The branch, v4-0-test has been updated via 353bb79f568f20c8469cb9458f7b14c24612ad23 (commit) via e7afb31df1f12a3cd39ed9b95d76edc6ff0d6a70 (commit) via d50b76ed71ab6bc8e63926540638df5af10202ae (commit) via facbc8dfa5188fdd610f400b5be6e05bc33b0820 (commit) from b6bcd66612eb3e507da94eb6f05e5d0317a8276c (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log ----------------------------------------------------------------- commit 353bb79f568f20c8469cb9458f7b14c24612ad23 Author: Andrew Bartlett <[EMAIL PROTECTED]> Date: Fri Mar 14 12:26:03 2008 +1100 Rework our SAMR test and SAMR server. Now that we don't create users/domain groups/aliases in the builtin domain, we hit some bugs in the server-side implementation of the enumeration functions. In essence, it turns out to be: don't treat 0 as a special case. Also, fix up the PDC name to always be returned. I'm sure nothing actually uses it, particularly for BUILTIN... Andrew Bartlett commit e7afb31df1f12a3cd39ed9b95d76edc6ff0d6a70 Author: Andrew Bartlett <[EMAIL PROTECTED]> Date: Fri Mar 14 10:11:03 2008 +1100 Check for Administrator as a Alias (copy&paste bug) Andrew Bartlett commit d50b76ed71ab6bc8e63926540638df5af10202ae Merge: facbc8dfa5188fdd610f400b5be6e05bc33b0820 b6bcd66612eb3e507da94eb6f05e5d0317a8276c Author: Andrew Bartlett <[EMAIL PROTECTED]> Date: Fri Mar 14 09:59:24 2008 +1100 Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local commit facbc8dfa5188fdd610f400b5be6e05bc33b0820 Author: Andrew Bartlett <[EMAIL PROTECTED]> Date: Thu Mar 13 17:26:01 2008 +1100 Rework SAMR functions to avoid gendb_search() The gendb_*() API does not return error codes, and mixes error returns with the count of returned entries. Andrew Bartlett ----------------------------------------------------------------------- Summary of changes: source/rpc_server/samr/dcesrv_samr.c | 136 +++++++++++++++++++++------------- source/rpc_server/samr/dcesrv_samr.h | 2 + source/torture/rpc/lsa.c | 2 +- source/torture/rpc/samr.c | 87 +++++++++++++++------ 4 files changed, 150 insertions(+), 77 deletions(-) Changeset truncated at 500 lines: diff --git a/source/rpc_server/samr/dcesrv_samr.c b/source/rpc_server/samr/dcesrv_samr.c index da03d83..0aa4d65 100644 --- a/source/rpc_server/samr/dcesrv_samr.c +++ b/source/rpc_server/samr/dcesrv_samr.c @@ -324,11 +324,11 @@ static NTSTATUS dcesrv_samr_EnumDomains(struct dcesrv_call_state *dce_call, TALL struct samr_connect_state *c_state; struct dcesrv_handle *h; struct samr_SamArray *array; - int count, i, start_i; + int i, start_i, ret; const char * const dom_attrs[] = { "cn", NULL}; const char * const ref_attrs[] = { "nETBIOSName", NULL}; - struct ldb_message **dom_msgs; - struct ldb_message **ref_msgs; + struct ldb_result *dom_res; + struct ldb_result *ref_res; struct ldb_dn *partitions_basedn; *r->out.resume_handle = 0; @@ -341,19 +341,18 @@ static NTSTATUS dcesrv_samr_EnumDomains(struct dcesrv_call_state *dce_call, TALL partitions_basedn = samdb_partitions_dn(c_state->sam_ctx, mem_ctx); - count = gendb_search(c_state->sam_ctx, - mem_ctx, NULL, &dom_msgs, dom_attrs, - "(objectClass=domain)"); - if (count == -1) { - DEBUG(0,("samdb: no domains found in EnumDomains\n")); + ret = ldb_search_exp_fmt(c_state->sam_ctx, mem_ctx, &dom_res, ldb_get_default_basedn(c_state->sam_ctx), + LDB_SCOPE_SUBTREE, dom_attrs, "(|(|(objectClass=domain)(objectClass=builtinDomain))(objectClass=samba4LocalDomain))"); + if (ret != LDB_SUCCESS) { + DEBUG(0,("samdb: