From: Andrew Bartlett Date: Tue, 8 Aug 2017 04:52:04 +0000 (+1200) Subject: selftest: Confirm privileged replication of an OU is not permitted X-Git-Url: http://git.samba.org/?p=metze%2Fsamba%2Fwip.git;a=commitdiff_plain;h=87bc8d8f16eca0a0e335a649106a80656b083a7d;ds=sidebyside selftest: Confirm privileged replication of an OU is not permitted Signed-off-by: Andrew Bartlett Signed-off-by: Tim Beale Reviewed-by: Garming Sam --- diff --git a/source4/torture/drs/python/getnc_exop.py b/source4/torture/drs/python/getnc_exop.py index 2b4bdc4b714d..37e5333e2456 100644 --- a/source4/torture/drs/python/getnc_exop.py +++ b/source4/torture/drs/python/getnc_exop.py @@ -35,6 +35,7 @@ from drs_base import AbstractLink import samba.tests import random +from samba import werror, WERRORError import ldb from ldb import SCOPE_BASE @@ -193,6 +194,29 @@ class DrsReplicaSyncTestCase(drs_base.DrsBaseTestCase): (level, ctr) = self.drs.DsGetNCChanges(self.drs_handle, 8, req8) self._check_ctr6(ctr, [ou2]) + def test_do_full_repl_on_ou(self): + """ + Make sure that a full replication on a not-an-nc fails with + the right error code + """ + + non_nc_ou = "OU=not-an-NC,%s" % self.ou + self.ldb_dc1.add({ + "dn": non_nc_ou, + "objectclass": "organizationalUnit" + }) + req8 = self._exop_req8(dest_dsa=None, + invocation_id=self.ldb_dc1.get_invocation_id(), + nc_dn_str=non_nc_ou, + exop=drsuapi.DRSUAPI_EXOP_NONE, + replica_flags=drsuapi.DRSUAPI_DRS_WRIT_REP) + + try: + (level, ctr) = self.drs.DsGetNCChanges(self.drs_handle, 8, req8) + self.fail("Expected DsGetNCChanges to fail with WERR_DS_CANT_FIND_EXPECTED_NC") + except WERRORError as (enum, estr): + self.assertEquals(enum, werror.WERR_DS_CANT_FIND_EXPECTED_NC) + def test_link_utdv_hwm(self): """Test verify the DRS_GET_ANC behavior."""