[SCM] Samba Shared Repository - branch master updated

Matthias Dieter Wallnöfer mdw at samba.org
Wed Mar 3 10:55:05 MST 2010 

The branch, master has been updated
       via  9b4d208... s4:srvsvc RPC - fix up the "ntvfs_connect" in "srvsvc_create_ntvfs_connect"
       via  a21b49b... s4:torture/rpc/samr - Fix up SAMR-USERS test
       via  051eb0b... s4:torture/rpc/samr - enhance the "EnumDomainGroups" test regarding universal groups
       via  8d0fbfe... s4:dcesrv_samr - Also "OpenGroup" needs to support universal groups
       via  f92c28b... s4:dcesrv_samr - Fix up "EnumDomainGroups" and "QueryDisplayInfo" calls
      from  340797f... Fix typo in comments.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 9b4d208ce8482e63a56fff3447179ff786062c48
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date:   Wed Mar 3 18:26:15 2010 +0100

    s4:srvsvc RPC - fix up the "ntvfs_connect" in "srvsvc_create_ntvfs_connect"
    
    This should be the right fix (set the service name in the tcon union to the
    share name/path). That should be the solution for bug #6784.

commit a21b49bb389f8f98fe43a6abe3b0fde51ec43210
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date:   Wed Mar 3 17:41:43 2010 +0100

    s4:torture/rpc/samr - Fix up SAMR-USERS test
    
    "QueryDomainInfo" returns only global groups, "QueryDisplayInfo" also universal
    ones. Consider MS-SAMR 3.1.5.5.1.1 and 3.1.5.3.1.

commit 051eb0b575d715e5b7bbd03a201aa88167ccee4f
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date:   Wed Mar 3 12:01:40 2010 +0100

    s4:torture/rpc/samr - enhance the "EnumDomainGroups" test regarding universal groups
    
    Find the "Enterprise Admins" group which does exist on s4 and Windows
    directories and is always per default universal. Test this only when the target
    is set to s4 (s3 deployments don't contain this group). If the number of
    returned objects is "0" (count) then we are likely testing the builtin domain of
    an AD deployment.Then we ignore the inexistent "Enterprise Admins" group.
    
    I didn't enhance the test for "QueryDomainInfo" since this does itself a
    comparison of all returned objects with the "EnumDomainGroups" call. Therefore
    if the latter passes, and the "QueryDomainInfo" test passes also the
    "QueryDomainInfo" call is okay regarding groups.

commit 8d0fbfe987f4cefda872bb7a9caca0d9a77bf258
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date:   Wed Mar 3 13:38:34 2010 +0100

    s4:dcesrv_samr - Also "OpenGroup" needs to support universal groups

commit f92c28bf4e93524217ac8eb4c3f21c0ab360ba26
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date:   Wed Mar 3 11:22:07 2010 +0100

    s4:dcesrv_samr - Fix up "EnumDomainGroups" and "QueryDisplayInfo" calls
    
    We need to look for both global and universal group types when querying them.
    Found by ekacnet (http://lists.samba.org/archive/samba-technical/2010-March/069777.html).

-----------------------------------------------------------------------

Summary of changes:
 source4/rpc_server/samr/dcesrv_samr.c    |   14 ++++++---
 source4/rpc_server/srvsvc/srvsvc_ntvfs.c |    8 +++--
 source4/torture/rpc/samr.c               |   47 +++++++++++++++++++++++------
 3 files changed, 51 insertions(+), 18 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c
index edfacfb..77899aa 100644
--- a/source4/rpc_server/samr/dcesrv_samr.c
+++ b/source4/rpc_server/samr/dcesrv_samr.c
@@ -1139,7 +1139,8 @@ static NTSTATUS dcesrv_samr_EnumDomainGroups(struct dcesrv_call_state *dce_call,
 	ldb_cnt = samdb_search_domain(d_state->sam_ctx, mem_ctx,
 				      d_state->domain_dn, &res, attrs,
 				      d_state->domain_sid,
-				      "(&(grouptype=%d)(objectclass=group))",
+				      "(&(|(groupType=%d)(groupType=%d))(objectClass=group))",
+				      GTYPE_SECURITY_UNIVERSAL_GROUP,
 				      GTYPE_SECURITY_GLOBAL_GROUP);
 	if (ldb_cnt == -1) {
 		return NT_STATUS_INTERNAL_DB_CORRUPTION;
@@ -2046,9 +2047,10 @@ static NTSTATUS dcesrv_samr_OpenGroup(struct dcesrv_call_state *dce_call, TALLOC
 	/* search for the group record */
 	ret = gendb_search(d_state->sam_ctx,
 			   mem_ctx, d_state->domain_dn, &msgs, attrs,
-			   "(&(objectSid=%s)(objectclass=group)"
-			   "(grouptype=%d))",
+			   "(&(objectSid=%s)(objectClass=group)"
+			   "(|(groupType=%d)(groupType=%d)))",
 			   ldap_encode_ndr_dom_sid(mem_ctx, sid),
+			   GTYPE_SECURITY_UNIVERSAL_GROUP,
 			   GTYPE_SECURITY_GLOBAL_GROUP);
 	if (ret == 0) {
 		return NT_STATUS_NO_SUCH_GROUP;
@@ -3776,8 +3778,10 @@ static NTSTATUS dcesrv_samr_QueryDisplayInfo(struct dcesrv_call_state *dce_call,
 		break;
 	case 3:
 	case 5:
-		filter = talloc_asprintf(mem_ctx, "(&(grouptype=%d)"
-					 "(objectclass=group))",
+		filter = talloc_asprintf(mem_ctx,
+					 "(&(|(groupType=%d)(groupType=%d))"
+					 "(objectClass=group))",
+					 GTYPE_SECURITY_UNIVERSAL_GROUP,
 					 GTYPE_SECURITY_GLOBAL_GROUP);
 		break;
 	default:
diff --git a/source4/rpc_server/srvsvc/srvsvc_ntvfs.c b/source4/rpc_server/srvsvc/srvsvc_ntvfs.c
index 7b33706..17c5f81 100644
--- a/source4/rpc_server/srvsvc/srvsvc_ntvfs.c
+++ b/source4/rpc_server/srvsvc/srvsvc_ntvfs.c
@@ -57,6 +57,7 @@ NTSTATUS srvsvc_create_ntvfs_context(struct dcesrv_call_state *dce_call,
 	struct share_context *sctx;
 	struct share_config *scfg;
 	const char *sharetype;
+	union smb_tcon tcon;
 
