[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Wed Mar 11 09:53:02 UTC 2020
The branch, master has been updated
via 808d6c0c533 selftest: Add test for rpcclient LSA lookup calls
via 00ab6349e22 rpcclient: Ask for minimal permissions for SID and name lookups
from 12596a3a8d0 libcli: Align integer types
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 808d6c0c533b63cb2efac25755e09b72fdf65a87
Author: Christof Schmitt <cs at samba.org>
Date: Mon Mar 9 16:25:00 2020 -0700
selftest: Add test for rpcclient LSA lookup calls
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Mar 11 09:52:44 UTC 2020 on sn-devel-184
commit 00ab6349e220ee9976eaec9ab599458925a16010
Author: Christof Schmitt <cs at samba.org>
Date: Mon Mar 9 14:21:41 2020 -0700
rpcclient: Ask for minimal permissions for SID and name lookups
The RPC calls to lookup SIDS and names only require the
POLICY_LOOKUP_NAMES permission. Only ask for that instead of the
MAXIMUM_ALLOWED flag. This allows these calls to work against a NetApp
that does not accept MAXIMUM_ALLOWED (see bugzilla 11105).
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/rpcclient/cmd_lsarpc.c | 16 +++++-----
source3/script/tests/test_rpcclient_lookup.sh | 42 +++++++++++++++++++++++++++
source3/selftest/tests.py | 5 ++++
3 files changed, 55 insertions(+), 8 deletions(-)
create mode 100755 source3/script/tests/test_rpcclient_lookup.sh
Changeset truncated at 500 lines:
diff --git a/source3/rpcclient/cmd_lsarpc.c b/source3/rpcclient/cmd_lsarpc.c
index abb454331c2..aae1a5b629d 100644
--- a/source3/rpcclient/cmd_lsarpc.c
+++ b/source3/rpcclient/cmd_lsarpc.c
@@ -237,8 +237,8 @@ static NTSTATUS cmd_lsa_lookup_names(struct rpc_pipe_client *cli,
}
status = rpccli_lsa_open_policy(cli, mem_ctx, True,
- SEC_FLAG_MAXIMUM_ALLOWED,
- &pol);
+ LSA_POLICY_LOOKUP_NAMES,
+ &pol);
if (!NT_STATUS_IS_OK(status))
goto done;
@@ -288,8 +288,8 @@ static NTSTATUS cmd_lsa_lookup_names_level(struct rpc_pipe_client *cli,
}
status = rpccli_lsa_open_policy(cli, mem_ctx, True,
- SEC_FLAG_MAXIMUM_ALLOWED,
- &pol);
+ LSA_POLICY_LOOKUP_NAMES,
+ &pol);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
@@ -406,8 +406,8 @@ static NTSTATUS cmd_lsa_lookup_sids(struct rpc_pipe_client *cli, TALLOC_CTX *mem
}
status = rpccli_lsa_open_policy(cli, mem_ctx, True,
- SEC_FLAG_MAXIMUM_ALLOWED,
- &pol);
+ LSA_POLICY_LOOKUP_NAMES,
+ &pol);
if (!NT_STATUS_IS_OK(status))
goto done;
@@ -481,8 +481,8 @@ static NTSTATUS cmd_lsa_lookup_sids_level(struct rpc_pipe_client *cli,
}
status = rpccli_lsa_open_policy(cli, mem_ctx, True,
- SEC_FLAG_MAXIMUM_ALLOWED,
- &pol);
+ LSA_POLICY_LOOKUP_NAMES,
+ &pol);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
diff --git a/source3/script/tests/test_rpcclient_lookup.sh b/source3/script/tests/test_rpcclient_lookup.sh
new file mode 100755
index 00000000000..d404c5feaec
--- /dev/null
+++ b/source3/script/tests/test_rpcclient_lookup.sh
@@ -0,0 +1,42 @@
+#!/bin/sh
+#
+# Blackbox tests for the rpcclient LSA lookup commands
+#
+# Copyright (C) 2020 Christof Schmitt
+
+if [ $# -lt 4 ]; then
+cat <<EOF
+Usage: test_net_srvsvc.sh USERNAME PASSWORD SERVER RPCCLIENT
+EOF
+exit 1;
+fi
+
+USERNAME="$1"
+PASSWORD="$2"
+SERVER="$3"
+RPCCLIENT="$4"
+
+RPCCLIENTCMD="$RPCCLIENT $SERVER -U$USERNAME%$PASSWORD"
+
+incdir=$(dirname $0)/../../../testprogs/blackbox
+. $incdir/subunit.sh
+
+failed=0
+
+$RPCCLIENTCMD -c "lookupsids S-1-1-0"
+RC=$?
+testit "lookupsids" test $RC -eq 0 || failed=$(expr $failed + 1)
+
+$RPCCLIENTCMD -c "lookupsids_level 1 S-1-1-0"
+RC=$?
+testit "lookupsids_level" test $RC -eq 0 || failed=$(expr $failed + 1)
+
+$RPCCLIENTCMD -c "lookupnames Everyone"
+RC=$?
+testit "lookupnames" test $RC -eq 0 || failed=$(expr $failed + 1)
+
+$RPCCLIENTCMD -c "lookupnames_level 1 Everyone"
+RC=$?
+testit "lookupnames_level" test $RC -eq 0 || failed=$(expr $failed + 1)
+
+testok $0 $failed
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index fa7b6c3772a..c4305a45908 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -860,6 +860,11 @@ plantestsuite("samba3.blackbox.rpcclient_srvsvc", "simpleserver",
"$USERNAME", "$PASSWORD", "$SERVER",
os.path.join(bindir(), "rpcclient"), "tmp"])
+plantestsuite("samba3.blackbox.rpcclient_lookup", "simpleserver",
+ [os.path.join(samba3srcdir, "script/tests/test_rpcclient_lookup.sh"),
+ "$USERNAME", "$PASSWORD", "$SERVER",
+ os.path.join(bindir(), "rpcclient")])
+
plantestsuite("samba3.blackbox.rpcclient.pw-nt-hash", "simpleserver",
[os.path.join(samba3srcdir, "script/tests/test_rpcclient_pw_nt_hash.sh"),
"$USERNAME", "$PASSWORD", "$SERVER",
--
Samba Shared Repository
More information about the samba-cvs
mailing list