summaryrefslogtreecommitdiffstats
path: root/source4/dsdb/tests
Commit message (Collapse)AuthorAgeFilesLines
* selftest: Add test for password lockoutAndrew Bartlett2014-04-021-0/+1484
| | | | | | Change-Id: Ia690b83f82b5ad7b02b203ffdecd2e05066b6711 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* dsdb-tests: Remove pointless creation of ldaptestouAndrew Bartlett2014-04-021-1/+0
| | | | | | | | | | This is not used in this test, and is not removed by the test either. Andrew Bartlett Change-Id: I34366d469a1ebed04c3cea5a7f206cb0bf433e03 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4-dsdb: instanceType NC_HEAD is only allowed combined with WRITE for an ↵Nadezhda Ivanova2013-11-031-3/+14
| | | | | | | | | | | | originating add operation As described in MS-ATDS 3.1.1.5.2.8. Signed-off-by: Nadezhda Ivanova <nivanova@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date(master): Sun Nov 3 16:17:30 CET 2013 on sn-devel-104
* s4-dsacl: Fixed incorrect handling of privileges in sec_access_check_dsNadezhda Ivanova2013-10-252-1/+31
| | | | | | | | | | Restore and backup privileges are not relevant to ldap access checks, and the TakeOwnership privilege should grant write_owner right Signed-off-by: Nadezhda Ivanova <nivanova@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4-samldb: Do not allow deletion of objects with RID < 1000Nadezhda Ivanova2013-10-141-3/+34
| | | | | | | | | | | | According to [MS-SAMR] 3.1.5.7 Delete Pattern we should not allow deletion of security objects with RID < 1000. This patch will prevent deletion of well-known accounts and groups. Signed-off-by: Nadezhda Ivanova <nivanova@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date(master): Mon Oct 14 13:31:50 CEST 2013 on sn-devel-104
* dsdb/tests/ldap: fix test_distinguished_name against w2k8r2Stefan Metzmacher2013-10-101-2/+2
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb/tests/ldap: fix test_ldapServiceName against w2k8r2Stefan Metzmacher2013-10-101-4/+8
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10193 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb-tests ldap.py: Add test for usn behaviour on certain changesAndrew Bartlett2013-06-121-54/+155
| | | | | | | | | | | This probes when the usn is updated, and when it is not. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Jun 12 11:54:01 CEST 2013 on sn-devel-104
* dsdb-tests ldap.py: Fix quoting of print statementsAndrew Bartlett2013-06-121-10/+10
| | | | | | | | While python didn't mind (oddly) it really confused my editor. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4:samldb LDB module - MS-SAMR 3.1.1.8.10 "userAccountControl"Matthias Dieter Wallnöfer2013-06-101-1/+81
| | | | | | | | | | | | "UF_LOCKOUT" and "UF_PASSWORD_EXPIRED" are never stored but rather are used for special semantics. "UF_LOCKOUT" performs an account lockout and "UF_PASSWORD_EXPIRED" forces password expiration. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Mon Jun 10 07:32:35 CEST 2013 on sn-devel-104
* s4:samldb LDB module - permit "userAccountControl" modifications without ↵Matthias Dieter Wallnöfer2013-06-051-0/+32
| | | | | | | | | | | | acct. type Obviously this defaults to UF_NORMAL_ACCOUNT. Some background can be found in MS-SAMR section 3.1.1.8.10. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Jun 5 03:26:25 CEST 2013 on sn-devel-104
* s4:samldb LDB module - "userAccountControl" = 0 means UF_NORMAL_ACCOUNT on addMatthias Dieter Wallnöfer2013-06-051-18/+26
| | | | | | Windows Server 2008 has changed semantics in comparison to Server 2003. Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:dsdb python tests - set the executable flagMatthias Dieter Wallnöfer2013-05-172-0/+0
| | | | | | | Reviewed-by: Matthieu Patou <mat@samba.org> Autobuild-User(master): Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date(master): Fri May 17 15:11:29 CEST 2013 on sn-devel-104
