diff options
Diffstat (limited to 'source4')
-rw-r--r-- | source4/libcli/security/tests/bindings.py | 10 | ||||
-rw-r--r-- | source4/librpc/ndr/py_security.c | 15 | ||||
-rw-r--r-- | source4/scripting/python/samba/tests/__init__.py | 6 | ||||
-rw-r--r-- | source4/selftest/skip | 1 | ||||
-rw-r--r-- | source4/torture/rpc/lsa_lookup.c | 90 | ||||
-rw-r--r-- | source4/torture/rpc/rpc.c | 1 | ||||
-rw-r--r-- | source4/torture/rpc/samr.c | 4 | ||||
-rw-r--r-- | source4/torture/rpc/samr_accessmask.c | 22 | ||||
-rw-r--r-- | source4/torture/rpc/spoolss.c | 62 | ||||
-rw-r--r-- | source4/torture/rpc/spoolss_win.c | 7 | ||||
-rw-r--r-- | source4/torture/rpc/svcctl.c | 14 |
11 files changed, 192 insertions, 40 deletions
diff --git a/source4/libcli/security/tests/bindings.py b/source4/libcli/security/tests/bindings.py index 24ee01c37f..5c153050be 100644 --- a/source4/libcli/security/tests/bindings.py +++ b/source4/libcli/security/tests/bindings.py @@ -67,6 +67,16 @@ class SecurityDescriptorTests(unittest.TestCase): self.assertEquals(desc1.sacl, desc2.sacl) self.assertEquals(desc1.type, desc2.type) + def test_as_sddl_no_domainsid(self): + dom = security.dom_sid("S-2-0-0") + text = "O:AOG:DAD:(A;;RPWPCCDCLCSWRCWDWOGA;;;S-1-0-0)" + desc1 = security.descriptor.from_sddl(text, dom) + desc2 = security.descriptor.from_sddl(desc1.as_sddl(), dom) + self.assertEquals(desc1.group_sid, desc2.group_sid) + self.assertEquals(desc1.owner_sid, desc2.owner_sid) + self.assertEquals(desc1.sacl, desc2.sacl) + self.assertEquals(desc1.type, desc2.type) + class DomSidTests(unittest.TestCase): def test_parse_sid(self): diff --git a/source4/librpc/ndr/py_security.c b/source4/librpc/ndr/py_security.c index f89263bba3..43c1d50d66 100644 --- a/source4/librpc/ndr/py_security.c +++ b/source4/librpc/ndr/py_security.c @@ -187,13 +187,22 @@ static PyObject *py_descriptor_from_sddl(PyObject *self, PyObject *args) return py_talloc_import((PyTypeObject *)self, secdesc); } -static PyObject *py_descriptor_as_sddl(PyObject *self, PyObject *py_sid) +static PyObject *py_descriptor_as_sddl(PyObject *self, PyObject *args) { - struct dom_sid *sid = py_talloc_get_ptr(py_sid); + struct dom_sid *sid; + PyObject *py_sid = Py_None; struct security_descriptor *desc = py_talloc_get_ptr(self); char *text; PyObject *ret; + if (!PyArg_ParseTuple(args, "|O", &py_sid)) + return NULL; + + if (py_sid == Py_None) + sid = py_talloc_get_ptr(py_sid); + else + sid = NULL; + text = sddl_encode(NULL, desc, sid); ret = PyString_FromString(text); @@ -215,7 +224,7 @@ static PyMethodDef py_descriptor_extra_methods[] = { NULL }, { "from_sddl", (PyCFunction)py_descriptor_from_sddl, METH_VARARGS|METH_CLASS, NULL }, - { "as_sddl", (PyCFunction)py_descriptor_as_sddl, METH_O, + { "as_sddl", (PyCFunction)py_descriptor_as_sddl, METH_VARARGS, NULL }, { NULL } }; diff --git a/source4/scripting/python/samba/tests/__init__.py b/source4/scripting/python/samba/tests/__init__.py index 3f8ee8da32..ae7a707e35 100644 --- a/source4/scripting/python/samba/tests/__init__.py +++ b/source4/scripting/python/samba/tests/__init__.py @@ -106,10 +106,10 @@ class RpcInterfaceTestCase(unittest.TestCase): class ValidNetbiosNameTests(unittest.TestCase): def test_valid(self): - self.assertTrue(valid_netbios_name("FOO")) + self.assertTrue(samba.valid_netbios_name("FOO")) def test_too_long(self): - self.assertFalse(valid_netbios_name("FOO"*10)) + self.assertFalse(samba.valid_netbios_name("FOO"*10)) def