pytest:sid_strings: test SID DNs with ldb parsing

By using an ldb.Dn as an intermediary, we get to see which SIDs
Samba thinks are OK but Windows thinks are bad.
It is things like "S-0-5-32-579".

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/python/samba/tests/sid_strings.py b/python/samba/tests/sid_strings.py
index 2c82f1aad5a1d28b5bab9697093cf889e631d240..baa0b2ab8816f230c6e9c8ae851d2b53909f4f57 100644 (file)
--- a/python/samba/tests/sid_strings.py
+++ b/python/samba/tests/sid_strings.py
@@ -468,6 +468,81 @@ class SidStringsAsDnInSearchBase(SidStringBase):
             self.assertIsNone(expected)
 
 
+@DynamicTestCase
+class SidStringsAsDnSearchWithDnObject(SidStringBase):
+    """How does a bad <SID=x> dn work as a search base, if at all?
+
+    This time we parse the DN in ldb first.
+    """
+    skip_local = True
+    cases = {' S-1-1-1-1-1-1-1': ('parse error', None),
+             'S-0-5-32-579': (None, ldb.ERR_INVALID_DN_SYNTAX),
+             'S-000000000001-5-20-243': ('parse error', None),
+             'S-000000001-5-32-579': ('parse error', None),
+             'S-01-05-020-0243': (None, ldb.ERR_NO_SUCH_OBJECT),
+             'S-0x1-0-0-579': ('parse error', None),
+             'S-0x1-0x5-020-0243': ('parse error', None),
+             'S-0x1-5-20-243': ('parse error', None),
+             'S-0x1-5-40-579': ('parse error', None),
+             'S-0x1-500000000-20-243': ('parse error', None),
+             'S-1-0': (None, ldb.ERR_NO_SUCH_OBJECT),
+             'S-1-0-0-579': (None, ldb.ERR_NO_SUCH_OBJECT),
+             'S-1-0x05-32-579': (None, None),
+             'S-1-0x5-0x20-0x243': (None, ldb.ERR_NO_SUCH_OBJECT),
+             'S-1-0x50000000-32-579': (None, ldb.ERR_NO_SUCH_OBJECT),
+             'S-1-0x500000000-0x500000000-579': (None, ldb.ERR_NO_SUCH_OBJECT),
+             'S-1-0x500000000-32-579': (None, ldb.ERR_NO_SUCH_OBJECT),
+             'S-1-0xABcDef123-0xABCDef123-579': (None, ldb.ERR_NO_SUCH_OBJECT),
+             'S-1-1-1-1-1-1-1': (None, ldb.ERR_NO_SUCH_OBJECT),
+             'S-1-21474836480-32-579': (None, ldb.ERR_NO_SUCH_OBJECT),
+             'S-1-22': (None, ldb.ERR_NO_SUCH_OBJECT),
+             'S-1-22-1': (None, ldb.ERR_NO_SUCH_OBJECT),
+             'S-1-22-1-0': (None, ldb.ERR_NO_SUCH_OBJECT),
+             'S-1-281474976710655-579': (None, ldb.ERR_NO_SUCH_OBJECT),
+             'S-1-281474976710656-579': ('parse error', None),
+             'S-1-3-0': (None, ldb.ERR_NO_SUCH_OBJECT),
+             'S-1-3-99': (None, ldb.ERR_NO_SUCH_OBJECT),
+             'S-1-5-0-579': (None, ldb.ERR_NO_SUCH_OBJECT),
+             'S-1-5-040-579': (None, ldb.ERR_NO_SUCH_OBJECT),
+             'S-1-5-0x20-579': (None, ldb.ERR_NO_SUCH_OBJECT),
+             'S-1-5-11111111111111111111111111111111111-579': ('parse error', None),
+             'S-1-5-18446744073709551615-579': ('parse error', None),
+             'S-1-5-18446744073709551616-579': ('parse error', None),
+             'S-1-5-3 2-579': (None, ldb.ERR_NO_SUCH_OBJECT),
+             'S-1-5-32- 579': ('parse error', None),
+             'S-1-5-32--579': ('parse error', None),
+             'S-1-5-4294967295-579': (None, ldb.ERR_NO_SUCH_OBJECT),
+             'S-1-5-9999999999-579': ('parse error', None),
+             'S-1-99999999999999999999999999999999999999-32-11111111111': ('parse error',
+                                                                           None),
+             'S-10-5-32-579': (None, ldb.ERR_INVALID_DN_SYNTAX),
+             'S-2-5-32-579': (None, ldb.ERR_INVALID_DN_SYNTAX),
+             's-1-5-32-579': ('parse error', None),
+            }
+
+    def _test_sid_string_with_args(self, code, expected):
+        dn_err, search_err = expected
+        dn_str = f"<SID={code}>"
+        try:
+            dn = ldb.Dn(self.ldb, dn_str)
+        except ValueError:
+            self.assertEqual(dn_err, 'parse error')
+            return
+        except ldb.LdbError as e:
+            self.assertEqual(dn_err, e.args[0])
+            return
+
+        self.assertIsNone(dn_err)
+
+        try:
+            self.ldb.search(dn, scope=ldb.SCOPE_BASE, attrs=['*'])
+        except ldb.LdbError as e:
+            self.assertEqual(search_err, e.args[0])
+            return
+
+        self.assertIsNone(search_err)
+
+
 if __name__ == '__main__':
     global_asn1_print = False
     global_hexdump = False

diff --git a/selftest/knownfail.d/sid-strings b/selftest/knownfail.d/sid-strings
index 85557319d55686d6b7c463238acb5a199e651d57..6b3c5f66117aeb5d279a9be5edf4b230c0dc4efe 100644 (file)
--- a/selftest/knownfail.d/sid-strings
+++ b/selftest/knownfail.d/sid-strings
@@ -56,6 +56,14 @@
 ^samba.tests.sid_strings.+.SidStringsAsDnInSearchBase.test_sid_string_S-1-5-3.2-579.ad_dc
 ^samba.tests.sid_strings.+.SidStringsAsDnInSearchBase.test_sid_string_S-10-5-32-579.ad_dc
 ^samba.tests.sid_strings.+.SidStringsAsDnInSearchBase.test_sid_string_S-2-5-32-579.ad_dc
+^samba.tests.sid_strings.+.SidStringsAsDnSearchWithDnObject.test_sid_string_S-0-5-32-579.ad_dc
+^samba.tests.sid_strings.+.SidStringsAsDnSearchWithDnObject.test_sid_string_S-000000000001-5-20-243.ad_dc
+^samba.tests.sid_strings.+.SidStringsAsDnSearchWithDnObject.test_sid_string_S-000000001-5-32-579.ad_dc
+^samba.tests.sid_strings.+.SidStringsAsDnSearchWithDnObject.test_sid_string_S-1-0x05-32-579.ad_dc
+^samba.tests.sid_strings.+.SidStringsAsDnSearchWithDnObject.test_sid_string_S-1-3-0.ad_dc
+^samba.tests.sid_strings.+.SidStringsAsDnSearchWithDnObject.test_sid_string_S-1-5-3.2-579.ad_dc
+^samba.tests.sid_strings.+.SidStringsAsDnSearchWithDnObject.test_sid_string_S-10-5-32-579.ad_dc
+^samba.tests.sid_strings.+.SidStringsAsDnSearchWithDnObject.test_sid_string_S-2-5-32-579.ad_dc
 ^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_.S-1-1-1-1-1-1-1.ad_dc
 ^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_S-1-0.ad_dc
 ^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_S-1-0x05-32-579.ad_dc