sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-08 21:18:16 +03:00
Code

CVE-2023-4154 s4:dsdb:tests: Fix code spelling

Browse Source 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>

(cherry picked from commit b29793ffde)
This commit is contained in:
Andreas Schneider 2023-08-02 10:44:32 +02:00 committed by Jule Anger
parent 5ca0ee6f11
commit e8df1a6086
14 changed files with 39 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
source4/dsdb/tests/python/acl.py
View File

@ -228,7 +228,7 @@ class AclAddTests(AclTests):
self.assertEqual(len(res), 0)
def test_add_u1(self):
"""Testing OU with the rights of Doman Admin not creator of the OU """
"""Testing OU with the rights of Domain Admin not creator of the OU """
self.assert_top_ou_deleted()
# Change descriptor for top level OU
self.ldb_owner.create_ou("OU=test_add_ou1," + self.base_dn)
@ -241,7 +241,7 @@ class AclAddTests(AclTests):
self.ldb_notowner.newgroup("test_add_group1", groupou="OU=test_add_ou2,OU=test_add_ou1",
grouptype=samba.dsdb.GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP)
# Make sure we HAVE created the two objects -- user and group
# !!! We should not be able to do that, but however beacuse of ACE ordering our inherited Deny ACE
# !!! We should not be able to do that, but however because of ACE ordering our inherited Deny ACE
# !!! comes after explicit (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA) that comes from somewhere
res = self.ldb_admin.search(self.base_dn, expression="(distinguishedName=%s,%s)" % ("CN=test_add_user1,OU=test_add_ou2,OU=test_add_ou1", self.base_dn))
self.assertTrue(len(res) > 0)
@ -302,7 +302,7 @@ class AclAddTests(AclTests):
self.assertEqual(len(res), 0)
def test_add_u4(self):
""" 4 Testing OU with the rights of Doman Admin creator of the OU"""
""" 4 Testing OU with the rights of Domain Admin creator of the OU"""
self.assert_top_ou_deleted()
self.ldb_owner.create_ou("OU=test_add_ou1," + self.base_dn)
self.ldb_owner.create_ou("OU=test_add_ou2,OU=test_add_ou1," + self.base_dn)
@ -4298,7 +4298,7 @@ class AclDeleteTests(AclTests):
self.assertEqual(len(res), 0)
def test_delete_u3(self):
"""User indentified by SID has RIGHT_DELETE to another User object"""
"""User identified by SID has RIGHT_DELETE to another User object"""
user_dn = self.get_user_dn("test_delete_user1")
# Create user that we try to delete
self.ldb_admin.newuser("test_delete_user1", self.user_pass)
@ -4589,7 +4589,7 @@ class AclCARTests(AclTests):
minPwdAge = self.ldb_admin.get_minPwdAge()
# Reset the "minPwdAge" as it was before
self.addCleanup(self.ldb_admin.set_minPwdAge, minPwdAge)
# Set it temporarely to "0"
# Set it temporarily to "0"
self.ldb_admin.set_minPwdAge("0")
self.user_with_wp = "acl_car_user1"
@ -5045,7 +5045,7 @@ class AclUndeleteTests(AclTests):
self.sd_utils.dacl_add_ace(self.deleted_dn2, mod)
self.undelete_deleted(self.deleted_dn2, self.testuser2_dn)
# attempt undelete with simultanious addition of url, WP to which is denied
# attempt undelete with simultaneous addition of url, WP to which is denied
mod = "(OD;;WP;9a9a0221-4a5b-11d1-a9c3-0000f80367c1;;%s)" % str(self.sid)
self.sd_utils.dacl_add_ace(self.deleted_dn3, mod)
try:

2
source4/dsdb/tests/python/ad_dc_search_performance.py
View File

@ -180,7 +180,7 @@ class UserTests(samba.tests.TestCase):
maybe_not = ['!(', '']
joiners = ['&', '|']
# The number of permuations is 18432, which is not huge but
# The number of permutations is 18432, which is not huge but
# would take hours to search. So we take a sample.
all_permutations = list(itertools.product(joiners,
classes, classes,

