summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xsource4/dsdb/tests/python/acl.py58
1 files changed, 50 insertions, 8 deletions
diff --git a/source4/dsdb/tests/python/acl.py b/source4/dsdb/tests/python/acl.py
index 85018b0a4d..12f653b2f2 100755
--- a/source4/dsdb/tests/python/acl.py
+++ b/source4/dsdb/tests/python/acl.py
@@ -6,7 +6,6 @@ import optparse
import sys
import base64
import re
-
sys.path.append("bin/python")
import samba
samba.ensure_external_module("testtools", "testtools")
@@ -20,7 +19,7 @@ from ldb import (
from ldb import ERR_CONSTRAINT_VIOLATION
from ldb import ERR_OPERATIONS_ERROR
from ldb import Message, MessageElement, Dn
-from ldb import FLAG_MOD_REPLACE, FLAG_MOD_DELETE
+from ldb import FLAG_MOD_REPLACE, FLAG_MOD_ADD, FLAG_MOD_DELETE
from samba.ndr import ndr_pack, ndr_unpack
from samba.dcerpc import security
@@ -67,6 +66,13 @@ class AclTests(samba.tests.TestCase):
self.user_pass = "samba123@"
self.configuration_dn = self.ldb_admin.get_config_basedn().get_linearized()
self.sd_utils = sd_utils.SDUtils(ldb)
+ #used for anonymous login
+ self.creds_tmp = Credentials()
+ self.creds_tmp.set_username("")
+ self.creds_tmp.set_password("")
+ self.creds_tmp.set_domain(creds.get_domain())
+ self.creds_tmp.set_realm(creds.get_realm())
+ self.creds_tmp.set_workstation(creds.get_workstation())
print "baseDN: %s" % self.base_dn
def get_user_dn(self, name):
@@ -134,6 +140,7 @@ class AclAddTests(AclTests):
delete_force(self.ldb_admin, self.get_user_dn(self.usr_admin_owner))
delete_force(self.ldb_admin, self.get_user_dn(self.usr_admin_not_owner))
delete_force(self.ldb_admin, self.get_user_dn(self.regular_user))
+ delete_force(self.ldb_admin, self.get_user_dn("test_add_anonymous"))
# Make sure top OU is deleted (and so everything under it)
def assert_top_ou_deleted(self):
@@ -229,6 +236,16 @@ class AclAddTests(AclTests):
expression="(distinguishedName=%s,%s)" % ("CN=test_add_group1,OU=test_add_ou2,OU=test_add_ou1", self.base_dn))
self.assertTrue(len(res) > 0)
+ def test_add_anonymous(self):
+ """Test add operation with anonymous user"""
+ anonymous = SamDB(url=host, credentials=self.creds_tmp, lp=lp)
+ try:
+ anonymous.newuser("test_add_anonymous", self.user_pass)
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_OPERATIONS_ERROR)
+ else:
+ self.fail()
+
#tests on ldap modify operations
class AclModifyTests(AclTests):
@@ -259,6 +276,7 @@ class AclModifyTests(AclTests):
delete_force(self.ldb_admin, self.get_user_dn(self.user_with_sm))
delete_force(self.ldb_admin, self.get_user_dn(self.user_with_group_sm))
delete_force(self.ldb_admin, self.get_user_dn("test_modify_user2"))
+ delete_force(self.ldb_admin, self.get_user_dn("test_anonymous"))
def test_modify_u1(self):
"""5 Modify one attribute if you have DS_WRITE_PROPERTY for it"""
@@ -554,6 +572,23 @@ Member: CN=test_modify_user2,CN=Users,""" + self.base_dn
% ("CN=test_modify_group2,CN=Users," + self.base_dn), attrs=["Member"])
self.assertEqual(res[0]["Member"][0], "CN=test_modify_user2,CN=Users," + self.base_dn)
+ def test_modify_anonymous(self):
+ """Test add operation with anonymous user"""
+ anonymous = SamDB(url=host, credentials=self.creds_tmp, lp=lp)
+ self.ldb_admin.newuser("test_anonymous", "samba123@")
+ m = Message()
+ m.dn = Dn(anonymous, self.get_user_dn("test_anonymous"))
+
+ m["description"] = MessageElement("sambauser2",
+ FLAG_MOD_ADD,
+ "description")
+ try:
+ anonymous.modify(m)
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_OPERATIONS_ERROR)
+ else:
+ self.fail()
+
#enable these when we have search implemented
class AclSearchTests(AclTests):
@@ -563,12 +598,6 @@ class AclSearchTests(AclTests):
self.u2 = "search_u2"
self.u3 = "search_u3"
self.group1 = "group1"
- self.creds_tmp = Credentials()
- self.creds_tmp.set_username("")
- self.creds_tmp.set_password("")
- self.creds_tmp.set_domain(creds.get_domain())
- self.creds_tmp.set_realm(creds.get_realm())
- self.creds_tmp.set_workstation(creds.get_workstation())
self.ldb_admin.newuser(self.u1, self.user_pass)
self.ldb_admin.newuser(self.u2, self.user_pass)
self.ldb_admin.newuser(self.u3, self.user_pass)
@@ -926,6 +955,7 @@ class AclDeleteTests(AclTests):
super(AclDeleteTests, self).tearDown()
delete_force(self.ldb_admin, self.get_user_dn("test_delete_user1"))
delete_force(self.ldb_admin, self.get_user_dn(self.regular_user))
+ delete_force(self.ldb_admin, self.get_user_dn("test_anonymous"))
def test_delete_u1(self):
"""User is prohibited by default to delete another User object"""
@@ -965,6 +995,18 @@ class AclDeleteTests(AclTests):
expression="(distinguishedName=%s)" % user_dn)
self.assertEqual(res, [])
+ def test_delete_anonymous(self):
+ """Test add operation with anonymous user"""
+ anonymous = SamDB(url=host, credentials=self.creds_tmp, lp=lp)
+ self.ldb_admin.newuser("test_anonymous", "samba123@")
+
+ try:
+ anonymous.delete(self.get_user_dn("test_anonymous"))
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_OPERATIONS_ERROR)
+ else:
+ self.fail()
+
#tests on ldap rename operations
class AclRenameTests(AclTests):