The branch, master has been updated
via 4fc51ad... s4:repl_meta_data LDB module - fix counter type
via fc2d8fc... s4:acl LDB module - fix counter type
via e5c5d37... s4:dcesrv_drsuapi.c - fix a counter variable
via 666b611... s4:selftest - also "rpc.samr.users.privileges" does work
now
via 4826fdf... s4:lsa RPC server - Fix up "dcesrv_lsa_DeleteObject"
via d01e36e... s4:knownfail - "pwdLastSet" test does work now
via 5606173... s4:torture/rpc/samr.c - test_SetPassword_LastSet -
introduce the delays also for s4
via c0160d0... s4:torture - SAMR password tests - activate support for
password sets on level "18" and "21"
via b200d8a... s4:selftest - activate the lanman password changes
via d6098de... s4:dcesrv_samr_SetUserInfo - implement right
"pwdLastSet" behaviour
via 3c1a9fb... s4:dcesrv_samr_SetUserInfo - deny operations when
"fields_present" is 0
via ea83d21... s4:dcesrv_samr_SetUserInfo - port the
"SAMR_FIELD_LAST_PWD_CHANGE" check from s3 to s4
via 4c63bb3... s4:dcesrv_samr_SetUserInfo - implement password set
level 21
via b705026... s4:dcesrv_samr_SetUserInfo - implement case 18 which
allows to reset the user password
via 8feda76... s4:OemChangePasswordUser2 - return
"NT_STATUS_WRONG_PASSWORD" when we haven't activated the the lanman auth
via 8f20a55... s4:samr_password.c - add a function which sets the
password through encrypted password hashes
from 427c953... s4-smbtorture: fix typo.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 4fc51ad07a1787241a4065d35c0d2783661e3a6a
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Mon Jun 28 11:25:43 2010 +0200
s4:repl_meta_data LDB module - fix counter type
commit fc2d8fcb83909845e4b4676ba37143dcb778d5ff
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Mon Jun 28 11:25:43 2010 +0200
s4:acl LDB module - fix counter type
commit e5c5d371d144847ce1fbb8daa634d6bfbc1af1ac
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Mon Jun 28 11:21:56 2010 +0200
s4:dcesrv_drsuapi.c - fix a counter variable
commit 666b611182562ad787d349f3a29c07c61339eee0
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Mon Jun 28 11:08:19 2010 +0200
s4:selftest - also "rpc.samr.users.privileges" does work now
commit 4826fdf95f68b63e5d35e13f8d033db0d0949587
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Mon Jun 28 11:05:59 2010 +0200
s4:lsa RPC server - Fix up "dcesrv_lsa_DeleteObject"
- Return always "NT_STATUS_OK" on success
- Remove "talloc_free"s on handles since the frees are automatically
performed by
the DCE/RPC server code
commit d01e36e64716d8184eb225e1feb84ab464333139
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Mon Jun 28 10:45:26 2010 +0200
s4:knownfail - "pwdLastSet" test does work now
commit 560617399745cd04ddbe8ebe02662d631add9a05
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Mon Jun 28 10:43:11 2010 +0200
s4:torture/rpc/samr.c - test_SetPassword_LastSet - introduce the delays
also for s4
commit c0160d0614ad74be275d4008559a45da3d79d2e7
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Sat Jun 12 15:47:14 2010 +0200
s4:torture - SAMR password tests - activate support for password sets on
level "18" and "21"
commit b200d8a5ca2d58f5351b6963c864aa52db925f65
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Tue Jun 22 22:11:00 2010 +0200
s4:selftest - activate the lanman password changes
This is needed for a working "OemChangePasswordUser2" operation.
commit d6098de507ed46750ecd8063c075c5b1b2b3d32d
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Mon Jun 21 22:26:31 2010 +0200
s4:dcesrv_samr_SetUserInfo - implement right "pwdLastSet" behaviour
Behaviour as the torture SAMR passwords tests show.
