[SCM] Samba Shared Repository - branch master updated

Günther Deschner gd at samba.org
Fri Oct 16 06:55:37 MDT 2009


The branch, master has been updated
       via  2227696... s4-smbtorture: extend netr_LogonControl test in RPC-NETLOGON.
       via  8267564... s3-netlogon: Fix _netr_ServerPasswordSet2 cleartext blob handling.
       via  c2966a0... s4-smbtorture: test wbcLookupUserSids in WINBIND-WBCLIENT as well.
       via  246597c... s4-smbtorture: test wbcGuidToString and friends as well in WINBIND-WBCLIENT.
      from  aaca10b... s4:provision - fixed invalid creationTime format

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 22276961c398da5997402f09f7443d76f621d3ec
Author: Günther Deschner <gd at samba.org>
Date:   Wed Oct 14 11:58:21 2009 +0200

    s4-smbtorture: extend netr_LogonControl test in RPC-NETLOGON.
    
    Guenther

commit 8267564e1c52b3d335bf892ab71963bfb0e6e7e8
Author: Günther Deschner <gd at samba.org>
Date:   Fri Oct 16 12:09:55 2009 +0200

    s3-netlogon: Fix _netr_ServerPasswordSet2 cleartext blob handling.
    
    Following Andrew's advice, let's straight md4 the plaintext blob and avoid
    trying to get a paintext string out of the input the client sends.
    
    Guenther

commit c2966a0766998b732c190860879c001d6140863e
Author: Günther Deschner <gd at samba.org>
Date:   Fri Oct 16 14:51:49 2009 +0200

    s4-smbtorture: test wbcLookupUserSids in WINBIND-WBCLIENT as well.
    
    Guenther

commit 246597cb0d8d62c702841dfbb3fa257fc2da70da
Author: Günther Deschner <gd at samba.org>
Date:   Fri Oct 16 13:38:57 2009 +0200

    s4-smbtorture: test wbcGuidToString and friends as well in WINBIND-WBCLIENT.
    
    Guenther

-----------------------------------------------------------------------

Summary of changes:
 nsswitch/libwbclient/tests/wbclient.c |   39 +++++++++++-
 source3/rpc_server/srv_netlog_nt.c    |    5 +-
 source4/torture/rpc/netlogon.c        |  112 ++++++++++++++++++++++++++++++++-
 3 files changed, 151 insertions(+), 5 deletions(-)


Changeset truncated at 500 lines:

diff --git a/nsswitch/libwbclient/tests/wbclient.c b/nsswitch/libwbclient/tests/wbclient.c
index 6606caf..5a55a43 100644
--- a/nsswitch/libwbclient/tests/wbclient.c
+++ b/nsswitch/libwbclient/tests/wbclient.c
@@ -96,6 +96,38 @@ static bool test_wbc_sidtypestring(struct torture_context *tctx)
 	return true;
 }
 
+static bool test_wbc_sidtostring(struct torture_context *tctx)
+{
+	struct wbcDomainSid sid;
+	const char *sid_string = "S-1-5-32";
+	char *sid_string2;
+
+	torture_assert_wbc_ok(tctx, wbcStringToSid(sid_string, &sid),
+		"wbcStringToSid failed");
+	torture_assert_wbc_ok(tctx, wbcSidToString(&sid, &sid_string2),
+		"wbcSidToString failed");
+	torture_assert_str_equal(tctx, sid_string, sid_string2,
+		"sid strings differ");
+
+	return true;
+}
+
+static bool test_wbc_guidtostring(struct torture_context *tctx)
+{
+	struct wbcGuid guid;
+	const char *guid_string = "f7cf07b4-1487-45c7-824d-8b18cc580811";
+	char *guid_string2;
+
+	torture_assert_wbc_ok(tctx, wbcStringToGuid(guid_string, &guid),
+		"wbcStringToGuid failed");
+	torture_assert_wbc_ok(tctx, wbcGuidToString(&guid, &guid_string2),
+		"wbcGuidToString failed");
+	torture_assert_str_equal(tctx, guid_string, guid_string2,
+		"guid strings differ");
+
+	return true;
+}
+
 static bool test_wbc_domain_info(struct torture_context *tctx)
 {
 	const char *domain_name = NULL;
@@ -137,10 +169,11 @@ static bool test_wbc_users(struct torture_context *tctx)
 
 	for (i=0; i < MIN(num_users,100); i++) {
 
-		struct wbcDomainSid sid;
+		struct wbcDomainSid sid, *sids;
 		enum wbcSidType name_type;
 		char *domain;
 		char *name;
+		uint32_t num_sids;
 