* tests/sec_descriptor: the default owner behavior depends on ↵Stefan Metzmacher2013-01-271-4/+4
| | | | | | | | | domainControllerFunctionality (bug #9481) Not on the domainFunctionality. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Tests: rewrite ldap_schema to specify attributesMatthieu Patou2013-01-211-15/+24
| | | | | Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb: Add test for modification of two attributes, one permitted, one denied ↵Andrew Bartlett2013-01-151-0/+15
| | | | | | | | | | (bug #9554 - CVE-2013-0172) Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 8bafe0871526cd5d5e7fdbe123ab661379f64cb1) Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Jan 15 14:03:47 CET 2013 on sn-devel-104
* s4:dsdb/tests/sec_descriptor: verify the search of a windows dc join keeps ↵Stefan Metzmacher2012-12-101-0/+7
| | | | | | | | | | | | working This is a regression test for bug #9470. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Mon Dec 10 15:41:12 CET 2012 on sn-devel-104
* s4:dsdb/tests/sec_descriptor: verify the nTSecurityDescriptor and sd_flags ↵Stefan Metzmacher2012-12-101-0/+116
| | | | | | | | | interaction This is a regression test for bug #9470. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb/tests: add SdAutoInheritTestsStefan Metzmacher2012-11-301-1/+83
| | | | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Fri Nov 30 18:59:50 CET 2012 on sn-devel-104
* s4-join: Import DNS zones in AD DC joinAndrew Bartlett2012-06-251-0/+2
|
* selftest: schema is not automatically reloaded now so if you modify it you ↵Matthieu Patou2012-06-231-0/+9
| | | | | | | have to reload it Autobuild-User(master): Matthieu Patou <mat@samba.org> Autobuild-Date(master): Sat Jun 23 10:48:13 CEST 2012 on sn-devel-104
* samdb: Accept a list of member variables rather than a comma-separated string.Jelmer Vernooij2012-06-213-17/+17
|
* s4:samldb LDB module - make sure to not add identical ↵Matthias Dieter Wallnöfer2012-05-041-4/+47
| | | | | | | | | | "servicePrincipalName"s more than once The service principal names need to be case-insensitively unique, otherwise we end up in a LDB ERR_ATTRIBUTE_OR_VALUE_EXISTS error. This issue has been discovered on the technical mailing list (thread: cannot rename windows xp machine in samba4) when trying to rename a AD client workstation.
* s4:samldb LDB module - implement "fSMORoleOwner" attribute protectionMatthias Dieter Wallnöfer2012-04-301-0/+77
| | | | | | | | | This is a very essential attribute since it references to various domain master roles (PDC emulator, schema...) depending on which entry it has been set. Incautious modifications can cause severe problems. Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Apr 30 02:04:24 CEST 2012 on sn-devel-104
* s4:ldap.py - re-introduce the ↵Matthias Dieter Wallnöfer2012-03-261-11/+4
| | | | | | | | | | | | | "(dn=CN=ldaptestUSER3,CN=Users,DC=wallnoefer2,DC=local)" test This syntax is not supported by Windows AD and should also be denied by s4/LDB. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Mar 26 02:30:53 CEST 2012 on sn-devel-104
* LDB/s4 - do not use the "(dn=...)" syntax on filters anymoreMatthias Dieter Wallnöfer2012-03-261-5/+5
| | | | | | | Make it AD-compatible using "(distinguishedName=...)". Reviewed-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s4:ldap.py - test the already mentioned structural object class sorting ↵Matthias Dieter Wallnöfer2012-03-261-0/+15
| | | | | | | behaviour Reviewed-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s4-selftest: Avoid running kinit for each new connectionAndrew Bartlett2012-02-203-3/+6
| | | | | | | | | | | | | | | | Kerberos is efficient when the credentials cache is set up once and then reused. Sadly this test creates a user, does a test and deletes the user, over and over. For this, using NTLM saves a little time, but we also stress the rest of the DB, and should rework the test. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Feb 20 00:49:56 CET 2012 on sn-devel-104
