1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

133264 Commits

Author SHA1 Message Date
Joseph Sutton
e4ec3d6f3d tests/krb5: Pass client credentials down into kdc_exchange_dict
These are useful inside the test infrastructure.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-05-05 02:54:30 +00:00
Joseph Sutton
c07ac15462 tests/krb5: Remove test for OemChangePasswordUser2()
We don’t implement this anymore (since commit
0f53bfe723).

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-05-05 02:54:30 +00:00
Joseph Sutton
58bf53c973 tests/krb5: Split out functions for testing logons and password changes
This allows their use for testing other forms of restricted accounts.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-05-05 02:54:30 +00:00
Joseph Sutton
34f378f480 auth/credentials: Allow resetting bind DN on Credentials object
Passing None into set_bind_dn() now resets it.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-05-05 02:54:30 +00:00
Andrew Bartlett
963688b3a5 librpc: Always call ndr_push_compression_state_init() for compression
This allows the push routine to cache the chosen compression algorithm in
the struct ndr_compression_state in ndr->cstate and so, in claims, avoid
calling ndr_size_CLAIMS_SET_NDR() three times per compression (more in the
overall push).

As claims is now the primary use of the libndr compression code, this is
a reasonable tradeoff compared to the other callers who have more static
algorithm selections.

By removing the struct ndr_compression_state **state argument from
ndr_push_compression_state_init() we make clear that the ndr->cstate
belongs to this NDR context, and this context alone.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-05-05 02:54:30 +00:00
Andrew Bartlett
ff2de50aa4 librpc: Fix talloc hierarchy for ndr_compression_state
The complexity of generic_mszip_free() is not needed, nor is a talloc
destructor required if the memory is correctly created in a tree.

Credit to OSS-Fuzz for showing the use-after-free

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57608

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15349

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-05-05 02:54:30 +00:00
Stefan Metzmacher
7dab9edca8 python:descriptor: add missing schema 2019 aces in builtin and dns partition
Note 'samba-tool domain functionalprep' won't fix them in the database,
while a fresh provision will add these.

This is needed in order that 'samba-tool dbcheck --reset-well-known-acls'
won't reset them after a modern provision and will fix them on an old
domain.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-05-05 02:54:30 +00:00
Joseph Sutton
6752bcaf4d s3:utils: Move error-handling code into more suitable spot (CID 1524680)
The loop above would only exit once ‘c’ was equal to −1, and thus this
code could never be reached.

Also set ‘ok’ to false to indicate failure.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May  4 01:29:10 UTC 2023 on atb-devel-224
2023-05-04 01:29:10 +00:00
Joseph Sutton
11f3680462 s3:utils: Use ‘int’ for popt parameters
Previously we were handing the addresses of bool parameters to popt for
POPT_ARG_NONE parameters. This is not supported, and popt was returning
POPT_ERROR_BADOPERATION for these parameters (not bundled popt, though,
nor on Debian or Ubuntu). Using integers instead ensures that these
addresses are aligned and sized as popt expects.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>
2023-05-04 00:34:32 +00:00
Joseph Sutton
d2720a9e78 s3:utils: Use floating-point arithmetic when result is assigned to a double
This avoids any loss of precision from performing an integer division.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>
2023-05-04 00:34:32 +00:00
Christof Schmitt
4dccf5afa4 ctdb-recovery: Use correct struct ban_node_state type for state
If this codepath is hit, ctdb aborts with:

ctdb/server/ctdb_recovery_helper.c:2687: Type mismatch: name[struct ban_node_state] expected[struct node_ban_state]")
    at ../../lib/talloc/talloc.c:505

Fix this by using the correct type.

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed May  3 08:04:09 UTC 2023 on atb-devel-224
2023-05-03 08:04:09 +00:00
Dmitry Antipov
de1fdf1e02 s4:lib:policy: cleanup and handle errors in push_recursive()
Prefer 'char' and 'ssize_t' over 'int' for I/O-related
calls and handle more possible errors in push_recursive().

