# Licenced under the GPLv3
#
+from __future__ import print_function
import optparse
import sys
import unittest
if others is not None:
msg_dict = dict(msg_dict.items() + others.items())
- msg = ldb.Message.from_dict(self.samdb, msg_dict )
+ msg = ldb.Message.from_dict(self.samdb, msg_dict)
msg["sAMAccountName"] = samaccountname
- print "Adding computer account %s" % computername
+ print("Adding computer account %s" % computername)
samdb.add(msg)
def get_creds(self, target_username, target_password):
self.sd_utils.dacl_add_ace("OU=test_computer_ou1," + self.base_dn, mod)
- computername=self.computernames[0]
+ computername = self.computernames[0]
sd = ldb.MessageElement((ndr_pack(self.sd_reference_modify)),
ldb.FLAG_MOD_ADD,
"nTSecurityDescriptor")
m = ldb.Message()
m.dn = res[0].dn
- m["description"]= ldb.MessageElement(
+ m["description"] = ldb.MessageElement(
("A description"), ldb.FLAG_MOD_REPLACE,
"description")
self.samdb.modify(m)
try:
self.samdb.modify(m)
self.fail("Unexpectedly able to set userAccountControl to be a DC on %s" % m.dn)
- except LdbError, (enum, estr):
+ except LdbError as e5:
+ (enum, estr) = e5.args
self.assertEqual(ldb.ERR_INSUFFICIENT_ACCESS_RIGHTS, enum)
m = ldb.Message()
try:
self.samdb.modify(m)
self.fail("Unexpectedly able to set userAccountControl to be an RODC on %s" % m.dn)
- except LdbError, (enum, estr):
+ except LdbError as e6:
+ (enum, estr) = e6.args
self.assertEqual(ldb.ERR_INSUFFICIENT_ACCESS_RIGHTS, enum)
m = ldb.Message()
try:
self.samdb.modify(m)
self.fail("Unexpectedly able to set userAccountControl to be an Workstation on %s" % m.dn)
- except LdbError, (enum, estr):
+ except LdbError as e7:
+ (enum, estr) = e7.args
self.assertEqual(ldb.ERR_INSUFFICIENT_ACCESS_RIGHTS, enum)
m = ldb.Message()
ldb.FLAG_MOD_REPLACE, "primaryGroupID")
try:
self.samdb.modify(m)
- except LdbError, (enum, estr):
+ except LdbError as e8:
+ (enum, estr) = e8.args
self.assertEqual(ldb.ERR_UNWILLING_TO_PERFORM, enum)
return
self.fail()
self.sd_utils.dacl_add_ace("OU=test_computer_ou1," + self.base_dn, mod)
- computername=self.computernames[0]
+ computername = self.computernames[0]
self.add_computer_ldap(computername)
res = self.admin_samdb.search("%s" % self.base_dn,
m = ldb.Message()
m.dn = res[0].dn
- m["description"]= ldb.MessageElement(
+ m["description"] = ldb.MessageElement(
("A description"), ldb.FLAG_MOD_REPLACE,
"description")
self.samdb.modify(m)
try:
self.samdb.modify(m)
self.fail("Unexpectedly able to set userAccountControl on %s" % m.dn)
- except LdbError, (enum, estr):
+ except LdbError as e9:
+ (enum, estr) = e9.args
self.assertEqual(ldb.ERR_INSUFFICIENT_ACCESS_RIGHTS, enum)
m = ldb.Message()
m["userAccountControl"] = ldb.MessageElement(str(samba.dsdb.UF_SERVER_TRUST_ACCOUNT),
ldb.FLAG_MOD_REPLACE, "userAccountControl")
try:
- self.samdb.modify(m)
- self.fail()
- except LdbError, (enum, estr):
- self.assertEqual(ldb.ERR_INSUFFICIENT_ACCESS_RIGHTS, enum)
+ self.samdb.modify(m)
+ self.fail()
+ except LdbError as e10:
+ (enum, estr) = e10.args
+ self.assertEqual(ldb.ERR_INSUFFICIENT_ACCESS_RIGHTS, enum)
m = ldb.Message()
m.dn = res[0].dn
try:
self.samdb.modify(m)
self.fail("Unexpectedly able to set userAccountControl to be an Workstation on %s" % m.dn)
- except LdbError, (enum, estr):
+ except LdbError as e11:
+ (enum, estr) = e11.args
self.assertEqual(ldb.ERR_INSUFFICIENT_ACCESS_RIGHTS, enum)
def test_admin_mod_uac(self):
- computername=self.computernames[0]
+ computername = self.computernames[0]
