From 2df47b0a54ad0a973b81911ee507ab50555b24a6 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 6 Oct 2009 17:45:24 +0200 Subject: libwbclient: implement secure channel verification for specific domains in wbcCheckTrustCredentials(). Guenther --- nsswitch/libwbclient/wbc_pam.c | 14 +++++--------- nsswitch/libwbclient/wbclient.h | 4 +--- 2 files changed, 6 insertions(+), 12 deletions(-) (limited to 'nsswitch') diff --git a/nsswitch/libwbclient/wbc_pam.c b/nsswitch/libwbclient/wbc_pam.c index 33044b2df7..4cd212a34a 100644 --- a/nsswitch/libwbclient/wbc_pam.c +++ b/nsswitch/libwbclient/wbc_pam.c @@ -502,18 +502,14 @@ wbcErr wbcCheckTrustCredentials(const char *domain, struct winbindd_response response; wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; - if (domain) { - /* - * the current protocol doesn't support - * specifying a domain - */ - wbc_status = WBC_ERR_NOT_IMPLEMENTED; - BAIL_ON_WBC_ERROR(wbc_status); - } - ZERO_STRUCT(request); ZERO_STRUCT(response); + if (domain) { + strncpy(request.domain_name, domain, + sizeof(request.domain_name)-1); + } + /* Send request */ wbc_status = wbcRequestResponse(WINBINDD_CHECK_MACHACC, diff --git a/nsswitch/libwbclient/wbclient.h b/nsswitch/libwbclient/wbclient.h index a87cad3b21..4dc6d23dfc 100644 --- a/nsswitch/libwbclient/wbclient.h +++ b/nsswitch/libwbclient/wbclient.h @@ -1183,9 +1183,7 @@ wbcErr wbcResolveWinsByIP(const char *ip, char **name); /** * @brief Trigger a verification of the trust credentials of a specific domain * - * @param *domain The name of the domain, only NULL for the default domain is - * supported yet. Other values than NULL will result in - * WBC_ERR_NOT_IMPLEMENTED. + * @param *domain The name of the domain. * @param error Output details on WBC_ERR_AUTH_ERROR * * @return #wbcErr -- cgit From 7b3501200c55d7844c4d697456dbfa2b86cfdcc8 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 7 Oct 2009 10:43:53 +0200 Subject: wbinfo: allow to check trusts via "wbinfo -t --domain DOMAINNAME". Guenther --- nsswitch/wbinfo.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) (limited to 'nsswitch') diff --git a/nsswitch/wbinfo.c b/nsswitch/wbinfo.c index a80b69f2b6..7410a744f3 100644 --- a/nsswitch/wbinfo.c +++ b/nsswitch/wbinfo.c @@ -724,15 +724,23 @@ static bool wbinfo_dsgetdcname(const char *domain_name, uint32_t flags) /* Check trust account password */ -static bool wbinfo_check_secret(void) +static bool wbinfo_check_secret(const char *domain) { wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; struct wbcAuthErrorInfo *error = NULL; + const char *domain_name; - wbc_status = wbcCheckTrustCredentials(NULL, &error); + if (domain) { + domain_name = domain; + } else { + domain_name = get_winbind_domain(); + } - d_printf("checking the trust secret via RPC calls %s\n", - WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed"); + wbc_status = wbcCheckTrustCredentials(domain_name, &error); + + d_printf("checking the trust secret for domain %s via RPC calls %s\n", + domain_name, + WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed"); if (wbc_status == WBC_ERR_AUTH_ERROR) { d_fprintf(stderr, "error code was %s (0x%x)\n", @@ -1950,7 +1958,7 @@ int main(int argc, char **argv, char **envp) } break; case 't': - if (!wbinfo_check_secret()) { + if (!wbinfo_check_secret(opt_domain_name)) { d_fprintf(stderr, "Could not check secret\n"); goto done; } -- cgit From 1e2f455b4aa77a10b20ad2beda4a8924d5a58e75 Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Thu, 8 Oct 2009 10:57:51 +0200 Subject: winbind: adapt the new reject constants also