The branch, master has been updated
via 077327a923841338cf24162a67465c70fa3c4613 (commit)
via c3e61b54606175858d2221e5f4a75f2fcf149631 (commit)
via 675e52cde78906a63fe96e6d34aab92eb710c6b2 (commit)
via 2abdfab613b9487138612bf4ad0422ce4771d7cc (commit)
from c62cc96b1e75e79546daeb9e5c719a98edef5d87 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 077327a923841338cf24162a67465c70fa3c4613
Author: Günther Deschner <g...@samba.org>
Date: Wed May 13 15:17:46 2009 +0200
s3-net: Fix bug 6340: don't segfault when cleartext trustdom pwd could not
be retrieved.
Guenther
commit c3e61b54606175858d2221e5f4a75f2fcf149631
Author: Günther Deschner <g...@samba.org>
Date: Wed May 13 15:15:30 2009 +0200
s4-selftest: match new name of RPC-SAMR-ACCESSMASK.
Guenther
commit 675e52cde78906a63fe96e6d34aab92eb710c6b2
Author: Günther Deschner <g...@samba.org>
Date: Wed May 13 15:14:20 2009 +0200
s4-smbtorture: split RPC-SAMR-ACCESSMASK into several tests.
Guenther
commit 2abdfab613b9487138612bf4ad0422ce4771d7cc
Author: Günther Deschner <g...@samba.org>
Date: Wed May 13 03:18:07 2009 +0200
s4-smbtorture: cosmetic cleanup for RPC-SAMR-ACCESSMASK.
Guenther
-----------------------------------------------------------------------
Summary of changes:
source3/utils/net_rpc.c | 2 +-
source4/selftest/knownfail | 1 +
source4/selftest/skip | 3 +-
source4/torture/rpc/samr_accessmask.c | 152 +++++++++++++++-----------------
4 files changed, 74 insertions(+), 84 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
index 4de4bef..f6f9003 100644
--- a/source3/utils/net_rpc.c
+++ b/source3/utils/net_rpc.c
@@ -5739,7 +5739,7 @@ static NTSTATUS vampire_trusted_domain(struct
rpc_pipe_client *pipe_hnd,
char *cleartextpwd = NULL;
uint8_t session_key[16];
DATA_BLOB session_key_blob;
- DATA_BLOB data;
+ DATA_BLOB data = data_blob_null;
nt_status = rpccli_lsa_QueryTrustedDomainInfoBySid(pipe_hnd, mem_ctx,
pol,
diff --git a/source4/selftest/knownfail b/source4/selftest/knownfail
index da503bc..6fc86c0 100644
--- a/source4/selftest/knownfail
+++ b/source4/selftest/knownfail
@@ -38,6 +38,7 @@ rpc.netlogon.*.GetPassword
rpc.netlogon.*.GetTrustPasswords
rpc.netlogon.*.DatabaseRedo
rpc.netlogon.*.ServerGetTrustInfo
+samba4.rpc.samr.passwords.pwdlastset # Not provided by Samba 4 yet
base.charset.*.Testing partial surrogate
.*net.api.delshare.* # DelShare isn't implemented yet
rap.*netservergetinfo
diff --git a/source4/selftest/skip b/source4/selftest/skip
index cbf0fea..138ce2b 100644
--- a/source4/selftest/skip
+++ b/source4/selftest/skip
@@ -22,8 +22,7 @@ base.nttrans
base.scan.maxfid
raw.hold.oplock # Not a test, but a way to block other clients
for a test
raw.ping.pong # Needs second server to test
-rpc.samr_accessmask
-samba4.rpc.samr.passwords.pwdlastset # Not provided by Samba 4 yet
+rpc.samr.accessmask
raw.scan.eamax
samba4.ntvfs.cifs.raw.qfileinfo.ipc
smb2.notify
diff --git a/source4/torture/rpc/samr_accessmask.c
b/source4/torture/rpc/samr_accessmask.c
index fb560be..1e74455 100644
--- a/source4/torture/rpc/samr_accessmask.c
+++ b/source4/torture/rpc/samr_accessmask.c
@@ -1,19 +1,19 @@
-/*
+/*
Unix SMB/CIFS implementation.