commit 3c1a9fb87fe165485abaa694e9d9616e46c8cf6e
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Sun Jun 27 23:13:14 2010 +0200
s4:dcesrv_samr_SetUserInfo - deny operations when "fields_present" is 0
Taken from s3
commit ea83d21341306dfab1f14c9491856a9414a29669
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Mon Jun 21 14:54:19 2010 +0200
s4:dcesrv_samr_SetUserInfo - port the "SAMR_FIELD_LAST_PWD_CHANGE" check
from s3 to s4
commit 4c63bb312fa33f6188e543a62282012edb651bbb
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Mon Jun 21 14:41:27 2010 +0200
s4:dcesrv_samr_SetUserInfo - implement password set level 21
commit b7050267717d7fba0ee4c6bf375e3cc9d2864717
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Sat Jun 12 14:40:11 2010 +0200
s4:dcesrv_samr_SetUserInfo - implement case 18 which allows to reset the
user password
commit 8feda76d4fb4dac680b13e3234925802fb32e7f1
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Mon Jun 21 22:59:11 2010 +0200
s4:OemChangePasswordUser2 - return "NT_STATUS_WRONG_PASSWORD" when we
haven't activated the the lanman auth
This is what s3 does.
commit 8f20a5512a91cb9c6e2e50040cd0b61d39521d69
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Mon Jun 21 21:16:20 2010 +0200
s4:samr_password.c - add a function which sets the password through
encrypted password hashes
Used for password sets on "samr_SetUserInfo" level 18 and 21.
-----------------------------------------------------------------------
Summary of changes:
selftest/target/Samba4.pm | 1 +
source4/dsdb/samdb/ldb_modules/acl.c | 3 +-
source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 2 +-
source4/rpc_server/drsuapi/dcesrv_drsuapi.c | 3 +-
source4/rpc_server/lsa/dcesrv_lsa.c | 9 +-
source4/rpc_server/samr/dcesrv_samr.c | 133 ++++++++++++++++++++++-
source4/rpc_server/samr/samr_password.c | 50 +++++++++-
source4/selftest/knownfail | 2 -
source4/torture/rpc/samr.c | 42 ++++----
9 files changed, 211 insertions(+), 34 deletions(-)
Changeset truncated at 500 lines:
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index f3eebf1..b574623 100644
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -744,6 +744,7 @@ sub provision($$$$$$$$$)
server max protocol = SMB2
$extra_smbconf_options
host msdfs = $msdfs
+ lanman auth = yes
[tmp]
path = $ctx->{tmpdir}
diff --git a/source4/dsdb/samdb/ldb_modules/acl.c
b/source4/dsdb/samdb/ldb_modules/acl.c
index b2aeb2a..bd788d4 100644
--- a/source4/dsdb/samdb/ldb_modules/acl.c
+++ b/source4/dsdb/samdb/ldb_modules/acl.c
@@ -704,7 +704,8 @@ static int acl_check_self_membership(struct ldb_module
*module,
const struct GUID *oc_guid,
const struct dsdb_attribute *attr)
{
- int ret, i;
+ int ret;
+ unsigned int i;
TALLOC_CTX *tmp_ctx = talloc_new(req);
struct ldb_context *ldb = ldb_module_get_ctx(module);
struct ldb_dn *user_dn;
diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
index 0a5655a..98a3c16 100644
--- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
+++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
@@ -2831,7 +2831,7 @@ static struct replPropertyMetaData1 *
replmd_replPropertyMetaData1_find_attid(struct replPropertyMetaDataBlob
*md_blob,
enum drsuapi_DsAttributeId attid)
{
- int i;
+ uint32_t i;
struct replPropertyMetaDataCtr1 *rpmd_ctr = &md_blob->ctr.ctr1;
