^samba4.ldap.acl.python\(.*\).__main__.AclModifyTests.test_modify_owner_other_admin_computer\(.*\)
^samba4.ldap.acl.python\(.*\).__main__.AclModifyTests.test_modify_owner_other_computer\(.*\)
^samba4.ldap.acl.python\(.*\).__main__.AclModifyTests.test_modify_owner_other_user\(.*\)
+^samba4.user_account_control.python\(.*\).__main__.UserAccountControlTests.test_add_computer_cc_normal_bare\(.*\)
+^samba4.user_account_control.python\(.*\).__main__.UserAccountControlTests.test_add_computer_sd_cc\(.*\)
user_sid = self.sd_utils.get_object_sid(self.get_user_dn(self.regular_user))
mod = f"(OA;CI;CC;{samba.dsdb.DS_GUID_SCHEMA_CLASS_COMPUTER};;{user_sid})"
self.sd_utils.dacl_add_ace("OU=test_add_ou1," + self.base_dn, mod)
+ # servicePrincipalName
mod = f"(OA;CI;WP;{samba.dsdb.DS_GUID_SCHEMA_ATTR_SERVICE_PRINCIPAL_NAME};;{user_sid})"
self.sd_utils.dacl_add_ace("OU=test_add_ou1," + self.base_dn, mod)
dn = "CN=%s,OU=test_add_ou1,%s" % (self.test_user3, self.base_dn)
user_sid = self.sd_utils.get_object_sid(self.get_user_dn(self.regular_user))
mod = f"(OA;CI;CC;{samba.dsdb.DS_GUID_SCHEMA_CLASS_COMPUTER};;{user_sid})"
self.sd_utils.dacl_add_ace("OU=test_add_ou1," + self.base_dn, mod)
+ # servicePrincipalName
mod = f"(OA;CI;WP;{samba.dsdb.DS_GUID_SCHEMA_ATTR_SERVICE_PRINCIPAL_NAME};;{user_sid})"
self.sd_utils.dacl_add_ace("OU=test_add_ou1," + self.base_dn, mod)
+ # userAccountControl
+ mod = f"(OA;CI;WP;{samba.dsdb.DS_GUID_SCHEMA_ATTR_USER_ACCOUNT_CONTROL};;{user_sid})"
+ self.sd_utils.dacl_add_ace("OU=test_add_ou1," + self.base_dn, mod)
dn = "CN=%s,OU=test_add_ou1,%s" % (self.test_user4, self.base_dn)
samaccountname = self.test_user4 + "$"
try:
def test_search4(self):
"""There is no difference in visibility if the user is also creator"""
self.create_clean_ou("OU=ou1," + self.base_dn)
- mod = "(A;CI;CC;;;%s)" % (str(self.user_sid))
+ mod = "(A;CI;CCWD;;;%s)" % (str(self.user_sid))
self.sd_utils.dacl_add_ace("OU=ou1," + self.base_dn, mod)
tmp_desc = security.descriptor.from_sddl("D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod,
self.domain_sid)
def test_search6(self):
"""If an attribute that cannot be read is used in a filter, it is as if the attribute does not exist"""
self.create_clean_ou("OU=ou1," + self.base_dn)
- mod = "(A;CI;LCCC;;;%s)" % (str(self.user_sid))
+ mod = "(A;CI;LCCCWD;;;%s)" % (str(self.user_sid))
self.sd_utils.dacl_add_ace("OU=ou1," + self.base_dn, mod)
tmp_desc = security.descriptor.from_sddl("D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" + mod,
self.domain_sid)
_ldb = self.get_ldb_connection(user_name, "samba123@")
# Change Schema partition descriptor
user_sid = self.sd_utils.get_object_sid(self.get_users_domain_dn(user_name))
- mod = "(A;;WDCC;;;AU)"
+ mod = "(A;CI;WDCC;;;AU)"
self.sd_utils.dacl_add_ace(self.schema_dn, mod)
# Create example Schema class
try:
delete_force(self.ldb_admin, object_dn)
self.create_configuration_container(self.ldb_admin, object_dn, )
user_sid = self.sd_utils.get_object_sid(self.get_users_domain_dn(user_name))
- mod = "(A;;WDCC;;;AU)"
+ mod = "(A;CI;WDCC;;;AU)"
self.sd_utils.dacl_add_ace(object_dn, mod)
# Create child object with user's credentials
object_dn = "CN=test-specifier1," + object_dn
delete_force(self.ldb_admin, object_dn)
self.create_configuration_container(self.ldb_admin, object_dn, )
user_sid = self.sd_utils.get_object_sid(self.get_users_domain_dn(user_name))
- mod = "(A;;CC;;;AU)"
+ mod = "(A;CI;CCWD;;;AU)"
self.sd_utils.dacl_add_ace(object_dn, mod)
# Create child object with user's credentials
object_dn = "CN=test-specifier1," + object_dn
delete_force(self.ldb_admin, object_dn)
self.create_configuration_container(self.ldb_admin, object_dn, )
user_sid = self.sd_utils.get_object_sid(self.get_users_domain_dn(user_name))
- mod = "(A;;CC;;;AU)"
+ mod = "(A;CI;CCWD;;;AU)"
self.sd_utils.dacl_add_ace(object_dn, mod)
# Create child object with user's credentials
object_dn = "CN=test-specifier1," + object_dn
def test_add_computer_sd_cc(self):
user_sid = self.sd_utils.get_object_sid(self.unpriv_user_dn)
- mod = "(OA;;CC;bf967a86-0de6-11d0-a285-00aa003049e2;;%s)" % str(user_sid)
+ mod = f"(OA;CI;WDCC;{dsdb.DS_GUID_SCHEMA_CLASS_COMPUTER};;{user_sid})"
old_sd = self.sd_utils.read_sd_on_dn(self.OU)
self.sd_utils.dacl_add_ace(self.OU, mod)
def test_add_computer_cc_normal_bare(self):
user_sid = self.sd_utils.get_object_sid(self.unpriv_user_dn)
- mod = "(OA;;CC;bf967a86-0de6-11d0-a285-00aa003049e2;;%s)" % str(user_sid)
+ mod = f"(OA;CI;CC;{dsdb.DS_GUID_SCHEMA_CLASS_COMPUTER};;{user_sid})"
old_sd = self.sd_utils.read_sd_on_dn(self.OU)
self.sd_utils.dacl_add_ace(self.OU, mod)
computername = self.computernames[0]
user_sid = self.sd_utils.get_object_sid(self.unpriv_user_dn)
- mod = "(OA;;CC;bf967a86-0de6-11d0-a285-00aa003049e2;;%s)" % str(user_sid)
-
+ ace_cc = f"(OA;;CC;{dsdb.DS_GUID_SCHEMA_CLASS_COMPUTER};;{user_sid})"
+ ace_wp_dnshostname = f"(OA;CI;WP;{dsdb.DS_GUID_SCHEMA_ATTR_DNS_HOST_NAME};;{user_sid})"
+ ace_wp_primarygroupid = f"(OA;CI;WP;{dsdb.DS_GUID_SCHEMA_ATTR_PRIMARY_GROUP_ID};;{user_sid})"
old_sd = self.sd_utils.read_sd_on_dn(self.OU)
+ mod = ace_cc + ace_wp_dnshostname + ace_wp_primarygroupid
self.sd_utils.dacl_add_ace(self.OU, mod)
try:
projects / thirdparty / samba.git / commitdiff