there Please note: in the past the value "0" was misinterpreted as other error. This isn't true. "0" means no error. Therefore a solution for this one has to found. --- nsswitch/libwbclient/wbclient.h | 13 +++++++++---- nsswitch/pam_winbind.c | 8 ++++---- 2 files changed, 13 insertions(+), 8 deletions(-) (limited to 'nsswitch') diff --git a/nsswitch/libwbclient/wbclient.h b/nsswitch/libwbclient/wbclient.h index 4dc6d23dfc..ced82d8d22 100644 --- a/nsswitch/libwbclient/wbclient.h +++ b/nsswitch/libwbclient/wbclient.h @@ -427,10 +427,15 @@ struct wbcUserPasswordPolicyInfo { **/ enum wbcPasswordChangeRejectReason { - WBC_PWD_CHANGE_REJECT_OTHER=0, - WBC_PWD_CHANGE_REJECT_TOO_SHORT=1, - WBC_PWD_CHANGE_REJECT_IN_HISTORY=2, - WBC_PWD_CHANGE_REJECT_COMPLEXITY=5 + WBC_PWD_CHANGE_NO_ERROR=0, + WBC_PWD_CHANGE_PASSWORD_TOO_SHORT=1, + WBC_PWD_CHANGE_PWD_IN_HISTORY=2, + WBC_PWD_CHANGE_USERNAME_IN_PASSWORD=3, + WBC_PWD_CHANGE_FULLNAME_IN_PASSWORD=4, + WBC_PWD_CHANGE_NOT_COMPLEX=5, + WBC_PWD_CHANGE_MACHINE_NOT_DEFAULT=6, + WBC_PWD_CHANGE_FAILED_BY_FILTER=7, + WBC_PWD_CHANGE_PASSWORD_TOO_LONG=8 }; /** diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c index 324bede9ea..654b4385d8 100644 --- a/nsswitch/pam_winbind.c +++ b/nsswitch/pam_winbind.c @@ -1862,22 +1862,22 @@ static int winbind_chauthtok_request(struct pwb_context *ctx, switch (reject_reason) { case -1: break; - case WBC_PWD_CHANGE_REJECT_OTHER: + case WBC_PWD_CHANGE_NO_ERROR: if ((min_pwd_age > 0) && (pwd_last_set + min_pwd_age > time(NULL))) { PAM_WB_REMARK_DIRECT(ctx, "NT_STATUS_PWD_TOO_RECENT"); } break; - case WBC_PWD_CHANGE_REJECT_TOO_SHORT: + case WBC_PWD_CHANGE_PASSWORD_TOO_SHORT: PAM_WB_REMARK_DIRECT(ctx, "NT_STATUS_PWD_TOO_SHORT"); break; - case WBC_PWD_CHANGE_REJECT_IN_HISTORY: + case WBC_PWD_CHANGE_PWD_IN_HISTORY: PAM_WB_REMARK_DIRECT(ctx, "NT_STATUS_PWD_HISTORY_CONFLICT"); break; - case WBC_PWD_CHANGE_REJECT_COMPLEXITY: + case WBC_PWD_CHANGE_NOT_COMPLEX: _make_remark(ctx, PAM_ERROR_MSG, _("Password does not meet " "complexity requirements")); -- cgit From 99cdbe35717dcd7b8adabae2b8b366dd87357807 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 9 Oct 2009 13:14:08 -0400 Subject: Fix builds with external talloc Make sure we do not reference our internal talloc directly. Let configure define what talloc.h file to use so that builds that use an extrenal talloc do not include 2 different versions of the talloc header. --- nsswitch/libwbclient/wbclient.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'nsswitch') diff --git a/nsswitch/libwbclient/wbclient.c b/nsswitch/libwbclient/wbclient.c index f4620ff002..9a1e770690 100644 --- a/nsswitch/libwbclient/wbclient.c +++ b/nsswitch/libwbclient/wbclient.c @@ -23,8 +23,8 @@ /* Required Headers */ #include "replace.h" -#include "lib/talloc/talloc.h" -#include "lib/tevent/tevent.h" +#include "talloc.h" +#include "tevent.h" #include "libwbclient.h" /* From wb_common.c */ -- cgit From 5aeb954ba9382e1975c64ac96f1e377ed6af3ae0 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 9 Oct 2009 22:58:14 +0200 Subject: s3: Fix a memleak reported by dmarkey --- nsswitch/libwbclient/wbc_sid.