test_invalid_characters(self): - self.assertFalse(valid_netbios_name("()BLA")) + self.assertFalse(samba.valid_netbios_name("*BLA")) diff --git a/source4/selftest/skip b/source4/selftest/skip index 291ad8472d..364d02a904 100644 --- a/source4/selftest/skip +++ b/source4/selftest/skip @@ -28,6 +28,7 @@ raw.scan.eamax samba4.ntvfs.cifs.raw.qfileinfo.ipc smb2.notify smb2.scan +smb2.lease ntvfs.cifs.base.charset ntvfs.cifs.base.iometer ntvfs.cifs.base.casetable diff --git a/source4/torture/rpc/lsa_lookup.c b/source4/torture/rpc/lsa_lookup.c index 0124ce1741..0a4c9904d7 100644 --- a/source4/torture/rpc/lsa_lookup.c +++ b/source4/torture/rpc/lsa_lookup.c @@ -88,6 +88,7 @@ static NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, uint16_t level, { struct lsa_LookupSids r; struct lsa_SidArray sidarray; + struct lsa_RefDomainList *domains; uint32_t count = 0; uint32_t i; @@ -108,6 +109,7 @@ static NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, uint16_t level, r.in.count = &count; r.out.names = names; r.out.count = &count; + r.out.domains = &domains; return dcerpc_lsa_LookupSids(p, mem_ctx, &r); } @@ -322,3 +324,91 @@ bool torture_rpc_lsa_lookup(struct torture_context *torture) return ret; } + +static bool test_LookupSidsReply(struct torture_context *tctx, + struct dcerpc_pipe *p) +{ + struct policy_handle *handle; + + struct dom_sid **sids; + uint32_t num_sids = 1; + + struct lsa_LookupSids r; + struct lsa_SidArray sidarray; + struct lsa_RefDomainList *domains = NULL; + struct lsa_TransNameArray names; + uint32_t count = 0; + + uint32_t i; + NTSTATUS status; + const char *dom_sid = "S-1-5-21-1111111111-2222222222-3333333333"; + const char *dom_admin_sid; + + if (!open_policy(tctx, p, &handle)) { + return false; + } + + dom_admin_sid = talloc_asprintf(tctx, "%s-%d", dom_sid, 512); + + sids = talloc_array(tctx, struct dom_sid *, num_sids); + + sids[0] = dom_sid_parse_talloc(tctx, dom_admin_sid); + + names.count = 0; + names.names = NULL; + + sidarray.num_sids = num_sids; + sidarray.sids = talloc_array(tctx, struct lsa_SidPtr, num_sids); + + for (i=0; i<num_sids; i++) { + sidarray.sids[i].sid = sids[i]; + } + + r.in.handle = handle; + r.in.sids = &sidarray; + r.in.names = &names; + r.in.level = LSA_LOOKUP_NAMES_ALL; + r.in.count = &count; + r.out.names = &names; + r.out.count = &count; + r.out.domains = &domains; + + status = dcerpc_lsa_LookupSids(p, tctx, &r); + + torture_assert_ntstatus_equal(tctx, status, NT_STATUS_NONE_MAPPED, + "unexpected error code"); + + torture_assert_int_equal(tctx, names.count, num_sids, + "unexpected names count"); + torture_assert(tctx, names.names, + "unexpected names pointer"); + torture_assert_str_equal(tctx, names.names[0].name.string, dom_admin_sid, + "unexpected names[0].string"); + +#if 0 + /* vista sp1 passes, w2k3 sp2 fails */ + torture_assert_int_equal(tctx, domains->count, num_sids, + "unexpected domains count"); + torture_assert(tctx, domains->domains, + "unexpected domains pointer"); + torture_assert_str_equal(tctx, dom_sid_string(tctx, domains->domains[0].sid), dom_sid, + "unexpected domain sid"); +#endif + + return true; +} + +/* check for lookup sids results */ +struct torture_suite *torture_rpc_lsa_lookup_sids(TALLOC_CTX *mem_ctx) +{ + struct torture_suite *suite; + struct torture_rpc_tcase *tcase; + + suite = torture_suite_create(mem_ctx, "LSA-LOOKUPSIDS"); + tcase = torture_suite_add_rpc_iface_tcase(suite, "lsa", + &ndr_table_lsarpc); + + torture_rpc_tcase_add_test(tcase, "LookupSidsReply", test_LookupSidsReply); + + return suite; +} diff --git