The branch, master has been updated
via f7229d61ede s4:torture: Add new LSA test_query_forest_trust_info()
via 14a5d9e626c s4:torture: Split out a new LSA
test_set_forest_trust_info() function
via 88f49f18611 selftest: Remove samba4.rpc.lsa.forest.trust from
knownfail
from 818bd2dcb3c python:tests: make test_export_keytab_nochange_update()
more reliable
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit f7229d61ede14f6fd14b9e5dcb365ec772216e08
Author: Andreas Schneider <a...@samba.org>
Date: Tue Mar 19 10:24:44 2024 +0100
s4:torture: Add new LSA test_query_forest_trust_info()
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
Autobuild-User(master): Andreas Schneider <a...@cryptomilk.org>
Autobuild-Date(master): Thu Jul 18 12:36:25 UTC 2024 on atb-devel-224
commit 14a5d9e626c258bfbcdfed16379e951bb438355c
Author: Andreas Schneider <a...@samba.org>
Date: Tue Mar 19 09:43:40 2024 +0100
s4:torture: Split out a new LSA test_set_forest_trust_info() function
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
commit 88f49f186113c5dface15286383649961e4dcc8d
Author: Andreas Schneider <a...@samba.org>
Date: Tue Mar 19 10:30:04 2024 +0100
selftest: Remove samba4.rpc.lsa.forest.trust from knownfail
The test needs --option="torture:Forest_Trust_Dom2_Binding=..." in order
to be useful, so the skip is correct, but the knownfail entry should
have been removed with e5163dfd57694351bf556565e92f74b71221db29.
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
selftest/knownfail | 1 -
source4/torture/rpc/forest_trust.c | 156 ++++++++++++++++++++++++++++++-------
2 files changed, 127 insertions(+), 30 deletions(-)
Changeset truncated at 500 lines:
diff --git a/selftest/knownfail b/selftest/knownfail
index 9507b142089..03f8b466994 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -184,7 +184,6 @@
^samba4.smb2.sharemode.sharemode-access
^samba4.smb2.sharemode.access-sharemode
^samba4.ntvfs.cifs.krb5.base.createx_access.createx_access\(.*\)$
-^samba4.rpc.lsa.forest.trust #Not fully provided by Samba4
^samba4.blackbox.upgradeprovision.alpha13.ldapcmp_sd\(none\) # Due to
something rewriting the NT ACL on DNS objects
^samba4.blackbox.upgradeprovision.alpha13.ldapcmp_full_sd\(none\) # Due to
something rewriting the NT ACL on DNS objects
^samba4.blackbox.upgradeprovision.release-4-0-0.ldapcmp_sd\(none\) # Due to
something rewriting the NT ACL on DNS objects
diff --git a/source4/torture/rpc/forest_trust.c
b/source4/torture/rpc/forest_trust.c
index 8161853b5a4..284d5e4441c 100644
--- a/source4/torture/rpc/forest_trust.c
+++ b/source4/torture/rpc/forest_trust.c
@@ -30,6 +30,7 @@
#include "libcli/auth/libcli_auth.h"
#include "torture/rpc/torture_rpc.h"
#include "param/param.h"
+#include "source3/rpc_client/init_lsa.h"
#include <gnutls/gnutls.h>
#include <gnutls/crypto.h>
@@ -103,6 +104,122 @@ static bool test_get_policy_handle(struct torture_context
*tctx,
return true;
}
+static bool test_set_forest_trust_info(struct dcerpc_pipe *p,
+ struct torture_context *tctx,
+ struct policy_handle *handle,
+ struct dom_sid *domsid,
+ const char *trust_name,
+ const char *trust_name_dns)
+{
+ struct lsa_ForestTrustCollisionInfo *collision_info = NULL;
