[SCM] Samba Shared Repository - branch master updated

Matthias Dieter Wallnöfer mdw at samba.org
Fri Nov 19 04:51:01 MST 2010


The branch, master has been updated
       via  d0993e1 s4:netlogon/LogonGetDomainInfo - handle a NULL "dns_hostname"
       via  3874331 s4:torture/ldb/ldb.c - add a small test for a DN with an escaped comma
       via  8b7f23d s4:dsdb tests - use even more already defined pyldb functions to retrieve NCs
      from  5855194 s3-spoolss: fix typo in debug message.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit d0993e1278a9245fa4e5952c779cabc2e41cd3c7
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date:   Thu Nov 18 22:26:13 2010 +0100

    s4:netlogon/LogonGetDomainInfo - handle a NULL "dns_hostname"
    
    - Performs the short computer name check against the sam account name.
    - Enhances the LogonGetDomainInfo testsuite which checks the NULL
      "dns_hostname" behaviour
    
    Autobuild-User: Matthias Dieter Wallnöfer <mdw at samba.org>
    Autobuild-Date: Fri Nov 19 12:50:33 CET 2010 on sn-devel-104

commit 3874331edb9a7bb0ff85104ffc4a5cc92bd87523
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date:   Thu Nov 18 22:13:10 2010 +0100

    s4:torture/ldb/ldb.c - add a small test for a DN with an escaped comma

commit 8b7f23d644f2c9a0e5eeffeb2f93786c54a43afe
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date:   Fri Nov 19 09:07:53 2010 +0100

    s4:dsdb tests - use even more already defined pyldb functions to retrieve NCs

-----------------------------------------------------------------------

Summary of changes:
 source4/dsdb/tests/python/deletetest.py       |    8 +---
 source4/dsdb/tests/python/ldap.py             |   14 +-----
 source4/dsdb/tests/python/ldap_schema.py      |    7 +--
 source4/dsdb/tests/python/ldap_syntaxes.py    |    7 +--
 source4/dsdb/tests/python/passwords.py        |   11 +---
 source4/rpc_server/netlogon/dcerpc_netlogon.c |   62 +++++++++++++++----------
 source4/torture/ldb/ldb.c                     |    6 ++
 source4/torture/rpc/netlogon.c                |   22 ++++++++-
 8 files changed, 71 insertions(+), 66 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/dsdb/tests/python/deletetest.py b/source4/dsdb/tests/python/deletetest.py
index 7582d4b..aec6b8c 100755
--- a/source4/dsdb/tests/python/deletetest.py
+++ b/source4/dsdb/tests/python/deletetest.py
@@ -50,16 +50,10 @@ class BasicDeleteTests(unittest.TestCase):
     def GUID_string(self, guid):
         return self.ldb.schema_format_value("objectGUID", guid)
 
-    def find_configurationdn(self, ldb):
-        res = ldb.search(base="", expression="", scope=SCOPE_BASE,
-                         attrs=["configurationNamingContext"])
-        self.assertEquals(len(res), 1)
-        return res[0]["configurationNamingContext"][0]
-
     def setUp(self):
         self.ldb = ldb
         self.base_dn = ldb.domain_dn()
-        self.configuration_dn = self.find_configurationdn(ldb)
+        self.configuration_dn = ldb.get_config_basedn().get_linearized()
 
     def search_guid(self, guid):
         print "SEARCH by GUID %s" % self.GUID_string(guid)
diff --git a/source4/dsdb/tests/python/ldap.py b/source4/dsdb/tests/python/ldap.py
index fb191c6..d9a4f2a 100755
--- a/source4/dsdb/tests/python/ldap.py
+++ b/source4/dsdb/tests/python/ldap.py
@@ -67,16 +67,6 @@ class BasicTests(unittest.TestCase):
         except LdbError, (num, _):
             self.assertEquals(num, ERR_NO_SUCH_OBJECT)
 