test suite for accessmasks on the SAMR pipe
Copyright (C) Ronnie Sahlberg 2007
-
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
@@ -32,8 +32,8 @@
static NTSTATUS torture_samr_Close(struct torture_context *tctx,
- struct dcerpc_pipe *p,
- struct policy_handle *h)
+ struct dcerpc_pipe *p,
+ struct policy_handle *h)
{
NTSTATUS status;
struct samr_Close cl;
@@ -46,8 +46,8 @@ static NTSTATUS torture_samr_Close(struct torture_context
*tctx,
}
static NTSTATUS torture_samr_Connect5(struct torture_context *tctx,
- struct dcerpc_pipe *p,
- uint32_t mask, struct policy_handle *h)
+ struct dcerpc_pipe *p,
+ uint32_t mask, struct policy_handle *h)
{
NTSTATUS status;
struct samr_Connect5 r5;
@@ -70,8 +70,8 @@ static NTSTATUS torture_samr_Connect5(struct torture_context
*tctx,
}
/* check which bits in accessmask allows us to connect to the server */
-static bool test_samr_accessmask_Connect5(struct torture_context *tctx,
- struct dcerpc_pipe *p)
+static bool test_samr_accessmask_Connect5(struct torture_context *tctx,
+ struct dcerpc_pipe *p)
{
NTSTATUS status;
struct policy_handle h;
@@ -80,7 +80,7 @@ static bool test_samr_accessmask_Connect5(struct
torture_context *tctx,
printf("testing which bits in accessmask allows us to connect\n");
mask = 1;
- for (i=0;i<33;i++) {
+ for (i=0;i<33;i++) {
printf("testing Connect5 with access mask 0x%08x", mask);
status = torture_samr_Connect5(tctx, p, mask, &h);
mask <<= 1;
@@ -140,8 +140,8 @@ static bool test_samr_accessmask_Connect5(struct
torture_context *tctx,
in the access mask to Connect5() in order to be allowed to perform
EnumDomains() on the policy handle returned from Connect5()
*/
-static bool test_samr_accessmask_EnumDomains(struct torture_context *tctx,
- struct dcerpc_pipe *p)
+static bool test_samr_accessmask_EnumDomains(struct torture_context *tctx,
+ struct dcerpc_pipe *p)
{
NTSTATUS status;
struct samr_EnumDomains ed;
@@ -154,7 +154,7 @@ static bool test_samr_accessmask_EnumDomains(struct
torture_context *tctx,
printf("testing which bits in Connect5 accessmask allows us to
EnumDomains\n");
mask = 1;
- for (i=0;i<33;i++) {
+ for (i=0;i<33;i++) {
printf("testing Connect5/EnumDomains with access mask 0x%08x",
mask);
status = torture_samr_Connect5(tctx, p, mask, &ch);
mask <<= 1;
@@ -225,16 +225,16 @@ static bool test_samr_accessmask_EnumDomains(struct
torture_context *tctx,
/*
- * test how ACLs affect how/if a user can connect to the SAMR service
+ * test how ACLs affect how/if a user can connect to the SAMR service
*
* samr_SetSecurity() returns SUCCESS when changing the ACL for
* a policy handle got from Connect5() but the ACL is not changed on
* the server
*/
-static bool test_samr_connect_user_acl(struct torture_context *tctx,
- struct dcerpc_pipe *p,
- struct cli_credentials *test_credentials,
- const struct dom_sid *test_sid)
+static bool test_samr_connect_user_acl(struct torture_context *tctx,
+ struct dcerpc_pipe *p,
+ struct cli_credentials *test_credentials,
+ const struct dom_sid *test_sid)
{
NTSTATUS status;
@@ -259,7 +259,7 @@ static bool test_samr_connect_user_acl(struct
torture_context *tctx,
return false;
}
-
+
/* get the current ACL for the SAMR policy handle */
qs.in.handle = &ch;
qs.in.sec_info = SECINFO_DACL;
@@ -299,7 +299,7 @@ static bool test_samr_connect_user_acl(struct
torture_context *tctx,
/* Try to connect as the test user */
- status = dcerpc_pipe_connect(tctx,
+ status = dcerpc_pipe_connect(tctx,
&test_p, binding, &ndr_table_samr,
test_credentials, tctx->ev, tctx->lp_ctx);
if (!NT_STATUS_IS_OK(status)) {
@@ -317,7 +317,7 @@ static bool test_samr_connect_user_acl(struct
torture_context *tctx,
talloc_free(test_p);
- /* read the sequrity descriptor back. it should not have changed
+ /* read the sequrity descriptor back. it should not have changed
* eventhough samr_SetSecurity returned SUCCESS
*/
status = dcerpc_samr_QuerySecurity(p, tctx, &qs);
@@ -347,14 +347,14 @@ static bool test_samr_connect_user_acl(struct
torture_context *tctx,
* test if the ACLs are enforced for users.