2
source4/dsdb/tests/python/confidential_attr.py
View File

@ -722,7 +722,7 @@ class ConfidentialAttrTestDirsync(ConfidentialAttrCommon):
self.attr_filters = [None, ["*"], ["name"]]
# Note dirsync behaviour is slighty different for the attribute under
# Note dirsync behaviour is slightly different for the attribute under
# test - when you have full access rights, it only returns the objects
# that actually have this attribute (i.e. it doesn't return an empty
# message with just the DN). So we add the 'name' attribute into the

8
source4/dsdb/tests/python/dirsync.py
View File

@ -338,7 +338,7 @@ class SimpleDirsyncTests(DirsyncBaseTests):
self.assertEqual(len(res.msgs[0]), 3)
def test_dirsync_othernc(self):
"""Check that dirsync return information for entries that are normaly referrals (ie. other NCs)"""
"""Check that dirsync return information for entries that are normally referrals (ie. other NCs)"""
res = self.ldb_admin.search(self.base_dn,
expression="(objectclass=configuration)",
attrs=["name"],
@ -459,7 +459,7 @@ class SimpleDirsyncTests(DirsyncBaseTests):
delete_force(self.ldb_admin, ouname)
def test_dirsync_linkedattributes(self):
"""Check that dirsync returnd deleted objects too"""
"""Check that dirsync returned deleted objects too"""
# Let's search for members
self.ldb_simple = self.get_ldb_connection(self.simple_user, self.user_pass)
res = self.ldb_simple.search(self.base_dn,
@ -541,7 +541,7 @@ class SimpleDirsyncTests(DirsyncBaseTests):
self.assertEqual(len(res[0].get("member")), 0)
def test_dirsync_deleted_items(self):
"""Check that dirsync returnd deleted objects too"""
"""Check that dirsync returned deleted objects too"""
# Let's create an OU
ouname = "OU=testou3,%s" % self.base_dn
self.ouname = ouname
@ -712,7 +712,7 @@ class ExtendedDirsyncTests(SimpleDirsyncTests):
self.assertIn(b">;<SID=010500000000000515", resEX0[0]["member"][0])
def test_dirsync_deleted_items(self):
"""Check that dirsync returnd deleted objects too"""
"""Check that dirsync returned deleted objects too"""
# Let's create an OU
self.ldb_simple = self.get_ldb_connection(self.simple_user, self.user_pass)
ouname = "OU=testou3,%s" % self.base_dn

