summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthias Dieter Wallnöfer <mdw@samba.org>2011-01-17 13:52:00 +0100
committerAndrew Bartlett <abartlet@samba.org>2011-01-25 13:09:41 +0100
commit932911e1e1c09caa51a5c7a574987cab6ecb16e4 (patch)
treef2659c9a33d4d0eaab66fa1928a2276b9acea02b
parent3468f8de1e408389bd12f2d3f5294bd835431a05 (diff)
downloadsamba-932911e1e1c09caa51a5c7a574987cab6ecb16e4.tar.gz
samba-932911e1e1c09caa51a5c7a574987cab6ecb16e4.tar.bz2
samba-932911e1e1c09caa51a5c7a574987cab6ecb16e4.zip
s4:ldap.py - check the write protection on LSA objects
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Jan 25 13:09:41 CET 2011 on sn-devel-104
-rwxr-xr-xsource4/dsdb/tests/python/ldap.py35
1 files changed, 30 insertions, 5 deletions
diff --git a/source4/dsdb/tests/python/ldap.py b/source4/dsdb/tests/python/ldap.py
index 6972ce3c8f..902dfb77d8 100755
--- a/source4/dsdb/tests/python/ldap.py
+++ b/source4/dsdb/tests/python/ldap.py
@@ -39,7 +39,7 @@ from subunit.run import SubunitTestRunner
import unittest
from samba.ndr import ndr_pack, ndr_unpack
-from samba.dcerpc import security
+from samba.dcerpc import security, lsa
from samba.tests import delete_force
parser = optparse.OptionParser("ldap.py [options] <host>")
@@ -95,7 +95,7 @@ class BasicTests(unittest.TestCase):
delete_force(self.ldb, "cn=ldaptestobject," + self.base_dn)
delete_force(self.ldb, "description=xyz,cn=users," + self.base_dn)
delete_force(self.ldb, "ou=testou,cn=users," + self.base_dn)
- delete_force(self.ldb, "cn=testsecret,cn=system," + self.base_dn)
+ delete_force(self.ldb, "cn=Test Secret,cn=system," + self.base_dn)
def test_objectclasses(self):
"""Test objectClass behaviour"""
@@ -104,7 +104,7 @@ class BasicTests(unittest.TestCase):
# We cannot create LSA-specific objects (oc "secret" or "trustedDomain")
try:
self.ldb.add({
- "dn": "cn=testsecret,cn=system," + self.base_dn,
+ "dn": "cn=Test Secret,cn=system," + self.base_dn,
"objectClass": "secret" })
self.fail()
except LdbError, (num, _):
@@ -369,14 +369,39 @@ class BasicTests(unittest.TestCase):
try:
self.ldb.add({
- "dn": "cn=testsecret,cn=system," + self.base_dn,
+ "dn": "cn=Test Secret,cn=system," + self.base_dn,
"objectclass": "secret"})
self.fail()
except LdbError, (num, _):
self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
delete_force(self.ldb, "cn=ldaptestobject," + self.base_dn)
- delete_force(self.ldb, "cn=testsecret,cn=system," + self.base_dn)
+ delete_force(self.ldb, "cn=Test Secret,cn=system," + self.base_dn)
+
+ # Create secret over LSA and try to change it
+
+ lsa_conn = lsa.lsarpc("ncacn_np:%s" % args[0], lp, creds)
+ lsa_handle = lsa_conn.OpenPolicy2(system_name="\\",
+ attr=lsa.ObjectAttribute(),
+ access_mask=security.SEC_FLAG_MAXIMUM_ALLOWED)
+ secret_name = lsa.String()
+ secret_name.string = "G$Test"
+ sec_handle = lsa_conn.CreateSecret(handle=lsa_handle,
+ name=secret_name,
+ access_mask=security.SEC_FLAG_MAXIMUM_ALLOWED)
+ lsa_conn.Close(lsa_handle)
+
+ m = Message()
+ m.dn = Dn(ldb, "cn=Test Secret,cn=system," + self.base_dn)
+ m["description"] = MessageElement("desc", FLAG_MOD_REPLACE,
+ "description")
+ try:
+ ldb.modify(m)
+ self.fail()
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+
+ delete_force(self.ldb, "cn=Test Secret,cn=system," + self.base_dn)
try:
self.ldb.add({