summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2010-09-02 18:41:45 +1000
committerAndrew Tridgell <tridge@samba.org>2010-09-04 12:29:10 +1000
commit389d35708ea910e68468648396f405e52907c749 (patch)
tree9f93b98b8b33149824fc7d81cb7ebbedb188d241
parent48323d88cc4ca3a08d1bd79c748061c775d57eca (diff)
downloadsamba-389d35708ea910e68468648396f405e52907c749.tar.gz
samba-389d35708ea910e68468648396f405e52907c749.tar.bz2
samba-389d35708ea910e68468648396f405e52907c749.zip
torture-lsa: cope with STATUS_SOME_UNMAPPED errors
Now that we support SePrintOperatorPrivilege, an interaction between the spoolss tests and the privileges tests cause a failure. The failure happens like this: - the spoolss.access test creates and then deletes an account with SePrintOperatorPrivilege privilege - this leaves the privileges database with an entry for a deleted account that is still visible via LSA calls. This is correct behaviour (verified against w2k8r2) - the lsa.privileges test then enumerates all accounts that have at least one privilege, and gets the SID for the deleted account - it then called LookupNames and LookupSids on this deleted account, and gets an error. The fix is to not call LookupSids and LookupNames on sids which have SID_NAME_UNKNOWN as the type Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
-rw-r--r--source4/torture/rpc/lsa.c65
1 files changed, 50 insertions, 15 deletions
diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c
index 5d4f597fcb..9283fc3e31 100644
--- a/source4/torture/rpc/lsa.c
+++ b/source4/torture/rpc/lsa.c
@@ -176,19 +176,28 @@ static bool test_LookupNames(struct dcerpc_binding_handle *b,
struct lsa_String *names;
uint32_t count = 0;
int i;
+ uint32_t *input_idx;
torture_comment(tctx, "\nTesting LookupNames with %d names\n", tnames->count);
sids.count = 0;
sids.sids = NULL;
+
+ r.in.num_names = 0;
+
+ input_idx = talloc_array(tctx, uint32_t, tnames->count);
names = talloc_array(tctx, struct lsa_String, tnames->count);
+
for (i=0;i<tnames->count;i++) {
- init_lsa_String(&names[i], tnames->names[i].name.string);
+ if (tnames->names[i].sid_type != SID_NAME_UNKNOWN) {
+ init_lsa_String(&names[r.in.num_names], tnames->names[i].name.string);
+ input_idx[r.in.num_names] = i;
+ r.in.num_names++;
+ }
}
r.in.handle = handle;
- r.in.num_names = tnames->count;
r.in.names = names;
r.in.sids = &sids;
r.in.level = 1;
@@ -201,7 +210,7 @@ static bool test_LookupNames(struct dcerpc_binding_handle *b,
"LookupNames failed");
if (NT_STATUS_EQUAL(r.out.result, STATUS_SOME_UNMAPPED) ||
NT_STATUS_EQUAL(r.out.result, NT_STATUS_NONE_MAPPED)) {
- for (i=0;i< tnames->count;i++) {
+ for (i=0;i< r.in.num_names;i++) {
if (i < count && sids.sids[i].sid_type == SID_NAME_UNKNOWN) {
torture_comment(tctx, "LookupName of %s was unmapped\n",
tnames->names[i].name.string);
@@ -219,22 +228,23 @@ static bool test_LookupNames(struct dcerpc_binding_handle *b,
return false;
}
- for (i=0;i< tnames->count;i++) {
+ for (i=0;i< r.in.num_names;i++) {
if (i < count) {
- if (sids.sids[i].sid_type != tnames->names[i].sid_type) {
+ if (sids.sids[i].sid_type != tnames->names[input_idx[i]].sid_type) {
torture_comment(tctx, "LookupName of %s got unexpected name type: %s\n",
- tnames->names[i].name.string, sid_type_lookup(sids.sids[i].sid_type));
+ tnames->names[input_idx[i]].name.string,
+ sid_type_lookup(sids.sids[i].sid_type));
return false;
}
if ((sids.sids[i].sid_type == SID_NAME_DOMAIN) &&
(sids.sids[i].rid != (uint32_t)-1)) {
torture_comment(tctx, "LookupName of %s got unexpected rid: %d\n",
- tnames->names[i].name.string, sids.sids[i].rid);
+ tnames->names[input_idx[i]].name.string, sids.sids[i].rid);
return false;
}
} else if (i >=count) {
torture_comment(tctx, "LookupName of %s failed to return a result\n",
- tnames->names[i].name.string);
+ tnames->names[input_idx[i]].name.string);
return false;
}
}
@@ -394,14 +404,22 @@ static bool test_LookupNames2(struct dcerpc_binding_handle *b,
sids.count = 0;
sids.sids = NULL;
+ uint32_t *input_idx;
+
+ r.in.num_names = 0;
+ input_idx = talloc_array(tctx, uint32_t, tnames->count);
names = talloc_array(tctx, struct lsa_String, tnames->count);
+
for (i=0;i<tnames->count;i++) {
- init_lsa_String(&names[i], tnames->names[i].name.string);
+ if (tnames->names[i].sid_type != SID_NAME_UNKNOWN) {
+ init_lsa_String(&names[r.in.num_names], tnames->names[i].name.string);
+ input_idx[r.in.num_names] = i;
+ r.in.num_names++;
+ }
}
r.in.handle = handle;
- r.in.num_names = tnames->count;
r.in.names = names;
r.in.sids = &sids;
r.in.level = 1;
@@ -446,19 +464,26 @@ static bool test_LookupNames3(struct dcerpc_binding_handle *b,
struct lsa_String *names;
uint32_t count = 0;
int i;
+ uint32_t *input_idx;
torture_comment(tctx, "\nTesting LookupNames3 with %d names\n", tnames->count);
sids.count = 0;
sids.sids = NULL;
+ r.in.num_names = 0;
+
+ input_idx = talloc_array(tctx, uint32_t, tnames->count);
names = talloc_array(tctx, struct lsa_String, tnames->count);
for (i=0;i<tnames->count;i++) {
- init_lsa_String(&names[i], tnames->names[i].name.string);
+ if (tnames->names[i].sid_type != SID_NAME_UNKNOWN) {
+ init_lsa_String(&names[r.in.num_names], tnames->names[i].name.string);
+ input_idx[r.in.num_names] = i;
+ r.in.num_names++;
+ }
}
r.in.handle = handle;
- r.in.num_names = tnames->count;
r.in.names = names;
r.in.sids = &sids;
r.in.level = 1;
@@ -501,15 +526,23 @@ static bool test_LookupNames4(struct dcerpc_binding_handle *b,
struct lsa_String *names;
uint32_t count = 0;
int i;
+ uint32_t *input_idx;
torture_comment(tctx, "\nTesting LookupNames4 with %d names\n", tnames->count);
sids.count = 0;
sids.sids = NULL;
+ r.in.num_names = 0;
+
+ input_idx = talloc_array(tctx, uint32_t, tnames->count);
names = talloc_array(tctx, struct lsa_String, tnames->count);
for (i=0;i<tnames->count;i++) {
- init_lsa_String(&names[i], tnames->names[i].name.string);
+ if (tnames->names[i].sid_type != SID_NAME_UNKNOWN) {
+ init_lsa_String(&names[r.in.num_names], tnames->names[i].name.string);
+ input_idx[r.in.num_names] = i;
+ r.in.num_names++;
+ }
}
r.in.num_names = tnames->count;
@@ -571,7 +604,8 @@ static bool test_LookupSids(struct dcerpc_binding_handle *b,
torture_assert_ntstatus_ok(tctx, dcerpc_lsa_LookupSids_r(b, tctx, &r),
"LookupSids failed");
- if (!NT_STATUS_IS_OK(r.out.result)) {
+ if (!NT_STATUS_IS_OK(r.out.result) &&
+ !NT_STATUS_EQUAL(r.out.result, STATUS_SOME_UNMAPPED)) {
torture_comment(tctx, "LookupSids failed - %s\n",
nt_errstr(r.out.result));
return false;
@@ -615,7 +649,8 @@ static bool test_LookupSids2(struct dcerpc_binding_handle *b,
torture_assert_ntstatus_ok(tctx, dcerpc_lsa_LookupSids2_r(b, tctx, &r),
"LookupSids2 failed");
- if (!NT_STATUS_IS_OK(r.out.result)) {
+ if (!NT_STATUS_IS_OK(r.out.result) &&
+ !NT_STATUS_EQUAL(r.out.result, STATUS_SOME_UNMAPPED)) {
torture_comment(tctx, "LookupSids2 failed - %s\n",
nt_errstr(r.out.result));
return false;