[PATCH] lsa4_srv: Factor out dcesrc_lsa_valid_AccountRight()

[Jeremy Allison]

On Fri, Apr 28, 2017 at 07:11:55AM +1200, Andrew Bartlett via samba-technical wrote:
> On Thu, 2017-04-27 at 17:28 +0200, vl--- via samba-technical wrote:
> > Hi!
> > 
> > Push appreciated!
> 
> Any chance of a test, so we don't regress on this again?
> 
> Either blackbox on the indicated command, python (I find this the
> easiest way to do these nowadays) or in the lsa tests in smbtorture?

RB+ and pushed the original patch, as I've created a
test for it.

Please review and push the test if happy (without Volker's patch
this test correctly fails, passes with it).

Cheers,

	Jeremy.
-------------- next part --------------
diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
index dcdbb8a..4ff2038 100644
--- a/source4/torture/rpc/samr.c
+++ b/source4/torture/rpc/samr.c
@@ -4778,6 +4778,30 @@ static bool test_DeleteUser_with_privs(struct dcerpc_pipe *p,
 	}
 
 	{
+		struct lsa_RightSet rights;
+		struct lsa_StringLarge names[2];
+		struct lsa_AddAccountRights r;
+
+		torture_comment(tctx, "Testing LSA AddAccountRights 1\n");
+
+		init_lsa_StringLarge(&names[0], "SeInteractiveLogonRight");
+		init_lsa_StringLarge(&names[1], NULL);
+
+		rights.count = 1;
+		rights.names = names;
+
+		r.in.handle = lsa_handle;
+		r.in.sid = user_sid;
+		r.in.rights = &rights;
+
+		torture_assert_ntstatus_ok(tctx, dcerpc_lsa_AddAccountRights_r(lb, tctx, &r),
+			"lsa_AddAccountRights 1 failed");
+		torture_assert_ntstatus_ok(tctx, r.out.result,
+			"Failed to add rights");
+	}
+
+
+	{
 		struct lsa_EnumAccounts r;
 		uint32_t resume_handle = 0;
 		struct lsa_SidArray lsa_sid_array;
@@ -4822,7 +4846,7 @@ static bool test_DeleteUser_with_privs(struct dcerpc_pipe *p,
 		torture_assert_ntstatus_ok(tctx, r.out.result,
 			"Failed to enum rights for account");
 
-		if (user_rights.count < 1) {
+		if (user_rights.count < 2) {
 			torture_result(tctx, TORTURE_FAIL, "failed to find newly added rights");
 			return false;
 		}