The branch, v3-5-test has been updated
via 6972bf2... s4-smbtorture: Make it simpler to specify number of
trusted domains to create in RPC-LSA-TRUSTED-DOMAINS.
via 23d93c7... s3-lsa: Fix _lsa_EnumTrustDom().
via 157f377... s3-pdb_ldap: fix crash bug in
ldapsam_set_trusteddom_pw().
via db628ea... s3-lsa: Fix _lsa_CreateAccount() for usage of
SEC_FLAG_MAXIMUM_ALLOWED.
via 74c50fb... s3-selftest: enable RPC-LSA-PRIVILEGES against Samba 3.
via 1c34c07... s4-smbtorture: Fix wrong comment in
RPC-LSA-TRUSTED-DOMAIN test.
via 42b21db... s4-smbtorture: split out EnumTrustedDomainsEx test in
RPC-LSA-TRUSTED-DOMAINS.
via f22f21c... s3-lsa: Allow to lookup 'NT AUTHORITY\Anonymous Logon'
as well.
via f59b0c9... s3-lsa: allow to lookup BUILTIN\ in lsa_LookupNames.
via 6e954e8... s3-lsa: When looking up domains in LookupNames, do not
strip the sid.
via 2d09c8f... s3-lsa: allow to have NULL strings in lsa LookupName
queries.
via 0bf4f0b... s4-smbtorture: add stricter tests for LSA-LOOKUPNAMES
replies.
via ae0ae7b... s4-smbtorture: move all LookupNames tests into
RPC-LSA-LOOKUPNAMES.
via a63fb15... wbinfo: use wbcLookupDomainControllerEx for wbinfo
--dsgetdcname.
via f5a5c26... libwbclient: fix wbcLookupDomainController().
via 95aab55... s4-smbtorture: test wbcLookupDomainController{Ex} in
WINBIND-WBCLIENT.
via e01b09b... gitignore: remove old netlogon prototypes.
from 4d5f14b... s3:configure: add support for Solaris' ld -z ignore
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test
- Log -----------------------------------------------------------------
commit 6972bf282c752581257119a847e821090c5b80de
Author: Günther Deschner <g...@samba.org>
Date: Tue Oct 20 18:34:09 2009 +0200
s4-smbtorture: Make it simpler to specify number of trusted domains to
create in
RPC-LSA-TRUSTED-DOMAINS.
Guenther
(cherry picked from commit 9ee5d8466513a957128fcf511529fcd76fa3f05b)
commit 23d93c7e34a2de576c0233dfdb2119087fc34645
Author: Günther Deschner <g...@samba.org>
Date: Tue Oct 20 18:35:49 2009 +0200
s3-lsa: Fix _lsa_EnumTrustDom().
Windows clients were showing a lot of duplicates in their list of trusted
domains.
Found by RPC-LSA-TRUSTED-DOMAIN torture test.
Guenther
(cherry picked from commit 49a13234957ad241e6457bbf0edc15875321f03f)
commit 157f377eba415b97edc23657ba4db305d9e16cc3
Author: Günther Deschner <g...@samba.org>
Date: Tue Oct 20 18:35:16 2009 +0200
s3-pdb_ldap: fix crash bug in ldapsam_set_trusteddom_pw().
Thanks Volker for the hint.
Guenther
(cherry picked from commit d168d7fe3c7ec4b90cd526c4ea02e972ffac7835)
commit db628ea5dcd44e721ab55fe69ab99012548b6ac5
Author: Günther Deschner <g...@samba.org>
Date: Tue Oct 20 15:54:40 2009 +0200
s3-lsa: Fix _lsa_CreateAccount() for usage of SEC_FLAG_MAXIMUM_ALLOWED.
Found by RPC-LSA-PRIVILEGES torture test.
Guenther
(cherry picked from commit a5a7b9ebc220b6477c987fe5552561c41e9d1b85)
commit 74c50fbd70d85a5cf124866d4095cff54debd10a
Author: Günther Deschner <g...@samba.org>
Date: Thu Jul 16 18:46:10 2009 +0200
s3-selftest: enable RPC-LSA-PRIVILEGES against Samba 3.