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'nsswitch') diff --git a/nsswitch/libwbclient/wbc_sid.c b/nsswitch/libwbclient/wbc_sid.c index b1ecba3f6d..99c9d8e152 100644 --- a/nsswitch/libwbclient/wbc_sid.c +++ b/nsswitch/libwbclient/wbc_sid.c @@ -248,9 +248,13 @@ wbcErr wbcLookupSid(const struct wbcDomainSid *sid, if (WBC_ERROR_IS_OK(wbc_status)) { if (pdomain != NULL) { *pdomain = domain; + } else { + TALLOC_FREE(domain); } if (pname != NULL) { *pname = name; + } else { + TALLOC_FREE(name); } if (pname_type != NULL) { *pname_type = name_type; -- cgit From 926a935a612e3d3d3aec6473303a884126d9ea72 Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Mon, 12 Oct 2009 16:28:34 +0200 Subject: s4:wbclient.h - add compatibility constants This is the result of a discussion on samba-technical on how to deal best with existing programs which don't support my changes in the interface yet. Metze pointed out this "defines" as a possibility and simo and I agreed. --- nsswitch/libwbclient/wbclient.h | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'nsswitch') diff --git a/nsswitch/libwbclient/wbclient.h b/nsswitch/libwbclient/wbclient.h index ced82d8d22..e262679264 100644 --- a/nsswitch/libwbclient/wbclient.h +++ b/nsswitch/libwbclient/wbclient.h @@ -438,6 +438,12 @@ enum wbcPasswordChangeRejectReason { WBC_PWD_CHANGE_PASSWORD_TOO_LONG=8 }; +/* Note: this defines exist for compatibility reasons with existing code */ +#define WBC_PWD_CHANGE_REJECT_OTHER WBC_PWD_CHANGE_NO_ERROR +#define WBC_PWD_CHANGE_REJECT_TOO_SHORT WBC_PWD_CHANGE_PASSWORD_TOO_SHORT +#define WBC_PWD_CHANGE_REJECT_IN_HISTORY WBC_PWD_CHANGE_PWD_IN_HISTORY +#define WBC_PWD_CHANGE_REJECT_COMPLEXITY WBC_PWD_CHANGE_NOT_COMPLEX + /** * @brief Logoff User Parameters **/ -- cgit From 74948c979ab19f20c7e5824aee50828e9bda0e35 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 6 Oct 2009 18:15:08 +0200 Subject: libwbclient: add wbcChangeTrustCredentials. Guenther --- nsswitch/libwbclient/wbc_pam.c | 38 ++++++++++++++++++++++++++++++++++++++ nsswitch/libwbclient/wbclient.h | 11 +++++++++++ nsswitch/winbind_struct_protocol.h | 1 + 3 files changed, 50 insertions(+) (limited to 'nsswitch') diff --git a/nsswitch/libwbclient/wbc_pam.c b/nsswitch/libwbclient/wbc_pam.c index 4cd212a34a..7a66a7fe82 100644 --- a/nsswitch/libwbclient/wbc_pam.c +++ b/nsswitch/libwbclient/wbc_pam.c @@ -532,6 +532,44 @@ wbcErr wbcCheckTrustCredentials(const char *domain, return wbc_status; } +/* Trigger a change of the trust credentials for a specific domain */ +wbcErr wbcChangeTrustCredentials(const char *domain, + struct wbcAuthErrorInfo **error) +{ + struct winbindd_request request; + struct winbindd_response response; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + if (domain) { + strncpy(request.domain_name, domain, + sizeof(request.domain_name)-1); + } + + /* Send request */ + + wbc_status = wbcRequestResponse(WINBINDD_CHANGE_MACHACC, + &request, + &response); + if (response.data.auth.nt_status != 0) { + if (error) { + wbc_status = wbc_create_error_info(NULL, + &response, + error); + BAIL_ON_WBC_ERROR(wbc_status); + } + + wbc_status = WBC_ERR_AUTH_ERROR; + BAIL_ON_WBC_ERROR(wbc_status); + } + BAIL_ON_WBC_ERROR(wbc_status); + + done: + return wbc_status; +} + /* Trigger an extended logoff notification to Winbind for a specific user */ wbcErr wbcLogoffUserEx(const struct wbcLogoffUserParams *params, struct wbcAuthErrorInfo **error) diff --git a/nsswitch/libwbclient/wbclient.h b/nsswitch/libwbclient/wbclient.h index e262679264..0c0c494925 100644 --- a/nsswitch/libwbclient/wbclient.h +++ b/nsswitch/libwbclient/wbclient.h @@ -1202,6 +1202,17 @@ wbcErr wbcResolveWinsByIP(const char *ip, char **name); wbcErr wbcCheckTrustCredentials(const char *domain, struct wbcAuthErrorInfo **error); +/** + * @brief Trigger a change of the trust credentials for a specific domain + * + * @param *domain The name of the domain. + * @param error Output details on WBC_ERR_AUTH_ERROR + * + * @return #wbcErr + **/ +wbcErr