CVE-2020-25722 selftest: Adjust sam.py test_userAccountControl_computer_add_trust...

We now enforce that a trust account must be a user.

These can not be added over LDAP anyway, and our C
code in the RPC server gets this right in any case.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14753

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

diff --git a/selftest/knownfail.d/uac_objectclass_restrict b/selftest/knownfail.d/uac_objectclass_restrict
index ac7befffb1b423840545073bff719080ac6de51b..0fc2f4d47a21086db39e63bc1854acfcef5f0ff3 100644 (file)
--- a/selftest/knownfail.d/uac_objectclass_restrict
+++ b/selftest/knownfail.d/uac_objectclass_restrict
@@ -4,7 +4,6 @@
 # All these tests need to be fixed and the entries here removed
 
 ^samba4.sam.python\(.*\).__main__.SamTests.test_userAccountControl_computer_add_0_uac
-^samba4.sam.python\(.*\).__main__.SamTests.test_userAccountControl_computer_add_trust
 ^samba4.sam.python\(.*\).__main__.SamTests.test_userAccountControl_computer_modify
 ^samba4.sam.python\(.*\).__main__.SamTests.test_userAccountControl_user_modify
 ^samba4.sam.python\(fl2008r2dc\).__main__.SamTests.test_users_groups\(fl2008r2dc\)

diff --git a/source4/dsdb/tests/python/sam.py b/source4/dsdb/tests/python/sam.py
index b5b007b96efa22451b3b781082e4b6db0165af75..d94d95b9c77834cb2d574ac9cb4b436e83300a56 100755 (executable)
--- a/source4/dsdb/tests/python/sam.py
+++ b/source4/dsdb/tests/python/sam.py
@@ -2298,7 +2298,7 @@ class SamTests(samba.tests.TestCase):
             self.fail()
         except LdbError as e72:
             (num, _) = e72.args
-            self.assertEqual(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+            self.assertEqual(num, ERR_OBJECT_CLASS_VIOLATION)
         delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
 
     def test_userAccountControl_computer_modify(self):