Guenther
(cherry picked from commit 870f2d336a57f16ed5f1018ced6fa4ef5d61539c)
commit 1c34c07a843e64eb00715f75de911ff2c10619f7
Author: Günther Deschner <g...@samba.org>
Date: Tue Oct 20 15:09:32 2009 +0200
s4-smbtorture: Fix wrong comment in RPC-LSA-TRUSTED-DOMAIN test.
Guenther
(cherry picked from commit 7e180101d3a460d30da7b5043034ef306913b2d1)
commit 42b21db724de27f27ec039064a467dfe6311c5c3
Author: Günther Deschner <g...@samba.org>
Date: Tue Oct 20 12:59:49 2009 +0200
s4-smbtorture: split out EnumTrustedDomainsEx test in
RPC-LSA-TRUSTED-DOMAINS.
Guenther
(cherry picked from commit bf2746b537484a51b55a3000e4c34d08bd5aff7a)
commit f22f21cea39e90ddf08edd3bd12c127aa176a271
Author: Günther Deschner <g...@samba.org>
Date: Tue Oct 20 15:15:06 2009 +0200
s3-lsa: Allow to lookup 'NT AUTHORITY\Anonymous Logon' as well.
This is to finally pass RPC-LSA-LOOKUPNAMES test.
Guenther
(cherry picked from commit c7023c5a3dc1644e9b8ae667f7f9d6d1dfe49bb1)
commit f59b0c9d38e2e64ed880015e3250bdd519c34afe
Author: Günther Deschner <g...@samba.org>
Date: Tue Oct 20 15:13:56 2009 +0200
s3-lsa: allow to lookup BUILTIN\ in lsa_LookupNames.
Found by RPC-LSA-LOOKUPNAMES torture test.
Guenther
(cherry picked from commit 1f4d26c4870989c5a0aba773c97172f0c0185aba)
commit 6e954e87bd6af7e3c3cf8802edfd9808226691ea
Author: Günther Deschner <g...@samba.org>
Date: Tue Oct 20 15:12:58 2009 +0200
s3-lsa: When looking up domains in LookupNames, do not strip the sid.
Found by RPC-LSA-LOOKUPNAMES torture test.
Guenther
(cherry picked from commit 18dd62616028cf202f63a12c20d5e21e390451b6)
commit 2d09c8f5dfa489767ee980696b32c30e222b07d6
Author: Günther Deschner <g...@samba.org>
Date: Tue Oct 20 15:11:58 2009 +0200
s3-lsa: allow to have NULL strings in lsa LookupName queries.
Found by RPC-LSA-LOOKUPNAMES torture test.
Guenther
(cherry picked from commit b6d97a00b13fc338f6fef3c5587619821d86194c)
commit 0bf4f0bfecc6ec06187aafaabc0fbace4de3fddc
Author: Günther Deschner <g...@samba.org>
Date: Tue Oct 20 15:00:55 2009 +0200
s4-smbtorture: add stricter tests for LSA-LOOKUPNAMES replies.
Guenther
(cherry picked from commit d76e77ce9a72543727ff83eacbefed22f0c644b9)
commit ae0ae7b46beb5aa38e94f36a5d238fef2256131c
Author: Günther Deschner <g...@samba.org>
Date: Thu Jul 16 00:52:28 2009 +0200
s4-smbtorture: move all LookupNames tests into RPC-LSA-LOOKUPNAMES.
Guenther
(cherry picked from commit 80b512fe03e692f630375c39f84ae9f91f5b333a)
commit a63fb1555646dbfbcc993fc298aa4b51bee77eed
Author: Günther Deschner <g...@samba.org>
Date: Mon Oct 19 16:54:37 2009 +0200
wbinfo: use wbcLookupDomainControllerEx for wbinfo --dsgetdcname.