 		torture_assert_wbc_ok(tctx, wbcLookupName(domain_name, users[i], &sid, &name_type),
 			"wbcLookupName failed");
@@ -152,6 +185,8 @@ static bool test_wbc_users(struct torture_context *tctx)
 			"wbcLookupSid expected WBC_SID_NAME_USER");
 		torture_assert(tctx, name,
 			"wbcLookupSid returned no name");
+		torture_assert_wbc_ok(tctx, wbcLookupUserSids(&sid, true, &num_sids, &sids),
+			"wbcLookupUserSids failed");
 	}
 
 	return true;
@@ -243,6 +278,8 @@ struct torture_suite *torture_wbclient(void)
 	torture_suite_add_simple_test(suite, "wbcLibraryDetails", test_wbc_library_details);
 	torture_suite_add_simple_test(suite, "wbcInterfaceDetails", test_wbc_interface_details);
 	torture_suite_add_simple_test(suite, "wbcSidTypeString", test_wbc_sidtypestring);
+	torture_suite_add_simple_test(suite, "wbcSidToString", test_wbc_sidtostring);
+	torture_suite_add_simple_test(suite, "wbcGuidToString", test_wbc_guidtostring);
 	torture_suite_add_simple_test(suite, "wbcDomainInfo", test_wbc_domain_info);
 	torture_suite_add_simple_test(suite, "wbcListUsers", test_wbc_users);
 	torture_suite_add_simple_test(suite, "wbcListGroups", test_wbc_groups);
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c
index 4b83279..491754f 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -827,6 +827,7 @@ NTSTATUS _netr_ServerPasswordSet2(pipes_struct *p,
 	struct samu *sampass;
 	DATA_BLOB plaintext;
 	struct samr_CryptPassword password_buf;
+	struct samr_Password nt_hash;
 
 	become_root();
 	status = netr_creds_server_step_check(p, p->mem_ctx,
@@ -852,6 +853,8 @@ NTSTATUS _netr_ServerPasswordSet2(pipes_struct *p,
 		return NT_STATUS_WRONG_PASSWORD;
 	}
 
+	mdfour(nt_hash.hash, plaintext.data, plaintext.length);
+
 	status = netr_find_machine_account(p->mem_ctx,
 					   creds->account_name,
 					   &sampass);
@@ -861,8 +864,8 @@ NTSTATUS _netr_ServerPasswordSet2(pipes_struct *p,
 
 	status = netr_set_machine_account_password(sampass,
 						   sampass,
-						   &plaintext,
 						   NULL,
+						   &nt_hash,
 						   NULL);
 	TALLOC_FREE(sampass);
 	return status;
diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c
index 6a753ed..f57c47b 100644
--- a/source4/torture/rpc/netlogon.c
+++ b/source4/torture/rpc/netlogon.c
@@ -1567,6 +1567,49 @@ static bool test_GetDcName(struct torture_context *tctx,
 	return true;
 }
 