14
source4/dsdb/tests/python/ldap.py
View File

@ -155,7 +155,7 @@ class BasicTests(samba.tests.TestCase):
(num, _) = e.args
self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
# We cannot instanciate from an abstract object class ("connectionPoint"
# We cannot instantiate from an abstract object class ("connectionPoint"
# or "leaf"). In the first case we use "connectionPoint" (subclass of
# "leaf") to prevent a naming violation - this returns us a
# "ERR_UNWILLING_TO_PERFORM" since it is not structural. In the second
@ -178,7 +178,7 @@ class BasicTests(samba.tests.TestCase):
(num, _) = e.args
self.assertEqual(num, ERR_OBJECT_CLASS_VIOLATION)
# Objects instanciated using "satisfied" abstract classes (concrete
# Objects instantiated using "satisfied" abstract classes (concrete
# subclasses) are allowed
self.ldb.add({
"dn": "cn=ldaptestuser,cn=users," + self.base_dn,
@ -214,7 +214,7 @@ class BasicTests(samba.tests.TestCase):
"objectClass": "person"})
# We can remove derivation classes of the structural objectclass
# but they're going to be readded afterwards
# but they're going to be re-added afterwards
m = Message()
m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
m["objectClass"] = MessageElement("top", FLAG_MOD_DELETE,
@ -1824,7 +1824,7 @@ delete: description
delete_force(self.ldb, "cn=ldaptestcontainer," + self.base_dn)
def test_groupType_int32(self):
"""Test groupType (int32) behaviour (should appear to be casted to a 32 bit signed integer before comparsion)"""
"""Test groupType (int32) behaviour (should appear to be casted to a 32 bit signed integer before comparison)"""
res1 = ldb.search(base=self.base_dn, scope=SCOPE_SUBTREE,
attrs=["groupType"], expression="groupType=2147483653")
@ -2158,7 +2158,7 @@ servicePrincipalName: host/ldaptest2computer29
"givenname": "testy",
"sn": "ldap user2"})
# Testing Ambigious Name Resolution
# Testing Ambiguous Name Resolution
# Testing ldb.search for (&(anr=ldap testy)(objectClass=user))
res = ldb.search(expression="(&(anr=ldap testy)(objectClass=user))")
self.assertEqual(len(res), 3, "Found only %d of 3 for (&(anr=ldap testy)(objectClass=user))" % len(res))
@ -2402,7 +2402,7 @@ member: cn=ldaptestuser2,cn=users,""" + self.base_dn + """
# Testing ldb.search for (&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn + ")(objectclass=group)) to check subtree renames and linked attributes"
res = ldb.search(self.base_dn, expression="(&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn + ")(objectclass=group))", scope=SCOPE_SUBTREE)
self.assertEqual(len(res), 1, "Could not find (&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn + ")(objectclass=group)), perhaps linked attributes are not consistant with subtree renames?")
self.assertEqual(len(res), 1, "Could not find (&(member=CN=ldaptestuser4,CN=ldaptestcontainer2," + self.base_dn + ")(objectclass=group)), perhaps linked attributes are not consistent with subtree renames?")
# Testing ldb.rename (into itself) of cn=ldaptestcontainer2," + self.base_dn + " to cn=ldaptestcontainer,cn=ldaptestcontainer2," + self.base_dn
try:
@ -3002,7 +3002,7 @@ nTSecurityDescriptor: """ + sddl
delete_force(self.ldb, user_dn)
#
# Test modify_ldif() with SDDL security descriptor input
# New desctiptor test
# New descriptor test
#
try:
self.ldb.add_ldif("""

4
source4/dsdb/tests/python/ldap_modify_order.py
View File

@ -101,7 +101,7 @@ class ModifyOrderTests(samba.tests.TestCase):
clusters = {}
for i, attrs in enumerate(permutations(mod_attrs)):
# for each permuation we construct a string describing the
# for each permutation we construct a string describing the
# requested operations, and a string describing the result
# (which may be an exception). The we cluster the
# attribute strings by their results.
@ -249,7 +249,7 @@ class ModifyOrderTests(samba.tests.TestCase):
self._test_modify_order(start_attrs, mod_attrs)
def test_modify_order_inapplicable(self):
#attrbutes that don't go on a user
#attributes that don't go on a user
start_attrs = [("objectclass", "user"),
("givenName", "a")]

4
source4/dsdb/tests/python/ldap_syntaxes.py
View File

@ -210,7 +210,7 @@ name: """ + object_name + """
expression="(%s=S:5:ABCDE)" % self.dn_string_attribute)
self.assertEqual(len(res), 0)
# search by DN+Stirng
# search by DN+String
res = self.ldb.search(base=self.base_dn,
scope=SCOPE_SUBTREE,
expression="(%s=S:5:ABCDE:%s)" % (self.dn_string_attribute, self.base_dn))
@ -293,7 +293,7 @@ name: """ + object_name + """
self.assertEqual(num, ERR_CONSTRAINT_VIOLATION)
def test_dn_binary(self):
# add obeject with correct value
# add object with correct value
object_name1 = "obj-DN-Binary1" + time.strftime("%s", time.gmtime())
ldif = self._get_object_ldif(object_name1, self.dn_binary_class_name, self.dn_binary_class_ldap_display_name,
self.dn_binary_attribute, ": B:4:1234:" + self.base_dn)

