summaryrefslogtreecommitdiff
path: root/source4/dsdb/tests
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2013-01-10 09:30:38 +1100
committerStefan Metzmacher <metze@samba.org>2013-01-15 14:03:47 +0100
commit065c0ec16259f8d57baec5dfe4e6eb9bdea0002a (patch)
tree933bd0c79d09302b5a843a1d8eb0144cbf7099f6 /source4/dsdb/tests
parentb7b91c85945fab87e55cd8fd65a5b4c50a61d03b (diff)
downloadsamba-065c0ec16259f8d57baec5dfe4e6eb9bdea0002a.tar.gz
samba-065c0ec16259f8d57baec5dfe4e6eb9bdea0002a.tar.bz2
samba-065c0ec16259f8d57baec5dfe4e6eb9bdea0002a.zip
dsdb: Add test for modification of two attributes, one permitted, one denied (bug #9554 - CVE-2013-0172)
Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 8bafe0871526cd5d5e7fdbe123ab661379f64cb1) Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Jan 15 14:03:47 CET 2013 on sn-devel-104
Diffstat (limited to 'source4/dsdb/tests')
-rwxr-xr-xsource4/dsdb/tests/python/acl.py15
1 files changed, 15 insertions, 0 deletions
diff --git a/source4/dsdb/tests/python/acl.py b/source4/dsdb/tests/python/acl.py
index 94bc504804..ecda3c5db6 100755
--- a/source4/dsdb/tests/python/acl.py
+++ b/source4/dsdb/tests/python/acl.py
@@ -389,6 +389,21 @@ url: www.samba.org"""
else:
# This 'modify' operation should always throw ERR_INSUFFICIENT_ACCESS_RIGHTS
self.fail()
+ # Modify on attribute you do not have rights for granted while also modifying something you do have rights for
+ ldif = """
+dn: CN=test_modify_group1,CN=Users,""" + self.base_dn + """
+changetype: modify
+replace: url
+url: www.samba.org
+replace: displayName
+displayName: test_changed"""
+ try:
+ self.ldb_user.modify_ldif(ldif)
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+ else:
+ # This 'modify' operation should always throw ERR_INSUFFICIENT_ACCESS_RIGHTS
+ self.fail()
# Second test object -- Organizational Unit
print "Testing modify on OU object"
self.ldb_admin.create_ou("OU=test_modify_ou1," + self.base_dn)