wbcChangeTrustCredentials(const char *domain, + struct wbcAuthErrorInfo **error); + /********************************************************** * Helper functions **********************************************************/ diff --git a/nsswitch/winbind_struct_protocol.h b/nsswitch/winbind_struct_protocol.h index bd144101f2..3056e25905 100644 --- a/nsswitch/winbind_struct_protocol.h +++ b/nsswitch/winbind_struct_protocol.h @@ -118,6 +118,7 @@ enum winbindd_cmd { /* Miscellaneous other stuff */ WINBINDD_CHECK_MACHACC, /* Check machine account pw works */ + WINBINDD_CHANGE_MACHACC, /* Change machine account pw */ WINBINDD_PING, /* Just tell me winbind is running */ WINBINDD_INFO, /* Various bit of info. Currently just tidbits */ WINBINDD_DOMAIN_NAME, /* The domain this winbind server is a member of (lp_workgroup()) */ -- cgit From 0a468fbe36e6049f8d7f971c1aa111e1573a406c Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 6 Oct 2009 18:18:00 +0200 Subject: nsswitch: add wbinfo -c (change trust account passwords). Guenther --- nsswitch/wbinfo.c | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) (limited to 'nsswitch') diff --git a/nsswitch/wbinfo.c b/nsswitch/wbinfo.c index 7410a744f3..219ec24fba 100644 --- a/nsswitch/wbinfo.c +++ b/nsswitch/wbinfo.c @@ -754,6 +754,38 @@ static bool wbinfo_check_secret(const char *domain) return true; } +/* Change trust account password */ + +static bool wbinfo_change_secret(const char *domain) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct wbcAuthErrorInfo *error = NULL; + const char *domain_name; + + if (domain) { + domain_name = domain; + } else { + domain_name = get_winbind_domain(); + } + + wbc_status = wbcChangeTrustCredentials(domain_name, &error); + + d_printf("changing the trust secret for domain %s via RPC calls %s\n", + domain_name, + WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed"); + + if (wbc_status == WBC_ERR_AUTH_ERROR) { + d_fprintf(stderr, "error code was %s (0x%x)\n", + error->nt_string, error->nt_status); + wbcFreeMemory(error); + } + if (!WBC_ERROR_IS_OK(wbc_status)) { + return false; + } + + return true; +} + /* Convert uid to sid */ static bool wbinfo_uid_to_sid(uid_t uid) @@ -1733,6 +1765,7 @@ int main(int argc, char **argv, char **envp) { "remove-uid-mapping", 0, POPT_ARG_STRING, &string_arg, OPT_REMOVE_UID_MAPPING, "Remove uid to sid mapping in idmap", "UID,SID" }, { "remove-gid-mapping", 0, POPT_ARG_STRING, &string_arg, OPT_REMOVE_GID_MAPPING, "Remove gid to sid mapping in idmap", "GID,SID" }, { "check-secret", 't', POPT_ARG_NONE, 0, 't', "Check shared secret" }, + { "change-secret", 'c', POPT_ARG_NONE, 0, 'c', "Change shared secret" }, { "trusted-domains", 'm', POPT_ARG_NONE, 0, 'm', "List trusted domains" }, { "all-domains", 0, POPT_ARG_NONE, 0, OPT_LIST_ALL_DOMAINS, "List all domains (trusted and own domain)" }, { "own-domain", 0, POPT_ARG_NONE, 0, OPT_LIST_OWN_DOMAIN, "List own domain" }, @@ -1963,6 +1996,12 @@ int main(int argc, char **argv, char **envp) goto done; } break; + case 'c': + if (!wbinfo_change_secret(opt_domain_name)) { + d_fprintf(stderr, "Could not change secret\n"); + goto done; + } + break; case 'm': if (!wbinfo_list_domains(false, verbose)) { d_fprintf(stderr, -- cgit From 8e91c40574ce30a053ff8979e69205d15fb89a5c Mon Sep 17 00:00:00 2001 From: Bo Yang Date: Thu, 15 Oct 2009 04:31:26 +0800 Subject: s3: Fix reference to freed memory in pam_winbind. Signed-off-by: Bo Yang --- nsswitch/pam_winbind.