-    def find_configurationdn(self, ldb):
-        res = ldb.search(base="", expression="", scope=SCOPE_BASE, attrs=["configurationNamingContext"])
-        self.assertEquals(len(res), 1)
-        return res[0]["configurationNamingContext"][0]
-
-    def find_schemadn(self, ldb):
-        res = ldb.search(base="", expression="", scope=SCOPE_BASE, attrs=["schemaNamingContext"])
-        self.assertEquals(len(res), 1)
-        return res[0]["schemaNamingContext"][0]
-
     def find_domain_sid(self):
         res = self.ldb.search(base=self.base_dn, expression="(objectClass=*)", scope=SCOPE_BASE)
         return ndr_unpack( security.dom_sid,res[0]["objectSid"][0])
@@ -97,8 +87,8 @@ class BasicTests(unittest.TestCase):
         self.ldb = ldb
         self.gc_ldb = gc_ldb
         self.base_dn = ldb.domain_dn()
-        self.configuration_dn = self.find_configurationdn(ldb)
-        self.schema_dn = self.find_schemadn(ldb)
+        self.configuration_dn = ldb.get_config_basedn().get_linearized()
+        self.schema_dn = ldb.get_schema_basedn().get_linearized()
         self.domain_sid = self.find_domain_sid()
 
         print "baseDN: %s\n" % self.base_dn
diff --git a/source4/dsdb/tests/python/ldap_schema.py b/source4/dsdb/tests/python/ldap_schema.py
index 168cea3..bc7069e 100755
--- a/source4/dsdb/tests/python/ldap_schema.py
+++ b/source4/dsdb/tests/python/ldap_schema.py
@@ -55,16 +55,11 @@ class SchemaTests(unittest.TestCase):
         except LdbError, (num, _):
             self.assertEquals(num, ERR_NO_SUCH_OBJECT)
 
-    def find_schemadn(self, ldb):
-        res = ldb.search(base="", expression="", scope=SCOPE_BASE, attrs=["schemaNamingContext"])
-        self.assertEquals(len(res), 1)
-        return res[0]["schemaNamingContext"][0]
-
     def setUp(self):
         super(SchemaTests, self).setUp()
         self.ldb = ldb
         self.base_dn = ldb.domain_dn()
-        self.schema_dn = self.find_schemadn(ldb)
+        self.schema_dn = ldb.get_schema_basedn().get_linearized()
 
     def test_generated_schema(self):
         """Testing we can read the generated schema via LDAP"""
diff --git a/source4/dsdb/tests/python/ldap_syntaxes.py b/source4/dsdb/tests/python/ldap_syntaxes.py
index c1dd4d5..6381657 100644
--- a/source4/dsdb/tests/python/ldap_syntaxes.py
+++ b/source4/dsdb/tests/python/ldap_syntaxes.py
@@ -56,11 +56,6 @@ class SyntaxTests(unittest.TestCase):
         except LdbError, (num, _):
             self.assertEquals(num, ERR_NO_SUCH_OBJECT)
 
-    def find_schemadn(self, ldb):
-        res = ldb.search(base="", expression="", scope=SCOPE_BASE, attrs=["schemaNamingContext"])
-        self.assertEquals(len(res), 1)
-        return res[0]["schemaNamingContext"][0]
-
     def _find_domain_sid(self):
         res = self.ldb.search(base=self.base_dn, expression="(objectClass=*)", scope=SCOPE_BASE)
         return ndr_unpack( security.dom_sid,res[0]["objectSid"][0])
@@ -69,7 +64,7 @@ class SyntaxTests(unittest.TestCase):
         super(SyntaxTests, self).setUp()
         self.ldb = ldb
         self.base_dn = ldb.domain_dn()
-        self.schema_dn = self.find_schemadn(ldb)
+        self.schema_dn = ldb.get_schema_basedn().get_linearized()
         self._setup_dn_string_test()
         self._setup_dn_binary_test()
         self.domain_sid = self._find_domain_sid()
diff --git a/source4/dsdb/tests/python/passwords.py b/source4/dsdb/tests/python/passwords.py
index f238c1a..461d135 100755
--- a/source4/dsdb/tests/python/passwords.py
+++ b/source4/dsdb/tests/python/passwords.py
@@ -926,15 +926,10 @@ if not "://" in host:
 
 ldb = SamDB(url=host, session_info=system_session(), credentials=creds, lp=lp)
 