+static const char *function_code_str(TALLOC_CTX *mem_ctx,
+				     enum netr_LogonControlCode function_code)
+{
+	switch (function_code) {
+	case NETLOGON_CONTROL_QUERY:
+		return "NETLOGON_CONTROL_QUERY";
+	case NETLOGON_CONTROL_REPLICATE:
+		return "NETLOGON_CONTROL_REPLICATE";
+	case NETLOGON_CONTROL_SYNCHRONIZE:
+		return "NETLOGON_CONTROL_SYNCHRONIZE";
+	case NETLOGON_CONTROL_PDC_REPLICATE:
+		return "NETLOGON_CONTROL_PDC_REPLICATE";
+	case NETLOGON_CONTROL_REDISCOVER:
+		return "NETLOGON_CONTROL_REDISCOVER";
+	case NETLOGON_CONTROL_TC_QUERY:
+		return "NETLOGON_CONTROL_TC_QUERY";
+	case NETLOGON_CONTROL_TRANSPORT_NOTIFY:
+		return "NETLOGON_CONTROL_TRANSPORT_NOTIFY";
+	case NETLOGON_CONTROL_FIND_USER:
+		return "NETLOGON_CONTROL_FIND_USER";
+	case NETLOGON_CONTROL_CHANGE_PASSWORD:
+		return "NETLOGON_CONTROL_CHANGE_PASSWORD";
+	case NETLOGON_CONTROL_TC_VERIFY:
+		return "NETLOGON_CONTROL_TC_VERIFY";
+	case NETLOGON_CONTROL_FORCE_DNS_REG:
+		return "NETLOGON_CONTROL_FORCE_DNS_REG";
+	case NETLOGON_CONTROL_QUERY_DNS_REG:
+		return "NETLOGON_CONTROL_QUERY_DNS_REG";
+	case NETLOGON_CONTROL_BACKUP_CHANGE_LOG:
+		return "NETLOGON_CONTROL_BACKUP_CHANGE_LOG";
+	case NETLOGON_CONTROL_TRUNCATE_LOG:
+		return "NETLOGON_CONTROL_TRUNCATE_LOG";
+	case NETLOGON_CONTROL_SET_DBFLAG:
+		return "NETLOGON_CONTROL_SET_DBFLAG";
+	case NETLOGON_CONTROL_BREAKPOINT:
+		return "NETLOGON_CONTROL_BREAKPOINT";
+	default:
+		return talloc_asprintf(mem_ctx, "unknown function code: %d",
+				       function_code);
+	}
+}
+
+
 /*
   try a netlogon LogonControl 
 */
@@ -1576,19 +1619,82 @@ static bool test_LogonControl(struct torture_context *tctx,
 	NTSTATUS status;
 	struct netr_LogonControl r;
 	union netr_CONTROL_QUERY_INFORMATION query;
-	int i;
+	int i,f;
+	uint32_t function_codes[] = {
+		NETLOGON_CONTROL_QUERY,
+		NETLOGON_CONTROL_REPLICATE,
+		NETLOGON_CONTROL_SYNCHRONIZE,
+		NETLOGON_CONTROL_PDC_REPLICATE,
+		NETLOGON_CONTROL_REDISCOVER,
+		NETLOGON_CONTROL_TC_QUERY,
+		NETLOGON_CONTROL_TRANSPORT_NOTIFY,
+		NETLOGON_CONTROL_FIND_USER,
+		NETLOGON_CONTROL_CHANGE_PASSWORD,
+		NETLOGON_CONTROL_TC_VERIFY,
+		NETLOGON_CONTROL_FORCE_DNS_REG,
+		NETLOGON_CONTROL_QUERY_DNS_REG,
+		NETLOGON_CONTROL_BACKUP_CHANGE_LOG,
+		NETLOGON_CONTROL_TRUNCATE_LOG,
+		NETLOGON_CONTROL_SET_DBFLAG,
+		NETLOGON_CONTROL_BREAKPOINT
+	};
 
 	r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
 	r.in.function_code = 1;
 	r.out.query = &query;
 
-	for (i=1;i<4;i++) {
+	for (f=0;f<ARRAY_SIZE(function_codes); f++) {
+	for (i=1;i<5;i++) {
+
+		r.in.function_code = function_codes[f];
 		r.in.level = i;
 
-		torture_comment(tctx, "Testing LogonControl level %d\n", i);
+		torture_comment(tctx, "Testing LogonControl function code %s (%d) level %d\n",
+				function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
 
 		status = dcerpc_netr_LogonControl(p, tctx, &r);
 		torture_assert_ntstatus_ok(tctx, status, "LogonControl");
+
+		switch (r.in.level) {
+		case 1:
+			switch (r.in.function_code) {
+			case NETLOGON_CONTROL_REPLICATE:
+			case NETLOGON_CONTROL_SYNCHRONIZE:
+			case NETLOGON_CONTROL_PDC_REPLICATE:
+			case NETLOGON_CONTROL_BACKUP_CHANGE_LOG:
+			case NETLOGON_CONTROL_TRUNCATE_LOG:
+			case NETLOGON_CONTROL_BREAKPOINT:
+				torture_assert_werr_equal(tctx, r.out.result, WERR_ACCESS_DENIED,
+					"LogonControl returned unexpected error code");
+				break;
+			case NETLOGON_CONTROL_REDISCOVER:
+			case NETLOGON_CONTROL_TC_QUERY:
+			case NETLOGON_CONTROL_TRANSPORT_NOTIFY:
+			case NETLOGON_CONTROL_FIND_USER:
+			case NETLOGON_CONTROL_CHANGE_PASSWORD:
+			case NETLOGON_CONTROL_TC_VERIFY:
+			case NETLOGON_CONTROL_FORCE_DNS_REG:
+			case NETLOGON_CONTROL_QUERY_DNS_REG:
+			case NETLOGON_CONTROL_SET_DBFLAG:
+				torture_assert_werr_equal(tctx, r.out.result, WERR_NOT_SUPPORTED,
+					"LogonControl returned unexpected error code");
+				break;
+			default:
+				torture_assert_werr_ok(tctx, r.out.result,
+					"LogonControl returned unexpected result");
+				break;
+			}
+			break;
+		case 2:
+			torture_assert_werr_equal(tctx, r.out.result, WERR_NOT_SUPPORTED,
+				"LogonControl returned unexpected error code");
+			break;
+		default:
+			torture_assert_werr_equal(tctx, r.out.result, WERR_UNKNOWN_LEVEL,
+				"LogonControl returned unexpected error code");
+			break;
+		}
+	}
 	}
 
 	return true;


-- 
Samba Shared Repository


More information about the samba-cvs mailing list