 	status = share_get_context_by_name(mem_ctx, lp_share_backend(dce_call->conn->dce_ctx->lp_ctx), dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, &sctx);
 	if (!NT_STATUS_IS_OK(status)) {
@@ -124,9 +125,10 @@ NTSTATUS srvsvc_create_ntvfs_context(struct dcesrv_call_state *dce_call,
 	NT_STATUS_HAVE_NO_MEMORY(ntvfs_req);
 
 	/* Invoke NTVFS connection hook */
-	/* FIXME: Here is the right parameter missing!
-         * status = ntvfs_connect(ntvfs_req, <TODO>); */
-	status = NT_STATUS_UNSUCCESSFUL; /* return this for now */
+	tcon.tcon.level = RAW_TCON_TCON;
+	ZERO_STRUCT(tcon.tcon.in);
+	tcon.tcon.in.service = share;
+	status = ntvfs_connect(ntvfs_req, &tcon);
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(0,("srvsvc_create_ntvfs_context: NTVFS ntvfs_connect() failed!\n"));
 		return status;
diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
index 3620211..13a56f0 100644
--- a/source4/torture/rpc/samr.c
+++ b/source4/torture/rpc/samr.c
@@ -5921,6 +5921,7 @@ static bool test_EnumDomainGroups_all(struct dcerpc_pipe *p,
 	uint32_t num_entries = 0;
 	int i;
 	bool ret = true;
+	bool universal_group_found = false;
 
 	torture_comment(tctx, "Testing EnumDomainGroups\n");
 
@@ -5945,6 +5946,20 @@ static bool test_EnumDomainGroups_all(struct dcerpc_pipe *p,
 		if (!test_OpenGroup(p, tctx, handle, sam->entries[i].idx)) {
 			ret = false;
 		}
+		if ((ret == true) && (strcasecmp(sam->entries[i].name.string,
+						 "Enterprise Admins") == 0)) {
+			universal_group_found = true;
+		}
+	}
+
+	/* when we are running this on s4 we should get back at least the
+	 * "Enterprise Admins" universal group. If we don't get a group entry
+	 * at all we probably are performing the test on the builtin domain.
+	 * So ignore this case. */
+	if (torture_setting_bool(tctx, "samba4", false)) {
+		if ((sam->count > 0) && (!universal_group_found)) {
+			ret = false;
+		}
 	}
 
 	return ret;
@@ -6273,17 +6288,23 @@ static bool test_QueryDisplayInfo(struct dcerpc_pipe *p,
 		if (!NT_STATUS_IS_OK(status)) {
 			torture_warning(tctx, "QueryDomainInfo level %u failed - %s\n",
 			       r.in.level, nt_errstr(status));
-				ret = false;
-				break;
+			ret = false;
+			break;
 		}
 		switch (r.in.level) {
 		case 1:
 		case 4:
 			if (info->general.num_users < r.in.start_idx) {
-				torture_warning(tctx, "QueryDomainInfo indicates that QueryDisplayInfo returned more users (%d/%d) than the domain %s is said to contain!\n",
-				       r.in.start_idx, info->general.num_groups,
-				       info->general.domain_name.string);
-				ret = false;
+				/* On AD deployments this numbers don't match
+				 * since QueryDisplayInfo returns universal and
+				 * global groups, QueryDomainInfo only global
+				 * ones. */
+				if (torture_setting_bool(tctx, "samba3", false)) {
+					torture_warning(tctx, "QueryDomainInfo indicates that QueryDisplayInfo returned more users (%d/%d) than the domain %s is said to contain!\n",
+					       r.in.start_idx, info->general.num_groups,
+					       info->general.domain_name.string);
+					ret = false;
+				}
 			}
 			if (!seen_testuser) {
 				struct policy_handle user_handle;
@@ -6298,10 +6319,16 @@ static bool test_QueryDisplayInfo(struct dcerpc_pipe *p,
 		case 3:
 		case 5:
 			if (info->general.num_groups != r.in.start_idx) {
-				torture_warning(tctx, "QueryDomainInfo indicates that QueryDisplayInfo didn't return all (%d/%d) the groups in %s\n",
-				       r.in.start_idx, info->general.num_groups,
-				       info->general.domain_name.string);
-				ret = false;
+				/* On AD deployments this numbers don't match
+				 * since QueryDisplayInfo returns universal and
+				 * global groups, QueryDomainInfo only global
+				 * ones. */
+				if (torture_setting_bool(tctx, "samba3", false)) {
+					torture_warning(tctx, "QueryDomainInfo indicates that QueryDisplayInfo didn't return all (%d/%d) the groups in %s\n",
+					       r.in.start_idx, info->general.num_groups,
+					       info->general.domain_name.string);
+					ret = false;
+				}
 			}
 
 			break;


-- 
Samba Shared Repository

More information about the samba-cvs mailing list