svn commit: samba r4694 - in branches/SAMBA_4_0/source: rpc_server/lsa torture/rpc

abartlet at samba.org abartlet at samba.org
Tue Jan 11 22:16:15 GMT 2005


Author: abartlet
Date: 2005-01-11 22:16:14 +0000 (Tue, 11 Jan 2005)
New Revision: 4694

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=4694

Log:
'fix' the behaviour for setting only the old, but not the new secret.

(The behaviour is a little odd, but we wanted bug-for-bug, right? :-)

Andrew Bartlett

Modified:
   branches/SAMBA_4_0/source/rpc_server/lsa/dcesrv_lsa.c
   branches/SAMBA_4_0/source/torture/rpc/lsa.c


Changeset:
Modified: branches/SAMBA_4_0/source/rpc_server/lsa/dcesrv_lsa.c
===================================================================
--- branches/SAMBA_4_0/source/rpc_server/lsa/dcesrv_lsa.c	2005-01-11 20:52:04 UTC (rev 4693)
+++ branches/SAMBA_4_0/source/rpc_server/lsa/dcesrv_lsa.c	2005-01-11 22:16:14 UTC (rev 4694)
@@ -76,6 +76,7 @@
 	uint32_t access_mask;
 	const char *secret_dn;
 	struct ldb_wrap *sam_ctx;
+	BOOL global;
 };
 
 /* 
@@ -1277,6 +1278,7 @@
 		const char *name2;
 		name = &r->in.name.string[2];
 		secret_state->sam_ctx = talloc_reference(secret_state, policy_state->sam_ctx);
+		secret_state->global = True;
 
 		if (strlen(name) < 1) {
 			return NT_STATUS_INVALID_PARAMETER;
@@ -1305,6 +1307,8 @@
 		samdb_msg_add_string(secret_state->sam_ctx, mem_ctx, msg, "cn", name2);
 	
 	} else {
+		secret_state->global = False;
+
 		name = r->in.name.string;
 		if (strlen(name) < 1) {
 			return NT_STATUS_INVALID_PARAMETER;
@@ -1391,6 +1395,7 @@
 	if (strncmp("G$", r->in.name.string, 2) == 0) {
 		name = &r->in.name.string[2];
 		secret_state->sam_ctx = talloc_reference(secret_state, policy_state->sam_ctx);
+		secret_state->global = True;
 
 		if (strlen(name) < 1) {
 			return NT_STATUS_INVALID_PARAMETER;
@@ -1411,12 +1416,14 @@
 		}
 	
 	} else {
+		secret_state->sam_ctx = talloc_reference(secret_state, secrets_db_connect(mem_ctx));
+
+		secret_state->global = False;
 		name = r->in.name.string;
 		if (strlen(name) < 1) {
 			return NT_STATUS_INVALID_PARAMETER;
 		}
 
-		secret_state->sam_ctx = talloc_reference(secret_state, secrets_db_connect(mem_ctx));
 		/* search for the secret record */
 		ret = samdb_search(secret_state->sam_ctx,
 				   mem_ctx, "cn=LSA Secrets", &msgs, attrs,
@@ -1511,6 +1518,26 @@
 					 mem_ctx, msg, "priorSetTime", nt_now) != 0) { 
 			return NT_STATUS_NO_MEMORY; 
 		}
+
+		if (!r->in.new_val) {
+			/* This behaviour varies depending of if this is a local, or a global secret... */
+			if (secret_state->global) {
+				/* set old value mtime */
+				if (samdb_msg_add_uint64(secret_state->sam_ctx, 
+							 mem_ctx, msg, "lastSetTime", nt_now) != 0) { 
+					return NT_STATUS_NO_MEMORY; 
+				}
+			} else {
+				if (samdb_msg_add_delete(secret_state->sam_ctx, 
+							 mem_ctx, msg, "secret")) {
+					return NT_STATUS_NO_MEMORY;
+				}
+				if (samdb_msg_add_delete(secret_state->sam_ctx, 
+							 mem_ctx, msg, "lastSetTime")) {
+					return NT_STATUS_NO_MEMORY;
+				}
+			}
+		}
 	}
 