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'nsswitch') diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c index 654b4385d8..fd06688d08 100644 --- a/nsswitch/pam_winbind.c +++ b/nsswitch/pam_winbind.c @@ -981,6 +981,7 @@ static bool winbind_name_to_sid_string(struct pwb_context *ctx, int sid_list_buffer_size) { const char* sid_string; + char *sid_str; /* lookup name? */ if (IS_SID_STRING(name)) { @@ -989,7 +990,6 @@ static bool winbind_name_to_sid_string(struct pwb_context *ctx, wbcErr wbc_status; struct wbcDomainSid sid; enum wbcSidType type; - char *sid_str; _pam_log_debug(ctx, LOG_DEBUG, "no sid given, looking up: %s\n", name); @@ -1006,15 +1006,16 @@ static bool winbind_name_to_sid_string(struct pwb_context *ctx, return false; } - wbcFreeMemory(sid_str); sid_string = sid_str; } if (!safe_append_string(sid_list_buffer, sid_string, sid_list_buffer_size)) { + wbcFreeMemory(sid_str); return false; } + wbcFreeMemory(sid_str); return true; } -- cgit From 1c1a883bd01d0a474787f984af13543c0fd9ef6b Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 14 Oct 2009 12:36:02 -0700 Subject: Fix the build, missing ->. Jeremy. --- nsswitch/pam_winbind.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'nsswitch') diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c index fd06688d08..fdb5be3223 100644 --- a/nsswitch/pam_winbind.c +++ b/nsswitch/pam_winbind.c @@ -980,8 +980,8 @@ static bool winbind_name_to_sid_string(struct pwb_context *ctx, char *sid_list_buffer, int sid_list_buffer_size) { - const char* sid_string; - char *sid_str; + const char* sid_string = NULL; + char *sid_str = NULL; /* lookup name? */ if (IS_SID_STRING(name)) { -- cgit From 612deb2699c87fc05b98290e1791493603e7b686 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 16 Oct 2009 00:33:38 +0200 Subject: s4-smbtorture: add very basic libwbclient testsuite. Guenther --- nsswitch/libwbclient/tests/wbclient.c | 252 ++++++++++++++++++++++++++++++++++ 1 file changed, 252 insertions(+) create mode 100644 nsswitch/libwbclient/tests/wbclient.c (limited to 'nsswitch') diff --git a/nsswitch/libwbclient/tests/wbclient.c b/nsswitch/libwbclient/tests/wbclient.c new file mode 100644 index 0000000000..6606cafa8c --- /dev/null +++ b/nsswitch/libwbclient/tests/wbclient.c @@ -0,0 +1,252 @@ +/* + Unix SMB/CIFS implementation. + SMB torture tester + Copyright (C) Guenther Deschner 2009 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include "includes.h" +#include "nsswitch/libwbclient/wbclient.h" +#include "torture/smbtorture.h" +#include "torture/winbind/proto.h" + +#define WBC_ERROR_EQUAL(x,y) (x == y) + +#define torture_assert_wbc_equal(torture_ctx, got, expected, cmt) \ + do { wbcErr __got = got, __expected = expected; \ + if (!WBC_ERROR_EQUAL(__got, __expected)) { \ + torture_result(torture_ctx, TORTURE_FAIL, __location__": "#got" was %s, expected %s: %s", wbcErrorString(__got), wbcErrorString(__expected), cmt); \ + return false; \ + } \ + } while (0) + +#define torture_assert_wbc_ok(torture_ctx,expr,cmt) \ + torture_assert_wbc_equal(torture_ctx,expr,WBC_ERR_SUCCESS,cmt) + +static bool test_wbc_ping(struct torture_context *tctx) +{ + torture_assert_wbc_ok(tctx, wbcPing(), + "wbcPing failed"); + + return true; +} + +static bool test_wbc_library_details(struct torture_context *tctx) +{ + struct wbcLibraryDetails *details; + + torture_assert_wbc_ok(tctx, wbcLibraryDetails(&details), + "wbcLibraryDetails failed"); + torture_assert(tctx, details, + "wbcLibraryDetails returned NULL pointer"); + + wbcFreeMemory(details); + + return true; +} + +static bool test_wbc_interface_details(struct torture_context *tctx) +{ + struct wbcInterfaceDetails *details; + + torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details), + "wbcInterfaceDetails failed"); + torture_assert(tctx, details, + "wbcInterfaceDetails returned NULL pointer"); + + wbcFreeMemory(details); + + return true; +} + +static bool test_wbc_sidtypestring(struct torture_context *tctx) +{ + torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_USE_NONE), + "SID_NONE", "SID_NONE failed"); + torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_USER), + "SID_USER", "SID_USER failed"); + torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_DOM_GRP), + "SID_DOM_GROUP", "SID_DOM_GROUP failed"); + torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_DOMAIN), + "SID_DOMAIN", "SID_DOMAIN failed"); + torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_ALIAS), + "SID_ALIAS", "SID_ALIAS failed"); + torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_WKN_GRP), + "SID_WKN_GROUP", "SID_WKN_GROUP failed"); + torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_DELETED), + "SID_DELETED", "SID_DELETED failed"); + torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_INVALID), + "SID_INVALID", "SID_INVALID failed"); + torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_UNKNOWN), + "SID_UNKNOWN", "SID_UNKNOWN failed"); + torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_COMPUTER), + "SID_COMPUTER", "SID_COMPUTER failed"); + return true; +} + +static bool test_wbc_domain_info(struct torture_context *tctx) +{ + const char *domain_name = NULL; + struct wbcDomainInfo *info; + struct wbcInterfaceDetails *details; + + torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details), + "wbcInterfaceDetails failed"); + + domain_name = talloc_strdup(tctx, details->netbios_domain); + wbcFreeMemory(details); + + torture_assert_wbc_ok(tctx, wbcDomainInfo(domain_name, &info), + "wbcDomainInfo failed"); + torture_assert(tctx, info, + "wbcDomainInfo returned NULL pointer"); + + return true; +} + +static bool test_wbc_users(struct torture_context *tctx) +{ + const char *domain_name = NULL; + uint32_t num_users; + const char **users; + int i; + struct wbcInterfaceDetails *details; + + torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details), + "wbcInterfaceDetails failed"); + + domain_name = talloc_strdup(tctx, details->netbios_domain); + wbcFreeMemory(details); + + torture_assert_wbc_ok(tctx, wbcListUsers(domain_name, &num_users, &users), + "wbcListUsers failed"); + torture_assert(tctx, !(num_users > 0 && !users), + "wbcListUsers returned invalid results"); + + for (i=0; i < MIN(num_users,100); i++) { + + struct wbcDomainSid sid; + enum wbcSidType name_type; + char *domain; + char *name; + + torture_assert_wbc_ok(tctx, wbcLookupName(domain_name, users[i], &sid, &name_type), + "wbcLookupName failed"); + torture_assert_int_equal(tctx, name_type, WBC_SID_NAME_USER, + "wbcLookupName expected WBC_SID_NAME_USER"); + torture_assert_wbc_ok(tctx, wbcLookupSid(&sid, &domain, &name, &name_type), + "wbcLookupSid failed"); + torture_assert_int_equal(tctx, name_type, WBC_SID_NAME_USER, + "wbcLookupSid expected WBC_SID_NAME_USER"); + torture_assert(tctx, name, + "wbcLookupSid returned no name"); + } + + return true; +} + +static bool test_wbc_groups(struct torture_context *tctx) +{ + const char *domain_name = NULL; + uint32_t num_groups; + const char **groups; + int i; + struct wbcInterfaceDetails *details; + + torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details), + "wbcInterfaceDetails failed"); + + domain_name = talloc_strdup(tctx, details->netbios_domain); + wbcFreeMemory(details); + + torture_assert_wbc_ok(tctx, wbcListGroups(domain_name, &num_groups, &groups), + "wbcListGroups failed"); + torture_assert(tctx, !