[SCM] Samba Shared Repository - branch v4-11-test updated
Karolin Seeger
kseeger at samba.org
Mon Aug 19 12:37:03 UTC 2019
The branch, v4-11-test has been updated
via 38876ad4ef4 smbtorture: extend rpc.lsa to lookup machine over forest-wide LookupNames
via 60d22232734 lookup_name: allow own domain lookup when flags == 0
via 8dfa63d9f72 torture/rpc/lsa: allow testing different lookup levels
via 428ecb5f4e2 WHATSNEW: Fix some minor formatting issues.
from 62e65124e9d smbd: Fix use-after-free from exit_server_common()
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test
- Log -----------------------------------------------------------------
commit 38876ad4ef46fc3cf6a12329236918a87c2e2c65
Author: Alexander Bokovoy <ab at samba.org>
Date: Sat Aug 10 11:53:12 2019 +0300
smbtorture: extend rpc.lsa to lookup machine over forest-wide LookupNames
Add a simple test to resolve DOMAIN\MACHINE$ via LSA LookupNames3
using LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY2 level. This level would pass
zero lookup flags to lookup_name().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14091
Signed-off-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Alexander Bokovoy <ab at samba.org>
Autobuild-Date(master): Wed Aug 14 13:07:42 UTC 2019 on sn-devel-184
(cherry picked from commit 4d276a93fc624dc04d880f5b4157f272d3555be6)
Autobuild-User(v4-11-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-11-test): Mon Aug 19 12:36:22 UTC 2019 on sn-devel-184
commit 60d222327343599d13643ee54e041cd65373a7eb
Author: Alexander Bokovoy <ab at samba.org>
Date: Thu Aug 1 15:48:58 2019 +0300
lookup_name: allow own domain lookup when flags == 0
In 2007, we've added support for multiple lookup levels for LSA
LookupNames family of calls. However, forest-wide lookups, as described
in MS-LSAT 2.2.16, never worked because flags passed to lookup_name()
were always set to zero, expecting at least default lookup on a DC to
apply. lookup_name() was instead treating zero flags as 'skip all
checks'.
Allow at least own domain lookup in case domain name is the same.
This should allow FreeIPA DC to respond to LSA LookupNames3 calls from a
trusted AD DC side.
For the reference, below is a request Windows Server 2016 domain
controller sends to FreeIPA domain controller when attempting to look up
a user from a trusted forest root domain that attemps to login to the
domain controller. Notice the level in the lsa_LookupNames3 call and
resulting flags in lookup_name().
[2019/08/03 07:14:24.156065, 1, pid=23639, effective(967001000, 967001000), real(967001000, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:471(ndr_print_function_debug)
lsa_LookupNames3: struct lsa_LookupNames3
in: struct lsa_LookupNames3
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 0000004c-0000-0000-455d-3018575c0000
num_names : 0x00000001 (1)
names: ARRAY(1)
names: struct lsa_String
length : 0x000a (10)
size : 0x000c (12)
string : *
string : 'XS\ab'
sids : *
sids: struct lsa_TransSidArray3
count : 0x00000000 (0)
sids : NULL
level : LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY2 (6)
count : *
count : 0x00000000 (0)
lookup_options : LSA_LOOKUP_OPTION_SEARCH_ISOLATED_NAMES (0)
client_revision : LSA_CLIENT_REVISION_2 (2)
[2019/08/03 07:14:24.156189, 6, pid=23639, effective(967001000, 967001000), real(967001000, 0), class=rpc_srv] ../../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal)
Found policy hnd[0] [0000] 00 00 00 00 4C 00 00 00 00 00 00 00 45 5D 30 18 ....L... ....E]0.
[0010] 57 5C 00 00 W\..
