[SCM] Samba Shared Repository - branch v3-5-test updated

Tue Nov 3 14:40:57 MST 2009

The branch, v3-5-test has been updated
       via  8e0c9e4... s3-lsa: fill in some more info levels in _lsa_QueryInfoPolicy().
       via  3b53045... s4-smbtorture: skip three info levels while testing s3 with RPC-LSA.
       via  505934c... s4-smbtorture: skip QueryInfoPolicy2 while running RPC-LSA against s3.
       via  fc8c1b2... s4-smbtorture: skip QueryDomainInformationPolicy test against s3 in RPC-LSA.
       via  18a00b7... s4-smbtorture: simplify some torture_comments in RPC-LSA.
       via  b8465e0... s3-passdb: cleanup some callers of pdb_get_trusteddom_pw().
       via  e182940... libndr: add int3264 ndr prototype.
      from  bdd1622... tsocket: rewrite tsocket_guide.txt to reflect the current APIs

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test


- Log -----------------------------------------------------------------
commit 8e0c9e40278265a1da959542178276bc042df006
Author: GÃ¼nther Deschner <gd at samba.org>
Date:   Tue Nov 3 11:45:15 2009 +0100

    s3-lsa: fill in some more info levels in _lsa_QueryInfoPolicy().
    
    Add dummys (just like s4 does) and fill in some more appropriate error codes.
    
    Guenther
    (cherry picked from commit 97496bb3cafd8914a3a7c7b7d3a668ba3e533769)

commit 3b53045146803bbb046f52ba28a39d6ca4bf4870
Author: GÃ¼nther Deschner <gd at samba.org>
Date:   Tue Nov 3 11:46:07 2009 +0100

    s4-smbtorture: skip three info levels while testing s3 with RPC-LSA.
    
    These are only supported by s3 when running pdb_ads atm.
    
    Guenther
    (cherry picked from commit a8de4f091ef10223e862b3cb6f0b9e5cef5cde2a)

commit 505934c56e0df600aff8d406b7c636f830360257
Author: GÃ¼nther Deschner <gd at samba.org>
Date:   Mon Nov 2 20:11:14 2009 +0100

    s4-smbtorture: skip QueryInfoPolicy2 while running RPC-LSA against s3.
    
    This is only supported by s3 when running pdb_ads atm.
    
    Guenther
    (cherry picked from commit 58d401bb212b43d05213514f8bb2efa850d4e5c9)

commit fc8c1b23109b90daf2b185522728d08c921a91af
Author: GÃ¼nther Deschner <gd at samba.org>
Date:   Mon Nov 2 16:51:00 2009 +0100

    s4-smbtorture: skip QueryDomainInformationPolicy test against s3 in RPC-LSA.
    
    Guenther
    (cherry picked from commit bff9819521255b3dcd0f04aa585c1ad0385896fd)

commit 18a00b7c0c0fa6d3e2d8bcba2d3f0969697781f3
Author: GÃ¼nther Deschner <gd at samba.org>
Date:   Mon Nov 2 19:59:47 2009 +0100

    s4-smbtorture: simplify some torture_comments in RPC-LSA.
    
    Guenther
    (cherry picked from commit 074ad24653e85c60b9af863ac526832229754a96)

commit b8465e0dae7033e04e14d0808c5afc0d06b3a445
Author: GÃ¼nther Deschner <gd at samba.org>
Date:   Fri Oct 30 02:15:45 2009 +0100

    s3-passdb: cleanup some callers of pdb_get_trusteddom_pw().
    
    Guenther
    (cherry picked from commit 463b1eb2b55ae85cfc9539c936375a989cde1076)

commit e182940be3df57d412857cf6dad41170acbbbe88
Author: GÃ¼nther Deschner <gd at samba.org>
Date:   Mon Oct 5 15:10:35 2009 +0200

    libndr: add int3264 ndr prototype.
    
    Guenther
    (cherry picked from commit 76feeb1b97b1d8f24650c5198e9c61c4f5b1357a)

-----------------------------------------------------------------------

Summary of changes:
 librpc/ndr/libndr.h             |    1 +
 source3/auth/auth_domain.c      |    4 +--
 source3/rpc_server/srv_lsa_nt.c |   32 ++++++++++++++++++++++++
 source3/winbindd/winbindd_ads.c |    4 +--
 source4/torture/rpc/lsa.c       |   51 +++++++++++++++++++++-----------------
 5 files changed, 63 insertions(+), 29 deletions(-)