Signed-off-by: Dmitry Antipov <dantipov@cloudlinux.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>

Autobuild-User(master): David Mulder <dmulder@samba.org>
Autobuild-Date(master): Fri Apr 28 14:19:12 UTC 2023 on atb-devel-224
2023-04-28 14:19:12 +00:00
David Mulder
4486d686f5 gp: Add site-dn fallback when rpc call fails
In testing I noticed that the rpc call for the
site name is failing when joined via SSSD. This
commit adds a fallback to check using the old
style method found in ads_site_dn_for_machine()
(which works, but doesn't obey the Group Policy
spec) if the rpc call fails.

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Apr 28 03:14:25 UTC 2023 on atb-devel-224
2023-04-28 03:14:25 +00:00
David Mulder
c80affe0f1 Add a WHATSNEW entry indicating libgpo py deprecation
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15225

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
David Mulder
ee04bafc25 gpo: Group Policy tests require a s3 loadparam
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15225

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
David Mulder
ac4726106c gpupdate: Deprecate libgpo.get_gpo_list
This is no longer used by gpupdate.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15225

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
David Mulder
a8bad5d5b8 gpupdate: Implement get_gpo_list in python
The ADS code in libgpo is buggy. Rewrite
get_gpo_list in python using SamDB.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15225

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
848bce061a libcli/security/tests: test strings for windows and samba SDDL tests
These are produced by editing `python/samba/test/sddl.py to enable
`test_write_test_strings`, the running `make test TESTS='sddl\\b'`.

The windows executable from the C file added in a recent commit can
run these tests using the `-i` flag.

The Samba sddl.py tests can be induced to use them too, but that is
only useful for showing they are still in sync.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Noel Power
d36bab52d0 s3/utils: when encoding ace string use "FA", "FR", "FW", "FX" string rights
prior to this patch rights matching "FA", "FR", "FW", "FX" were
outputted as the hex string representing the bit value.

While outputting the hex string is perfectly fine, it makes it harder
to compare icacls output (which always uses the special string values)

Additionally adjust various tests to deal with use of shortcut access masks
as sddl format now uses FA, FR, FW & FX strings (like icalcs does) instead
of hex representation of the bit mask.

adjust
  samba4.blackbox.samba-tool_ntacl
  samba3.blackbox.large_acl
  samba.tests.samba_tool.ntacl
  samba.tests.ntacls
  samba.tests.posixacl

so various string comparisons of the sddl format now pass

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

[abartlet@samba.org Adapted to new stricter SDDL behaviour around leading zeros in hex
 numbers, eg 0x001]
2023-04-28 02:15:36 +00:00
Noel Power
0a153c1d58 s3/utils: value for ace_flags value "FA" is incorrect
value for FA should be 0x001f01ff  (instead of 0x00001ff)

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-04-28 02:15:36 +00:00
Andrew Bartlett
9fc6062bd3 pytest:sddl: show the correct handling of the "FA" SDDL flag
The "FA" flag should map to 0x1f01ff, and 0x1f01ff should be converted
back into "FA".

This will be fixed over the next couple of commits.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-04-28 02:15:36 +00:00
Andrew Bartlett
334afc7157 pytest:sddl Samba had the wrong value for FA, now fix the tests
The tests that were in SddlWindowsFlagsAreDifferent have the behaviour
we want, and as we aim for Samba flags no longer being different, we
shift them to SddlNonCanonical. The tests in SddlSambaDoesItsOwnThing
are removed because they showed Samba's old behaviour around FA.

This will create knownfails, which will be fixed by the commit fixing the
value of "FA".

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
c0d477738e libcli:security:sddl: accept only 8-4-4-4-12 GUIDs
Before we would take strings in a variety of lengths and formats,
which is not what Windows does or [MS-DTYP] says.

