diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 17:20:00 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 17:20:00 +0000 |
commit | 8daa83a594a2e98f39d764422bfbdbc62c9efd44 (patch) | |
tree | 4099e8021376c7d8c05bdf8503093d80e9c7bad0 /python/samba/tests/dsdb_schema_attributes.py | |
parent | Initial commit. (diff) | |
download | samba-8daa83a594a2e98f39d764422bfbdbc62c9efd44.tar.xz samba-8daa83a594a2e98f39d764422bfbdbc62c9efd44.zip |
Adding upstream version 2:4.20.0+dfsg.upstream/2%4.20.0+dfsg
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'python/samba/tests/dsdb_schema_attributes.py')
-rw-r--r-- | python/samba/tests/dsdb_schema_attributes.py | 249 |
1 files changed, 249 insertions, 0 deletions
diff --git a/python/samba/tests/dsdb_schema_attributes.py b/python/samba/tests/dsdb_schema_attributes.py new file mode 100644 index 0000000..7d5c7f9 --- /dev/null +++ b/python/samba/tests/dsdb_schema_attributes.py @@ -0,0 +1,249 @@ +# -*- coding: utf-8 -*- +# +# Unix SMB/CIFS implementation. +# Copyright (C) Kamen Mazdrashki <kamenim@samba.org> 2010 +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# + +# +# Usage: +# export SUBUNITRUN=$samba4srcdir/scripting/bin/subunitrun +# PYTHONPATH="$PYTHONPATH:$samba4srcdir/dsdb/tests/python" $SUBUNITRUN dsdb_schema_attributes +# + +import time +import random + +import samba.tests +import ldb +from ldb import SCOPE_BASE, LdbError + + +class SchemaAttributesTestCase(samba.tests.TestCase): + + def setUp(self): + super().setUp() + + self.lp = samba.tests.env_loadparm() + self.samdb = samba.tests.connect_samdb(self.lp.samdb_url()) + + # fetch rootDSE + res = self.samdb.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"]) + self.assertEqual(len(res), 1) + self.schema_dn = res[0]["schemaNamingContext"][0] + self.base_dn = res[0]["defaultNamingContext"][0] + self.forest_level = int(res[0]["forestFunctionality"][0]) + + def _ldap_schemaUpdateNow(self): + ldif = """ +dn: +changetype: modify +add: schemaUpdateNow +schemaUpdateNow: 1 +""" + self.samdb.modify_ldif(ldif) + + def _make_obj_names(self, prefix): + obj_name = prefix + time.strftime("%s", time.gmtime()) + obj_ldap_name = obj_name.replace("-", "") + obj_dn = "CN=%s,%s" % (obj_name, self.schema_dn) + return (obj_name, obj_ldap_name, obj_dn) + + def _make_attr_ldif(self, attr_name, attr_dn, sub_oid, extra=None): + ldif = """ +dn: """ + attr_dn + """ +objectClass: top +objectClass: attributeSchema +adminDescription: """ + attr_name + """ +adminDisplayName: """ + attr_name + """ +cn: """ + attr_name + """ +attributeId: 1.3.6.1.4.1.7165.4.6.1.8.%d.""" % sub_oid + str(random.randint(1, 100000)) + """ +attributeSyntax: 2.5.5.12 +omSyntax: 64 +instanceType: 4 +isSingleValued: TRUE +systemOnly: FALSE +""" + + if extra is not None: + ldif += extra + "\n" + + return ldif + + def test_AddIndexedAttribute(self): + # create names for an attribute to add + (attr_name, attr_ldap_name, attr_dn) = self._make_obj_names("schemaAttributes-IdxAttr-") + ldif = self._make_attr_ldif(attr_name, attr_dn, 1, + "searchFlags: %d" % samba.dsdb.SEARCH_FLAG_ATTINDEX) + + # add the new attribute + self.samdb.add_ldif(ldif) + self._ldap_schemaUpdateNow() + + # Check @ATTRIBUTES + + attr_res = self.samdb.search(base="@ATTRIBUTES", scope=ldb.SCOPE_BASE) + + self.assertIn(attr_ldap_name, attr_res[0]) + self.assertEqual(len(attr_res[0][attr_ldap_name]), 1) + self.assertEqual(str(attr_res[0][attr_ldap_name][0]), "CASE_INSENSITIVE") + + # Check @INDEXLIST + + idx_res = self.samdb.search(base="@INDEXLIST", scope=ldb.SCOPE_BASE) + + self.assertIn(attr_ldap_name, [str(x) for x in idx_res[0]["@IDXATTR"]]) + + def test_AddUnIndexedAttribute(self): + # create names for an attribute to add + (attr_name, attr_ldap_name, attr_dn) = self._make_obj_names("schemaAttributes-UnIdxAttr-") + ldif = self._make_attr_ldif(attr_name, attr_dn, 2) + + # add the new attribute + self.samdb.add_ldif(ldif) + self._ldap_schemaUpdateNow() + + # Check @ATTRIBUTES + + attr_res = self.samdb.search(base="@ATTRIBUTES", scope=ldb.SCOPE_BASE) + + self.assertIn(attr_ldap_name, attr_res[0]) + self.assertEqual(len(attr_res[0][attr_ldap_name]), 1) + self.assertEqual(str(attr_res[0][attr_ldap_name][0]), "CASE_INSENSITIVE") + + # Check @INDEXLIST + + idx_res = self.samdb.search(base="@INDEXLIST", scope=ldb.SCOPE_BASE) + + self.assertNotIn(attr_ldap_name, [str(x) for x in idx_res[0]["@IDXATTR"]]) + + def test_AddTwoIndexedAttributes(self): + # create names for an attribute to add + (attr_name, attr_ldap_name, attr_dn) = self._make_obj_names("schemaAttributes-2IdxAttr-") + ldif = self._make_attr_ldif(attr_name, attr_dn, 3, + "searchFlags: %d" % samba.dsdb.SEARCH_FLAG_ATTINDEX) + + # add the new attribute + self.samdb.add_ldif(ldif) + self._ldap_schemaUpdateNow() + + # create names for an attribute to add + (attr_name2, attr_ldap_name2, attr_dn2) = self._make_obj_names("schemaAttributes-Attr-") + ldif = self._make_attr_ldif(attr_name2, attr_dn2, 4, + "searchFlags: %d" % samba.dsdb.SEARCH_FLAG_ATTINDEX) + + # add the new attribute + self.samdb.add_ldif(ldif) + self._ldap_schemaUpdateNow() + + # Check @ATTRIBUTES + + attr_res = self.samdb.search(base="@ATTRIBUTES", scope=ldb.SCOPE_BASE) + + self.assertIn(attr_ldap_name, attr_res[0]) + self.assertEqual(len(attr_res[0][attr_ldap_name]), 1) + self.assertEqual(str(attr_res[0][attr_ldap_name][0]), "CASE_INSENSITIVE") + + self.assertIn(attr_ldap_name2, attr_res[0]) + self.assertEqual(len(attr_res[0][attr_ldap_name2]), 1) + self.assertEqual(str(attr_res[0][attr_ldap_name2][0]), "CASE_INSENSITIVE") + + # Check @INDEXLIST + + idx_res = self.samdb.search(base="@INDEXLIST", scope=ldb.SCOPE_BASE) + + self.assertIn(attr_ldap_name, [str(x) for x in idx_res[0]["@IDXATTR"]]) + self.assertIn(attr_ldap_name2, [str(x) for x in idx_res[0]["@IDXATTR"]]) + + def test_modify_at_attributes(self): + m = {"dn": "@ATTRIBUTES", + "@TEST_EXTRA": ["HIDDEN"] + } + + msg = ldb.Message.from_dict(self.samdb, m, ldb.FLAG_MOD_ADD) + self.samdb.modify(msg) + + res = self.samdb.search(base="@ATTRIBUTES", scope=ldb.SCOPE_BASE, + attrs=["@TEST_EXTRA"]) + self.assertEqual(len(res), 1) + self.assertEqual(str(res[0].dn), "@ATTRIBUTES") + self.assertEqual(len(res[0]), 1) + self.assertTrue("@TEST_EXTRA" in res[0]) + self.assertEqual(len(res[0]["@TEST_EXTRA"]), 1) + self.assertEqual(str(res[0]["@TEST_EXTRA"][0]), "HIDDEN") + + samdb2 = samba.tests.connect_samdb(self.lp.samdb_url()) + + # We now only update the @ATTRIBUTES when a transaction happens + # rather than making a read of the DB do writes. + # + # This avoids locking issues and is more expected + + samdb2.transaction_start() + samdb2.transaction_commit() + + res = self.samdb.search(base="@ATTRIBUTES", scope=ldb.SCOPE_BASE, + attrs=["@TEST_EXTRA"]) + self.assertEqual(len(res), 1) + self.assertEqual(str(res[0].dn), "@ATTRIBUTES") + self.assertEqual(len(res[0]), 0) + self.assertFalse("@TEST_EXTRA" in res[0]) + + def test_modify_at_indexlist(self): + m = {"dn": "@INDEXLIST", + "@TEST_EXTRA": ["1"] + } + + msg = ldb.Message.from_dict(self.samdb, m, ldb.FLAG_MOD_ADD) + self.samdb.modify(msg) + + res = self.samdb.search(base="@INDEXLIST", scope=ldb.SCOPE_BASE, + attrs=["@TEST_EXTRA"]) + self.assertEqual(len(res), 1) + self.assertEqual(str(res[0].dn), "@INDEXLIST") + self.assertEqual(len(res[0]), 1) + self.assertTrue("@TEST_EXTRA" in res[0]) + self.assertEqual(len(res[0]["@TEST_EXTRA"]), 1) + self.assertEqual(str(res[0]["@TEST_EXTRA"][0]), "1") + + samdb2 = samba.tests.connect_samdb(self.lp.samdb_url()) + + # We now only update the @INDEXLIST when a transaction happens + # rather than making a read of the DB do writes. + # + # This avoids locking issues and is more expected + + samdb2.transaction_start() + samdb2.transaction_commit() + + res = self.samdb.search(base="@INDEXLIST", scope=ldb.SCOPE_BASE, + attrs=["@TEST_EXTRA"]) + self.assertEqual(len(res), 1) + self.assertEqual(str(res[0].dn), "@INDEXLIST") + self.assertEqual(len(res[0]), 0) + self.assertFalse("@TEST_EXTRA" in res[0]) + + def test_modify_fail_of_at_indexlist(self): + m = {"dn": "@INDEXLIST", + "@TEST_NOT_EXTRA": ["1"] + } + + msg = ldb.Message.from_dict(self.samdb, m, ldb.FLAG_MOD_DELETE) + try: + self.samdb.modify(msg) + self.fail("modify of @INDEXLIST with a failed constraint should fail") + except LdbError as err: + enum = err.args[0] + self.assertEqual(enum, ldb.ERR_NO_SUCH_ATTRIBUTE) |