The branch, master has been updated via f7229d61ede s4:torture: Add new LSA test_query_forest_trust_info() via 14a5d9e626c s4:torture: Split out a new LSA test_set_forest_trust_info() function via 88f49f18611 selftest: Remove samba4.rpc.lsa.forest.trust from knownfail from 818bd2dcb3c python:tests: make test_export_keytab_nochange_update() more reliable
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit f7229d61ede14f6fd14b9e5dcb365ec772216e08 Author: Andreas Schneider <a...@samba.org> Date: Tue Mar 19 10:24:44 2024 +0100 s4:torture: Add new LSA test_query_forest_trust_info() Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> Autobuild-User(master): Andreas Schneider <a...@cryptomilk.org> Autobuild-Date(master): Thu Jul 18 12:36:25 UTC 2024 on atb-devel-224 commit 14a5d9e626c258bfbcdfed16379e951bb438355c Author: Andreas Schneider <a...@samba.org> Date: Tue Mar 19 09:43:40 2024 +0100 s4:torture: Split out a new LSA test_set_forest_trust_info() function Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit 88f49f186113c5dface15286383649961e4dcc8d Author: Andreas Schneider <a...@samba.org> Date: Tue Mar 19 10:30:04 2024 +0100 selftest: Remove samba4.rpc.lsa.forest.trust from knownfail The test needs --option="torture:Forest_Trust_Dom2_Binding=..." in order to be useful, so the skip is correct, but the knownfail entry should have been removed with e5163dfd57694351bf556565e92f74b71221db29. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> ----------------------------------------------------------------------- Summary of changes: selftest/knownfail | 1 - source4/torture/rpc/forest_trust.c | 156 ++++++++++++++++++++++++++++++------- 2 files changed, 127 insertions(+), 30 deletions(-) Changeset truncated at 500 lines: diff --git a/selftest/knownfail b/selftest/knownfail index 9507b142089..03f8b466994 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -184,7 +184,6 @@ ^samba4.smb2.sharemode.sharemode-access ^samba4.smb2.sharemode.access-sharemode ^samba4.ntvfs.cifs.krb5.base.createx_access.createx_access\(.*\)$ -^samba4.rpc.lsa.forest.trust #Not fully provided by Samba4 ^samba4.blackbox.upgradeprovision.alpha13.ldapcmp_sd\(none\) # Due to something rewriting the NT ACL on DNS objects ^samba4.blackbox.upgradeprovision.alpha13.ldapcmp_full_sd\(none\) # Due to something rewriting the NT ACL on DNS objects ^samba4.blackbox.upgradeprovision.release-4-0-0.ldapcmp_sd\(none\) # Due to something rewriting the NT ACL on DNS objects diff --git a/source4/torture/rpc/forest_trust.c b/source4/torture/rpc/forest_trust.c index 8161853b5a4..284d5e4441c 100644 --- a/source4/torture/rpc/forest_trust.c +++ b/source4/torture/rpc/forest_trust.c @@ -30,6 +30,7 @@ #include "libcli/auth/libcli_auth.h" #include "torture/rpc/torture_rpc.h" #include "param/param.h" +#include "source3/rpc_client/init_lsa.h" #include <gnutls/gnutls.h> #include <gnutls/crypto.h> @@ -103,6 +104,122 @@ static bool test_get_policy_handle(struct torture_context *tctx, return true; } +static bool test_set_forest_trust_info(struct dcerpc_pipe *p, + struct torture_context *tctx, + struct policy_handle *handle, + struct dom_sid *domsid, + const char *trust_name, + const char *trust_name_dns) +{ + struct lsa_ForestTrustCollisionInfo *collision_info = NULL; + struct lsa_ForestTrustInformation *fti = NULL; + struct lsa_lsaRSetForestTrustInformation ft_info = { + .in = { + .handle = handle, + .highest_record_type = 2, + }, + .out = { + .collision_info = &collision_info, + } + }; + + torture_comment(tctx, "\nTesting lsaRSetForestTrustInformation\n"); + + ft_info.in.trusted_domain_name = talloc_zero(tctx, struct lsa_StringLarge); + torture_assert_not_null(tctx, ft_info.in.trusted_domain_name, "No memory"); + ft_info.in.trusted_domain_name->string = trust_name_dns; + + fti = talloc_zero(tctx, struct lsa_ForestTrustInformation); + torture_assert_not_null(tctx, fti, "No memory"); + fti->count = 2; + fti->entries = talloc_array(tctx, struct lsa_ForestTrustRecord *, 2); + fti->entries[0] = talloc_zero(tctx, struct lsa_ForestTrustRecord); + fti->entries[0]->flags = 0; + fti->entries[0]->type = LSA_FOREST_TRUST_TOP_LEVEL_NAME; + fti->entries[0]->time = 0; + fti->entries[0]->forest_trust_data.top_level_name.string = trust_name_dns; + fti->entries[1] = talloc_zero(tctx, struct lsa_ForestTrustRecord); + fti->entries[1]->flags = 0; + fti->entries[1]->type = LSA_FOREST_TRUST_DOMAIN_INFO; + fti->entries[1]->time = 0; + fti->entries[1]->forest_trust_data.domain_info.domain_sid = domsid; + fti->entries[1]->forest_trust_data.domain_info.dns_domain_name.string = + trust_name_dns; + fti->entries[1] + ->forest_trust_data.domain_info.netbios_domain_name + .string = trust_name; + + ft_info.in.forest_trust_info = fti; + + torture_assert_ntstatus_ok(tctx, + dcerpc_lsa_lsaRSetForestTrustInformation_r( + p->binding_handle, tctx, &ft_info), + "lsaRSetForestTrustInformation failed"); + torture_assert_ntstatus_ok(tctx, + ft_info.out.result, + "lsaRSetForestTrustInformation failed"); + + /* There should be no collisions */ + torture_assert(tctx, collision_info == NULL, "collision info returned"); + + return true; +} + +static bool test_query_forest_trust_info(struct dcerpc_pipe *p, + struct torture_context *tctx, + struct policy_handle *handle, + const char *trust_name_dns) +{ + struct lsa_String trusted_domain_name = { + .size = 0, + }; + struct lsa_ForestTrustInformation *fti = NULL; + struct lsa_lsaRQueryForestTrustInformation r = { + .in = { + .handle = handle, + .highest_record_type = 2, + .trusted_domain_name = &trusted_domain_name, + }, + .out = { + .forest_trust_info = &fti, + } + }; + struct lsa_ForestTrustRecord *rec = NULL; + + init_lsa_String(&trusted_domain_name, trust_name_dns); + + torture_comment(tctx, "\nTesting lsaRQueryForestTrustInformation\n"); + + + torture_assert_ntstatus_ok(tctx, + dcerpc_lsa_lsaRQueryForestTrustInformation_r( + p->binding_handle, tctx, &r), + "lsaRQueryForestTrustInformation failed"); + torture_assert_ntstatus_ok(tctx, + r.out.result, + "lsaRQueryForestTrustInformation failed"); + + torture_assert_not_null(tctx, + r.out.forest_trust_info, + "forest_trust_info is not set"); + torture_assert_int_equal(tctx, + fti->count, + 2, + "Unexpected forest_trust_info count"); + + rec = fti->entries[0]; + torture_assert_int_equal(tctx, + rec->type, + LSA_FOREST_TRUST_TOP_LEVEL_NAME, + "Unexpedted type"); + torture_assert_str_equal(tctx, + rec->forest_trust_data.top_level_name.string, + trust_name_dns, + "Unexpected top level name"); + + return true; +} + static bool test_create_trust_and_set_info(struct dcerpc_pipe *p, struct torture_context *tctx, const char *trust_name, @@ -111,8 +228,6 @@ static bool test_create_trust_and_set_info(struct dcerpc_pipe *p, struct lsa_TrustDomainInfoAuthInfoInternal *authinfo) { struct policy_handle *handle; - struct lsa_lsaRSetForestTrustInformation fti; - struct lsa_ForestTrustCollisionInfo *collision_info = NULL; struct lsa_Close cr; struct policy_handle closed_handle; struct lsa_CreateTrustedDomainEx2 r; @@ -120,6 +235,7 @@ static bool test_create_trust_and_set_info(struct dcerpc_pipe *p, struct policy_handle trustdom_handle; struct lsa_QueryTrustedDomainInfo q; union lsa_TrustedDomainInfo *info = NULL; + bool ok; if (!test_get_policy_handle(tctx, p, (LSA_POLICY_VIEW_LOCAL_INFORMATION | @@ -183,34 +299,16 @@ static bool test_create_trust_and_set_info(struct dcerpc_pipe *p, torture_assert_int_equal(tctx, info->info_ex.trust_direction, trustinfo.trust_direction, "QueryTrustedDomainInfo of returned incorrect trust direction"); - fti.in.handle = handle; - fti.in.trusted_domain_name = talloc_zero(tctx, struct lsa_StringLarge); - fti.in.trusted_domain_name->string = trust_name_dns; - fti.in.highest_record_type = 2; - fti.in.forest_trust_info = talloc_zero(tctx, struct lsa_ForestTrustInformation); - fti.in.forest_trust_info->count = 2; - fti.in.forest_trust_info->entries = talloc_array(tctx, struct lsa_ForestTrustRecord *, 2); - fti.in.forest_trust_info->entries[0] = talloc_zero(tctx, struct lsa_ForestTrustRecord); - fti.in.forest_trust_info->entries[0]->flags = 0; - fti.in.forest_trust_info->entries[0]->type = LSA_FOREST_TRUST_TOP_LEVEL_NAME; - fti.in.forest_trust_info->entries[0]->time = 0; - fti.in.forest_trust_info->entries[0]->forest_trust_data.top_level_name.string = trust_name_dns; - fti.in.forest_trust_info->entries[1] = talloc_zero(tctx, struct lsa_ForestTrustRecord); - fti.in.forest_trust_info->entries[1]->flags = 0; - fti.in.forest_trust_info->entries[1]->type = LSA_FOREST_TRUST_DOMAIN_INFO; - fti.in.forest_trust_info->entries[1]->time = 0; - fti.in.forest_trust_info->entries[1]->forest_trust_data.domain_info.domain_sid = domsid; - fti.in.forest_trust_info->entries[1]->forest_trust_data.domain_info.dns_domain_name.string = trust_name_dns; - fti.in.forest_trust_info->entries[1]->forest_trust_data.domain_info.netbios_domain_name.string = trust_name; - fti.in.check_only = 0; - fti.out.collision_info = &collision_info; - - torture_comment(tctx, "\nTesting SetForestTrustInformation\n"); + ok = test_set_forest_trust_info( + p, tctx, handle, domsid, trust_name, trust_name_dns); + if (!ok) { + return false; + } - torture_assert_ntstatus_ok(tctx, - dcerpc_lsa_lsaRSetForestTrustInformation_r(p->binding_handle, tctx, &fti), - "lsaRSetForestTrustInformation failed"); - torture_assert_ntstatus_ok(tctx, fti.out.result, "lsaRSetForestTrustInformation failed"); + ok = test_query_forest_trust_info(p, tctx, handle, trust_name_dns); + if (!ok) { + return false; + } cr.in.handle = handle; cr.out.handle = &closed_handle; -- Samba Shared Repository