unable to find domains: %s\n", ldb_errstring(c_state->sam_ctx))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } - *r->out.resume_handle = count; + *r->out.resume_handle = dom_res->count; start_i = *r->in.resume_handle; - if (start_i >= count) { + if (start_i >= dom_res->count) { /* search past end of list is not an error for this call */ return NT_STATUS_OK; } @@ -366,23 +365,27 @@ static NTSTATUS dcesrv_samr_EnumDomains(struct dcesrv_call_state *dce_call, TALL array->count = 0; array->entries = NULL; - array->entries = talloc_array(mem_ctx, struct samr_SamEntry, count - start_i); + array->entries = talloc_array(mem_ctx, struct samr_SamEntry, dom_res->count - start_i); if (array->entries == NULL) { return NT_STATUS_NO_MEMORY; } - for (i=0;i<count-start_i;i++) { - int ret; + for (i=0;i<dom_res->count-start_i;i++) { array->entries[i].idx = start_i + i; /* try and find the domain */ - ret = gendb_search(c_state->sam_ctx, mem_ctx, partitions_basedn, - &ref_msgs, ref_attrs, - "(&(objectClass=crossRef)(ncName=%s))", - ldb_dn_get_linearized(dom_msgs[i]->dn)); - if (ret == 1) { - array->entries[i].name.string = samdb_result_string(ref_msgs[0], "nETBIOSName", NULL); + ret = ldb_search_exp_fmt(c_state->sam_ctx, mem_ctx, &ref_res, partitions_basedn, + LDB_SCOPE_SUBTREE, ref_attrs, "(&(objectClass=crossRef)(ncName=%s))", + ldb_dn_get_linearized(dom_res->msgs[i]->dn)); + + if (ret != LDB_SUCCESS) { + DEBUG(0,("samdb: unable to find domains: %s\n", ldb_errstring(c_state->sam_ctx))); + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + + if (ref_res->count == 1) { + array->entries[i].name.string = samdb_result_string(ref_res->msgs[0], "nETBIOSName", NULL); } else { - array->entries[i].name.string = samdb_result_string(dom_msgs[i], "cn", NULL); + array->entries[i].name.string = samdb_result_string(dom_res->msgs[i], "cn", NULL); } } @@ -472,6 +475,14 @@ static NTSTATUS dcesrv_samr_OpenDomain(struct dcesrv_call_state *dce_call, TALLO } d_state->access_mask = r->in.access_mask; + if (dom_sid_equal(d_state->domain_sid, dom_sid_parse_talloc(mem_ctx, SID_BUILTIN))) { + d_state->builtin = true; + } else { + d_state->builtin = false; + } + + d_state->lp_ctx = dce_call->conn->dce_ctx->lp_ctx; + h_domain = dcesrv_handle_new(dce_call->context, SAMR_HANDLE_DOMAIN); if (!h_domain) { talloc_free(d_state); @@ -520,6 +531,10 @@ static NTSTATUS dcesrv_samr_info_DomInfo2(struct samr_domain_state *state, string */ info->primary.string = samdb_result_fsmo_name(state->sam_ctx, mem_ctx, dom_msgs[0], "fSMORoleOwner"); + if (!info->primary.string) { + info->primary.string = lp_netbios_name(state->lp_ctx); + } + info->force_logoff_time = ldb_msg_find_attr_as_uint64(dom_msgs[0], "forceLogoff", 0x8000000000000000LL); @@ -614,6 +629,10 @@ static NTSTATUS dcesrv_samr_info_DomInfo6(struct samr_domain_state *state, info->primary.string = samdb_result_fsmo_name(state->sam_ctx, mem_ctx, dom_msgs[0], "fSMORoleOwner"); + if (!info->primary.string) { + info->primary.string = lp_netbios_name(state->lp_ctx); + } + return NT_STATUS_OK; } @@ -1004,6 +1023,11 @@ static NTSTATUS dcesrv_samr_CreateDomainGroup(struct dcesrv_call_state *dce_call d_state = h->data; + if (d_state->builtin) { + DEBUG(5, ("Cannot create a domain group in the BUILTIN domain")); + return NT_STATUS_ACCESS_DENIED; + } + groupname = r->in.name->string; if (groupname == NULL) { @@ -1130,9 +1154,6 @@ static NTSTATUS dcesrv_samr_EnumDomainGroups(struct dcesrv_call_state *dce_call, if (ldb_cnt == -1) { return NT_STATUS_INTERNAL_DB_CORRUPTION; } - if (ldb_cnt == 0 || r->in.max_size == 0) { - return NT_STATUS_OK; - } /* convert to SamEntry format */ entries = talloc_array(mem_ctx, struct samr_SamEntry, ldb_cnt); @@ -1166,10 +1187,6 @@ static NTSTATUS dcesrv_samr_EnumDomainGroups(struct dcesrv_call_state *dce_call, first<count && entries[first].idx <= *r->in.resume_handle; first++) ; - if (first == count) { - return NT_STATUS_OK; - } - /* return the rest, limit by max_size. Note that we use the w2k3 element size value of 54 */ r->out.num_entries = count - first; @@ -1234,6 +1251,10 @@ static NTSTATUS dcesrv_samr_CreateUser2(struct dcesrv_call_state *dce_call, TALL d_state = h->data; + if (d_state->builtin) { + DEBUG(5, ("Cannot create a user in the BUILTIN domain")); + return NT_STATUS_ACCESS_DENIED; + } account_name = r->in.account_name->string; if (account_name == NULL) { @@ -1318,15 +1339,16 @@ static NTSTATUS dcesrv_samr_CreateUser2(struct dcesrv_call_state *dce_call, TALL /* create the user */ ret = ldb_add(d_state->sam_ctx, msg); switch (ret) { - case LDB_SUCCESS: + case LDB_SUCCESS: break; - case LDB_ERR_ENTRY_ALREADY_EXISTS: + case LDB_ERR_ENTRY_ALREADY_EXISTS: ldb_transaction_cancel(d_state->sam_ctx); DEBUG(0,("Failed to create user record %s: %s\n", ldb_dn_get_linearized(msg->dn), ldb_errstring(d_state->sam_ctx))); return NT_STATUS_USER_EXISTS; - case LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS: + case LDB_ERR_UNWILLING_TO_PERFORM: + case LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS: ldb_transaction_cancel(d_state->sam_ctx); DEBUG(0,("Failed to create user record %s: %s\n", ldb_dn_get_linearized(msg->dn), @@ -1466,8 +1488,8 @@ static NTSTATUS dcesrv_samr_EnumDomainUsers(struct dcesrv_call_state *dce_call, { struct dcesrv_handle *h; struct samr_domain_state *d_state; - struct ldb_message **res; - int count, num_filtered_entries, i, first; + struct ldb_result *res; + int ret, num_filtered_entries, i, first; struct samr_SamEntry *entries; const char * const attrs[] = { "objectSid", "sAMAccountName", "userAccountControl", NULL }; @@ -1479,32 +1501,30 @@ static NTSTATUS dcesrv_samr_EnumDomainUsers(struct dcesrv_call_state *dce_call, d_state = h->data; - /* search for all users in this domain. This could possibly be cached and - resumed based on resume_key */ - count = gendb_search(d_state->sam_ctx, mem_ctx, d_state->domain_dn, &res, attrs, - "objectclass=user"); - if (count == -1) { + /* don't have to worry about users in the builtin domain, as there are none */ + ret = ldb_search_exp_fmt(d_state->sam_ctx, mem_ctx, &res, d_state->domain_dn, LDB_SCOPE_SUBTREE, attrs, "objectClass=user"); + + if (ret != LDB_SUCCESS) { + DEBUG(3, ("Failed to search for Domain Users in %s: %s\n", + ldb_dn_get_linearized(d_state->domain_dn), ldb_errstring(d_state->sam_ctx))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } - if (count == 0 || r->in.max_size == 0) { - return NT_STATUS_OK; - } /* convert to SamEntry format */ - entries = talloc_array(mem_ctx, struct samr_SamEntry, count); + entries = talloc_array(mem_ctx, struct samr_SamEntry, res->count); if (!entries) { return NT_STATUS_NO_MEMORY; } num_filtered_entries = 0; - for (i=0;i<count;i++) { + for (i=0;i<res->count;i++) { /* Check if a mask has been requested */ if (r->in.acct_flags - && ((samdb_result_acct_flags(d_state->sam_ctx, mem_ctx, res[i], + && ((samdb_result_acct_flags(d_state->sam_ctx, mem_ctx, res->msgs[i], d_state->domain_dn) & r->in.acct_flags) == 