(num_groups > 0 && !groups), + "wbcListGroups returned invalid results"); + + for (i=0; i < MIN(num_groups,100); i++) { + + struct wbcDomainSid sid; + enum wbcSidType name_type; + char *domain; + char *name; + + torture_assert_wbc_ok(tctx, wbcLookupName(domain_name, groups[i], &sid, &name_type), + "wbcLookupName failed"); + torture_assert_wbc_ok(tctx, wbcLookupSid(&sid, &domain, &name, &name_type), + "wbcLookupSid failed"); + torture_assert(tctx, name, + "wbcLookupSid returned no name"); + } + + return true; +} + +static bool test_wbc_trusts(struct torture_context *tctx) +{ + struct wbcDomainInfo *domains; + size_t num_domains; + int i; + + torture_assert_wbc_ok(tctx, wbcListTrusts(&domains, &num_domains), + "wbcListTrusts failed"); + torture_assert(tctx, !(num_domains > 0 && !domains), + "wbcListTrusts returned invalid results"); + + for (i=0; i < MIN(num_domains,100); i++) { + + struct wbcAuthErrorInfo *error; + /* + struct wbcDomainSid sid; + enum wbcSidType name_type; + char *domain; + char *name; + */ + torture_assert_wbc_ok(tctx, wbcCheckTrustCredentials(domains[i].short_name, &error), + "wbcCheckTrustCredentials failed"); + /* + torture_assert_wbc_ok(tctx, wbcLookupName(domains[i].short_name, NULL, &sid, &name_type), + "wbcLookupName failed"); + torture_assert_int_equal(tctx, name_type, WBC_SID_NAME_DOMAIN, + "wbcLookupName expected WBC_SID_NAME_DOMAIN"); + torture_assert_wbc_ok(tctx, wbcLookupSid(&sid, &domain, &name, &name_type), + "wbcLookupSid failed"); + torture_assert_int_equal(tctx, name_type, WBC_SID_NAME_DOMAIN, + "wbcLookupSid expected WBC_SID_NAME_DOMAIN"); + torture_assert(tctx, name, + "wbcLookupSid returned no name"); + */ + } + + return true; +} + + + +struct torture_suite *torture_wbclient(void) +{ + struct torture_suite *suite = torture_suite_create(talloc_autofree_context(), "WBCLIENT"); + + torture_suite_add_simple_test(suite, "wbcPing", test_wbc_ping); + torture_suite_add_simple_test(suite, "wbcLibraryDetails", test_wbc_library_details); + torture_suite_add_simple_test(suite, "wbcInterfaceDetails", test_wbc_interface_details); + torture_suite_add_simple_test(suite, "wbcSidTypeString", test_wbc_sidtypestring); + torture_suite_add_simple_test(suite, "wbcDomainInfo", test_wbc_domain_info); + torture_suite_add_simple_test(suite, "wbcListUsers", test_wbc_users); + torture_suite_add_simple_test(suite, "wbcListGroups", test_wbc_groups); + torture_suite_add_simple_test(suite, "wbcListTrusts", test_wbc_trusts); + + return suite; +} -- cgit From 246597cb0d8d62c702841dfbb3fa257fc2da70da Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 16 Oct 2009 13:38:57 +0200 Subject: s4-smbtorture: test wbcGuidToString and friends as well in WINBIND-WBCLIENT. Guenther --- nsswitch/libwbclient/tests/wbclient.c | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) (limited to 'nsswitch') diff --git a/nsswitch/libwbclient/tests/wbclient.c b/nsswitch/libwbclient/tests/wbclient.c index 6606cafa8c..5b3d6ff54e 100644 --- a/nsswitch/libwbclient/tests/wbclient.c +++ b/nsswitch/libwbclient/tests/wbclient.c @@ -96,6 +96,38 @@ static bool test_wbc_sidtypestring(struct torture_context *tctx) return true; } +static bool test_wbc_sidtostring(struct torture_context *tctx) +{ + struct wbcDomainSid sid; + const char *sid_string = "S-1-5-32"; + char *sid_string2; + + torture_assert_wbc_ok(tctx, wbcStringToSid(sid_string, &sid), + "wbcStringToSid failed"); + torture_assert_wbc_ok(tctx, wbcSidToString(&sid, &sid_string2), + "wbcSidToString