summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
Diffstat (limited to 'source4')
-rw-r--r--source4/libcli/security/tests/bindings.py10
-rw-r--r--source4/librpc/ndr/py_security.c15
-rw-r--r--source4/scripting/python/samba/tests/__init__.py6
-rw-r--r--source4/selftest/skip1
-rw-r--r--source4/torture/rpc/lsa_lookup.c90
-rw-r--r--source4/torture/rpc/rpc.c1
-rw-r--r--source4/torture/rpc/samr.c4
-rw-r--r--source4/torture/rpc/samr_accessmask.c22
-rw-r--r--source4/torture/rpc/spoolss.c62
-rw-r--r--source4/torture/rpc/spoolss_win.c7
-rw-r--r--source4/torture/rpc/svcctl.c14
11 files changed, 192 insertions, 40 deletions
diff --git a/source4/libcli/security/tests/bindings.py b/source4/libcli/security/tests/bindings.py
index 24ee01c37f..5c153050be 100644
--- a/source4/libcli/security/tests/bindings.py
+++ b/source4/libcli/security/tests/bindings.py
@@ -67,6 +67,16 @@ class SecurityDescriptorTests(unittest.TestCase):
self.assertEquals(desc1.sacl, desc2.sacl)
self.assertEquals(desc1.type, desc2.type)
+ def test_as_sddl_no_domainsid(self):
+ dom = security.dom_sid("S-2-0-0")
+ text = "O:AOG:DAD:(A;;RPWPCCDCLCSWRCWDWOGA;;;S-1-0-0)"
+ desc1 = security.descriptor.from_sddl(text, dom)
+ desc2 = security.descriptor.from_sddl(desc1.as_sddl(), dom)
+ self.assertEquals(desc1.group_sid, desc2.group_sid)
+ self.assertEquals(desc1.owner_sid, desc2.owner_sid)
+ self.assertEquals(desc1.sacl, desc2.sacl)
+ self.assertEquals(desc1.type, desc2.type)
+
class DomSidTests(unittest.TestCase):
def test_parse_sid(self):
diff --git a/source4/librpc/ndr/py_security.c b/source4/librpc/ndr/py_security.c
index f89263bba3..43c1d50d66 100644
--- a/source4/librpc/ndr/py_security.c
+++ b/source4/librpc/ndr/py_security.c
@@ -187,13 +187,22 @@ static PyObject *py_descriptor_from_sddl(PyObject *self, PyObject *args)
return py_talloc_import((PyTypeObject *)self, secdesc);
}
-static PyObject *py_descriptor_as_sddl(PyObject *self, PyObject *py_sid)
+static PyObject *py_descriptor_as_sddl(PyObject *self, PyObject *args)
{
- struct dom_sid *sid = py_talloc_get_ptr(py_sid);
+ struct dom_sid *sid;
+ PyObject *py_sid = Py_None;
struct security_descriptor *desc = py_talloc_get_ptr(self);
char *text;
PyObject *ret;
+ if (!PyArg_ParseTuple(args, "|O", &py_sid))
+ return NULL;
+
+ if (py_sid == Py_None)
+ sid = py_talloc_get_ptr(py_sid);
+ else
+ sid = NULL;
+
text = sddl_encode(NULL, desc, sid);
ret = PyString_FromString(text);
@@ -215,7 +224,7 @@ static PyMethodDef py_descriptor_extra_methods[] = {
NULL },
{ "from_sddl", (PyCFunction)py_descriptor_from_sddl, METH_VARARGS|METH_CLASS,
NULL },
- { "as_sddl", (PyCFunction)py_descriptor_as_sddl, METH_O,
+ { "as_sddl", (PyCFunction)py_descriptor_as_sddl, METH_VARARGS,
NULL },
{ NULL }
};
diff --git a/source4/scripting/python/samba/tests/__init__.py b/source4/scripting/python/samba/tests/__init__.py
index 3f8ee8da32..ae7a707e35 100644
--- a/source4/scripting/python/samba/tests/__init__.py
