The Samba-Bugzilla – Attachment 3649 Details for
Bug 4842
User Manager: Policies menu
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
LSA Patch for User Manager
lsaUserMan.patch (text/plain), 21.35 KB, created by
Matthias Dieter Wallnöfer
on 2008-09-30 05:09:19 UTC
(
hide
)
Description:
LSA Patch for User Manager
Filename:
MIME Type:
Creator:
Matthias Dieter Wallnöfer
Created:
2008-09-30 05:09:19 UTC
Size:
21.35 KB
patch
obsolete
>diff --git a/source4/librpc/idl/lsa.idl b/source4/librpc/idl/lsa.idl >index 9a6e4a2..a294ed9 100644 >--- a/source4/librpc/idl/lsa.idl >+++ b/source4/librpc/idl/lsa.idl >@@ -240,10 +240,12 @@ import "misc.idl", "security.idl"; > LSA_POLICY_INFO_ROLE=6, > LSA_POLICY_INFO_REPLICA=7, > LSA_POLICY_INFO_QUOTA=8, >- LSA_POLICY_INFO_DB=9, >+ LSA_POLICY_INFO_MOD=9, > LSA_POLICY_INFO_AUDIT_FULL_SET=10, > LSA_POLICY_INFO_AUDIT_FULL_QUERY=11, >- LSA_POLICY_INFO_DNS=12 >+ LSA_POLICY_INFO_DNS=12, >+ LSA_POLICY_INFO_DNS_INT=13, >+ LSA_POLICY_INFO_L_ACCOUNT_DOMAIN=14 > } lsa_PolicyInfo; > > typedef [switch_type(uint16)] union { >@@ -255,10 +257,12 @@ import "misc.idl", "security.idl"; > [case(LSA_POLICY_INFO_ROLE)] lsa_ServerRole role; > [case(LSA_POLICY_INFO_REPLICA)] lsa_ReplicaSourceInfo replica; > [case(LSA_POLICY_INFO_QUOTA)] lsa_DefaultQuotaInfo quota; >- [case(LSA_POLICY_INFO_DB)] lsa_ModificationInfo db; >+ [case(LSA_POLICY_INFO_MOD)] lsa_ModificationInfo mod; > [case(LSA_POLICY_INFO_AUDIT_FULL_SET)] lsa_AuditFullSetInfo auditfullset; > [case(LSA_POLICY_INFO_AUDIT_FULL_QUERY)] lsa_AuditFullQueryInfo auditfullquery; > [case(LSA_POLICY_INFO_DNS)] lsa_DnsDomainInfo dns; >+ [case(LSA_POLICY_INFO_DNS_INT)] lsa_DnsDomainInfo dns_int; >+ [case(LSA_POLICY_INFO_L_ACCOUNT_DOMAIN)] lsa_DomainInfo l_account_domain; > } lsa_PolicyInformation; > > NTSTATUS lsa_QueryInfoPolicy ( >@@ -486,23 +490,39 @@ import "misc.idl", "security.idl"; > /* Function: 0x16 */ > [todo] NTSTATUS lsa_SetQuotasForAccount(); > >+ typedef [bitmap32bit] bitmap { >+ LSA_POLICY_MODE_INTERACTIVE = 0x00000001, >+ LSA_POLICY_MODE_NETWORK = 0x00000002, >+ LSA_POLICY_MODE_BATCH = 0x00000004, >+ LSA_POLICY_MODE_SERVICE = 0x00000010, >+ LSA_POLICY_MODE_PROXY = 0x00000020, >+ LSA_POLICY_MODE_DENY_INTERACTIVE = 0x00000040, >+ LSA_POLICY_MODE_DENY_NETWORK = 0x00000080, >+ LSA_POLICY_MODE_DENY_BATCH = 0x00000100, >+ LSA_POLICY_MODE_DENY_SERVICE = 0x00000200, >+ LSA_POLICY_MODE_REMOTE_INTERACTIVE = 0x00000400, >+ LSA_POLICY_MODE_DENY_REMOTE_INTERACTIVE = 0x00000800, >+ LSA_POLICY_MODE_ALL = 0x00000FF7, >+ LSA_POLICY_MODE_ALL_NT4 = 0x00000037 >+ } lsa_SystemAccessModeFlags; >+ > /* Function: 0x17 */ > NTSTATUS lsa_GetSystemAccessAccount( >- [in] policy_handle *handle, >+ [in] policy_handle *handle, > [out,ref] uint32 *access_mask > ); > > /* Function: 0x18 */ > NTSTATUS lsa_SetSystemAccessAccount( >- [in] policy_handle *handle, >- [in] uint32 access_mask >+ [in] policy_handle *handle, >+ [in] uint32 access_mask > ); > > /* Function: 0x19 */ > NTSTATUS lsa_OpenTrustedDomain( > [in] policy_handle *handle, > [in] dom_sid2 *sid, >- [in] uint32 access_mask, >+ [in] uint32 access_mask, > [out] policy_handle *trustdom_handle > ); > >diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c >index 7b15241..edfeb0a 100644 >--- a/source4/rpc_server/lsa/dcesrv_lsa.c >+++ b/source4/rpc_server/lsa/dcesrv_lsa.c >@@ -393,6 +393,19 @@ static WERROR dcesrv_dssetup_DsRoleGetPrimaryDomainInformation(struct dcesrv_cal > return WERR_INVALID_PARAM; > } > >+/* >+ fill in the AuditEvents info >+*/ >+static NTSTATUS dcesrv_lsa_info_AuditEvents(struct lsa_policy_state *state, >+ TALLOC_CTX *mem_ctx, struct lsa_AuditEventsInfo *info) >+{ >+ /* TODO: auditing disabled at the moment */ >+ info->auditing_mode = 0; >+ info->settings = NULL; >+ info->count = 0; >+ >+ return NT_STATUS_OK; >+} > > /* > fill in the AccountDomain info >@@ -444,15 +457,26 @@ static NTSTATUS dcesrv_lsa_QueryInfoPolicy2(struct dcesrv_call_state *dce_call, > ZERO_STRUCTP(r->out.info); > > switch (r->in.level) { >+ case LSA_POLICY_INFO_AUDIT_EVENTS: >+ return dcesrv_lsa_info_AuditEvents(state, mem_ctx, &r->out.info->audit_events); >+ > case LSA_POLICY_INFO_DOMAIN: >+ return dcesrv_lsa_info_AccountDomain(state, mem_ctx, &r->out.info->domain); >+ > case LSA_POLICY_INFO_ACCOUNT_DOMAIN: > return dcesrv_lsa_info_AccountDomain(state, mem_ctx, &r->out.info->account_domain); > > case LSA_POLICY_INFO_DNS: > return dcesrv_lsa_info_DNS(state, mem_ctx, &r->out.info->dns); >- case LSA_POLICY_INFO_DB: >+ >+ case LSA_POLICY_INFO_DNS_INT: >+ return dcesrv_lsa_info_DNS(state, mem_ctx, &r->out.info->dns_int); >+ >+ case LSA_POLICY_INFO_L_ACCOUNT_DOMAIN: >+ return dcesrv_lsa_info_AccountDomain(state, mem_ctx, &r->out.info->l_account_domain); >+ >+ case LSA_POLICY_INFO_MOD: > case LSA_POLICY_INFO_AUDIT_FULL_SET: >- case LSA_POLICY_INFO_AUDIT_FULL_QUERY: > return NT_STATUS_INVALID_PARAMETER; > } > >@@ -1951,7 +1975,36 @@ static NTSTATUS dcesrv_lsa_SetQuotasForAccount(struct dcesrv_call_state *dce_cal > static NTSTATUS dcesrv_lsa_GetSystemAccessAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, > struct lsa_GetSystemAccessAccount *r) > { >- DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); >+ int i; >+ NTSTATUS status; >+ struct lsa_EnumPrivsAccount enumPrivs; >+ >+ enumPrivs.in.handle = r->in.handle; >+ >+ status = dcesrv_lsa_EnumPrivsAccount(dce_call, mem_ctx, &enumPrivs); >+ if (!NT_STATUS_IS_OK(status)) { >+ return status; >+ } >+ >+ *(r->out.access_mask) = 0x00000000; >+ >+ for (i = 0; i < enumPrivs.out.privs->count; i++) { >+ int priv = enumPrivs.out.privs->set[i].luid.low; >+ >+ switch (priv) { >+ case SEC_PRIV_INTERACTIVE_LOGON: >+ *(r->out.access_mask) |= LSA_POLICY_MODE_INTERACTIVE; >+ break; >+ case SEC_PRIV_NETWORK_LOGON: >+ *(r->out.access_mask) |= LSA_POLICY_MODE_NETWORK; >+ break; >+ case SEC_PRIV_REMOTE_INTERACTIVE_LOGON: >+ *(r->out.access_mask) |= LSA_POLICY_MODE_REMOTE_INTERACTIVE; >+ break; >+ } >+ } >+ >+ return NT_STATUS_OK; > } > > >diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c >index af5ee4f..91294b1 100644 >--- a/source4/torture/rpc/lsa.c >+++ b/source4/torture/rpc/lsa.c >@@ -46,7 +46,7 @@ static bool test_OpenPolicy(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) > NTSTATUS status; > uint16_t system_name = '\\'; > >- printf("\ntesting OpenPolicy\n"); >+ printf("\nTesting OpenPolicy\n"); > > qos.len = 0; > qos.impersonation_level = 2; >@@ -88,7 +88,7 @@ bool test_lsa_OpenPolicy2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, > struct lsa_OpenPolicy2 r; > NTSTATUS status; > >- printf("\ntesting OpenPolicy2\n"); >+ printf("\nTesting OpenPolicy2\n"); > > *handle = talloc(mem_ctx, struct policy_handle); > if (!*handle) { >@@ -780,7 +780,7 @@ static bool test_LookupPrivName(struct dcerpc_pipe *p, > } > > static bool test_RemovePrivilegesFromAccount(struct dcerpc_pipe *p, >- TALLOC_CTX *mem_ctx, >+ TALLOC_CTX *mem_ctx, > struct policy_handle *handle, > struct policy_handle *acct_handle, > struct lsa_LUID *luid) >@@ -790,7 +790,7 @@ static bool test_RemovePrivilegesFromAccount(struct dcerpc_pipe *p, > struct lsa_PrivilegeSet privs; > bool ret = true; > >- printf("Testing RemovePrivilegesFromAccount\n"); >+ printf("\nTesting RemovePrivilegesFromAccount\n"); > > r.in.handle = acct_handle; > r.in.remove_all = 0; >@@ -830,7 +830,7 @@ static bool test_RemovePrivilegesFromAccount(struct dcerpc_pipe *p, > } > > static bool test_AddPrivilegesToAccount(struct dcerpc_pipe *p, >- TALLOC_CTX *mem_ctx, >+ TALLOC_CTX *mem_ctx, > struct policy_handle *acct_handle, > struct lsa_LUID *luid) > { >@@ -839,7 +839,7 @@ static bool test_AddPrivilegesToAccount(struct dcerpc_pipe *p, > struct lsa_PrivilegeSet privs; > bool ret = true; > >- printf("Testing AddPrivilegesToAccount\n"); >+ printf("\nTesting AddPrivilegesToAccount\n"); > > r.in.handle = acct_handle; > r.in.privs = &privs; >@@ -860,7 +860,7 @@ static bool test_AddPrivilegesToAccount(struct dcerpc_pipe *p, > } > > static bool test_EnumPrivsAccount(struct dcerpc_pipe *p, >- TALLOC_CTX *mem_ctx, >+ TALLOC_CTX *mem_ctx, > struct policy_handle *handle, > struct policy_handle *acct_handle) > { >@@ -868,7 +868,7 @@ static bool test_EnumPrivsAccount(struct dcerpc_pipe *p, > struct lsa_EnumPrivsAccount r; > bool ret = true; > >- printf("Testing EnumPrivsAccount\n"); >+ printf("\nTesting EnumPrivsAccount\n"); > > r.in.handle = acct_handle; > >@@ -894,6 +894,60 @@ static bool test_EnumPrivsAccount(struct dcerpc_pipe *p, > return ret; > } > >+static bool test_GetSystemAccessAccount(struct dcerpc_pipe *p, >+ TALLOC_CTX *mem_ctx, >+ struct policy_handle *handle, >+ struct policy_handle *acct_handle) >+{ >+ NTSTATUS status; >+ uint32_t access_mask; >+ struct lsa_GetSystemAccessAccount r; >+ >+ printf("\nTesting GetSystemAccessAccount\n"); >+ >+ r.in.handle = acct_handle; >+ r.out.access_mask = &access_mask; >+ >+ status = dcerpc_lsa_GetSystemAccessAccount(p, mem_ctx, &r); >+ if (!NT_STATUS_IS_OK(status)) { >+ printf("GetSystemAccessAccount failed - %s\n", nt_errstr(status)); >+ return false; >+ } >+ >+ if (r.out.access_mask != NULL) { >+ printf("Rights:"); >+ if (*(r.out.access_mask) & LSA_POLICY_MODE_INTERACTIVE) >+ printf(" LSA_POLICY_MODE_INTERACTIVE"); >+ if (*(r.out.access_mask) & LSA_POLICY_MODE_NETWORK) >+ printf(" LSA_POLICY_MODE_NETWORK"); >+ if (*(r.out.access_mask) & LSA_POLICY_MODE_BATCH) >+ printf(" LSA_POLICY_MODE_BATCH"); >+ if (*(r.out.access_mask) & LSA_POLICY_MODE_SERVICE) >+ printf(" LSA_POLICY_MODE_SERVICE"); >+ if (*(r.out.access_mask) & LSA_POLICY_MODE_PROXY) >+ printf(" LSA_POLICY_MODE_PROXY"); >+ if (*(r.out.access_mask) & LSA_POLICY_MODE_DENY_INTERACTIVE) >+ printf(" LSA_POLICY_MODE_DENY_INTERACTIVE"); >+ if (*(r.out.access_mask) & LSA_POLICY_MODE_DENY_NETWORK) >+ printf(" LSA_POLICY_MODE_DENY_NETWORK"); >+ if (*(r.out.access_mask) & LSA_POLICY_MODE_DENY_BATCH) >+ printf(" LSA_POLICY_MODE_DENY_BATCH"); >+ if (*(r.out.access_mask) & LSA_POLICY_MODE_DENY_SERVICE) >+ printf(" LSA_POLICY_MODE_DENY_SERVICE"); >+ if (*(r.out.access_mask) & LSA_POLICY_MODE_REMOTE_INTERACTIVE) >+ printf(" LSA_POLICY_MODE_REMOTE_INTERACTIVE"); >+ if (*(r.out.access_mask) & LSA_POLICY_MODE_DENY_REMOTE_INTERACTIVE) >+ printf(" LSA_POLICY_MODE_DENY_REMOTE_INTERACTIVE"); >+ if (*(r.out.access_mask) & LSA_POLICY_MODE_ALL) >+ printf(" LSA_POLICY_MODE_ALL"); >+ if (*(r.out.access_mask) & LSA_POLICY_MODE_ALL_NT4) >+ printf(" LSA_POLICY_MODE_ALL_NT4"); >+ printf("\n"); >+ } >+ >+ return true; >+} >+ > static bool test_Delete(struct dcerpc_pipe *p, > TALLOC_CTX *mem_ctx, > struct policy_handle *handle) >@@ -901,7 +955,7 @@ static bool test_Delete(struct dcerpc_pipe *p, > NTSTATUS status; > struct lsa_Delete r; > >- printf("testing Delete\n"); >+ printf("\nTesting Delete\n"); > > r.in.handle = handle; > status = dcerpc_lsa_Delete(p, mem_ctx, &r); >@@ -920,13 +974,13 @@ static bool test_DeleteObject(struct dcerpc_pipe *p, > NTSTATUS status; > struct lsa_DeleteObject r; > >- printf("testing DeleteObject\n"); >+ printf("\nTesting DeleteObject\n"); > > r.in.handle = handle; > r.out.handle = handle; > status = dcerpc_lsa_DeleteObject(p, mem_ctx, &r); > if (!NT_STATUS_IS_OK(status)) { >- printf("Delete failed - %s\n", nt_errstr(status)); >+ printf("DeleteObject failed - %s\n", nt_errstr(status)); > return false; > } > >@@ -945,7 +999,7 @@ static bool test_CreateAccount(struct dcerpc_pipe *p, > > newsid = dom_sid_parse_talloc(mem_ctx, "S-1-5-12349876-4321-2854"); > >- printf("Testing CreateAccount\n"); >+ printf("\nTesting CreateAccount\n"); > > r.in.handle = handle; > r.in.sid = newsid; >@@ -997,7 +1051,7 @@ static bool test_DeleteTrustedDomain(struct dcerpc_pipe *p, > > status = dcerpc_lsa_OpenTrustedDomainByName(p, mem_ctx, &r); > if (!NT_STATUS_IS_OK(status)) { >- printf("lsa_OpenTrustedDomainByName failed - %s\n", nt_errstr(status)); >+ printf("OpenTrustedDomainByName failed - %s\n", nt_errstr(status)); > return false; > } > >@@ -1025,7 +1079,7 @@ static bool test_DeleteTrustedDomainBySid(struct dcerpc_pipe *p, > > status = dcerpc_lsa_DeleteTrustedDomain(p, mem_ctx, &r); > if (!NT_STATUS_IS_OK(status)) { >- printf("lsa_DeleteTrustedDomain