1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

1694 Commits

Author SHA1 Message Date
Stefan Metzmacher
b805a5975e selftest: add some basic testing for aio_pthread
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2018-04-23 10:30:19 +02:00
Joe Guo
16a228ca33 selftest/graph: enable py3 for samba.tests.graph
Changes are made separatedly in previous commits.
No change needed here.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-04-13 07:27:13 +02:00
Joe Guo
a9f591369e selftest: enable py3 for samba.tests.docs
Popen methods will return bytes.
Decode output to string before using.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-04-13 07:27:13 +02:00
Joe Guo
c070680388 selftest: enable py3 for samba.tests.source
In py2, `open` has no `encoding` arg, python guesses file encoding from
locale. This could be wrong.

Use `io.open` to open a file, so we can specify encoding in both py2 and
py3.

Also, open file with `r` instead of `rb` for py3.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-04-13 07:27:13 +02:00
Joe Guo
f3b5287538 python: bulk replace dict.iteritems to items for py3
In py3, iterxxx methods are removed.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-04-13 07:27:12 +02:00
Andrew Bartlett
18d4a1cc3f selftest: Make a transaction before @INDEXLIST etc is checked in dsdb_schema_attributes.py
This helps us remove the write to the database from the (soon to be
read locked) init code.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13379

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-04-12 05:15:16 +02:00
Andrew Bartlett
a4778ad48e dsdb: Wait until a transaction starts to call dsdb_schema_set_indices_and_attributes()
This avoids starting a transaction in schema_load_init() and allows it
to operate with a read lock held, which will avoid locking issues
(deadlock detected due to lock odering if we do not have a global
read lock).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13379

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-04-12 05:15:16 +02:00
Andrew Bartlett
056b2abde6 dsdb: check for dSHeuristics more carefully
This check would pass if the dSHeuristics was treated as always being
000000000 for searches which is not enough, we must check for a value
of 000000001 (userPassword enabled).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13378

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-04-12 05:15:16 +02:00
Andrew Bartlett
5c7973e9ba dsdb: Check for userPassword support after loading the databases
The net result of this is only that userPassword values (which were
world readable when set) would still be visible after userPassword
started setting the main DB password.

In AD, those values become hidden once the dSHeuristics bit is set,
but Samba lost that when fixing a performance issue with
f26a2845bd

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13378

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-04-12 05:15:16 +02:00
Jeremy Allison
82beaf868f s3: tests: Regression test to ensure we can never return a DIRECTORY attribute on a stream.
Tests streams_xattr and also streams_depot.

Inspired from a real-world test case by Andrew Walker <awalker@ixsystems.com>.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13380

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Apr 12 02:04:28 CEST 2018 on sn-devel-144
2018-04-12 02:04:28 +02:00
Christof Schmitt
1775ac8aa4 winbindd: Do not ignore domain in the LOOKUPNAME request
A LOOKUPNAME request with a domain and a name containing a winbind
separator character would return the result for the joined domain,
instead of the specified domain.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13312

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Apr  6 21:03:31 CEST 2018 on sn-devel-144
2018-04-06 21:03:31 +02:00
Christof Schmitt
552a00ec1f Add test for wbinfo name lookup
This demonstrates that wbinfo -n / --name-to-sid returns information
instead of failing the request. More specifically the query for
INVALIDDOMAIN//user returns the user SID for the joined domain, instead
of failing the request.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13312

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2018-04-06 17:58:38 +02:00
Joe Guo
707af5b31b selftest: enable py3 for samba.tests.blackbox.ndrdump
No change needed.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Apr  5 12:16:41 CEST 2018 on sn-devel-144
2018-04-05 12:16:40 +02:00
Joe Guo
47761ee449 selftest: enable py3 for samba.tests.samdb_api
Fix bytes and string.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-04-05 08:59:10 +02:00
Joe Guo
ff66428201 selftest: enable py3 for samba.tests.kcc.graph_utils
zip will not return a list in Python 3.
Convert to list.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-04-05 08:59:10 +02:00
Joe Guo
a5bc4d8c7a selftest: enable py3 for samba.tests.kcc.graph
In Python 3, range() will not return a list any more.
So `range(7) * 4` will not work.
Convert range to list to fix.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-04-05 08:59:10 +02:00
Joe Guo
5d774fa732 selftest: enable py3 for samba.tests.upgradeprovision
1. `has_key` was removed from dict in Python 3, use `in` instead.
2. `cmp` was removed in Python 3, define it ourselves.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-04-05 08:59:10 +02:00
Joe Guo
68d89b0a19 selftest: enable py3 for samba.tests.hostconfig
Fix relative import.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-04-05 08:59:10 +02:00
Joe Guo
0ebf52744c selftest: enable py3 for samba.tests.common
fix dsdb_Dn comparison for Python 3

In Python 3, the builtin `cmp` funtion was dropped. And the `__cmp__` magic
method in object is no longer honored, which is replaced by 6 new methods:
__eq__, __ne__, __lt__, __le__, __gt__, __ge__.