This was found by looking at evolved fuzz seeds. Note the 16 and 32
byte sequences in GUID position below:

$ hd $(ls -t seeds/fuzz_sddl_parse/* | head -1)| head
00000000  44 3a 41 52 50 50 50 50  50 28 4f 4c 3b 3b 46 57  |D:ARPPPPP(OL;;FW|
00000010  3b 30 7e ff ff ff ff ff  ff ff 2d 31 38 f5 ff ff  |;0~.......-18...|
00000020  fb 3b 3b 52 43 29 28 4f  44 3b 3b 46 57 3b 3b 3b  |.;;RC)(OD;;FW;;;|
00000030  52 43 29 28 4f 44 3b 3b  46 57 3b 30 30 ff ff ff  |RC)(OD;;FW;00...|
00000040  fb 30 e9 9b 3c cf e6 f5  ff ff fb 3b 3b 52 43 29  |.0..<......;;RC)|
00000050  28 4f 44 3b 3b 46 57 43  52 3b 3b 3b 52 43 29 28  |(OD;;FWCR;;;RC)(|
00000060  4f 44 3b 3b 46 58 47 52  3b 3b 33 43 43 35 38 37  |OD;;FXGR;;3CC587|
00000070  32 35 44 44 44 44 44 44  44 44 44 44 44 44 44 44  |25DDDDDDDDDDDDDD|
00000080  44 44 44 44 44 44 44 44  44 44 3b 52 43 29 28 4f  |DDDDDDDDDD;RC)(O|
00000090  44 3b 3b 46 58 3b 3b 3b  52 43 29 28 4f 44 3b 3b  |D;;FX;;;RC)(OD;;|

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
4c1d9e92e1 pytest:large_ldap: use a valid ACE
Real ACEs don't have {} around their GUIDs. This will soon be banned.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
2e90ba7ec6 pytest:sddl: test we only accept normal GUIDs
By normal GUID, I mean ones like f30e3bbf-9ff0-11d1-b603-0000f80367c1,
with four hyphens and no curly braces.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
46793d384e libcli:security:sddl_decode_access allows spaces between flags
because Windows does.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
ec2d2f8ea8 pytest:sddl: tests around spaces in access flags and SIDs
It turns out that in accesss flags Windows will allow leading spaces
and spaces separating flags but not trailing spaces.

We choose to follow this in part because we found it happening in the
wild in our tests for upgradeprovision until a few commits ago.

Windows will also allow spaces in some parts of SIDs.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
0528da54b8 pytest:sddl debugging: should_fail test says how it failed
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
e7445aa677 libcli:security: sddl_decode_ace: don't allow junk after SID
sddl_decode_sid() will stop at the first non-SID character. Windows
doesn't allow white space here, and nor do we.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
c67f2292cb libcli/security: sddl_decode_access rejects trailing rubbish
Before we just ignored things like negative numbers, because they'd
end up being seen as not-numbers, so treated as flags, then as
not-flags.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
faf1b80a90 libcli:security: sddl_map_flags rejects trailing nonsense
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
96fe7ebe3f s3:torture: sid2unixid2: DEBUG blames the right function
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
396d280546 s3:torture:LOCAL-IDMAP-TDB-COMMON: avoid talloc stacktrace
The short version is:

Running LOCAL-IDMAP-TDB-COMMON
test_getnewid1: PASSED!
test_setmap1: PASSED!
test_unixid2sid1: PASSED!
test_sid2unixid1: could not create uid map!
TEST LOCAL-IDMAP-TDB-COMMON FAILED!
LOCAL-IDMAP-TDB-COMMON took 0.029819 secs

