svn commit: samba r16860 - in branches/SAMBA_4_0/source: dsdb/samdb/ldb_modules script/tests torture/rpc

abartlet at samba.org abartlet at samba.org
Fri Jul 7 07:38:36 GMT 2006


Author: abartlet
Date: 2006-07-07 07:38:36 +0000 (Fri, 07 Jul 2006)
New Revision: 16860

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16860

Log:
Fix (and reactivate) the RPC-SAMR test.  We need to allow these sids
to be created as foreign, even if they are in a local domain.

Also we do need the user to exist for the life of the test, as we add
it to a group.

Andrew Bartlett

Modified:
   branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/samldb.c
   branches/SAMBA_4_0/source/script/tests/test_rpc.sh
   branches/SAMBA_4_0/source/torture/rpc/samr.c


Changeset:
Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/samldb.c
===================================================================
--- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/samldb.c	2006-07-07 06:30:00 UTC (rev 16859)
+++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/samldb.c	2006-07-07 07:38:36 UTC (rev 16860)
@@ -642,12 +642,10 @@
 			   "(&(objectSid=%s)(objectclass=domain))",
 			   ldap_encode_ndr_dom_sid(mem_ctx, dom_sid));
 	if (ret >= 1) {
+		/* We don't really like the idea of foreign sids that are not foreign, but it happens */
 		const char *name = samdb_result_string(dom_msgs[0], "name", NULL);
-		ldb_set_errstring(module->ldb, talloc_asprintf(mem_ctx, 
-							       "Attempt to add foreign SID record with SID %s rejected, because this domian (%s) is already in the database", 
-							       dom_sid_string(mem_ctx, sid), name)); 
-		/* We don't really like the idea of foreign sids that are not foreign */
-		return LDB_ERR_CONSTRAINT_VIOLATION;
+		ldb_debug(module->ldb, LDB_DEBUG_TRACE, "NOTE (strange but valid): Adding foreign SID record with SID %s, but this domian (%s) is already in the database", 
+			  dom_sid_string(mem_ctx, sid), name); 
 	} else if (ret == -1) {
 		ldb_set_errstring(module->ldb, talloc_asprintf(mem_ctx, 
 							       "samldb_fill_foreignSecurityPrincipal_object: error searching for a domain with this sid: %s\n", 

Modified: branches/SAMBA_4_0/source/script/tests/test_rpc.sh
===================================================================
--- branches/SAMBA_4_0/source/script/tests/test_rpc.sh	2006-07-07 06:30:00 UTC (rev 16859)
+++ branches/SAMBA_4_0/source/script/tests/test_rpc.sh	2006-07-07 07:38:36 UTC (rev 16860)
@@ -5,9 +5,9 @@
 ncacn_np_tests="RPC-SPOOLSS RPC-SRVSVC RPC-SCHANNEL RPC-JOIN RPC-LSA RPC-ECHO RPC-DSSETUP RPC-ALTERCONTEXT RPC-MULTIBIND NET-API-RPCCONN-BIND NET-API-LISTSHARES NET-API-CREATEUSER NET-API-DELETEUSER"
 ncalrpc_tests="RPC-SCHANNEL RPC-JOIN RPC-LSA RPC-ECHO RPC-DSSETUP RPC-ALTERCONTEXT RPC-MULTIBIND NET-API-LISTSHARES NET-API-CREATEUSER NET-API-DELETEUSER"
 ncacn_ip_tcp_tests="RPC-SCHANNEL RPC-JOIN RPC-LSA RPC-ECHO RPC-DSSETUP RPC-ALTERCONTEXT RPC-MULTIBIND NET-API-LISTSHARES NET-API-CREATEUSER NET-API-DELETEUSER"
-slow_ncacn_np_tests="RPC-SAMLOGON RPC-SAMR-USERS RPC-SAMR-PASSWORDS"
-slow_ncalrpc_tests="RPC-SAMLOGON RPC-SAMR-USERS RPC-SAMR-PASSWORDS"
-slow_ncacn_ip_tcp_tests="RPC-SAMLOGON RPC-SAMR-USERS RPC-SAMR-PASSWORDS"
+slow_ncacn_np_tests="RPC-SAMLOGON RPC-SAMR RPC-SAMR-USERS RPC-SAMR-PASSWORDS"
+slow_ncalrpc_tests="RPC-SAMLOGON RPC-SAMR RPC-SAMR-USERS RPC-SAMR-PASSWORDS"
+slow_ncacn_ip_tcp_tests="RPC-SAMLOGON RPC-SAMR RPC-SAMR-USERS RPC-SAMR-PASSWORDS"
 
 if [ $# -lt 4 ]; then
 cat <<EOF

Modified: branches/SAMBA_4_0/source/torture/rpc/samr.c
===================================================================
--- branches/SAMBA_4_0/source/torture/rpc/samr.c	2006-07-07 06:30:00 UTC (rev 16859)
+++ branches/SAMBA_4_0/source/torture/rpc/samr.c	2006-07-07 07:38:36 UTC (rev 16860)
@@ -875,7 +875,7 @@
 	r.out.user_handle = user_handle;
 	status = dcerpc_samr_OpenUser(p, mem_ctx, &r);
 	if (!NT_STATUS_IS_OK(status)) {
-		printf("OpenUser_byname(%s) failed - %s\n", name, nt_errstr(status));
+		printf("OpenUser_byname(%s -> %d) failed - %s\n", name, rid, nt_errstr(status));
 	}
 
 	return status;
@@ -1540,7 +1540,7 @@
 		}	
 		break;
 	case TORTURE_SAMR_OTHER:
-		/* Can't happen */
+		/* We just need the account to exist */
 		break;
 	}
 	talloc_free(user_ctx);
@@ -1582,6 +1582,26 @@
 }
 
