[SCM] Samba Shared Repository - branch master updated

Günther Deschner gd at samba.org
Wed Aug 25 05:52:18 MDT 2010


The branch, master has been updated
       via  896f3c8... s4-smbtorture: Added a torture test for forest trusts
       via  75e334f... s4-smbtorture: Make test_SetupCredentials3 public
      from  df7c718... s4-smbtorture: fill in trust_domain_passwords_check_in in NDR lsa test.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 896f3c8a49864ff022ac2d32a81f5b4ce53fd16b
Author: Sumit Bose <sbose at redhat.com>
Date:   Tue Jun 22 15:06:27 2010 +0200

    s4-smbtorture: Added a torture test for forest trusts
    
    Signed-off-by: Günther Deschner <gd at samba.org>

commit 75e334fb615136b9431bc6334bd479b671db1c85
Author: Sumit Bose <sbose at redhat.com>
Date:   Tue Jun 29 16:24:36 2010 +0200

    s4-smbtorture: Make test_SetupCredentials3 public
    
    Signed-off-by: Günther Deschner <gd at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 source4/selftest/skip              |    1 +
 source4/torture/config.mk          |    2 +-
 source4/torture/rpc/forest_trust.c |  837 ++++++++++++++++++++++++++++++++++++
 source4/torture/rpc/netlogon.c     |    2 +-
 source4/torture/rpc/netlogon.h     |   24 +
 source4/torture/rpc/rpc.c          |    1 +
 source4/torture/wscript_build      |    2 +-
 7 files changed, 866 insertions(+), 3 deletions(-)
 create mode 100644 source4/torture/rpc/forest_trust.c


Changeset truncated at 500 lines:

diff --git a/source4/selftest/skip b/source4/selftest/skip
index a0cddd1..7fba25d 100644
--- a/source4/selftest/skip
+++ b/source4/selftest/skip
@@ -51,6 +51,7 @@ rpc.atsvc							# Not provided by Samba 4
 rpc.frsapi							# Not provided by Samba 4
 rpc.ntsvcs							# Not provided by Samba 4
 rpc.dfs								# Not provided by Samba 4
+rpc.lsa.forest							# Not provided by Samba 4
 ^samba4.base.samba3.*						# Samba3-specific test
 ^samba4.ntvfs.cifs.base.samba3.*				# Samba3-specific test
 ^samba4.raw.samba3.*						# Samba3-specific test
diff --git a/source4/torture/config.mk b/source4/torture/config.mk
index 49273d0..826b21c 100644
--- a/source4/torture/config.mk
+++ b/source4/torture/config.mk
@@ -123,7 +123,7 @@ PRIVATE_DEPENDENCIES = \
 		dcerpc_server service process_model ntvfs SERVICE_SMB RPC_NDR_BROWSER LIBCLI_DRSUAPI TORTURE_LDB_MODULE
 
 torture_rpc_OBJ_FILES = $(addprefix $(torturesrcdir)/rpc/, \
-		join.o lsa.o lsa_lookup.o session_key.o echo.o dfs.o drsuapi.o \
+		join.o lsa.o forest_trust.o lsa_lookup.o session_key.o echo.o dfs.o drsuapi.o \
 		drsuapi_cracknames.o dssync.o dsgetinfo.o spoolss.o spoolss_notify.o spoolss_win.o spoolss_access.o \
 		unixinfo.o samr.o samr_accessmask.o wkssvc.o srvsvc.o svcctl.o atsvc.o \
 		eventlog.o epmapper.o winreg.o initshutdown.o oxidresolve.o remact.o mgmt.o \
diff --git a/source4/torture/rpc/forest_trust.c b/source4/torture/rpc/forest_trust.c
new file mode 100644
index 0000000..002a300
--- /dev/null
+++ b/source4/torture/rpc/forest_trust.c
@@ -0,0 +1,837 @@
+/*
+   Unix SMB/CIFS implementation.