for (i = 0; i < rpmd_ctr->count; i++) {
diff --git a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
index 5d3c513..0f49a73 100644
--- a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
+++ b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
@@ -352,8 +352,7 @@ static WERROR dcesrv_drsuapi_DsCrackNames(struct
dcesrv_call_state *dce_call, TA
case 1: {
struct drsuapi_DsNameCtr1 *ctr1;
struct drsuapi_DsNameInfo1 *names;
- int count;
- int i;
+ uint32_t i, count;
ctr1 = talloc(mem_ctx, struct drsuapi_DsNameCtr1);
W_ERROR_HAVE_NO_MEMORY(ctr1);
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c
b/source4/rpc_server/lsa/dcesrv_lsa.c
index 57c73e4..85fddf7 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -186,13 +186,12 @@ static NTSTATUS dcesrv_lsa_DeleteObject(struct
dcesrv_call_state *dce_call, TALL
case SECURITY_ADMINISTRATOR:
break;
default:
- /* Users and annonymous are not allowed delete things */
+ /* Users and anonymous are not allowed to delete things
*/
return NT_STATUS_ACCESS_DENIED;
}
ret = ldb_delete(secret_state->sam_ldb,
secret_state->secret_dn);
- talloc_free(h);
if (ret != LDB_SUCCESS) {
return NT_STATUS_INVALID_HANDLE;
}
@@ -200,6 +199,7 @@ static NTSTATUS dcesrv_lsa_DeleteObject(struct
dcesrv_call_state *dce_call, TALL
ZERO_STRUCTP(r->out.handle);
return NT_STATUS_OK;
+
} else if (h->wire_handle.handle_type == LSA_HANDLE_TRUSTED_DOMAIN) {
struct lsa_trusted_domain_state *trusted_domain_state =
talloc_get_type(h->data, struct
lsa_trusted_domain_state);
@@ -228,10 +228,11 @@ static NTSTATUS dcesrv_lsa_DeleteObject(struct
dcesrv_call_state *dce_call, TALL
if (ret != LDB_SUCCESS) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
- talloc_free(h);
+
ZERO_STRUCTP(r->out.handle);
return NT_STATUS_OK;
+
} else if (h->wire_handle.handle_type == LSA_HANDLE_ACCOUNT) {
struct lsa_RightSet *rights;
struct lsa_account_state *astate;
@@ -272,6 +273,8 @@ static NTSTATUS dcesrv_lsa_DeleteObject(struct
dcesrv_call_state *dce_call, TALL
}
ZERO_STRUCTP(r->out.handle);
+
+ return NT_STATUS_OK;
}
return NT_STATUS_INVALID_HANDLE;
diff --git a/source4/rpc_server/samr/dcesrv_samr.c
b/source4/rpc_server/samr/dcesrv_samr.c
index 67098f6..9200d37 100644
--- a/source4/rpc_server/samr/dcesrv_samr.c
+++ b/source4/rpc_server/samr/dcesrv_samr.c
@@ -3168,11 +3168,36 @@ static NTSTATUS dcesrv_samr_SetUserInfo(struct
dcesrv_call_state *dce_call, TALL
SET_UINT64(msg, info17.acct_expiry, "accountExpires");
break;
+ case 18:
+ status = samr_set_password_buffers(dce_call,
+ a_state->sam_ctx,
+ a_state->account_dn,
+
a_state->domain_state->domain_dn,
+ mem_ctx,
+
r->in.info->info18.lm_pwd_active ? r->in.info->info18.lm_pwd.hash : NULL,
+
r->in.info->info18.nt_pwd_active ? r->in.info->info18.nt_pwd.hash : NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ if (r->in.info->info18.password_expired > 0) {
+ struct ldb_message_element *set_el;
+ if (samdb_msg_add_uint64(sam_ctx, mem_ctx, msg,
"pwdLastSet", 0) != LDB_SUCCESS) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ set_el = ldb_msg_find_element(msg, "pwdLastSet");
+ set_el->flags = LDB_FLAG_MOD_REPLACE;
+ }
+ break;
+
case 20:
SET_PARAMETERS(msg, info20.parameters, "userParameters");
break;
case 21:
+ if (r->in.info->info21.fields_present == 0)
+ return NT_STATUS_INVALID_PARAMETER;
+
