samba.git/source4/dsdb/tests/python/acl.py, branch talloc-2.4.2 Unnamed repository; edit this file 'description' to name the repository. s4:dsdb:tests: Remove unnecessary f‐strings 2023-10-25T22:23:37+00:00 Joseph Sutton josephsutton@catalyst.net.nz 2023-10-24T03:33:36+00:00 ee23952582224463c1293e7e0c92613596205e79 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
s4:dsdb:tests: Fix code spelling 2023-08-03T14:31:34+00:00 Andreas Schneider asn@samba.org 2023-08-02T08:44:32+00:00 b29793ffdee5d9b9c1c05830622e80f7faec7670 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz> 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
 s4:dsdb:tests: Refactor ACL test 2023-05-16T23:29:32+00:00 Joseph Sutton josephsutton@catalyst.net.nz 2023-01-26T18:39:05+00:00 76b15ec145d7686d7c6008d57a4d772b8f841daf Use more specific unittest methods; remove some unused variables. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Use more specific unittest methods; remove some unused variables.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
s4:dsdb/tests: let AclUndeleteTests.test_undelete() remove the temporary ACE again 2023-03-22T22:10:32+00:00 Stefan Metzmacher metze@samba.org 2023-03-20T12:02:47+00:00 2436d621d1940f127f164ca227a14b1d9b573eb5 Otherwise we impact other unrelated tests, e.g. 'blackbox.dbcheck'. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15338 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Otherwise we impact other unrelated tests, e.g. 'blackbox.dbcheck'.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15338

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
CVE-2020-25720: s4-acl: Adjusted some tests to work with the new behavior 2022-09-16T02:32:36+00:00 Nadezhda Ivanova nivanova@symas.com 2021-10-22T18:10:35+00:00 6dc6ca56bd517a5cba85bb4ec120fcfb5feadfb8 Test using non-priviledged accounts now need to make sure they have WP access on the prvided attributes, or Write-DACL Some test create organizational units with a specific SD, and those now need the user to have WD or else they give errors BUG: https://bugzilla.samba.org/show_bug.cgi?id=14810 Signed-off-by: Nadezhda Ivanova <nivanova@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Test using non-priviledged accounts now need to make sure they have
WP access on the prvided attributes, or Write-DACL
Some test create organizational units with a specific SD, and those now
need the user to have WD or else they give errors

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14810

Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
CVE-2020-25720 s4-acl: Test Create Child permission should not allow full write to all attributes 2022-09-16T02:32:36+00:00 Nadezhda Ivanova nivanova@symas.com 2021-10-25T08:34:57+00:00 c2761a47fd12cc2a79a02707ed9d778e496b1fd4 Up to now, the rights to modify an attribute were not checked during an LDAP add operation. This means that even if a user has no right to modify an attribute, they can still specify any value during object creation, and the validated writes were not checked. This patch includes tests for the proposed change of behavior. test_add_c3 and c4 pass, because mandatory attributes can still be set, and in the old behavior SD permissions were irrelevant BUG: https://bugzilla.samba.org/show_bug.cgi?id=14810 Pair-Programmed-With: Joseph Sutton <josephsutton@catalyst.net.nz> Signed-off-by: Nadezhda Ivanova <nivanova@symas.com> Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Up to now, the rights to modify an attribute were not checked during an LDAP
add operation. This means that even if a user has no right to modify
an attribute, they can still specify any value during object creation,
and the validated writes were not checked.
This patch includes tests for the proposed change of behavior.
test_add_c3 and c4 pass, because mandatory attributes can still be
set, and in the old behavior SD permissions were irrelevant

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14810

Pair-Programmed-With: Joseph Sutton <josephsutton@catalyst.net.nz>

Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
CVE-2022-32743 s4-acl: Add tests for validated dNSHostName write 2022-07-28T22:47:37+00:00 Joseph Sutton josephsutton@catalyst.net.nz 2022-06-01T04:07:17+00:00 d277700710dc118f61065ed9e16e08e76820b66a BUG: https://bugzilla.samba.org/show_bug.cgi?id=14833 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14833

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
CVE-2022-32746 s4:dsdb:tests: Add test for deleting a disallowed SPN 2022-07-27T10:52:36+00:00 Joseph Sutton josephsutton@catalyst.net.nz 2022-06-21T03:37:15+00:00 852a79c63c965b9861a1bd319948a51f116b7e9a If an account has an SPN that requires Write Property to set, we should still be able to delete it with just Validated Write. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> 
If an account has an SPN that requires Write Property to set, we should
still be able to delete it with just Validated Write.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
python: Don't use deprecated escape sequences 2022-06-14T07:21:29+00:00 Joseph Sutton josephsutton@catalyst.net.nz 2022-04-28T08:31:50+00:00 5045382c6dd04b1bae0eaaae823be908213ff079 Certain escape sequences are not valid in Python string literals, and will eventually result in a SyntaxError. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> 
Certain escape sequences are not valid in Python string literals, and
will eventually result in a SyntaxError.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 CVE-2020-25722: s4-acl: test Control Access Rights honor the Applies-to attribute 2021-11-09T19:45:33+00:00 Nadezhda Ivanova nivanova@symas.com 2021-10-25T11:54:56+00:00 6121f31c0e1553194d74de41ea7bcc55364a2612 Validate Writes and Control Access Rights should only grant access if the object is of the type listed in the Right's appliesTo attribute. Tests to verify this behavior BUG: https://bugzilla.samba.org/show_bug.cgi?id=14832 Signed-off-by: Nadezhda Ivanova <nivanova@symas.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Validate Writes and Control Access Rights should only grant access if the
object is of the type listed in the Right's appliesTo attribute.
Tests to verify this behavior

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14832

Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>