a/source4/torture/rpc/rpc.c b/source4/torture/rpc/rpc.c index 069bb51a89..5624c32b96 100644 --- a/source4/torture/rpc/rpc.c +++ b/source4/torture/rpc/rpc.c @@ -378,6 +378,7 @@ NTSTATUS torture_rpc_init(void) torture_suite_add_simple_test(suite, "LSA", torture_rpc_lsa); torture_suite_add_simple_test(suite, "LSALOOKUP", torture_rpc_lsa_lookup); torture_suite_add_simple_test(suite, "LSA-GETUSER", torture_rpc_lsa_get_user); + torture_suite_add_suite(suite, torture_rpc_lsa_lookup_sids(suite)); torture_suite_add_suite(suite, torture_rpc_lsa_secrets(suite)); torture_suite_add_suite(suite, torture_rpc_echo(suite)); torture_suite_add_simple_test(suite, "DFS", torture_rpc_dfs); diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index 7b4e85195b..9483ae2a9a 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -5664,7 +5664,9 @@ static bool test_OpenDomain(struct dcerpc_pipe *p, struct torture_context *tctx, } break; case TORTURE_SAMR_PASSWORDS_PWDLASTSET: - ret &= test_CreateUser2(p, tctx, &domain_handle, sid, which_ops, machine_credentials); + if (!torture_setting_bool(tctx, "samba3", false)) { + ret &= test_CreateUser2(p, tctx, &domain_handle, sid, which_ops, machine_credentials); + } ret &= test_CreateUser(p, tctx, &domain_handle, &user_handle, sid, which_ops, machine_credentials); if (!ret) { printf("Testing PASSWORDS PWDLASTSET on domain %s failed!\n", dom_sid_string(tctx, sid)); diff --git a/source4/torture/rpc/samr_accessmask.c b/source4/torture/rpc/samr_accessmask.c index 9a8e442019..fb560befe9 100644 --- a/source4/torture/rpc/samr_accessmask.c +++ b/source4/torture/rpc/samr_accessmask.c @@ -301,7 +301,12 @@ static bool test_samr_connect_user_acl(struct torture_context *tctx, /* Try to connect as the test user */ status = dcerpc_pipe_connect(tctx, &test_p, binding, &ndr_table_samr, - test_credentials, NULL, tctx->lp_ctx); + test_credentials, tctx->ev, tctx->lp_ctx); + if (!NT_STATUS_IS_OK(status)) { + printf("dcerpc_pipe_connect failed: %s\n", nt_errstr(status)); + return false; + } + /* connect to SAMR as the user */ status = torture_samr_Connect5(tctx, test_p, SEC_FLAG_MAXIMUM_ALLOWED, &uch); if (!NT_STATUS_IS_OK(status)) { @@ -310,9 +315,6 @@ static bool test_samr_connect_user_acl(struct torture_context *tctx, } /* disconnec the user */ talloc_free(test_p); - if (!NT_STATUS_IS_OK(status)) { - return false; - } /* read the sequrity descriptor back. it should not have changed @@ -366,7 +368,11 @@ static bool test_samr_connect_user_acl_enforced(struct torture_context *tctx, status = dcerpc_pipe_connect(tctx, &test_p, binding, &ndr_table_samr, - test_credentials, NULL, tctx->lp_ctx); + test_credentials, tctx->ev, tctx->lp_ctx); + if (!NT_STATUS_IS_OK(status)) { + printf("dcerpc_pipe_connect failed: %s\n", nt_errstr(status)); + return false; + } /* connect to SAMR as the user */ status = torture_samr_Connect5(tctx, test_p, SAMR_ACCESS_SHUTDOWN_SERVER, &uch); @@ -447,6 +453,7 @@ static bool test_samr_accessmask_LookupDomain(struct torture_context *tctx, ld.in.connect_handle = &ch; ld.in.domain_name = &dn; + ld.out.sid = &sid; dn.string = lp_workgroup(tctx->lp_ctx); status = dcerpc_samr_LookupDomain(p, tctx, &ld); @@ -530,7 +537,7 @@ static bool test_samr_accessmask_OpenDomain(struct torture_context *tctx, od.in.connect_handle = &ch; od.