 
+static BOOL test_DeleteUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+				     struct policy_handle *user_handle)
+{
+    	struct samr_DeleteUser d;
+	NTSTATUS status;
+	BOOL ret = True;
+	printf("Testing DeleteUser\n");
+
+	d.in.user_handle = user_handle;
+	d.out.user_handle = user_handle;
+
+	status = dcerpc_samr_DeleteUser(p, mem_ctx, &d);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("DeleteUser failed - %s\n", nt_errstr(status));
+		ret = False;
+	}
+
+	return ret;
+}
+
 BOOL test_DeleteUser_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, 
 			    struct policy_handle *handle, const char *name)
 {
@@ -1795,6 +1815,7 @@
 
 static BOOL test_CreateUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, 
 			    struct policy_handle *domain_handle, 
+			    struct policy_handle *user_handle_out, 
 			    enum torture_samr_choice which_ops)
 {
 
@@ -1865,15 +1886,19 @@
 			ret = False;
 		}
 		
-		printf("Testing DeleteUser (createuser2 test)\n");
-		
-		d.in.user_handle = &user_handle;
-		d.out.user_handle = &user_handle;
-		
-		status = dcerpc_samr_DeleteUser(p, user_ctx, &d);
-		if (!NT_STATUS_IS_OK(status)) {
-			printf("DeleteUser failed - %s\n", nt_errstr(status));
+		if (user_handle_out) {
+			*user_handle_out = user_handle;
+		} else {
+			printf("Testing DeleteUser (createuser test)\n");
+			
+			d.in.user_handle = &user_handle;
+			d.out.user_handle = &user_handle;
+			
+			status = dcerpc_samr_DeleteUser(p, user_ctx, &d);
+			if (!NT_STATUS_IS_OK(status)) {
+				printf("DeleteUser failed - %s\n", nt_errstr(status));
 				ret = False;
+			}
 		}
 		
 	}
@@ -2805,7 +2830,7 @@
 		}
 	}
 
-	return True;	
+	return ret;	
 }
 
 
@@ -3050,6 +3075,7 @@
 
 	status = test_LookupName(p, mem_ctx, domain_handle, TEST_ACCOUNT_NAME, &rid);
 	if (!NT_STATUS_IS_OK(status)) {
+		printf("test_AddGroupMember looking up name " TEST_ACCOUNT_NAME " failed - %s\n", nt_errstr(status));
 		return False;
 	}
 
@@ -3150,19 +3176,31 @@
 		return True;
 	}
 
-	if (NT_STATUS_EQUAL(status, NT_STATUS_GROUP_EXISTS) ||
-	    NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
+	if (NT_STATUS_EQUAL(status, NT_STATUS_GROUP_EXISTS)) {
 		if (!test_DeleteGroup_byname(p, mem_ctx, domain_handle, r.in.name->string)) {
+			
+			printf("CreateDomainGroup failed: Could not delete domain group %s - %s\n", r.in.name->string, 
+			       nt_errstr(status));
 			return False;
 		}
 		status = dcerpc_samr_CreateDomainGroup(p, mem_ctx, &r);
 	}
+	if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
+		if (!test_DeleteUser_byname(p, mem_ctx, domain_handle, r.in.name->string)) {
+			
+			printf("CreateDomainGroup failed: Could not delete user %s - %s\n", r.in.name->string, 
+			       nt_errstr(status));
+			return False;
+		}
+		status = dcerpc_samr_CreateDomainGroup(p, mem_ctx, &r);
+	}
 	if (!NT_STATUS_IS_OK(status)) {
 		printf("CreateDomainGroup failed - %s\n", nt_errstr(status));
 		return False;
 	}
 
 	if (!test_AddGroupMember(p, mem_ctx, domain_handle, group_handle)) {
+		printf("CreateDomainGroup failed - %s\n", nt_errstr(status));
 		ret = False;
 	}
 
@@ -3209,10 +3247,12 @@
 	struct samr_OpenDomain r;
 	struct policy_handle domain_handle;
 	struct policy_handle alias_handle;
+	struct policy_handle user_handle;
 	struct policy_handle group_handle;
 	BOOL ret = True;
 
 	ZERO_STRUCT(alias_handle);
+	ZERO_STRUCT(user_handle);
 	ZERO_STRUCT(group_handle);
 	ZERO_STRUCT(domain_handle);
 
@@ -3236,10 +3276,11 @@
 	switch (which_ops) {
 	case TORTURE_SAMR_USER_ATTRIBUTES:
 	case TORTURE_SAMR_PASSWORDS:
-		ret &= test_CreateUser(p, mem_ctx, &domain_handle, which_ops);
+		ret &= test_CreateUser(p, mem_ctx, &domain_handle, NULL, which_ops);
 		ret &= test_CreateUser2(p, mem_ctx, &domain_handle, which_ops);
 		break;
 	case TORTURE_SAMR_OTHER:
+		ret &= test_CreateUser(p, mem_ctx, &domain_handle, &user_handle, which_ops);
 		ret &= test_QuerySecurity(p, mem_ctx, &domain_handle);
 		ret &= test_RemoveMemberFromForeignDomain(p, mem_ctx, &domain_handle);
 		ret &= test_CreateAlias(p, mem_ctx, &domain_handle, &alias_handle, sid);
@@ -3268,6 +3309,11 @@
 		break;
 	}
 
+	if (!policy_handle_empty(&user_handle) &&
+	    !test_DeleteUser(p, mem_ctx, &user_handle)) {
+		ret = False;
+	}
+
 	if (!policy_handle_empty(&alias_handle) &&
 	    !test_DeleteAlias(p, mem_ctx, &alias_handle)) {
 		ret = False;



More information about the samba-cvs mailing list