* a normal testuser only gets the rights provided in hte ACL for
* Everyone which does not include the SAMR_ACCESS_SHUTDOWN_SERVER
- * right. If the ACLs are checked when a user connects
+ * right. If the ACLs are checked when a user connects
* a testuser that requests the accessmask with only this bit set
* the connect should fail.
*/
-static bool test_samr_connect_user_acl_enforced(struct torture_context *tctx,
- struct dcerpc_pipe *p,
- struct cli_credentials *test_credentials,
- const struct dom_sid *test_sid)
+static bool test_samr_connect_user_acl_enforced(struct torture_context *tctx,
+ struct dcerpc_pipe *p,
+ struct cli_credentials
*test_credentials,
+ const struct dom_sid *test_sid)
{
NTSTATUS status;
@@ -366,7 +366,7 @@ static bool test_samr_connect_user_acl_enforced(struct
torture_context *tctx,
printf("testing if ACLs are enforced for non domain admin users when
connecting to SAMR");
- status = dcerpc_pipe_connect(tctx,
+ status = dcerpc_pipe_connect(tctx,
&test_p, binding, &ndr_table_samr,
test_credentials, tctx->ev, tctx->lp_ctx);
if (!NT_STATUS_IS_OK(status)) {
@@ -392,13 +392,13 @@ static bool test_samr_connect_user_acl_enforced(struct
torture_context *tctx,
by default we must specify at least one of :
in the access mask to Connect5() in order to be allowed to perform
case 5: samr/opendomain
- case 25: Maximum
+ case 25: Maximum
case 28: GenericAll
case 29: GenericExecute
LookupDomain() on the policy handle returned from Connect5()
*/
-static bool test_samr_accessmask_LookupDomain(struct torture_context *tctx,
- struct dcerpc_pipe *p)
+static bool test_samr_accessmask_LookupDomain(struct torture_context *tctx,
+ struct dcerpc_pipe *p)
{
NTSTATUS status;
struct samr_LookupDomain ld;
@@ -410,13 +410,13 @@ static bool test_samr_accessmask_LookupDomain(struct
torture_context *tctx,
printf("testing which bits in Connect5 accessmask allows us to
LookupDomain\n");
mask = 1;
- for (i=0;i<33;i++) {
+ for (i=0;i<33;i++) {
printf("testing Connect5/LookupDomain with access mask 0x%08x",
mask);
status = torture_samr_Connect5(tctx, p, mask, &ch);
mask <<= 1;
switch (i) {
- case 5:
+ case 5:
case 25: /* Maximum */
case 28: /* GenericAll */
case 29: /* GenericExecute */
@@ -478,14 +478,14 @@ static bool test_samr_accessmask_LookupDomain(struct
torture_context *tctx,
/* check which bits in accessmask allows us to OpenDomain()
by default we must specify at least one of :
samr/opendomain
- Maximum
+ Maximum
GenericAll
GenericExecute
in the access mask to Connect5() in order to be allowed to perform
OpenDomain() on the policy handle returned from Connect5()
*/
-static bool test_samr_accessmask_OpenDomain(struct torture_context *tctx,
- struct dcerpc_pipe *p)
+static bool test_samr_accessmask_OpenDomain(struct torture_context *tctx,
+ struct dcerpc_pipe *p)
{
NTSTATUS status;
struct samr_LookupDomain ld;
@@ -519,13 +519,13 @@ static bool test_samr_accessmask_OpenDomain(struct
torture_context *tctx,
printf("testing which bits in Connect5 accessmask allows us to
OpenDomain\n");
mask = 1;
- for (i=0;i<33;i++) {
+ for (i=0;i<33;i++) {
printf("testing Connect5/OpenDomain with access mask 0x%08x",
mask);
status = torture_samr_Connect5(tctx, p, mask, &ch);
mask <<= 1;
switch (i) {
- case 5:
+ case 5:
case 25: /* Maximum */
case 28: /* GenericAll */
case 29: /* GenericExecute */
@@ -579,8 +579,8 @@ static bool test_samr_accessmask_OpenDomain(struct
torture_context *tctx,
return true;
}
-static bool test_samr_connect(struct torture_context *tctx,
- struct dcerpc_pipe *p)
+static bool test_samr_connect(struct torture_context *tctx,
+ struct dcerpc_pipe *p)
{
void *testuser;
const char *testuser_passwd;
@@ -588,8 +588,12 @@ static bool test_samr_connect(struct torture_context *tctx,
