CVE-2020-25722 selftest: Split test_userAccountControl into unit tests

author Andrew Bartlett <abartlet@samba.org>

Thu, 21 Oct 2021 01:03:05 +0000 (14:03 +1300)

committer Jule Anger <janger@samba.org>

Tue, 9 Nov 2021 19:45:32 +0000 (19:45 +0000)
author Andrew Bartlett <abartlet@samba.org>
Thu, 21 Oct 2021 01:03:05 +0000 (14:03 +1300)
committer Jule Anger <janger@samba.org>
Tue, 9 Nov 2021 19:45:32 +0000 (19:45 +0000)
diff --git a/selftest/knownfail.d/uac_objectclass_restrict b/selftest/knownfail.d/uac_objectclass_restrict

index d093c631bd372a3d01ef0ad6bf7b9d28a9400d9b..ac7befffb1b423840545073bff719080ac6de51b 100644 (file)
--- a/selftest/knownfail.d/uac_objectclass_restrict
+++ b/selftest/knownfail.d/uac_objectclass_restrict
@@ -3,10 +3,12 @@
  #
  # All these tests need to be fixed and the entries here removed
  
-^samba4.sam.python\(fl2008r2dc\).__main__.SamTests.test_userAccountControl\(fl2008r2dc\)
+^samba4.sam.python\(.*\).__main__.SamTests.test_userAccountControl_computer_add_0_uac
+^samba4.sam.python\(.*\).__main__.SamTests.test_userAccountControl_computer_add_trust
+^samba4.sam.python\(.*\).__main__.SamTests.test_userAccountControl_computer_modify
+^samba4.sam.python\(.*\).__main__.SamTests.test_userAccountControl_user_modify
  ^samba4.sam.python\(fl2008r2dc\).__main__.SamTests.test_users_groups\(fl2008r2dc\)
  ^samba4.ldap.python\(ad_dc_default\).__main__.BasicTests.test_all\(ad_dc_default\)
-^samba4.sam.python\(ad_dc_default\).__main__.SamTests.test_userAccountControl\(ad_dc_default\)
  ^samba4.sam.python\(ad_dc_default\).__main__.SamTests.test_users_groups\(ad_dc_default\)
  ^samba4.priv_attrs.strict.python\(ad_dc_default\).__main__.PrivAttrsTests.test_priv_attr_userAccountControl-DC_add_CC_WP_user\(ad_dc_default\)
  ^samba4.priv_attrs.strict.python\(ad_dc_default\).__main__.PrivAttrsTests.test_priv_attr_userAccountControl-DC_add_CC_default_user\(ad_dc_default\)
diff --git a/source4/dsdb/tests/python/sam.py b/source4/dsdb/tests/python/sam.py

index 5dd091fe4758ec560ed51a469d8b515d85c95ed3..b5b007b96efa22451b3b781082e4b6db0165af75 100755 (executable)
--- a/source4/dsdb/tests/python/sam.py
+++ b/source4/dsdb/tests/python/sam.py
@@ -1884,7 +1884,7 @@ class SamTests(samba.tests.TestCase):
  
          delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
  
-    def test_userAccountControl(self):
+    def test_userAccountControl_user_add_0_uac(self):
          """Test the userAccountControl behaviour"""
          print("Testing userAccountControl behaviour\n")
  
@@ -1912,12 +1912,15 @@ class SamTests(samba.tests.TestCase):
          self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_PASSWD_NOTREQD == 0)
          delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
  
+    def test_userAccountControl_user_add_normal(self):
+        """Test the userAccountControl behaviour"""
          ldb.add({
              "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
              "objectclass": "user",
              "userAccountControl": str(UF_NORMAL_ACCOUNT)})
          delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
  
+    def test_userAccountControl_user_add_normal_pwnotreq(self):
          ldb.add({
              "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
              "objectclass": "user",
@@ -1932,6 +1935,7 @@ class SamTests(samba.tests.TestCase):
          self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_ACCOUNTDISABLE == 0)
          delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
  
+    def test_userAccountControl_user_add_normal_pwnotreq_lockout_expired(self):
          ldb.add({
              "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
              "objectclass": "user",
@@ -1951,6 +1955,7 @@ class SamTests(samba.tests.TestCase):
          self.assertTrue(int(res1[0]["pwdLastSet"][0]) == 0)
          delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
  
