[SCM] Samba Shared Repository - branch master updated
Stefan Metzmacher
metze at samba.org
Wed Dec 12 05:14:03 MST 2012
The branch, master has been updated
via 34ac9d8 s4-selftest: make sure to test rpc.samr.passwords.validate over ncacn_ip_tcp.
via 6a59126 s3-selftest: make sure to test rpc.samr.passwords.validate over ncacn_ip_tcp.
via 4fd7aaf s4-rpc_server: limit allowed transports for samr_ValidatePassword().
via c9055a0 s3-rpc_server: limit allowed transports for samr_ValidatePassword().
via f22efd4 s4-torture: move samr_ValidatePassword test out of main samr test.
from 014512f dfs_server: Don't allocate a subcontext twice.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 34ac9d878687443c40e9df9941f45d9bc6040529
Author: Günther Deschner <gd at samba.org>
Date: Tue Dec 11 16:43:12 2012 +0100
s4-selftest: make sure to test rpc.samr.passwords.validate over ncacn_ip_tcp.
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Dec 12 13:13:47 CET 2012 on sn-devel-104
commit 6a59126d591b3a9f6a7c505cb8973b826f5cc0b0
Author: Günther Deschner <gd at samba.org>
Date: Tue Dec 11 16:42:53 2012 +0100
s3-selftest: make sure to test rpc.samr.passwords.validate over ncacn_ip_tcp.
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 4fd7aaf2b148fff7d5efc15e9f1923bf56b5b54a
Author: Günther Deschner <gd at samba.org>
Date: Tue Dec 11 14:43:07 2012 +0100
s4-rpc_server: limit allowed transports for samr_ValidatePassword().
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit c9055a0be444260ddbf44eb13007399bf7dff5e1
Author: Günther Deschner <gd at samba.org>
Date: Tue Dec 11 14:41:34 2012 +0100
s3-rpc_server: limit allowed transports for samr_ValidatePassword().
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit f22efd402adf61842dd0a97e462a097e80d878a4
Author: Günther Deschner <gd at samba.org>
Date: Tue Dec 11 09:25:53 2012 +0100
s4-torture: move samr_ValidatePassword test out of main samr test.
Makes it easier to call with ncacn_ip_tcp transport (Windows does not allow
other transports).
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/rpc_server/samr/srv_samr_nt.c | 5 +++++
source3/selftest/tests.py | 5 ++++-
source4/rpc_server/samr/dcesrv_samr.c | 5 +++++
source4/selftest/tests.py | 2 +-
source4/torture/rpc/rpc.c | 1 +
source4/torture/rpc/samr.c | 21 +++++++++++++++++----
6 files changed, 33 insertions(+), 6 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/rpc_server/samr/srv_samr_nt.c b/source3/rpc_server/samr/srv_samr_nt.c
index 1065f2a..580638b 100644
--- a/source3/rpc_server/samr/srv_samr_nt.c
+++ b/source3/rpc_server/samr/srv_samr_nt.c
@@ -6807,6 +6807,11 @@ NTSTATUS _samr_ValidatePassword(struct pipes_struct *p,
struct samr_GetDomPwInfo pw;
struct samr_PwInfo dom_pw_info;
+ if (p->transport != NCACN_IP_TCP && p->transport != NCALRPC) {
+ p->fault_state = DCERPC_FAULT_ACCESS_DENIED;
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
if (r->in.level < 1 || r->in.level > 3) {
return NT_STATUS_INVALID_INFO_CLASS;
}
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index def4d83..57a67ed 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -270,7 +270,7 @@ rpc = ["rpc.authcontext", "rpc.samba3.bind", "rpc.samba3.srvsvc", "rpc.samba3.sh
"rpc.lsa.privileges", "rpc.lsa.secrets",
"rpc.samr", "rpc.samr.users", "rpc.samr.users.privileges", "rpc.samr.passwords",
"rpc.samr.passwords.pwdlastset", "rpc.samr.large-dc", "rpc.samr.machine.auth",
- "rpc.samr.priv",
+ "rpc.samr.priv", "rpc.samr.passwords.validate",
"rpc.netlogon.admin",
"rpc.schannel", "rpc.schannel2", "rpc.bench-schannel1", "rpc.join", "rpc.bind"]
@@ -327,6 +327,9 @@ for t in tests:
plansmbtorture4testsuite(t, "s3dc", 'ncacn_ip_tcp:$SERVER_IP -U$USERNAME%$PASSWORD', 'over ncacn_ip_tcp ')
plansmbtorture4testsuite(t, "plugin_s4_dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD', 'over ncacn_np ')
plansmbtorture4testsuite(t, "plugin_s4_dc", 'ncacn_ip_tcp:$SERVER_IP -U$USERNAME%$PASSWORD', 'over ncacn_ip_tcp ')
+ elif t == "rpc.samr.passwords.validate":
+ plansmbtorture4testsuite(t, "s3dc", 'ncacn_ip_tcp:$SERVER_IP -U$USERNAME%$PASSWORD', 'over ncacn_ip_tcp ')
+ plansmbtorture4testsuite(t, "plugin_s4_dc", 'ncacn_ip_tcp:$SERVER_IP -U$USERNAME%$PASSWORD', 'over ncacn_ip_tcp ')
elif t == "smb2.durable-open" or t == "smb2.durable-v2-open":
plansmbtorture4testsuite(t, "s3dc", '//$SERVER_IP/durable -U$USERNAME%$PASSWORD')
plansmbtorture4testsuite(t, "plugin_s4_dc", '//$SERVER_IP/durable -U$USERNAME%$PASSWORD')
diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c
index d987fba..3826075 100644
--- a/source4/rpc_server/samr/dcesrv_samr.c
+++ b/source4/rpc_server/samr/dcesrv_samr.c
@@ -4290,6 +4290,11 @@ static NTSTATUS dcesrv_samr_ValidatePassword(struct dcesrv_call_state *dce_call,
DATA_BLOB password;
enum samr_ValidationStatus res;
NTSTATUS status;
+ enum dcerpc_transport_t transport = dce_call->conn->endpoint->ep_description->transport;
+
+ if (transport != NCACN_IP_TCP && transport != NCALRPC) {
+ DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED);
+ }
(*r->out.rep) = talloc_zero(mem_ctx, union samr_ValidatePasswordRep);
diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index 58936e8..f43741c 100755
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -87,7 +87,7 @@ else:
ncacn_np_tests = ["rpc.schannel", "rpc.join", "rpc.lsa", "rpc.dssetup", "rpc.altercontext", "rpc.multibind", "rpc.netlogon", "rpc.handles", "rpc.samsync", "rpc.samba3-sessionkey", "rpc.samba3-getusername", "rpc.samba3-lsa", "rpc.samba3-bind", "rpc.samba3-netlogon", "rpc.asyncbind", "rpc.lsalookup", "rpc.lsa-getuser", "rpc.schannel2", "rpc.authcontext"]
ncalrpc_tests = ["rpc.schannel", "rpc.join", "rpc.lsa", "rpc.dssetup", "rpc.altercontext", "rpc.multibind", "rpc.netlogon", "rpc.drsuapi", "rpc.asyncbind", "rpc.lsalookup", "rpc.lsa-getuser", "rpc.schannel2", "rpc.authcontext"]
drs_rpc_tests = smbtorture4_testsuites("drs.rpc")
-ncacn_ip_tcp_tests = ["rpc.schannel", "rpc.join", "rpc.lsa", "rpc.dssetup", "rpc.multibind", "rpc.netlogon", "rpc.asyncbind", "rpc.lsalookup", "rpc.lsa-getuser", "rpc.schannel2", "rpc.authcontext"] + drs_rpc_tests
+ncacn_ip_tcp_tests = ["rpc.schannel", "rpc.join", "rpc.lsa", "rpc.dssetup", "rpc.multibind", "rpc.netlogon", "rpc.asyncbind", "rpc.lsalookup", "rpc.lsa-getuser", "rpc.schannel2", "rpc.authcontext", "rpc.samr.passwords.validate"] + drs_rpc_tests
slow_ncacn_np_tests = ["rpc.samlogon", "rpc.samr.users", "rpc.samr.large-dc", "rpc.samr.users.privileges", "rpc.samr.passwords", "rpc.samr.passwords.pwdlastset"]
slow_ncacn_ip_tcp_tests = ["rpc.samr", "rpc.cracknames"]
diff --git a/source4/torture/rpc/rpc.c b/source4/torture/rpc/rpc.c
index 7efc90b..ad1e549 100644
--- a/source4/torture/rpc/rpc.c
+++ b/source4/torture/rpc/rpc.c
@@ -503,6 +503,7 @@ NTSTATUS torture_rpc_init(void)
torture_suite_add_suite(suite, torture_rpc_samr_passwords_pwdlastset(suite));
torture_suite_add_suite(suite, torture_rpc_samr_passwords_badpwdcount(suite));
torture_suite_add_suite(suite, torture_rpc_samr_passwords_lockout(suite));
+ torture_suite_add_suite(suite, torture_rpc_samr_passwords_validate(suite));
torture_suite_add_suite(suite, torture_rpc_samr_user_privileges(suite));
torture_suite_add_suite(suite, torture_rpc_samr_large_dc(suite));
torture_suite_add_suite(suite, torture_rpc_samr_priv(suite));
diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
index f17f0d7..6a4f653 100644
--- a/source4/torture/rpc/samr.c
+++ b/source4/torture/rpc/samr.c
@@ -8047,8 +8047,8 @@ static bool test_Connect(struct dcerpc_binding_handle *b,
}
-static bool test_samr_ValidatePassword(struct dcerpc_pipe *p,
- struct torture_context *tctx)
+static bool test_samr_ValidatePassword(struct torture_context *tctx,
+ struct dcerpc_pipe *p)
{
struct samr_ValidatePassword r;
union samr_ValidatePasswordReq req;
@@ -8060,6 +8060,10 @@ static bool test_samr_ValidatePassword(struct dcerpc_pipe *p,
torture_comment(tctx, "Testing samr_ValidatePassword\n");
+ if (p->conn->transport.transport != NCACN_IP_TCP) {
+ torture_comment(tctx, "samr_ValidatePassword only should succeed over NCACN_IP_TCP!\n");
+ }
+
ZERO_STRUCT(r);
r.in.level = NetValidatePasswordReset;
r.in.req = &req;
@@ -8183,8 +8187,6 @@ bool torture_rpc_samr_passwords(struct torture_context *torture)
ret &= test_samr_handle_Close(b, torture, &ctx->handle);
- ret &= test_samr_ValidatePassword(p, torture);
-
return ret;
}
@@ -8479,4 +8481,15 @@ struct torture_suite *torture_rpc_samr_passwords_lockout(TALLOC_CTX *mem_ctx)
return suite;
}
+struct torture_suite *torture_rpc_samr_passwords_validate(TALLOC_CTX *mem_ctx)
+{
+ struct torture_suite *suite = torture_suite_create(mem_ctx, "samr.passwords.validate");
+ struct torture_rpc_tcase *tcase;
+
+ tcase = torture_suite_add_rpc_iface_tcase(suite, "samr",
+ &ndr_table_samr);
+ torture_rpc_tcase_add_test(tcase, "validate",
+ test_samr_ValidatePassword);
+ return suite;
+}
--
Samba Shared Repository
More information about the samba-cvs
mailing list