diff options
author | Andrew Bartlett <abartlet@samba.org> | 2022-12-15 16:02:55 +1300 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2023-01-31 12:50:33 +0000 |
commit | 7c43388576f768db564aaf15a47d3f9ce5796fb3 (patch) | |
tree | 5452ab42e84c855528ca2fdb26f199e3a40e38e9 /source4/torture/drs/python/repl_rodc.py | |
parent | 539221dda33f03a1abf5ee5f3153db0fe1a9bfe6 (diff) | |
download | samba-7c43388576f768db564aaf15a47d3f9ce5796fb3.tar.gz |
s4-selftest/drs: Confirm GetNCChanges REPL_SECRET works with a DummyDN and real GUID
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'source4/torture/drs/python/repl_rodc.py')
-rw-r--r-- | source4/torture/drs/python/repl_rodc.py | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/source4/torture/drs/python/repl_rodc.py b/source4/torture/drs/python/repl_rodc.py index bf609250dd1..317d4a0c24a 100644 --- a/source4/torture/drs/python/repl_rodc.py +++ b/source4/torture/drs/python/repl_rodc.py @@ -159,6 +159,52 @@ class DrsRodcTestCase(drs_base.DrsBaseTestCase): # Check that the user has been added to msDSRevealedUsers self._assert_in_revealed_users(user_dn, expected_user_attributes) + def test_admin_repl_secrets_DummyDN_GUID(self): + """ + When a secret attribute is set to be replicated to an RODC with the + admin credentials, it should always replicate regardless of whether + or not it's in the Allowed RODC Password Replication Group. + """ + rand = random.randint(1, 10000000) + expected_user_attributes = [drsuapi.DRSUAPI_ATTID_lmPwdHistory, + drsuapi.DRSUAPI_ATTID_supplementalCredentials, + drsuapi.DRSUAPI_ATTID_ntPwdHistory, + drsuapi.DRSUAPI_ATTID_unicodePwd, + drsuapi.DRSUAPI_ATTID_dBCSPwd] + + user_name = "test_rodcA_%s" % rand + user_dn = "CN=%s,%s" % (user_name, self.ou) + self.ldb_dc1.add({ + "dn": user_dn, + "objectclass": "user", + "sAMAccountName": user_name + }) + + res = self.ldb_dc1.search(base=user_dn, scope=ldb.SCOPE_BASE, + attrs=["objectGUID"]) + + user_guid = misc.GUID(res[0]["objectGUID"][0]) + + # Store some secret on this user + self.ldb_dc1.setpassword("(sAMAccountName=%s)" % user_name, 'penguin12#', False, user_name) + + req10 = self._getnc_req10(dest_dsa=str(self.rodc_ctx.ntds_guid), + invocation_id=self.ldb_dc1.get_invocation_id(), + nc_dn_str="DummyDN", + nc_guid=user_guid, + exop=drsuapi.DRSUAPI_EXOP_REPL_SECRET, + partial_attribute_set=drs_get_rodc_partial_attribute_set(self.ldb_dc1, self.tmp_samdb), + max_objects=133, + replica_flags=0) + try: + (level, ctr) = self.drs.DsGetNCChanges(self.drs_handle, 10, req10) + except WERRORError as e1: + (enum, estr) = e1.args + self.fail(f"DsGetNCChanges failed with {estr}") + + # Check that the user has been added to msDSRevealedUsers + self._assert_in_revealed_users(user_dn, expected_user_attributes) + def test_rodc_repl_secrets(self): """ When a secret attribute is set to be replicated to an RODC with |