* python: Change except: statement to except Exception:Amitay Isaacs2012-01-241-1/+1
| | | | | | | | This way we only catch true exceptions and keyboard interrupts are not caught here. Autobuild-User: Amitay Isaacs <amitay@samba.org> Autobuild-Date: Tue Jan 24 03:32:40 CET 2012 on sn-devel-104
* Remove broken code - these lines use undefined symbols.Jelmer Vernooij2011-11-141-7/+2
|
* test: fixed several tests to use samba.testsAndrew Tridgell2011-11-105-8/+9
| | | | | | | this fixes error checking. Test failures were not being detected otherwise Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
* s4-sites: Document, fix under optimal coding, use exceptionsMatthieu Patou2011-11-021-18/+18
| | | | | Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Wed Nov 2 22:35:00 CET 2011 on sn-devel-104
* s4-selftest: add unit tests for sites's function in pythonMatthieu Patou2011-11-021-0/+125
|
* s4:ldap.py - fix up the dSHeuristics test to check for the right behaviourMatthias Dieter Wallnöfer2011-10-271-15/+27
| | | | Reviewed-by: abartlet
* s4:ldap.py - we test the creation of secrets already in the "systemOnly" ↵Matthias Dieter Wallnöfer2011-10-271-9/+0
| | | | | | testcase Reviewed-by: abartlet
* s4:ldap.py - enhance and fix up the object class testMatthias Dieter Wallnöfer2011-10-271-6/+95
| | | | | | Also address the problem described in bug #8486. Reviewed-by: abartlet
* s4:ldap.py - fix up the UTF8 testsMatthias Dieter Wallnöfer2011-10-271-7/+8
| | | | Reviewed-by: abartlet
* s4:ldap.py - reactivate some assertions in "test_all"Matthias Dieter Wallnöfer2011-10-271-2/+2
| | | | | | There should always be one result on both s4 and Windows. Reviewed-by: abartlet
* Remove pointless exception catching in tests.Jelmer Vernooij2011-10-092-10/+4
| | | | | Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sun Oct 9 00:00:26 CEST 2011 on sn-devel-104
* pyldb: fixed places where we try to concatenate a Dn with a stringAndrew Tridgell2011-09-192-16/+16
| | | | you need to either use str(dn) or use %s in a format string
* s4-dsdb: use get_config_basedn() in python testsAndrew Tridgell2011-09-194-18/+18
| | | | | | | we can't just append CN=Configuration to the basedn, as that won't give the right configuration DN for a subdomain of a forest Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-acl: use dnsforest not dnsdomain for GC namesAndrew Tridgell2011-08-251-3/+3
|
* s4-acl-test: use symbolic names for groupTypeAndrew Tridgell2011-08-091-11/+16
| | | | clearer than magic numbers
* s4:sam.py - uncomment/enhance some account type testsMatthias Dieter Wallnöfer2011-05-251-30/+48
| | | | Reviewed-by: abartlet
* s4:sam.py - tests for "isCriticalSystemObject" attributeMatthias Dieter Wallnöfer2011-05-251-0/+132
| | | | Reviewed-by: abartlet
* s4:sam.py - unchanged "primaryGroupID" when account type remains the sameMatthias Dieter Wallnöfer2011-05-251-0/+38
| | | | | | Enhance the testcase with a workstation example. Reviewed-by: abartlet
* s4:sam.py - add tests to check that setting "userAccountValue" on usersdon't ↵Matthieu Patou2011-05-211-2/+40
| | | | | | | | | | | | impact the "primaryGroupID" attribute Notice: The domain administrators groups isn't referenced as "Domain Admins" since this name could differ. Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat May 21 19:19:57 CEST 2011 on sn-devel-104
* s4-dsdb: add unit tests for dirsync controlMatthieu Patou2011-05-211-0/+713
| | | | Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s4:token_group.py python test - fix typosMatthias Dieter Wallnöfer2011-04-291-2/+2
|
* ldb: fixed --paged option in ldb toolsAndrew Tridgell2011-04-071-1/+1
| | | | | | we were sometimes using 'paged_result' and sometimes using 'paged_results'. The latter seemed to be more common, so I changed the two places that used the 'paged_result' string to 'paged_results'
generated by cgit (git 2.34.1) at 2025-06-16 09:27:42 +0000