summaryrefslogtreecommitdiff
path: root/source4/dsdb/tests
AgeCommit message (Collapse)AuthorFilesLines
2013-10-25s4-dsacl: Fixed incorrect handling of privileges in sec_access_check_dsNadezhda Ivanova2-1/+31
Restore and backup privileges are not relevant to ldap access checks, and the TakeOwnership privilege should grant write_owner right Signed-off-by: Nadezhda Ivanova <nivanova@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-10-14s4-samldb: Do not allow deletion of objects with RID < 1000Nadezhda Ivanova1-3/+34
According to [MS-SAMR] 3.1.5.7 Delete Pattern we should not allow deletion of security objects with RID < 1000. This patch will prevent deletion of well-known accounts and groups. Signed-off-by: Nadezhda Ivanova <nivanova@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date(master): Mon Oct 14 13:31:50 CEST 2013 on sn-devel-104
2013-10-10dsdb/tests/ldap: fix test_distinguished_name against w2k8r2Stefan Metzmacher1-2/+2
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-10-10dsdb/tests/ldap: fix test_ldapServiceName against w2k8r2Stefan Metzmacher1-4/+8
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10193 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-06-12dsdb-tests ldap.py: Add test for usn behaviour on certain changesAndrew Bartlett1-54/+155
This probes when the usn is updated, and when it is not. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Jun 12 11:54:01 CEST 2013 on sn-devel-104
2013-06-12dsdb-tests ldap.py: Fix quoting of print statementsAndrew Bartlett1-10/+10
While python didn't mind (oddly) it really confused my editor. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-06-10s4:samldb LDB module - MS-SAMR 3.1.1.8.10 "userAccountControl"Matthias Dieter Wallnöfer1-1/+81
"UF_LOCKOUT" and "UF_PASSWORD_EXPIRED" are never stored but rather are used for special semantics. "UF_LOCKOUT" performs an account lockout and "UF_PASSWORD_EXPIRED" forces password expiration. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Mon Jun 10 07:32:35 CEST 2013 on sn-devel-104
2013-06-05s4:samldb LDB module - permit "userAccountControl" modifications without ↵Matthias Dieter Wallnöfer1-0/+32
acct. type Obviously this defaults to UF_NORMAL_ACCOUNT. Some background can be found in MS-SAMR section 3.1.1.8.10. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Jun 5 03:26:25 CEST 2013 on sn-devel-104
2013-06-05s4:samldb LDB module - "userAccountControl" = 0 means UF_NORMAL_ACCOUNT on addMatthias Dieter Wallnöfer1-18/+26
Windows Server 2008 has changed semantics in comparison to Server 2003. Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-05-17s4:dsdb python tests - set the executable flagMatthias Dieter Wallnöfer2-0/+0
Reviewed-by: Matthieu Patou <mat@samba.org> Autobuild-User(master): Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date(master): Fri May 17 15:11:29 CEST 2013 on sn-devel-104
2013-01-27tests/sec_descriptor: the default owner behavior depends on ↵Stefan Metzmacher1-4/+4
domainControllerFunctionality (bug #9481) Not on the domainFunctionality. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21Tests: rewrite ldap_schema to specify attributesMatthieu Patou1-15/+24
Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-15dsdb: Add test for modification of two attributes, one permitted, one denied ↵Andrew Bartlett1-0/+15
(bug #9554 - CVE-2013-0172) Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 8bafe0871526cd5d5e7fdbe123ab661379f64cb1) Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Jan 15 14:03:47 CET 2013 on sn-devel-104
2012-12-10s4:dsdb/tests/sec_descriptor: verify the search of a windows dc join keeps ↵Stefan Metzmacher1-0/+7
working This is a regression test for bug #9470. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Mon Dec 10 15:41:12 CET 2012 on sn-devel-104
2012-12-10s4:dsdb/tests/sec_descriptor: verify the nTSecurityDescriptor and sd_flags ↵Stefan Metzmacher1-0/+116
interaction This is a regression test for bug #9470. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-30s4:dsdb/tests: add SdAutoInheritTestsStefan Metzmacher1-1/+83
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Fri Nov 30 18:59:50 CET 2012 on sn-devel-104
2012-06-25s4-join: Import DNS zones in AD DC joinAndrew Bartlett1-0/+2
2012-06-23selftest: schema is not automatically reloaded now so if you modify it you ↵Matthieu Patou1-0/+9
have to reload it Autobuild-User(master): Matthieu Patou <mat@samba.org> Autobuild-Date(master): Sat Jun 23 10:48:13 CEST 2012 on sn-devel-104
2012-06-21samdb: Accept a list of member variables rather than a comma-separated string.Jelmer Vernooij3-17/+17
2012-05-04s4:samldb LDB module - make sure to not add identical ↵Matthias Dieter Wallnöfer1-4/+47
"servicePrincipalName"s more than once The service principal names need to be case-insensitively unique, otherwise we end up in a LDB ERR_ATTRIBUTE_OR_VALUE_EXISTS error. This issue has been discovered on the technical mailing list (thread: cannot rename windows xp machine in samba4) when trying to rename a AD client workstation.