#define IFSET(bit) if (bit & r->in.info->info21.fields_present)
IFSET(SAMR_FIELD_ACCT_EXPIRY)
SET_UINT64(msg, info21.acct_expiry,
"accountExpires");
@@ -3206,10 +3231,58 @@ static NTSTATUS dcesrv_samr_SetUserInfo(struct
dcesrv_call_state *dce_call, TALL
SET_UINT (msg, info21.country_code, "countryCode");
IFSET(SAMR_FIELD_CODE_PAGE)
SET_UINT (msg, info21.code_page, "codePage");
+
+ /* password change fields */
+ IFSET(SAMR_FIELD_LAST_PWD_CHANGE)
+ return NT_STATUS_ACCESS_DENIED;
+
+ IFSET((SAMR_FIELD_LM_PASSWORD_PRESENT
+ | SAMR_FIELD_NT_PASSWORD_PRESENT)) {
+ uint8_t *lm_pwd_hash = NULL, *nt_pwd_hash = NULL;
+
+ if (r->in.info->info21.lm_password_set) {
+ if ((r->in.info->info21.lm_owf_password.length
!= 16)
+ || (r->in.info->info21.lm_owf_password.size !=
16)) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ lm_pwd_hash = (uint8_t *)
r->in.info->info21.lm_owf_password.array;
+ }
+ if (r->in.info->info21.nt_password_set) {
+ if ((r->in.info->info21.nt_owf_password.length
!= 16)
+ || (r->in.info->info21.nt_owf_password.size !=
16)) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ nt_pwd_hash = (uint8_t *)
r->in.info->info21.nt_owf_password.array;
+ }
+ status = samr_set_password_buffers(dce_call,
+ a_state->sam_ctx,
+ a_state->account_dn,
+
a_state->domain_state->domain_dn,
+ mem_ctx,
+ lm_pwd_hash,
+ nt_pwd_hash);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ }
+
+ IFSET(SAMR_FIELD_EXPIRED_FLAG) {
+ struct ldb_message_element *set_el;
+ if (samdb_msg_add_uint64(sam_ctx, mem_ctx, msg,
"pwdLastSet", 0) != LDB_SUCCESS) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ set_el = ldb_msg_find_element(msg, "pwdLastSet");
+ set_el->flags = LDB_FLAG_MOD_REPLACE;
+ }
#undef IFSET
break;
case 23:
+ if (r->in.info->info23.info.fields_present == 0)
+ return NT_STATUS_INVALID_PARAMETER;
+
#define IFSET(bit) if (bit & r->in.info->info23.info.fields_present)
IFSET(SAMR_FIELD_ACCT_EXPIRY)
SET_UINT64(msg, info23.info.acct_expiry,
"accountExpires");
@@ -3244,6 +3317,10 @@ static NTSTATUS dcesrv_samr_SetUserInfo(struct
dcesrv_call_state *dce_call, TALL
IFSET(SAMR_FIELD_CODE_PAGE)
SET_UINT (msg, info23.info.code_page, "codePage");
+ /* password change fields */
+ IFSET(SAMR_FIELD_LAST_PWD_CHANGE)
+ return NT_STATUS_ACCESS_DENIED;
+
IFSET(SAMR_FIELD_NT_PASSWORD_PRESENT) {
status = samr_set_password(dce_call,
a_state->sam_ctx,
@@ -3259,6 +3336,18 @@ static NTSTATUS dcesrv_samr_SetUserInfo(struct
dcesrv_call_state *dce_call, TALL
mem_ctx,
&r->in.info->info23.password);
}
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ IFSET(SAMR_FIELD_EXPIRED_FLAG) {
+ struct ldb_message_element *set_el;
+ if (samdb_msg_add_uint64(sam_ctx, mem_ctx, msg,
"pwdLastSet", 0) != LDB_SUCCESS) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ set_el = ldb_msg_find_element(msg, "pwdLastSet");
+ set_el->flags = LDB_FLAG_MOD_REPLACE;
+ }
#undef IFSET
break;
@@ -3270,9 +3359,24 @@ static NTSTATUS dcesrv_samr_SetUserInfo(struct
dcesrv_call_state *dce_call, TALL
a_state->domain_state->domain_dn,
mem_ctx,
&r->in.info->info24.password);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ if (r->in.info->info24.password_expired > 0) {
+ struct ldb_message_element *set_el;
+ if (samdb_msg_add_uint64(sam_ctx, mem_ctx, msg,
"pwdLastSet", 0) != LDB_SUCCESS) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ set_el = ldb_msg_find_element(msg, "pwdLastSet");