2
source4/dsdb/tests/python/login_basics.py
View File

@ -75,7 +75,7 @@ class BasicUserAuthTests(BasePasswordTestCase):
ldap_url = self.host_url
print("Performs a lockout attempt against LDAP using NTLM")
# get the intial logon values for this user
# get the initial logon values for this user
res = self._check_account(userdn,
badPwdCount=0,
badPasswordTime=("greater", 0),

4
source4/dsdb/tests/python/password_settings.py
View File

@ -300,7 +300,7 @@ class PasswordSettingsTestCase(PasswordTestCase):
self.set_attribute(group2, "member", group1)
self.assert_PSO_applied(user, group2_pso)
# add another level to the group heirachy & check this PSO takes effect
# add another level to the group hierarchy & check this PSO takes effect
self.set_attribute(group3, "member", group2)
self.assert_PSO_applied(user, group3_pso)
@ -727,7 +727,7 @@ class PasswordSettingsTestCase(PasswordTestCase):
# the msDS-ResultantPSO attribute on a user that doesn't exist yet (it
# won't have any group membership or PSOs applied directly against it yet).
# In theory it's possible to still get an applicable PSO via the user's
# primaryGroupID (i.e. 'Domain Users' by default). However, testing aginst
# primaryGroupID (i.e. 'Domain Users' by default). However, testing against
# Windows shows that the PSO doesn't take effect during the user add
# operation. (However, the Windows GUI tools presumably adds the user in 2
# steps, because it does enforce the PSO for users added via the GUI).

4
source4/dsdb/tests/python/passwords.py
View File

@ -1365,12 +1365,12 @@ userPassword: thatsAcomplPASS4
def test_zero_length(self):
# Get the old "minPwdLength"
minPwdLength = self.ldb.get_minPwdLength()
# Set it temporarely to "0"
# Set it temporarily to "0"
self.ldb.set_minPwdLength("0")
# Get the old "pwdProperties"
pwdProperties = self.ldb.get_pwdProperties()
# Set them temporarely to "0" (to deactivate eventually the complexity)
# Set them temporarily to "0" (to deactivate eventually the complexity)
self.ldb.set_pwdProperties("0")
self.ldb.setpassword("(sAMAccountName=testuser)", "")

2
source4/dsdb/tests/python/sam.py
View File

@ -3775,7 +3775,7 @@ class SamTests(samba.tests.TestCase):
def test_protected_sid_objects(self):
"""Test deletion of objects with RID < 1000"""
# a list of some well-known sids
# objects in Builtin are aready covered by objectclass
# objects in Builtin are already covered by objectclass
protected_list = [
["CN=Domain Admins", "CN=Users,"],
["CN=Schema Admins", "CN=Users,"],