0)) { continue; } - entries[num_filtered_entries].idx = samdb_result_rid_from_sid(mem_ctx, res[i], "objectSid", 0); - entries[num_filtered_entries].name.string = samdb_result_string(res[i], "sAMAccountName", ""); + entries[num_filtered_entries].idx = samdb_result_rid_from_sid(mem_ctx, res->msgs[i], "objectSid", 0); + entries[num_filtered_entries].name.string = samdb_result_string(res->msgs[i], "sAMAccountName", ""); num_filtered_entries++; } @@ -1566,6 +1586,11 @@ static NTSTATUS dcesrv_samr_CreateDomAlias(struct dcesrv_call_state *dce_call, T d_state = h->data; + if (d_state->builtin) { + DEBUG(5, ("Cannot create a domain alias in the BUILTIN domain")); + return NT_STATUS_ACCESS_DENIED; + } + alias_name = r->in.alias_name->string; if (alias_name == NULL) { @@ -2073,7 +2098,8 @@ static NTSTATUS dcesrv_samr_QueryGroupInfo(struct dcesrv_call_state *dce_call, T { struct dcesrv_handle *h; struct samr_account_state *a_state; - struct ldb_message *msg, **res; + struct ldb_message *msg; + struct ldb_result *res; const char * const attrs[4] = { "sAMAccountName", "description", "numMembers", NULL }; int ret; @@ -2083,14 +2109,22 @@ static NTSTATUS dcesrv_samr_QueryGroupInfo(struct dcesrv_call_state *dce_call, T DCESRV_PULL_HANDLE(h, r->in.group_handle, SAMR_HANDLE_GROUP); a_state = h->data; + + ret = ldb_search_exp_fmt(a_state->sam_ctx, mem_ctx, &res, a_state->account_dn, LDB_SCOPE_SUBTREE, attrs, "objectClass=*"); + + if (ret == LDB_ERR_NO_SUCH_OBJECT) { + return NT_STATUS_NO_SUCH_GROUP; + } else if (ret != LDB_SUCCESS) { + DEBUG(2, ("Error reading group info: %s\n", ldb_errstring(a_state->sam_ctx))); + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } - /* pull all the group attributes */ - ret = gendb_search_dn(a_state->sam_ctx, mem_ctx, - a_state->account_dn, &res, attrs); - if (ret != 1) { + if (res->count != 1) { + DEBUG(2, ("Error finding group info, got %d entries\n", res->count)); + return NT_STATUS_INTERNAL_DB_CORRUPTION; } - msg = res[0]; + msg = res->msgs[0]; /* allocate the info structure */ r->out.info = talloc(mem_ctx, union samr_GroupInfo); diff --git a/source/rpc_server/samr/dcesrv_samr.h b/source/rpc_server/samr/dcesrv_samr.h index 7a69783..a28a4be 100644 --- a/source/rpc_server/samr/dcesrv_samr.h +++ b/source/rpc_server/samr/dcesrv_samr.h @@ -52,6 +52,8 @@ struct samr_domain_state { const char *domain_name; struct ldb_dn *domain_dn; enum server_role role; + bool builtin; + struct loadparm_context *lp_ctx; }; /* diff --git a/source/torture/rpc/lsa.c b/source/torture/rpc/lsa.c index 60d022f..04d13a9 100644 --- a/source/torture/rpc/lsa.c +++ b/source/torture/rpc/lsa.c @@ -295,8 +295,8 @@ static bool test_LookupNames_wellknown(struct dcerpc_pipe *p, ret &= test_LookupNames(p, mem_ctx, handle, &tnames); name.name.string = "BUILTIN\\Administrators"; - ret &= test_LookupNames(p, mem_ctx, handle, &tnames); name.sid_type = SID_NAME_ALIAS; + ret &= test_LookupNames(p, mem_ctx, handle, &tnames); name.name.string = "SYSTEM"; name.sid_type = SID_NAME_WKN_GRP; diff --git a/source/torture/rpc/samr.c b/source/torture/rpc/samr.c index 1d6ec43..55c75ba 100644 --- a/source/torture/rpc/samr.c +++ b/source/torture/rpc/samr.c @@ -2332,9 +2332,15 @@ static bool test_CreateAlias(struct dcerpc_pipe *p, struct torture_context *tctx status = dcerpc_samr_CreateDomAlias(p, tctx, &r); - if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) { - printf("Server