[SCM] Samba Shared Repository - branch v3-6-test updated

Karolin Seeger Mon, 14 Nov 2011 11:06:10 -0800

The branch, v3-6-test has been updated
       via  4d52675 samr: filterModuleName is a lsa_String in 
userPwdChangeFailureInformation.
       via  9c79251 s4-smbtorture: demonstrate how broken our 
samr_ChangePasswordUser3 marshalling is...
      from  a0cfd19 s3:idmap_autorid: document allocation pool


http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test


- Log -----------------------------------------------------------------
commit 4d52675716997057941390c5711850c36786ef15
Author: Günther Deschner <[email protected]>
Date:   Tue Nov 8 16:00:10 2011 +0100

    samr: filterModuleName is a lsa_String in userPwdChangeFailureInformation.
    
    The entire marshalling of samr_ChangePasswordUser3 broke with 
c2685cdedb430ae75a94e86f34484292b4269363.
    
    Matthias, the bad effect of this change was that actually all failed 
password
    change attempts will always return NT_STATUS_OK because the last 4 bytes 
(the
    resulting status code) were not marshalled anymore.
    
    Guenther
    
    Autobuild-User: Günther Deschner <[email protected]>
    Autobuild-Date: Wed Nov  9 00:41:13 CET 2011 on sn-devel-104
    (cherry picked from commit 8a18edf1c2d553105cfcadec4d892e4e5a0fdba1)
    
    The last 2 patches address bug #8591 (samr_ChangePasswordUser3 IDL 
incorrect).

commit 9c7925120a06a3511f88d768fd9c459023d3c0fe
Author: Günther Deschner <[email protected]>
Date:   Tue Nov 8 15:58:34 2011 +0100

    s4-smbtorture: demonstrate how broken our samr_ChangePasswordUser3 
marshalling is...
    
    Guenther
    (cherry picked from commit bfe084bd8bbdfa0a0fa31521584f3bc142785fb8)

-----------------------------------------------------------------------

Summary of changes:
 librpc/idl/samr.idl        |    2 +-
 source4/torture/ndr/samr.c |   34 ++++++++++++++++++++++++++++++++++
 2 files changed, 35 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/librpc/idl/samr.idl b/librpc/idl/samr.idl
index cafffc2..78afb81 100644
--- a/librpc/idl/samr.idl
+++ b/librpc/idl/samr.idl
@@ -1455,7 +1455,7 @@ import "misc.idl", "lsa.idl", "security.idl";
 
        typedef struct {
                samPwdChangeReason extendedFailureReason;
-               [string,charset(UTF16)] uint16 *filterModuleName;
+               lsa_String filterModuleName;
        } userPwdChangeFailureInformation;
 
        [public] NTSTATUS samr_ChangePasswordUser3(
diff --git a/source4/torture/ndr/samr.c b/source4/torture/ndr/samr.c
index 25b9d0a..c934931 100644
--- a/source4/torture/ndr/samr.c
+++ b/source4/torture/ndr/samr.c
@@ -277,6 +277,34 @@ static const uint8_t 
samr_changepassworduser3_w2k_out_data[] = {
        0xbb, 0x00, 0x00, 0xc0
 };
 
+static const uint8_t samr_changepassworduser3_w2k8r2_out_data[] = {
+       0x00, 0x00, 0x02, 0x00, 0x07, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+       0x00, 0x80, 0xa6, 0x0a, 0xff, 0xde, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
+       0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x02, 0x00, 0x05, 0x00, 0x00, 0x00,
+       0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x6c, 0x00, 0x00, 0xc0
+};
+
+static bool samr_changepassworduser3_w2k8r2_out_check(struct torture_context 
*tctx,
+                                                     struct 
samr_ChangePasswordUser3 *r)
+{
+       struct samr_DomInfo1 *dominfo = *r->out.dominfo;
+       struct userPwdChangeFailureInformation *reject = *r->out.reject;
+
+       torture_assert_int_equal(tctx, dominfo->min_password_length, 7, 
"min_password_length");
+       torture_assert_int_equal(tctx, dominfo->password_history_length, 0, 
"password_history_length");
+       torture_assert_int_equal(tctx, dominfo->password_properties, 
DOMAIN_PASSWORD_COMPLEX, "password_properties");
+       torture_assert_u64_equal(tctx, dominfo->max_password_age, 
0xffffdeff0aa68000, "max_password_age");
+       torture_assert_u64_equal(tctx, dominfo->min_password_age, 
0x0000000000000000, "min_password_age");
+
+       torture_assert_int_equal(tctx, reject->extendedFailureReason, 
SAM_PWD_CHANGE_NOT_COMPLEX, "extendedFailureReason");
+       torture_assert_int_equal(tctx, reject->filterModuleName.length, 0, 
"filterModuleName.length");
+       torture_assert_int_equal(tctx, reject->filterModuleName.size, 0, 
"filterModuleName.size");
+
+       torture_assert_ntstatus_equal(tctx, r->out.result, 
NT_STATUS_PASSWORD_RESTRICTION, "result");
+
+       return true;
+}
+
 struct torture_suite *ndr_samr_suite(TALLOC_CTX *ctx)
 {
        struct torture_suite *suite = torture_suite_create(ctx, "samr");
@@ -313,6 +341,12 @@ struct torture_suite *ndr_samr_suite(TALLOC_CTX *ctx)
        /* Samba currently fails to parse a w2k reply */
        torture_suite_add_ndr_pull_fn_test(suite, samr_ChangePasswordUser3, 
samr_changepassworduser3_w2k_out_data, NDR_OUT, NULL);
 #endif
+       torture_suite_add_ndr_pull_fn_test(suite,
+                                          samr_ChangePasswordUser3,
+                                          
samr_changepassworduser3_w2k8r2_out_data,
+                                          NDR_OUT,
+                                          
samr_changepassworduser3_w2k8r2_out_check);
+
        return suite;
 }
 


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v3-6-test updated

Reply via email to