svn commit: samba r24074 - in branches/SAMBA_4_0/source: auth
torture/rpc
abartlet at samba.org
abartlet at samba.org
Mon Jul 30 08:58:40 GMT 2007
Author: abartlet
Date: 2007-07-30 08:58:39 +0000 (Mon, 30 Jul 2007)
New Revision: 24074
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=24074
Log:
Test both permitted logon hours and permitted workstations in the
RPC-SAMLOGON test.
This showed that, as noted by bug #4823, we didn't test for invalid
workstations. In fact, the code had been ported across, but because
untested code is broken code, it never worked...
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/auth/sam.c
branches/SAMBA_4_0/source/torture/rpc/samlogon.c
branches/SAMBA_4_0/source/torture/rpc/testjoin.c
Changeset:
Modified: branches/SAMBA_4_0/source/auth/sam.c
===================================================================
--- branches/SAMBA_4_0/source/auth/sam.c 2007-07-30 08:24:10 UTC (rev 24073)
+++ branches/SAMBA_4_0/source/auth/sam.c 2007-07-30 08:58:39 UTC (rev 24074)
@@ -46,7 +46,6 @@
"pwdLastSet",
"accountExpires",
"logonHours",
-
"objectSid",
/* check 'allowed workstations' */
@@ -213,7 +212,7 @@
DEBUG(10,("sam_account_ok: checking for workstation match '%s' and '%s'\n",
workstations[i], logon_workstation));
- if (strequal(workstations[i], logon_workstation) == 0) {
+ if (strequal(workstations[i], logon_workstation)) {
invalid_ws = False;
break;
}
Modified: branches/SAMBA_4_0/source/torture/rpc/samlogon.c
===================================================================
--- branches/SAMBA_4_0/source/torture/rpc/samlogon.c 2007-07-30 08:24:10 UTC (rev 24073)
+++ branches/SAMBA_4_0/source/torture/rpc/samlogon.c 2007-07-30 08:58:39 UTC (rev 24074)
@@ -24,6 +24,7 @@
#include "includes.h"
#include "librpc/gen_ndr/ndr_netlogon.h"
#include "librpc/gen_ndr/ndr_netlogon_c.h"
+#include "librpc/gen_ndr/ndr_samr_c.h"
#include "auth/auth.h"
#include "lib/crypto/crypto.h"
#include "lib/cmdline/popt_common.h"
@@ -33,6 +34,8 @@
#define TEST_MACHINE_NAME "samlogontest"
#define TEST_USER_NAME "samlogontestuser"
+#define TEST_USER_NAME_WRONG_WKS "samlogontest2"
+#define TEST_USER_NAME_WRONG_TIME "samlogontest3"
enum ntlm_break {
BREAK_BOTH,
@@ -1476,13 +1479,15 @@
struct cli_credentials *machine_credentials;
TALLOC_CTX *mem_ctx = talloc_init("torture_rpc_netlogon");
BOOL ret = True;
- struct test_join *join_ctx;
- struct test_join *user_ctx;
- char *user_password;
+ struct test_join *join_ctx = NULL;
+ struct test_join *user_ctx = NULL, *user_ctx_wrong_wks = NULL, *user_ctx_wrong_time = NULL;
+ char *user_password, *user_password_wrong_wks, *user_password_wrong_time;
const char *old_user_password;
char *test_machine_account;
const char *binding = torture_setting_string(torture, "binding", NULL);
const char *userdomain;
+ struct samr_SetUserInfo s;
+ union samr_UserInfo u;
int i;
int ci;
@@ -1514,7 +1519,7 @@
ACB_NORMAL,
(const char **)&user_password);
if (!user_ctx) {
- d_printf("Failed to join as Workstation\n");
+ d_printf("Failed to create a test user\n");
return False;
}