14
source4/dsdb/tests/python/sec_descriptor.py
View File

@ -684,7 +684,7 @@ class OwnerGroupDescriptorTests(DescriptorTests):
# Tests for SCHEMA
# Defalt descriptor tests ##################################################################
# Default descriptor tests ##################################################################
def test_130(self):
user_name = "testuser1"
@ -941,7 +941,7 @@ class OwnerGroupDescriptorTests(DescriptorTests):
# Tests for CONFIGURATION
# Defalt descriptor tests ##################################################################
# Default descriptor tests ##################################################################
def test_160(self):
user_name = "testuser1"
@ -2022,7 +2022,7 @@ class RightsAttributesTests(DescriptorTests):
_ldb = self.get_ldb_connection("testuser_attr", "samba123@")
res = _ldb.search(base=object_dn, expression="", scope=SCOPE_BASE,
attrs=["sDRightsEffective"])
# user whould have no rights at all
# user should have no rights at all
self.assertEqual(len(res), 1)
self.assertEqual(str(res[0]["sDRightsEffective"][0]), "0")
# give the user Write DACL and see what happens
@ -2030,7 +2030,7 @@ class RightsAttributesTests(DescriptorTests):
self.sd_utils.dacl_add_ace(object_dn, mod)
res = _ldb.search(base=object_dn, expression="", scope=SCOPE_BASE,
attrs=["sDRightsEffective"])
# user whould have DACL_SECURITY_INFORMATION
# user should have DACL_SECURITY_INFORMATION
self.assertEqual(len(res), 1)
self.assertEqual(str(res[0]["sDRightsEffective"][0]), ("%d") % SECINFO_DACL)
# give the user Write Owners and see what happens
@ -2038,14 +2038,14 @@ class RightsAttributesTests(DescriptorTests):
self.sd_utils.dacl_add_ace(object_dn, mod)
res = _ldb.search(base=object_dn, expression="", scope=SCOPE_BASE,
attrs=["sDRightsEffective"])
# user whould have DACL_SECURITY_INFORMATION, OWNER_SECURITY_INFORMATION, GROUP_SECURITY_INFORMATION
# user should have DACL_SECURITY_INFORMATION, OWNER_SECURITY_INFORMATION, GROUP_SECURITY_INFORMATION
self.assertEqual(len(res), 1)
self.assertEqual(str(res[0]["sDRightsEffective"][0]), ("%d") % (SECINFO_DACL | SECINFO_GROUP | SECINFO_OWNER))
# no way to grant security privilege bu adding ACE's so we use a memeber of Domain Admins
# no way to grant security privilege bu adding ACE's so we use a member of Domain Admins
_ldb = self.get_ldb_connection("testuser_attr2", "samba123@")
res = _ldb.search(base=object_dn, expression="", scope=SCOPE_BASE,
attrs=["sDRightsEffective"])
# user whould have DACL_SECURITY_INFORMATION, OWNER_SECURITY_INFORMATION, GROUP_SECURITY_INFORMATION
# user should have DACL_SECURITY_INFORMATION, OWNER_SECURITY_INFORMATION, GROUP_SECURITY_INFORMATION
self.assertEqual(len(res), 1)
self.assertEqual(str(res[0]["sDRightsEffective"][0]),
("%d") % (SECINFO_DACL | SECINFO_GROUP | SECINFO_OWNER | SECINFO_SACL))

4
source4/dsdb/tests/python/token_group.py
View File

@ -151,7 +151,7 @@ class StaticTokenTest(samba.tests.TestCase):
extra_sidset = set(extra_sids)
if len(missing_sidset.symmetric_difference(extra_sidset)):
print("dn token sids unexpeted")
print("dn token sids unexpected")
print("tokengroups: %s" % dn_tokengroups)
print("user sids: %s" % self.user_sids)
print("actual difference: %s" % missing_sidset)
@ -423,7 +423,7 @@ class DynamicTokenTest(samba.tests.TestCase):
extra_sidset = set(extra_sids)
if len(missing_sidset.symmetric_difference(extra_sidset)):
print("dn token sids unexpeted")
print("dn token sids unexpected")
print("tokengroups: %s" % dn_tokengroups)
print("user sids: %s" % self.user_sids)
print("actual difference: %s" % missing_sidset)

2
source4/dsdb/tests/python/user_account_control.py
View File

@ -852,7 +852,7 @@ class UserAccountControlTests(samba.tests.TestCase):
self.add_computer_ldap(computername, others={"userAccountControl": [str(bit_add)]})
delete_force(self.admin_samdb, "CN=%s,%s" % (computername, self.OU))
if bit in priv_bits:
self.fail("Unexpectdly able to set userAccountControl bit 0x%08X (%s) on %s"
self.fail("Unexpectedly able to set userAccountControl bit 0x%08X (%s) on %s"
% (bit, bit_str, computername))
except LdbError as e4: