The branch, v3-5-test has been updated via 6972bf2... s4-smbtorture: Make it simpler to specify number of trusted domains to create in RPC-LSA-TRUSTED-DOMAINS. via 23d93c7... s3-lsa: Fix _lsa_EnumTrustDom(). via 157f377... s3-pdb_ldap: fix crash bug in ldapsam_set_trusteddom_pw(). via db628ea... s3-lsa: Fix _lsa_CreateAccount() for usage of SEC_FLAG_MAXIMUM_ALLOWED. via 74c50fb... s3-selftest: enable RPC-LSA-PRIVILEGES against Samba 3. via 1c34c07... s4-smbtorture: Fix wrong comment in RPC-LSA-TRUSTED-DOMAIN test. via 42b21db... s4-smbtorture: split out EnumTrustedDomainsEx test in RPC-LSA-TRUSTED-DOMAINS. via f22f21c... s3-lsa: Allow to lookup 'NT AUTHORITY\Anonymous Logon' as well. via f59b0c9... s3-lsa: allow to lookup BUILTIN\ in lsa_LookupNames. via 6e954e8... s3-lsa: When looking up domains in LookupNames, do not strip the sid. via 2d09c8f... s3-lsa: allow to have NULL strings in lsa LookupName queries. via 0bf4f0b... s4-smbtorture: add stricter tests for LSA-LOOKUPNAMES replies. via ae0ae7b... s4-smbtorture: move all LookupNames tests into RPC-LSA-LOOKUPNAMES. via a63fb15... wbinfo: use wbcLookupDomainControllerEx for wbinfo --dsgetdcname. via f5a5c26... libwbclient: fix wbcLookupDomainController(). via 95aab55... s4-smbtorture: test wbcLookupDomainController{Ex} in WINBIND-WBCLIENT. via e01b09b... gitignore: remove old netlogon prototypes. from 4d5f14b... s3:configure: add support for Solaris' ld -z ignore
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log ----------------------------------------------------------------- commit 6972bf282c752581257119a847e821090c5b80de Author: Günther Deschner <g...@samba.org> Date: Tue Oct 20 18:34:09 2009 +0200 s4-smbtorture: Make it simpler to specify number of trusted domains to create in RPC-LSA-TRUSTED-DOMAINS. Guenther (cherry picked from commit 9ee5d8466513a957128fcf511529fcd76fa3f05b) commit 23d93c7e34a2de576c0233dfdb2119087fc34645 Author: Günther Deschner <g...@samba.org> Date: Tue Oct 20 18:35:49 2009 +0200 s3-lsa: Fix _lsa_EnumTrustDom(). Windows clients were showing a lot of duplicates in their list of trusted domains. Found by RPC-LSA-TRUSTED-DOMAIN torture test. Guenther (cherry picked from commit 49a13234957ad241e6457bbf0edc15875321f03f) commit 157f377eba415b97edc23657ba4db305d9e16cc3 Author: Günther Deschner <g...@samba.org> Date: Tue Oct 20 18:35:16 2009 +0200 s3-pdb_ldap: fix crash bug in ldapsam_set_trusteddom_pw(). Thanks Volker for the hint. Guenther (cherry picked from commit d168d7fe3c7ec4b90cd526c4ea02e972ffac7835) commit db628ea5dcd44e721ab55fe69ab99012548b6ac5 Author: Günther Deschner <g...@samba.org> Date: Tue Oct 20 15:54:40 2009 +0200 s3-lsa: Fix _lsa_CreateAccount() for usage of SEC_FLAG_MAXIMUM_ALLOWED. Found by RPC-LSA-PRIVILEGES torture test. Guenther (cherry picked from commit a5a7b9ebc220b6477c987fe5552561c41e9d1b85) commit 74c50fbd70d85a5cf124866d4095cff54debd10a Author: Günther Deschner <g...@samba.org> Date: Thu Jul 16 18:46:10 2009 +0200 s3-selftest: enable RPC-LSA-PRIVILEGES against Samba 3. Guenther (cherry picked from commit 870f2d336a57f16ed5f1018ced6fa4ef5d61539c) commit 1c34c07a843e64eb00715f75de911ff2c10619f7 Author: Günther Deschner <g...@samba.org> Date: Tue Oct 20 15:09:32 2009 +0200 s4-smbtorture: Fix wrong comment in RPC-LSA-TRUSTED-DOMAIN test. Guenther (cherry picked from commit 7e180101d3a460d30da7b5043034ef306913b2d1) commit 42b21db724de27f27ec039064a467dfe6311c5c3 Author: Günther Deschner <g...@samba.org> Date: Tue Oct 20 12:59:49 2009 +0200 s4-smbtorture: split out EnumTrustedDomainsEx test in RPC-LSA-TRUSTED-DOMAINS. Guenther (cherry picked from commit bf2746b537484a51b55a3000e4c34d08bd5aff7a) commit f22f21cea39e90ddf08edd3bd12c127aa176a271 Author: Günther Deschner <g...@samba.org> Date: Tue Oct 20 15:15:06 2009 +0200 s3-lsa: Allow to lookup 'NT AUTHORITY\Anonymous Logon' as well. This is to finally pass RPC-LSA-LOOKUPNAMES test. Guenther (cherry picked from commit c7023c5a3dc1644e9b8ae667f7f9d6d1dfe49bb1) commit f59b0c9d38e2e64ed880015e3250bdd519c34afe Author: Günther Deschner <g...@samba.org> Date: Tue Oct 20 15:13:56 2009 +0200 s3-lsa: allow to lookup BUILTIN\ in lsa_LookupNames. Found by RPC-LSA-LOOKUPNAMES torture test. Guenther (cherry picked from commit 1f4d26c4870989c5a0aba773c97172f0c0185aba) commit 6e954e87bd6af7e3c3cf8802edfd9808226691ea Author: Günther Deschner <g...@samba.org> Date: Tue Oct 20 15:12:58 2009 +0200 s3-lsa: When looking up domains in LookupNames, do not strip the sid. Found by RPC-LSA-LOOKUPNAMES torture test. Guenther (cherry picked from commit 18dd62616028cf202f63a12c20d5e21e390451b6) commit 2d09c8f5dfa489767ee980696b32c30e222b07d6 Author: Günther Deschner <g...@samba.org> Date: Tue Oct 20 15:11:58 2009 +0200 s3-lsa: allow to have NULL strings in lsa LookupName queries. Found by RPC-LSA-LOOKUPNAMES torture test. Guenther (cherry picked from commit b6d97a00b13fc338f6fef3c5587619821d86194c) commit 0bf4f0bfecc6ec06187aafaabc0fbace4de3fddc Author: Günther Deschner <g...@samba.org> Date: Tue Oct 20 15:00:55 2009 +0200 s4-smbtorture: add stricter tests for LSA-LOOKUPNAMES replies. Guenther (cherry picked from commit d76e77ce9a72543727ff83eacbefed22f0c644b9) commit ae0ae7b46beb5aa38e94f36a5d238fef2256131c Author: Günther Deschner <g...@samba.org> Date: Thu Jul 16 00:52:28 2009 +0200 s4-smbtorture: move all LookupNames tests into RPC-LSA-LOOKUPNAMES. Guenther (cherry picked from commit 80b512fe03e692f630375c39f84ae9f91f5b333a) commit a63fb1555646dbfbcc993fc298aa4b51bee77eed Author: Günther Deschner <g...@samba.org> Date: Mon Oct 19 16:54:37 2009 +0200 wbinfo: use wbcLookupDomainControllerEx for wbinfo --dsgetdcname. Guenther (cherry picked from commit 10bd52184959335d779aae52f9178c0441c70da9) commit f5a5c2613bd7ff64cb86fdb9e508d243033a32c8 Author: Günther Deschner <g...@samba.org> Date: Mon Oct 19 16:55:15 2009 +0200 libwbclient: fix wbcLookupDomainController(). Found by WINBIND-WBCLIENT torture test. Guenther (cherry picked from commit 110a40d4bc043d2bb2316480e6ba66ece1bf04ad) commit 95aab5556b1bd7eda726e908302fb51f49da3717 Author: Günther Deschner <g...@samba.org> Date: Fri Oct 16 13:39:24 2009 +0200 s4-smbtorture: test wbcLookupDomainController{Ex} in WINBIND-WBCLIENT. Guenther (cherry picked from commit 71cfbf958cbb26dcc050bab9fd05b38556128d4f) commit e01b09b6f71ac9f5f7a03eaba4eb6692c7c0c17f Author: Günther Deschner <g...@samba.org> Date: Mon Oct 19 18:41:15 2009 +0200 gitignore: remove old netlogon prototypes. Guenther (cherry picked from commit dbd03997e1af1e659507b1142f29d0463e8ad295) ----------------------------------------------------------------------- Summary of changes: .gitignore | 2 - nsswitch/libwbclient/tests/wbclient.c | 37 ++++++++++ nsswitch/libwbclient/wbc_util.c | 5 +- nsswitch/wbinfo.c | 43 +++++------- source3/passdb/lookup_sid.c | 8 ++ source3/passdb/pdb_ldap.c | 4 +- source3/passdb/util_wellknown.c | 1 + source3/rpc_server/srv_lsa_nt.c | 82 +++++++++++------------ source3/script/tests/test_posix_s3.sh | 1 + source4/torture/rpc/lsa.c | 119 ++++++++++++++++++++++++-------- 10 files changed, 198 insertions(+), 104 deletions(-) Changeset truncated at 500 lines: diff --git a/.gitignore b/.gitignore index 43f7846..4b88d4b 100644 --- a/.gitignore +++ b/.gitignore @@ -192,8 +192,6 @@ source4/libcli/libcli_proto.h libcli/nbt/nbtname.h libcli/smb/smb_common_proto.h source4/libcli/nbt/nbt_proto.h -source4/libcli/ndr_netlogon_proto.h -source4/libcli/netlogon_proto.h source4/libcli/raw/raw_proto.h source4/libcli/resolve/lp_proto.h source4/libcli/resolve/proto.h diff --git a/nsswitch/libwbclient/tests/wbclient.c b/nsswitch/libwbclient/tests/wbclient.c index 5a55a43..23fad63 100644 --- a/nsswitch/libwbclient/tests/wbclient.c +++ b/nsswitch/libwbclient/tests/wbclient.c @@ -268,6 +268,41 @@ static bool test_wbc_trusts(struct torture_context *tctx) return true; } +static bool test_wbc_lookupdc(struct torture_context *tctx) +{ + const char *domain_name = NULL; + struct wbcInterfaceDetails *details; + struct wbcDomainControllerInfo *dc_info; + + torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details), + "wbcInterfaceDetails failed"); + + domain_name = talloc_strdup(tctx, details->netbios_domain); + wbcFreeMemory(details); + + torture_assert_wbc_ok(tctx, wbcLookupDomainController(domain_name, 0, &dc_info), + "wbcLookupDomainController failed"); + + return true; +} + +static bool test_wbc_lookupdcex(struct torture_context *tctx) +{ + const char *domain_name = NULL; + struct wbcInterfaceDetails *details; + struct wbcDomainControllerInfoEx *dc_info; + + torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details), + "wbcInterfaceDetails failed"); + + domain_name = talloc_strdup(tctx, details->netbios_domain); + wbcFreeMemory(details); + + torture_assert_wbc_ok(tctx, wbcLookupDomainControllerEx(domain_name, NULL, NULL, 0, &dc_info), + "wbcLookupDomainControllerEx failed"); + + return true; +} struct torture_suite *torture_wbclient(void) @@ -284,6 +319,8 @@ struct torture_suite *torture_wbclient(void) torture_suite_add_simple_test(suite, "wbcListUsers", test_wbc_users); torture_suite_add_simple_test(suite, "wbcListGroups", test_wbc_groups); torture_suite_add_simple_test(suite, "wbcListTrusts", test_wbc_trusts); + torture_suite_add_simple_test(suite, "wbcLookupDomainController", test_wbc_lookupdc); + torture_suite_add_simple_test(suite, "wbcLookupDomainControllerEx", test_wbc_lookupdcex); return suite; } diff --git a/nsswitch/libwbclient/wbc_util.c b/nsswitch/libwbclient/wbc_util.c index 24b5922..16828ae 100644 --- a/nsswitch/libwbclient/wbc_util.c +++ b/nsswitch/libwbclient/wbc_util.c @@ -486,7 +486,8 @@ wbcErr wbcLookupDomainController(const char *domain, ZERO_STRUCT(request); ZERO_STRUCT(response); - strncpy(request.domain_name, domain, sizeof(request.domain_name)-1); + strncpy(request.data.dsgetdcname.domain_name, domain, + sizeof(request.data.dsgetdcname.domain_name)-1); request.flags = flags; @@ -500,7 +501,7 @@ wbcErr wbcLookupDomainController(const char *domain, &response); BAIL_ON_WBC_ERROR(wbc_status); - dc->dc_name = talloc_strdup(dc, response.data.dc_name); + dc->dc_name = talloc_strdup(dc, response.data.dsgetdcname.dc_unc); BAIL_ON_PTR_ERROR(dc->dc_name, wbc_status); *dc_info = dc; diff --git a/nsswitch/wbinfo.c b/nsswitch/wbinfo.c index 219ec24..d3d9250 100644 --- a/nsswitch/wbinfo.c +++ b/nsswitch/wbinfo.c @@ -688,36 +688,29 @@ static bool wbinfo_getdcname(const char *domain_name) /* Find a DC */ static bool wbinfo_dsgetdcname(const char *domain_name, uint32_t flags) { - struct winbindd_request request; - struct winbindd_response response; - - ZERO_STRUCT(request); - ZERO_STRUCT(response); - - fstrcpy(request.data.dsgetdcname.domain_name, domain_name); - request.data.dsgetdcname.flags = flags; - - request.flags |= DS_DIRECTORY_SERVICE_REQUIRED; - - /* Send request */ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct wbcDomainControllerInfoEx *dc_info; + char *str = NULL; - if (winbindd_request_response(WINBINDD_DSGETDCNAME, &request, - &response) != NSS_STATUS_SUCCESS) { - d_fprintf(stderr, "Could not find dc for %s\n", domain_name); + wbc_status = wbcLookupDomainControllerEx(domain_name, NULL, NULL, + flags | DS_DIRECTORY_SERVICE_REQUIRED, + &dc_info); + if (!WBC_ERROR_IS_OK(wbc_status)) { + printf("Could not find dc for %s\n", domain_name); return false; } - /* Display response */ + wbcGuidToString(dc_info->domain_guid, &str); - d_printf("%s\n", response.data.dsgetdcname.dc_unc); - d_printf("%s\n", response.data.dsgetdcname.dc_address); - d_printf("%d\n", response.data.dsgetdcname.dc_address_type); - d_printf("%s\n", response.data.dsgetdcname.domain_guid); - d_printf("%s\n", response.data.dsgetdcname.domain_name); - d_printf("%s\n", response.data.dsgetdcname.forest_name); - d_printf("0x%08x\n", response.data.dsgetdcname.dc_flags); - d_printf("%s\n", response.data.dsgetdcname.dc_site_name); - d_printf("%s\n", response.data.dsgetdcname.client_site_name); + d_printf("%s\n", dc_info->dc_unc); + d_printf("%s\n", dc_info->dc_address); + d_printf("%d\n", dc_info->dc_address_type); + d_printf("%s\n", str); + d_printf("%s\n", dc_info->domain_name); + d_printf("%s\n", dc_info->forest_name); + d_printf("0x%08x\n", dc_info->dc_flags); + d_printf("%s\n", dc_info->dc_site_name); + d_printf("%s\n", dc_info->client_site_name); return true; } diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c index 4f8d6a4..1fcd94c 100644 --- a/source3/passdb/lookup_sid.c +++ b/source3/passdb/lookup_sid.c @@ -86,6 +86,14 @@ bool lookup_name(TALLOC_CTX *mem_ctx, if ((flags & LOOKUP_NAME_BUILTIN) && strequal(domain, builtin_domain_name())) { + if (strlen(name) == 0) { + /* Swap domain and name */ + tmp = name; name = domain; domain = tmp; + sid_copy(&sid, &global_sid_Builtin); + type = SID_NAME_DOMAIN; + goto ok; + } + /* Explicit request for a name in BUILTIN */ if (lookup_builtin_name(name, &rid)) { sid_copy(&sid, &global_sid_Builtin); diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index 2c8d051..c464a88 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -6013,8 +6013,6 @@ static bool ldapsam_set_trusteddom_pw(struct pdb_methods *methods, smbldap_make_mod(priv2ld(ldap_state), entry, &mods, "sambaClearTextPassword", pwd); - talloc_autofree_ldapmod(talloc_tos(), mods); - if (entry != NULL) { prev_pwd = smbldap_talloc_single_attribute(priv2ld(ldap_state), entry, "sambaClearTextPassword", talloc_tos()); @@ -6025,6 +6023,8 @@ static bool ldapsam_set_trusteddom_pw(struct pdb_methods *methods, } } + talloc_autofree_ldapmod(talloc_tos(), mods); + trusted_dn = trusteddom_dn(ldap_state, domain); if (trusted_dn == NULL) { return False; diff --git a/source3/passdb/util_wellknown.c b/source3/passdb/util_wellknown.c index 3a30ab0..2af68b7 100644 --- a/source3/passdb/util_wellknown.c +++ b/source3/passdb/util_wellknown.c @@ -50,6 +50,7 @@ static const struct rid_name_map nt_authority_users[] = { { 4, "Interactive"}, { 6, "Service"}, { 7, "AnonymousLogon"}, + { 7, "Anonymous Logon"}, { 8, "Proxy"}, { 9, "ServerLogon"}, { 10, "Self"}, diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index cc5d23c..eafbd51 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -161,7 +161,10 @@ static NTSTATUS lookup_lsa_rids(TALLOC_CTX *mem_ctx, full_name = name[i].string; if (full_name == NULL) { - return NT_STATUS_NO_MEMORY; + prid[i].sid_type = type; + prid[i].rid = 0; + prid[i].sid_index = (uint32_t)-1; + continue; } DEBUG(5, ("lookup_lsa_rids: looking up name %s\n", full_name)); @@ -192,7 +195,11 @@ static NTSTATUS lookup_lsa_rids(TALLOC_CTX *mem_ctx, dom_idx = -1; if (type != SID_NAME_UNKNOWN) { - sid_split_rid(&sid, &rid); + if (type == SID_NAME_DOMAIN) { + rid = (uint32_t)-1; + } else { + sid_split_rid(&sid, &rid); + } dom_idx = init_lsa_ref_domain_list(mem_ctx, ref, domain, &sid); mapped_count++; } @@ -415,22 +422,11 @@ NTSTATUS _lsa_EnumTrustDom(pipes_struct *p, struct lsa_EnumTrustDom *r) { struct lsa_info *info; - uint32 next_idx; + uint32_t count; struct trustdom_info **domains; - struct lsa_DomainInfo *lsa_domains = NULL; + struct lsa_DomainInfo *entries; int i; - - /* - * preferred length is set to 5 as a "our" preferred length - * nt sets this parameter to 2 - * update (20.08.2002): it's not preferred length, but preferred size! - * it needs further investigation how to optimally choose this value - */ - uint32 max_num_domains = - r->in.max_size < 5 ? r->in.max_size : 10; - uint32 num_domains; NTSTATUS nt_status; - uint32 num_thistime; if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info)) return NT_STATUS_INVALID_HANDLE; @@ -444,48 +440,43 @@ NTSTATUS _lsa_EnumTrustDom(pipes_struct *p, return NT_STATUS_ACCESS_DENIED; become_root(); - nt_status = pdb_enum_trusteddoms(p->mem_ctx, &num_domains, &domains); + nt_status = pdb_enum_trusteddoms(p->mem_ctx, &count, &domains); unbecome_root(); if (!NT_STATUS_IS_OK(nt_status)) { return nt_status; } - if (*r->in.resume_handle < num_domains) { - num_thistime = MIN(num_domains, max_num_domains); - - nt_status = STATUS_MORE_ENTRIES; + entries = TALLOC_ZERO_ARRAY(p->mem_ctx, struct lsa_DomainInfo, count); + if (!entries) { + return NT_STATUS_NO_MEMORY; + } - if (*r->in.resume_handle + num_thistime > num_domains) { - num_thistime = num_domains - *r->in.resume_handle; - nt_status = NT_STATUS_OK; - } + for (i=0; i<count; i++) { + init_lsa_StringLarge(&entries[i].name, domains[i]->name); + entries[i].sid = &domains[i]->sid; + } - next_idx = *r->in.resume_handle + num_thistime; - } else { - num_thistime = 0; - next_idx = 0xffffffff; - nt_status = NT_STATUS_NO_MORE_ENTRIES; + if (*r->in.resume_handle >= count) { + *r->out.resume_handle = -1; + TALLOC_FREE(entries); + return NT_STATUS_NO_MORE_ENTRIES; } - /* set up the lsa_enum_trust_dom response */ + /* return the rest, limit by max_size. Note that we + use the w2k3 element size value of 60 */ + r->out.domains->count = count - *r->in.resume_handle; + r->out.domains->count = MIN(r->out.domains->count, + 1+(r->in.max_size/LSA_ENUM_TRUST_DOMAIN_MULTIPLIER)); - lsa_domains = TALLOC_ZERO_ARRAY(p->mem_ctx, struct lsa_DomainInfo, - num_thistime); - if (!lsa_domains) { - return NT_STATUS_NO_MEMORY; - } + r->out.domains->domains = entries + *r->in.resume_handle; - for (i=0; i<num_thistime; i++) { - init_lsa_StringLarge(&lsa_domains[i].name, domains[i]->name); - lsa_domains[i].sid = &domains[i]->sid; + if (r->out.domains->count < count - *r->in.resume_handle) { + *r->out.resume_handle = *r->in.resume_handle + r->out.domains->count; + return STATUS_MORE_ENTRIES; } - *r->out.resume_handle = next_idx; - r->out.domains->count = num_thistime; - r->out.domains->domains = lsa_domains; - - return nt_status; + return NT_STATUS_OK; } #define LSA_AUDIT_NUM_CATEGORIES_NT4 7 @@ -1658,6 +1649,11 @@ NTSTATUS _lsa_CreateAccount(pipes_struct *p, return NT_STATUS_ACCESS_DENIED; } + /* Work out max allowed. */ + map_max_allowed_access(p->server_info->ptok, + &p->server_info->utok, + &r->in.access_mask); + /* map the generic bits to the lsa policy ones */ se_map_generic(&r->in.access_mask, &lsa_account_mapping); diff --git a/source3/script/tests/test_posix_s3.sh b/source3/script/tests/test_posix_s3.sh index cfa6d5a..eaae813 100755 --- a/source3/script/tests/test_posix_s3.sh +++ b/source3/script/tests/test_posix_s3.sh @@ -42,6 +42,7 @@ rpc="$rpc RPC-SAMBA3-SPOOLSS RPC-SAMBA3-WKSSVC" rpc="$rpc RPC-NETLOGSAMBA3 RPC-SAMBA3SESSIONKEY RPC-SAMBA3-GETUSERNAME" rpc="$rpc RPC-SVCCTL RPC-SPOOLSS RPC-SPOOLSS-WIN RPC-NTSVCS" rpc="$rpc RPC-LSA-GETUSER RPC-LSA-LOOKUPSIDS RPC-LSA-LOOKUPNAMES" +rpc="$rpc RPC-LSA-PRIVILEGES " rpc="$rpc RPC-SAMR RPC-SAMR-USERS RPC-SAMR-USERS-PRIVILEGES RPC-SAMR-PASSWORDS" rpc="$rpc RPC-SAMR-PASSWORDS-PWDLASTSET RPC-SAMR-LARGE-DC RPC-SAMR-MACHINE-AUTH" rpc="$rpc RPC-NETLOGON-S3 RPC-SCHANNEL RPC-SCHANNEL2 RPC-BENCH-SCHANNEL1 RPC-JOIN" diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c index e4234c7..e4a6a84 100644 --- a/source4/torture/rpc/lsa.c +++ b/source4/torture/rpc/lsa.c @@ -202,12 +202,22 @@ static bool test_LookupNames(struct dcerpc_pipe *p, } for (i=0;i< tnames->count;i++) { - if (i < count && sids.sids[i].sid_type != tnames->names[i].sid_type) { - torture_comment(tctx, "LookupName of %s got unexpected name type: %s\n", - tnames->names[i].name.string, sid_type_lookup(sids.sids[i].sid_type)); + if (i < count) { + if (sids.sids[i].sid_type != tnames->names[i].sid_type) { + torture_comment(tctx, "LookupName of %s got unexpected name type: %s\n", + tnames->names[i].name.string, sid_type_lookup(sids.sids[i].sid_type)); + return false; + } + if ((sids.sids[i].sid_type == SID_NAME_DOMAIN) && + (sids.sids[i].rid != (uint32_t)-1)) { + torture_comment(tctx, "LookupName of %s got unexpected rid: %d\n", + tnames->names[i].name.string, sids.sids[i].rid); + return false; + } } else if (i >=count) { torture_comment(tctx, "LookupName of %s failed to return a result\n", tnames->names[i].name.string); + return false; } } torture_comment(tctx, "\n"); @@ -1985,11 +1995,9 @@ static bool test_EnumTrustDom(struct dcerpc_pipe *p, struct policy_handle *handle) { struct lsa_EnumTrustDom r; - struct lsa_EnumTrustedDomainsEx r_ex; NTSTATUS enum_status; uint32_t resume_handle = 0; struct lsa_DomainList domains; - struct lsa_DomainListEx domains_ex; bool ret = true; torture_comment(tctx, "\nTesting EnumTrustDom\n"); @@ -2054,6 +2062,19 @@ static bool test_EnumTrustDom(struct dcerpc_pipe *p, } while ((NT_STATUS_EQUAL(enum_status, STATUS_MORE_ENTRIES))); + return ret; +} + +static bool test_EnumTrustDomEx(struct dcerpc_pipe *p, + struct torture_context *tctx, + struct policy_handle *handle) +{ + struct lsa_EnumTrustedDomainsEx r_ex; + NTSTATUS enum_status; + uint32_t resume_handle = 0; + struct lsa_DomainListEx domains_ex; + bool ret = true; + torture_comment(tctx, "\nTesting EnumTrustedDomainsEx\n"); r_ex.in.handle = handle; @@ -2113,27 +2134,36 @@ static bool test_EnumTrustDom(struct dcerpc_pipe *p, return ret; } + static bool test_CreateTrustedDomain(struct dcerpc_pipe *p, struct torture_context *tctx, - struct policy_handle *handle) + struct policy_handle *handle, + uint32_t num_trusts) { NTSTATUS status; bool ret = true; struct lsa_CreateTrustedDomain r; struct lsa_DomainInfo trustinfo; - struct dom_sid *domsid[12]; - struct policy_handle trustdom_handle[12]; + struct dom_sid **domsid; + struct policy_handle *trustdom_handle; struct lsa_QueryTrustedDomainInfo q; union lsa_TrustedDomainInfo *info = NULL; int i; - torture_comment(tctx, "\nTesting CreateTrustedDomain for 12 domains\n"); + torture_comment(tctx, "\nTesting CreateTrustedDomain for %d domains\n", num_trusts); if (!test_EnumTrustDom(p, tctx, handle)) { ret = false; } - for (i=0; i< 12; i++) { + if (!test_EnumTrustDomEx(p, tctx, handle)) { + ret = false; + } + + domsid = talloc_array(tctx, struct dom_sid *, num_trusts); + trustdom_handle = talloc_array(tctx, struct policy_handle, num_trusts); + + for (i=0; i< num_trusts; i++) { char *trust_name = talloc_asprintf(tctx, "torturedom%02d", i); char *trust_sid = talloc_asprintf(tctx, "S-1-5-21-97398-379795-100%02d", i); @@ -2162,7 +2192,7 @@ static bool test_CreateTrustedDomain(struct dcerpc_pipe *p, q.out.info = &info; status = dcerpc_lsa_QueryTrustedDomainInfo(p, tctx, &q); if (!NT_STATUS_IS_OK(status)) { - torture_comment(tctx, "QueryTrustedDomainInfo level 1 failed - %s\n", nt_errstr(status)); + torture_comment(tctx, "QueryTrustedDomainInfo level %d failed - %s\n", q.in.level, nt_errstr(status)); ret = false; } else if (!q.out.info) { ret = false; @@ -2196,7 +2226,11 @@ static bool test_CreateTrustedDomain(struct dcerpc_pipe *p, ret = false; } - for (i=0; i<12; i++) { + if (!test_EnumTrustDomEx(p, tctx, handle)) { + ret = false; + } + + for (i=0; i<num_trusts; i++) { if (!test_DeleteTrustedDomainBySid(p, tctx, handle, domsid[i])) { ret = false; } @@ -2207,7 +2241,8 @@ static bool test_CreateTrustedDomain(struct dcerpc_pipe *p, static bool test_CreateTrustedDomainEx2(struct dcerpc_pipe *p, struct torture_context *tctx, - struct policy_handle *handle) + struct policy_handle *handle, + uint32_t num_trusts) { NTSTATUS status; bool ret = true; @@ -2216,15 +2251,18 @@ static bool test_CreateTrustedDomainEx2(struct dcerpc_pipe *p, struct lsa_TrustDomainInfoAuthInfoInternal authinfo; struct trustDomainPasswords auth_struct; DATA_BLOB auth_blob; - struct dom_sid *domsid[12]; - struct policy_handle trustdom_handle[12]; + struct dom_sid **domsid; + struct policy_handle *trustdom_handle; struct lsa_QueryTrustedDomainInfo q; union lsa_TrustedDomainInfo *info = NULL; DATA_BLOB session_key; -- Samba Shared Repository