refused create of '%s'\n", r.in.alias_name->string); - return true; + if (dom_sid_equal(domain_sid, dom_sid_parse_talloc(tctx, SID_BUILTIN))) { + if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) { + printf("Server correctly refused create of '%s'\n", r.in.alias_name->string); + return true; + } else { + printf("Server should have refused create of '%s', got %s instead\n", r.in.alias_name->string, + nt_errstr(status)); + return false; + } } if (NT_STATUS_EQUAL(status, NT_STATUS_ALIAS_EXISTS)) { @@ -2515,7 +2521,8 @@ static bool test_ChangePassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, static bool test_CreateUser(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *domain_handle, - struct policy_handle *user_handle_out, + struct policy_handle *user_handle_out, + struct dom_sid *domain_sid, enum torture_samr_choice which_ops) { @@ -2546,10 +2553,15 @@ static bool test_CreateUser(struct dcerpc_pipe *p, struct torture_context *tctx, status = dcerpc_samr_CreateUser(p, user_ctx, &r); - if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) { - printf("Server refused create of '%s': %s\n", r.in.account_name->string, nt_errstr(status)); - talloc_free(user_ctx); - return true; + if (dom_sid_equal(domain_sid, dom_sid_parse_talloc(tctx, SID_BUILTIN))) { + if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) { + printf("Server correctly refused create of '%s'\n", r.in.account_name->string); + return true; + } else { + printf("Server should have refused create of '%s', got %s instead\n", r.in.account_name->string, + nt_errstr(status)); + return false; + } } if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) { @@ -2610,7 +2622,9 @@ static bool test_CreateUser(struct dcerpc_pipe *p, struct torture_context *tctx, static bool test_CreateUser2(struct dcerpc_pipe *p, struct torture_context *tctx, - struct policy_handle *domain_handle, enum torture_samr_choice which_ops) + struct policy_handle *domain_handle, + struct dom_sid *domain_sid, + enum torture_samr_choice which_ops) { NTSTATUS status; struct samr_CreateUser2 r; @@ -2663,12 +2677,19 @@ static bool test_CreateUser2(struct dcerpc_pipe *p, struct torture_context *tctx status = dcerpc_samr_CreateUser2(p, user_ctx, &r); - if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) { - talloc_free(user_ctx); - printf("Server refused create of '%s'\n", r.in.account_name->string); - continue; + if (dom_sid_equal(domain_sid, dom_sid_parse_talloc(tctx, SID_BUILTIN))) { + if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) { + printf("Server correctly refused create of '%s'\n", r.in.account_name->string); + continue; + } else { + printf("Server should have refused create of '%s', got %s instead\n", r.in.account_name->string, + nt_errstr(status)); + ret = false; + continue; + } + } - } else if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) { + if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) { if (!test_DeleteUser_byname(p, user_ctx, domain_handle, r.in.account_name->string)) { talloc_free(user_ctx); ret = false; @@ -3893,6 +3914,7 @@ static bool test_GroupList(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, } if (!q1.out.sam) { + printf("EnumDomainGroups failed to return q1.out.sam\n"); return false; } @@ -4138,7 +4160,9 @@ static bool test_AddGroupMember(struct dcerpc_pipe *p, struct torture_context *t static bool test_CreateDomainGroup(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, - struct