+   test suite for forest trust
+
+   Copyright (C) Andrew Tridgell 2003
+   Copyright (C) Andrew Bartlett <abartlet at samba.org> 2004-2005
+   Copyright (C) Sumit Bose <sbose at redhat.com> 2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/torture.h"
+#include "librpc/gen_ndr/ndr_lsa_c.h"
+#include "librpc/gen_ndr/ndr_drsblobs.h"
+#include "librpc/gen_ndr/ndr_netlogon_c.h"
+#include "libcli/security/security.h"
+#include "libcli/auth/credentials.h"
+#include "libcli/auth/libcli_auth.h"
+#include "torture/rpc/torture_rpc.h"
+#include "param/param.h"
+#include "../lib/crypto/crypto.h"
+
+#define TEST_DOM "torturedom"
+#define TEST_DOM_DNS "torturedom.samba.example.com"
+#define TEST_DOM_SID "S-1-5-21-97398-379795-10000"
+#define TEST_MACHINE_NAME "lsatestmach"
+#define TPASS "1234567890"
+
+
+static bool test_get_policy_handle(struct torture_context *tctx,
+				   struct dcerpc_pipe *p,
+				   uint32_t access_mask,
+				   struct policy_handle **handle  )
+{
+	struct policy_handle *h;
+	struct lsa_OpenPolicy2 pr;
+	struct lsa_ObjectAttribute attr;
+	NTSTATUS status;
+
+	h = talloc(tctx, struct policy_handle);
+	if (!h) {
+		return false;
+	}
+
+	attr.len = 0;
+	attr.root_dir = NULL;
+	attr.object_name = NULL;
+	attr.attributes = 0;
+	attr.sec_desc = NULL;
+	attr.sec_qos = NULL;
+
+	pr.in.system_name = "\\";
+	pr.in.attr = &attr;
+	pr.in.access_mask = access_mask;
+	pr.out.handle = h;
+
+	status = dcerpc_lsa_OpenPolicy2_r(p->binding_handle, tctx, &pr);
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_OK,
+				      "OpenPolicy2 failed");
+	if (!NT_STATUS_IS_OK(pr.out.result)) {
+		torture_comment(tctx, "OpenPolicy2 failed - %s\n",
+				nt_errstr(pr.out.result));
+		talloc_free(h);
+		return false;
+	}
+
+	*handle = h;
+	return true;
+}
+
+static bool test_create_trust_and_set_info(struct dcerpc_pipe *p,
+					   struct torture_context *tctx,
+					   const char *trust_name,
+					   const char *trust_name_dns,
+					   struct dom_sid *domsid,
+					   struct lsa_TrustDomainInfoAuthInfoInternal *authinfo)
+{
+	struct policy_handle *handle;
+	NTSTATUS status;
+	struct lsa_lsaRSetForestTrustInformation fti;
+	struct lsa_ForestTrustCollisionInfo *collision_info = NULL;
+	struct lsa_Close cr;
+	struct policy_handle closed_handle;
+	bool ret = true;
+	struct lsa_CreateTrustedDomainEx2 r;
+	struct lsa_TrustDomainInfoInfoEx trustinfo;
+	struct policy_handle trustdom_handle;
+	struct lsa_QueryTrustedDomainInfo q;
+	union lsa_TrustedDomainInfo *info = NULL;
+
+	if (!test_get_policy_handle(tctx, p,
+				   (LSA_POLICY_VIEW_LOCAL_INFORMATION |
+				    LSA_POLICY_TRUST_ADMIN |
+				    LSA_POLICY_CREATE_SECRET), &handle)) {
+		return false;
+	}
+
+	torture_comment(tctx, "\nTesting CreateTrustedDomainEx2\n");
+
+	trustinfo.sid = domsid;
