summaryrefslogtreecommitdiff
path: root/source4/torture/rpc
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2008-02-28 08:50:00 +1100
committerAndrew Bartlett <abartlet@samba.org>2008-02-28 08:50:00 +1100
commit5043215f219f90a899a8dc75518540a04b93301f (patch)
tree61b72bfb81e80cb61739c40351b20422b632cbc8 /source4/torture/rpc
parent446fb38765c8b3d0e8cf3f74442029cabca3a41b (diff)
downloadsamba-5043215f219f90a899a8dc75518540a04b93301f.tar.gz
samba-5043215f219f90a899a8dc75518540a04b93301f.tar.bz2
samba-5043215f219f90a899a8dc75518540a04b93301f.zip
Generate ACB_PW_EXPIRED correctly
More correctly handle expired passwords, and do not expire machine accounts. Test that the behaviour is consistant with windows, using the RPC-SAMR test. Change NETLOGON to directly query the userAccountControl, just because we don't want to do the extra expiry processing here. Andrew Bartlett (This used to be commit acda1f69bc9b9c43e157e254d0bae54d11363661)
Diffstat (limited to 'source4/torture/rpc')
-rw-r--r--source4/torture/rpc/samr.c45
1 files changed, 37 insertions, 8 deletions
diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
index 9d6c73891b..1d6ec43399 100644
--- a/source4/torture/rpc/samr.c
+++ b/source4/torture/rpc/samr.c
@@ -416,11 +416,6 @@ static bool test_SetUserInfo(struct dcerpc_pipe *p, struct torture_context *tctx
TEST_USERINFO_INT(21, logon_hours.bits[3], 21, logon_hours.bits[3], 4,
SAMR_FIELD_LOGON_HOURS);
- if (torture_setting_bool(tctx, "samba4", false)) {
- printf("skipping Set Account Flag tests against Samba4\n");
- return ret;
- }
-
TEST_USERINFO_INT_EXP(16, acct_flags, 5, acct_flags,
(base_acct_flags | ACB_DISABLED | ACB_HOMDIRREQ),
(base_acct_flags | ACB_DISABLED | ACB_HOMDIRREQ | user_extra_flags),
@@ -1989,9 +1984,12 @@ static bool test_user_ops(struct dcerpc_pipe *p,
const char *base_acct_name, enum torture_samr_choice which_ops)
{
char *password = NULL;
+ struct samr_QueryUserInfo q;
+ NTSTATUS status;
bool ret = true;
int i;
+ uint32_t rid;
const uint32_t password_fields[] = {
SAMR_FIELD_PASSWORD,
SAMR_FIELD_PASSWORD2,
@@ -1999,6 +1997,11 @@ static bool test_user_ops(struct dcerpc_pipe *p,
0
};
+ status = test_LookupName(p, tctx, domain_handle, base_acct_name, &rid);
+ if (!NT_STATUS_IS_OK(status)) {
+ ret = false;
+ }
+
switch (which_ops) {
case TORTURE_SAMR_USER_ATTRIBUTES:
if (!test_QuerySecurity(p, tctx, user_handle)) {
@@ -2091,6 +2094,29 @@ static bool test_user_ops(struct dcerpc_pipe *p,
ret = false;
}
+ q.in.user_handle = user_handle;
+ q.in.level = 5;
+
+ status = dcerpc_samr_QueryUserInfo(p, tctx, &q);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("QueryUserInfo level %u failed - %s\n",
+ q.in.level, nt_errstr(status));
+ ret = false;
+ } else {
+ uint32_t expected_flags = (base_acct_flags | ACB_PWNOTREQ | ACB_DISABLED);
+ if ((q.out.info->info5.acct_flags) != expected_flags) {
+ printf("QuerUserInfo level 5 failed, it returned 0x%08x when we expected flags of 0x%08x\n",
+ q.out.info->info5.acct_flags,
+ expected_flags);
+ ret = false;
+ }
+ if (q.out.info->info5.rid != rid) {
+ printf("QuerUserInfo level 5 failed, it returned %u when we expected rid of %u\n",
+ q.out.info->info5.rid, rid);
+
+ }
+ }
+
break;
case TORTURE_SAMR_OTHER:
/* We just need the account to exist */
@@ -2667,10 +2693,14 @@ static bool test_CreateUser2(struct dcerpc_pipe *p, struct torture_context *tctx
q.in.level, nt_errstr(status));
ret = false;
} else {
- if ((q.out.info->info5.acct_flags & acct_flags) != acct_flags) {
+ uint32_t expected_flags = (acct_flags | ACB_PWNOTREQ | ACB_DISABLED);
+ if (acct_flags == ACB_NORMAL) {
+ expected_flags |= ACB_PW_EXPIRED;
+ }
+ if ((q.out.info->info5.acct_flags) != expected_flags) {
printf("QuerUserInfo level 5 failed, it returned 0x%08x when we expected flags of 0x%08x\n",
q.out.info->info5.acct_flags,
- acct_flags);
+ expected_flags);
ret = false;
}
switch (acct_flags) {
@@ -3887,7 +3917,6 @@ static bool test_GroupList(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
for (j=0; j<num_names; j++) {
if (names[j] == NULL)
continue;
- /* Hmm. No strequal in samba4 */
if (strequal(names[j], name)) {
names[j] = NULL;
found = true;