[2019/08/03 07:14:24.156228, 4, pid=23639, effective(967001000, 967001000), real(967001000, 0)] ../../source3/smbd/sec_ctx.c:215(push_sec_ctx)
push_sec_ctx(967001000, 967001000) : sec_ctx_stack_ndx = 2
[2019/08/03 07:14:24.156246, 4, pid=23639, effective(967001000, 967001000), real(967001000, 0)] ../../source3/smbd/uid.c:552(push_conn_ctx)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2019/08/03 07:14:24.156259, 4, pid=23639, effective(967001000, 967001000), real(967001000, 0)] ../../source3/smbd/sec_ctx.c:319(set_sec_ctx_internal)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2019/08/03 07:14:24.156273, 5, pid=23639, effective(967001000, 967001000), real(967001000, 0)] ../../libcli/security/security_token.c:53(security_token_debug)
Security token: (NULL)
[2019/08/03 07:14:24.156285, 5, pid=23639, effective(967001000, 967001000), real(967001000, 0)] ../../source3/auth/token_util.c:865(debug_unix_user_token)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2019/08/03 07:14:24.156311, 5, pid=23639, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/lsa/srv_lsa_nt.c:244(lookup_lsa_sids)
lookup_lsa_sids: looking up name XS\ab
[2019/08/03 07:14:24.156327, 10, pid=23639, effective(0, 0), real(0, 0)] ../../source3/passdb/lookup_sid.c:112(lookup_name)
lookup_name: XS\ab => domain=[XS], name=[ab]
[2019/08/03 07:14:24.156340, 10, pid=23639, effective(0, 0), real(0, 0)] ../../source3/passdb/lookup_sid.c:114(lookup_name)
lookup_name: flags = 0x00
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14091
Signed-off-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 685bb03de6ab733590831d1df4f5fd60d2ac427d)
commit 8dfa63d9f7236a534fb454e50e6dff41d07ae89c
Author: Alexander Bokovoy <ab at samba.org>
Date: Thu Aug 1 21:08:52 2019 +0300
torture/rpc/lsa: allow testing different lookup levels
Convert torture/rpc/lsa LookupNames/LookupSids code to allow testing
different LSA_LOOKUP_NAMES_* levels. Keep existing level 1
(LSA_LOOKUP_NAMES_ALL) for the current set of tests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14091
Signed-off-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 317bc6a7342edfa2c503f5932142bf5883485cc9)
commit 428ecb5f4e2bb399e90f50dcd56054062bbaf85a
Author: Karolin Seeger <kseeger at samba.org>
Date: Tue Aug 13 11:33:01 2019 +0200
WHATSNEW: Fix some minor formatting issues.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW.txt | 35 ++++++-----
source3/passdb/lookup_sid.c | 2 +-
source4/torture/rpc/lsa.c | 128 ++++++++++++++++++++++++-----------------
source4/torture/rpc/schannel.c | 2 +-
4 files changed, 93 insertions(+), 74 deletions(-)
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 3276d884f3a..6a0cc9d72fd 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -15,16 +15,16 @@ UPGRADING
AD Database compatibility
-------------------------
-Samba v4.11 has changed how the AD database is stored on disk. AD users should
-not really be affected by this change when upgrading to v4.11. However, AD
-users should be extremely careful if they need to downgrade from Samba v4.11 to
+Samba 4.11 has changed how the AD database is stored on disk. AD users should
+not really be affected by this change when upgrading to 4.11. However, AD
+users should be extremely careful if they need to downgrade from Samba 4.11 to
an older release.
-Samba v4.11 maintains database compatibility with older Samba releases. The
-database will automatically get rewritten in the new v4.11 format when you
+Samba 4.11 maintains database compatibility with older Samba releases. The
+database will automatically get rewritten in the new 4.11 format when you
first start the upgraded samba executable.
-However, when downgrading from v4.11 you will need to manually downgrade the AD
+However, when downgrading from 4.11 you will need to manually downgrade the AD
database yourself. Note that you will need to do this step before you install
the downgraded Samba packages. For more details, see:
https://wiki.samba.org/index.php/Downgrading_an_Active_Directory_DC
@@ -56,7 +56,7 @@ and LANMAN1 for client and server, as well as CORE and COREPLUS on
the client.
