[SCM] Samba Shared Repository - branch master updated

Mon Feb 15 03:08:22 MST 2010

The branch, master has been updated
       via  72f250a... s4-smbtorture: add some security descriptor tests to RPC-SPOOLSS and RPC-SPOOLSS-PRINTER.
      from  28bd971... s4:provision.c - "provsion_store_self_join" - don't set the realm if it's NULL

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 72f250ac16df43ae8d5a7bd294fc82c477f3e2da
Author: GÃ¼nther Deschner <gd at samba.org>
Date:   Sat Feb 13 02:11:31 2010 +0100

    s4-smbtorture: add some security descriptor tests to RPC-SPOOLSS and RPC-SPOOLSS-PRINTER.
    
    Guenther

-----------------------------------------------------------------------

Summary of changes:
 source4/torture/rpc/spoolss.c |  241 +++++++++++++++++++++++++++++++++++++++++
 1 files changed, 241 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/torture/rpc/spoolss.c b/source4/torture/rpc/spoolss.c
index d38f11b..e233a27 100644
--- a/source4/torture/rpc/spoolss.c
+++ b/source4/torture/rpc/spoolss.c
@@ -26,6 +26,8 @@
 #include "librpc/gen_ndr/ndr_misc.h"
 #include "librpc/gen_ndr/ndr_spoolss.h"
 #include "librpc/gen_ndr/ndr_spoolss_c.h"
+#include "librpc/gen_ndr/ndr_security.h"
+#include "libcli/security/security.h"
 #include "torture/rpc/rpc.h"
 #include "param/param.h"
 
@@ -1318,6 +1320,14 @@ static bool test_PrinterInfo(struct torture_context *tctx,
 			break; \
 		}
 
+#define SD_EQUAL(sd1, sd2, field) \
+		if (!security_descriptor_equal(sd1, sd2)) { \
+			torture_comment(tctx, "Failed to set %s (%s)\n", \
+			       #field, __location__); \
+			ret = false; \
+			break; \
+		}
+
 #define TEST_PRINTERINFO_STRING_EXP_ERR(lvl1, field1, lvl2, field2, value, err) do { \
 		torture_comment(tctx, "field test %d/%s vs %d/%s\n", lvl1, #field1, lvl2, #field2); \
 		q.in.level = lvl1; \
@@ -1517,6 +1527,229 @@ static bool test_PrinterInfo(struct torture_context *tctx,
 	return ret;
 }
 