+ struct lsa_ForestTrustInformation *fti = NULL;
+ struct lsa_lsaRSetForestTrustInformation ft_info = {
+ .in = {
+ .handle = handle,
+ .highest_record_type = 2,
+ },
+ .out = {
+ .collision_info = &collision_info,
+ }
+ };
+
+ torture_comment(tctx, "\nTesting lsaRSetForestTrustInformation\n");
+
+ ft_info.in.trusted_domain_name = talloc_zero(tctx, struct
lsa_StringLarge);
+ torture_assert_not_null(tctx, ft_info.in.trusted_domain_name, "No
memory");
+ ft_info.in.trusted_domain_name->string = trust_name_dns;
+
+ fti = talloc_zero(tctx, struct lsa_ForestTrustInformation);
+ torture_assert_not_null(tctx, fti, "No memory");
+ fti->count = 2;
+ fti->entries = talloc_array(tctx, struct lsa_ForestTrustRecord *, 2);
+ fti->entries[0] = talloc_zero(tctx, struct lsa_ForestTrustRecord);
+ fti->entries[0]->flags = 0;
+ fti->entries[0]->type = LSA_FOREST_TRUST_TOP_LEVEL_NAME;
+ fti->entries[0]->time = 0;
+ fti->entries[0]->forest_trust_data.top_level_name.string =
trust_name_dns;
+ fti->entries[1] = talloc_zero(tctx, struct lsa_ForestTrustRecord);
+ fti->entries[1]->flags = 0;
+ fti->entries[1]->type = LSA_FOREST_TRUST_DOMAIN_INFO;
+ fti->entries[1]->time = 0;
+ fti->entries[1]->forest_trust_data.domain_info.domain_sid = domsid;
+ fti->entries[1]->forest_trust_data.domain_info.dns_domain_name.string =
+ trust_name_dns;
+ fti->entries[1]
+ ->forest_trust_data.domain_info.netbios_domain_name
+ .string = trust_name;
+
+ ft_info.in.forest_trust_info = fti;
+
+ torture_assert_ntstatus_ok(tctx,
+ dcerpc_lsa_lsaRSetForestTrustInformation_r(
+ p->binding_handle, tctx, &ft_info),
+ "lsaRSetForestTrustInformation failed");
+ torture_assert_ntstatus_ok(tctx,
+ ft_info.out.result,
+ "lsaRSetForestTrustInformation failed");
+
+ /* There should be no collisions */
+ torture_assert(tctx, collision_info == NULL, "collision info returned");
+
+ return true;
+}
+
+static bool test_query_forest_trust_info(struct dcerpc_pipe *p,
+ struct torture_context *tctx,
+ struct policy_handle *handle,
+ const char *trust_name_dns)
+{
+ struct lsa_String trusted_domain_name = {
+ .size = 0,
+ };
+ struct lsa_ForestTrustInformation *fti = NULL;
+ struct lsa_lsaRQueryForestTrustInformation r = {
+ .in = {
+ .handle = handle,
+ .highest_record_type = 2,
+ .trusted_domain_name = &trusted_domain_name,
+ },
+ .out = {
+ .forest_trust_info = &fti,
+ }
+ };
+ struct lsa_ForestTrustRecord *rec = NULL;
+
+ init_lsa_String(&trusted_domain_name, trust_name_dns);
+
+ torture_comment(tctx, "\nTesting lsaRQueryForestTrustInformation\n");
+
+
+ torture_assert_ntstatus_ok(tctx,
+ dcerpc_lsa_lsaRQueryForestTrustInformation_r(
+ p->binding_handle, tctx, &r),
+ "lsaRQueryForestTrustInformation failed");
+ torture_assert_ntstatus_ok(tctx,
+ r.out.result,
+ "lsaRQueryForestTrustInformation failed");
+
+ torture_assert_not_null(tctx,
+ r.out.forest_trust_info,
+ "forest_trust_info is not set");
+ torture_assert_int_equal(tctx,
+ fti->count,
+ 2,
+ "Unexpected forest_trust_info count");
+
+ rec = fti->entries[0];
+ torture_assert_int_equal(tctx,
+ rec->type,
+ LSA_FOREST_TRUST_TOP_LEVEL_NAME,
+ "Unexpedted type");
+ torture_assert_str_equal(tctx,