This caused `tests.CommonTests` failed with `py3_compatiable=True`.
Fixed by adding the above methods.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-04-05 08:59:10 +02:00
Joe Guo
80aaafc2ce selftest: enable py3 for samba.tests.dcerpc.string
No change needed.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-04-05 08:59:09 +02:00
Joe Guo
a35dfa017b selftest: enable py3 for samba.tests.dcerpc.array
No change needed.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-04-05 08:59:09 +02:00
Joe Guo
55c9661468 selftest: enable py3 for samba.tests.dcerpc.rpc_talloc
No changes needed.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-04-05 08:59:09 +02:00
Joe Guo
34cf522e71 selftest: enable py3 for samba.tests.password_quality
No change needed.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-04-05 08:59:09 +02:00
Joe Guo
87743b3275 selftest: enable py3 for samba.tests.upgrade
`os.tempname` is removed in Python 3.
Use `tempfile` instead.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-04-05 08:59:09 +02:00
Joe Guo
908ee2d3d2 selftest: enable py3 for samba.tests.blackbox.check_output
convert bytes to str for Python 3

`BlackboxTestCase.check_output` will return bytes since it uses
`subprocess.communicate` underneath.
Convert expected string result to bytes for comparing.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-04-05 08:59:09 +02:00
Noel Power
2d593c27fd get make test TESTS=samba.tests.provision to work
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-04-05 08:59:09 +02:00
Noel Power
05617a9eee samba python tests: enable samba.tests.ntacls for python3
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-04-05 08:59:09 +02:00
Noel Power
22d563b13e selftest python: get samba.tests.s3idmapdb to run with py3
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-04-05 08:59:09 +02:00
Noel Power
5fd49e8956 python selftest: enable samba.tests.s3windb to run with py3
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-04-05 08:59:08 +02:00
Noel Power
1734655bf8 python selftest: enabled samba.tests.s3registry to run with py3
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-04-05 08:59:08 +02:00
Noel Power
8caa2cd48a python selftest: enable samba.tests.s3passdb to run with python3
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-04-05 08:59:08 +02:00
Noel Power
e4779b0da3 python selftest: enable samba.tests.s3param to run with python3
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-04-05 08:59:08 +02:00
Noel Power
7ad012d411 python selftest: split samba3 test into separate tests
This patch splits the tests contained in samba3.py into separate
tests s3idmapdb.py, s3param.py, s3passdb.py, s3registry.py, s3windb.py
This allows test of associated python c-modules to be done independently.

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-04-05 08:59:08 +02:00
Noel Power
ccc0e06caa samba test python: enable samba.tests.policy for py3
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-04-05 08:59:08 +02:00
Noel Power
40e7d57999 selftest: convert print func to be py2/py3 compatible
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-03-23 07:28:24 +01:00
Jamie McClymont
dd1f8cdf6b selftest: consistently produce high-res UTC time
Currently some subunit reporters throughout the codebase provide low-res time,
meaning timestamps jump back and forth in the subunit file. Also, some subunit
reporters produce UTC timestamps while others produce local time. UTC was chosen
as the standard for this commit since all of the timestamps end with a Z (= Zulu
= UTC).

Signed-off-by: Jamie McClymont <jamiemcclymont@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Mar 22 13:26:44 CET 2018 on sn-devel-144
2018-03-22 13:26:44 +01:00
Jamie McClymont
ba805dcd6f s4:selftest: explicitly set NSS/RESOLV_WAPPER_* in wait_for_start
These variables were previously set directly on the selftest process
for the purpose of making this ldbsearch call, allowing them to leak
into other environments.

Signed-off-by: Jamie McClymont <jamiemcclymont@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2018-03-22 08:00:25 +01:00
Jamie McClymont
3966342a18 selftest: Clear environment before provision
Currently, if an environment is being provisioned after a test which used
ad_member_rfc2307, the provisioning process has all of the following in its
environment:

{
	'DC_NETBIOSNAME'               => 'LOCALDC',
	'DC_PASSWORD'                  => 'locDCpass1',
	'DC_SERVER_IP'                 => '127.0.0.21',
	'DC_SERVER_IPV6'               => 'fd00:0000:0000:0000:0000:0000:5357:5f15',
	'DC_SERVER'                    => 'localdc',
	'DC_USERNAME'                  => 'Administrator',
	'DOMAIN'                       => 'SAMBADOMAIN',
	'LOCAL_PATH'                   => '/.../st/ad_member_rfc2307/share',
	'LOCK_DIR'                     => '/.../st/ad_member_rfc2307/lockdir',
	'NETBIOSNAME'                  => 'RFC2307MEMBER',
	'NMBD_SOCKET_DIR'              => '/.../st/ad_member_rfc2307/nmbd',
	'NSS_WRAPPER_GROUP'            => '/.../st/ad_member_rfc2307/private/group',
	'NSS_WRAPPER_HOSTNAME'         => 'rfc2307member.samba.example.com',
	'NSS_WRAPPER_HOSTS'            => '/.../st/hosts',
	'NSS_WRAPPER_MODULE_FN_PREFIX' => 'winbind',
	'NSS_WRAPPER_MODULE_SO_PATH'   => '/.../bin/default/nsswitch/libnss-wrapper-winbind.so',
	'NSS_WRAPPER_PASSWD'           => '/.../st/ad_member_rfc2307/private/passwd',
	'PASSWORD'                     => 'loCalMemberPass',
	'REALM'                        => 'SAMBA.EXAMPLE.COM',
	'RESOLV_WRAPPER_HOSTS'         => '/.../st/dns_host_file',
	'SELFTEST_WINBINDD_SOCKET_DIR' => '/.../st/ad_member_rfc2307/winbindd',
	'SERVER_IP'                    => '127.0.0.34',
	'SERVER_IPV6'                  => 'fd00:0000:0000:0000:0000:0000:5357:5f22',
	'SERVER'                       => 'RFC2307MEMBER',
	'USERID'                       => '55668',
	'USERNAME'                     => 'jamiemcclymont',
}