Note that most commandline tools e.g. smbclient, smbcacls and others
-also support the --option argument to overwrite smb.conf options,
+also support the '--option' argument to overwrite smb.conf options,
e.g. --option='client min protocol=NT1' might be useful.
As Microsoft no longer installs SMB1 support in recent releases
@@ -74,7 +74,7 @@ NEW FEATURES/CHANGES
Default samba process model
---------------------------
-The default for the --model argument passed to the samba executable has changed
+The default for the '--model' argument passed to the samba executable has changed
from 'standard' to 'prefork'. This means a difference in the number of samba
child processes that are created to handle client connections. The previous
default would create a separate process for every LDAP or NETLOGON client
@@ -102,26 +102,27 @@ where:
<command> is the name of the command makinmg the winbind request i.e. wbinfo
<pid> is the process id of the requesting process.
-The version of the JSON Authentication messages has been changed to 1.2 from 1.1
+The version of the JSON Authentication messages has been changed from 1.1 to
+1.2.
LDAP referrals
--------------
The scheme of returned LDAP referrals now reflects the scheme of the original
request, i.e. referrals received via ldap are prefixed with "ldap://"
-and those over ldaps are prefixed with "ldaps://"
+and those over ldaps are prefixed with "ldaps://".
-Previously all referrals were prefixed with "ldap://"
+Previously all referrals were prefixed with "ldap://".
Bind9 logging
-------------
-It is now possible to log the duration of DNS operations performed by Bind9
-This should aid future diagnosis of performance issues, and could be used to
+It is now possible to log the duration of DNS operations performed by Bind9.
+This should aid future diagnosis of performance issues and could be used to
monitor DNS performance. The logging is enabled by setting log level to
-"dns:10" in smb.conf
+"dns:10" in smb.conf.
-The logs are currently Human readable text only, i.e. no JSON formatted output.
+The logs are currently human readable text only, i.e. no JSON formatted output.
Log lines are of the form:
@@ -210,7 +211,7 @@ multiple times into memory.
Setting lmdb map size
---------------------
-It is now possible to set the lmdb map size (The maximum permitted
+It is now possible to set the lmdb map size (the maximum permitted
size for the database). "samba-tool" now accepts the
"--backend-store-size" i.e. --backend-store-size=4Gb. If not
specified it defaults to 8Gb.
@@ -302,14 +303,12 @@ Samba still supported a Python WSGI web server (which could still be turned on
from the 'server services' smb.conf parameter). This service was unused and has
now been removed from Samba.
-
samba-tool join subdomain
-------------------------
The subdomain role has been removed from the join command. This option did
not work and has no tests.
