diff options
author | Matthias Dieter Wallnöfer <mdw@samba.org> | 2011-01-17 13:52:00 +0100 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2011-01-25 13:09:41 +0100 |
commit | 932911e1e1c09caa51a5c7a574987cab6ecb16e4 (patch) | |
tree | f2659c9a33d4d0eaab66fa1928a2276b9acea02b | |
parent | 3468f8de1e408389bd12f2d3f5294bd835431a05 (diff) | |
download | samba-932911e1e1c09caa51a5c7a574987cab6ecb16e4.tar.gz samba-932911e1e1c09caa51a5c7a574987cab6ecb16e4.tar.bz2 samba-932911e1e1c09caa51a5c7a574987cab6ecb16e4.zip |
s4:ldap.py - check the write protection on LSA objects
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Jan 25 13:09:41 CET 2011 on sn-devel-104
-rwxr-xr-x | source4/dsdb/tests/python/ldap.py | 35 |
1 files changed, 30 insertions, 5 deletions
diff --git a/source4/dsdb/tests/python/ldap.py b/source4/dsdb/tests/python/ldap.py index 6972ce3c8f..902dfb77d8 100755 --- a/source4/dsdb/tests/python/ldap.py +++ b/source4/dsdb/tests/python/ldap.py @@ -39,7 +39,7 @@ from subunit.run import SubunitTestRunner import unittest from samba.ndr import ndr_pack, ndr_unpack -from samba.dcerpc import security +from samba.dcerpc import security, lsa from samba.tests import delete_force parser = optparse.OptionParser("ldap.py [options] <host>") @@ -95,7 +95,7 @@ class BasicTests(unittest.TestCase): delete_force(self.ldb, "cn=ldaptestobject," + self.base_dn) delete_force(self.ldb, "description=xyz,cn=users," + self.base_dn) delete_force(self.ldb, "ou=testou,cn=users," + self.base_dn) - delete_force(self.ldb, "cn=testsecret,cn=system," + self.base_dn) + delete_force(self.ldb, "cn=Test Secret,cn=system," + self.base_dn) def test_objectclasses(self): """Test objectClass behaviour""" @@ -104,7 +104,7 @@ class BasicTests(unittest.TestCase): # We cannot create LSA-specific objects (oc "secret" or "trustedDomain") try: self.ldb.add({ - "dn": "cn=testsecret,cn=system," + self.base_dn, + "dn": "cn=Test Secret,cn=system," + self.base_dn, "objectClass": "secret" }) self.fail() except LdbError, (num, _): @@ -369,14 +369,39 @@ class BasicTests(unittest.TestCase): try: self.ldb.add({ - "dn": "cn=testsecret,cn=system," + self.base_dn, + "dn": "cn=Test Secret,cn=system," + self.base_dn, "objectclass": "secret"}) self.fail() except LdbError, (num, _): self.assertEquals(num, ERR_UNWILLING_TO_PERFORM) delete_force(self.ldb, "cn=ldaptestobject," + self.base_dn) - delete_force(self.ldb, "cn=testsecret,cn=system," + self.base_dn) + delete_force(self.ldb, "cn=Test Secret,cn=system," + self.base_dn) + + # Create secret over LSA and try to change it + + lsa_conn = lsa.lsarpc("ncacn_np:%s" % args[0], lp, creds) + lsa_handle = lsa_conn.OpenPolicy2(system_name="\\", + attr=lsa.ObjectAttribute(), + access_mask=security.SEC_FLAG_MAXIMUM_ALLOWED) + secret_name = lsa.String() + secret_name.string = "G$Test" + sec_handle = lsa_conn.CreateSecret(handle=lsa_handle, + name=secret_name, + access_mask=security.SEC_FLAG_MAXIMUM_ALLOWED) + lsa_conn.Close(lsa_handle) + + m = Message() + m.dn = Dn(ldb, "cn=Test Secret,cn=system," + self.base_dn) + m["description"] = MessageElement("desc", FLAG_MOD_REPLACE, + "description") + try: + ldb.modify(m) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_UNWILLING_TO_PERFORM) + + delete_force(self.ldb, "cn=Test Secret,cn=system," + self.base_dn) try: self.ldb.add({ |