diff options
author | Andrew Bartlett <abartlet@samba.org> | 2008-08-26 12:18:26 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2008-08-26 12:18:26 +1000 |
commit | 4eba234a7352094e1640e8ff9d80a20f8d4705a3 (patch) | |
tree | 25e2c87fd6e48c1dd6264665f8e7a4a1c353559a /source4/torture | |
parent | f7c13b1a959903f3bb64206c0335b1b3c3de3065 (diff) | |
download | samba-4eba234a7352094e1640e8ff9d80a20f8d4705a3.tar.gz samba-4eba234a7352094e1640e8ff9d80a20f8d4705a3.tar.bz2 samba-4eba234a7352094e1640e8ff9d80a20f8d4705a3.zip |
More LSA server and testuite work.
- Implement QueryDomainInformationPolicy in Samba4
- Allow RPC-LSA to pass against Windows 2008 (which does not allow
the Audit privilage to be removed)
Andrew Bartlett
(This used to be commit d94c7bbcd6eee6d975eac32a1d172f4164c97137)
Diffstat (limited to 'source4/torture')
-rw-r--r-- | source4/torture/rpc/lsa.c | 32 |
1 files changed, 25 insertions, 7 deletions
diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c index 31dc38500d..ec74426ac6 100644 --- a/source4/torture/rpc/lsa.c +++ b/source4/torture/rpc/lsa.c @@ -779,6 +779,7 @@ static bool test_LookupPrivName(struct dcerpc_pipe *p, static bool test_RemovePrivilegesFromAccount(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, + struct policy_handle *handle, struct policy_handle *acct_handle, struct lsa_LUID *luid) { @@ -801,7 +802,25 @@ static bool test_RemovePrivilegesFromAccount(struct dcerpc_pipe *p, status = dcerpc_lsa_RemovePrivilegesFromAccount(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { - printf("RemovePrivilegesFromAccount failed - %s\n", nt_errstr(status)); + + struct lsa_LookupPrivName r_name; + + r_name.in.handle = handle; + r_name.in.luid = luid; + + status = dcerpc_lsa_LookupPrivName(p, mem_ctx, &r_name); + if (!NT_STATUS_IS_OK(status)) { + printf("\nLookupPrivName failed - %s\n", nt_errstr(status)); + return false; + } + /* Windows 2008 does not allow this to be removed */ + if (strcmp("SeAuditPrivilege", r_name.out.name->string) == 0) { + return ret; + } + + printf("RemovePrivilegesFromAccount failed to remove %s - %s\n", + r_name.out.name->string, + nt_errstr(status)); return false; } @@ -864,7 +883,7 @@ static bool test_EnumPrivsAccount(struct dcerpc_pipe *p, &r.out.privs->set[i].luid); } - ret &= test_RemovePrivilegesFromAccount(p, mem_ctx, acct_handle, + ret &= test_RemovePrivilegesFromAccount(p, mem_ctx, handle, acct_handle, &r.out.privs->set[0].luid); ret &= test_AddPrivilegesToAccount(p, mem_ctx, acct_handle, &r.out.privs->set[0].luid); @@ -2036,10 +2055,6 @@ static bool test_QueryDomainInfoPolicy(struct dcerpc_pipe *p, NTSTATUS status; int i; bool ret = true; - if (torture_setting_bool(tctx, "samba4", false)) { - printf("skipping QueryDomainInformationPolicy test against Samba4\n"); - return true; - } printf("\nTesting QueryDomainInformationPolicy\n"); @@ -2051,7 +2066,10 @@ static bool test_QueryDomainInfoPolicy(struct dcerpc_pipe *p, status = dcerpc_lsa_QueryDomainInformationPolicy(p, tctx, &r); - if (!NT_STATUS_IS_OK(status)) { + /* If the server does not support EFS, then this is the correct return */ + if (i == LSA_DOMAIN_INFO_POLICY_EFS && NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) { + continue; + } else if (!NT_STATUS_IS_OK(status)) { printf("QueryDomainInformationPolicy failed - %s\n", nt_errstr(status)); ret = false; continue; |