The branch, v3-4-test has been updated via 69907810fee3253096958bf174a052d3cb3b385c (commit) via e9ed9e7f90c39d38dd40871bb915adda2e9951ff (commit) via c1dca5a5f0becdd5f7041e91245cf9d9ae0dfd13 (commit) via b4817feb9ec5e9ac9e610fdda31dfa64295c6822 (commit) via 5e726f1843cd8ecb29588f6a00196354c6bc6708 (commit) via 7e41fce5aa9b97eb4cf3c29bf6542b05051e1f27 (commit) via e172757782d17ba1066d1cefe18e2a8d55b3ce96 (commit) from 31eec30c33b300d93f6d6895f6d0e6b06e0c2185 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test - Log ----------------------------------------------------------------- commit 69907810fee3253096958bf174a052d3cb3b385c Author: Günther Deschner <g...@samba.org> Date: Mon May 25 14:05:18 2009 +0200 s3-samr: Fix Bug #6372, usermanager only displaying 1024 groups and aliases. This is now also verified with the RPC-SAMR-LARGE-DC test. Guenther (cherry picked from commit fca7dce1a908570e463ddcbd663955fcafd1d843) commit e9ed9e7f90c39d38dd40871bb915adda2e9951ff Author: Günther Deschner <g...@samba.org> Date: Mon May 25 14:03:16 2009 +0200 s3-selftest: enable RPC-SAMR-LARGE-DC against Samba3. This will fail for alias creation as nss_wrapper does not yet wrap around libnss_winbind. Guenther (cherry picked from commit f0139e3b69a866a6154d0b349410fc0b3bfc30af) commit c1dca5a5f0becdd5f7041e91245cf9d9ae0dfd13 Author: Günther Deschner <g...@samba.org> Date: Mon May 25 13:08:58 2009 +0200 s4-smbtorture: add RPC-SAMR-LARGE-DC test. This rather simple test creates 4500 objects on a domain controller and checks the enum calls for the correct number of results. Guenther (cherry picked from commit eb5e8dc82efae20c95a391a15c1264f2267e5a74) commit b4817feb9ec5e9ac9e610fdda31dfa64295c6822 Author: Günther Deschner <g...@samba.org> Date: Fri May 22 19:04:25 2009 +0200 s4-smbtorture: rename test_EnumDomain{Users,Groups,Aliases} in RPC-SAMR. Guenther (cherry picked from commit a75698bdf3b62d43e4909e5bfded70f6675b2058) commit 5e726f1843cd8ecb29588f6a00196354c6bc6708 Author: Günther Deschner <g...@samba.org> Date: Thu May 21 18:12:29 2009 +0200 s4-smbtorture: re-work test_Create{User,Group,Alias} a little. Guenther (cherry picked from commit 05e6ebb7f812eed95b8407e65cf438e04d6e3789) commit 7e41fce5aa9b97eb4cf3c29bf6542b05051e1f27 Author: Günther Deschner <g...@samba.org> Date: Fri May 22 17:56:37 2009 +0200 s3-pamsmbpass: copy _pam_get_item and _pam_get_data from pam_winbind. Guenther (cherry picked from commit 1950e180caf707346300b83021624d586cc3776d) commit e172757782d17ba1066d1cefe18e2a8d55b3ce96 Author: Günther Deschner <g...@samba.org> Date: Fri May 22 16:48:01 2009 +0200 s3-rpcclient: use get_domain_handle() fn in enum domain users & groups. Guenther (cherry picked from commit 86d087fccc30a82cb1fe3a71d0353634496e72c4) ----------------------------------------------------------------------- Summary of changes: source3/pam_smbpass/pam_smb_auth.c | 4 +- source3/pam_smbpass/pam_smb_passwd.c | 8 +- source3/pam_smbpass/support.c | 38 +++- source3/pam_smbpass/support.h | 7 + source3/rpc_server/srv_samr_nt.c | 12 + source3/rpcclient/cmd_samr.c | 22 +- source3/script/tests/test_posix_s3.sh | 2 +- source4/torture/rpc/rpc.c | 1 + source4/torture/rpc/samr.c | 407 ++++++++++++++++++++++++++++++-- 9 files changed, 447 insertions(+), 54 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/pam_smbpass/pam_smb_auth.c b/source3/pam_smbpass/pam_smb_auth.c index 3dceb52..b5a6a47 100644 --- a/source3/pam_smbpass/pam_smb_auth.c +++ b/source3/pam_smbpass/pam_smb_auth.c @@ -179,7 +179,7 @@ int pam_sm_setcred(pam_handle_t *pamh, int flags, retval = PAM_SUCCESS; - pam_get_data(pamh, "smb_setcred_return", (const void **) &pretval); + _pam_get_data(pamh, "smb_setcred_return", &pretval); if(pretval) { retval = *pretval; SAFE_FREE(pretval); @@ -199,7 +199,7 @@ static int _smb_add_user(pam_handle_t *pamh, unsigned int ctrl, int retval; /* Get the authtok; if we don't have one, silently fail. */ - retval = pam_get_item( pamh, PAM_AUTHTOK, (const void **) &pass ); + retval = _pam_get_item( pamh, PAM_AUTHTOK, &pass ); if (retval != PAM_SUCCESS) { _log_err( LOG_ALERT diff --git a/source3/pam_smbpass/pam_smb_passwd.c b/source3/pam_smbpass/pam_smb_passwd.c index b6de43f..dce6e01 100644 --- a/source3/pam_smbpass/pam_smb_passwd.c +++ b/source3/pam_smbpass/pam_smb_passwd.c @@ -229,11 +229,11 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, */ if (off( SMB_NOT_SET_PASS, ctrl )) { - retval = pam_get_item( pamh, PAM_OLDAUTHTOK, - (const void **)&pass_old ); + retval = _pam_get_item( pamh, PAM_OLDAUTHTOK, + &pass_old ); } else { - retval = pam_get_data( pamh, _SMB_OLD_AUTHTOK, - (const void **)&pass_old ); + retval = _pam_get_data( pamh, _SMB_OLD_AUTHTOK, + &pass_old ); if (retval == PAM_NO_MODULE_DATA) { pass_old = NULL; retval = PAM_SUCCESS; diff --git a/source3/pam_smbpass/support.c b/source3/pam_smbpass/support.c index 8f537c4..7dcdaba 100644 --- a/source3/pam_smbpass/support.c +++ b/source3/pam_smbpass/support.c @@ -83,7 +83,7 @@ int converse( pam_handle_t * pamh, int ctrl, int nargs int retval; struct pam_conv *conv; - retval = pam_get_item(pamh, PAM_CONV, (const void **) &conv); + retval = _pam_get_item(pamh, PAM_CONV, &conv); if (retval == PAM_SUCCESS) { retval = conv->conv(nargs, (const struct pam_message **) message @@ -276,7 +276,7 @@ void _cleanup_failures( pam_handle_t * pamh, void *fl, int err ) /* log the number of authentication failures */ if (failure->count != 0) { - pam_get_item( pamh, PAM_SERVICE, (const void **) &service ); + _pam_get_item( pamh, PAM_SERVICE, &service ); _log_err( LOG_NOTICE , "%d authentication %s " "from %s for service %s as %s(%d)" @@ -332,7 +332,7 @@ int _smb_verify_password( pam_handle_t * pamh, struct samu *sampass, } else { const char *service; - pam_get_item( pamh, PAM_SERVICE, (const void **)&service ); + _pam_get_item( pamh, PAM_SERVICE, &service ); _log_err( LOG_NOTICE, "failed auth request by %s for service %s as %s", uidtoname(getuid()), service ? service : "**unknown**", name); return PAM_AUTH_ERR; @@ -367,7 +367,7 @@ int _smb_verify_password( pam_handle_t * pamh, struct samu *sampass, const char *service; - pam_get_item( pamh, PAM_SERVICE, (const void **)&service ); + _pam_get_item( pamh, PAM_SERVICE, &service ); if (data_name != NULL) { struct _pam_failed_auth *newauth = NULL; @@ -380,7 +380,7 @@ int _smb_verify_password( pam_handle_t * pamh, struct samu *sampass, if (newauth != NULL) { /* any