summaryrefslogtreecommitdiffstats
path: root/source4/dsdb/tests/python/acl.py
Commit message (Collapse)AuthorAgeFilesLines
* s4-dsdb: Tests for security checks on undelete operationNadezhda Ivanova2015-02-031-1/+131
| | | | | | | | | | | Implemented according to MS-ADTS 3.1.1.5.3.7.1. Unfortunately it appears LC is also necessary, and it is not granted by default to anyone but System and Administrator, so tests had to be done negatively Signed-off-by: Nadezhda Ivanova <nivanova@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Change-Id: Ic03b8fc4e222e7842ec8a9645a1bb33e7df9c438
* ldap: Use samba.tests.subunitrun.Jelmer Vernooij2014-11-221-19/+6
| | | | | | Change-Id: I872654afb31a5eda8c88aac716f9ce79816e5f05 Signed-off-by: Jelmer Vernooij <jelmer@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb.tests.acl: Create and run a single testsuite, should easy migration to ↵Jelmer Vernooij2014-11-191-34/+43
| | | | | | | | regulary Python unit tests. Change-Id: I89072d3af1d90e87a47c197d28943f47cedc5deb Signed-off-by: Jelmer Vernooij <jelmer@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* join.py: Reinstate full_nc_list and make creation of NTDS-DSA object commonAndrew Bartlett2014-09-011-0/+2
| | | | | | | | | | | | The new function join_ntdsdsa_obj() returns the object, to be added over LDAP or DsAddEntry(). Andrew Bartlett Change-Id: I41ac256fb3d4edffc617af4ae580acd941b4de83 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
* s4-dsacl: Fixed incorrect handling of privileges in sec_access_check_dsNadezhda Ivanova2013-10-251-0/+26
| | | | | | | | | | Restore and backup privileges are not relevant to ldap access checks, and the TakeOwnership privilege should grant write_owner right Signed-off-by: Nadezhda Ivanova <nivanova@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb: Add test for modification of two attributes, one permitted, one denied ↵Andrew Bartlett2013-01-151-0/+15
| | | | | | | | | | (bug #9554 - CVE-2013-0172) Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 8bafe0871526cd5d5e7fdbe123ab661379f64cb1) Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Jan 15 14:03:47 CET 2013 on sn-devel-104
* s4-join: Import DNS zones in AD DC joinAndrew Bartlett2012-06-251-0/+2
|
* samdb: Accept a list of member variables rather than a comma-separated string.Jelmer Vernooij2012-06-211-4/+4
|
* s4-selftest: Avoid running kinit for each new connectionAndrew Bartlett2012-02-201-1/+2
| | | | | | | | | | | | | | | | Kerberos is efficient when the credentials cache is set up once and then reused. Sadly this test creates a user, does a test and deletes the user, over and over. For this, using NTLM saves a little time, but we also stress the rest of the DB, and should rework the test. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Feb 20 00:49:56 CET 2012 on sn-devel-104
* s4-dsdb: use get_config_basedn() in python testsAndrew Tridgell2011-09-191-2/+2
| | | | | | | we can't just append CN=Configuration to the basedn, as that won't give the right configuration DN for a subdomain of a forest Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-acl: use dnsforest not dnsdomain for GC namesAndrew Tridgell2011-08-251-3/+3
|
* s4-acl-test: use symbolic names for groupTypeAndrew Tridgell2011-08-091-11/+16
| | | | clearer than magic numbers
* s4-unittests: replace assertEquals(res, []) by assertEquals(len(res), 0)Matthieu Patou2011-02-211-24/+24
|
* s4-python Ensure we add the Samba python path first.Andrew Bartlett2011-02-021-1/+1
| | | | | | | This exact form of the construction is important, and we match on it in the installation scripts. Andrew Bartlett
* acl tests: Fix import.Jelmer Vernooij2011-01-061-4/+7
| | | | | Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Thu Jan 6 16:07:49 CET 2011 on sn-devel-104
* Remove unused imports.Jelmer Vernooij2011-01-061-4/+3
|
* s4-tests: Tests for Validated-SPN implementation.Nadezhda Ivanova2010-12-221-14/+274
| | | | | | | Test setting spn on RWDC, RODC and regular computer object. Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Wed Dec 22 12:20:24 CET 2010 on sn-devel-104
* s4-tests: Added tests for LDAP add/delete/modify using anonymous login.Nadezhda Ivanova2010-12-151-8/+50
|
* s4-dsdb/tests/python: Explicitly pass comamnd line LoadParm() instance to ↵Kamen Mazdrashki2010-12-151-1/+1
| | | | | | | | | | | system_session() Otherwise system_session() creates a LoadParm() instance which resets certain global parameters to their defaults from smb.conf ("log level" for instance) Autobuild-User: Kamen Mazdrashki <kamenim@samba.org> Autobuild-Date: Wed Dec 15 15:10:47 CET 2010 on sn-devel-104
* s4-tests: Modified acl.py to use the sd_utils helpers.Nadezhda Ivanova2010-12-101-127/+86
|
* s4:dsdb tests - make use of "ldb.get_domain_sid()"Matthias Dieter Wallnöfer2010-11-271-5/+1
|
* s4-tests: Made acl tests to reconnect if dSHeuristics is being manipulatedNadezhda Ivanova2010-11-251-28/+25
| | | | | | | Also made password tests set dSHeuristics only once rather that once per test. Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Thu Nov 25 20:48:38 CET 2010 on sn-devel-104
* s4-tests: Modified create_ou to only accept security.descriptor type for sd ↵Nadezhda Ivanova2010-11-251-36/+28
| | | | | | | | | to avoid confusion It used to work with sddl as well, but this is confusing and could lead to errors. It also caused a message about tallocing a security descriptor to appear. Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Thu Nov 25 19:46:42 CET 2010 on sn-devel-104
* s4-tests: Modified acly.py to use common delete_force instead of defining ↵Nadezhda Ivanova2010-11-251-60/+55
| | | | its own.
