sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Code

r16860: Fix (and reactivate) the RPC-SAMR test. We need to allow these sids

Browse Source 
to be created as foreign, even if they are in a local domain.

Also we do need the user to exist for the life of the test, as we add
it to a group.

Andrew Bartlett
(This used to be commit ae470ff701)
This commit is contained in:
Andrew Bartlett 2006-07-07 07:38:36 +00:00 committed by Gerald (Jerry) Carter
parent 6abc3e05b1
commit 0f215e9947
3 changed files with 66 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
source4/dsdb/samdb/ldb_modules/samldb.c
View File

@ -642,12 +642,10 @@ static int samldb_fill_foreignSecurityPrincipal_object(struct ldb_module *module
"(&(objectSid=%s)(objectclass=domain))",
ldap_encode_ndr_dom_sid(mem_ctx, dom_sid));
if (ret >= 1) {
/* We don't really like the idea of foreign sids that are not foreign, but it happens */
const char *name = samdb_result_string(dom_msgs[0], "name", NULL);
ldb_set_errstring(module->ldb, talloc_asprintf(mem_ctx,
"Attempt to add foreign SID record with SID %s rejected, because this domian (%s) is already in the database",
dom_sid_string(mem_ctx, sid), name));
/* We don't really like the idea of foreign sids that are not foreign */
return LDB_ERR_CONSTRAINT_VIOLATION;
ldb_debug(module->ldb, LDB_DEBUG_TRACE, "NOTE (strange but valid): Adding foreign SID record with SID %s, but this domian (%s) is already in the database",
dom_sid_string(mem_ctx, sid), name);
} else if (ret == -1) {
ldb_set_errstring(module->ldb, talloc_asprintf(mem_ctx,
"samldb_fill_foreignSecurityPrincipal_object: error searching for a domain with this sid: %s\n",

6
source4/script/tests/test_rpc.sh
View File

@ -5,9 +5,9 @@
ncacn_np_tests="RPC-SPOOLSS RPC-SRVSVC RPC-SCHANNEL RPC-JOIN RPC-LSA RPC-ECHO RPC-DSSETUP RPC-ALTERCONTEXT RPC-MULTIBIND NET-API-RPCCONN-BIND NET-API-LISTSHARES NET-API-CREATEUSER NET-API-DELETEUSER"
ncalrpc_tests="RPC-SCHANNEL RPC-JOIN RPC-LSA RPC-ECHO RPC-DSSETUP RPC-ALTERCONTEXT RPC-MULTIBIND NET-API-LISTSHARES NET-API-CREATEUSER NET-API-DELETEUSER"
ncacn_ip_tcp_tests="RPC-SCHANNEL RPC-JOIN RPC-LSA RPC-ECHO RPC-DSSETUP RPC-ALTERCONTEXT RPC-MULTIBIND NET-API-LISTSHARES NET-API-CREATEUSER NET-API-DELETEUSER"
slow_ncacn_np_tests="RPC-SAMLOGON RPC-SAMR-USERS RPC-SAMR-PASSWORDS"
slow_ncalrpc_tests="RPC-SAMLOGON RPC-SAMR-USERS RPC-SAMR-PASSWORDS"
slow_ncacn_ip_tcp_tests="RPC-SAMLOGON RPC-SAMR-USERS RPC-SAMR-PASSWORDS"
slow_ncacn_np_tests="RPC-SAMLOGON RPC-SAMR RPC-SAMR-USERS RPC-SAMR-PASSWORDS"
slow_ncalrpc_tests="RPC-SAMLOGON RPC-SAMR RPC-SAMR-USERS RPC-SAMR-PASSWORDS"
slow_ncacn_ip_tcp_tests="RPC-SAMLOGON RPC-SAMR RPC-SAMR-USERS RPC-SAMR-PASSWORDS"
if [ $# -lt 4 ]; then
cat <<EOF

