diff options
| author | Tim Beale <timbeale@catalyst.net.nz> | 2017-08-17 11:36:24 +1200 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2017-08-29 07:23:28 +0200 |
| commit | d6a384b24bb762abc340158bbcd3aad828a4b490 (patch) | |
| tree | 733afc5664721646bf0a96ace7901ed48f5d2637 /source4/torture/drs | |
| parent | 37ed946c75e4f62b173b943b0db649fdbdbf72ed (diff) | |
| download | samba-d6a384b24bb762abc340158bbcd3aad828a4b490.tar.gz | |
s4-drsuapi/selftest: Add extra tests for invalid DNs
Add some test cases to check for requests for invalid/non-existent DNs.
This exercises the first return case added in commit:
s4-drsuapi: Refuse to replicate an NC is that not actually an NC
I've also updated the error code returned here to match Windows.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Diffstat (limited to 'source4/torture/drs')
| -rw-r--r-- | source4/torture/drs/python/getnc_unpriv.py | 39 |
1 files changed, 34 insertions, 5 deletions
diff --git a/source4/torture/drs/python/getnc_unpriv.py b/source4/torture/drs/python/getnc_unpriv.py index a65dd13d99e..85fa88da837 100644 --- a/source4/torture/drs/python/getnc_unpriv.py +++ b/source4/torture/drs/python/getnc_unpriv.py @@ -145,14 +145,14 @@ class DrsReplicaSyncUnprivTestCase(drs_base.DrsBaseTestCase): expected_error=expected_error, partial_attribute_set=partial_attribute_set) - def _test_repl_full_on_ou(self, expected_error): + def _test_repl_full_on_ou(self, repl_obj, expected_error): """ Full replication on a specific OU should always fail (it should be done against a base NC). The error may vary based on the user's access rights """ # Just try against the OU created in the test setup self._test_repl_exop(exop=drsuapi.DRSUAPI_EXOP_NONE, - repl_obj=self.ou, + repl_obj=repl_obj, expected_error=expected_error) def test_repl_getchanges_userpriv(self): @@ -166,6 +166,10 @@ class DrsReplicaSyncUnprivTestCase(drs_base.DrsBaseTestCase): self._test_repl_single_obj(repl_obj=self.ou, expected_error=[werror.WERR_DS_DRA_ACCESS_DENIED]) + bad_ou = "OU=bad_obj,%s" % self.ou + self._test_repl_single_obj(repl_obj=bad_ou, + expected_error=[werror.WERR_DS_DRA_BAD_DN, + werror.WERR_DS_DRA_ACCESS_DENIED]) self._test_repl_secret(repl_obj=self.ou, expected_error=[werror.WERR_DS_DRA_ACCESS_DENIED]) @@ -174,9 +178,15 @@ class DrsReplicaSyncUnprivTestCase(drs_base.DrsBaseTestCase): self._test_repl_secret(repl_obj=self.user_dn, dest_dsa=self.ldb_dc1.get_ntds_GUID(), expected_error=[werror.WERR_DS_DRA_ACCESS_DENIED]) + self._test_repl_secret(repl_obj=bad_ou, + expected_error=[werror.WERR_DS_DRA_BAD_DN]) self._test_repl_full(expected_error=[werror.WERR_DS_DRA_ACCESS_DENIED]) - self._test_repl_full_on_ou(expected_error=[werror.WERR_DS_CANT_FIND_EXPECTED_NC, + self._test_repl_full_on_ou(repl_obj=self.ou, + expected_error=[werror.WERR_DS_CANT_FIND_EXPECTED_NC, + werror.WERR_DS_DRA_ACCESS_DENIED]) + self._test_repl_full_on_ou(repl_obj=bad_ou, + expected_error=[werror.WERR_DS_DRA_BAD_NC, werror.WERR_DS_DRA_ACCESS_DENIED]) # Partial Attribute Sets don't require GET_ALL_CHANGES rights, so we @@ -215,6 +225,9 @@ class DrsReplicaSyncUnprivTestCase(drs_base.DrsBaseTestCase): self._test_repl_single_obj(repl_obj=self.ou, expected_error=None) + bad_ou = "OU=bad_obj,%s" % self.ou + self._test_repl_single_obj(repl_obj=bad_ou, + expected_error=[werror.WERR_DS_DRA_BAD_DN]) # Microsoft returns DB_ERROR, Samba returns ACCESS_DENIED self._test_repl_secret(repl_obj=self.ou, @@ -228,8 +241,15 @@ class DrsReplicaSyncUnprivTestCase(drs_base.DrsBaseTestCase): dest_dsa=self.ldb_dc1.get_ntds_GUID(), expected_error=[werror.WERR_DS_DRA_ACCESS_DENIED]) + self._test_repl_secret(repl_obj=bad_ou, + expected_error=[werror.WERR_DS_DRA_BAD_DN]) + self._test_repl_full(expected_error=None) - self._test_repl_full_on_ou(expected_error=[werror.WERR_DS_CANT_FIND_EXPECTED_NC]) + self._test_repl_full_on_ou(repl_obj=self.ou, + expected_error=[werror.WERR_DS_CANT_FIND_EXPECTED_NC]) + self._test_repl_full_on_ou(repl_obj=bad_ou, + expected_error=[werror.WERR_DS_DRA_BAD_NC, + werror.WERR_DS_DRA_BAD_DN]) self._test_repl_single_obj(repl_obj=self.ou, expected_error=None, @@ -248,6 +268,9 @@ class DrsReplicaSyncUnprivTestCase(drs_base.DrsBaseTestCase): self._test_repl_single_obj(repl_obj=self.ou, expected_error=usual_error) + bad_ou = "OU=bad_obj,%s" % self.ou + self._test_repl_single_obj(repl_obj=bad_ou, + expected_error=usual_error) self._test_repl_secret(repl_obj=self.ou, expected_error=usual_error) @@ -256,9 +279,15 @@ class DrsReplicaSyncUnprivTestCase(drs_base.DrsBaseTestCase): self._test_repl_secret(repl_obj=self.user_dn, dest_dsa=self.ldb_dc1.get_ntds_GUID(), expected_error=usual_error) + self._test_repl_secret(repl_obj=bad_ou, + expected_error=usual_error) self._test_repl_full(expected_error=[werror.WERR_DS_DRA_ACCESS_DENIED]) - self._test_repl_full_on_ou(expected_error=usual_error) + self._test_repl_full_on_ou(repl_obj=self.ou, + expected_error=usual_error) + self._test_repl_full_on_ou(repl_obj=bad_ou, + expected_error=[werror.WERR_DS_DRA_BAD_NC, + werror.WERR_DS_DRA_ACCESS_DENIED]) self._test_repl_single_obj(repl_obj=self.ou, expected_error=usual_error, |