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; - od.in.sid = *ld.out.sid; + od.in.sid = sid; od.out.domain_handle = &dh; status = dcerpc_samr_OpenDomain(p, tctx, &od); @@ -627,6 +634,7 @@ static bool test_samr_connect(struct torture_context *tctx, ret = false; } + if (!torture_setting_bool(tctx, "samba3", false)) { /* test if ACLs can be changed for the policy handle * returned by Connect5 @@ -649,7 +657,7 @@ static bool test_samr_connect(struct torture_context *tctx, ret = false; } - + } /* remove the test user */ torture_leave_domain(tctx, testuser); diff --git a/source4/torture/rpc/spoolss.c b/source4/torture/rpc/spoolss.c index d17b3c7b60..bfe667240c 100644 --- a/source4/torture/rpc/spoolss.c +++ b/source4/torture/rpc/spoolss.c @@ -313,7 +313,11 @@ static bool test_EnumPrinterDrivers(struct torture_context *tctx, uint32_t count; union spoolss_DriverInfo *info; - r.in.server = ""; + /* FIXME: gd, come back and fix "" as server, and handle + * priority of returned error codes in torture test and samba 3 + * server */ + + r.in.server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p)); r.in.environment = SPOOLSS_ARCHITECTURE_NT_X86; r.in.level = level; r.in.buffer = NULL; @@ -331,16 +335,15 @@ static bool test_EnumPrinterDrivers(struct torture_context *tctx, /* TODO: do some more checks here */ continue; } - torture_assert_werr_equal(tctx, r.out.result, WERR_INSUFFICIENT_BUFFER, - "EnumPrinterDrivers failed"); - - blob = data_blob_talloc(ctx, NULL, needed); - data_blob_clear(&blob); - r.in.buffer = &blob; - r.in.offered = needed; + if (W_ERROR_EQUAL(r.out.result, WERR_INSUFFICIENT_BUFFER)) { + blob = data_blob_talloc(ctx, NULL, needed); + data_blob_clear(&blob); + r.in.buffer = &blob; + r.in.offered = needed; - status = dcerpc_spoolss_EnumPrinterDrivers(p, ctx, &r); - torture_assert_ntstatus_ok(tctx, status, "dcerpc_spoolss_EnumPrinterDrivers failed"); + status = dcerpc_spoolss_EnumPrinterDrivers(p, ctx, &r); + torture_assert_ntstatus_ok(tctx, status, "dcerpc_spoolss_EnumPrinterDrivers failed"); + } torture_assert_werr_ok(tctx, r.out.result, "EnumPrinterDrivers failed"); @@ -1061,28 +1064,43 @@ static bool test_GetJob(struct torture_context *tctx, NTSTATUS status; struct spoolss_GetJob r; uint32_t needed; + uint32_t levels[] = {1, 2 /* 3, 4 */}; + uint32_t i; r.in.handle = handle; r.in.job_id = job_id; - r.in.level = 1; + r.in.level = 0; r.in.buffer = NULL; r.in.offered = 0; r.out.needed = &needed; - torture_comment(tctx, "Testing GetJob\n"); + torture_comment(tctx, "Testing GetJob level %d\n", r.in.level); status = dcerpc_spoolss_GetJob(p, tctx, &r); - torture_assert_ntstatus_ok(tctx, status, "GetJob failed"); + torture_assert_werr_equal(tctx, r.out.result, WERR_UNKNOWN_LEVEL, "Unexpected return code"); - if (W_ERROR_EQUAL(r.out.result, WERR_INSUFFICIENT_BUFFER)) { - DATA_BLOB blob = data_blob_talloc(tctx, NULL, needed); - data_blob_clear(&blob); - r.in.buffer = &blob; - r.in.offered = needed; + for (i = 0; i < ARRAY_SIZE(levels); i++) { + + torture_comment(tctx, "Testing GetJob level %d\n", r.in.level); + + r.in.level = levels[i]; + r.in.offered = 0; status = dcerpc_spoolss_GetJob(p, tctx, &r); + torture_assert_ntstatus_ok(tctx, status, "GetJob failed"); + if (W_ERROR_EQUAL(r.out.result, WERR_INSUFFICIENT_BUFFER)) { + DATA_BLOB blob = data_blob_talloc(tctx, NULL, needed); + data_blob_clear(&blob); + r.in.buffer = &blob; + r.in.offered = needed; + + status = dcerpc_spoolss_GetJob(p, tctx, &r); + torture_assert_ntstatus_ok(tctx, status, "GetJob failed"); + + } torture_assert(tctx, r.out.info, "No job info returned"); + torture_assert_werr_ok(tctx, r.out.result, "GetJob failed"); } return true; @@ -1209,8 +1227,12 @@ static bool test_EnumJobs(struct