-
Python2 support
---------------
diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
index 6ab72e57838..c31a9e48739 100644
--- a/source3/passdb/lookup_sid.c
+++ b/source3/passdb/lookup_sid.c
@@ -113,7 +113,7 @@ bool lookup_name(TALLOC_CTX *mem_ctx,
full_name, domain, name));
DEBUG(10, ("lookup_name: flags = 0x0%x\n", flags));
- if ((flags & LOOKUP_NAME_DOMAIN) &&
+ if (((flags & LOOKUP_NAME_DOMAIN) || (flags == 0)) &&
strequal(domain, get_global_sam_name()))
{
diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c
index 5b16ed9a014..0ce113feb5d 100644
--- a/source4/torture/rpc/lsa.c
+++ b/source4/torture/rpc/lsa.c
@@ -281,6 +281,7 @@ static bool test_OpenPolicy2_fail(struct dcerpc_binding_handle *b,
static bool test_LookupNames(struct dcerpc_binding_handle *b,
struct torture_context *tctx,
struct policy_handle *handle,
+ enum lsa_LookupNamesLevel level,
struct lsa_TransNameArray *tnames)
{
struct lsa_LookupNames r;
@@ -313,7 +314,7 @@ static bool test_LookupNames(struct dcerpc_binding_handle *b,
r.in.handle = handle;
r.in.names = names;
r.in.sids = &sids;
- r.in.level = 1;
+ r.in.level = level;
r.in.count = &count;
r.out.count = &count;
r.out.sids = &sids;
@@ -369,7 +370,8 @@ static bool test_LookupNames(struct dcerpc_binding_handle *b,
static bool test_LookupNames_bogus(struct dcerpc_binding_handle *b,
struct torture_context *tctx,
- struct policy_handle *handle)
+ struct policy_handle *handle,
+ enum lsa_LookupNamesLevel level)
{
struct lsa_LookupNames r;
struct lsa_TransSidArray sids;
@@ -388,7 +390,7 @@ static bool test_LookupNames_bogus(struct dcerpc_binding_handle *b,
r.in.num_names = 1;
r.in.names = names;
r.in.sids = &sids;
- r.in.level = 1;
+ r.in.level = level;
r.in.count = &count;
r.out.count = &count;
r.out.sids = &sids;
@@ -409,7 +411,8 @@ static bool test_LookupNames_bogus(struct dcerpc_binding_handle *b,
static bool test_LookupNames_NULL(struct dcerpc_binding_handle *b,
struct torture_context *tctx,
- struct policy_handle *handle)
+ struct policy_handle *handle,
+ enum lsa_LookupNamesLevel level)
{
struct lsa_LookupNames r;
struct lsa_TransSidArray sids;
@@ -428,7 +431,7 @@ static bool test_LookupNames_NULL(struct dcerpc_binding_handle *b,
r.in.num_names = 1;
r.in.names = names;
r.in.sids = &sids;
- r.in.level = 1;
+ r.in.level = level;
r.in.count = &count;
r.out.count = &count;
r.out.sids = &sids;
@@ -453,7 +456,8 @@ static bool test_LookupNames_NULL(struct dcerpc_binding_handle *b,
static bool test_LookupNames_wellknown(struct dcerpc_binding_handle *b,
struct torture_context *tctx,
- struct policy_handle *handle)
+ struct policy_handle *handle,
+ enum lsa_LookupNamesLevel level)
{
struct lsa_TranslatedName name;
struct lsa_TransNameArray tnames;
@@ -465,45 +469,46 @@ static bool test_LookupNames_wellknown(struct dcerpc_binding_handle *b,
tnames.count = 1;
name.name.string = "NT AUTHORITY\\SYSTEM";
name.sid_type = SID_NAME_WKN_GRP;
- ret &= test_LookupNames(b, tctx, handle, &tnames);
+ ret &= test_LookupNames(b, tctx, handle, level, &tnames);
name.name.string = "NT AUTHORITY\\ANONYMOUS LOGON";
name.sid_type = SID_NAME_WKN_GRP;
- ret &= test_LookupNames(b, tctx, handle, &tnames);
