[PATCH] Basic Ldb unittests involving nTSecurityDescriptor

Andrew Bartlett abartlet at samba.org
Thu Aug 27 03:42:50 MDT 2009 

On Wed, 2009-08-26 at 21:59 +1000, Andrew Bartlett wrote:
> On Thu, 2009-08-13 at 15:07 +0300, Zahari Zahariev wrote:
> > Hello Samba4,
> > 
> > These are some unittest that prove whether ldb.modify_ldif() or 
> > ldb.add_ldif() works correctly with nTSecurityDescriptor attributes.
> > 
> > After Andrew's fix a week ago almost everything works fine. The problem 
> > I found while preparing these tests is where you have a descriptor like 
> > "O:DUG:DUD:PAI(A;;RPWP;;;AU)S:PAI" and you want to pass it in BASE64 
> > format in a ldif either to ldb.modify_ldif() or db.add_ldif() -- the 
> > result is that nTSecurityDescriptor attribute disappears.
> > 
> > Tests are prepared against Windows 2003 AD Server.
> 
> The reason the nTSecurityDescriptor dissapears is that it is invalid.
> We send it, but the server ignores it.  (Pity it does not send an error)
> 
> Look at the attached PCAP file, generated with the attached patch
> against Window 2003.  In short, the domain SID S-1-5-21 is invalid - the
> SDDL works because we query the real SID from the server during
> parsing. 
> 
> If you replace that SID with the real one, I bet the tests will pass. 

I've added a function to get you the Domain SID easily, and modified the
functions to use it.  Things are still not good, but look at these
patches and see if you can fix things from here.

Once things pass against Windows 2008, we can merge them (with
known-failures against Samba4 until the ACL patches land)

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-s4-ldb-Rework-security-descriptor-tests-in-ldap.py-t.patch
Type: text/x-patch
Size: 13036 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20090827/a8cdeeca/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-s4-ldb-Basic-Ldb-unittests-involving-nTSecurityDescr.patch
Type: text/x-patch
Size: 8274 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20090827/a8cdeeca/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20090827/a8cdeeca/attachment.pgp>

More information about the samba-technical mailing list