+#define torture_assert_sid_equal(torture_ctx,got,expected,cmt)\
+	do { struct dom_sid *__got = (got), *__expected = (expected); \
+	if (!dom_sid_equal(__got, __expected)) { \
+		torture_result(torture_ctx, TORTURE_FAIL, \
+					   __location__": "#got" was %s, expected %s: %s", \
+					   dom_sid_string(torture_ctx, __got), dom_sid_string(torture_ctx, __expected), cmt); \
+		return false; \
+	} \
+	} while(0)
+
+static bool test_security_descriptor_equal(struct torture_context *tctx,
+					   const struct security_descriptor *sd1,
+					   const struct security_descriptor *sd2)
+{
+	if (sd1 == sd2) {
+		return true;
+	}
+
+	if (!sd1 || !sd2) {
+		torture_comment(tctx, "%s\n", __location__);
+		return false;
+	}
+
+	torture_assert_int_equal(tctx, sd1->revision, sd2->revision, "revision mismatch");
+	torture_assert_int_equal(tctx, sd1->type, sd2->type, "type mismatch");
+
+	torture_assert_sid_equal(tctx, sd1->owner_sid, sd2->owner_sid, "owner mismatch");
+	torture_assert_sid_equal(tctx, sd1->group_sid, sd2->group_sid, "group mismatch");
+
+	if (!security_acl_equal(sd1->sacl, sd2->sacl)) {
+		torture_comment(tctx, "%s: sacl mismatch\n", __location__);
+		NDR_PRINT_DEBUG(security_acl, sd1->sacl);
+		NDR_PRINT_DEBUG(security_acl, sd2->sacl);
+		return false;
+	}
+	if (!security_acl_equal(sd1->dacl, sd2->dacl)) {
+		torture_comment(tctx, "%s: dacl mismatch\n", __location__);
+		NDR_PRINT_DEBUG(security_acl, sd1->dacl);
+		NDR_PRINT_DEBUG(security_acl, sd2->dacl);
+		return false;
+	}
+
+	return true;
+}
+
+static bool test_sd_set_level(struct torture_context *tctx,
+			      struct dcerpc_pipe *p,
+			      struct policy_handle *handle,
+			      uint32_t level,
+			      struct security_descriptor *sd)
+{
+	struct spoolss_SetPrinter r;
+	struct spoolss_SetPrinterInfoCtr info_ctr;
+	struct spoolss_DevmodeContainer devmode_ctr;
+	struct sec_desc_buf secdesc_ctr;
+
+	ZERO_STRUCT(devmode_ctr);
+	ZERO_STRUCT(secdesc_ctr);
+
+	switch (level) {
+	case 2: {
+		union spoolss_PrinterInfo info;
+		struct spoolss_SetPrinterInfo2 info2;
+		torture_assert(tctx, test_GetPrinter_level(tctx, p, handle, 2, &info), "");
+
+		info2.servername	= info.info2.servername;
+		info2.printername	= info.info2.printername;
+		info2.sharename		= info.info2.sharename;
+		info2.portname		= info.info2.portname;
+		info2.drivername	= info.info2.drivername;
+		info2.comment		= info.info2.comment;
+		info2.location		= info.info2.location;
+		info2.devmode_ptr	= 0;
+		info2.sepfile		= info.info2.sepfile;
+		info2.printprocessor	= info.info2.printprocessor;
+		info2.datatype		= info.info2.datatype;
+		info2.parameters	= info.info2.parameters;
+		info2.secdesc_ptr	= 0;
+		info2.attributes	= info.info2.attributes;
+		info2.priority		= info.info2.priority;
+		info2.defaultpriority	= info.info2.defaultpriority;
+		info2.starttime		= info.info2.starttime;
+		info2.untiltime		= info.info2.untiltime;
+		info2.status		= info.info2.status;
+		info2.cjobs		= info.info2.cjobs;
+		info2.averageppm	= info.info2.averageppm;
+
+		info_ctr.level = 2;
+		info_ctr.info.info2 = &info2;
+
+		break;
+	}
+	case 3: {
+		struct spoolss_SetPrinterInfo3 info3;
+
+		info3.sec_desc_ptr = 0;
+
+		info_ctr.level = 3;
+		info_ctr.info.info3 = &info3;
+
+		break;
+	}
+	default:
+		return false;
+	}
+
+	secdesc_ctr.sd = sd;
+
+	r.in.handle = handle;
+	r.in.info_ctr = &info_ctr;
+	r.in.devmode_ctr = &devmode_ctr;
+	r.in.secdesc_ctr = &secdesc_ctr;
+	r.in.command = 0;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_spoolss_SetPrinter(p, tctx, &r), "SetPrinter failed");