-# Gets back the configuration basedn
-res = ldb.search(base="", expression="", scope=SCOPE_BASE,
-                 attrs=["configurationNamingContext"])
-configuration_dn = res[0]["configurationNamingContext"][0]
-
 # Gets back the basedn
-res = ldb.search(base="", expression="", scope=SCOPE_BASE,
-                 attrs=["defaultNamingContext"])
-base_dn = res[0]["defaultNamingContext"][0]
+base_dn = ldb.domain_dn()
+# Gets back the configuration basedn
+configuration_dn = ldb.get_config_basedn().get_linearized()
 
 # Get the old "dSHeuristics" if it was set
 res = ldb.search("CN=Directory Service, CN=Windows NT, CN=Services, "
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 79d2cbc..ea4ea23 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -5,7 +5,7 @@
 
    Copyright (C) Andrew Bartlett <abartlet at samba.org> 2004-2008
    Copyright (C) Stefan Metzmacher <metze at samba.org>  2005
-   Copyright (C) Matthias Dieter Wallnöfer            2009
+   Copyright (C) Matthias Dieter Wallnöfer            2009-2010
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -1296,10 +1296,9 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal
 	struct netlogon_creds_CredentialState *creds;
 	const char * const attrs[] = { "objectSid", "objectGUID", "flatName",
 		"securityIdentifier", "trustPartner", NULL };
-	const char * const attrs2[] = { "dNSHostName",
+	const char * const attrs2[] = { "sAMAccountName", "dNSHostName",
 		"msDS-SupportedEncryptionTypes", NULL };
-	const char *temp_str, *temp_str2;
-	const char *old_dns_hostname;
+	const char *sam_account_name, *old_dns_hostname, *prefix1, *prefix2;
 	struct ldb_context *sam_ctx;
 	struct ldb_message **res1, **res2, **res3, *new_msg;
 	struct ldb_dn *workstation_dn;
@@ -1336,35 +1335,48 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal
 			return NT_STATUS_INVALID_PARAMETER;
 		}
 
-		/*
-		 * Checks that the computer name parameter without possible "$"
-		 * matches as prefix with the DNS hostname in the workstation
-		 * info structure.
-		 */
-		temp_str = talloc_strndup(mem_ctx,
-					  r->in.computer_name,
-					  strcspn(r->in.computer_name, "$"));
-		NT_STATUS_HAVE_NO_MEMORY(temp_str);
-		temp_str2 = talloc_strndup(mem_ctx,
-					   r->in.query->workstation_info->dns_hostname,
-					   strcspn(r->in.query->workstation_info->dns_hostname, "."));
-		NT_STATUS_HAVE_NO_MEMORY(temp_str2);
-		if (strcasecmp(temp_str, temp_str2) != 0) {
-			update_dns_hostname = false;
-		}
-
-		/* Prepare the workstation DN */
+		/* Prepares the workstation DN */
 		workstation_dn = ldb_dn_new_fmt(mem_ctx, sam_ctx, "<SID=%s>",
-			dom_sid_string(mem_ctx, creds->sid));
+						dom_sid_string(mem_ctx, creds->sid));
 		NT_STATUS_HAVE_NO_MEMORY(workstation_dn);
 
 		/* Lookup for attributes in workstation object */
-		ret = gendb_search_dn(sam_ctx, mem_ctx, workstation_dn,
-			&res1, attrs2);
+		ret = gendb_search_dn(sam_ctx, mem_ctx, workstation_dn, &res1,
+				      attrs2);
 		if (ret != 1) {
 			return NT_STATUS_INTERNAL_DB_CORRUPTION;
 		}
 