Guenther
(cherry picked from commit 10bd52184959335d779aae52f9178c0441c70da9)
commit f5a5c2613bd7ff64cb86fdb9e508d243033a32c8
Author: Günther Deschner <g...@samba.org>
Date: Mon Oct 19 16:55:15 2009 +0200
libwbclient: fix wbcLookupDomainController().
Found by WINBIND-WBCLIENT torture test.
Guenther
(cherry picked from commit 110a40d4bc043d2bb2316480e6ba66ece1bf04ad)
commit 95aab5556b1bd7eda726e908302fb51f49da3717
Author: Günther Deschner <g...@samba.org>
Date: Fri Oct 16 13:39:24 2009 +0200
s4-smbtorture: test wbcLookupDomainController{Ex} in WINBIND-WBCLIENT.
Guenther
(cherry picked from commit 71cfbf958cbb26dcc050bab9fd05b38556128d4f)
commit e01b09b6f71ac9f5f7a03eaba4eb6692c7c0c17f
Author: Günther Deschner <g...@samba.org>
Date: Mon Oct 19 18:41:15 2009 +0200
gitignore: remove old netlogon prototypes.
Guenther
(cherry picked from commit dbd03997e1af1e659507b1142f29d0463e8ad295)
-----------------------------------------------------------------------
Summary of changes:
.gitignore | 2 -
nsswitch/libwbclient/tests/wbclient.c | 37 ++++++++++
nsswitch/libwbclient/wbc_util.c | 5 +-
nsswitch/wbinfo.c | 43 +++++-------
source3/passdb/lookup_sid.c | 8 ++
source3/passdb/pdb_ldap.c | 4 +-
source3/passdb/util_wellknown.c | 1 +
source3/rpc_server/srv_lsa_nt.c | 82 +++++++++++------------
source3/script/tests/test_posix_s3.sh | 1 +
source4/torture/rpc/lsa.c | 119 ++++++++++++++++++++++++--------
10 files changed, 198 insertions(+), 104 deletions(-)
Changeset truncated at 500 lines:
diff --git a/.gitignore b/.gitignore
index 43f7846..4b88d4b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -192,8 +192,6 @@ source4/libcli/libcli_proto.h
libcli/nbt/nbtname.h
libcli/smb/smb_common_proto.h
source4/libcli/nbt/nbt_proto.h
-source4/libcli/ndr_netlogon_proto.h
-source4/libcli/netlogon_proto.h
source4/libcli/raw/raw_proto.h
source4/libcli/resolve/lp_proto.h
source4/libcli/resolve/proto.h
diff --git a/nsswitch/libwbclient/tests/wbclient.c
b/nsswitch/libwbclient/tests/wbclient.c
index 5a55a43..23fad63 100644
--- a/nsswitch/libwbclient/tests/wbclient.c
+++ b/nsswitch/libwbclient/tests/wbclient.c
@@ -268,6 +268,41 @@ static bool test_wbc_trusts(struct torture_context *tctx)
return true;
}
+static bool test_wbc_lookupdc(struct torture_context *tctx)
+{
+ const char *domain_name = NULL;
+ struct wbcInterfaceDetails *details;
+ struct wbcDomainControllerInfo *dc_info;
+
+ torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details),
+ "wbcInterfaceDetails failed");
+
+ domain_name = talloc_strdup(tctx, details->netbios_domain);
+ wbcFreeMemory(details);
+
+ torture_assert_wbc_ok(tctx, wbcLookupDomainController(domain_name, 0,
&dc_info),
+ "wbcLookupDomainController failed");
+
+ return true;
+}
+
+static bool test_wbc_lookupdcex(struct torture_context *tctx)
+{
+ const char *domain_name = NULL;
+ struct wbcInterfaceDetails *details;
+ struct wbcDomainControllerInfoEx *dc_info;
+
+ torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details),
+ "wbcInterfaceDetails failed");
+
+ domain_name = talloc_strdup(tctx, details->netbios_domain);
+ wbcFreeMemory(details);
+
+ torture_assert_wbc_ok(tctx, wbcLookupDomainControllerEx(domain_name,
NULL, NULL, 0, &dc_info),