* s4-tests: Modified acl.py to use samdb.newgroup instead of custom methods.Nadezhda Ivanova2010-11-231-43/+15
| | | | | Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Tue Nov 23 21:46:07 CET 2010 on sn-devel-104
* s4-tests: Modified acl.py to use samdb.newuser instead of custom methods.Nadezhda Ivanova2010-11-231-86/+68
|
* s4-tests: Modified acl.py to use SamDB.create_ou()Nadezhda Ivanova2010-11-231-84/+70
|
* s4-tests: Acl tests now use the get_dsheuristics and set_dsheuristics from ↵Nadezhda Ivanova2010-11-231-23/+7
| | | | SamDB.
* s4-tests: Adapted acl.py to use set_minPwdAge from SamDB.Nadezhda Ivanova2010-11-221-10/+3
|
* s4-tests: Modified acl tests to use pyldb api to retrieve configuration dn.Nadezhda Ivanova2010-11-181-3/+1
|
* s4-tests: Changed acl tests to use existing method in samdb for adding users ↵Nadezhda Ivanova2010-11-181-19/+8
| | | | to a group.
* s4-tests: Acl tests should use the existing samdb domain_dn method instead ↵Nadezhda Ivanova2010-11-181-7/+1
| | | | of defining a new one
* s4:acl.py - two password change tests are expected to fails on Windows 2000 ↵Matthias Dieter Wallnöfer2010-11-111-3/+14
| | | | function level
* s4:python tests - fix script names in the help textMatthias Dieter Wallnöfer2010-11-111-1/+1
|
* pydsdb: Import testtools before subunit for those that don't haveJelmer Vernooij2010-11-031-1/+1
| | | | | | | | | testtools installed. Also, cleanup some imports. Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Wed Nov 3 17:47:55 UTC 2010 on sn-devel-104
* s4-ldb: Added the correct extended check for read access to nTSecurityDescriptorNadezhda Ivanova2010-10-271-0/+62
| | | | | | | It does not depend on READ_PROPERTY, but on SECURITY_PRIVILEGE and READ_CONTROL Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Wed Oct 27 13:18:50 UTC 2010 on sn-devel-104
* s4-tests: Added tests for search checks on attributesNadezhda Ivanova2010-09-261-5/+100
| | | | | The ACL reach tests are in the knowfail because aclread module is not enabled by default
* s4:auth Remove system_session_anon() from python bindingsAndrew Bartlett2010-08-181-2/+1
|
* s4-tests: Added tests for acl checks on search requestsNadezhda Ivanova2010-08-171-0/+218
|
* s4: Added acl search tests for anonymous connection.Nadezhda Ivanova2010-07-141-83/+68
| | | | | | The tests make sure that we comply with dsHeuristics setting and restrict anonymous access to rootDSE. They will be enabled when the implementation is pushed. tests are verified against win2k8.
* s4: Reorganized dsHeuristics reset so the code can be reusedNadezhda Ivanova2010-07-131-53/+38
| | | | | Moved the setting of dsHeuristics to a method as soon we will have to set other values as well in different tests
* Added a test to prove by default users can change each other's pass if the ↵Nadezhda Ivanova2010-07-081-0/+25
| | | | old is known
* s4-dsdb: Implementation of User-Change-Password and User-Force-Password-ChangeNadezhda Ivanova2010-07-051-6/+64
| | | | | | | These CARs need to be checked on password change and password reset operations. Apparently the password attributes are not influenced by Write Property. Single detele operations and modifications of dBCSPwd are let through to the password_hash module. This is determined experimentally.
* Tests for user-change-password and force-password-change access rightsNadezhda Ivanova2010-07-021-4/+242
|
* s4:dsdb: move dsdb python tests from lib/ldb/ to dsdb/Stefan Metzmacher2010-06-301-0/+1042
metze
generated by cgit (git 2.34.1) at 2025-06-15 05:03:57 +0000