git.samba.org / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 473502d)
pytest: sid_strings: adjust to match Windows 2016
authorDouglas Bagnall <douglas.bagnall@catalyst.net.nz>
Thu, 2 May 2024 23:24:02 +0000 (11:24 +1200)
committerAndrew Bartlett <abartlet@samba.org>
Tue, 7 May 2024 23:25:35 +0000 (23:25 +0000)
9 hex-digit subauths like '0xABCDef123' will not fit in 32 bits, so
should be rejected on parsing.

In other situations, such as defaultSecurityDescriptor, overflowing
SID subauths on Windows will saturate to 0xffffffff, resulting in a
valid but probably meaningless SID. It is possible that in previous
testing we saw that here, but it is more likely I got confused. In any
case, now I see them being rejected, and that is good.

The saturating defaultSecurityDescriptor case is tested in
SidStringBehavioursThatWindowsAllows.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10763

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
python/samba/tests/sid_strings.py patch | blob | history
selftest/knownfail.d/sid-strings patch | blob | history

diff --git a/python/samba/tests/sid_strings.py b/python/samba/tests/sid_strings.py
index 737f2b89b3f9d983bcd37901000acef65f353583..1b720356d8322e4f04967d0cec75ddfddf2c1033 100644 (file)
--- a/python/samba/tests/sid_strings.py
+++ b/python/samba/tests/sid_strings.py
@@ -425,9 +425,9 @@ class SidStringsAsDnInSearchBase(SidStringBase):
              'S-1-0x05-32-11579': ldb.ERR_NO_SUCH_OBJECT,
              'S-1-0x5-0x20-0x221': None,
              'S-1-0x50000000-32-579': ldb.ERR_NO_SUCH_OBJECT,
-             'S-1-0x500000000-0x500000000-579': ldb.ERR_NO_SUCH_OBJECT,
+             'S-1-0x500000000-0x500000000-579': ldb.ERR_INVALID_DN_SYNTAX,
              'S-1-0x500000000-32-579': ldb.ERR_NO_SUCH_OBJECT,
-             'S-1-0xABcDef123-0xABCDef123-579': ldb.ERR_NO_SUCH_OBJECT,
+             'S-1-0xABcDef123-0xABCDef123-579': ldb.ERR_INVALID_DN_SYNTAX,
              'S-1-1-1-1-1-1-1': ldb.ERR_NO_SUCH_OBJECT,
              'S-1-21474836480-32-579': ldb.ERR_NO_SUCH_OBJECT,
              'S-1-22': ldb.ERR_NO_SUCH_OBJECT,
diff --git a/selftest/knownfail.d/sid-strings b/selftest/knownfail.d/sid-strings
index a56d92986e3f8e1a70339615924bcf62a56ee21e..7b2a779ce7088524a1be1a31ce3326e530a83958 100644 (file)
--- a/selftest/knownfail.d/sid-strings
+++ b/selftest/knownfail.d/sid-strings
@@ -50,8 +50,6 @@
 ^samba.tests.sid_strings.+.SidStringTests.test_sid_string_internal_aA.ad_dc
 ^samba.tests.sid_strings.+.SidStringTests.test_sid_string_internal_aa.ad_dc
 ^samba.tests.sid_strings.+.SidStringsAsDnInSearchBase.test_sid_string_S-0-5-32-545.ad_dc
-^samba.tests.sid_strings.+.SidStringsAsDnInSearchBase.test_sid_string_S-1-0x500000000-0x500000000-579.ad_dc
-^samba.tests.sid_strings.+.SidStringsAsDnInSearchBase.test_sid_string_S-1-0xABcDef123-0xABCDef123-579.ad_dc
 ^samba.tests.sid_strings.+.SidStringsAsDnInSearchBase.test_sid_string_S-1-3-0.ad_dc
 ^samba.tests.sid_strings.+.SidStringsAsDnInSearchBase.test_sid_string_S-1-5-3.2-579.ad_dc
 ^samba.tests.sid_strings.+.SidStringsAsDnInSearchBase.test_sid_string_s-1-5-32-545.ad_dc
Samba Shared Repository