self.add_computer_ldap(computername, samdb=self.admin_samdb)
res = self.admin_samdb.search("%s" % self.base_dn,
try:
self.admin_samdb.modify(m)
self.fail("Unexpectedly able to set userAccountControl to UF_WORKSTATION_TRUST_ACCOUNT|UF_PARTIAL_SECRETS_ACCOUNT|UF_TRUSTED_FOR_DELEGATION on %s" % m.dn)
- except LdbError, (enum, estr):
+ except LdbError as e12:
+ (enum, estr) = e12.args
self.assertEqual(ldb.ERR_OTHER, enum)
m = ldb.Message()
scope=SCOPE_SUBTREE,
attrs=["userAccountControl"])
- self.assertEqual(int(res[0]["userAccountControl"][0]), UF_NORMAL_ACCOUNT| UF_ACCOUNTDISABLE)
+ self.assertEqual(int(res[0]["userAccountControl"][0]), UF_NORMAL_ACCOUNT | UF_ACCOUNTDISABLE)
def test_uac_bits_set(self):
self.sd_utils.dacl_add_ace("OU=test_computer_ou1," + self.base_dn, mod)
- computername=self.computernames[0]
+ computername = self.computernames[0]
self.add_computer_ldap(computername)
res = self.admin_samdb.search("%s" % self.base_dn,
m = ldb.Message()
m.dn = res[0].dn
- m["description"]= ldb.MessageElement(
+ m["description"] = ldb.MessageElement(
("A description"), ldb.FLAG_MOD_REPLACE,
"description")
self.samdb.modify(m)
self.samdb.modify(m)
if (bit in priv_bits):
self.fail("Unexpectedly able to set userAccountControl bit 0x%08X on %s" % (bit, m.dn))
- except LdbError, (enum, estr):
+ except LdbError as e:
+ (enum, estr) = e.args
if bit in invalid_bits:
self.assertEqual(enum, ldb.ERR_OTHER, "was not able to set 0x%08X on %s" % (bit, m.dn))
# No point going on, try the next bit
self.sd_utils.dacl_add_ace("OU=test_computer_ou1," + self.base_dn, mod)
- computername=self.computernames[0]
+ computername = self.computernames[0]
self.add_computer_ldap(computername, others={"userAccountControl": [str(account_type)]})
res = self.admin_samdb.search("%s" % self.base_dn,
m = ldb.Message()
m.dn = res[0].dn
- m["description"]= ldb.MessageElement(
+ m["description"] = ldb.MessageElement(
("A description"), ldb.FLAG_MOD_REPLACE,
"description")
self.samdb.modify(m)
if bit in invalid_bits:
self.fail("Should have been unable to set userAccountControl bit 0x%08X on %s" % (bit, m.dn))
- except LdbError, (enum, estr):
+ except LdbError as e1:
+ (enum, estr) = e1.args
if bit in invalid_bits:
self.assertEqual(enum, ldb.ERR_OTHER)
# No point going on, try the next bit
ldb.FLAG_MOD_REPLACE, "userAccountControl")
self.samdb.modify(m)
- except LdbError, (enum, estr):
+ except LdbError as e2:
+ (enum, estr) = e2.args
self.fail("Unable to set userAccountControl bit 0x%08X on %s: %s" % (bit, m.dn, estr))
res = self.admin_samdb.search("%s" % self.base_dn,
if bit in priv_to_remove_bits:
self.fail("Should have been unable to remove userAccountControl bit 0x%08X on %s" % (bit, m.dn))
- except LdbError, (enum, estr):
+ except LdbError as e3:
+ (enum, estr) = e3.args
if bit in priv_to_remove_bits:
self.assertEqual(enum, ldb.ERR_INSUFFICIENT_ACCESS_RIGHTS)
else:
self.uac_bits_unrelated_modify_helper(UF_WORKSTATION_TRUST_ACCOUNT)
def test_uac_bits_add(self):
- computername=self.computernames[0]
+ computername = self.computernames[0]
user_sid = self.sd_utils.get_object_sid(self.unpriv_user_dn)
mod = "(OA;;CC;bf967a86-0de6-11d0-a285-00aa003049e2;;%s)" % str(user_sid)
if bit in priv_bits:
self.fail("Unexpectdly able to set userAccountControl bit 0x%08X on %s" % (bit, computername))
- except LdbError, (enum, estr):
+ except LdbError as e4:
+ (enum, estr) = e4.args
if bit in invalid_bits:
self.assertEqual(enum, ldb.ERR_OTHER, "Invalid bit 0x%08X was able to be set on %s" % (bit, computername))