+ "wbcLookupDomainControllerEx failed");
+
+ return true;
+}
struct torture_suite *torture_wbclient(void)
@@ -284,6 +319,8 @@ struct torture_suite *torture_wbclient(void)
torture_suite_add_simple_test(suite, "wbcListUsers", test_wbc_users);
torture_suite_add_simple_test(suite, "wbcListGroups", test_wbc_groups);
torture_suite_add_simple_test(suite, "wbcListTrusts", test_wbc_trusts);
+ torture_suite_add_simple_test(suite, "wbcLookupDomainController",
test_wbc_lookupdc);
+ torture_suite_add_simple_test(suite, "wbcLookupDomainControllerEx",
test_wbc_lookupdcex);
return suite;
}
diff --git a/nsswitch/libwbclient/wbc_util.c b/nsswitch/libwbclient/wbc_util.c
index 24b5922..16828ae 100644
--- a/nsswitch/libwbclient/wbc_util.c
+++ b/nsswitch/libwbclient/wbc_util.c
@@ -486,7 +486,8 @@ wbcErr wbcLookupDomainController(const char *domain,
ZERO_STRUCT(request);
ZERO_STRUCT(response);
- strncpy(request.domain_name, domain, sizeof(request.domain_name)-1);
+ strncpy(request.data.dsgetdcname.domain_name, domain,
+ sizeof(request.data.dsgetdcname.domain_name)-1);
request.flags = flags;
@@ -500,7 +501,7 @@ wbcErr wbcLookupDomainController(const char *domain,
&response);
BAIL_ON_WBC_ERROR(wbc_status);
- dc->dc_name = talloc_strdup(dc, response.data.dc_name);
+ dc->dc_name = talloc_strdup(dc, response.data.dsgetdcname.dc_unc);
BAIL_ON_PTR_ERROR(dc->dc_name, wbc_status);
*dc_info = dc;
diff --git a/nsswitch/wbinfo.c b/nsswitch/wbinfo.c
index 219ec24..d3d9250 100644
--- a/nsswitch/wbinfo.c
+++ b/nsswitch/wbinfo.c
@@ -688,36 +688,29 @@ static bool wbinfo_getdcname(const char *domain_name)
/* Find a DC */
static bool wbinfo_dsgetdcname(const char *domain_name, uint32_t flags)
{
- struct winbindd_request request;
- struct winbindd_response response;
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- fstrcpy(request.data.dsgetdcname.domain_name, domain_name);
- request.data.dsgetdcname.flags = flags;
-
- request.flags |= DS_DIRECTORY_SERVICE_REQUIRED;
-
- /* Send request */
+ wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+ struct wbcDomainControllerInfoEx *dc_info;
+ char *str = NULL;
- if (winbindd_request_response(WINBINDD_DSGETDCNAME, &request,
- &response) != NSS_STATUS_SUCCESS) {
- d_fprintf(stderr, "Could not find dc for %s\n", domain_name);
+ wbc_status = wbcLookupDomainControllerEx(domain_name, NULL, NULL,
+ flags |
DS_DIRECTORY_SERVICE_REQUIRED,
+ &dc_info);
+ if (!WBC_ERROR_IS_OK(wbc_status)) {
+ printf("Could not find dc for %s\n", domain_name);
return false;
}
- /* Display response */
+ wbcGuidToString(dc_info->domain_guid, &str);
- d_printf("%s\n", response.data.dsgetdcname.dc_unc);
- d_printf("%s\n", response.data.dsgetdcname.dc_address);
- d_printf("%d\n", response.data.dsgetdcname.dc_address_type);
- d_printf("%s\n", response.data.dsgetdcname.domain_guid);
- d_printf("%s\n", response.data.dsgetdcname.domain_name);
- d_printf("%s\n", response.data.dsgetdcname.forest_name);
- d_printf("0x%08x\n", response.data.dsgetdcname.dc_flags);
- d_printf("%s\n", response.data.dsgetdcname.dc_site_name);
- d_printf("%s\n", response.data.dsgetdcname.client_site_name);
+ d_printf("%s\n", dc_info->dc_unc);
+ d_printf("%s\n", dc_info->dc_address);