failed"); + torture_assert_str_equal(tctx, sid_string, sid_string2, + "sid strings differ"); + + return true; +} + +static bool test_wbc_guidtostring(struct torture_context *tctx) +{ + struct wbcGuid guid; + const char *guid_string = "f7cf07b4-1487-45c7-824d-8b18cc580811"; + char *guid_string2; + + torture_assert_wbc_ok(tctx, wbcStringToGuid(guid_string, &guid), + "wbcStringToGuid failed"); + torture_assert_wbc_ok(tctx, wbcGuidToString(&guid, &guid_string2), + "wbcGuidToString failed"); + torture_assert_str_equal(tctx, guid_string, guid_string2, + "guid strings differ"); + + return true; +} + static bool test_wbc_domain_info(struct torture_context *tctx) { const char *domain_name = NULL; @@ -243,6 +275,8 @@ struct torture_suite *torture_wbclient(void) torture_suite_add_simple_test(suite, "wbcLibraryDetails", test_wbc_library_details); torture_suite_add_simple_test(suite, "wbcInterfaceDetails", test_wbc_interface_details); torture_suite_add_simple_test(suite, "wbcSidTypeString", test_wbc_sidtypestring); + torture_suite_add_simple_test(suite, "wbcSidToString", test_wbc_sidtostring); + torture_suite_add_simple_test(suite, "wbcGuidToString", test_wbc_guidtostring); torture_suite_add_simple_test(suite, "wbcDomainInfo", test_wbc_domain_info); torture_suite_add_simple_test(suite, "wbcListUsers", test_wbc_users); torture_suite_add_simple_test(suite, "wbcListGroups", test_wbc_groups); -- cgit From c2966a0766998b732c190860879c001d6140863e Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 16 Oct 2009 14:51:49 +0200 Subject: s4-smbtorture: test wbcLookupUserSids in WINBIND-WBCLIENT as well. Guenther --- nsswitch/libwbclient/tests/wbclient.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'nsswitch') diff --git a/nsswitch/libwbclient/tests/wbclient.c b/nsswitch/libwbclient/tests/wbclient.c index 5b3d6ff54e..5a55a43ceb 100644 --- a/nsswitch/libwbclient/tests/wbclient.c +++ b/nsswitch/libwbclient/tests/wbclient.c @@ -169,10 +169,11 @@ static bool test_wbc_users(struct torture_context *tctx) for (i=0; i < MIN(num_users,100); i++) { - struct wbcDomainSid sid; + struct wbcDomainSid sid, *sids; enum wbcSidType name_type; char *domain; char *name; + uint32_t num_sids; torture_assert_wbc_ok(tctx, wbcLookupName(domain_name, users[i], &sid, &name_type), "wbcLookupName failed"); @@ -184,6 +185,8 @@ static bool test_wbc_users(struct torture_context *tctx) "wbcLookupSid expected WBC_SID_NAME_USER"); torture_assert(tctx, name, "wbcLookupSid returned no name"); + torture_assert_wbc_ok(tctx, wbcLookupUserSids(&sid, true, &num_sids, &sids), + "wbcLookupUserSids failed"); } return true; -- cgit From 20c07674f6c0b9423c13b9876dbe4d12f86e0d72 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 16 Oct 2009 16:07:31 +0200 Subject: nsswitch: increase libwbclient version after adding wbcChangeTrustCredentials(). Guenther --- nsswitch/libwbclient/wbclient.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'nsswitch') diff --git a/nsswitch/libwbclient/wbclient.h b/nsswitch/libwbclient/wbclient.h index 0c0c494925..eea71ab86b 100644 --- a/nsswitch/libwbclient/wbclient.h +++ b/nsswitch/libwbclient/wbclient.h @@ -63,9 +63,10 @@ const char *wbcErrorString(wbcErr error); * 0.3: Added wbcGetpwsid() * Added wbcGetSidAliases() * 0.4: Added wbcSidTypeString() + * 0.5: Added wbcChangeTrustCredentials() **/ #define WBCLIENT_MAJOR_VERSION 0 -#define WBCLIENT_MINOR_VERSION 4 +#define WBCLIENT_MINOR_VERSION 5 #define WBCLIENT_VENDOR_VERSION "Samba libwbclient" struct wbcLibraryDetails { uint16_t major_version; -- cgit