policy_handle *domain_handle, struct policy_handle *group_handle) + struct policy_handle *domain_handle, + struct policy_handle *group_handle, + struct dom_sid *domain_sid) { NTSTATUS status; struct samr_CreateDomainGroup r; @@ -4158,15 +4182,19 @@ static bool test_CreateDomainGroup(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, status = dcerpc_samr_CreateDomainGroup(p, mem_ctx, &r); - if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) { - printf("Server refused create of '%s'\n", r.in.name->string); - ZERO_STRUCTP(group_handle); - return true; + if (dom_sid_equal(domain_sid, dom_sid_parse_talloc(mem_ctx, SID_BUILTIN))) { + if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) { + printf("Server correctly refused create of '%s'\n", r.in.name->string); + return true; + } else { + printf("Server should have refused create of '%s', got %s instead\n", r.in.name->string, + nt_errstr(status)); + return false; + } } if (NT_STATUS_EQUAL(status, NT_STATUS_GROUP_EXISTS)) { if (!test_DeleteGroup_byname(p, mem_ctx, domain_handle, r.in.name->string)) { - printf("CreateDomainGroup failed: Could not delete domain group %s - %s\n", r.in.name->string, nt_errstr(status)); return false; @@ -4244,7 +4272,7 @@ static bool test_OpenDomain(struct dcerpc_pipe *p, struct torture_context *tctx, ZERO_STRUCT(group_handle); ZERO_STRUCT(domain_handle); - printf("Testing OpenDomain\n"); + printf("Testing OpenDomain of %s\n", dom_sid_string(tctx, sid)); r.in.connect_handle = handle; r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; @@ -4264,17 +4292,23 @@ static bool test_OpenDomain(struct dcerpc_pipe *p, struct torture_context *tctx, switch (which_ops) { case TORTURE_SAMR_USER_ATTRIBUTES: case TORTURE_SAMR_PASSWORDS: - ret &= test_CreateUser2(p, tctx, &domain_handle, which_ops); - ret &= test_CreateUser(p, tctx, &domain_handle, &user_handle, which_ops); + ret &= test_CreateUser2(p, tctx, &domain_handle, sid, which_ops); + ret &= test_CreateUser(p, tctx, &domain_handle, &user_handle, sid, which_ops); /* This test needs 'complex' users to validate */ ret &= test_QueryDisplayInfo(p, tctx, &domain_handle); + if (!ret) { + printf("Testing PASSWORDS or ATTRIBUTES on domain %s failed!\n", dom_sid_string(tctx, sid)); + } break; case TORTURE_SAMR_OTHER: - ret &= test_CreateUser(p, tctx, &domain_handle, &user_handle, which_ops); + ret &= test_CreateUser(p, tctx, &domain_handle, &user_handle, sid, which_ops); + if (!ret) { + printf("Failed to CreateUser in SAMR-OTHER on domain %s!\n", dom_sid_string(tctx, sid)); + } ret &= test_QuerySecurity(p, tctx, &domain_handle); ret &= test_RemoveMemberFromForeignDomain(p, tctx, &domain_handle); ret &= test_CreateAlias(p, tctx, &domain_handle, &alias_handle, sid); - ret &= test_CreateDomainGroup(p, tctx, &domain_handle, &group_handle); + ret &= test_CreateDomainGroup(p, tctx, &domain_handle, &group_handle, sid); ret &= test_QueryDomainInfo(p, tctx, &domain_handle); ret &= test_QueryDomainInfo2(p, tctx, &domain_handle); ret &= test_EnumDomainUsers(p, tctx, &domain_handle); @@ -4295,6 +4329,9 @@ static bool test_OpenDomain(struct dcerpc_pipe *p, struct torture_context *tctx, ret &= test_TestPrivateFunctionsDomain(p, tctx, &domain_handle); ret &= test_RidToSid(p, tctx, sid, &domain_handle); ret &= test_GetBootKeyInformation(p, tctx, &domain_handle); + if (!ret) { + printf("Testing SAMR-OTHER on domain %s failed!\n", dom_sid_string(tctx, sid)); + } break; } -- Samba Shared Repository