+ d_printf("%d\n", dc_info->dc_address_type);
+ d_printf("%s\n", str);
+ d_printf("%s\n", dc_info->domain_name);
+ d_printf("%s\n", dc_info->forest_name);
+ d_printf("0x%08x\n", dc_info->dc_flags);
+ d_printf("%s\n", dc_info->dc_site_name);
+ d_printf("%s\n", dc_info->client_site_name);
return true;
}
diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
index 4f8d6a4..1fcd94c 100644
--- a/source3/passdb/lookup_sid.c
+++ b/source3/passdb/lookup_sid.c
@@ -86,6 +86,14 @@ bool lookup_name(TALLOC_CTX *mem_ctx,
if ((flags & LOOKUP_NAME_BUILTIN) &&
strequal(domain, builtin_domain_name()))
{
+ if (strlen(name) == 0) {
+ /* Swap domain and name */
+ tmp = name; name = domain; domain = tmp;
+ sid_copy(&sid, &global_sid_Builtin);
+ type = SID_NAME_DOMAIN;
+ goto ok;
+ }
+
/* Explicit request for a name in BUILTIN */
if (lookup_builtin_name(name, &rid)) {
sid_copy(&sid, &global_sid_Builtin);
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index 2c8d051..c464a88 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -6013,8 +6013,6 @@ static bool ldapsam_set_trusteddom_pw(struct pdb_methods
*methods,
smbldap_make_mod(priv2ld(ldap_state), entry, &mods,
"sambaClearTextPassword", pwd);
- talloc_autofree_ldapmod(talloc_tos(), mods);
-
if (entry != NULL) {
prev_pwd = smbldap_talloc_single_attribute(priv2ld(ldap_state),
entry, "sambaClearTextPassword", talloc_tos());
@@ -6025,6 +6023,8 @@ static bool ldapsam_set_trusteddom_pw(struct pdb_methods
*methods,
}
}
+ talloc_autofree_ldapmod(talloc_tos(), mods);
+
trusted_dn = trusteddom_dn(ldap_state, domain);
if (trusted_dn == NULL) {
return False;
diff --git a/source3/passdb/util_wellknown.c b/source3/passdb/util_wellknown.c
index 3a30ab0..2af68b7 100644
--- a/source3/passdb/util_wellknown.c
+++ b/source3/passdb/util_wellknown.c
@@ -50,6 +50,7 @@ static const struct rid_name_map nt_authority_users[] = {
{ 4, "Interactive"},
{ 6, "Service"},
{ 7, "AnonymousLogon"},
+ { 7, "Anonymous Logon"},
{ 8, "Proxy"},
{ 9, "ServerLogon"},
{ 10, "Self"},
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index cc5d23c..eafbd51 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -161,7 +161,10 @@ static NTSTATUS lookup_lsa_rids(TALLOC_CTX *mem_ctx,
full_name = name[i].string;
if (full_name == NULL) {
- return NT_STATUS_NO_MEMORY;
+ prid[i].sid_type = type;
+ prid[i].rid = 0;
+ prid[i].sid_index = (uint32_t)-1;
+ continue;
}
DEBUG(5, ("lookup_lsa_rids: looking up name %s\n", full_name));
@@ -192,7 +195,11 @@ static NTSTATUS lookup_lsa_rids(TALLOC_CTX *mem_ctx,
dom_idx = -1;
if (type != SID_NAME_UNKNOWN) {
- sid_split_rid(&sid, &rid);
+ if (type == SID_NAME_DOMAIN) {
+ rid = (uint32_t)-1;
+ } else {
+ sid_split_rid(&sid, &rid);
+ }
dom_idx = init_lsa_ref_domain_list(mem_ctx, ref,
domain, &sid);
mapped_count++;
}
@@ -415,22 +422,11 @@ NTSTATUS _lsa_EnumTrustDom(pipes_struct *p,
struct lsa_EnumTrustDom *r)
{
struct lsa_info *info;
- uint32 next_idx;
+ uint32_t count;
struct trustdom_info **domains;
- struct lsa_DomainInfo *lsa_domains = NULL;
+ struct lsa_DomainInfo *entries;
int i;
-
- /*
- * preferred length is set to 5 as a "our" preferred length
- * nt sets this parameter to 2
- * update (20.08.2002): it's not preferred length, but preferred size!