previous failures for this user ? */ - pam_get_data(pamh, data_name, (const void **) &old); + _pam_get_data(pamh, data_name, &old); if (old != NULL) { newauth->count = old->count + 1; @@ -485,7 +485,7 @@ int _smb_read_password( pam_handle_t * pamh, unsigned int ctrl, /* should we obtain the password from a PAM item ? */ if (on(SMB_TRY_FIRST_PASS, ctrl) || on(SMB_USE_FIRST_PASS, ctrl)) { - retval = pam_get_item( pamh, authtok_flag, (const void **) &item ); + retval = _pam_get_item( pamh, authtok_flag, &item ); if (retval != PAM_SUCCESS) { /* very strange. */ _log_err( LOG_ALERT @@ -578,8 +578,8 @@ int _smb_read_password( pam_handle_t * pamh, unsigned int ctrl, retval = pam_set_item( pamh, authtok_flag, (const void *)token ); _pam_delete( token ); /* clean it up */ if (retval != PAM_SUCCESS - || (retval = pam_get_item( pamh, authtok_flag - ,(const void **)&item )) != PAM_SUCCESS) + || (retval = _pam_get_item( pamh, authtok_flag + ,&item )) != PAM_SUCCESS) { _log_err( LOG_CRIT, "error manipulating password" ); return retval; @@ -592,7 +592,7 @@ int _smb_read_password( pam_handle_t * pamh, unsigned int ctrl, retval = pam_set_data( pamh, data_name, (void *) token, _cleanup ); if (retval != PAM_SUCCESS - || (retval = pam_get_data( pamh, data_name, (const void **)&item )) + || (retval = _pam_get_data( pamh, data_name, &item )) != PAM_SUCCESS) { _log_err( LOG_CRIT, "error manipulating password data [%s]" @@ -630,3 +630,23 @@ int _pam_smb_approve_pass(pam_handle_t * pamh, return PAM_SUCCESS; } + +/* + * Work around the pam API that has functions with void ** as parameters + * These lead to strict aliasing warnings with gcc. + */ +int _pam_get_item(const pam_handle_t *pamh, + int item_type, + const void *_item) +{ + const void **item = (const void **)_item; + return pam_get_item(pamh, item_type, item); +} + +int _pam_get_data(const pam_handle_t *pamh, + const char *module_data_name, + const void *_data) +{ + const void **data = (const void **)_data; + return pam_get_data(pamh, module_data_name, data); +} diff --git a/source3/pam_smbpass/support.h b/source3/pam_smbpass/support.h index 5ac48c3..87f1690 100644 --- a/source3/pam_smbpass/support.h +++ b/source3/pam_smbpass/support.h @@ -48,3 +48,10 @@ extern int _smb_read_password( pam_handle_t *, unsigned int, const char*, extern int _pam_smb_approve_pass(pam_handle_t *, unsigned int, const char *, const char *); + +int _pam_get_item(const pam_handle_t *pamh, + int item_type, + const void *_item); +int _pam_get_data(const pam_handle_t *pamh, + const char *module_data_name, + const void *_data); diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 32a4e85..a608f16 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -1174,6 +1174,12 @@ NTSTATUS _samr_EnumDomainGroups(pipes_struct *p, make_group_sam_entry_list(p->mem_ctx, &samr_entries, num_groups, groups); + if (MAX_SAM_ENTRIES <= num_groups) { + status = STATUS_MORE_ENTRIES; + } else { + status = NT_STATUS_OK; + } + samr_array->count = num_groups; samr_array->entries = samr_entries; @@ -1243,6 +1249,12 @@ NTSTATUS _samr_EnumDomainAliases(pipes_struct *p, DEBUG(5,("_samr_EnumDomainAliases: %d\n", __LINE__)); + if (MAX_SAM_ENTRIES <= num_aliases) { + status = STATUS_MORE_ENTRIES; + } else { + status = NT_STATUS_OK; + } + samr_array->count = num_aliases; samr_array->entries = samr_entries; diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c index 033b742..de21a40 100644 --- a/source3/rpcclient/cmd_samr.c +++ b/source3/rpcclient/cmd_samr.c @@ -812,12 +812,11 @@ static NTSTATUS cmd_samr_enum_dom_users(struct rpc_pipe_client *cli, /* Get domain policy handle */ - result = rpccli_samr_OpenDomain(cli, mem_ctx, - &connect_pol, - access_mask, - &domain_sid, - &domain_pol); - + result = get_domain_handle(cli, mem_ctx, "domain", + &connect_pol, + access_mask, + &domain_sid, + &domain_pol); if (!NT_STATUS_IS_OK(result)) goto done; @@ -887,12 +886,11 @@ static NTSTATUS cmd_samr_enum_dom_groups(struct rpc_pipe_client *cli, /* Get domain policy handle */ - result = rpccli_samr_OpenDomain(cli, mem_ctx, - &connect_pol, - access_mask, - &domain_sid, - &domain_pol); - + result = get_domain_handle(cli, mem_ctx, "domain", + &connect_pol, + access_mask, + &domain_sid, + &domain_pol); if (!NT_STATUS_IS_OK(result)) goto done; diff --git a/source3/script/tests/test_posix_s3.sh b/source3/script/tests/test_posix_s3.sh index a3c8e09..0bcf369 100755 --- a/source3/script/tests/test_posix_s3.sh +++ b/source3/script/tests/test_posix_s3.sh @@ -42,7 +42,7 @@ rpc="$rpc RPC-SAMBA3-SPOOLSS RPC-SAMBA3-WKSSVC" rpc="$rpc RPC-NETLOGSAMBA3 RPC-SAMBA3SESSIONKEY RPC-SAMBA3-GETUSERNAME" rpc="$rpc RPC-SVCCTL RPC-SPOOLSS RPC-SPOOLSS-WIN RPC-NTSVCS" rpc="$rpc RPC-LSA-GETUSER RPC-LSA-LOOKUPSIDS RPC-LSA-LOOKUPNAMES" -rpc="$rpc RPC-SAMR-USERS RPC-SAMR-USERS-PRIVILEGES RPC-SAMR-PASSWORDS RPC-SAMR-PASSWORDS-PWDLASTSET RPC-JOIN" +rpc="$rpc RPC-SAMR-USERS RPC-SAMR-USERS-PRIVILEGES RPC-SAMR-PASSWORDS RPC-SAMR-PASSWORDS-PWDLASTSET RPC-SAMR-LARGE-DC RPC-JOIN" rpc="$rpc RPC-SCHANNEL RPC-SCHANNEL2 RPC-BENCH-SCHANNEL1" # NOTE: to enable the UNIX-WHOAMI test, we need to change the default share diff --git a/source4/torture/rpc/rpc.c b/source4/torture/rpc/rpc.c index 48a4887..19b223b 100644 --- a/source4/torture/rpc/rpc.c +++ b/source4/torture/rpc/rpc.c @@ -409,6 +409,7 @@ NTSTATUS torture_rpc_init(void) torture_suite_add_suite(suite, torture_rpc_samr_accessmask(suite)); torture_suite_add_suite(suite, torture_rpc_samr_passwords_pwdlastset(suite)); torture_suite_add_suite(suite, torture_rpc_samr_user_privileges(suite)); + torture_suite_add_suite(suite, torture_rpc_samr_large_dc(suite)); torture_suite_add_suite(suite, torture_rpc_epmapper(suite)); torture_suite_add_suite(suite, torture_rpc_initshutdown(suite)); torture_suite_add_suite(suite, torture_rpc_oxidresolve(suite)); diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index 39d38f7..c8177d7 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -48,7 +48,10 @@ enum torture_samr_choice { TORTURE_SAMR_PASSWORDS_PWDLASTSET, TORTURE_SAMR_USER_ATTRIBUTES, TORTURE_SAMR_USER_PRIVILEGES, - TORTURE_SAMR_OTHER + TORTURE_SAMR_OTHER, + TORTURE_SAMR_MANY_ACCOUNTS, + TORTURE_SAMR_MANY_GROUPS, + TORTURE_SAMR_MANY_ALIASES }; static bool test_QueryUserInfo(struct dcerpc_pipe *p, @@ -3999,9 +4002,11 @@ static bool test_DeleteAlias(struct dcerpc_pipe *p, } static bool test_CreateAlias(struct dcerpc_pipe *p, struct torture_context *tctx, - struct policy_handle *domain_handle, + struct policy_handle *domain_handle, + const char *alias_name, struct policy_handle *alias_handle, - const struct dom_sid *domain_sid) + const struct dom_sid *domain_sid, + bool test_alias) { NTSTATUS status; struct samr_CreateDomAlias r; @@ -4009,7 +4014,7 @@ static bool test_CreateAlias(struct dcerpc_pipe *p, struct torture_context *tctx uint32_t rid; bool ret = true; - init_lsa_String(&name, TEST_ALIASNAME); + init_lsa_String(&name, alias_name); r.in.domain_handle = domain_handle; r.in.alias_name = &name; r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; @@ -4043,6 +4048,10 @@ static bool test_CreateAlias(struct dcerpc_pipe *p, struct torture_context *tctx return false; } + if (!test_alias) { + return ret; + } + if (!test_alias_ops(p, tctx, alias_handle, domain_sid)) { ret = false; } @@ -4217,10 +4226,12 @@ static bool test_ChangePassword(struct dcerpc_pipe *p, static bool test_CreateUser(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *domain_handle, + const char *user_name, struct policy_handle *user_handle_out, struct dom_sid *domain_sid, enum torture_samr_choice which_ops, - struct cli_credentials *machine_credentials) + struct cli_credentials *machine_credentials, + bool test_user) { TALLOC_CTX *user_ctx; @@ -4239,7 +4250,7 @@ static bool test_CreateUser(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle user_handle; user_ctx = talloc_named(tctx, 0, "test_CreateUser2 per-user context"); - init_lsa_String(&name, TEST_ACCOUNT_NAME); + init_lsa_String(&name, user_name); r.in.domain_handle = domain_handle; r.in.account_name = &name; @@ -4269,11 +4280,21 @@ static bool test_CreateUser(struct dcerpc_pipe *p, struct torture_context *tctx, } status = dcerpc_samr_CreateUser(p, user_ctx, &r); } + if (!NT_STATUS_IS_OK(status)) { talloc_free(user_ctx); printf("CreateUser failed - %s\n", nt_errstr(status)); return false; - } else { + } + + if (!test_user) { + if (user_handle_out) { + *user_handle_out = user_handle; + } + return ret; + } + + { q.in.user_handle = &user_handle; q.in.level = 16; q.out.info = &info; @@ -4869,8 +4890,9 @@ static bool check_mask(struct dcerpc_pipe *p, struct torture_context *tctx, return ret; } -static bool test_EnumDomainUsers(struct dcerpc_pipe *p, struct torture_context *tctx, - struct policy_handle *handle) +static bool test_EnumDomainUsers_all(struct dcerpc_pipe *p, + struct torture_context *tctx, + struct policy_handle *handle) { NTSTATUS status = STATUS_MORE_ENTRIES; struct samr_EnumDomainUsers r; @@ -4998,9 +5020,9 @@ static bool test_EnumDomainUsers_async(struct dcerpc_pipe *p, struct torture_con return true; } -static bool test_EnumDomainGroups(struct dcerpc_pipe *p, - struct torture_context *tctx, - struct policy_handle *handle) +static bool test_EnumDomainGroups_all(struct dcerpc_pipe *p, + struct torture_context *tctx, + struct policy_handle *handle) { NTSTATUS status; struct samr_EnumDomainGroups r; @@ -5038,9 +5060,9 @@ static bool test_EnumDomainGroups(struct dcerpc_pipe *p, return ret; } -static bool test_EnumDomainAliases(struct dcerpc_pipe *p, - struct torture_context *tctx, - struct policy_handle *handle) +static bool test_EnumDomainAliases_all(struct