+	trustinfo.netbios_name.string = trust_name;
+	trustinfo.domain_name.string = trust_name_dns;
+
+	trustinfo.trust_direction = LSA_TRUST_DIRECTION_INBOUND |
+				    LSA_TRUST_DIRECTION_OUTBOUND;
+
+	trustinfo.trust_type = LSA_TRUST_TYPE_UPLEVEL;
+
+	trustinfo.trust_attributes = LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE;
+
+	r.in.policy_handle = handle;
+	r.in.info = &trustinfo;
+	r.in.auth_info = authinfo;
+	r.in.access_mask = LSA_TRUSTED_SET_POSIX | LSA_TRUSTED_SET_AUTH;
+	r.out.trustdom_handle = &trustdom_handle;
+
+	torture_assert_ntstatus_ok(tctx,
+				   dcerpc_lsa_CreateTrustedDomainEx2_r(p->binding_handle, tctx, &r),
+				   "CreateTrustedDomainEx2 failed");
+	if (!NT_STATUS_IS_OK(r.out.result)) {
+		torture_comment(tctx, "CreateTrustedDomainEx failed2 - %s\n", nt_errstr(r.out.result));
+		ret = false;
+	} else {
+
+		q.in.trustdom_handle = &trustdom_handle;
+		q.in.level = LSA_TRUSTED_DOMAIN_INFO_INFO_EX;
+		q.out.info = &info;
+
+		torture_assert_ntstatus_ok(tctx,
+					   dcerpc_lsa_QueryTrustedDomainInfo_r(p->binding_handle, tctx, &q),
+					   "QueryTrustedDomainInfo failed");
+		if (!NT_STATUS_IS_OK(q.out.result)) {
+			torture_comment(tctx,
+					"QueryTrustedDomainInfo level 1 failed - %s\n",
+					nt_errstr(q.out.result));
+			ret = false;
+		} else if (!q.out.info) {
+			torture_comment(tctx,
+					"QueryTrustedDomainInfo level 1 failed to return an info pointer\n");
+			ret = false;
+		} else {
+			if (strcmp(info->info_ex.netbios_name.string, trustinfo.netbios_name.string) != 0) {
+				torture_comment(tctx,
+						"QueryTrustedDomainInfo returned inconsistant short name: %s != %s\n",
+						info->info_ex.netbios_name.string,
+						trustinfo.netbios_name.string);
+				ret = false;
+			}
+			if (info->info_ex.trust_type != trustinfo.trust_type) {
+				torture_comment(tctx,
+						"QueryTrustedDomainInfo of %s returned incorrect trust type %d != %d\n",
+						trust_name,
+						info->info_ex.trust_type,
+						trustinfo.trust_type);
+				ret = false;
+			}
+			if (info->info_ex.trust_attributes != trustinfo.trust_attributes) {
+				torture_comment(tctx,
+						"QueryTrustedDomainInfo of %s returned incorrect trust attributes %d != %d\n",
+						trust_name,
+						info->info_ex.trust_attributes,
+						trustinfo.trust_attributes);
+				ret = false;
+			}
+			if (info->info_ex.trust_direction != trustinfo.trust_direction) {
+				torture_comment(tctx,
+						"QueryTrustedDomainInfo of %s returned incorrect trust direction %d != %d\n",
+						trust_name,
+						info->info_ex.trust_direction,
+						trustinfo.trust_direction);
+				ret = false;
+			}
+		}
+	}
+
+	if (ret != false) {
+		fti.in.handle = handle;
+		fti.in.trusted_domain_name = talloc_zero(tctx, struct lsa_StringLarge);
+		fti.in.trusted_domain_name->string = trust_name_dns;
