From 008c8adfe3c72b4820d22421ba3df8dc80053831 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 16 Apr 2008 16:10:16 +0200 Subject: Fix wbinfo --trusted-domains. The problems here were that we did not bind to the LSA pipe, and we did not consider it possible to have 0 trusted domains. Andrew Bartlett (This used to be commit 86694d429d62940882ac9b7af83b3e7d00e67c5a) --- source4/winbind/wb_cmd_list_trustdom.c | 3 ++- source4/winbind/wb_connect_lsa.c | 11 +++++++---- testprogs/blackbox/test_wbinfo.sh | 5 ++--- 3 files changed, 11 insertions(+), 8 deletions(-) diff --git a/source4/winbind/wb_cmd_list_trustdom.c b/source4/winbind/wb_cmd_list_trustdom.c index 83bd517a02..8d0c1bd947 100644 --- a/source4/winbind/wb_cmd_list_trustdom.c +++ b/source4/winbind/wb_cmd_list_trustdom.c @@ -143,7 +143,8 @@ static void cmd_list_trustdoms_recv_doms(struct rpc_request *req) state->domains = talloc_realloc(state, state->domains, struct wb_dom_info *, state->num_domains); - if (composite_nomem(state->domains, state->ctx)) return; + if (state->num_domains && + composite_nomem(state->domains, state->ctx)) return; for (i=0; ir.out.domains->count; i++) { int j = i+old_num_domains; diff --git a/source4/winbind/wb_connect_lsa.c b/source4/winbind/wb_connect_lsa.c index 61b123a502..a728f8abe4 100644 --- a/source4/winbind/wb_connect_lsa.c +++ b/source4/winbind/wb_connect_lsa.c @@ -62,8 +62,11 @@ struct composite_context *wb_init_lsa_send(TALLOC_CTX *mem_ctx, /* this will make the secondary connection on the same IPC$ share, secured with SPNEGO or NTLMSSP */ - ctx = dcerpc_secondary_connection_send(domain->netlogon_pipe, - domain->lsa_binding); + ctx = dcerpc_secondary_auth_connection_send(domain->netlogon_pipe, + domain->lsa_binding, + &ndr_table_lsarpc, + domain->libnet_ctx->cred, + domain->libnet_ctx->lp_ctx); composite_continue(state->ctx, ctx, init_lsa_recv_pipe, state); return result; @@ -79,8 +82,8 @@ static void init_lsa_recv_pipe(struct composite_context *ctx) talloc_get_type(ctx->async.private_data, struct init_lsa_state); - state->ctx->status = dcerpc_secondary_connection_recv(ctx, - &state->lsa_pipe); + state->ctx->status = dcerpc_secondary_auth_connection_recv(ctx, state, + &state->lsa_pipe); if (!composite_is_ok(state->ctx)) return; state->handle = talloc(state, struct policy_handle); diff --git a/testprogs/blackbox/test_wbinfo.sh b/testprogs/blackbox/test_wbinfo.sh index b309b302dd..1ece5a60f2 100755 --- a/testprogs/blackbox/test_wbinfo.sh +++ b/testprogs/blackbox/test_wbinfo.sh @@ -157,9 +157,8 @@ testfail "wbinfo -Y against $TARGET using invalid SID" $wbinfo -Y "S-1-22-1-3000 testit "wbinfo -t against $TARGET" $wbinfo -t || failed=`expr $failed + 1` -# this does not work -knownfail "wbinfo -m against $TARGET" $wbinfo -m || failed=`expr $failed + 1` -knownfail "wbinfo --all-domains against $TARGET" $wbinfo --all-domains || failed=`expr $failed + 1` +testit "wbinfo --trusted-domains against $TARGET" $wbinfo --trusted-domains || failed=`expr $failed + 1` +testit "wbinfo --all-domains against $TARGET" $wbinfo --all-domains || failed=`expr $failed + 1` testit "wbinfo --own-domain against $TARGET" $wbinfo --own-domain || failed=`expr $failed + 1` echo "test: wbinfo --own-domain against $TARGET check output" -- cgit From a58df2f54c5847a6a3dddad51465c319f1c387f5 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 16 Apr 2008 16:11:17 +0200 Subject: Fix struct_based winbind test for 'check machine account'. The problem here was that we did not fill in the error strings in the success case, and the testsuite checked against the incorrect 'freindly' error string. Andrew Bartlett (This used to be commit df05f118831245bdb19573711545bdb1b01a0c50) --- source4/torture/winbind/struct_based.c | 2 +- source4/winbind/wb_samba3_cmd.c | 9 +++++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/source4/torture/winbind/struct_based.c b/source4/torture/winbind/struct_based.c index 51ac0e622a..f9e4e148c3 100644 --- a/source4/torture/winbind/struct_based.c +++ b/source4/torture/winbind/struct_based.c @@ -262,7 +262,7 @@ static bool torture_winbind_struct_check_machacc(struct torture_context *torture torture_assert_str_equal(torture, rep.data.auth.error_string, - nt_errstr(NT_STATUS_OK), + get_friendly_nt_error_msg(NT_STATUS_OK), "WINBINDD_CHECK_MACHACC ok: error_string"); torture_assert_int_equal(torture, diff --git a/source4/winbind/wb_samba3_cmd.c b/source4/winbind/wb_samba3_cmd.c index 8ae330df35..7f1520a3b3 100644 --- a/source4/winbind/wb_samba3_cmd.c +++ b/source4/winbind/wb_samba3_cmd.c @@ -43,13 +43,14 @@ static void wbsrv_samba3_async_auth_epilogue(NTSTATUS status, struct winbindd_response *resp = &s3call->response; if (!NT_STATUS_IS_OK(status)) { resp->result = WINBINDD_ERROR; - WBSRV_SAMBA3_SET_STRING(resp->data.auth.nt_status_string, - nt_errstr(status)); - WBSRV_SAMBA3_SET_STRING(resp->data.auth.error_string, - get_friendly_nt_error_msg(status)); } else { resp->result = WINBINDD_OK; } + + WBSRV_SAMBA3_SET_STRING(resp->data.auth.nt_status_string, + nt_errstr(status)); + WBSRV_SAMBA3_SET_STRING(resp->data.auth.error_string, + get_friendly_nt_error_msg(status)); resp->data.auth.pam_error = nt_status_to_pam(status); resp->data.auth.nt_status = NT_STATUS_V(status); -- cgit From 80ad7025cfb3cd7ec13da461125515fdb10fa94f Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 16 Apr 2008 17:33:58 +0200 Subject: Adjust the expectations of the struct based winbind test. These expectations (such as what happens when we have no trusted domains) were incorrect, compared with Samba3 (which is the reference for this protocol). Andrew Bartlett (This used to be commit 29d5de9e8fb69346e29a95c6fcaefabd018c9447) --- source4/selftest/samba4_tests.sh | 2 +- source4/torture/winbind/struct_based.c | 21 ++++++++++++++------- 2 files changed, 15 insertions(+), 8 deletions(-) diff --git a/source4/selftest/samba4_tests.sh b/source4/selftest/samba4_tests.sh index a021fff892..730846dae3 100755 --- a/source4/selftest/samba4_tests.sh +++ b/source4/selftest/samba4_tests.sh @@ -301,7 +301,7 @@ for t in $NBT_TESTS; do plansmbtorturetest "$t" dc //\$SERVER/_none_ -U\$USERNAME%\$PASSWORD done -WB_OPTS="--option=\"torture:strict mode=yes\"" +WB_OPTS="--option=\"torture:strict mode=no\"" WB_OPTS="${WB_OPTS} --option=\"torture:timelimit=1\"" WB_OPTS="${WB_OPTS} --option=\"torture:winbindd separator=/\"" WB_OPTS="${WB_OPTS} --option=\"torture:winbindd