@@ -1524,6 +1529,57 @@
TEST_USER_NAME, 16 /* > 14 */, &user_password,
NULL, 0, False);
+ user_ctx_wrong_wks = torture_create_testuser(TEST_USER_NAME_WRONG_WKS,
+ userdomain,
+ ACB_NORMAL,
+ (const char **)&user_password_wrong_wks);
+ if (!user_ctx_wrong_wks) {
+ d_printf("Failed to create a test user (wrong workstation test)\n");
+ return False;
+ }
+
+ ZERO_STRUCT(u);
+ s.in.user_handle = torture_join_samr_user_policy(user_ctx_wrong_wks);
+ s.in.info = &u;
+ s.in.level = 21;
+
+ u.info21.fields_present = SAMR_FIELD_WORKSTATIONS;
+ u.info21.workstations.string = "not" TEST_MACHINE_NAME;
+
+ status = dcerpc_samr_SetUserInfo(torture_join_samr_pipe(user_ctx_wrong_wks), mem_ctx, &s);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("SetUserInfo (list of workstations) failed - %s\n", nt_errstr(status));
+ ret = False;
+ goto failed;
+ }
+
+ user_ctx_wrong_time
+ = torture_create_testuser(TEST_USER_NAME_WRONG_TIME,
+ userdomain,
+ ACB_NORMAL,
+ (const char **)&user_password_wrong_time);
+ if (!user_ctx_wrong_time) {
+ d_printf("Failed to create a test user (wrong workstation test)\n");
+ return False;
+ }
+
+ ZERO_STRUCT(u);
+ s.in.user_handle = torture_join_samr_user_policy(user_ctx_wrong_time);
+ s.in.info = &u;
+ s.in.level = 21;
+
+ u.info21.fields_present = SAMR_FIELD_WORKSTATIONS | SAMR_FIELD_LOGON_HOURS;
+ u.info21.workstations.string = TEST_MACHINE_NAME;
+ u.info21.logon_hours.units_per_week = 168;
+ u.info21.logon_hours.bits = talloc_zero_size(mem_ctx, 168);
+
+ status = dcerpc_samr_SetUserInfo(torture_join_samr_pipe(user_ctx_wrong_time), mem_ctx, &s);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("SetUserInfo (logon times and list of workstations) failed - %s\n", nt_errstr(status));
+ ret = False;
+ goto failed;
+ }
+
status = dcerpc_parse_binding(mem_ctx, binding, &b);
if (!NT_STATUS_IS_OK(status)) {
d_printf("Bad binding string %s\n", binding);
@@ -1706,6 +1762,15 @@
.expected_interactive_error = NT_STATUS_WRONG_PASSWORD,
.expected_network_error = NT_STATUS_OK,
.old_password = True
+ },
+ {
+ .comment = "test user (wong workstation): domain\\user",
+ .domain = userdomain,
+ .username = TEST_USER_NAME_WRONG_WKS,
+ .password = user_password_wrong_wks,
+ .network_login = True,
+ .expected_interactive_error = NT_STATUS_INVALID_WORKSTATION,
+ .expected_network_error = NT_STATUS_INVALID_WORKSTATION
}
};
@@ -1777,5 +1842,7 @@
torture_leave_domain(join_ctx);
torture_leave_domain(user_ctx);
+ torture_leave_domain(user_ctx_wrong_wks);
+ torture_leave_domain(user_ctx_wrong_time);
return ret;
}
Modified: branches/SAMBA_4_0/source/torture/rpc/testjoin.c
===================================================================
--- branches/SAMBA_4_0/source/torture/rpc/testjoin.c 2007-07-30 08:24:10 UTC (rev 24073)
+++ branches/SAMBA_4_0/source/torture/rpc/testjoin.c 2007-07-30 08:58:39 UTC (rev 24074)
@@ -232,6 +232,7 @@
printf("Setting account password '%s'\n", random_pw);
+ ZERO_STRUCT(u);
s.in.user_handle = &join->user_handle;
s.in.info = &u;
s.in.level = 24;
More information about the samba-cvs
mailing list