+		fti.in.highest_record_type = 2;
+		fti.in.forest_trust_info = talloc_zero(tctx, struct lsa_ForestTrustInformation);
+		fti.in.forest_trust_info->count = 2;
+		fti.in.forest_trust_info->entries = talloc_array(tctx, struct lsa_ForestTrustRecord *, 2);
+		fti.in.forest_trust_info->entries[0] = talloc_zero(tctx, struct lsa_ForestTrustRecord);
+		fti.in.forest_trust_info->entries[0]->flags = 0;
+		fti.in.forest_trust_info->entries[0]->type = LSA_FOREST_TRUST_TOP_LEVEL_NAME;
+		fti.in.forest_trust_info->entries[0]->time = 0;
+		fti.in.forest_trust_info->entries[0]->forest_trust_data.top_level_name.string = trust_name_dns;
+		fti.in.forest_trust_info->entries[1] = talloc_zero(tctx, struct lsa_ForestTrustRecord);
+		fti.in.forest_trust_info->entries[1]->flags = 0;
+		fti.in.forest_trust_info->entries[1]->type = LSA_FOREST_TRUST_DOMAIN_INFO;
+		fti.in.forest_trust_info->entries[1]->time = 0;
+		fti.in.forest_trust_info->entries[1]->forest_trust_data.domain_info.domain_sid = domsid;
+		fti.in.forest_trust_info->entries[1]->forest_trust_data.domain_info.dns_domain_name.string = trust_name_dns;
+		fti.in.forest_trust_info->entries[1]->forest_trust_data.domain_info.netbios_domain_name.string = trust_name;
+		fti.in.check_only = 0;
+		fti.out.collision_info = &collision_info;
+
+		torture_comment(tctx, "\nTesting SetForestTrustInformation\n");
+
+		torture_assert_ntstatus_ok(tctx,
+					   dcerpc_lsa_lsaRSetForestTrustInformation_r(p->binding_handle, tctx, &fti),
+					   "lsaRSetForestTrustInformation failed");
+		if (!NT_STATUS_IS_OK(fti.out.result)) {
+			torture_comment(tctx,
+					"lsaRSetForestTrustInformation failed - %s\n",
+					nt_errstr(fti.out.result));
+			ret = false;
+		}
+	}
+
+	cr.in.handle = handle;
+	cr.out.handle = &closed_handle;
+	status =  dcerpc_lsa_Close_r(p->binding_handle, tctx, &cr);
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_OK,
+				      "Close failed");
+	if (!NT_STATUS_IS_OK(cr.out.result)) {
+		torture_comment(tctx, "Close failed - %s\n",
+				nt_errstr(cr.out.result));
+		ret = false;
+	}
+
+	return ret;
+}
+
+static bool check_name(struct dcerpc_pipe *p, struct torture_context *tctx,
+		       const char *name)
+{
+	struct policy_handle *handle;
+	NTSTATUS status;
+	struct lsa_QueryTrustedDomainInfoByName qr;
+	union lsa_TrustedDomainInfo *info;
+	struct lsa_Close cr;
+	struct policy_handle closed_handle;
+
+	torture_comment(tctx, "\nGetting LSA_TRUSTED_DOMAIN_INFO_FULL_INFO\n");
+
+	if(!test_get_policy_handle(tctx, p, LSA_POLICY_VIEW_LOCAL_INFORMATION,
+				   &handle)) {
+		return false;
+	}
+
+	qr.in.handle = handle;
+	qr.in.trusted_domain = talloc_zero(tctx, struct lsa_String);
+	qr.in.trusted_domain->string = name;
+	qr.in.level = LSA_TRUSTED_DOMAIN_INFO_FULL_INFO;
+	qr.out.info = &info;
