The branch, master has been updated
via e2e09f5... s4:torture/rpc/samlogon.c - provide a function which
sets and afterwards resets the minimum password age
from 518232d... s4:kinit blackbox test - set/reset also here the
"minPwdAge"
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit e2e09f5c45cef1a826c5ab30272b21771d966013
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Sat Jul 3 21:04:47 2010 +0200
s4:torture/rpc/samlogon.c - provide a function which sets and afterwards
resets the minimum password age
This is needed since we on s4 do now use the Windows Server standard of 1
day.
-----------------------------------------------------------------------
Summary of changes:
source4/torture/rpc/samlogon.c | 97 ++++++++++++++++++++++++++++++++++++++++
1 files changed, 97 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/torture/rpc/samlogon.c b/source4/torture/rpc/samlogon.c
index c59e447..20ffe6c 100644
--- a/source4/torture/rpc/samlogon.c
+++ b/source4/torture/rpc/samlogon.c
@@ -1533,7 +1533,98 @@ bool test_InteractiveLogon(struct dcerpc_pipe *p,
TALLOC_CTX *mem_ctx,
return true;
}
+/* This sets and resets the "minPwdAge" (in order to allow immediate user
+ * password changes). The behaviour is controlled by the "set" boolean. */
+static bool handle_minPwdAge(struct torture_context *torture,
+ TALLOC_CTX *mem_ctx, bool set)
+{
+ struct dcerpc_pipe *p;
+ struct policy_handle connect_handle, domain_handle;
+ struct samr_Connect c_r;
+ struct samr_LookupDomain ld_r;
+ struct samr_OpenDomain od_r;
+ struct samr_QueryDomainInfo qdi_r;
+ struct samr_SetDomainInfo sdi_r;
+ struct samr_Close cl_r;
+ struct lsa_String domName;
+ struct dom_sid *domSid = NULL;
+ union samr_DomainInfo *domInfo = NULL;
+ static int64_t old_minPwdAge = 0;
+ NTSTATUS status;
+
+ status = torture_rpc_connection(torture, &p, &ndr_table_samr);
+ if (!NT_STATUS_IS_OK(status)) {
+ return false;
+ }
+
+ c_r.in.system_name = 0;
+ c_r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+ c_r.out.connect_handle = &connect_handle;
+
+ torture_assert_ntstatus_ok(torture,
+ dcerpc_samr_Connect_r(p->binding_handle,
mem_ctx, &c_r),
+ "Connect failed");
+ torture_assert_ntstatus_ok(torture, c_r.out.result, "Connect failed");
+
+ ld_r.in.connect_handle = &connect_handle;
+ ld_r.in.domain_name = &domName;
+ ld_r.in.domain_name->string = lp_workgroup(torture->lp_ctx);
+ ld_r.out.sid = &domSid;
+
+ torture_assert_ntstatus_ok(torture,
+
dcerpc_samr_LookupDomain_r(p->binding_handle, mem_ctx, &ld_r),
+ "LookupDomain failed");
+ torture_assert_ntstatus_ok(torture, ld_r.out.result,
+ "LookupDomain failed");
+
+ od_r.in.connect_handle = &connect_handle;
+ od_r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+ od_r.in.sid = *ld_r.out.sid;
+ od_r.out.domain_handle = &domain_handle;
+
+ torture_assert_ntstatus_ok(torture,
+ dcerpc_samr_OpenDomain_r(p->binding_handle,
mem_ctx, &od_r),
+ "OpenDomain failed");
+ torture_assert_ntstatus_ok(torture, od_r.out.result,
+ "OpenDomain failed");
+
+ qdi_r.in.domain_handle = &domain_handle;
+ qdi_r.in.level = DomainPasswordInformation;
+ qdi_r.out.info = &domInfo;
+
+ torture_assert_ntstatus_ok(torture,
+
dcerpc_samr_QueryDomainInfo_r(p->binding_handle, mem_ctx, &qdi_r),
+ "QueryDomainInfo failed");
+ torture_assert_ntstatus_ok(torture, qdi_r.out.result,
+ "QueryDomainInfo failed");
+
+ if (set) {
+ old_minPwdAge = domInfo->info1.min_password_age;
+ domInfo->info1.min_password_age = 0;
+ } else {
+ domInfo->info1.min_password_age = old_minPwdAge;
+ }
+
+ sdi_r.in.domain_handle = &domain_handle;
+ sdi_r.in.level = DomainPasswordInformation;
+ sdi_r.in.info = domInfo;
+
+ torture_assert_ntstatus_ok(torture,
+
dcerpc_samr_SetDomainInfo_r(p->binding_handle, mem_ctx, &sdi_r),
+ "SetDomainInfo failed");
+ torture_assert_ntstatus_ok(torture, sdi_r.out.result,
+ "SetDomainInfo failed");
+ cl_r.in.handle = &connect_handle;
+ cl_r.out.handle = &connect_handle;
+
+ torture_assert_ntstatus_ok(torture,
+ dcerpc_samr_Close_r(p->binding_handle,
mem_ctx, &cl_r),
+ "Close failed");
+ torture_assert_ntstatus_ok(torture, cl_r.out.result, "Close failed");
+
+ return true;
+}
bool torture_rpc_samlogon(struct torture_context *torture)
{
@@ -1565,6 +1656,9 @@ bool torture_rpc_samlogon(struct torture_context *torture)
struct netlogon_creds_CredentialState *creds;
struct dcerpc_pipe *tmp_p = NULL;
+ torture_assert(torture, handle_minPwdAge(torture, mem_ctx, true),
+ "handle_minPwdAge error!");
+
test_machine_account = talloc_asprintf(mem_ctx, "%s$",
TEST_MACHINE_NAME);
/* We only need to join as a workstation here, and in future,
* if we wish to test against trusted domains, we must be a
@@ -1916,6 +2010,9 @@ bool torture_rpc_samlogon(struct torture_context *torture)
}
failed:
+ torture_assert(torture, handle_minPwdAge(torture, mem_ctx, false),
+ "handle_minPwdAge error!");
+
talloc_free(mem_ctx);
torture_leave_domain(torture, join_ctx);
--
Samba Shared Repository