+++ b/source4/scripting/python/samba/tests/__init__.py
@@ -106,10 +106,10 @@ class RpcInterfaceTestCase(unittest.TestCase):
class ValidNetbiosNameTests(unittest.TestCase):
def test_valid(self):
- self.assertTrue(valid_netbios_name("FOO"))
+ self.assertTrue(samba.valid_netbios_name("FOO"))
def test_too_long(self):
- self.assertFalse(valid_netbios_name("FOO"*10))
+ self.assertFalse(samba.valid_netbios_name("FOO"*10))
def test_invalid_characters(self):
- self.assertFalse(valid_netbios_name("()BLA"))
+ self.assertFalse(samba.valid_netbios_name("*BLA"))
diff --git a/source4/selftest/skip b/source4/selftest/skip
index 291ad8472d..364d02a904 100644
--- a/source4/selftest/skip
+++ b/source4/selftest/skip
@@ -28,6 +28,7 @@ raw.scan.eamax
samba4.ntvfs.cifs.raw.qfileinfo.ipc
smb2.notify
smb2.scan
+smb2.lease
ntvfs.cifs.base.charset
ntvfs.cifs.base.iometer
ntvfs.cifs.base.casetable
diff --git a/source4/torture/rpc/lsa_lookup.c b/source4/torture/rpc/lsa_lookup.c
index 0124ce1741..0a4c9904d7 100644
--- a/source4/torture/rpc/lsa_lookup.c
+++ b/source4/torture/rpc/lsa_lookup.c
@@ -88,6 +88,7 @@ static NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, uint16_t level,
{
struct lsa_LookupSids r;
struct lsa_SidArray sidarray;
+ struct lsa_RefDomainList *domains;
uint32_t count = 0;
uint32_t i;
@@ -108,6 +109,7 @@ static NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, uint16_t level,
r.in.count = &count;
r.out.names = names;
r.out.count = &count;
+ r.out.domains = &domains;
return dcerpc_lsa_LookupSids(p, mem_ctx, &r);
}
@@ -322,3 +324,91 @@ bool torture_rpc_lsa_lookup(struct torture_context *torture)
return ret;
}
+
+static bool test_LookupSidsReply(struct torture_context *tctx,
+ struct dcerpc_pipe *p)
+{
+ struct policy_handle *handle;
+
+ struct dom_sid **sids;
+ uint32_t num_sids = 1;
+
+ struct lsa_LookupSids r;
+ struct lsa_SidArray sidarray;
+ struct lsa_RefDomainList *domains = NULL;
+ struct lsa_TransNameArray names;
+ uint32_t count = 0;
+
+ uint32_t i;
+ NTSTATUS status;
+ const char *dom_sid = "S-1-5-21-1111111111-2222222222-3333333333";
+ const char *dom_admin_sid;
+
+ if (!open_policy(tctx, p, &handle)) {
+ return false;
+ }
+
+ dom_admin_sid = talloc_asprintf(tctx, "%s-%d", dom_sid, 512);
+
+ sids = talloc_array(tctx, struct dom_sid *, num_sids);
+
+ sids[0] = dom_sid_parse_talloc(tctx, dom_admin_sid);
+
+ names.count = 0;
+ names.names = NULL;
+
+ sidarray.num_sids = num_sids;
+ sidarray.sids = talloc_array(tctx, struct lsa_SidPtr, num_sids);
+
+ for (i=0; i<num_sids; i++) {
+ sidarray.sids[i].sid = sids[i];
+ }
+
+ r.in.handle = handle;
+ r.in.sids = &sidarray;
+ r.in.names = &names;
+ r.in.level = LSA_LOOKUP_NAMES_ALL;
+ r.in.count = &count;
+ r.out.names = &names;
+ r.out.count = &count;
+ r.out.domains = &domains;
+
+ status = dcerpc_lsa_LookupSids(p, tctx, &r);
+
+ torture_assert_ntstatus_equal(tctx, status, NT_STATUS_NONE_MAPPED,
