sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-08 05:57:51 +03:00
Code

s4-selftest/drs: Confirm GetNCChanges REPL_SECRET works with a DummyDN and real GUID

Browse Source 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 7c43388576f768db564aaf15a47d3f9ce5796fb3)
This commit is contained in:
Andrew Bartlett 2022-12-15 16:02:55 +13:00 committed by Jule Anger
parent f6ebb660e5
commit fedd276dbf
3 changed files with 50 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
selftest/knownfail.d/getncchanges
View File

@ -14,3 +14,4 @@ samba4.drs.getncchanges.python\(promoted_dc\).getncchanges.DrsReplicaSyncIntegri
^samba4.drs.getnc_exop.python\(.*\).getnc_exop.DrsReplicaSyncTestCase.test_DummyDN_valid_GUID_REPL_SECRET
^samba4.drs.getncchanges.python\(.*\).getncchanges.DrsReplicaSyncIntegrityTestCase.test_DummyDN_valid_GUID_full_repl
^samba4.drs.getncchanges.python\(.*\).getncchanges.DrsReplicaSyncIntegrityTestCase.test_InvalidNC_DummyDN_InvalidGUID_full_repl
^samba4.drs.repl_rodc.python\(.*\).repl_rodc.DrsRodcTestCase.test_admin_repl_secrets_DummyDN_GUID

4
source4/torture/drs/python/drs_base.py
View File

@ -464,13 +464,15 @@ class DrsBaseTestCase(SambaToolCmdTest):
def _getnc_req10(self, dest_dsa, invocation_id, nc_dn_str, exop,
replica_flags=0, max_objects=0, partial_attribute_set=None,
partial_attribute_set_ex=None, mapping_ctr=None,
more_flags=0):
more_flags=0, nc_guid=None):
req10 = drsuapi.DsGetNCChangesRequest10()
req10.destination_dsa_guid = misc.GUID(dest_dsa) if dest_dsa else misc.GUID()
req10.source_dsa_invocation_id = misc.GUID(invocation_id)
req10.naming_context = drsuapi.DsReplicaObjectIdentifier()
req10.naming_context.dn = str(nc_dn_str)
if nc_guid is not None:
req10.naming_context.guid = nc_guid
req10.highwatermark = drsuapi.DsReplicaHighWaterMark()
req10.highwatermark.tmp_highest_usn = 0
req10.highwatermark.reserved_usn = 0

46
source4/torture/drs/python/repl_rodc.py
View File

@ -161,6 +161,52 @@ class DrsRodcTestCase(drs_base.DrsBaseTestCase):
# Check that the user has been added to msDSRevealedUsers
self._assert_in_revealed_users(user_dn, expected_user_attributes)
def test_admin_repl_secrets_DummyDN_GUID(self):
"""
When a secret attribute is set to be replicated to an RODC with the
admin credentials, it should always replicate regardless of whether
or not it's in the Allowed RODC Password Replication Group.
"""
rand = random.randint(1, 10000000)
expected_user_attributes = [drsuapi.DRSUAPI_ATTID_lmPwdHistory,
drsuapi.DRSUAPI_ATTID_supplementalCredentials,
drsuapi.DRSUAPI_ATTID_ntPwdHistory,
drsuapi.DRSUAPI_ATTID_unicodePwd,
drsuapi.DRSUAPI_ATTID_dBCSPwd]
user_name = "test_rodcA_%s" % rand
user_dn = "CN=%s,%s" % (user_name, self.ou)
self.ldb_dc1.add({
"dn": user_dn,
"objectclass": "user",
"sAMAccountName": user_name
})
res = self.ldb_dc1.search(base=user_dn, scope=ldb.SCOPE_BASE,
attrs=["objectGUID"])
user_guid = misc.GUID(res[0]["objectGUID"][0])
# Store some secret on this user
self.ldb_dc1.setpassword("(sAMAccountName=%s)" % user_name, 'penguin12#', False, user_name)
req10 = self._getnc_req10(dest_dsa=str(self.rodc_ctx.ntds_guid),
invocation_id=self.ldb_dc1.get_invocation_id(),
nc_dn_str="DummyDN",
nc_guid=user_guid,
exop=drsuapi.DRSUAPI_EXOP_REPL_SECRET,
partial_attribute_set=drs_get_rodc_partial_attribute_set(self.ldb_dc1, self.tmp_samdb),
max_objects=133,
replica_flags=0)
try:
(level, ctr) = self.drs.DsGetNCChanges(self.drs_handle, 10, req10)
except WERRORError as e1:
(enum, estr) = e1.args
self.fail(f"DsGetNCChanges failed with {estr}")
# Check that the user has been added to msDSRevealedUsers
self._assert_in_revealed_users(user_dn, expected_user_attributes)
def test_rodc_repl_secrets(self):
"""
When a secret attribute is set to be replicated to an RODC with