dcerpc_pipe *p, + struct torture_context *tctx, + struct policy_handle *handle) { NTSTATUS status; struct samr_EnumDomainAliases r; @@ -5931,10 +5953,12 @@ static bool test_AddGroupMember(struct dcerpc_pipe *p, struct torture_context *t static bool test_CreateDomainGroup(struct dcerpc_pipe *p, - struct torture_context *tctx, + struct torture_context *tctx, struct policy_handle *domain_handle, + const char *group_name, struct policy_handle *group_handle, - struct dom_sid *domain_sid) + struct dom_sid *domain_sid, + bool test_group) { NTSTATUS status; struct samr_CreateDomainGroup r; @@ -5942,7 +5966,7 @@ static bool test_CreateDomainGroup(struct dcerpc_pipe *p, struct lsa_String name; bool ret = true; - init_lsa_String(&name, TEST_GROUPNAME); + init_lsa_String(&name, group_name); r.in.domain_handle = domain_handle; r.in.name = &name; @@ -5984,6 +6008,10 @@ static bool test_CreateDomainGroup(struct dcerpc_pipe *p, } torture_assert_ntstatus_ok(tctx, status, "CreateDomainGroup"); + if (!test_group) { + return ret; + } + if (!test_AddGroupMember(p, tctx, domain_handle, group_handle)) { printf("CreateDomainGroup failed - %s\n", nt_errstr(status)); ret = false; @@ -6016,7 +6044,235 @@ static bool test_RemoveMemberFromForeignDomain(struct dcerpc_pipe *p, return true; } +static bool test_EnumDomainUsers(struct dcerpc_pipe *p, + struct torture_context *tctx, + struct policy_handle *domain_handle, + uint32_t *total_num_entries_p) +{ + NTSTATUS status; + struct samr_EnumDomainUsers r; + uint32_t resume_handle = 0; + uint32_t num_entries = 0; + uint32_t total_num_entries = 0; + struct samr_SamArray *sam; + + r.in.domain_handle = domain_handle; + r.in.acct_flags = ACB_NORMAL; + r.in.max_size = (uint32_t)-1; + r.in.resume_handle = &resume_handle; + + r.out.sam = &sam; + r.out.num_entries = &num_entries; + r.out.resume_handle = &resume_handle; + + printf("Testing EnumDomainUsers\n"); + + do { + status = dcerpc_samr_EnumDomainUsers(p, tctx, &r); + if (NT_STATUS_IS_ERR(status)) { + torture_assert_ntstatus_ok(tctx, status, + "failed to enumerate users"); + } + + total_num_entries += num_entries; + } while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)); + + if (total_num_entries_p) { + *total_num_entries_p = total_num_entries; + } + + return true; +} + +static bool test_EnumDomainGroups(struct dcerpc_pipe *p, + struct torture_context *tctx, + struct policy_handle *domain_handle, + uint32_t *total_num_entries_p) +{ + NTSTATUS status; + struct samr_EnumDomainGroups r; + uint32_t resume_handle = 0; + uint32_t num_entries = 0; + uint32_t total_num_entries = 0; + struct samr_SamArray *sam; + + r.in.domain_handle = domain_handle; + r.in.max_size = (uint32_t)-1; + r.in.resume_handle = &resume_handle; + + r.out.sam = &sam; + r.out.num_entries = &num_entries; + r.out.resume_handle = &resume_handle; + + printf("Testing EnumDomainGroups\n"); + + do { + status = dcerpc_samr_EnumDomainGroups(p, tctx, &r); + if (NT_STATUS_IS_ERR(status)) { + torture_assert_ntstatus_ok(tctx, status, + "failed to enumerate groups"); + } + + total_num_entries += num_entries; + } while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)); + + if (total_num_entries_p) { -- Samba Shared Repository