+		/* Gets the sam account name which is checked against the DNS
+		 * hostname parameter. */
+		sam_account_name = ldb_msg_find_attr_as_string(res1[0],
+							       "sAMAccountName",
+							       NULL);
+		if (sam_account_name == NULL) {
+			return NT_STATUS_INTERNAL_DB_CORRUPTION;
+		}
+
+		/*
+		 * Checks that the sam account name without a possible "$"
+		 * matches as prefix with the DNS hostname in the workstation
+		 * info structure.
+		 */
+		prefix1 = talloc_strndup(mem_ctx, sam_account_name,
+					 strcspn(sam_account_name, "$"));
+		NT_STATUS_HAVE_NO_MEMORY(prefix1);
+		if (r->in.query->workstation_info->dns_hostname != NULL) {
+			prefix2 = talloc_strndup(mem_ctx,
+						 r->in.query->workstation_info->dns_hostname,
+						 strcspn(r->in.query->workstation_info->dns_hostname, "."));
+			NT_STATUS_HAVE_NO_MEMORY(prefix2);
+
+			if (strcasecmp(prefix1, prefix2) != 0) {
+				update_dns_hostname = false;
+			}
+		} else {
+			update_dns_hostname = false;
+		}
+
 		/* Gets the old DNS hostname */
 		old_dns_hostname = ldb_msg_find_attr_as_string(res1[0],
 							       "dNSHostName",
diff --git a/source4/torture/ldb/ldb.c b/source4/torture/ldb/ldb.c
index 8a5a3f3..f5f09fa 100644
--- a/source4/torture/ldb/ldb.c
+++ b/source4/torture/ldb/ldb.c
@@ -685,6 +685,12 @@ static bool torture_ldb_dn(struct torture_context *torture)
 				"should have failed to validate a DN with 0xA in it");
 	}
 
+	/* Escaped comma */
+	torture_assert(torture,
+		       dn = ldb_dn_new(mem_ctx, ldb, "CN=A\\,comma,DC=SAMBA,DC=org"),
+		       "Failed to create a DN with an escaped comma in it");
+
+
 	val = data_blob_const("CN=Zer\0,DC=SAMBA,DC=org", 23);
 	torture_assert(torture,
 		       NULL == ldb_dn_from_ldb_val(mem_ctx, ldb, &val),
diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c
index 9758185..b1739a0 100644
--- a/source4/torture/rpc/netlogon.c
+++ b/source4/torture/rpc/netlogon.c
@@ -3203,6 +3203,7 @@ static bool test_GetDomainInfo(struct torture_context *tctx,
 		info.domain_info->dns_hostname.string,
 		query.workstation_info->dns_hostname,
 		"In/Out 'DNS hostnames' don't match!");
+	old_dnsname = info.domain_info->dns_hostname.string;
 
 	/* Checks "workstation flags" */
 	torture_assert(tctx,
@@ -3246,12 +3247,29 @@ static bool test_GetDomainInfo(struct torture_context *tctx,
 		"Trusted domains have been requested!");
 
 
+	torture_comment(tctx, "Testing netr_LogonGetDomainInfo 6th call (no DNS hostname)\n");
+	netlogon_creds_client_authenticator(creds, &a);
+
+	query.workstation_info->dns_hostname = NULL;
+
+	torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonGetDomainInfo_r(b, tctx, &r),
+		"LogonGetDomainInfo failed");
+	torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
+	torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
+
+	/* The old DNS hostname should stick */
+	torture_assert_str_equal(tctx,
+		info.domain_info->dns_hostname.string,
+		old_dnsname,
+		"'DNS hostname' changed!");
+
+
 	if (!torture_setting_bool(tctx, "dangerous", false)) {
-		torture_comment(tctx, "Not testing netr_LogonGetDomainInfo 6th call (no workstation info) - enable dangerous tests in order to do so\n");
+		torture_comment(tctx, "Not testing netr_LogonGetDomainInfo 7th call (no workstation info) - enable dangerous tests in order to do so\n");
 	} else {
 		/* Try a call without the workstation information structure */
 
-		torture_comment(tctx, "Testing netr_LogonGetDomainInfo 6th call (no workstation info)\n");
+		torture_comment(tctx, "Testing netr_LogonGetDomainInfo 7th call (no workstation info)\n");
 		netlogon_creds_client_authenticator(creds, &a);
 
 		query.workstation_info = NULL;


-- 
Samba Shared Repository


More information about the samba-cvs mailing list