Unsurprisingly, some of these can cause issues for the provisioning process, if
a reduced subset of tests is being run which causes the provision to encounter
never-before-seen pairs of adjacent environments.

For example, a run with only
	TESTS='--include-env=vampire_dc --include-env=ad_member_rfc2307'
would fail to start up the vampire_dc with:
	Could not find machine account in secrets database:
	Failed to fetch machine account password from secrets.ldb:
	Could not find entry to match filter:
	'(&(flatname=SAMBADOMAIN)(objectclass=primaryDomain))' base: 'cn=Primary Domains': No such object: dsdb_search at ../source4/dsdb/common/util.c:4641

Signed-off-by: Jamie McClymont <jamiemcclymont@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2018-03-22 08:00:25 +01:00
Garming Sam
2b87bf8c09 samba_dnsupdate: Introduce automatic site coverage
This uses the underlying function in kcc_utils.py which already has
tests.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-03-21 04:36:22 +01:00
Garming Sam
79b640f84e tests/samba_dnsupdate: Add a trivial test of automatic site coverage
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-03-21 04:36:22 +01:00
Garming Sam
b71f897b4f tests/kcc_util: Add unit tests for automatic site coverage
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-03-21 04:36:22 +01:00
Stefan Metzmacher
63de04c01c s4:kdc: make sure we expand group memberships of the local domain
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2018-03-19 20:30:52 +01:00
Stefan Metzmacher
0f9a09bd35 s4:auth_winbind: make sure we expand group memberships of the local domain
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2018-03-19 20:30:51 +01:00
Stefan Metzmacher
ef447434cb s4:selftest: run samba4.blackbox.trust_token against fl2003dc and fl2008r2dc
This fails currently as we don't expand groups on the trust boundary.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2018-03-19 20:30:51 +01:00
Stefan Metzmacher
7b3a9880c9 selftest/Samba4: create add ${TRUST_DOMSID}-513 to a local group
This will allow testing expanding groups on the trust boundary.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2018-03-19 20:30:51 +01:00
Stefan Metzmacher
94bbcb0ea0 selftest: generate a ramdon domain sid during provision and export as SAMSID/[TRUST_]DOMSID
This will be useful for future tests.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2018-03-19 20:30:51 +01:00
Stefan Metzmacher
6415d6fc19 selftest/Samba4: use DOMAIN/REALM from the dcvars instead of using hardcoded values
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2018-03-19 20:30:51 +01:00
Stefan Metzmacher
fb03f9a1de dsdb:extended_dn_store: add support for FPO (foreignSecurityPrincipal) enabled attributes
This implements the handling for FPO-enabled attributes, see
[MS-ADTS] 3.1.1.5.2.3 Special Classes and Attributes:

  FPO-enabled attributes: member, msDS-MembersForAzRole,
    msDS-NeverRevealGroup, msDS-NonMembers, msDS-RevealOnDemandGroup,
    msDS-ServiceAccount.

Note there's no msDS-ServiceAccount in any schema (only
msDS-HostServiceAccount and that's not an FPO-enabled attribute
at least not in W2008R2)

msDS-NonMembers always generates NOT_SUPPORTED against W2008R2.

See also [MS-SAMR] 3.1.1.8.9 member.

We now create foreignSeurityPrincipal objects on the fly (as needed).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2018-03-19 20:30:51 +01:00
Stefan Metzmacher
799c9d1ce3 tests/dsdb.py: test creation of foreignSecurityPrincipal via 'attr: <SID=...>'
[MS-ADTS] 3.1.1.5.2.3 Special Classes and Attributes claims:

  FPO-enabled attributes:
   member, msDS-MembersForAzRole, msDS-NeverRevealGroup,
   msDS-NonMembers, msDS-RevealOnDemandGroup, msDS-ServiceAccount.

'msDS-NonMembers' always generates NOT_SUPPORTED.

'msDS-ServiceAccount' is not defined in any schema
(only msDS-HostServiceAccount).

'msDS-HostServiceAccount' is not an FPO-enabled attribute
and behaves as the 'manager' attribute.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2018-03-19 20:30:50 +01:00
Stefan Metzmacher
a0813b2a9f dsdb:samldb: require as_system or provision control to create foreignSecurityPrincipal objects
Windows rejects creating foreignSecurityPrincipal objects directly.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2018-03-19 20:30:50 +01:00