 	if (r->in.new_val) {
@@ -1642,6 +1669,10 @@
 	
 	if (r->in.old_val) {
 		const struct ldb_val *prior_val;
+		r->out.old_val = talloc_zero(mem_ctx, struct lsa_DATA_BUF_PTR);
+		if (!r->out.old_val) {
+			return NT_STATUS_NO_MEMORY;
+		}
 		/* Decrypt */
 		prior_val = ldb_msg_find_ldb_val(res[0], "priorSecret");
 		
@@ -1653,8 +1684,10 @@
 			if (!crypt_secret.length) {
 				return NT_STATUS_NO_MEMORY;
 			}
-			r->out.old_val = talloc(mem_ctx, struct lsa_DATA_BUF_PTR);
 			r->out.old_val->buf = talloc(mem_ctx, struct lsa_DATA_BUF);
+			if (!r->out.old_val->buf) {
+				return NT_STATUS_NO_MEMORY;
+			}
 			r->out.old_val->buf->size = crypt_secret.length;
 			r->out.old_val->buf->length = crypt_secret.length;
 			r->out.old_val->buf->data = crypt_secret.data;
@@ -1671,6 +1704,11 @@
 	
 	if (r->in.new_val) {
 		const struct ldb_val *new_val;
+		r->out.new_val = talloc_zero(mem_ctx, struct lsa_DATA_BUF_PTR);
+		if (!r->out.new_val) {
+			return NT_STATUS_NO_MEMORY;
+		}
+
 		/* Decrypt */
 		new_val = ldb_msg_find_ldb_val(res[0], "secret");
 		
@@ -1682,8 +1720,10 @@
 			if (!crypt_secret.length) {
 				return NT_STATUS_NO_MEMORY;
 			}
-			r->out.new_val = talloc(mem_ctx, struct lsa_DATA_BUF_PTR);
 			r->out.new_val->buf = talloc(mem_ctx, struct lsa_DATA_BUF);
+			if (!r->out.new_val->buf) {
+				return NT_STATUS_NO_MEMORY;
+			}
 			r->out.new_val->buf->length = crypt_secret.length;
 			r->out.new_val->buf->size = crypt_secret.length;
 			r->out.new_val->buf->data = crypt_secret.data;

Modified: branches/SAMBA_4_0/source/torture/rpc/lsa.c
===================================================================
--- branches/SAMBA_4_0/source/torture/rpc/lsa.c	2005-01-11 20:52:04 UTC (rev 4693)
+++ branches/SAMBA_4_0/source/torture/rpc/lsa.c	2005-01-11 22:16:14 UTC (rev 4694)
@@ -935,10 +935,12 @@
 			printf("QuerySecret failed - %s\n", nt_errstr(status));
 			ret = False;
 		} else {
-
-			if (r8.out.new_val->buf == NULL) {
+			if (!r8.out.new_val || !r8.out.old_val) {
+				printf("in/out pointers not returned, despite being set on in for QuerySecret\n");
+				ret = False;
+			} else if (r8.out.new_val->buf == NULL) {
 				if (i != LOCAL) { 
-					printf("NEW secret buffer not returned after OLD set\n");
+					printf("NEW secret buffer not returned after GLOBAL OLD set\n");
 					ret = False;
 				}
 			} else if (r8.out.old_val->buf == NULL) {
@@ -948,6 +950,10 @@
 				printf("Both times not returned after OLD set\n");
 				ret = False;
 			} else {
+				if (i == LOCAL) { 
+					printf("NEW secret buffer should not be returned after LOCAL OLD set\n");
+					ret = False;
+				}
 				blob1.data = r8.out.new_val->buf->data;
 				blob1.length = r8.out.new_val->buf->length;
 				



More information about the samba-cvs mailing list