+	status = dcerpc_lsa_QueryTrustedDomainInfoByName_r(p->binding_handle,
+							   tctx, &qr);
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_OK,
+				      "QueryInfoPolicy2 failed");
+	if (!NT_STATUS_EQUAL(qr.out.result, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
+		torture_comment(tctx, "QueryInfoPolicy2 did not return "
+				      "NT_STATUS_OBJECT_NAME_NOT_FOUND\n");
+		return false;
+	}
+
+	cr.in.handle = handle;
+	cr.out.handle = &closed_handle;
+	status =  dcerpc_lsa_Close_r(p->binding_handle, tctx, &cr);
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_OK,
+				      "Close failed");
+	if (!NT_STATUS_IS_OK(cr.out.result)) {
+		torture_comment(tctx, "Close failed - %s\n",
+				nt_errstr(cr.out.result));
+		return false;
+	}
+
+	return true;
+}
+static bool get_lsa_policy_info_dns(struct dcerpc_pipe *p,
+				    struct torture_context *tctx,
+				    union lsa_PolicyInformation **info)
+{
+	struct policy_handle *handle;
+	NTSTATUS status;
+	struct lsa_QueryInfoPolicy2 qr;
+	struct lsa_Close cr;
+	struct policy_handle closed_handle;
+
+	torture_comment(tctx, "\nGetting LSA_POLICY_INFO_DNS\n");
+
+	if (!test_get_policy_handle(tctx, p, LSA_POLICY_VIEW_LOCAL_INFORMATION,
+				    &handle)) {
+		return false;
+	}
+
+	qr.in.handle = handle;
+	qr.in.level = LSA_POLICY_INFO_DNS;
+	qr.out.info = info;
+	status = dcerpc_lsa_QueryInfoPolicy2_r(p->binding_handle, tctx, &qr);
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_OK,
+				      "QueryInfoPolicy2 failed");
+	if (!NT_STATUS_IS_OK(qr.out.result)) {
+		torture_comment(tctx, "QueryInfoPolicy2 failed - %s\n",
+				nt_errstr(qr.out.result));
+		return false;
+	}
+
+	cr.in.handle = handle;
+	cr.out.handle = &closed_handle;
+	status =  dcerpc_lsa_Close_r(p->binding_handle, tctx, &cr);
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_OK,
+				      "Close failed");
+	if (!NT_STATUS_IS_OK(cr.out.result)) {
+		torture_comment(tctx, "Close failed - %s\n",
+				nt_errstr(cr.out.result));
+		return false;
+	}
+
+	return true;
+}
+
+static bool delete_trusted_domain_by_sid(struct dcerpc_pipe *p,
+					 struct torture_context *tctx,
+					 struct dom_sid *domsid)
+{
+	struct policy_handle *handle;
+	NTSTATUS status;
+	struct lsa_Close cr;
+	struct policy_handle closed_handle;
+	struct lsa_DeleteTrustedDomain dr;
+	bool ret = true;
+
+	torture_comment(tctx, "\nDeleting trusted domain.\n");
+
+	if (!test_get_policy_handle(tctx, p, LSA_POLICY_VIEW_LOCAL_INFORMATION,
+				    &handle)) {
+		return false;
+	}
+
+	dr.in.handle = handle;
+	dr.in.dom_sid = domsid;
+
+	torture_assert_ntstatus_ok(tctx,
+				   dcerpc_lsa_DeleteTrustedDomain_r(p->binding_handle, tctx, &dr),
+				   "DeleteTrustedDomain failed");
+	if (!NT_STATUS_IS_OK(dr.out.result)) {
+		torture_comment(tctx, "DeleteTrustedDomain failed - %s\n",