torture_context *tctx, for (j = 0; j < count; j++) { test_GetJob(tctx, p, handle, info[j].info1.job_id); - test_SetJob(tctx, p, handle, info[j].info1.job_id, SPOOLSS_JOB_CONTROL_PAUSE); - test_SetJob(tctx, p, handle, info[j].info1.job_id, SPOOLSS_JOB_CONTROL_RESUME); + + /* FIXME - gd */ + if (!torture_setting_bool(tctx, "samba3", false)) { + test_SetJob(tctx, p, handle, info[j].info1.job_id, SPOOLSS_JOB_CONTROL_PAUSE); + test_SetJob(tctx, p, handle, info[j].info1.job_id, SPOOLSS_JOB_CONTROL_RESUME); + } } } else { diff --git a/source4/torture/rpc/spoolss_win.c b/source4/torture/rpc/spoolss_win.c index 42b6929557..719d8e26d2 100644 --- a/source4/torture/rpc/spoolss_win.c +++ b/source4/torture/rpc/spoolss_win.c @@ -290,6 +290,13 @@ static bool test_EnumJobs(struct torture_context *tctx, status = dcerpc_spoolss_EnumJobs(p, tctx, &ej); torture_assert_ntstatus_ok(tctx, status, "EnumJobs failed"); + if (W_ERROR_EQUAL(ej.out.result, WERR_INSUFFICIENT_BUFFER)) { + blob = data_blob_talloc_zero(tctx, needed); + ej.in.offered = needed; + ej.in.buffer = &blob; + status = dcerpc_spoolss_EnumJobs(p, tctx, &ej); + torture_assert_ntstatus_ok(tctx, status, "EnumJobs failed"); + } torture_assert_werr_ok(tctx, ej.out.result, "EnumJobs failed"); return true; diff --git a/source4/torture/rpc/svcctl.c b/source4/torture/rpc/svcctl.c index 631e367c3b..a2e32f221f 100644 --- a/source4/torture/rpc/svcctl.c +++ b/source4/torture/rpc/svcctl.c @@ -26,6 +26,8 @@ #include "torture/rpc/rpc.h" #include "param/param.h" +#define TORTURE_DEFAULT_SERVICE "NetLogon" + static bool test_OpenSCManager(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *h) { struct svcctl_OpenSCManagerW r; @@ -85,7 +87,7 @@ static bool test_QueryServiceStatus(struct torture_context *tctx, if (!test_OpenSCManager(p, tctx, &h)) return false; - if (!test_OpenService(p, tctx, &h, "Netlogon", &s)) + if (!test_OpenService(p, tctx, &h, TORTURE_DEFAULT_SERVICE, &s)) return false; r.in.handle = &s; @@ -118,7 +120,7 @@ static bool test_QueryServiceStatusEx(struct torture_context *tctx, struct dcerp if (!test_OpenSCManager(p, tctx, &h)) return false; - if (!test_OpenService(p, tctx, &h, "Netlogon", &s)) + if (!test_OpenService(p, tctx, &h, TORTURE_DEFAULT_SERVICE, &s)) return false; buffer = talloc(tctx, uint8_t); @@ -165,7 +167,7 @@ static bool test_QueryServiceConfigW(struct torture_context *tctx, if (!test_OpenSCManager(p, tctx, &h)) return false; - if (!test_OpenService(p, tctx, &h, "Netlogon", &s)) + if (!test_OpenService(p, tctx, &h, TORTURE_DEFAULT_SERVICE, &s)) return false; r.in.handle = &s; @@ -207,7 +209,7 @@ static bool test_QueryServiceConfig2W(struct torture_context *tctx, struct dcerp if (!test_OpenSCManager(p, tctx, &h)) return false; - if (!test_OpenService(p, tctx, &h, "Netlogon", &s)) + if (!test_OpenService(p, tctx, &h, TORTURE_DEFAULT_SERVICE, &s)) return false; buffer = talloc(tctx, uint8_t); @@ -270,7 +272,7 @@ static bool test_QueryServiceObjectSecurity(struct torture_context *tctx, if (!test_OpenSCManager(p, tctx, &h)) return false; - if (!test_OpenService(p, tctx, &h, "Netlogon", &s)) + if (!test_OpenService(p, tctx, &h, TORTURE_DEFAULT_SERVICE, &s)) return false; r.in.handle = &s; @@ -403,7 +405,7 @@ static bool test_EnumDependentServicesW(struct torture_context *tctx, if (!test_OpenSCManager(p, tctx, &h)) return false; - if (!test_OpenService(p, tctx, &h, "Netlogon", &s)) + if (!test_OpenService(p, tctx, &h, TORTURE_DEFAULT_SERVICE, &s)) return false; r.in.service = &s; |