search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
(parent: 80347de) | patch
s4:dsdb:tests: add AclVisibiltyTests
commit06d134406739e76b97273db3023855150dbaebbc
authorStefan Metzmacher <metze@samba.org>
Wed, 7 Oct 2020 11:21:06 +0000 (7 13:21 +0200)
committerStefan Metzmacher <metze@samba.org>
Wed, 21 Oct 2020 07:25:37 +0000 (21 07:25 +0000)
tree0c60f2ba1c321c5b95f01e223203b428cd391a40tree | snapshot (tar.gz zip)
parent80347deb544b38be6c6814e5d1b82e48ebe83fd1commit | diff
s4:dsdb:tests: add AclVisibiltyTests

This tests a sorts of combinations in order to
demonstrate the visibility of objects depending on:

- with or without fDoListObject
- with or without explicit DENY ACEs
- A hierachy of objects with 4 levels from the base dn
- SEC_ADS_LIST (List Children)
- SEC_ADS_LIST_LIST_OBJECT (List Object)
- SEC_ADS_READ_PROP
- all possible scopes and basedns

This demonstrates that NO_SUCH_OBJECT doesn't depend purely
on the visibility of the base dn, it's still possible to
get children returned und an invisible base dn.

It also demonstrates the additional behavior with "List Object" mode.
See [MS-ADTS] 5.1.3.3.6 Checking Object Visibility

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14531

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
selftest/knownfail.d/ldap-acl-visibility [new file with mode: 0644] blob
source4/dsdb/tests/python/acl.py diff | blob | blame | history
source4/selftest/tests.py diff | blob | blame | history
Samba GIT mirror