
||||
'S-0x1-0-0-579': ldb.ERR_INVALID_DN_SYNTAX,
|
||||
'S-0x1-0x5-020-0243': ldb.ERR_INVALID_DN_SYNTAX,
|
||||
'S-0x1-5-20-243': ldb.ERR_INVALID_DN_SYNTAX,
|
||||
'S-0x1-5-40-579': ldb.ERR_INVALID_DN_SYNTAX,
|
||||
'S-0x1-500000000-20-243': ldb.ERR_INVALID_DN_SYNTAX,
|
||||
'S-1-0': ldb.ERR_NO_SUCH_OBJECT,
|
||||
'S-1-0-0-579': ldb.ERR_NO_SUCH_OBJECT,
|
||||
'S-1-0x05-32-11579': ldb.ERR_NO_SUCH_OBJECT,
|
||||
'S-1-0x5-0x20-0x243': ldb.ERR_NO_SUCH_OBJECT,
|
||||
'S-1-0x50000000-32-579': ldb.ERR_NO_SUCH_OBJECT,
|
||||
'S-1-0x500000000-0x500000000-579': ldb.ERR_NO_SUCH_OBJECT,
|
||||
'S-1-0x500000000-32-579': ldb.ERR_NO_SUCH_OBJECT,
|
||||
'S-1-0xABcDef123-0xABCDef123-579': ldb.ERR_NO_SUCH_OBJECT,
|
||||
'S-1-1-1-1-1-1-1': ldb.ERR_NO_SUCH_OBJECT,
|
||||
'S-1-21474836480-32-579': ldb.ERR_NO_SUCH_OBJECT,
|
||||
'S-1-22': ldb.ERR_NO_SUCH_OBJECT,
|
||||
'S-1-22-1': ldb.ERR_NO_SUCH_OBJECT,
|
||||
'S-1-22-1-0': ldb.ERR_NO_SUCH_OBJECT,
|
||||
'S-1-281474976710655-579': ldb.ERR_NO_SUCH_OBJECT,
|
||||
'S-1-281474976710656-579': ldb.ERR_INVALID_DN_SYNTAX,
|
||||
'S-1-3-0': ldb.ERR_NO_SUCH_OBJECT,
|
||||
'S-1-3-99': ldb.ERR_NO_SUCH_OBJECT,
|
||||
'S-1-5-0-579': ldb.ERR_NO_SUCH_OBJECT,
|
||||
'S-1-5-040-579': ldb.ERR_NO_SUCH_OBJECT,
|
||||
'S-1-5-0x20-579': ldb.ERR_NO_SUCH_OBJECT,
|
||||
'S-1-5-11111111111111111111111111111111111-579': ldb.ERR_INVALID_DN_SYNTAX,
|
||||
'S-1-5-18446744073709551615-579': ldb.ERR_INVALID_DN_SYNTAX,
|
||||
'S-1-5-18446744073709551616-579': ldb.ERR_INVALID_DN_SYNTAX,
|
||||
'S-1-5-3 2-579': ldb.ERR_NO_SUCH_OBJECT,
|
||||
'S-1-5-32 -11111579': None,
|
||||
'S-1-5-32- 579': ldb.ERR_INVALID_DN_SYNTAX,
|
||||
'S-1-5-32--579': ldb.ERR_INVALID_DN_SYNTAX,
|
||||
'S-1-5-32-11579': ldb.ERR_NO_SUCH_OBJECT,
|
||||
'S-1-5-4294967295-579': ldb.ERR_NO_SUCH_OBJECT,
|
||||
'S-1-5-9999999999-579': ldb.ERR_INVALID_DN_SYNTAX,
|
||||
'S-1-99999999999999999999999999999999999999-32-11111111111': ldb.ERR_INVALID_DN_SYNTAX,
|
||||
'S-10-5-32-579': ldb.ERR_INVALID_DN_SYNTAX,
|
||||
'S-2-5-32-579': ldb.ERR_INVALID_DN_SYNTAX,
|
||||
's-1-5-32-579': ldb.ERR_INVALID_DN_SYNTAX,
|
||||
'AA': ldb.ERR_INVALID_DN_SYNTAX,
|
||||
}
|
||||
|
||||
def _test_sid_string_with_args(self, code, expected):
|
||||
try:
|
||||
self.ldb.search(base=f"<SID={code}>",
|
||||
scope=ldb.SCOPE_BASE,
|
||||
attrs=[])
|
||||
except ldb.LdbError as e:
|
||||
self.assertEqual(e.args[0], expected)
|
||||
else:
|
||||
self.assertIsNone(expected)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
global_asn1_print = False
|
||||
global_hexdump = False
|
||||
|
@ -49,6 +49,13 @@
|
||||
^samba.tests.sid_strings.+.SidStringTests.test_sid_string_internal_Aa.ad_dc
|
||||
^samba.tests.sid_strings.+.SidStringTests.test_sid_string_internal_aA.ad_dc
|
||||
^samba.tests.sid_strings.+.SidStringTests.test_sid_string_internal_aa.ad_dc
|
||||
^samba.tests.sid_strings.+.SidStringsAsDnInSearchBase.test_sid_string_S-0-5-32-579.ad_dc
|
||||
^samba.tests.sid_strings.+.SidStringsAsDnInSearchBase.test_sid_string_S-000000000001-5-20-243.ad_dc
|
||||
^samba.tests.sid_strings.+.SidStringsAsDnInSearchBase.test_sid_string_S-000000001-5-32-579.ad_dc
|
||||
^samba.tests.sid_strings.+.SidStringsAsDnInSearchBase.test_sid_string_S-1-3-0.ad_dc
|
||||
^samba.tests.sid_strings.+.SidStringsAsDnInSearchBase.test_sid_string_S-1-5-3.2-579.ad_dc
|
||||
^samba.tests.sid_strings.+.SidStringsAsDnInSearchBase.test_sid_string_S-10-5-32-579.ad_dc
|
||||
^samba.tests.sid_strings.+.SidStringsAsDnInSearchBase.test_sid_string_S-2-5-32-579.ad_dc
|
||||
^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_.S-1-1-1-1-1-1-1.ad_dc
|
||||
^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_S-1-0.ad_dc
|
||||
^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_S-1-0x05-32-579.ad_dc
|
||||
|
Loading…
Reference in New Issue
Block a user