[PATCH] Basic Ldb unittests involving nTSecurityDescriptor

Andrew Bartlett abartlet at samba.org
Wed Aug 26 05:59:21 MDT 2009 

On Thu, 2009-08-13 at 15:07 +0300, Zahari Zahariev wrote:
> Hello Samba4,
> 
> These are some unittest that prove whether ldb.modify_ldif() or 
> ldb.add_ldif() works correctly with nTSecurityDescriptor attributes.
> 
> After Andrew's fix a week ago almost everything works fine. The problem 
> I found while preparing these tests is where you have a descriptor like 
> "O:DUG:DUD:PAI(A;;RPWP;;;AU)S:PAI" and you want to pass it in BASE64 
> format in a ldif either to ldb.modify_ldif() or db.add_ldif() -- the 
> result is that nTSecurityDescriptor attribute disappears.
> 
> Tests are prepared against Windows 2003 AD Server.

The reason the nTSecurityDescriptor dissapears is that it is invalid.
We send it, but the server ignores it.  (Pity it does not send an error)

Look at the attached PCAP file, generated with the attached patch
against Window 2003.  In short, the domain SID S-1-5-21 is invalid - the
SDDL works because we query the real SID from the server during
parsing. 

If you replace that SID with the real one, I bet the tests will pass. 

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: show-why-sd-not-stick.pcap
Type: application/octet-stream
Size: 736 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20090826/38f4e986/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-s4-ldb-Basic-Ldb-unittests-involving-nTSecurityDescr.patch
Type: text/x-patch
Size: 8270 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20090826/38f4e986/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20090826/38f4e986/attachment.pgp>

More information about the samba-technical mailing list