+    def test_userAccountControl_user_add_temp_dup(self):
          try:
              ldb.add({
                  "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
@@ -1962,6 +1967,7 @@ class SamTests(samba.tests.TestCase):
              self.assertEqual(num, ERR_OTHER)
          delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
  
+    def test_userAccountControl_user_add_server(self):
          try:
              ldb.add({
                  "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
@@ -1973,6 +1979,7 @@ class SamTests(samba.tests.TestCase):
              self.assertEqual(num, ERR_OBJECT_CLASS_VIOLATION)
          delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
  
+    def test_userAccountControl_user_add_workstation(self):
          try:
              ldb.add({
                  "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
@@ -1983,6 +1990,7 @@ class SamTests(samba.tests.TestCase):
              self.assertEqual(num, ERR_OBJECT_CLASS_VIOLATION)
          delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
  
+    def test_userAccountControl_user_add_rodc(self):
          try:
              ldb.add({
                  "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
@@ -1993,6 +2001,7 @@ class SamTests(samba.tests.TestCase):
              self.assertEqual(num, ERR_OBJECT_CLASS_VIOLATION)
          delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
  
+    def test_userAccountControl_user_add_trust(self):
          try:
              ldb.add({
                  "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
@@ -2006,6 +2015,7 @@ class SamTests(samba.tests.TestCase):
  
          # Modify operation
  
+    def test_userAccountControl_user_modify(self):
          ldb.add({
              "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
              "objectclass": "user"})
@@ -2176,6 +2186,7 @@ class SamTests(samba.tests.TestCase):
              (num, _) = e69.args
              self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
  
+    def test_userAccountControl_computer_add_0_uac(self):
          # With a computer object
  
          # Add operation
@@ -2200,12 +2211,14 @@ class SamTests(samba.tests.TestCase):
          self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_PASSWD_NOTREQD == 0)
          delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
  
+    def test_userAccountControl_computer_add_normal(self):
          ldb.add({
              "dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn,
              "objectclass": "computer",
              "userAccountControl": str(UF_NORMAL_ACCOUNT)})
          delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
  
+    def test_userAccountControl_computer_add_normal_pwnotreqd(self):
          ldb.add({
              "dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn,
              "objectclass": "computer",
@@ -2220,6 +2233,7 @@ class SamTests(samba.tests.TestCase):
          self.assertTrue(int(res1[0]["userAccountControl"][0]) & UF_ACCOUNTDISABLE == 0)
          delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
  
+    def test_userAccountControl_computer_add_normal_pwnotreqd_lockout_expired(self):
          ldb.add({
              "dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn,
              "objectclass": "computer",
@@ -2239,6 +2253,7 @@ class SamTests(samba.tests.TestCase):
          self.assertTrue(int(res1[0]["pwdLastSet"][0]) == 0)
          delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
  
+    def test_userAccountControl_computer_add_temp_dup(self):
          try:
              ldb.add({
                  "dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn,
@@ -2250,6 +2265,7 @@ class SamTests(samba.tests.TestCase):
              self.assertEqual(num, ERR_OTHER)
          delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
  
+    def test_userAccountControl_computer_add_server(self):
          ldb.add({
              "dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn,
              "objectclass": "computer",
@@ -2262,6 +2278,7 @@ class SamTests(samba.tests.TestCase):
                            ATYPE_WORKSTATION_TRUST)
          delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
  
+    def test_userAccountControl_computer_add_workstation(self):
          try:
              ldb.add({
                  "dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn,
@@ -2272,6 +2289,7 @@ class SamTests(samba.tests.TestCase):
              self.assertEqual(num, ERR_OBJECT_CLASS_VIOLATION)
          delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
  
+    def test_userAccountControl_computer_add_trust(self):
          try:
              ldb.add({
                  "dn": "cn=ldaptestcomputer,cn=computers," + self.base_dn,
@@ -2283,6 +2301,7 @@ class SamTests(samba.tests.TestCase):
              self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
          delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
  
+    def test_userAccountControl_computer_modify(self):
          # Modify operation
  
          ldb.add({
author	Andrew Bartlett <abartlet@samba.org>
	Thu, 21 Oct 2021 01:03:05 +0000 (14:03 +1300)
committer	Jule Anger <janger@samba.org>
	Tue, 9 Nov 2021 19:45:32 +0000 (19:45 +0000)
selftest/knownfail.d/uac_objectclass_restrict		patch \| blob \| blame \| history
source4/dsdb/tests/python/sam.py		patch \| blob \| blame \| history