+	torture_assert_werr_ok(tctx, r.out.result, "SetPrinter failed");
+
+	return true;
+}
+
+static bool test_PrinterInfo_SDs(struct torture_context *tctx,
+				 struct dcerpc_pipe *p,
+				 struct policy_handle *handle)
+{
+	union spoolss_PrinterInfo info;
+	union spoolss_PrinterInfo info_2;
+	struct security_descriptor *sd1, *sd2;
+	int i;
+
+	/* level 2 */
+
+	torture_assert(tctx, test_GetPrinter_level(tctx, p, handle, 2, &info), "");
+
+	sd1 = security_descriptor_copy(tctx, info.info2.secdesc);
+
+	torture_assert(tctx, test_sd_set_level(tctx, p, handle, 2, sd1), "");
+
+	torture_assert(tctx, test_GetPrinter_level(tctx, p, handle, 2, &info_2), "");
+
+	sd2 = security_descriptor_copy(tctx, info_2.info2.secdesc);
+
+	if (sd1->type & SEC_DESC_DACL_DEFAULTED) {
+		torture_comment(tctx, "removing SEC_DESC_DACL_DEFAULTED from 1st for comparison\n");
+		sd1->type &= ~SEC_DESC_DACL_DEFAULTED;
+	}
+
+	torture_assert(tctx, test_security_descriptor_equal(tctx, sd1, sd2), "");
+
+	/* level 3 */
+
+	sd1 = sd2;
+
+	for (i=0; i < 93; i++) {
+		struct security_ace a;
+		const char *sid_string = talloc_asprintf(tctx, "S-1-5-32-9999%i", i);
+		a.type = SEC_ACE_TYPE_ACCESS_ALLOWED;
+		a.flags = 0;
+		a.size = 0; /* autogenerated */
+		a.access_mask = 0;
+		a.trustee = *dom_sid_parse_talloc(tctx, sid_string);
+		torture_assert_ntstatus_ok(tctx, security_descriptor_dacl_add(sd1, &a), "");
+	}
+
+	torture_assert(tctx, test_sd_set_level(tctx, p, handle, 3, sd1), "");
+
+	torture_assert(tctx, test_GetPrinter_level(tctx, p, handle, 2, &info_2), "");
+	sd2 = security_descriptor_copy(tctx, info_2.info2.secdesc);
+
+	torture_assert(tctx, test_security_descriptor_equal(tctx, sd1, sd2), "");
+
+	return true;
+}
+
+/*
+ * wrapper call that saves original sd, runs tests, and restores sd
+ */
+
+static bool test_PrinterInfo_SD(struct torture_context *tctx,
+				struct dcerpc_pipe *p,
+				struct policy_handle *handle)
+{
+	union spoolss_PrinterInfo info;
+	struct spoolss_SetPrinter r;
+	struct spoolss_SetPrinterInfo3 info3;
+	struct spoolss_SetPrinterInfoCtr info_ctr;
+	struct spoolss_DevmodeContainer devmode_ctr;
+	struct sec_desc_buf secdesc_ctr;
+	struct security_descriptor *sd;
+	bool ret = true;
+
+	/* save original sd */
+
+	torture_assert(tctx, test_GetPrinter_level(tctx, p, handle, 2, &info), "");
+
+	sd = security_descriptor_copy(tctx, info.info2.secdesc);
+
+	/* run tests */
+
+	ret = test_PrinterInfo_SDs(tctx, p, handle);
+
+	/* restore original sd */
+
+	ZERO_STRUCT(devmode_ctr);
+	ZERO_STRUCT(secdesc_ctr);
+
+	info3.sec_desc_ptr = 0;
+
+	info_ctr.level = 3;
+	info_ctr.info.info3 = &info3;
+
+	secdesc_ctr.sd = sd;
+
+	r.in.handle = handle;
+	r.in.info_ctr = &info_ctr;
+	r.in.devmode_ctr = &devmode_ctr;
+	r.in.secdesc_ctr = &secdesc_ctr;
+	r.in.command = 0;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_spoolss_SetPrinter(p, tctx, &r), "SetPrinter failed");
+	torture_assert_werr_ok(tctx, r.out.result, "SetPrinter failed");
+
+	return ret;
+}
 
 static bool test_ClosePrinter(struct torture_context *tctx,
 			      struct dcerpc_pipe *p,
@@ -3027,6 +3260,10 @@ static bool test_OpenPrinterEx(struct torture_context *tctx,
 		return false;
 	}
 
+	if (!test_PrinterInfo_SD(tctx, p, &handle)) {
+		ret = false;
+	}
+
 	if (!test_GetPrinter(tctx, p, &handle)) {
 		ret = false;
 	}
@@ -3806,6 +4043,10 @@ static bool test_printer(struct torture_context *tctx,
 		ret = false;
 	}
 
+	if (!test_PrinterInfo_SD(tctx, p, &handle[0])) {
+		ret = false;
+	}
+
 	if (!test_printer_keys(tctx, p, &handle[0])) {
 		ret = false;
 	}


-- 
Samba Shared Repository