+				nt_errstr(dr.out.result));
+		return false;
+	}
+
+	cr.in.handle = handle;
+	cr.out.handle = &closed_handle;
+	status =  dcerpc_lsa_Close_r(p->binding_handle, tctx, &cr);
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_OK,
+				      "Close failed");
+	if (!NT_STATUS_IS_OK(cr.out.result)) {
+		torture_comment(tctx, "Close failed - %s\n",
+				nt_errstr(cr.out.result));
+		ret = false;
+	}
+
+	return ret;
+}
+
+static const uint8_t my_blob[] = {
+0xa3,0x0b,0x32,0x45,0x8b,0x84,0x3b,0x01,0x68,0xe8,0x2b,0xbb,0x00,0x13,0x69,0x1f,
+0x10,0x35,0x72,0xa9,0x4f,0x77,0xb7,0xeb,0x59,0x08,0x07,0xc3,0xe8,0x17,0x00,0xc5,
+0xf2,0xa9,0x6d,0xb7,0x69,0x45,0x63,0x20,0xcb,0x44,0x44,0x22,0x02,0xe3,0x28,0x84,
+0x9b,0xd5,0x43,0x6f,0x8d,0x36,0x9b,0x9b,0x3b,0x31,0x86,0x84,0x8b,0xf2,0x36,0xd4,
+0xe8,0xc4,0xee,0x90,0x0c,0xcb,0x3e,0x11,0x2f,0x86,0xfe,0x87,0x6d,0xce,0xae,0x0c,
+0x83,0xfb,0x21,0x22,0x6d,0x7f,0x5e,0x08,0x71,0x1a,0x35,0xf4,0x5a,0x76,0x9b,0xf7,
+0x54,0x62,0xa5,0x4c,0xcd,0xf6,0xa5,0xb0,0x0b,0xc7,0x79,0xe1,0x6f,0x85,0x16,0x6f,
+0x82,0xdd,0x15,0x11,0x4c,0x9d,0x26,0x01,0x74,0x7e,0xbb,0xec,0x88,0x1d,0x71,0x9e,
+0x5f,0xb2,0x9c,0xab,0x66,0x20,0x08,0x3d,0xae,0x07,0x2d,0xbb,0xa6,0xfb,0xec,0xcc,
+0x51,0x58,0x48,0x47,0x38,0x3b,0x47,0x66,0xe8,0x17,0xfa,0x54,0x5c,0x95,0x73,0x29,
+0xdf,0x7e,0x4a,0xb4,0x45,0x30,0xf7,0xbf,0xc0,0x56,0x6d,0x80,0xf6,0x11,0x56,0x93,
+0xeb,0x97,0xd5,0x10,0xd6,0xd6,0xf7,0x23,0xc3,0xc0,0x93,0xa7,0x5c,0xa9,0xc0,0x81,
+0x55,0x3d,0xec,0x03,0x31,0x7e,0x9d,0xf9,0xd0,0x9e,0xb5,0xc7,0xef,0xa8,0x54,0xf6,
+0x9c,0xdc,0x0d,0xd4,0xd7,0xee,0x8d,0x5f,0xbd,0x89,0x48,0x3b,0x63,0xff,0xe8,0xca,
+0x10,0x64,0x61,0xdf,0xfd,0x50,0xff,0x51,0xa0,0x2c,0xd7,0x8a,0xf1,0x13,0x02,0x02,
+0x71,0xe9,0xff,0x0d,0x03,0x48,0xf8,0x08,0x8d,0xd5,0xe6,0x31,0x9f,0xf0,0x26,0x07,
+0x91,0x6d,0xd3,0x01,0x91,0x92,0xc7,0x28,0x18,0x58,0xd8,0xf6,0x1b,0x97,0x8d,0xd0,
+0xd2,0xa1,0x7c,0xae,0xc1,0xca,0xfe,0x20,0x91,0x1c,0x4d,0x15,0x89,0x29,0x37,0xd5,
+0xf5,0xca,0x40,0x2b,0x03,0x8f,0x7b,0xc2,0x10,0xb4,0xd3,0xe8,0x14,0xb0,0x9b,0x5d,
+0x85,0x30,0xe5,0x13,0x24,0xf7,0x78,0xec,0xbe,0x0b,0x9a,0x3f,0xb5,0x76,0xd9,0x0d,
+0x49,0x64,0xa4,0xa7,0x33,0x88,0xdd,0xe9,0xe2,0x5f,0x04,0x51,0xdd,0x89,0xe2,0x68,
+0x5b,0x5f,0x64,0x35,0xe3,0x23,0x4a,0x0e,0x09,0x15,0xcc,0x97,0x47,0xf4,0xc2,0x4f,
+0x06,0xc3,0x96,0xa9,0x2f,0xb3,0xde,0x29,0x10,0xc7,0xf5,0x16,0xc5,0x3c,0x84,0xd2,
+0x9b,0x6b,0xaa,0x54,0x59,0x8d,0x94,0xde,0xd1,0x75,0xb6,0x08,0x0d,0x7d,0xf1,0x18,
+0xc8,0xf5,0xdf,0xaa,0xcd,0xec,0xab,0xb6,0xd1,0xcb,0xdb,0xe7,0x75,0x5d,0xbe,0x76,
+0xea,0x1d,0x01,0xc8,0x0b,0x2d,0x32,0xe9,0xa8,0x65,0xbb,0x4a,0xcb,0x72,0xbc,0xda,
+0x04,0x7f,0x82,0xfb,0x04,0xeb,0xd8,0xe1,0xb9,0xb1,0x1e,0xdc,0xb3,0x60,0xf3,0x55,
+0x1e,0xcf,0x90,0x6a,0x15,0x74,0x4d,0xff,0xb4,0xc7,0xc9,0xc2,0x4f,0x67,0x9e,0xeb,
