[SCM] Samba Shared Repository - branch master updated
Matthias Dieter Wallnöfer
mdw at samba.org
Tue Feb 15 09:41:02 MST 2011
The branch, master has been updated
via 20197c6 s4:torture/rpc/samr.c - fix up the "test_GroupList" suite regarding QueryDisplayInfo
via 2e0a933 s4:samr RPC server - QueryDisplayInfo returns always all domains users, aliases and groups
from aaae316 s4-ldb_modules/operational: Make use of dsdb_module_reference_dn() function
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 20197c6687f83154aefa33706829af08d1d5c50a
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Tue Feb 15 10:24:51 2011 +0100
s4:torture/rpc/samr.c - fix up the "test_GroupList" suite regarding QueryDisplayInfo
This is needed to comply with the previous patch.
Autobuild-User: Matthias Dieter Wallnöfer <mdw at samba.org>
Autobuild-Date: Tue Feb 15 17:40:22 CET 2011 on sn-devel-104
commit 2e0a933ac87a378bf18f6a73186d291803d09d8b
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Sat Jan 15 12:30:16 2011 +0100
s4:samr RPC server - QueryDisplayInfo returns always all domains users, aliases and groups
That means when calling "QueryDisplayInfo" on the BUILTIN handle we
still get all related domain objects - for example all domain (global
+ universal) groups. This is contrary to the "EnumDomain..." calls which
do really only return the objects in the specified domain policy handle.
This has been observed against Windows Server 2008 and confirmed by
dochelp.
In the same occasion I've converted from a "gendb*"-oriented search call to "dsdb_search".
Patch-reviewed-by: Andrew Tridgell <tridge at samba.org>
-----------------------------------------------------------------------
Summary of changes:
source4/rpc_server/samr/dcesrv_samr.c | 74 ++++++++++++++++++---------------
source4/torture/rpc/samr.c | 18 +++++++-
2 files changed, 56 insertions(+), 36 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c
index c2b0d03..a9a72a7 100644
--- a/source4/rpc_server/samr/dcesrv_samr.c
+++ b/source4/rpc_server/samr/dcesrv_samr.c
@@ -3621,8 +3621,8 @@ static NTSTATUS dcesrv_samr_QueryDisplayInfo(struct dcesrv_call_state *dce_call,
{
struct dcesrv_handle *h;
struct samr_domain_state *d_state;
- struct ldb_message **res;
- int i, ldb_cnt;
+ struct ldb_result *res;
+ unsigned int i;
uint32_t count;
const char * const attrs[] = { "objectSid", "sAMAccountName",
"displayName", "description", "userAccountControl",
@@ -3632,6 +3632,7 @@ static NTSTATUS dcesrv_samr_QueryDisplayInfo(struct dcesrv_call_state *dce_call,
struct samr_DispEntryAscii *entriesAscii = NULL;
struct samr_DispEntryGeneral *entriesGeneral = NULL;
const char *filter;
+ int ret;
DCESRV_PULL_HANDLE(h, r->in.domain_handle, SAMR_HANDLE_DOMAIN);
@@ -3661,39 +3662,38 @@ static NTSTATUS dcesrv_samr_QueryDisplayInfo(struct dcesrv_call_state *dce_call,
return NT_STATUS_INVALID_INFO_CLASS;
}
- /* search for all requested objects in this domain. This could
+ /* search for all requested objects in all domains. This could
possibly be cached and resumed based on resume_key */
- ldb_cnt = samdb_search_domain(d_state->sam_ctx, mem_ctx,