Freed frame ../../source3/torture/torture.c:15748, expected ../../source3/torture/test_idmap_tdb_common.c:986.
===============================================================
INTERNAL ERROR: Frame not freed in order. in pid 3692106 (4.19.0pre1-DEVELOPERBUILD)
If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting
===============================================================
PANIC (pid 3692106): Frame not freed in order. in 4.19.0pre1-DEVELOPERBUILD
BACKTRACE: 11 stack frames:
 #0 bin/shared/private/libgenrand-samba4.so(log_stack_trace+0x32) [0x7f2f39b430ba]
 #1 bin/shared/private/libgenrand-samba4.so(smb_panic_log+0x1dd) [0x7f2f39b43037]
 #2 bin/shared/private/libgenrand-samba4.so(smb_panic+0x1c) [0x7f2f39b43056]
 #3 bin/shared/libsamba-util.so.0(+0x75309) [0x7f2f3a659309]
 #4 bin/shared/private/libtalloc-samba4.so(+0x5cc6) [0x7f2f3a758cc6]
 #5 bin/shared/private/libtalloc-samba4.so(+0x6173) [0x7f2f3a759173]
 #6 bin/shared/private/libtalloc-samba4.so(_talloc_free+0x10c) [0x7f2f3a75a54b]
 #7 /data/samba/samba-review/bin/smbtorture3(main+0xa97) [0x55cb3dc8cedc]
 #8 /lib/x86_64-linux-gnu/libc.so.6(+0x29d90) [0x7f2f396d4d90]
 #9 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0x80) [0x7f2f396d4e40]
 #10 /data/samba/samba-review/bin/smbtorture3(_start+0x25) [0x55cb3dc59895]
smb_panic(): calling panic action [/data/samba/samba-review/selftest/gdb_backtrace 3692106]

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
1d9712283b pytest:sddl: add tests for long DACLs, differing flag interpretations
Windows converts hex numbers into flags differently, and has different
ideas of what constitutes "FA", and possibly others.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
de6d470063 pytest:sddl: let hex numbers differ in case (0xa == 0xA)
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
030ce22f52 pytest:sddl: helpers to exchange SDDL strings with Windows testprogram
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
d9e1fa3456 libcli/security: SDDL parse tests to run on Windows
The C version tests the public SDDL API on Windows which seems to follow
Active Directory closely, though case in hex numbers is reversed vis-a-vis
defaultSecurityDescriptor.

The python version is less refined and tests powershell functions.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
97353c0091 pytest:sddl: SDDL strings where Windows behaviour differs
These ones we might want to match. They are understandable behaviours,
like matching lowercase flags and coping with whitespace in some
places. These tests are set up to document the differences without
overwhelming the knownfails.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
fb588d768b pytest:sddl: Add negative tests of unparseable strings
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
a2009b56b5 pytest:sddl: allow tests to make negative assertions
If the subclass has `should_succeed = False`, all the cases
in that class will be tested to ensure they can't be
successfully parsed.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
ba6f401340 pytest:sddl: split each string into it's own test
This of course allows for fine-grained knownfails.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
eac400b4db pytest:sddl: tweak some test strings
Adding, diversifying, and disambiguating. The leading portion of the
test stirngs will soon be used in the test name, and strings that
don't differ in the first hundred characters will cause naming
clashes. There is no good reason for them all to test the same flags
in the same order.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
4652d2766a pytest/sddl: split tests into canonical and non-canonical
The examples in the canonical list are already in the form that
Windows and Samba will use for that SD. We check the round trip.

The examples in the non-canonical list will change in a round trip, so
we also give the string we think they should end up as. These have
been checked on Windows.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
1107952c2b pytest/sddl: remove unused imports
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
ec85c1fdff pytest/sddl: rework to allow multiple lists, no early stop
The test will fail right now because it makes round trip assertions.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
4a24c52056 pytest/sddl: assert sddl string equality
It's not that I think our SD equality check will miss anything, but we
are here to test things like that.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
f87f63997f pytest/sddl: remove duplicate test case
The other copy is on line 102.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
298821a8ed pytest/sddl: give test more of a name
I think it worked, but the convention is that tests have a test_ prefix,
and it woudn't be surpoising if something somewhere decides to depend on
that.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
35bf8ff4f4 pytests/sddl: clarify boundaries between sddl cases
It is now easier to see where one SD ends and another starts.

Best looked at with -b or --word-diff.


Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
67500da148 pytest:posixacl: expect canonical ACE flag format
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00