summaryrefslogtreecommitdiff
path: root/source4/dsdb/tests/python/acl.py
AgeCommit message (Collapse)AuthorFilesLines
2015-02-03s4-dsdb: Tests for security checks on undelete operationNadezhda Ivanova1-1/+131
Implemented according to MS-ADTS 3.1.1.5.3.7.1. Unfortunately it appears LC is also necessary, and it is not granted by default to anyone but System and Administrator, so tests had to be done negatively Signed-off-by: Nadezhda Ivanova <nivanova@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Change-Id: Ic03b8fc4e222e7842ec8a9645a1bb33e7df9c438
2014-11-22ldap: Use samba.tests.subunitrun.Jelmer Vernooij1-19/+6
Change-Id: I872654afb31a5eda8c88aac716f9ce79816e5f05 Signed-off-by: Jelmer Vernooij <jelmer@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-11-19dsdb.tests.acl: Create and run a single testsuite, should easy migration to ↵Jelmer Vernooij1-34/+43
regulary Python unit tests. Change-Id: I89072d3af1d90e87a47c197d28943f47cedc5deb Signed-off-by: Jelmer Vernooij <jelmer@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-09-01join.py: Reinstate full_nc_list and make creation of NTDS-DSA object commonAndrew Bartlett1-0/+2
The new function join_ntdsdsa_obj() returns the object, to be added over LDAP or DsAddEntry(). Andrew Bartlett Change-Id: I41ac256fb3d4edffc617af4ae580acd941b4de83 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
2013-10-25s4-dsacl: Fixed incorrect handling of privileges in sec_access_check_dsNadezhda Ivanova1-0/+26
Restore and backup privileges are not relevant to ldap access checks, and the TakeOwnership privilege should grant write_owner right Signed-off-by: Nadezhda Ivanova <nivanova@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-15dsdb: Add test for modification of two attributes, one permitted, one denied ↵Andrew Bartlett1-0/+15
(bug #9554 - CVE-2013-0172) Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 8bafe0871526cd5d5e7fdbe123ab661379f64cb1) Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Jan 15 14:03:47 CET 2013 on sn-devel-104
2012-06-25s4-join: Import DNS zones in AD DC joinAndrew Bartlett1-0/+2
2012-06-21samdb: Accept a list of member variables rather than a comma-separated string.Jelmer Vernooij1-4/+4
2012-02-20s4-selftest: Avoid running kinit for each new connectionAndrew Bartlett1-1/+2
Kerberos is efficient when the credentials cache is set up once and then reused. Sadly this test creates a user, does a test and deletes the user, over and over. For this, using NTLM saves a little time, but we also stress the rest of the DB, and should rework the test. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Feb 20 00:49:56 CET 2012 on sn-devel-104
2011-09-19s4-dsdb: use get_config_basedn() in python testsAndrew Tridgell1-2/+2
we can't just append CN=Configuration to the basedn, as that won't give the right configuration DN for a subdomain of a forest Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-25s4-acl: use dnsforest not dnsdomain for GC namesAndrew Tridgell1-3/+3
2011-08-09s4-acl-test: use symbolic names for groupTypeAndrew Tridgell1-11/+16
clearer than magic numbers
2011-02-21s4-unittests: replace assertEquals(res, []) by assertEquals(len(res), 0)Matthieu Patou1-24/+24
2011-02-02s4-python Ensure we add the Samba python path first.Andrew Bartlett1-1/+1
This exact form of the construction is important, and we match on it in the installation scripts. Andrew Bartlett
2011-01-06acl tests: Fix import.Jelmer Vernooij1-4/+7
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Thu Jan 6 16:07:49 CET 2011 on sn-devel-104
2011-01-06Remove unused imports.Jelmer Vernooij1-4/+3
2010-12-22s4-tests: Tests for Validated-SPN implementation.Nadezhda Ivanova1-14/+274
Test setting spn on RWDC, RODC and regular computer object. Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Wed Dec 22 12:20:24 CET 2010 on sn-devel-104
2010-12-15s4-tests: Added tests for LDAP add/delete/modify using anonymous login.Nadezhda Ivanova1-8/+50
2010-12-15s4-dsdb/tests/python: Explicitly pass comamnd line LoadParm() instance to ↵Kamen Mazdrashki1-1/+1
system_session() Otherwise system_session() creates a LoadParm() instance which resets certain global parameters to their defaults from smb.conf ("log level" for instance) Autobuild-User: Kamen Mazdrashki <kamenim@samba.org> Autobuild-Date: Wed Dec 15 15:10:47 CET 2010 on sn-devel-104
2010-12-10s4-tests: Modified acl.py to use the sd_utils helpers.Nadezhda Ivanova1-127/+86
2010-11-27s4:dsdb tests - make use of "ldb.get_domain_sid()"Matthias Dieter Wallnöfer1-5/+1
2010-11-25s4-tests: Made acl tests to reconnect if dSHeuristics is being manipulatedNadezhda Ivanova1-28/+25
Also made password tests set dSHeuristics only once rather that once per test. Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Thu Nov 25 20:48:38 CET 2010 on sn-devel-104
2010-11-25s4-tests: Modified create_ou to only accept security.descriptor type for sd ↵Nadezhda Ivanova1-36/+28
to avoid confusion It used to work with sddl as well, but this is confusing and could lead to errors. It also caused a message about tallocing a security descriptor to appear. Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Thu Nov 25 19:46:42 CET 2010 on sn-devel-104
2010-11-25s4-tests: Modified acly.py to use common delete_force instead of defining ↵Nadezhda Ivanova1-60/+55
its own.