+ ret &= test_LookupNames(b, tctx, handle, level, &tnames);
name.name.string = "NT AUTHORITY\\Authenticated Users";
name.sid_type = SID_NAME_WKN_GRP;
- ret &= test_LookupNames(b, tctx, handle, &tnames);
+ ret &= test_LookupNames(b, tctx, handle, level, &tnames);
#if 0
name.name.string = "NT AUTHORITY";
- ret &= test_LookupNames(b, tctx, handle, &tnames);
+ ret &= test_LookupNames(b, tctx, handle, level, &tnames);
name.name.string = "NT AUTHORITY\\";
- ret &= test_LookupNames(b, tctx, handle, &tnames);
+ ret &= test_LookupNames(b, tctx, handle, level, &tnames);
#endif
name.name.string = "BUILTIN\\";
name.sid_type = SID_NAME_DOMAIN;
- ret &= test_LookupNames(b, tctx, handle, &tnames);
+ ret &= test_LookupNames(b, tctx, handle, level, &tnames);
name.name.string = "BUILTIN\\Administrators";
name.sid_type = SID_NAME_ALIAS;
- ret &= test_LookupNames(b, tctx, handle, &tnames);
+ ret &= test_LookupNames(b, tctx, handle, level, &tnames);
name.name.string = "SYSTEM";
name.sid_type = SID_NAME_WKN_GRP;
- ret &= test_LookupNames(b, tctx, handle, &tnames);
+ ret &= test_LookupNames(b, tctx, handle, level, &tnames);
name.name.string = "Everyone";
name.sid_type = SID_NAME_WKN_GRP;
- ret &= test_LookupNames(b, tctx, handle, &tnames);
+ ret &= test_LookupNames(b, tctx, handle, level, &tnames);
return ret;
}
static bool test_LookupNames2(struct dcerpc_binding_handle *b,
struct torture_context *tctx,
struct policy_handle *handle,
+ enum lsa_LookupNamesLevel level,
struct lsa_TransNameArray2 *tnames,
bool check_result)
{
@@ -536,7 +541,7 @@ static bool test_LookupNames2(struct dcerpc_binding_handle *b,
r.in.handle = handle;
r.in.names = names;
r.in.sids = &sids;
- r.in.level = 1;
+ r.in.level = level;
r.in.count = &count;
r.in.lookup_options = 0;
r.in.client_revision = 0;
@@ -565,6 +570,7 @@ static bool test_LookupNames2(struct dcerpc_binding_handle *b,
static bool test_LookupNames3(struct dcerpc_binding_handle *b,
struct torture_context *tctx,
struct policy_handle *handle,
+ enum lsa_LookupNamesLevel level,
struct lsa_TransNameArray2 *tnames,
bool check_result)
{
@@ -596,7 +602,7 @@ static bool test_LookupNames3(struct dcerpc_binding_handle *b,
r.in.handle = handle;
r.in.names = names;
r.in.sids = &sids;
- r.in.level = 1;
+ r.in.level = level;
r.in.count = &count;
r.in.lookup_options = 0;
r.in.client_revision = 0;
@@ -624,6 +630,7 @@ static bool test_LookupNames3(struct dcerpc_binding_handle *b,
static bool test_LookupNames4(struct dcerpc_binding_handle *b,
struct torture_context *tctx,
+ enum lsa_LookupNamesLevel level,
struct lsa_TransNameArray2 *tnames,
bool check_result)
{
@@ -655,7 +662,7 @@ static bool test_LookupNames4(struct dcerpc_binding_handle *b,
r.in.num_names = tnames->count;
r.in.names = names;
r.in.sids = &sids;
- r.in.level = 1;
+ r.in.level = level;
r.in.count = &count;
r.in.lookup_options = 0;
r.in.client_revision = 0;
@@ -693,7 +700,8 @@ static bool test_LookupNames4(struct dcerpc_binding_handle *b,
}
static bool test_LookupNames4_fail(struct dcerpc_binding_handle *b,
- struct torture_context *tctx)
+ struct torture_context *tctx,
+ enum lsa_LookupNamesLevel level)
{