private pipe dir=\$WINBINDD_PRIV_PIPE_DIR\"" diff --git a/source4/torture/winbind/struct_based.c b/source4/torture/winbind/struct_based.c index f9e4e148c3..87378aadb8 100644 --- a/source4/torture/winbind/struct_based.c +++ b/source4/torture/winbind/struct_based.c @@ -295,6 +295,10 @@ static bool get_trusted_domains(struct torture_context *torture, DO_STRUCT_REQ_REP(WINBINDD_LIST_TRUSTDOM, &req, &rep); extra_data = (char *)rep.extra_data.data; + if (!extra_data) { + return true; + } + torture_assert(torture, extra_data, "NULL trust list"); while (next_token(&extra_data, line, "\n", sizeof(fstring))) { @@ -356,7 +360,6 @@ static bool torture_winbind_struct_list_trustdom(struct torture_context *torture DO_STRUCT_REQ_REP(WINBINDD_LIST_TRUSTDOM, &req, &rep); list1 = (char *)rep.extra_data.data; - torture_assert(torture, list1, "NULL trust list"); torture_comment(torture, "%s\n", list1); @@ -368,7 +371,6 @@ static bool torture_winbind_struct_list_trustdom(struct torture_context *torture DO_STRUCT_REQ_REP(WINBINDD_LIST_TRUSTDOM, &req, &rep); list2 = (char *)rep.extra_data.data; - torture_assert(torture, list2, "NULL trust list"); /* * The list_all_domains parameter should be ignored @@ -381,7 +383,7 @@ static bool torture_winbind_struct_list_trustdom(struct torture_context *torture ok = get_trusted_domains(torture, &listd); torture_assert(torture, ok, "failed to get trust list"); - for (i=0; listd[i].netbios_name; i++) { + for (i=0; listd && listd[i].netbios_name; i++) { if (i == 0) { struct dom_sid *builtin_sid; @@ -424,7 +426,7 @@ static bool torture_winbind_struct_domain_info(struct torture_context *torture) ok = get_trusted_domains(torture, &listd); torture_assert(torture, ok, "failed to get trust list"); - for (i=0; listd[i].netbios_name; i++) { + for (i=0; listd && listd[i].netbios_name; i++) { struct winbindd_request req; struct winbindd_response rep; struct dom_sid *sid; @@ -485,14 +487,14 @@ static bool torture_winbind_struct_getdcname(struct torture_context *torture) bool ok; bool strict = torture_setting_bool(torture, "strict mode", false); struct torture_trust_domain *listd = NULL; - uint32_t i; + uint32_t i, count = 0; torture_comment(torture, "Running WINBINDD_GETDCNAME (struct based)\n"); ok = get_trusted_domains(torture, &listd); torture_assert(torture, ok, "failed to get trust list"); - for (i=0; listd[i].netbios_name; i++) { + for (i=0; listd && listd[i].netbios_name; i++) { struct winbindd_request req; struct winbindd_response rep; @@ -512,8 +514,13 @@ static bool torture_winbind_struct_getdcname(struct torture_context *torture) /* TODO: check rep.data.dc_name; */ torture_comment(torture, "DOMAIN '%s' => DCNAME '%s'\n", req.domain_name, rep.data.dc_name); + count++; } + if (strict) { + torture_assert(torture, count > 0, + "WiNBINDD_GETDCNAME was not tested"); + } return true; } @@ -530,7 +537,7 @@ static bool torture_winbind_struct_dsgetdcname(struct torture_context *torture) ok = get_trusted_domains(torture, &listd); torture_assert(torture, ok, "failed to get trust list"); - for (i=0; listd[i].netbios_name; i++) { + for (i=0; listd && listd[i].netbios_name; i++) { struct winbindd_request req; struct winbindd_response rep; -- cgit