diff options
| author | Nadezhda Ivanova <nivanova@symas.com> | 2013-10-14 12:38:10 +0300 |
|---|---|---|
| committer | Nadezhda Ivanova <nivanova@samba.org> | 2013-10-14 13:31:50 +0200 |
| commit | 13a10d43141c29dad61868b451c0c1dca82360de (patch) | |
| tree | ec660ca94f27c085be55e5f85e6789a1a2437099 /python | |
| parent | 064433f265d2215389f2a377b6e8243318669b65 (diff) | |
| download | samba-13a10d43141c29dad61868b451c0c1dca82360de.tar.gz samba-13a10d43141c29dad61868b451c0c1dca82360de.tar.bz2 samba-13a10d43141c29dad61868b451c0c1dca82360de.zip | |
s4-samldb: Do not allow deletion of objects with RID < 1000
According to [MS-SAMR] 3.1.5.7 Delete Pattern we should not allow deletion
of security objects with RID < 1000. This patch will prevent deletion of
well-known accounts and groups.
Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date(master): Mon Oct 14 13:31:50 CEST 2013 on sn-devel-104
Diffstat (limited to 'python')
| -rw-r--r-- | python/samba/tests/samba3sam.py | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/python/samba/tests/samba3sam.py b/python/samba/tests/samba3sam.py index 9c017fb79c..7cd656670a 100644 --- a/python/samba/tests/samba3sam.py +++ b/python/samba/tests/samba3sam.py @@ -172,7 +172,7 @@ class Samba3SamTestCase(MapBaseTestCase): self.assertEquals(str(msg[0].dn), "cn=Replicator,ou=Groups,dc=vernstok,dc=nl") self.assertTrue("objectSid" in msg[0]) - self.assertSidEquals("S-1-5-21-4231626423-2410014848-2360679739-552", + self.assertSidEquals("S-1-5-21-4231626423-2410014848-2360679739-1052", msg[0]["objectSid"]) oc = set(msg[0]["objectClass"]) self.assertEquals(oc, set(["group"])) @@ -345,7 +345,7 @@ dnsHostName: x nextRid: y lastLogon: x description: x -objectSid: S-1-5-21-4231626423-2410014848-2360679739-552 +objectSid: S-1-5-21-4231626423-2410014848-2360679739-1052 """) self.ldb.add({ @@ -380,7 +380,7 @@ objectSid: S-1-5-21-4231626423-2410014848-2360679739-552 "sambaBadPasswordCount": "x", "sambaLogonTime": "x", "description": "x", - "sambaSID": "S-1-5-21-4231626423-2410014848-2360679739-552", + "sambaSID": "S-1-5-21-4231626423-2410014848-2360679739-1052", "sambaPrimaryGroupSID": "S-1-5-21-4231626423-2410014848-2360679739-512"}) self.samba3.db.add({ @@ -483,20 +483,20 @@ objectSid: S-1-5-21-4231626423-2410014848-2360679739-552 # TODO: # Using the SID directly in the parse tree leads to conversion # errors, letting the search fail with no results. - #res = self.ldb.search("(objectSid=S-1-5-21-4231626423-2410014848-2360679739-552)", scope=SCOPE_DEFAULT, attrs) + #res = self.ldb.search("(objectSid=S-1-5-21-4231626423-2410014848-2360679739-1052)", scope=SCOPE_DEFAULT, attrs) res = self.ldb.search(expression="(objectSid=*)", base=None, scope=SCOPE_DEFAULT, attrs=["dnsHostName", "lastLogon", "objectSid"]) self.assertEquals(len(res), 4) res = sorted(res, key=attrgetter('dn')) self.assertEquals(str(res[1].dn), self.samba4.dn("cn=X")) self.assertEquals(str(res[1]["dnsHostName"]), "x") self.assertEquals(str(res[1]["lastLogon"]), "x") - self.assertSidEquals("S-1-5-21-4231626423-2410014848-2360679739-552", + self.assertSidEquals("S-1-5-21-4231626423-2410014848-2360679739-1052", res[1]["objectSid"]) self.assertTrue("objectSid" in res[1]) self.assertEquals(str(res[0].dn), self.samba4.dn("cn=A")) self.assertTrue(not "dnsHostName" in res[0]) self.assertEquals(str(res[0]["lastLogon"]), "x") - self.assertSidEquals("S-1-5-21-4231626423-2410014848-2360679739-552", + self.assertSidEquals("S-1-5-21-4231626423-2410014848-2360679739-1052", res[0]["objectSid"]) self.assertTrue("objectSid" in res[0]) |