Changeset truncated at 500 lines:

diff --git a/librpc/ndr/libndr.h b/librpc/ndr/libndr.h
index 3236932..f4c649c 100644
--- a/librpc/ndr/libndr.h
+++ b/librpc/ndr/libndr.h
@@ -470,6 +470,7 @@ NDR_SCALAR_PROTO(int16, int16_t)
 NDR_SCALAR_PROTO(uint32, uint32_t)
 NDR_SCALAR_PROTO(uint3264, uint32_t)
 NDR_SCALAR_PROTO(int32, int32_t)
+NDR_SCALAR_PROTO(int3264, int32_t)
 NDR_SCALAR_PROTO(udlong, uint64_t)
 NDR_SCALAR_PROTO(udlongr, uint64_t)
 NDR_SCALAR_PROTO(dlong, int64_t)
diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c
index 084d84c..c527360 100644
--- a/source3/auth/auth_domain.c
+++ b/source3/auth/auth_domain.c
@@ -447,8 +447,6 @@ static NTSTATUS check_trustdomain_security(const struct auth_context *auth_conte
 	NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE;
 	unsigned char trust_md4_password[16];
 	char *trust_password;
-	time_t last_change_time;
-	DOM_SID sid;
 	fstring dc_name;
 	struct sockaddr_storage dc_ss;
 
@@ -481,7 +479,7 @@ static NTSTATUS check_trustdomain_security(const struct auth_context *auth_conte
 	 */
 
 	if (!pdb_get_trusteddom_pw(user_info->domain, &trust_password,
-				   &sid, &last_change_time)) {
+				   NULL, NULL)) {
 		DEBUG(0, ("check_trustdomain_security: could not fetch trust "
 			  "account password for domain %s\n",
 			  user_info->domain));
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index 931026e..08d6911 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -577,6 +577,38 @@ NTSTATUS _lsa_QueryInfoPolicy(pipes_struct *p,
 	}
 
 	switch (r->in.level) {
+	/* according to MS-LSAD 3.1.4.4.3 */
+	case LSA_POLICY_INFO_MOD:
+	case LSA_POLICY_INFO_AUDIT_FULL_SET:
+	case LSA_POLICY_INFO_AUDIT_FULL_QUERY:
+		return NT_STATUS_INVALID_PARAMETER;
+	case LSA_POLICY_INFO_AUDIT_LOG:
+		info->audit_log.percent_full		= 0;
+		info->audit_log.maximum_log_size	= 0;
+		info->audit_log.retention_time		= 0;
+		info->audit_log.shutdown_in_progress	= 0;
+		info->audit_log.time_to_shutdown	= 0;
+		info->audit_log.next_audit_record	= 0;
+		status = NT_STATUS_OK;
+		break;
+	case LSA_POLICY_INFO_PD:
+		info->pd.name.string			= NULL;
+		status = NT_STATUS_OK;
+		break;
+	case LSA_POLICY_INFO_REPLICA:
+		info->replica.source.string		= NULL;
+		info->replica.account.string		= NULL;
+		status = NT_STATUS_OK;
+		break;
+	case LSA_POLICY_INFO_QUOTA:
+		info->quota.paged_pool			= 0;
+		info->quota.non_paged_pool		= 0;
+		info->quota.min_wss			= 0;
+		info->quota.max_wss			= 0;
+		info->quota.pagefile			= 0;
+		info->quota.unknown			= 0;
+		status = NT_STATUS_OK;
+		break;
 	case LSA_POLICY_INFO_AUDIT_EVENTS:
 		{
 
diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
index 119e81d..b271671 100644
--- a/source3/winbindd/winbindd_ads.c
+++ b/source3/winbindd/winbindd_ads.c
@@ -84,10 +84,8 @@ static ADS_STRUCT *ads_cached_connection(struct winbindd_domain *domain)
 	SAFE_FREE(ads->auth.realm);
 
 	if ( IS_DC ) {
-		DOM_SID sid;
-		time_t last_set_time;
 
-		if ( !pdb_get_trusteddom_pw( domain->name, &ads->auth.password, &sid, &last_set_time ) ) {
+		if ( !pdb_get_trusteddom_pw( domain->name, &ads->auth.password, NULL, NULL ) ) {
 			ads_destroy( &ads );
 			return NULL;
 		}
diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c
index 710f4c5..cff42a2 100644
--- a/source4/torture/rpc/lsa.c
+++ b/source4/torture/rpc/lsa.c
@@ -2463,6 +2463,10 @@ static bool test_QueryDomainInfoPolicy(struct dcerpc_pipe *p,
 	int i;
 	bool ret = true;
 