struct lsa_LookupNames4 r;
struct lsa_TransSidArray3 sids;
@@ -712,7 +720,7 @@ static bool test_LookupNames4_fail(struct dcerpc_binding_handle *b,
r.in.num_names = count;
r.in.names = names;
r.in.sids = &sids;
- r.in.level = 1;
+ r.in.level = level;
r.in.count = &count;
r.in.lookup_options = 0;
r.in.client_revision = 0;
@@ -760,6 +768,7 @@ static bool test_LookupNames4_fail(struct dcerpc_binding_handle *b,
static bool test_LookupSids(struct dcerpc_binding_handle *b,
struct torture_context *tctx,
struct policy_handle *handle,
+ enum lsa_LookupNamesLevel level,
struct lsa_SidArray *sids)
{
struct lsa_LookupSids r;
@@ -775,7 +784,7 @@ static bool test_LookupSids(struct dcerpc_binding_handle *b,
r.in.handle = handle;
r.in.sids = sids;
r.in.names = &names;
- r.in.level = 1;
+ r.in.level = level;
r.in.count = &count;
r.out.count = &count;
r.out.names = &names;
@@ -790,7 +799,7 @@ static bool test_LookupSids(struct dcerpc_binding_handle *b,
torture_comment(tctx, "\n");
- if (!test_LookupNames(b, tctx, handle, &names)) {
+ if (!test_LookupNames(b, tctx, handle, level, &names)) {
return false;
}
@@ -801,6 +810,7 @@ static bool test_LookupSids(struct dcerpc_binding_handle *b,
static bool test_LookupSids2(struct dcerpc_binding_handle *b,
struct torture_context *tctx,
struct policy_handle *handle,
+ enum lsa_LookupNamesLevel level,
struct lsa_SidArray *sids)
{
struct lsa_LookupSids2 r;
@@ -816,7 +826,7 @@ static bool test_LookupSids2(struct dcerpc_binding_handle *b,
r.in.handle = handle;
r.in.sids = sids;
r.in.names = &names;
- r.in.level = 1;
+ r.in.level = level;
r.in.count = &count;
r.in.lookup_options = 0;
r.in.client_revision = 0;
@@ -835,11 +845,11 @@ static bool test_LookupSids2(struct dcerpc_binding_handle *b,
torture_comment(tctx, "\n");
- if (!test_LookupNames2(b, tctx, handle, &names, false)) {
+ if (!test_LookupNames2(b, tctx, handle, level, &names, false)) {
return false;
}
- if (!test_LookupNames3(b, tctx, handle, &names, false)) {
+ if (!test_LookupNames3(b, tctx, handle, level, &names, false)) {
return false;
}
@@ -848,6 +858,7 @@ static bool test_LookupSids2(struct dcerpc_binding_handle *b,
static bool test_LookupSids3(struct dcerpc_binding_handle *b,
struct torture_context *tctx,
+ enum lsa_LookupNamesLevel level,
struct lsa_SidArray *sids)
{
struct lsa_LookupSids3 r;
@@ -862,7 +873,7 @@ static bool test_LookupSids3(struct dcerpc_binding_handle *b,
r.in.sids = sids;
r.in.names = &names;
- r.in.level = 1;
+ r.in.level = level;
r.in.count = &count;
r.in.lookup_options = 0;
r.in.client_revision = 0;
@@ -891,7 +902,7 @@ static bool test_LookupSids3(struct dcerpc_binding_handle *b,
torture_comment(tctx, "\n");
- if (!test_LookupNames4(b, tctx, &names, true)) {
+ if (!test_LookupNames4(b, tctx, level, &names, true)) {
return false;
}
@@ -900,6 +911,7 @@ static bool test_LookupSids3(struct dcerpc_binding_handle *b,
static bool test_LookupSids3_fail(struct dcerpc_binding_handle *b,
struct torture_context *tctx,
+ enum lsa_LookupNamesLevel level,
struct lsa_SidArray *sids)
{
struct lsa_LookupSids3 r;
@@ -915,7 +927,7 @@ static bool test_LookupSids3_fail(struct dcerpc_binding_handle *b,
r.in.sids = sids;