+ "unexpected error code");
+
+ torture_assert_int_equal(tctx, names.count, num_sids,
+ "unexpected names count");
+ torture_assert(tctx, names.names,
+ "unexpected names pointer");
+ torture_assert_str_equal(tctx, names.names[0].name.string, dom_admin_sid,
+ "unexpected names[0].string");
+
+#if 0
+ /* vista sp1 passes, w2k3 sp2 fails */
+ torture_assert_int_equal(tctx, domains->count, num_sids,
+ "unexpected domains count");
+ torture_assert(tctx, domains->domains,
+ "unexpected domains pointer");
+ torture_assert_str_equal(tctx, dom_sid_string(tctx, domains->domains[0].sid), dom_sid,
+ "unexpected domain sid");
+#endif
+
+ return true;
+}
+
+/* check for lookup sids results */
+struct torture_suite *torture_rpc_lsa_lookup_sids(TALLOC_CTX *mem_ctx)
+{
+ struct torture_suite *suite;
+ struct torture_rpc_tcase *tcase;
+
+ suite = torture_suite_create(mem_ctx, "LSA-LOOKUPSIDS");
+ tcase = torture_suite_add_rpc_iface_tcase(suite, "lsa",
+ &ndr_table_lsarpc);
+
+ torture_rpc_tcase_add_test(tcase, "LookupSidsReply", test_LookupSidsReply);
+
+ return suite;
+}
diff --git a/source4/torture/rpc/rpc.c b/source4/torture/rpc/rpc.c
index 069bb51a89..5624c32b96 100644
--- a/source4/torture/rpc/rpc.c
+++ b/source4/torture/rpc/rpc.c
@@ -378,6 +378,7 @@ NTSTATUS torture_rpc_init(void)
torture_suite_add_simple_test(suite, "LSA", torture_rpc_lsa);
torture_suite_add_simple_test(suite, "LSALOOKUP", torture_rpc_lsa_lookup);
torture_suite_add_simple_test(suite, "LSA-GETUSER", torture_rpc_lsa_get_user);
+ torture_suite_add_suite(suite, torture_rpc_lsa_lookup_sids(suite));
torture_suite_add_suite(suite, torture_rpc_lsa_secrets(suite));
torture_suite_add_suite(suite, torture_rpc_echo(suite));
torture_suite_add_simple_test(suite, "DFS", torture_rpc_dfs);
diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
index 7b4e85195b..9483ae2a9a 100644
--- a/source4/torture/rpc/samr.c
+++ b/source4/torture/rpc/samr.c
@@ -5664,7 +5664,9 @@ static bool test_OpenDomain(struct dcerpc_pipe *p, struct torture_context *tctx,
}
break;
case TORTURE_SAMR_PASSWORDS_PWDLASTSET:
- ret &= test_CreateUser2(p, tctx, &domain_handle, sid, which_ops, machine_credentials);
+ if (!torture_setting_bool(tctx, "samba3", false)) {
+ ret &= test_CreateUser2(p, tctx, &domain_handle, sid, which_ops, machine_credentials);
+ }
ret &= test_CreateUser(p, tctx, &domain_handle, &user_handle, sid, which_ops, machine_credentials);
if (!ret) {
printf("Testing PASSWORDS PWDLASTSET on domain %s failed!\n", dom_sid_string(tctx, sid));
diff --git a/source4/torture/rpc/samr_accessmask.c b/source4/torture/rpc/samr_accessmask.c
index 9a8e442019..fb560befe9 100644
--- a/source4/torture/rpc/samr_accessmask.c
+++ b/source4/torture/rpc/samr_accessmask.c
@@ -301,7 +301,12 @@ static bool test_samr_connect_user_acl(struct torture_context *tctx,
/* Try to connect as the test user */
status = dcerpc_pipe_connect(tctx,
