s4:objectclass_attrs LDB module - add more delete protected attributes

And enhance the testsuite
author: Matthias Dieter Wallnöfer <mdw@samba.org> 2010-11-20 21:15:57 +0100
committer: Matthias Dieter Wallnöfer <mdw@samba.org> 2010-11-20 21:15:57 +0100
commit: d9f97cd57f9f797c25212f2fc2d9791733a24ca0 (patch)
tree: b04f849d6a493d4930a884cc6bddfc8b0a3a1eef /source4/dsdb/tests
parent: 87ddd5a807298348c95ce5cb720fd9cd87618953 (diff)
download: samba-d9f97cd57f9f797c25212f2fc2d9791733a24ca0.tar.gz
samba-d9f97cd57f9f797c25212f2fc2d9791733a24ca0.tar.bz2
samba-d9f97cd57f9f797c25212f2fc2d9791733a24ca0.zip
1 files changed, 46 insertions, 85 deletions
diff --git a/source4/dsdb/tests/python/sam.py b/source4/dsdb/tests/python/sam.py
index f8871b7e52..e00e23e9fe 100755
--- a/source4/dsdb/tests/python/sam.py
+++ b/source4/dsdb/tests/python/sam.py
@@ -616,15 +616,28 @@ class SamTests(unittest.TestCase):
         except LdbError, (num, _):
             self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
 
-        m = Message()
-        m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
-        m["groupType"] = MessageElement([], FLAG_MOD_DELETE,
-          "groupType")
-        try:
-            ldb.modify(m)
-            self.fail()
-        except LdbError, (num, _):
-            self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+        # Delete protection tests
+
+        for attr in ["nTSecurityDescriptor", "objectSid", "sAMAccountType",
+                     "sAMAccountName", "groupType"]:
+
+            m = Message()
+            m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+            m[attr] = MessageElement([], FLAG_MOD_REPLACE, attr)
+            try:
+                ldb.modify(m)
+                self.fail()
+            except LdbError, (num, _):
+                self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+
+            m = Message()
+            m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
+            m[attr] = MessageElement([], FLAG_MOD_DELETE, attr)
+            try:
+                ldb.modify(m)
+                self.fail()
+            except LdbError, (num, _):
+                self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
 
         m = Message()
         m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
@@ -638,16 +651,6 @@ class SamTests(unittest.TestCase):
 
         m = Message()
         m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
-        m["primaryGroupID"] = MessageElement([], FLAG_MOD_DELETE,
-          "primaryGroupID")
-        try:
-            ldb.modify(m)
-            self.fail()
-        except LdbError, (num, _):
-            self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
-
-        m = Message()
-        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
         m["userAccountControl"] = MessageElement(str(UF_NORMAL_ACCOUNT | UF_PASSWD_NOTREQD), FLAG_MOD_ADD,
           "userAccountControl")
         try:
@@ -658,16 +661,6 @@ class SamTests(unittest.TestCase):
 
         m = Message()
         m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
-        m["userAccountControl"] = MessageElement([], FLAG_MOD_DELETE,
-          "userAccountControl")
-        try:
-            ldb.modify(m)
-            self.fail()
-        except LdbError, (num, _):
-            self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
-
-        m = Message()
-        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
         m["objectSid"] = MessageElement("xxxxxxxxxxxxxxxx", FLAG_MOD_ADD,
           "objectSid")
         try:
@@ -678,24 +671,6 @@ class SamTests(unittest.TestCase):
 
         m = Message()
         m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
-        m["objectSid"] = MessageElement([], FLAG_MOD_REPLACE, "objectSid")
-        try:
-            ldb.modify(m)
-            self.fail()
-        except LdbError, (num, _):
-            self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
-
-        m = Message()
-        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
-        m["objectSid"] = MessageElement([], FLAG_MOD_DELETE, "objectSid")
-        try:
-            ldb.modify(m)
-            self.fail()
-        except LdbError, (num, _):
-            self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
-
-        m = Message()
-        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
         m["sAMAccountType"] = MessageElement("0", FLAG_MOD_ADD,
           "sAMAccountType")
         try:
@@ -706,26 +681,6 @@ class SamTests(unittest.TestCase):
 
         m = Message()
         m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
-        m["sAMAccountType"] = MessageElement([], FLAG_MOD_REPLACE,
-          "sAMAccountType")
-        try:
-            ldb.modify(m)
-            self.fail()
-        except LdbError, (num, _):
-            self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
-
-        m = Message()
-        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
-        m["sAMAccountType"] = MessageElement([], FLAG_MOD_DELETE,
-          "sAMAccountType")
-        try:
-            ldb.modify(m)
-            self.fail()
-        except LdbError, (num, _):
-            self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
-
-        m = Message()
-        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
         m["sAMAccountName"] = MessageElement("test", FLAG_MOD_ADD,
           "sAMAccountName")
         try:
@@ -734,25 +689,31 @@ class SamTests(unittest.TestCase):
         except LdbError, (num, _):
             self.assertEquals(num, ERR_ATTRIBUTE_OR_VALUE_EXISTS)
 
-        m = Message()
-        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
-        m["sAMAccountName"] = MessageElement([], FLAG_MOD_REPLACE,
-          "sAMAccountName")
-        try:
-            ldb.modify(m)
-            self.fail()
-        except LdbError, (num, _):
-            self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+        # Delete protection tests
 
-        m = Message()
-        m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
-        m["sAMAccountName"] = MessageElement([], FLAG_MOD_DELETE,
-          "sAMAccountName")
-        try:
-            ldb.modify(m)
-            self.fail()
-        except LdbError, (num, _):
-            self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+        for attr in ["nTSecurityDescriptor", "objectSid", "sAMAccountType",
+                     "sAMAccountName", "primaryGroupID", "userAccountControl",
+                     "accountExpires", "badPasswordTime", "badPwdCount",
+                     "codePage", "countryCode", "lastLogoff", "lastLogon",
+                     "logonCount", "pwdLastSet"]:
+
+            m = Message()
+            m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+            m[attr] = MessageElement([], FLAG_MOD_REPLACE, attr)
+            try:
+                ldb.modify(m)
+                self.fail()
+            except LdbError, (num, _):
+                self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+
+            m = Message()
+            m.dn = Dn(ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
+            m[attr] = MessageElement([], FLAG_MOD_DELETE, attr)
+            try:
+                ldb.modify(m)
+                self.fail()
+            except LdbError, (num, _):
+                self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
 
         self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
         self.delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
author	Matthias Dieter Wallnöfer <mdw@samba.org>	2010-11-20 21:15:57 +0100
committer	Matthias Dieter Wallnöfer <mdw@samba.org>	2010-11-20 21:15:57 +0100
commit	d9f97cd57f9f797c25212f2fc2d9791733a24ca0 (patch)
tree	b04f849d6a493d4930a884cc6bddfc8b0a3a1eef /source4/dsdb/tests
parent	87ddd5a807298348c95ce5cb720fd9cd87618953 (diff)
download	samba-d9f97cd57f9f797c25212f2fc2d9791733a24ca0.tar.gz samba-d9f97cd57f9f797c25212f2fc2d9791733a24ca0.tar.bz2 samba-d9f97cd57f9f797c25212f2fc2d9791733a24ca0.zip