bool ret = true;
const struct dom_sid *test_sid;
+ if (torture_setting_bool(tctx, "samba3", false)) {
+ torture_skip(tctx, "Skipping test against Samba 3");
+ }
+
/* create a test user */
- testuser = torture_create_testuser(tctx, TEST_USER_NAME,
lp_workgroup(tctx->lp_ctx),
+ testuser = torture_create_testuser(tctx, TEST_USER_NAME,
lp_workgroup(tctx->lp_ctx),
ACB_NORMAL, &testuser_passwd);
if (!testuser) {
printf("Failed to create test user\n");
@@ -597,45 +601,13 @@ static bool test_samr_connect(struct torture_context
*tctx,
}
test_credentials = cli_credentials_init(tctx);
cli_credentials_set_workstation(test_credentials, "localhost",
CRED_SPECIFIED);
- cli_credentials_set_domain(test_credentials,
lp_workgroup(tctx->lp_ctx),
+ cli_credentials_set_domain(test_credentials, lp_workgroup(tctx->lp_ctx),
CRED_SPECIFIED);
cli_credentials_set_username(test_credentials, TEST_USER_NAME,
CRED_SPECIFIED);
cli_credentials_set_password(test_credentials, testuser_passwd,
CRED_SPECIFIED);
test_sid = torture_join_user_sid(testuser);
- /* test which bits in the accessmask to Connect5
- will allow us to connect to the server
- */
- if (!test_samr_accessmask_Connect5(tctx, p)) {
- ret = false;
- }
-
-
- /* test which bits in the accessmask to Connect5 will allow
- * us to call EnumDomains()
- */
- if (!test_samr_accessmask_EnumDomains(tctx, p)) {
- ret = false;
- }
-
- /* test which bits in the accessmask to Connect5 will allow
- * us to call LookupDomain()
- */
- if (!test_samr_accessmask_LookupDomain(tctx, p)) {
- ret = false;
- }
-
-
- /* test which bits in the accessmask to Connect5 will allow
- * us to call OpenDomain()
- */
- if (!test_samr_accessmask_OpenDomain(tctx, p)) {
- ret = false;
- }
-
- if (!torture_setting_bool(tctx, "samba3", false)) {
-
/* test if ACLs can be changed for the policy handle
* returned by Connect5
*/
@@ -643,7 +615,7 @@ static bool test_samr_connect(struct torture_context *tctx,
ret = false;
}
- /* test if the ACLs that are reported from the Connect5
+ /* test if the ACLs that are reported from the Connect5
* policy handle is enforced.
* i.e. an ordinary user only has the same rights as Everybody
* ReadControl
@@ -657,8 +629,6 @@ static bool test_samr_connect(struct torture_context *tctx,
ret = false;
}
- }
-
/* remove the test user */
torture_leave_domain(tctx, testuser);
@@ -667,13 +637,33 @@ static bool test_samr_connect(struct torture_context
*tctx,
struct torture_suite *torture_rpc_samr_accessmask(TALLOC_CTX *mem_ctx)
{
- struct torture_suite *suite = torture_suite_create(mem_ctx,
"SAMR_ACCESSMASK");
+ struct torture_suite *suite = torture_suite_create(mem_ctx,
"SAMR-ACCESSMASK");
struct torture_rpc_tcase *tcase;
- tcase = torture_suite_add_rpc_iface_tcase(suite, "samr",
-
&ndr_table_samr);
-
+ tcase = torture_suite_add_rpc_iface_tcase(suite, "samr",
+ &ndr_table_samr);
+
torture_rpc_tcase_add_test(tcase, "CONNECT", test_samr_connect);
+ /* test which bits in the accessmask to Connect5 will allow
+ * us to call OpenDomain() */
+ torture_rpc_tcase_add_test(tcase, "OpenDomain",
+ test_samr_accessmask_OpenDomain);
+
+ /* test which bits in the accessmask to Connect5 will allow
+ * us to call LookupDomain() */
+ torture_rpc_tcase_add_test(tcase, "LookupDomain",
+ test_samr_accessmask_LookupDomain);
+
+ /* test which bits in the accessmask to Connect5 will allow
+ * us to call EnumDomains() */
+ torture_rpc_tcase_add_test(tcase, "EnumDomains",
+ test_samr_accessmask_EnumDomains);
+
+ /* test which bits in the accessmask to Connect5
+ will allow us to connect to the server */
+ torture_rpc_tcase_add_test(tcase, "Connect5",
+ test_samr_accessmask_Connect5);
+
return suite;
}
--
Samba Shared Repository