&test_p, binding, &ndr_table_samr,
- test_credentials, NULL, tctx->lp_ctx);
+ test_credentials, tctx->ev, tctx->lp_ctx);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("dcerpc_pipe_connect failed: %s\n", nt_errstr(status));
+ return false;
+ }
+
/* connect to SAMR as the user */
status = torture_samr_Connect5(tctx, test_p, SEC_FLAG_MAXIMUM_ALLOWED, &uch);
if (!NT_STATUS_IS_OK(status)) {
@@ -310,9 +315,6 @@ static bool test_samr_connect_user_acl(struct torture_context *tctx,
}
/* disconnec the user */
talloc_free(test_p);
- if (!NT_STATUS_IS_OK(status)) {
- return false;
- }
/* read the sequrity descriptor back. it should not have changed
@@ -366,7 +368,11 @@ static bool test_samr_connect_user_acl_enforced(struct torture_context *tctx,
status = dcerpc_pipe_connect(tctx,
&test_p, binding, &ndr_table_samr,
- test_credentials, NULL, tctx->lp_ctx);
+ test_credentials, tctx->ev, tctx->lp_ctx);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("dcerpc_pipe_connect failed: %s\n", nt_errstr(status));
+ return false;
+ }
/* connect to SAMR as the user */
status = torture_samr_Connect5(tctx, test_p, SAMR_ACCESS_SHUTDOWN_SERVER, &uch);
@@ -447,6 +453,7 @@ static bool test_samr_accessmask_LookupDomain(struct torture_context *tctx,
ld.in.connect_handle = &ch;
ld.in.domain_name = &dn;
+ ld.out.sid = &sid;
dn.string = lp_workgroup(tctx->lp_ctx);
status = dcerpc_samr_LookupDomain(p, tctx, &ld);
@@ -530,7 +537,7 @@ static bool test_samr_accessmask_OpenDomain(struct torture_context *tctx,
od.in.connect_handle = &ch;
od.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
- od.in.sid = *ld.out.sid;
+ od.in.sid = sid;
od.out.domain_handle = &dh;
status = dcerpc_samr_OpenDomain(p, tctx, &od);
@@ -627,6 +634,7 @@ static bool test_samr_connect(struct torture_context *tctx,
ret = false;
}
+ if (!torture_setting_bool(tctx, "samba3", false)) {
/* test if ACLs can be changed for the policy handle
* returned by Connect5
@@ -649,7 +657,7 @@ static bool test_samr_connect(struct torture_context *tctx,
ret = false;
}
-
+ }
/* remove the test user */
torture_leave_domain(tctx, testuser);
diff --git a/source4/torture/rpc/spoolss.c b/source4/torture/rpc/spoolss.c
index d17b3c7b60..bfe667240c 100644
--- a/source4/torture/rpc/spoolss.c
+++ b/source4/torture/rpc/spoolss.c
@@ -313,7 +313,11 @@ static bool test_EnumPrinterDrivers(struct torture_context *tctx,
uint32_t count;
union spoolss_DriverInfo *info;
- r.in.server = "";
+ /* FIXME: gd, come back and fix "" as server, and handle
+ * priority of returned error codes in torture test and samba 3
+ * server */
+
+ r.in.server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
r.in.environment = SPOOLSS_ARCHITECTURE_NT_X86;
r.in.level = level;
r.in.buffer = NULL;
@@ -331,16 +335,15 @@ static bool test_EnumPrinterDrivers(struct torture_context *tctx,
/* TODO: do some more checks here */
continue;
}
- torture_assert_werr_equal(tctx, r.out.result, WERR_INSUFFICIENT_BUFFER,
- "EnumPrinterDrivers failed");
-
- blob = data_blob_talloc(ctx, NULL, needed);
- data_blob_clear(&blob);
- r.in.buffer = &blob;
- r.in.offered = needed;
+ if (W_ERROR_EQUAL(r.out.result, WERR_INSUFFICIENT_BUFFER)) {
+ blob = data_blob_talloc(ctx, NULL, needed);
+ data_blob_clear(&blob);
+ r.in.buffer = &blob;
+ r.in.offered = needed;
- status = dcerpc_spoolss_EnumPrinterDrivers(p, ctx, &r);
- torture_assert_ntstatus_ok(tctx, status, "dcerpc_spoolss_EnumPrinterDrivers failed");
+ status = dcerpc_spoolss_EnumPrinterDrivers(p, ctx, &r);
+ torture_assert_ntstatus_ok(tctx, status, "dcerpc_spoolss_EnumPrinterDrivers failed");
+ }
torture_assert_werr_ok(tctx, r.out.result, "EnumPrinterDrivers failed");
@@ -1061,28 +1064,43 @@ static bool test_GetJob(struct torture_context *tctx,
NTSTATUS status;
struct spoolss_GetJob r;
uint32_t needed;
+ uint32_t levels[] = {1, 2 /* 3, 4 */};
+ uint32_t i;
r.in.handle = handle;
r.in.job_id = job_id;
- r.in.level = 1;
+ r.in.level = 0;
r.in.buffer = NULL;
r.in.offered = 0;
r.out.needed = &needed;
- torture_comment(tctx, "Testing GetJob\n");
+ torture_comment(tctx, "Testing GetJob level %d\n", r.in.level);
status = dcerpc_spoolss_GetJob(p, tctx, &r);
- torture_assert_ntstatus_ok(tctx, status, "GetJob failed");
+ torture_assert_werr_equal(tctx, r.out.result, WERR_UNKNOWN_LEVEL, "Unexpected return code");
- if (W_ERROR_EQUAL(r.out.result, WERR_INSUFFICIENT_BUFFER)) {
- DATA_BLOB blob = data_blob_talloc(tctx, NULL, needed);
- data_blob_clear(&blob);
- r.in.buffer = &blob;
- r.in.offered = needed;
+ for (i = 0; i < ARRAY_SIZE(levels); i++) {
+
+ torture_comment(tctx, "Testing GetJob level %d\n", r.in.level);
+
+ r.in.level = levels[i];
+ r.in.offered = 0;
status = dcerpc_spoolss_GetJob(p, tctx, &r);
+ torture_assert_ntstatus_ok(tctx, status, "GetJob failed");
+ if (W_ERROR_EQUAL(r.out.result, WERR_INSUFFICIENT_BUFFER)) {
+ DATA_BLOB blob = data_blob_talloc(tctx, NULL, needed);
+ data_blob_clear(&blob);
+ r.in.buffer = &blob;
+ r.in.offered = needed;
+
+ status = dcerpc_spoolss_GetJob(p, tctx, &r);
+ torture_assert_ntstatus_ok(tctx, status, "GetJob failed");
+
+ }
torture_assert(tctx, r.out.info, "No job info returned");
+ torture_assert_werr_ok(tctx, r.out.result, "GetJob failed");
}
return true;
@@ -1209,8 +1227,12 @@ static bool test_EnumJobs(struct torture_context *tctx,
for (j = 0; j < count; j++) {
test_GetJob(tctx, p, handle, info[j].info1.job_id);
- test_SetJob(tctx, p, handle, info[j].info1.job_id, SPOOLSS_JOB_CONTROL_PAUSE);
- test_SetJob(tctx, p, handle, info[j].info1.job_id, SPOOLSS_JOB_CONTROL_RESUME);
+
+ /* FIXME - gd */
+ if (!torture_setting_bool(tctx, "samba3", false)) {
+ test_SetJob(tctx, p, handle, info[j].info1.job_id, SPOOLSS_JOB_CONTROL_PAUSE);
+ test_SetJob(tctx, p, handle, info[j].info1.job_id, SPOOLSS_JOB_CONTROL_RESUME);
+ }
}
} else {
diff --git a/source4/torture/rpc/spoolss_win.c b/source4/torture/rpc/spoolss_win.c
index 42b6929557..719d8e26d2 100644
--- a/source4/torture/rpc/spoolss_win.c
+++ b/source4/torture/rpc/spoolss_win.c
@@ -290,6 +290,13 @@ static bool test_EnumJobs(struct torture_context *tctx,
status = dcerpc_spoolss_EnumJobs(p, tctx, &ej);
torture_assert_ntstatus_ok(tctx, status, "EnumJobs failed");
+ if (W_ERROR_EQUAL(ej.out.result, WERR_INSUFFICIENT_BUFFER)) {
+ blob = data_blob_talloc_zero(tctx, needed);
+ ej.in.offered = needed;
+ ej.in.buffer = &blob;
+ status = dcerpc_spoolss_EnumJobs(p, tctx, &ej);
+ torture_assert_ntstatus_ok(tctx, status, "EnumJobs failed");
+ }
torture_assert_werr_ok(tctx, ej.out.result, "EnumJobs failed");
return true;
diff --git a/source4/torture/rpc/svcctl.c b/source4/torture/rpc/svcctl.c
index 631e367c3b..a2e32f221f 100644
--- a/source4/torture/rpc/svcctl.c
+++ b/source4/torture/rpc/svcctl.c
@@ -26,6 +26,8 @@
#include "torture/rpc/rpc.h"
#include "param/param.h"
+#define TORTURE_DEFAULT_SERVICE "NetLogon"
+
static bool test_OpenSCManager(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *h)
{
struct svcctl_OpenSCManagerW r;
@@ -85,7 +87,7 @@ static bool test_QueryServiceStatus(struct torture_context *tctx,
if (!test_OpenSCManager(p, tctx, &h))
return false;
- if (!test_OpenService(p, tctx, &h, "Netlogon", &s))
+ if (!test_OpenService(p, tctx, &h, TORTURE_DEFAULT_SERVICE, &s))
return false;
r.in.handle = &s;
@@ -118,7 +120,7 @@ static bool test_QueryServiceStatusEx(struct torture_context *tctx, struct dcerp
if (!test_OpenSCManager(p, tctx, &h))
return false;
- if (!test_OpenService(p, tctx, &h, "Netlogon", &s))
+ if (!test_OpenService(p, tctx, &h, TORTURE_DEFAULT_SERVICE, &s))
return false;
buffer = talloc(tctx, uint8_t);
@@ -165,7 +167,7 @@ static bool test_QueryServiceConfigW(struct torture_context *tctx,
if (!test_OpenSCManager(p, tctx, &h))
return false;
- if (!test_OpenService(p, tctx, &h, "Netlogon", &s))
+ if (!test_OpenService(p, tctx, &h, TORTURE_DEFAULT_SERVICE, &s))
return false;
r.in.handle = &s;
@@ -207,7 +209,7 @@ static bool test_QueryServiceConfig2W(struct torture_context *tctx, struct dcerp
if (!test_OpenSCManager(p, tctx, &h))
return false;
- if (!test_OpenService(p, tctx, &h, "Netlogon", &s))
+ if (!test_OpenService(p, tctx, &h, TORTURE_DEFAULT_SERVICE, &s))
return false;
buffer = talloc(tctx, uint8_t);
@@ -270,7 +272,7 @@ static bool test_QueryServiceObjectSecurity(struct torture_context *tctx,
if (!test_OpenSCManager(p, tctx, &h))
return false;
- if (!test_OpenService(p, tctx, &h, "Netlogon", &s))
+ if (!test_OpenService(p, tctx, &h, TORTURE_DEFAULT_SERVICE, &s))
return false;
r.in.handle = &s;
@@ -403,7 +405,7 @@ static bool test_EnumDependentServicesW(struct torture_context *tctx,
if (!test_OpenSCManager(p, tctx, &h))
return false;
- if (!test_OpenService(p, tctx, &h, "Netlogon", &s))
+ if (!test_OpenService(p, tctx, &h, TORTURE_DEFAULT_SERVICE, &s))
return false;
r.in.service = &s;