2010-11-23s4-tests: Modified acl.py to use samdb.newgroup instead of custom methods.Nadezhda Ivanova1-43/+15
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Tue Nov 23 21:46:07 CET 2010 on sn-devel-104
2010-11-23s4-tests: Modified acl.py to use samdb.newuser instead of custom methods.Nadezhda Ivanova1-86/+68
2010-11-23s4-tests: Modified acl.py to use SamDB.create_ou()Nadezhda Ivanova1-84/+70
2010-11-23s4-tests: Acl tests now use the get_dsheuristics and set_dsheuristics from ↵Nadezhda Ivanova1-23/+7
SamDB.
2010-11-22s4-tests: Adapted acl.py to use set_minPwdAge from SamDB.Nadezhda Ivanova1-10/+3
2010-11-18s4-tests: Modified acl tests to use pyldb api to retrieve configuration dn.Nadezhda Ivanova1-3/+1
2010-11-18s4-tests: Changed acl tests to use existing method in samdb for adding users ↵Nadezhda Ivanova1-19/+8
to a group.
2010-11-18s4-tests: Acl tests should use the existing samdb domain_dn method instead ↵Nadezhda Ivanova1-7/+1
of defining a new one
2010-11-11s4:acl.py - two password change tests are expected to fails on Windows 2000 ↵Matthias Dieter Wallnöfer1-3/+14
function level
2010-11-11s4:python tests - fix script names in the help textMatthias Dieter Wallnöfer1-1/+1
2010-11-03pydsdb: Import testtools before subunit for those that don't haveJelmer Vernooij1-1/+1
testtools installed. Also, cleanup some imports. Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Wed Nov 3 17:47:55 UTC 2010 on sn-devel-104
2010-10-27s4-ldb: Added the correct extended check for read access to nTSecurityDescriptorNadezhda Ivanova1-0/+62
It does not depend on READ_PROPERTY, but on SECURITY_PRIVILEGE and READ_CONTROL Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Wed Oct 27 13:18:50 UTC 2010 on sn-devel-104
2010-09-26s4-tests: Added tests for search checks on attributesNadezhda Ivanova1-5/+100
The ACL reach tests are in the knowfail because aclread module is not enabled by default
2010-08-18s4:auth Remove system_session_anon() from python bindingsAndrew Bartlett1-2/+1
2010-08-17s4-tests: Added tests for acl checks on search requestsNadezhda Ivanova1-0/+218
2010-07-14s4: Added acl search tests for anonymous connection.Nadezhda Ivanova1-83/+68
The tests make sure that we comply with dsHeuristics setting and restrict anonymous access to rootDSE. They will be enabled when the implementation is pushed. tests are verified against win2k8.
2010-07-13s4: Reorganized dsHeuristics reset so the code can be reusedNadezhda Ivanova1-53/+38
Moved the setting of dsHeuristics to a method as soon we will have to set other values as well in different tests
2010-07-08Added a test to prove by default users can change each other's pass if the ↵Nadezhda Ivanova1-0/+25
old is known
2010-07-05s4-dsdb: Implementation of User-Change-Password and User-Force-Password-ChangeNadezhda Ivanova1-6/+64
These CARs need to be checked on password change and password reset operations. Apparently the password attributes are not influenced by Write Property. Single detele operations and modifications of dBCSPwd are let through to the password_hash module. This is determined experimentally.
2010-07-02Tests for user-change-password and force-password-change access rightsNadezhda Ivanova1-4/+242
2010-06-30s4:dsdb: move dsdb python tests from lib/ldb/ to dsdb/Stefan Metzmacher1-0/+1042
metze
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-17 10:00:22 +0000