74
source4/torture/rpc/samr.c
View File

@ -875,7 +875,7 @@ static NTSTATUS test_OpenUser_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
r.out.user_handle = user_handle;
status = dcerpc_samr_OpenUser(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
printf("OpenUser_byname(%s) failed - %s\n", name, nt_errstr(status));
printf("OpenUser_byname(%s -> %d) failed - %s\n", name, rid, nt_errstr(status));
}
return status;
@ -1540,7 +1540,7 @@ static BOOL test_user_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
}
break;
case TORTURE_SAMR_OTHER:
/* Can't happen */
/* We just need the account to exist */
break;
}
talloc_free(user_ctx);
@ -1582,6 +1582,26 @@ static BOOL test_alias_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
}
static BOOL test_DeleteUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *user_handle)
{
struct samr_DeleteUser d;
NTSTATUS status;
BOOL ret = True;
printf("Testing DeleteUser\n");
d.in.user_handle = user_handle;
d.out.user_handle = user_handle;
status = dcerpc_samr_DeleteUser(p, mem_ctx, &d);
if (!NT_STATUS_IS_OK(status)) {
printf("DeleteUser failed - %s\n", nt_errstr(status));
ret = False;
}
return ret;
}
BOOL test_DeleteUser_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *handle, const char *name)
{
@ -1795,6 +1815,7 @@ static BOOL test_ChangePassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
static BOOL test_CreateUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *domain_handle,
struct policy_handle *user_handle_out,
enum torture_samr_choice which_ops)
{
@ -1865,15 +1886,19 @@ static BOOL test_CreateUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
ret = False;
}
printf("Testing DeleteUser (createuser2 test)\n");
d.in.user_handle = &user_handle;
d.out.user_handle = &user_handle;
status = dcerpc_samr_DeleteUser(p, user_ctx, &d);
if (!NT_STATUS_IS_OK(status)) {
printf("DeleteUser failed - %s\n", nt_errstr(status));
if (user_handle_out) {
*user_handle_out = user_handle;
} else {
printf("Testing DeleteUser (createuser test)\n");
d.in.user_handle = &user_handle;
d.out.user_handle = &user_handle;
status = dcerpc_samr_DeleteUser(p, user_ctx, &d);
if (!NT_STATUS_IS_OK(status)) {
printf("DeleteUser failed - %s\n", nt_errstr(status));
ret = False;
}
}
}
@ -2805,7 +2830,7 @@ static BOOL test_QueryDomainInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
}
}
return True;
return ret;
}
@ -3050,6 +3075,7 @@ static BOOL test_AddGroupMember(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
status = test_LookupName(p, mem_ctx, domain_handle, TEST_ACCOUNT_NAME, &rid);
if (!NT_STATUS_IS_OK(status)) {
printf("test_AddGroupMember looking up name " TEST_ACCOUNT_NAME " failed - %s\n", nt_errstr(status));
return False;
}
@ -3150,9 +3176,20 @@ static BOOL test_CreateDomainGroup(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
return True;
}
if (NT_STATUS_EQUAL(status, NT_STATUS_GROUP_EXISTS) ||
NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
if (NT_STATUS_EQUAL(status, NT_STATUS_GROUP_EXISTS)) {
if (!test_DeleteGroup_byname(p, mem_ctx, domain_handle, r.in.name->string)) {
printf("CreateDomainGroup failed: Could not delete domain group %s - %s\n", r.in.name->string,
nt_errstr(status));
return False;
}
status = dcerpc_samr_CreateDomainGroup(p, mem_ctx, &r);
}
if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
if (!test_DeleteUser_byname(p, mem_ctx, domain_handle, r.in.name->string)) {
printf("CreateDomainGroup failed: Could not delete user %s - %s\n", r.in.name->string,
nt_errstr(status));
return False;
}
status = dcerpc_samr_CreateDomainGroup(p, mem_ctx, &r);
@ -3163,6 +3200,7 @@ static BOOL test_CreateDomainGroup(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
}
if (!test_AddGroupMember(p, mem_ctx, domain_handle, group_handle)) {
printf("CreateDomainGroup failed - %s\n", nt_errstr(status));
ret = False;
}
@ -3209,10 +3247,12 @@ static BOOL test_OpenDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct samr_OpenDomain r;
struct policy_handle domain_handle;
struct policy_handle alias_handle;
struct policy_handle user_handle;
struct policy_handle group_handle;
BOOL ret = True;
ZERO_STRUCT(alias_handle);
ZERO_STRUCT(user_handle);
ZERO_STRUCT(group_handle);
ZERO_STRUCT(domain_handle);
@ -3236,10 +3276,11 @@ static BOOL test_OpenDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
switch (which_ops) {
case TORTURE_SAMR_USER_ATTRIBUTES:
case TORTURE_SAMR_PASSWORDS:
ret &= test_CreateUser(p, mem_ctx, &domain_handle, which_ops);
ret &= test_CreateUser(p, mem_ctx, &domain_handle, NULL, which_ops);
ret &= test_CreateUser2(p, mem_ctx, &domain_handle, which_ops);
break;
case TORTURE_SAMR_OTHER:
ret &= test_CreateUser(p, mem_ctx, &domain_handle, &user_handle, which_ops);
ret &= test_QuerySecurity(p, mem_ctx, &domain_handle);
ret &= test_RemoveMemberFromForeignDomain(p, mem_ctx, &domain_handle);
ret &= test_CreateAlias(p, mem_ctx, &domain_handle, &alias_handle, sid);
@ -3268,6 +3309,11 @@ static BOOL test_OpenDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
break;
}
if (!policy_handle_empty(&user_handle) &&
!test_DeleteUser(p, mem_ctx, &user_handle)) {
ret = False;
}
if (!policy_handle_empty(&alias_handle) &&
!test_DeleteAlias(p, mem_ctx, &alias_handle)) {
ret = False;