- d_state->domain_dn, &res, attrs,
- d_state->domain_sid, "%s", filter);
- if (ldb_cnt == -1) {
+ ret = dsdb_search(d_state->sam_ctx, mem_ctx, &res, NULL,
+ LDB_SCOPE_SUBTREE, attrs, 0, "%s", filter);
+ if (ret != LDB_SUCCESS) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
- if (ldb_cnt == 0 || r->in.max_entries == 0) {
+ if ((res->count == 0) || (r->in.max_entries == 0)) {
return NT_STATUS_OK;
}
switch (r->in.level) {
case 1:
entriesGeneral = talloc_array(mem_ctx,
- struct samr_DispEntryGeneral,
- ldb_cnt);
+ struct samr_DispEntryGeneral,
+ res->count);
break;
case 2:
entriesFull = talloc_array(mem_ctx,
- struct samr_DispEntryFull,
- ldb_cnt);
+ struct samr_DispEntryFull,
+ res->count);
break;
case 3:
entriesFullGroup = talloc_array(mem_ctx,
- struct samr_DispEntryFullGroup,
- ldb_cnt);
+ struct samr_DispEntryFullGroup,
+ res->count);
break;
case 4:
case 5:
entriesAscii = talloc_array(mem_ctx,
- struct samr_DispEntryAscii,
- ldb_cnt);
+ struct samr_DispEntryAscii,
+ res->count);
break;
}
@@ -3703,10 +3703,10 @@ static NTSTATUS dcesrv_samr_QueryDisplayInfo(struct dcesrv_call_state *dce_call,
count = 0;
- for (i=0; i<ldb_cnt; i++) {
+ for (i = 0; i < res->count; i++) {
struct dom_sid *objectsid;
- objectsid = samdb_result_dom_sid(mem_ctx, res[i],
+ objectsid = samdb_result_dom_sid(mem_ctx, res->msgs[i],
"objectSid");
if (objectsid == NULL)
continue;
@@ -3717,16 +3717,19 @@ static NTSTATUS dcesrv_samr_QueryDisplayInfo(struct dcesrv_call_state *dce_call,
entriesGeneral[count].rid =
objectsid->sub_auths[objectsid->num_auths-1];
entriesGeneral[count].acct_flags =
- samdb_result_acct_flags(d_state->sam_ctx, mem_ctx,
- res[i],
+ samdb_result_acct_flags(d_state->sam_ctx,
+ mem_ctx,
+ res->msgs[i],
d_state->domain_dn);
entriesGeneral[count].account_name.string =
- ldb_msg_find_attr_as_string(res[i],
- "sAMAccountName", "");
+ ldb_msg_find_attr_as_string(res->msgs[i],
+ "sAMAccountName", "");
entriesGeneral[count].full_name.string =
- ldb_msg_find_attr_as_string(res[i], "displayName", "");
+ ldb_msg_find_attr_as_string(res->msgs[i],
+ "displayName", "");
entriesGeneral[count].description.string =
- ldb_msg_find_attr_as_string(res[i], "description", "");
+ ldb_msg_find_attr_as_string(res->msgs[i],
+ "description", "");
break;
case 2:
entriesFull[count].idx = count + 1;
@@ -3735,14 +3738,16 @@ static NTSTATUS dcesrv_samr_QueryDisplayInfo(struct dcesrv_call_state *dce_call,
/* No idea why we need to or in ACB_NORMAL here, but this is what Win2k3 seems to do... */
entriesFull[count].acct_flags =
- samdb_result_acct_flags(d_state->sam_ctx, mem_ctx,
- res[i],
+ samdb_result_acct_flags(d_state->sam_ctx,
+ mem_ctx,
+ res->msgs[i],
d_state->domain_dn) | ACB_NORMAL;
entriesFull[count].account_name.string =
- ldb_msg_find_attr_as_string(res[i], "sAMAccountName",
- "");
+ ldb_msg_find_attr_as_string(res->msgs[i],
+ "sAMAccountName", "");
entriesFull[count].description.string =
- ldb_msg_find_attr_as_string(res[i], "description", "");
+ ldb_msg_find_attr_as_string(res->msgs[i],
+ "description", "");
break;
case 3:
entriesFullGroup[count].idx = count + 1;
