tests/dsdb.py: verify that foreignSecurityPrincipal objects require the provision control

Windows rejects creating foreignSecurityPrincipal objects directly. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
author: Stefan Metzmacher <metze@samba.org> 2018-02-22 22:51:19 +0100
committer: Andreas Schneider <asn@cryptomilk.org> 2018-03-19 20:30:50 +0100
commit: 856504ca26d1769b5db8fe2e220414960349afe9 (patch)
tree: 742ffddb6c3c5eb1879aedddcbf34012a05238f6 /python/samba/tests/dsdb.py
parent: 470044bee84bdd798e9ccd0d1989b90e9a84ecaa (diff)
download: samba-856504ca26d1769b5db8fe2e220414960349afe9.tar.gz
1 files changed, 42 insertions, 4 deletions
diff --git a/python/samba/tests/dsdb.py b/python/samba/tests/dsdb.py
index afbc2e3cf02..7a4ee29389f 100644
--- a/python/samba/tests/dsdb.py
+++ b/python/samba/tests/dsdb.py
@@ -215,19 +215,57 @@ class DsdbTests(TestCase):
             c = "9"
         else:
             c = "0"
-        sid     = str(dom_sid)[:-1] + c + "-1000"
+        sid_str = str(dom_sid)[:-1] + c + "-1000"
+        sid     = ndr_pack(security.dom_sid(sid_str))
         basedn  = self.samdb.get_default_basedn()
-        dn      = "CN=%s,CN=ForeignSecurityPrincipals,%s" % (sid, basedn)
+        dn      = "CN=%s,CN=ForeignSecurityPrincipals,%s" % (sid_str, basedn)
+
+        #
+        # First without control
+        #
+
+        try:
+            self.samdb.add({
+                "dn": dn,
+                "objectClass": "foreignSecurityPrincipal"})
+            self.fail("No exception should get ERR_OBJECT_CLASS_VIOLATION")
+        except ldb.LdbError as e:
+            (code, msg) = e.args
+            self.assertEqual(code, ldb.ERR_OBJECT_CLASS_VIOLATION, str(e))
+            werr = "%08X" % werror.WERR_DS_MISSING_REQUIRED_ATT
+            self.assertTrue(werr in msg, msg)
+
+        try:
+            self.samdb.add({
+                "dn": dn,
+                "objectClass": "foreignSecurityPrincipal",
+                "objectSid": sid})
+            self.fail("No exception should get ERR_UNWILLING_TO_PERFORM")
+        except ldb.LdbError as e:
+            (code, msg) = e.args
+            self.assertEqual(code, ldb.ERR_UNWILLING_TO_PERFORM, str(e))
+            werr = "%08X" % werror.WERR_DS_ILLEGAL_MOD_OPERATION
+            self.assertTrue(werr in msg, msg)
+
+        #
+        # We need to use the provision control
+        # in order to add foreignSecurityPrincipal
+        # objects
+        #
+
+        controls = ["provision:0"]
         self.samdb.add({
             "dn": dn,
-            "objectClass": "foreignSecurityPrincipal"})
+            "objectClass": "foreignSecurityPrincipal"},
+            controls=controls)
 
         self.samdb.delete(dn)
 
         try:
             self.samdb.add({
                 "dn": dn,
-                "objectClass": "foreignSecurityPrincipal"})
+                "objectClass": "foreignSecurityPrincipal"},
+                controls=controls)
         except ldb.LdbError as e:
             (code, msg) = e.args
             self.fail("Got unexpected exception %d - %s "
author	Stefan Metzmacher <metze@samba.org>	2018-02-22 22:51:19 +0100
committer	Andreas Schneider <asn@cryptomilk.org>	2018-03-19 20:30:50 +0100
commit	856504ca26d1769b5db8fe2e220414960349afe9 (patch)
tree	742ffddb6c3c5eb1879aedddcbf34012a05238f6 /python/samba/tests/dsdb.py
parent	470044bee84bdd798e9ccd0d1989b90e9a84ecaa (diff)
download	samba-856504ca26d1769b5db8fe2e220414960349afe9.tar.gz