- * it needs further investigation how to optimally choose this value
- */
- uint32 max_num_domains =
- r->in.max_size < 5 ? r->in.max_size : 10;
- uint32 num_domains;
NTSTATUS nt_status;
- uint32 num_thistime;
if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info))
return NT_STATUS_INVALID_HANDLE;
@@ -444,48 +440,43 @@ NTSTATUS _lsa_EnumTrustDom(pipes_struct *p,
return NT_STATUS_ACCESS_DENIED;
become_root();
- nt_status = pdb_enum_trusteddoms(p->mem_ctx, &num_domains, &domains);
+ nt_status = pdb_enum_trusteddoms(p->mem_ctx, &count, &domains);
unbecome_root();
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
- if (*r->in.resume_handle < num_domains) {
- num_thistime = MIN(num_domains, max_num_domains);
-
- nt_status = STATUS_MORE_ENTRIES;
+ entries = TALLOC_ZERO_ARRAY(p->mem_ctx, struct lsa_DomainInfo, count);
+ if (!entries) {
+ return NT_STATUS_NO_MEMORY;
+ }
- if (*r->in.resume_handle + num_thistime > num_domains) {
- num_thistime = num_domains - *r->in.resume_handle;
- nt_status = NT_STATUS_OK;
- }
+ for (i=0; i<count; i++) {
+ init_lsa_StringLarge(&entries[i].name, domains[i]->name);
+ entries[i].sid = &domains[i]->sid;
+ }
- next_idx = *r->in.resume_handle + num_thistime;
- } else {
- num_thistime = 0;
- next_idx = 0xffffffff;
- nt_status = NT_STATUS_NO_MORE_ENTRIES;
+ if (*r->in.resume_handle >= count) {
+ *r->out.resume_handle = -1;
+ TALLOC_FREE(entries);
+ return NT_STATUS_NO_MORE_ENTRIES;
}
- /* set up the lsa_enum_trust_dom response */
+ /* return the rest, limit by max_size. Note that we
+ use the w2k3 element size value of 60 */
+ r->out.domains->count = count - *r->in.resume_handle;
+ r->out.domains->count = MIN(r->out.domains->count,
+
1+(r->in.max_size/LSA_ENUM_TRUST_DOMAIN_MULTIPLIER));
- lsa_domains = TALLOC_ZERO_ARRAY(p->mem_ctx, struct lsa_DomainInfo,
- num_thistime);
- if (!lsa_domains) {
- return NT_STATUS_NO_MEMORY;
- }
+ r->out.domains->domains = entries + *r->in.resume_handle;
- for (i=0; i<num_thistime; i++) {
- init_lsa_StringLarge(&lsa_domains[i].name, domains[i]->name);
- lsa_domains[i].sid = &domains[i]->sid;
+ if (r->out.domains->count < count - *r->in.resume_handle) {
+ *r->out.resume_handle = *r->in.resume_handle +
r->out.domains->count;
+ return STATUS_MORE_ENTRIES;
}
- *r->out.resume_handle = next_idx;
- r->out.domains->count = num_thistime;
- r->out.domains->domains = lsa_domains;
-
- return nt_status;
+ return NT_STATUS_OK;
}
#define LSA_AUDIT_NUM_CATEGORIES_NT4 7
@@ -1658,6 +1649,11 @@ NTSTATUS _lsa_CreateAccount(pipes_struct *p,
return NT_STATUS_ACCESS_DENIED;
}
+ /* Work out max allowed. */
+ map_max_allowed_access(p->server_info->ptok,
+ &p->server_info->utok,
+ &r->in.access_mask);
+
/* map the generic bits to the lsa policy ones */
se_map_generic(&r->in.access_mask, &lsa_account_mapping);