2012-04-30s4:samldb LDB module - implement "fSMORoleOwner" attribute protectionMatthias Dieter Wallnöfer1-0/+77
This is a very essential attribute since it references to various domain master roles (PDC emulator, schema...) depending on which entry it has been set. Incautious modifications can cause severe problems. Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Apr 30 02:04:24 CEST 2012 on sn-devel-104
2012-03-26s4:ldap.py - re-introduce the ↵Matthias Dieter Wallnöfer1-11/+4
"(dn=CN=ldaptestUSER3,CN=Users,DC=wallnoefer2,DC=local)" test This syntax is not supported by Windows AD and should also be denied by s4/LDB. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Mar 26 02:30:53 CEST 2012 on sn-devel-104
2012-03-26LDB/s4 - do not use the "(dn=...)" syntax on filters anymoreMatthias Dieter Wallnöfer1-5/+5
Make it AD-compatible using "(distinguishedName=...)". Reviewed-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-03-26s4:ldap.py - test the already mentioned structural object class sorting ↵Matthias Dieter Wallnöfer1-0/+15
behaviour Reviewed-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-02-20s4-selftest: Avoid running kinit for each new connectionAndrew Bartlett3-3/+6
Kerberos is efficient when the credentials cache is set up once and then reused. Sadly this test creates a user, does a test and deletes the user, over and over. For this, using NTLM saves a little time, but we also stress the rest of the DB, and should rework the test. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Feb 20 00:49:56 CET 2012 on sn-devel-104
2012-01-24python: Change except: statement to except Exception:Amitay Isaacs1-1/+1
This way we only catch true exceptions and keyboard interrupts are not caught here. Autobuild-User: Amitay Isaacs <amitay@samba.org> Autobuild-Date: Tue Jan 24 03:32:40 CET 2012 on sn-devel-104
2011-11-14Remove broken code - these lines use undefined symbols.Jelmer Vernooij1-7/+2
2011-11-10test: fixed several tests to use samba.testsAndrew Tridgell5-8/+9
this fixes error checking. Test failures were not being detected otherwise Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
2011-11-02s4-sites: Document, fix under optimal coding, use exceptionsMatthieu Patou1-18/+18
Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Wed Nov 2 22:35:00 CET 2011 on sn-devel-104
2011-11-02s4-selftest: add unit tests for sites's function in pythonMatthieu Patou1-0/+125
2011-10-27s4:ldap.py - fix up the dSHeuristics test to check for the right behaviourMatthias Dieter Wallnöfer1-15/+27
Reviewed-by: abartlet
2011-10-27s4:ldap.py - we test the creation of secrets already in the "systemOnly" ↵Matthias Dieter Wallnöfer1-9/+0
testcase Reviewed-by: abartlet
2011-10-27s4:ldap.py - enhance and fix up the object class testMatthias Dieter Wallnöfer1-6/+95
Also address the problem described in bug #8486. Reviewed-by: abartlet
2011-10-27s4:ldap.py - fix up the UTF8 testsMatthias Dieter Wallnöfer1-7/+8
Reviewed-by: abartlet
2011-10-27s4:ldap.py - reactivate some assertions in "test_all"Matthias Dieter Wallnöfer1-2/+2
There should always be one result on both s4 and Windows. Reviewed-by: abartlet
2011-10-09Remove pointless exception catching in tests.Jelmer Vernooij2-10/+4
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sun Oct 9 00:00:26 CEST 2011 on sn-devel-104
2011-09-19pyldb: fixed places where we try to concatenate a Dn with a stringAndrew Tridgell2-16/+16
you need to either use str(dn) or use %s in a format string
2011-09-19s4-dsdb: use get_config_basedn() in python testsAndrew Tridgell4-18/+18
we can't just append CN=Configuration to the basedn, as that won't give the right configuration DN for a subdomain of a forest Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-25s4-acl: use dnsforest not dnsdomain for GC namesAndrew Tridgell1-3/+3
2011-08-09s4-acl-test: use symbolic names for groupTypeAndrew Tridgell1-11/+16
clearer than magic numbers
2011-05-25s4:sam.py - uncomment/enhance some account type testsMatthias Dieter Wallnöfer1-30/+48
Reviewed-by: abartlet
2011-05-25s4:sam.py - tests for "isCriticalSystemObject" attributeMatthias Dieter Wallnöfer1-0/+132
Reviewed-by: abartlet
2011-05-25s4:sam.py - unchanged "primaryGroupID" when account type remains the sameMatthias Dieter Wallnöfer1-0/+38
Enhance the testcase with a workstation example. Reviewed-by: abartlet
2011-05-21s4:sam.py - add tests to check that setting "userAccountValue" on usersdon't ↵Matthieu Patou1-2/+40
impact the "primaryGroupID" attribute Notice: The domain administrators groups isn't referenced as "Domain Admins" since this name could differ. Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat May 21 19:19:57 CEST 2011 on sn-devel-104
2011-05-21s4-dsdb: add unit tests for dirsync controlMatthieu Patou1-0/+713
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-04-29s4:token_group.py python test - fix typosMatthias Dieter Wallnöfer1-2/+2
2011-04-07ldb: fixed --paged option in ldb toolsAndrew Tridgell1-1/+1
we were sometimes using 'paged_result' and sometimes using 'paged_results'. The latter seemed to be more common, so I changed the two places that used the 'paged_result' string to 'paged_results'
2011-03-20pyldb: add more tests for control manipulationMatthieu Patou1-0/+4
2011-03-04s4:operational LDB module - fix attribute names to be right up/down-casedMatthias Dieter Wallnöfer1-3/+3
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Fri Mar 4 23:56:07 CET 2011 on sn-devel-104
2011-03-04s4:ldap.py - rootdse tests should search for the rootDSE not the default DNMatthias Dieter Wallnöfer1-1/+1
Reviewed by: Tridge
generated by cgit (git 2.34.1) at 2024-05-29 02:07:04 +0000