+	if (torture_setting_bool(tctx, "samba3", false)) {
+		torture_skip(tctx, "skipping QueryDomainInformationPolicy test\n");
+	}
+
 	torture_comment(tctx, "\nTesting QueryDomainInformationPolicy\n");
 
 	for (i=2;i<4;i++) {
@@ -2498,21 +2502,20 @@ static bool test_QueryInfoPolicyCalls(	bool version2,
 	NTSTATUS status;
 	int i;
 	bool ret = true;
+	const char *call = talloc_asprintf(tctx, "QueryInfoPolicy%s", version2 ? "2":"");
 
-	if (version2)
-		torture_comment(tctx, "\nTesting QueryInfoPolicy2\n");
-	else
-		torture_comment(tctx, "\nTesting QueryInfoPolicy\n");
+	torture_comment(tctx, "\nTesting %s\n", call);
+
+	if (version2 && torture_setting_bool(tctx, "samba3", false)) {
+		torture_skip(tctx, "skipping QueryInfoPolicy2 tests\n");
+	}
 
 	for (i=1;i<=14;i++) {
 		r.in.handle = handle;
 		r.in.level = i;
 		r.out.info = &info;
 
-		if (version2)
-			torture_comment(tctx, "\nTrying QueryInfoPolicy2 level %d\n", i);
-		else
-			torture_comment(tctx, "\nTrying QueryInfoPolicy level %d\n", i);
+		torture_comment(tctx, "\nTrying %s level %d\n", call, i);
 
 		if (version2)
 			/* We can perform the cast, because both types are
@@ -2533,9 +2536,6 @@ static bool test_QueryInfoPolicyCalls(	bool version2,
 			break;
 		case LSA_POLICY_INFO_DOMAIN:
 		case LSA_POLICY_INFO_ACCOUNT_DOMAIN:
-		case LSA_POLICY_INFO_L_ACCOUNT_DOMAIN:
-		case LSA_POLICY_INFO_DNS_INT:
-		case LSA_POLICY_INFO_DNS:
 		case LSA_POLICY_INFO_REPLICA:
 		case LSA_POLICY_INFO_QUOTA:
 		case LSA_POLICY_INFO_ROLE:
@@ -2543,10 +2543,21 @@ static bool test_QueryInfoPolicyCalls(	bool version2,
 		case LSA_POLICY_INFO_AUDIT_EVENTS:
 		case LSA_POLICY_INFO_PD:
 			if (!NT_STATUS_IS_OK(status)) {
-				if (version2)
-					torture_comment(tctx, "QueryInfoPolicy2 failed - %s\n", nt_errstr(status));
-				else
-					torture_comment(tctx, "QueryInfoPolicy failed - %s\n", nt_errstr(status));
+				torture_comment(tctx, "%s failed - %s\n", call, nt_errstr(status));
+				ret = false;
+			}
+			break;
+		case LSA_POLICY_INFO_L_ACCOUNT_DOMAIN:
+		case LSA_POLICY_INFO_DNS_INT:
+		case LSA_POLICY_INFO_DNS:
+			if (torture_setting_bool(tctx, "samba3", false)) {
+				/* Other levels not implemented yet */
+				if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_INFO_CLASS)) {
+					torture_comment(tctx, "%s failed - %s\n", call, nt_errstr(status));
+					ret = false;
+				}
+			} else if (!NT_STATUS_IS_OK(status)) {
+				torture_comment(tctx, "%s failed - %s\n", call, nt_errstr(status));
 				ret = false;
 			}
 			break;
@@ -2554,17 +2565,11 @@ static bool test_QueryInfoPolicyCalls(	bool version2,
 			if (torture_setting_bool(tctx, "samba4", false)) {
 				/* Other levels not implemented yet */
 				if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_INFO_CLASS)) {
-					if (version2)
-						torture_comment(tctx, "QueryInfoPolicy2 failed - %s\n", nt_errstr(status));
-					else
-						torture_comment(tctx, "QueryInfoPolicy failed - %s\n", nt_errstr(status));
+					torture_comment(tctx, "%s failed - %s\n", call, nt_errstr(status));
 					ret = false;
 				}
 			} else if (!NT_STATUS_IS_OK(status)) {
-				if (version2)
-					torture_comment(tctx, "QueryInfoPolicy2 failed - %s\n", nt_errstr(status));
-				else
-					torture_comment(tctx, "QueryInfoPolicy failed - %s\n", nt_errstr(status));
+				torture_comment(tctx, "%s failed - %s\n", call, nt_errstr(status));
 				ret = false;
 			}
 			break;


-- 
Samba Shared Repository
