diff options
author | Garming Sam <garming@catalyst.net.nz> | 2016-08-17 16:04:49 +1200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2016-08-29 07:35:25 +0200 |
commit | 90581ae1445dc8e57b81da75ac9c03ee7b720aac (patch) | |
tree | f4cc1aef3de87c870bc26f54ae4dbeebf404aaa2 | |
parent | eff99ba7f9d61987580d8c35084ea3e4d9aed503 (diff) | |
download | samba-90581ae1445dc8e57b81da75ac9c03ee7b720aac.tar.gz |
tests/getnc_exop: Ensure the remote prefixmap is always used (secret attrs)
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12187
(cherry picked from commit 1f4ea1686ff1575406b5e8e488feb7b900db12ef)
-rw-r--r-- | source4/torture/drs/python/getnc_exop.py | 91 |
1 files changed, 86 insertions, 5 deletions
diff --git a/source4/torture/drs/python/getnc_exop.py b/source4/torture/drs/python/getnc_exop.py index 858d02ed4c3..d4f8f1d7d8a 100644 --- a/source4/torture/drs/python/getnc_exop.py +++ b/source4/torture/drs/python/getnc_exop.py @@ -332,19 +332,27 @@ class DrsReplicaPrefixMapTestCase(drs_base.DrsBaseTestCase, ExopBaseTest): try: (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8) self.assertEqual(ctr.extended_ret, drsuapi.DRSUAPI_EXOP_ERR_SUCCESS) - except Exception: + except RuntimeError: self.fail("Missing prefixmap shouldn't have triggered an error") def test_invalid_prefix_map_attid(self): # Request for invalid attid partial_attribute_set = self.get_partial_attribute_set([99999]) - pfm = self._samdb_fetch_pfm_and_schi() - dc_guid_1 = self.ldb_dc1.get_invocation_id() - drs, drs_handle = self._ds_bind(self.dnsname_dc1) + try: + pfm = self._samdb_fetch_pfm_and_schi() + except KeyError: + # On Windows, prefixMap isn't available over LDAP + req8 = self._exop_req8(dest_dsa=None, + invocation_id=dc_guid_1, + nc_dn_str=self.user, + exop=drsuapi.DRSUAPI_EXOP_REPL_OBJ) + (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8) + pfm = ctr.mapping_ctr + req8 = self._exop_req8(dest_dsa=None, invocation_id=dc_guid_1, nc_dn_str=self.user, @@ -355,10 +363,83 @@ class DrsReplicaPrefixMapTestCase(drs_base.DrsBaseTestCase, ExopBaseTest): try: (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8) self.fail("Invalid attid (99999) should have triggered an error") - except Exception as (ecode, emsg): + except RuntimeError as (ecode, emsg): self.assertEqual(ecode, 0x000020E2, "Error code should have been " "WERR_DS_DRA_SCHEMA_MISMATCH") + def test_secret_prefix_map_attid(self): + # Request for a secret attid + partial_attribute_set = self.get_partial_attribute_set([drsuapi.DRSUAPI_ATTID_unicodePwd]) + + dc_guid_1 = self.ldb_dc1.get_invocation_id() + drs, drs_handle = self._ds_bind(self.dnsname_dc1) + + try: + pfm = self._samdb_fetch_pfm_and_schi() + except KeyError: + # On Windows, prefixMap isn't available over LDAP + req8 = self._exop_req8(dest_dsa=None, + invocation_id=dc_guid_1, + nc_dn_str=self.user, + exop=drsuapi.DRSUAPI_EXOP_REPL_OBJ) + (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8) + pfm = ctr.mapping_ctr + + + req8 = self._exop_req8(dest_dsa=None, + invocation_id=dc_guid_1, + nc_dn_str=self.user, + exop=drsuapi.DRSUAPI_EXOP_REPL_OBJ, + partial_attribute_set=partial_attribute_set, + mapping_ctr=pfm) + + (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8) + + found = False + for attr in ctr.first_object.object.attribute_ctr.attributes: + if attr.attid == drsuapi.DRSUAPI_ATTID_unicodePwd: + found = True + break + + self.assertTrue(found, "Ensure we get the unicodePwd attribute back") + + for i, mapping in enumerate(pfm.mappings): + # OID: 2.5.4.* + # objectClass: 2.5.4.0 + if mapping.oid.binary_oid == [85, 4]: + idx1 = i + # OID: 1.2.840.113556.1.4.* + # unicodePwd: 1.2.840.113556.1.4.90 + elif mapping.oid.binary_oid == [42, 134, 72, 134, 247, 20, 1, 4]: + idx2 = i + + (pfm.mappings[idx1].id_prefix, + pfm.mappings[idx2].id_prefix) = (pfm.mappings[idx2].id_prefix, + pfm.mappings[idx1].id_prefix) + + tmp = pfm.mappings + tmp[idx1], tmp[idx2] = tmp[idx2], tmp[idx1] + pfm.mappings = tmp + + # 90 for unicodePwd (with new prefix = 0) + partial_attribute_set = self.get_partial_attribute_set([90]) + req8 = self._exop_req8(dest_dsa=None, + invocation_id=dc_guid_1, + nc_dn_str=self.user, + exop=drsuapi.DRSUAPI_EXOP_REPL_OBJ, + partial_attribute_set=partial_attribute_set, + mapping_ctr=pfm) + + (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8) + + found = False + for attr in ctr.first_object.object.attribute_ctr.attributes: + if attr.attid == drsuapi.DRSUAPI_ATTID_unicodePwd: + found = True + break + + self.assertTrue(found, "Ensure we get the unicodePwd attribute back") + def _samdb_fetch_pfm_and_schi(self): """Fetch prefixMap and schemaInfo stored in SamDB using LDB connection""" samdb = self.ldb_dc1 |