+ set_el->flags = LDB_FLAG_MOD_REPLACE;
+ }
break;
case 25:
+ if (r->in.info->info25.info.fields_present == 0)
+ return NT_STATUS_INVALID_PARAMETER;
+
#define IFSET(bit) if (bit & r->in.info->info25.info.fields_present)
IFSET(SAMR_FIELD_ACCT_EXPIRY)
SET_UINT64(msg, info25.info.acct_expiry,
"accountExpires");
@@ -3307,6 +3411,10 @@ static NTSTATUS dcesrv_samr_SetUserInfo(struct
dcesrv_call_state *dce_call, TALL
IFSET(SAMR_FIELD_CODE_PAGE)
SET_UINT (msg, info25.info.code_page, "codePage");
+ /* password change fields */
+ IFSET(SAMR_FIELD_LAST_PWD_CHANGE)
+ return NT_STATUS_ACCESS_DENIED;
+
IFSET(SAMR_FIELD_NT_PASSWORD_PRESENT) {
status = samr_set_password_ex(dce_call,
a_state->sam_ctx,
@@ -3322,6 +3430,18 @@ static NTSTATUS dcesrv_samr_SetUserInfo(struct
dcesrv_call_state *dce_call, TALL
mem_ctx,
&r->in.info->info25.password);
}
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ IFSET(SAMR_FIELD_EXPIRED_FLAG) {
+ struct ldb_message_element *set_el;
+ if (samdb_msg_add_uint64(sam_ctx, mem_ctx, msg,
"pwdLastSet", 0) != LDB_SUCCESS) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ set_el = ldb_msg_find_element(msg, "pwdLastSet");
+ set_el->flags = LDB_FLAG_MOD_REPLACE;
+ }
#undef IFSET
break;
@@ -3333,8 +3453,19 @@ static NTSTATUS dcesrv_samr_SetUserInfo(struct
dcesrv_call_state *dce_call, TALL
a_state->domain_state->domain_dn,
mem_ctx,
&r->in.info->info26.password);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ if (r->in.info->info26.password_expired > 0) {
+ struct ldb_message_element *set_el;
+ if (samdb_msg_add_uint64(sam_ctx, mem_ctx, msg,
"pwdLastSet", 0) != LDB_SUCCESS) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ set_el = ldb_msg_find_element(msg, "pwdLastSet");
+ set_el->flags = LDB_FLAG_MOD_REPLACE;
+ }
break;
-
default:
/* many info classes are not valid for SetUserInfo */
diff --git a/source4/rpc_server/samr/samr_password.c
b/source4/rpc_server/samr/samr_password.c
index 288df91..ff24781 100644
--- a/source4/rpc_server/samr/samr_password.c
+++ b/source4/rpc_server/samr/samr_password.c
@@ -184,7 +184,7 @@ NTSTATUS dcesrv_samr_OemChangePasswordUser2(struct
dcesrv_call_state *dce_call,
/* this call can only work with lanman auth */
if (!lp_lanman_auth(dce_call->conn->dce_ctx->lp_ctx)) {
- return NT_STATUS_NOT_SUPPORTED;
+ return NT_STATUS_WRONG_PASSWORD;
}
/* To change a password we need to open as system */
@@ -554,3 +554,51 @@ NTSTATUS samr_set_password_ex(struct dcesrv_call_state
*dce_call,
NULL, NULL);
}
+/*
+ set password via encrypted NT and LM hash buffers
+*/
+NTSTATUS samr_set_password_buffers(struct dcesrv_call_state *dce_call,
+ struct ldb_context *sam_ctx,
+ struct ldb_dn *account_dn,
+ struct ldb_dn *domain_dn,
+ TALLOC_CTX *mem_ctx,
+ const uint8_t *lm_pwd_hash,
+ const uint8_t *nt_pwd_hash)
+{
+ struct samr_Password *d_lm_pwd_hash = NULL, *d_nt_pwd_hash = NULL;
+ DATA_BLOB session_key = data_blob(NULL, 0);
+ DATA_BLOB in, out;
+ NTSTATUS nt_status = NT_STATUS_OK;
+
+ nt_status = dcesrv_fetch_session_key(dce_call->conn, &session_key);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ return nt_status;
+ }
+
+ if (lm_pwd_hash != NULL) {
+ in = data_blob_const(lm_pwd_hash, 16);
+ out = data_blob_talloc_zero(mem_ctx, 16);
+