diff --git a/source3/script/tests/test_posix_s3.sh
b/source3/script/tests/test_posix_s3.sh
index cfa6d5a..eaae813 100755
--- a/source3/script/tests/test_posix_s3.sh
+++ b/source3/script/tests/test_posix_s3.sh
@@ -42,6 +42,7 @@ rpc="$rpc RPC-SAMBA3-SPOOLSS RPC-SAMBA3-WKSSVC"
rpc="$rpc RPC-NETLOGSAMBA3 RPC-SAMBA3SESSIONKEY RPC-SAMBA3-GETUSERNAME"
rpc="$rpc RPC-SVCCTL RPC-SPOOLSS RPC-SPOOLSS-WIN RPC-NTSVCS"
rpc="$rpc RPC-LSA-GETUSER RPC-LSA-LOOKUPSIDS RPC-LSA-LOOKUPNAMES"
+rpc="$rpc RPC-LSA-PRIVILEGES "
rpc="$rpc RPC-SAMR RPC-SAMR-USERS RPC-SAMR-USERS-PRIVILEGES RPC-SAMR-PASSWORDS"
rpc="$rpc RPC-SAMR-PASSWORDS-PWDLASTSET RPC-SAMR-LARGE-DC
RPC-SAMR-MACHINE-AUTH"
rpc="$rpc RPC-NETLOGON-S3 RPC-SCHANNEL RPC-SCHANNEL2 RPC-BENCH-SCHANNEL1
RPC-JOIN"
diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c
index e4234c7..e4a6a84 100644
--- a/source4/torture/rpc/lsa.c
+++ b/source4/torture/rpc/lsa.c
@@ -202,12 +202,22 @@ static bool test_LookupNames(struct dcerpc_pipe *p,
}
for (i=0;i< tnames->count;i++) {
- if (i < count && sids.sids[i].sid_type !=
tnames->names[i].sid_type) {
- torture_comment(tctx, "LookupName of %s got unexpected
name type: %s\n",
- tnames->names[i].name.string,
sid_type_lookup(sids.sids[i].sid_type));
+ if (i < count) {
+ if (sids.sids[i].sid_type != tnames->names[i].sid_type)
{
+ torture_comment(tctx, "LookupName of %s got
unexpected name type: %s\n",
+ tnames->names[i].name.string,
sid_type_lookup(sids.sids[i].sid_type));
+ return false;
+ }
+ if ((sids.sids[i].sid_type == SID_NAME_DOMAIN) &&
+ (sids.sids[i].rid != (uint32_t)-1)) {
+ torture_comment(tctx, "LookupName of %s got
unexpected rid: %d\n",
+ tnames->names[i].name.string,
sids.sids[i].rid);
+ return false;
+ }
} else if (i >=count) {
torture_comment(tctx, "LookupName of %s failed to
return a result\n",
tnames->names[i].name.string);
+ return false;
}
}
torture_comment(tctx, "\n");
@@ -1985,11 +1995,9 @@ static bool test_EnumTrustDom(struct dcerpc_pipe *p,
struct policy_handle *handle)
{
struct lsa_EnumTrustDom r;
- struct lsa_EnumTrustedDomainsEx r_ex;
NTSTATUS enum_status;
uint32_t resume_handle = 0;
struct lsa_DomainList domains;
- struct lsa_DomainListEx domains_ex;
bool ret = true;
torture_comment(tctx, "\nTesting EnumTrustDom\n");
@@ -2054,6 +2062,19 @@ static bool test_EnumTrustDom(struct dcerpc_pipe *p,
} while ((NT_STATUS_EQUAL(enum_status, STATUS_MORE_ENTRIES)));
+ return ret;
+}
+
+static bool test_EnumTrustDomEx(struct dcerpc_pipe *p,
+ struct torture_context *tctx,
+ struct policy_handle *handle)
+{
+ struct lsa_EnumTrustedDomainsEx r_ex;
+ NTSTATUS enum_status;
+ uint32_t resume_handle = 0;
+ struct lsa_DomainListEx domains_ex;
+ bool ret = true;
+
torture_comment(tctx, "\nTesting EnumTrustedDomainsEx\n");