@@ -3752,17 +3757,18 @@ static NTSTATUS dcesrv_samr_QueryDisplayInfo(struct dcesrv_call_state *dce_call,
entriesFullGroup[count].acct_flags
= SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED;
entriesFullGroup[count].account_name.string =
- ldb_msg_find_attr_as_string(res[i], "sAMAccountName",
- "");
+ ldb_msg_find_attr_as_string(res->msgs[i],
+ "sAMAccountName", "");
entriesFullGroup[count].description.string =
- ldb_msg_find_attr_as_string(res[i], "description", "");
+ ldb_msg_find_attr_as_string(res->msgs[i],
+ "description", "");
break;
case 4:
case 5:
entriesAscii[count].idx = count + 1;
entriesAscii[count].account_name.string =
- ldb_msg_find_attr_as_string(res[i], "sAMAccountName",
- "");
+ ldb_msg_find_attr_as_string(res->msgs[i],
+ "sAMAccountName", "");
break;
}
diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
index c3e3905..0e1500e 100644
--- a/source4/torture/rpc/samr.c
+++ b/source4/torture/rpc/samr.c
@@ -6800,6 +6800,7 @@ static bool test_QueryDomainInfo2(struct dcerpc_binding_handle *b,
set of group names. */
static bool test_GroupList(struct dcerpc_binding_handle *b,
struct torture_context *tctx,
+ struct dom_sid *domain_sid,
struct policy_handle *handle)
{
struct samr_EnumDomainGroups q1;
@@ -6817,6 +6818,9 @@ static bool test_GroupList(struct dcerpc_binding_handle *b,
int num_names = 0;
const char **names = NULL;
+ bool builtin_domain = dom_sid_compare(domain_sid,
+ &global_sid_Builtin) == 0;
+
torture_comment(tctx, "Testing coherency of querydispinfo vs enumdomgroups\n");
q1.in.domain_handle = handle;
@@ -6847,6 +6851,11 @@ static bool test_GroupList(struct dcerpc_binding_handle *b,
torture_assert(tctx, sam, "EnumDomainGroups failed to return sam");
+ if (builtin_domain) {
+ torture_assert(tctx, num_names == 0,
+ "EnumDomainGroups shouldn't return any group in the builtin domain!");
+ }
+
q2.in.domain_handle = handle;
q2.in.level = 5;
q2.in.start_idx = 0;
@@ -6879,7 +6888,7 @@ static bool test_GroupList(struct dcerpc_binding_handle *b,
}
}
- if (!found) {
+ if ((!found) && (!builtin_domain)) {
torture_warning(tctx, "QueryDisplayInfo gave name [%s] that EnumDomainGroups did not\n",
name);
ret = false;
@@ -6894,6 +6903,11 @@ static bool test_GroupList(struct dcerpc_binding_handle *b,
ret = false;
}
+ if (builtin_domain) {
+ torture_assert(tctx, q2.in.start_idx != 0,
+ "QueryDisplayInfo should return all domain groups also on the builtin domain handle!");
+ }
+
for (i=0; i<num_names; i++) {
if (names[i] != NULL) {
torture_warning(tctx, "EnumDomainGroups gave name [%s] that QueryDisplayInfo did not\n",
@@ -7646,7 +7660,7 @@ static bool test_OpenDomain(struct dcerpc_pipe *p, struct torture_context *tctx,
ret &= test_GetDisplayEnumerationIndex(b, tctx, &domain_handle);
ret &= test_GetDisplayEnumerationIndex2(b, tctx, &domain_handle);
}
- ret &= test_GroupList(b, tctx, &domain_handle);
+ ret &= test_GroupList(b, tctx, sid, &domain_handle);
ret &= test_TestPrivateFunctionsDomain(b, tctx, &domain_handle);
ret &= test_RidToSid(b, tctx, sid, &domain_handle);
ret &= test_GetBootKeyInformation(b, tctx, &domain_handle);
--
Samba Shared Repository
More information about the samba-cvs
mailing list