r.in.names = &names;
- r.in.level = 1;
+ r.in.level = level;
r.in.count = &count;
r.in.lookup_options = 0;
r.in.client_revision = 0;
@@ -959,7 +971,8 @@ static bool test_LookupSids3_fail(struct dcerpc_binding_handle *b,
bool test_many_LookupSids(struct dcerpc_pipe *p,
struct torture_context *tctx,
- struct policy_handle *handle)
+ struct policy_handle *handle,
+ enum lsa_LookupNamesLevel level)
{
uint32_t count;
struct lsa_SidArray sids;
@@ -990,7 +1003,7 @@ bool test_many_LookupSids(struct dcerpc_pipe *p,
r.in.handle = handle;
r.in.sids = &sids;
r.in.names = &names;
- r.in.level = 1;
+ r.in.level = level;
r.in.count = &names.count;
r.out.count = &count;
r.out.names = &names;
@@ -1006,16 +1019,16 @@ bool test_many_LookupSids(struct dcerpc_pipe *p,
torture_comment(tctx, "\n");
- if (!test_LookupNames(b, tctx, handle, &names)) {
+ if (!test_LookupNames(b, tctx, handle, level, &names)) {
return false;
}
}
if (transport == NCACN_NP) {
- if (!test_LookupSids3_fail(b, tctx, &sids)) {
+ if (!test_LookupSids3_fail(b, tctx, level, &sids)) {
return false;
}
- if (!test_LookupNames4_fail(b, tctx)) {
+ if (!test_LookupNames4_fail(b, tctx, level)) {
return false;
}
} else if (transport == NCACN_IP_TCP) {
@@ -1031,10 +1044,10 @@ bool test_many_LookupSids(struct dcerpc_pipe *p,
if (auth_type == DCERPC_AUTH_TYPE_SCHANNEL &&
auth_level >= DCERPC_AUTH_LEVEL_INTEGRITY) {
- if (!test_LookupSids3(b, tctx, &sids)) {
+ if (!test_LookupSids3(b, tctx, level, &sids)) {
return false;
}
- if (!test_LookupNames4(b, tctx, &names, true)) {
+ if (!test_LookupNames4(b, tctx, level, &names, true)) {
return false;
}
} else {
@@ -1042,10 +1055,10 @@ bool test_many_LookupSids(struct dcerpc_pipe *p,
* If we don't have a secure channel these tests must
* fail with ACCESS_DENIED.
*/
- if (!test_LookupSids3_fail(b, tctx, &sids)) {
+ if (!test_LookupSids3_fail(b, tctx, level, &sids)) {
return false;
}
- if (!test_LookupNames4_fail(b, tctx)) {
+ if (!test_LookupNames4_fail(b, tctx, level)) {
return false;
}
}
@@ -1077,7 +1090,8 @@ static void lookupsids_cb(struct tevent_req *subreq)
static bool test_LookupSids_async(struct dcerpc_binding_handle *b,
struct torture_context *tctx,
- struct policy_handle *handle)
+ struct policy_handle *handle,
+ enum lsa_LookupNamesLevel level)
{
struct lsa_SidArray sids;
struct lsa_SidPtr sidptr;
@@ -1112,7 +1126,7 @@ static bool test_LookupSids_async(struct dcerpc_binding_handle *b,
r[i].in.handle = handle;
r[i].in.sids = &sids;
r[i].in.names = &names[i];
- r[i].in.level = 1;
+ r[i].in.level = level;
r[i].in.count = &names[i].count;
r[i].out.count = &count[i];
r[i].out.names = &names[i];
@@ -1923,11 +1937,11 @@ static bool test_EnumAccounts(struct dcerpc_binding_handle *b,
torture_assert_ntstatus_ok(tctx, r.out.result,
"EnumAccounts failed");
- if (!test_LookupSids(b, tctx, handle, &sids1)) {
+ if (!test_LookupSids(b, tctx, handle, LSA_LOOKUP_NAMES_ALL, &sids1)) {
return false;
}
- if (!test_LookupSids2(b, tctx, handle, &sids1)) {
+ if (!test_LookupSids2(b, tctx, handle, LSA_LOOKUP_NAMES_ALL, &sids1)) {
return false;
--
Samba Shared Repository
More information about the samba-cvs
mailing list