r_ex.in.handle = handle;
@@ -2113,27 +2134,36 @@ static bool test_EnumTrustDom(struct dcerpc_pipe *p,
return ret;
}
+
static bool test_CreateTrustedDomain(struct dcerpc_pipe *p,
struct torture_context *tctx,
- struct policy_handle *handle)
+ struct policy_handle *handle,
+ uint32_t num_trusts)
{
NTSTATUS status;
bool ret = true;
struct lsa_CreateTrustedDomain r;
struct lsa_DomainInfo trustinfo;
- struct dom_sid *domsid[12];
- struct policy_handle trustdom_handle[12];
+ struct dom_sid **domsid;
+ struct policy_handle *trustdom_handle;
struct lsa_QueryTrustedDomainInfo q;
union lsa_TrustedDomainInfo *info = NULL;
int i;
- torture_comment(tctx, "\nTesting CreateTrustedDomain for 12 domains\n");
+ torture_comment(tctx, "\nTesting CreateTrustedDomain for %d domains\n",
num_trusts);
if (!test_EnumTrustDom(p, tctx, handle)) {
ret = false;
}
- for (i=0; i< 12; i++) {
+ if (!test_EnumTrustDomEx(p, tctx, handle)) {
+ ret = false;
+ }
+
+ domsid = talloc_array(tctx, struct dom_sid *, num_trusts);
+ trustdom_handle = talloc_array(tctx, struct policy_handle, num_trusts);
+
+ for (i=0; i< num_trusts; i++) {
char *trust_name = talloc_asprintf(tctx, "torturedom%02d", i);
char *trust_sid = talloc_asprintf(tctx,
"S-1-5-21-97398-379795-100%02d", i);
@@ -2162,7 +2192,7 @@ static bool test_CreateTrustedDomain(struct dcerpc_pipe
*p,
q.out.info = &info;
status = dcerpc_lsa_QueryTrustedDomainInfo(p, tctx, &q);
if (!NT_STATUS_IS_OK(status)) {
- torture_comment(tctx, "QueryTrustedDomainInfo
level 1 failed - %s\n", nt_errstr(status));
+ torture_comment(tctx, "QueryTrustedDomainInfo
level %d failed - %s\n", q.in.level, nt_errstr(status));
ret = false;
} else if (!q.out.info) {
ret = false;
@@ -2196,7 +2226,11 @@ static bool test_CreateTrustedDomain(struct dcerpc_pipe
*p,
ret = false;
}
- for (i=0; i<12; i++) {
+ if (!test_EnumTrustDomEx(p, tctx, handle)) {
+ ret = false;
+ }
+
+ for (i=0; i<num_trusts; i++) {
if (!test_DeleteTrustedDomainBySid(p, tctx, handle, domsid[i]))
{
ret = false;
}
@@ -2207,7 +2241,8 @@ static bool test_CreateTrustedDomain(struct dcerpc_pipe
*p,
static bool test_CreateTrustedDomainEx2(struct dcerpc_pipe *p,
struct torture_context *tctx,
- struct policy_handle *handle)
+ struct policy_handle *handle,
+ uint32_t num_trusts)
{
NTSTATUS status;
bool ret = true;
@@ -2216,15 +2251,18 @@ static bool test_CreateTrustedDomainEx2(struct
dcerpc_pipe *p,
struct lsa_TrustDomainInfoAuthInfoInternal authinfo;
struct trustDomainPasswords auth_struct;
DATA_BLOB auth_blob;
- struct dom_sid *domsid[12];
- struct policy_handle trustdom_handle[12];
+ struct dom_sid **domsid;
+ struct policy_handle *trustdom_handle;
struct lsa_QueryTrustedDomainInfo q;
union lsa_TrustedDomainInfo *info = NULL;
DATA_BLOB session_key;
--
Samba Shared Repository