+ rec->forest_trust_data.top_level_name.string,
+ trust_name_dns,
+ "Unexpected top level name");
+
+ return true;
+}
+
static bool test_create_trust_and_set_info(struct dcerpc_pipe *p,
struct torture_context *tctx,
const char *trust_name,
@@ -111,8 +228,6 @@ static bool test_create_trust_and_set_info(struct
dcerpc_pipe *p,
struct
lsa_TrustDomainInfoAuthInfoInternal *authinfo)
{
struct policy_handle *handle;
- struct lsa_lsaRSetForestTrustInformation fti;
- struct lsa_ForestTrustCollisionInfo *collision_info = NULL;
struct lsa_Close cr;
struct policy_handle closed_handle;
struct lsa_CreateTrustedDomainEx2 r;
@@ -120,6 +235,7 @@ static bool test_create_trust_and_set_info(struct
dcerpc_pipe *p,
struct policy_handle trustdom_handle;
struct lsa_QueryTrustedDomainInfo q;
union lsa_TrustedDomainInfo *info = NULL;
+ bool ok;
if (!test_get_policy_handle(tctx, p,
(LSA_POLICY_VIEW_LOCAL_INFORMATION |
@@ -183,34 +299,16 @@ static bool test_create_trust_and_set_info(struct
dcerpc_pipe *p,
torture_assert_int_equal(tctx, info->info_ex.trust_direction,
trustinfo.trust_direction,
"QueryTrustedDomainInfo of returned incorrect
trust direction");
- fti.in.handle = handle;
- fti.in.trusted_domain_name = talloc_zero(tctx, struct lsa_StringLarge);
- fti.in.trusted_domain_name->string = trust_name_dns;
- fti.in.highest_record_type = 2;
- fti.in.forest_trust_info = talloc_zero(tctx, struct
lsa_ForestTrustInformation);
- fti.in.forest_trust_info->count = 2;
- fti.in.forest_trust_info->entries = talloc_array(tctx, struct
lsa_ForestTrustRecord *, 2);
- fti.in.forest_trust_info->entries[0] = talloc_zero(tctx, struct
lsa_ForestTrustRecord);
- fti.in.forest_trust_info->entries[0]->flags = 0;
- fti.in.forest_trust_info->entries[0]->type =
LSA_FOREST_TRUST_TOP_LEVEL_NAME;
- fti.in.forest_trust_info->entries[0]->time = 0;
-
fti.in.forest_trust_info->entries[0]->forest_trust_data.top_level_name.string =
trust_name_dns;
- fti.in.forest_trust_info->entries[1] = talloc_zero(tctx, struct
lsa_ForestTrustRecord);
- fti.in.forest_trust_info->entries[1]->flags = 0;
- fti.in.forest_trust_info->entries[1]->type =
LSA_FOREST_TRUST_DOMAIN_INFO;
- fti.in.forest_trust_info->entries[1]->time = 0;
-
fti.in.forest_trust_info->entries[1]->forest_trust_data.domain_info.domain_sid
= domsid;
-
fti.in.forest_trust_info->entries[1]->forest_trust_data.domain_info.dns_domain_name.string
= trust_name_dns;
-
fti.in.forest_trust_info->entries[1]->forest_trust_data.domain_info.netbios_domain_name.string
= trust_name;
- fti.in.check_only = 0;
- fti.out.collision_info = &collision_info;
-
- torture_comment(tctx, "\nTesting SetForestTrustInformation\n");
+ ok = test_set_forest_trust_info(
+ p, tctx, handle, domsid, trust_name, trust_name_dns);
+ if (!ok) {
+ return false;
+ }
- torture_assert_ntstatus_ok(tctx,
-
dcerpc_lsa_lsaRSetForestTrustInformation_r(p->binding_handle, tctx, &fti),
- "lsaRSetForestTrustInformation failed");
- torture_assert_ntstatus_ok(tctx, fti.out.result,
"lsaRSetForestTrustInformation failed");
+ ok = test_query_forest_trust_info(p, tctx, handle, trust_name_dns);
+ if (!ok) {
+ return false;
+ }
cr.in.handle = handle;
cr.out.handle = &closed_handle;
--
Samba Shared Repository
