The branch, master has been updated
via 1e7bec4 lib: Fix a comment
via b23728a lib: Fix whitespace
via 63f649f s4: torture: samr: Add test for
dcesrc_lsa_valid_AccountRight change.
from 61d6882 WHATSNEW: Add Samba AD with MIT Kerberos
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 1e7bec40d103a003905dd6a161366753ff8a5c40
Author: Volker Lendecke <[email protected]>
Date: Sun Apr 23 18:47:25 2017 +0200
lib: Fix a comment
Signed-off-by: Volker Lendecke <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
Autobuild-User(master): Jeremy Allison <[email protected]>
Autobuild-Date(master): Wed May 3 20:00:25 CEST 2017 on sn-devel-144
commit b23728ac736238c5e20cdf5fd42140aa0d2c9761
Author: Volker Lendecke <[email protected]>
Date: Sun Apr 23 18:47:05 2017 +0200
lib: Fix whitespace
Signed-off-by: Volker Lendecke <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
commit 63f649f86009b274903f822e8389e10b7c940d09
Author: Jeremy Allison <[email protected]>
Date: Thu Apr 27 20:31:40 2017 -0700
s4: torture: samr: Add test for dcesrc_lsa_valid_AccountRight change.
Against ad_dc we get NT_STATUS_OK, but against nt_dc we get
NT_STATUS_NO_SUCH_PRIVILEGE,
so check for both. We can't use TARGET_IS_SAMBA3() here as this is set for
talking to smbd
even when run under the ad_dc.
Signed-off-by: Jeremy Allison <[email protected]>
Reviewed-by: Volker Lendecke <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
source3/lib/ldap_escape.c | 6 +++---
source3/selftest/tests.py | 3 +++
source4/torture/rpc/samr.c | 46 +++++++++++++++++++++++++++++++++++++++++++++-
3 files changed, 51 insertions(+), 4 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/lib/ldap_escape.c b/source3/lib/ldap_escape.c
index a731cb9..fa75dab 100644
--- a/source3/lib/ldap_escape.c
+++ b/source3/lib/ldap_escape.c
@@ -24,12 +24,12 @@
/**
* Escape a parameter to an LDAP filter string, so they cannot contain
- * embeded ( ) * or \ chars which may cause it not to parse correctly.
+ * embeded ( ) * or \ chars which may cause it not to parse correctly.
*
* @param s The input string
*
- * @return A string allocated with malloc(), containing the escaped string,
- * and to be free()ed by the caller.
+ * @return A string allocated with talloc(), containing the escaped string,
+ * and to be talloc_free()ed by the caller.
**/
char *escape_ldap_string(TALLOC_CTX *mem_ctx, const char *s)
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 1d02bd2..b4dc417 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -458,6 +458,9 @@ for t in tests:
plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER/compound_find
-U$USERNAME%$PASSWORD')
plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/tmp
-U$USERNAME%$PASSWORD')
plansmbtorture4testsuite(t, "ad_dc", '//$SERVER/tmp
-U$USERNAME%$PASSWORD')
+ elif t == "rpc.samr.users.privileges":
+ plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/tmp
-U$USERNAME%$PASSWORD --option=torture:nt4_dc=true')
+ plansmbtorture4testsuite(t, "ad_dc", '//$SERVER/tmp
-U$USERNAME%$PASSWORD')
else:
plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/tmp
-U$USERNAME%$PASSWORD')
plansmbtorture4testsuite(t, "ad_dc", '//$SERVER/tmp
-U$USERNAME%$PASSWORD')
diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
index dcdbb8a..92861f4 100644
--- a/source4/torture/rpc/samr.c
+++ b/source4/torture/rpc/samr.c
@@ -39,6 +39,7 @@
#include "auth/gensec/gensec.h"
#include "auth/gensec/gensec_proto.h"
#include "../libcli/auth/schannel.h"
+#include "torture/util.h"
#define TEST_ACCOUNT_NAME "samrtorturetest"
#define TEST_ACCOUNT_NAME_PWD "samrpwdlastset"
@@ -4778,6 +4779,41 @@ static bool test_DeleteUser_with_privs(struct
dcerpc_pipe *p,
}
{
+ struct lsa_RightSet rights;
+ struct lsa_StringLarge names[2];
+ struct lsa_AddAccountRights r;
+
+ torture_comment(tctx, "Testing LSA AddAccountRights 1\n");
+
+ init_lsa_StringLarge(&names[0], "SeInteractiveLogonRight");
+ init_lsa_StringLarge(&names[1], NULL);
+
+ rights.count = 1;
+ rights.names = names;
+
+ r.in.handle = lsa_handle;
+ r.in.sid = user_sid;
+ r.in.rights = &rights;
+
+ torture_assert_ntstatus_ok(tctx,
dcerpc_lsa_AddAccountRights_r(lb, tctx, &r),
+ "lsa_AddAccountRights 1 failed");
+
+ if (torture_setting_bool(tctx, "nt4_dc", false)) {
+ /*
+ * The NT4 DC doesn't implement Rights.
+ */
+ torture_assert_ntstatus_equal(tctx, r.out.result,
+ NT_STATUS_NO_SUCH_PRIVILEGE,
+ "Add rights failed with incorrect error");
+ } else {
+ torture_assert_ntstatus_ok(tctx, r.out.result,
+ "Failed to add rights");
+
+ }
+ }
+
+
+ {
struct lsa_EnumAccounts r;
uint32_t resume_handle = 0;
struct lsa_SidArray lsa_sid_array;
@@ -4810,6 +4846,14 @@ static bool test_DeleteUser_with_privs(struct
dcerpc_pipe *p,
{
struct lsa_EnumAccountRights r;
struct lsa_RightSet user_rights;
+ uint32_t expected_count = 2;
+
+ if (torture_setting_bool(tctx, "nt4_dc", false)) {
+ /*
+ * NT4 DC doesn't store rights.
+ */
+ expected_count = 1;
+ }
torture_comment(tctx, "Testing LSA EnumAccountRights\n");
@@ -4822,7 +4866,7 @@ static bool test_DeleteUser_with_privs(struct dcerpc_pipe
*p,
torture_assert_ntstatus_ok(tctx, r.out.result,
"Failed to enum rights for account");
- if (user_rights.count < 1) {
+ if (user_rights.count < expected_count) {
torture_result(tctx, TORTURE_FAIL, "failed to find
newly added rights");
return false;
}
--
Samba Shared Repository