+ sess_crypt_blob(&out, &in, &session_key, false);
+
+ d_lm_pwd_hash = (struct samr_Password *) out.data;
+ }
+ if (nt_pwd_hash != NULL) {
+ in = data_blob_const(nt_pwd_hash, 16);
+ out = data_blob_talloc_zero(mem_ctx, 16);
+
+ sess_crypt_blob(&out, &in, &session_key, false);
+
+ d_nt_pwd_hash = (struct samr_Password *) out.data;
+ }
+
+ if ((d_lm_pwd_hash != NULL) || (d_nt_pwd_hash != NULL)) {
+ nt_status = samdb_set_password(sam_ctx, mem_ctx, account_dn,
+ domain_dn, NULL,
+ d_lm_pwd_hash, d_nt_pwd_hash,
+ false, /* this is a password set
*/
+ NULL, NULL);
+ }
+
+ return nt_status;
+}
diff --git a/source4/selftest/knownfail b/source4/selftest/knownfail
index cec71b1..a1f383e 100644
--- a/source4/selftest/knownfail
+++ b/source4/selftest/knownfail
@@ -34,10 +34,8 @@ samba4.rpc.netlogon.*.GetPassword
samba4.rpc.netlogon.*.GetTrustPasswords
samba4.rpc.netlogon.*.DatabaseRedo
samba4.rpc.netlogon.*.ServerGetTrustInfo
-samba4.rpc.samr.passwords.pwdlastset # Not provided by Samba 4 yet
samba4.rpc.samr.passwords.badpwdcount # Not provided by Samba 4 yet
samba4.rpc.samr.passwords.lockout
-samba4.rpc.samr.users.privileges
samba4.rpc.spoolss # Not provided by Samba 4 yet
samba4.base.charset.*.Testing partial surrogate
.*net.api.delshare.* # DelShare isn't implemented yet
diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
index c514ed6..59f020d 100644
--- a/source4/torture/rpc/samr.c
+++ b/source4/torture/rpc/samr.c
@@ -3111,7 +3111,8 @@ static bool test_SetPassword_pwdlastset(struct
dcerpc_pipe *p,
};
struct dcerpc_pipe *np = NULL;
- if (torture_setting_bool(tctx, "samba3", false)) {
+ if (torture_setting_bool(tctx, "samba3", false) ||
+ torture_setting_bool(tctx, "samba4", false)) {
delay = 999999;
torture_comment(tctx, "Samba3 has second granularity, setting
delay to: %d\n",
delay);
@@ -4684,34 +4685,29 @@ static bool test_user_ops(struct dcerpc_pipe *p,
ret = false;
}
- if (torture_setting_bool(tctx, "samba4", false)) {
- torture_comment(tctx, "skipping Set Password level 18
and 21 against Samba4\n");
- } else {
+ if (!test_SetUserPass_18(p, tctx, user_handle, &password)) {
+ ret = false;
+ }
- if (!test_SetUserPass_18(p, tctx, user_handle,
&password)) {
- ret = false;
+ if (!test_ChangePasswordUser3(p, tctx, base_acct_name, 0,
&password, NULL, 0, false)) {
+ ret = false;
+ }
+
+ for (i = 0; password_fields[i]; i++) {
+
+ if (password_fields[i] ==
SAMR_FIELD_LM_PASSWORD_PRESENT) {
+ /* we need to skip as that would break
+ * the ChangePasswordUser3 verify */
+ continue;
}
- if (!test_ChangePasswordUser3(p, tctx, base_acct_name,
0, &password, NULL, 0, false)) {
+ if (!test_SetUserPass_21(p, tctx, user_handle,
password_fields[i], &password)) {
ret = false;
}
- for (i = 0; password_fields[i]; i++) {
-
- if (password_fields[i] ==
SAMR_FIELD_LM_PASSWORD_PRESENT) {
- /* we need to skip as that would break
- * the ChangePasswordUser3 verify */
- continue;
- }
-
- if (!test_SetUserPass_21(p, tctx, user_handle,
password_fields[i], &password)) {
- ret = false;
- }
-
- /* check it was set right */
- if (!test_ChangePasswordUser3(p, tctx,
base_acct_name, 0, &password, NULL, 0, false)) {
- ret = false;
- }
+ /* check it was set right */
+ if (!test_ChangePasswordUser3(p, tctx, base_acct_name,
0, &password, NULL, 0, false)) {
+ ret = false;
}
}
--
Samba Shared Repository