+0x00,0x61,0x02,0xe3,0x9e,0x59,0x88,0x20,0xf1,0x0c,0xbe,0xe0,0x26,0x69,0x63,0x67,
+0x72,0x3c,0x06,0x00,0x9e,0x4f,0xc7,0xa6,0x4d,0x6c,0xbe,0x68,0x8e,0xf4,0x32,0x36,
+0x2e,0x5f,0xa6,0xcf,0xa7,0x19,0x40,0x2b,0xbd,0xa2,0x22,0x73,0xc4,0xb6,0xe3,0x86,
+0x64,0xeb,0xb1,0xc7,0x45,0x7d,0xd6,0xd9,0x36,0xf1,0x04,0xd4,0x61,0xdc,0x41,0xb7,
+0x01,0x00,0x00,0x00,0x0c,0x00,0x00,0x00,     0x30,0x00,0x00,0x00,     0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+0x02,0x00,0x00,0x00,0x14,0x00,0x00,0x00,0x31,0x00,0x32,0x00,0x33,0x00,0x34,0x00,
+0x35,0x00,0x36,0x00,0x37,0x00,0x38,0x00,0x39,0x00,0x30,0x00,0x01,0x00,0x00,0x00,
+0x0c,0x00,0x00,0x00,     0x30,0x00,0x00,0x00,     0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x02,0x00,0x00,0x00,
+0x14,0x00,0x00,0x00,0x31,0x00,0x32,0x00,0x33,0x00,0x34,0x00,0x35,0x00,0x36,0x00,
+0x37,0x00,0x38,0x00,0x39,0x00,0x30,0x00,0x30,0x00,0x00,0x00,0x30,0x00,0x00,0x00
+};
+
+static bool get_trust_domain_passwords_auth_blob(TALLOC_CTX *mem_ctx,
+						 const char *password,
+						 DATA_BLOB *auth_blob)
+{
+	struct trustDomainPasswords auth_struct;
+	struct AuthenticationInformation *auth_info_array;
+	enum ndr_err_code ndr_err;
+	size_t converted_size;
+
+	generate_random_buffer(auth_struct.confounder,
+			       sizeof(auth_struct.confounder));
+
+	auth_info_array = talloc_array(mem_ctx,
+				       struct AuthenticationInformation, 1);
+	if (auth_info_array == NULL) {
+		return false;
+	}
+
+	auth_info_array[0].AuthType = TRUST_AUTH_TYPE_CLEAR;
+	if (!convert_string_talloc(mem_ctx, CH_UNIX, CH_UTF16, password,
+				  strlen(password),
+				  &auth_info_array[0].AuthInfo.clear.password,
+				  &converted_size,
+				  false)) {
+		return false;
+	}
+
+	auth_info_array[0].AuthInfo.clear.size = converted_size;
+
+	auth_struct.outgoing.count = 1;
+	auth_struct.outgoing.current.count = 1;
+	auth_struct.outgoing.current.array = auth_info_array;
+	auth_struct.outgoing.previous.count = 0;
+	auth_struct.outgoing.previous.array = NULL;
+
+	auth_struct.incoming.count = 1;
+	auth_struct.incoming.current.count = 1;
+	auth_struct.incoming.current.array = auth_info_array;
+	auth_struct.incoming.previous.count = 0;
+	auth_struct.incoming.previous.array = NULL;
+
+	ndr_err = ndr_push_struct_blob(auth_blob, mem_ctx, &auth_struct,
+				       (ndr_push_flags_fn_t)ndr_push_trustDomainPasswords);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		return false;
+	}
+
+	return true;
+}
+
+static bool test_validate_trust(struct torture_context *tctx,
+				struct dcerpc_binding *binding,
+				const char *trusting_dom_name,
+				const char *trusting_dom_dns_name,
+				const char *trusted_dom_name,
+				const char *trusted_dom_dns_name)
+{
+	struct netr_ServerGetTrustInfo r;
+


-- 
Samba Shared Repository


More information about the samba-cvs mailing list