[SCM] Samba Shared Repository - branch master updated

Wed Mar 11 09:53:02 UTC 2020

The branch, master has been updated
       via  808d6c0c533 selftest: Add test for rpcclient LSA lookup calls
       via  00ab6349e22 rpcclient: Ask for minimal permissions for SID and name lookups
      from  12596a3a8d0 libcli: Align integer types

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 808d6c0c533b63cb2efac25755e09b72fdf65a87
Author: Christof Schmitt <cs at samba.org>
Date:   Mon Mar 9 16:25:00 2020 -0700

    selftest: Add test for rpcclient LSA lookup calls
    
    Signed-off-by: Christof Schmitt <cs at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    
    Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
    Autobuild-Date(master): Wed Mar 11 09:52:44 UTC 2020 on sn-devel-184

commit 00ab6349e220ee9976eaec9ab599458925a16010
Author: Christof Schmitt <cs at samba.org>
Date:   Mon Mar 9 14:21:41 2020 -0700

    rpcclient: Ask for minimal permissions for SID and name lookups
    
    The RPC calls to lookup SIDS and names only require the
    POLICY_LOOKUP_NAMES permission. Only ask for that instead of the
    MAXIMUM_ALLOWED flag. This allows these calls to work against a NetApp
    that does not accept MAXIMUM_ALLOWED (see bugzilla 11105).
    
    Signed-off-by: Christof Schmitt <cs at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 source3/rpcclient/cmd_lsarpc.c                | 16 +++++-----
 source3/script/tests/test_rpcclient_lookup.sh | 42 +++++++++++++++++++++++++++
 source3/selftest/tests.py                     |  5 ++++
 3 files changed, 55 insertions(+), 8 deletions(-)
 create mode 100755 source3/script/tests/test_rpcclient_lookup.sh


Changeset truncated at 500 lines:

diff --git a/source3/rpcclient/cmd_lsarpc.c b/source3/rpcclient/cmd_lsarpc.c
index abb454331c2..aae1a5b629d 100644
--- a/source3/rpcclient/cmd_lsarpc.c
+++ b/source3/rpcclient/cmd_lsarpc.c
@@ -237,8 +237,8 @@ static NTSTATUS cmd_lsa_lookup_names(struct rpc_pipe_client *cli,
 	}
 
 	status = rpccli_lsa_open_policy(cli, mem_ctx, True,
-				     SEC_FLAG_MAXIMUM_ALLOWED,
-				     &pol);
+					LSA_POLICY_LOOKUP_NAMES,
+					&pol);
 
 	if (!NT_STATUS_IS_OK(status))
 		goto done;
@@ -288,8 +288,8 @@ static NTSTATUS cmd_lsa_lookup_names_level(struct rpc_pipe_client *cli,
 	}
 
 	status = rpccli_lsa_open_policy(cli, mem_ctx, True,
-				     SEC_FLAG_MAXIMUM_ALLOWED,
-				     &pol);
+					LSA_POLICY_LOOKUP_NAMES,
+					&pol);
 	if (!NT_STATUS_IS_OK(status)) {
 		goto done;
 	}
@@ -406,8 +406,8 @@ static NTSTATUS cmd_lsa_lookup_sids(struct rpc_pipe_client *cli, TALLOC_CTX *mem
 	}
 
 	status = rpccli_lsa_open_policy(cli, mem_ctx, True,
-				     SEC_FLAG_MAXIMUM_ALLOWED,
-				     &pol);
+					LSA_POLICY_LOOKUP_NAMES,
+					&pol);
 
 	if (!NT_STATUS_IS_OK(status))
 		goto done;
@@ -481,8 +481,8 @@ static NTSTATUS cmd_lsa_lookup_sids_level(struct rpc_pipe_client *cli,
 	}
 
 	status = rpccli_lsa_open_policy(cli, mem_ctx, True,
-				     SEC_FLAG_MAXIMUM_ALLOWED,
-				     &pol);
+					LSA_POLICY_LOOKUP_NAMES,
+					&pol);
 	if (!NT_STATUS_IS_OK(status)) {
 		goto done;
 	}
diff --git a/source3/script/tests/test_rpcclient_lookup.sh b/source3/script/tests/test_rpcclient_lookup.sh
new file mode 100755
index 00000000000..d404c5feaec
--- /dev/null
+++ b/source3/script/tests/test_rpcclient_lookup.sh
@@ -0,0 +1,42 @@
+#!/bin/sh
+#
+# Blackbox tests for the rpcclient LSA lookup commands
+#
+# Copyright (C) 2020 Christof Schmitt
+
+if [ $# -lt 4 ]; then
+cat <<EOF
+Usage: test_net_srvsvc.sh USERNAME PASSWORD SERVER RPCCLIENT
+EOF
+exit 1;
+fi
+
+USERNAME="$1"
+PASSWORD="$2"
+SERVER="$3"
+RPCCLIENT="$4"
+
+RPCCLIENTCMD="$RPCCLIENT $SERVER -U$USERNAME%$PASSWORD"
+
+incdir=$(dirname $0)/../../../testprogs/blackbox
+. $incdir/subunit.sh
+
+failed=0
+
+$RPCCLIENTCMD -c "lookupsids S-1-1-0"
+RC=$?
+testit "lookupsids" test $RC -eq 0 || failed=$(expr $failed + 1)
+
+$RPCCLIENTCMD -c "lookupsids_level 1 S-1-1-0"
+RC=$?
+testit "lookupsids_level" test $RC -eq 0 || failed=$(expr $failed + 1)
+
+$RPCCLIENTCMD -c "lookupnames Everyone"
+RC=$?
+testit "lookupnames" test $RC -eq 0 || failed=$(expr $failed + 1)
+
+$RPCCLIENTCMD -c "lookupnames_level 1 Everyone"
+RC=$?
+testit "lookupnames_level" test $RC -eq 0 || failed=$(expr $failed + 1)
+
+testok $0 $failed
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index fa7b6c3772a..c4305a45908 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -860,6 +860,11 @@ plantestsuite("samba3.blackbox.rpcclient_srvsvc", "simpleserver",
                "$USERNAME", "$PASSWORD", "$SERVER",
                os.path.join(bindir(), "rpcclient"), "tmp"])
 
+plantestsuite("samba3.blackbox.rpcclient_lookup", "simpleserver",
+              [os.path.join(samba3srcdir, "script/tests/test_rpcclient_lookup.sh"),
+               "$USERNAME", "$PASSWORD", "$SERVER",
+               os.path.join(bindir(), "rpcclient")])
+
 plantestsuite("samba3.blackbox.rpcclient.pw-nt-hash", "simpleserver",
               [os.path.join(samba3srcdir, "script/tests/test_rpcclient_pw_nt_hash.sh"),
                "$USERNAME", "$PASSWORD", "$SERVER",


-- 
Samba Shared Repository