# No point going on, try the next bit
self.fail("Unable to set userAccountControl bit 0x%08X on %s: %s" % (bit, computername, estr))
def test_primarygroupID_cc_add(self):
- computername=self.computernames[0]
+ computername = self.computernames[0]
user_sid = self.sd_utils.get_object_sid(self.unpriv_user_dn)
mod = "(OA;;CC;bf967a86-0de6-11d0-a285-00aa003049e2;;%s)" % str(user_sid)
# When creating a new object, you can not ever set the primaryGroupID
self.add_computer_ldap(computername, others={"primaryGroupID": [str(security.DOMAIN_RID_ADMINS)]})
self.fail("Unexpectedly able to set primaryGruopID to be an admin on %s" % computername)
- except LdbError, (enum, estr):
+ except LdbError as e13:
+ (enum, estr) = e13.args
self.assertEqual(enum, ldb.ERR_UNWILLING_TO_PERFORM)
def test_primarygroupID_priv_DC_modify(self):
- computername=self.computernames[0]
+ computername = self.computernames[0]
self.add_computer_ldap(computername,
others={"userAccountControl": [str(UF_SERVER_TRUST_ACCOUNT)]},
m = ldb.Message()
m.dn = ldb.Dn(self.admin_samdb, "<SID=%s-%d>" % (str(self.domain_sid),
security.DOMAIN_RID_USERS))
- m["member"]= ldb.MessageElement(
+ m["member"] = ldb.MessageElement(
[str(res[0].dn)], ldb.FLAG_MOD_ADD,
"member")
self.admin_samdb.modify(m)
m = ldb.Message()
m.dn = res[0].dn
- m["primaryGroupID"]= ldb.MessageElement(
+ m["primaryGroupID"] = ldb.MessageElement(
[str(security.DOMAIN_RID_USERS)], ldb.FLAG_MOD_REPLACE,
"primaryGroupID")
try:
# When creating a new object, you can not ever set the primaryGroupID
self.fail("Unexpectedly able to set primaryGroupID to be other than DCS on %s" % computername)
- except LdbError, (enum, estr):
+ except LdbError as e14:
+ (enum, estr) = e14.args
self.assertEqual(enum, ldb.ERR_UNWILLING_TO_PERFORM)
def test_primarygroupID_priv_member_modify(self):
- computername=self.computernames[0]
+ computername = self.computernames[0]
self.add_computer_ldap(computername,
others={"userAccountControl": [str(UF_WORKSTATION_TRUST_ACCOUNT|UF_PARTIAL_SECRETS_ACCOUNT)]},
m = ldb.Message()
m.dn = ldb.Dn(self.admin_samdb, "<SID=%s-%d>" % (str(self.domain_sid),
security.DOMAIN_RID_USERS))
- m["member"]= ldb.MessageElement(
+ m["member"] = ldb.MessageElement(
[str(res[0].dn)], ldb.FLAG_MOD_ADD,
"member")
self.admin_samdb.modify(m)
m = ldb.Message()
m.dn = res[0].dn
- m["primaryGroupID"]= ldb.MessageElement(
+ m["primaryGroupID"] = ldb.MessageElement(
[str(security.DOMAIN_RID_USERS)], ldb.FLAG_MOD_REPLACE,
"primaryGroupID")
try:
# When creating a new object, you can not ever set the primaryGroupID
self.fail("Unexpectedly able to set primaryGroupID to be other than DCS on %s" % computername)
- except LdbError, (enum, estr):
+ except LdbError as e15:
+ (enum, estr) = e15.args
self.assertEqual(enum, ldb.ERR_UNWILLING_TO_PERFORM)
def test_primarygroupID_priv_user_modify(self):
- computername=self.computernames[0]
+ computername = self.computernames[0]
self.add_computer_ldap(computername,
others={"userAccountControl": [str(UF_WORKSTATION_TRUST_ACCOUNT)]},
m = ldb.Message()
m.dn = ldb.Dn(self.admin_samdb, "<SID=%s-%d>" % (str(self.domain_sid),
security.DOMAIN_RID_ADMINS))
- m["member"]= ldb.MessageElement(
+ m["member"] = ldb.MessageElement(
[str(res[0].dn)], ldb.FLAG_MOD_ADD,
"member")
self.admin_samdb.modify(m)
m = ldb.Message()
m.dn = res[0].dn
- m["primaryGroupID"]= ldb.MessageElement(
+ m["primaryGroupID"] = ldb.MessageElement(
[str(security.DOMAIN_RID_ADMINS)], ldb.FLAG_MOD_REPLACE,
"primaryGroupID")
self.admin_samdb.modify(m)