failed - %s\n", nt_errstr(status)); >+ printf("DeleteTrustedDomain failed - %s\n", nt_errstr(status)); > return false; > } > >@@ -1071,7 +1125,7 @@ static bool test_CreateSecret(struct dcerpc_pipe *p, > secname[GLOBAL] = talloc_asprintf(mem_ctx, "G$torturesecret-%u", (uint_t)random()); > > for (i=0; i< 2; i++) { >- printf("Testing CreateSecret of %s\n", secname[i]); >+ printf("\nTesting CreateSecret of %s\n", secname[i]); > > init_lsa_String(&r.in.name, secname[i]); > >@@ -1383,7 +1437,7 @@ static bool test_EnumAccountRights(struct dcerpc_pipe *p, > struct lsa_EnumAccountRights r; > struct lsa_RightSet rights; > >- printf("Testing EnumAccountRights\n"); >+ printf("\nTesting EnumAccountRights\n"); > > r.in.handle = acct_handle; > r.in.sid = sid; >@@ -1409,11 +1463,11 @@ static bool test_QuerySecurity(struct dcerpc_pipe *p, > struct lsa_QuerySecurity r; > > if (torture_setting_bool(tctx, "samba4", false)) { >- printf("skipping QuerySecurity test against Samba4\n"); >+ printf("\nskipping QuerySecurity test against Samba4\n"); > return true; > } > >- printf("Testing QuerySecurity\n"); >+ printf("\nTesting QuerySecurity\n"); > > r.in.handle = acct_handle; > r.in.sec_info = 7; >@@ -1436,7 +1490,7 @@ static bool test_OpenAccount(struct dcerpc_pipe *p, > struct lsa_OpenAccount r; > struct policy_handle acct_handle; > >- printf("Testing OpenAccount\n"); >+ printf("\nTesting OpenAccount\n"); > > r.in.handle = handle; > r.in.sid = sid; >@@ -1453,6 +1507,10 @@ static bool test_OpenAccount(struct dcerpc_pipe *p, > return false; > } > >+ if (!test_GetSystemAccessAccount(p, mem_ctx, handle, &acct_handle)) { >+ return false; >+ } >+ > if (!test_QuerySecurity(p, mem_ctx, handle, &acct_handle)) { > return false; > } >@@ -1471,7 +1529,7 @@ static bool test_EnumAccounts(struct dcerpc_pipe *p, > int i; > bool ret = true; > >- printf("\ntesting EnumAccounts\n"); >+ printf("\nTesting EnumAccounts\n"); > > r.in.handle = handle; > r.in.resume_handle = &resume_handle; >@@ -1502,7 +1560,7 @@ static bool test_EnumAccounts(struct dcerpc_pipe *p, > * be on schannel, or we would not be able to do the > * rest */ > >- printf("testing all accounts\n"); >+ printf("Testing all accounts\n"); > for (i=0;i<sids1.num_sids;i++) { > ret &= test_OpenAccount(p, mem_ctx, handle, sids1.sids[i].sid); > ret &= test_EnumAccountRights(p, mem_ctx, handle, sids1.sids[i].sid); >@@ -1514,7 +1572,7 @@ static bool test_EnumAccounts(struct dcerpc_pipe *p, > return ret; > } > >- printf("trying EnumAccounts partial listing (asking for 1 at 2)\n"); >+ printf("Trying EnumAccounts partial listing (asking for 1 at 2)\n"); > resume_handle = 2; > r.in.num_entries = 1; > r.out.sids = &sids2; >@@ -1544,7 +1602,7 @@ static bool test_LookupPrivDisplayName(struct dcerpc_pipe *p, > terminals */ > uint16_t language_id = (random() % 4) + 0x409; > >- printf("testing LookupPrivDisplayName(%s)\n", priv_name->string); >+ printf("\nTesting LookupPrivDisplayName(%s)\n", priv_name->string); > > r.in.handle = handle; > r.in.name = priv_name; >@@ -1575,7 +1633,7 @@ static bool test_EnumAccountsWithUserRight(struct dcerpc_pipe *p, > > ZERO_STRUCT(sids); > >- printf("testing EnumAccountsWithUserRight(%s)\n", priv_name->string); >+ printf("\nTesting EnumAccountsWithUserRight(%s)\n", priv_name->string); > > r.in.handle = handle; > r.in.name = priv_name; >@@ -1608,7 +1666,7 @@ static bool test_EnumPrivs(struct dcerpc_pipe *p, > int i; > bool ret = true; > >- printf("\ntesting EnumPrivs\n"); >+ printf("\nTesting EnumPrivs\n"); > > r.in.handle = handle; > r.in.resume_handle = &resume_handle; >@@ -1990,7 +2048,7 @@ static bool test_CreateTrustedDomain(struct dcerpc_pipe *p, > struct lsa_QueryTrustedDomainInfo q; > int i; > >- printf("Testing CreateTrustedDomain for 12 domains\n"); >+ printf("\nTesting CreateTrustedDomain for 12 domains\n"); > > if (!test_EnumTrustDom(p, mem_ctx, handle)) { > ret = false; >@@ -2086,7 +2144,7 @@ static bool test_CreateTrustedDomainEx2(struct dcerpc_pipe *p, > enum ndr_err_code ndr_err; > int i; > >- printf("Testing CreateTrustedDomainEx2 for 12 domains\n"); >+ printf("\nTesting CreateTrustedDomainEx2 for 12 domains\n"); > > status = dcerpc_fetch_session_key(p, &session_key); > if (!NT_STATUS_IS_OK(status)) { >@@ -2214,7 +2272,7 @@ static bool test_QueryDomainInfoPolicy(struct dcerpc_pipe *p, > r.in.handle = handle; > r.in.level = i; > >- printf("\ntrying QueryDomainInformationPolicy level %d\n", i); >+ printf("\nTrying QueryDomainInformationPolicy level %d\n", i); > > status = dcerpc_lsa_QueryDomainInformationPolicy(p, tctx, &r); > >@@ -2232,38 +2290,56 @@ static bool test_QueryDomainInfoPolicy(struct dcerpc_pipe *p, > } > > >-static bool test_QueryInfoPolicy(struct dcerpc_pipe *p, >- struct torture_context *tctx, >- struct policy_handle *handle) >+static bool test_QueryInfoPolicyCalls( bool version2, >+ struct dcerpc_pipe *p, >+ struct torture_context *tctx, >+ struct policy_handle *handle) > { > struct lsa_QueryInfoPolicy r; > NTSTATUS status; > int i; > bool ret = true; >- printf("\nTesting QueryInfoPolicy\n"); > >- for (i=1;i<13;i++) { >+ if (version2) >+ printf("\nTesting QueryInfoPolicy2\n"); >+ else >+ printf("\nTesting QueryInfoPolicy\n"); >+ >+ for (i=1;i<15;i++) { > r.in.handle = handle; > r.in.level = i; > >- printf("\ntrying QueryInfoPolicy level %d\n", i); >+ if (version2) >+ printf("\nTrying QueryInfoPolicy2 level %d\n", i); >+ else >+ printf("\nTrying QueryInfoPolicy level %d\n", i); > >- status = dcerpc_lsa_QueryInfoPolicy(p, tctx, &r); >+ if (version2) >+ /* We can perform the cast, because both types are >+ structurally equal */ >+ status = dcerpc_lsa_QueryInfoPolicy2(p, tctx, >+ (struct lsa_QueryInfoPolicy2*) &r); >+ else >+ status = dcerpc_lsa_QueryInfoPolicy(p, tctx, &r); > > switch (i) { >- case LSA_POLICY_INFO_DB: >+ case LSA_POLICY_INFO_MOD: > case LSA_POLICY_INFO_AUDIT_FULL_SET: >- case LSA_POLICY_INFO_AUDIT_FULL_QUERY: > if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) { >- printf("server should have failed level %u: %s\n", i, nt_errstr(status)); >+ printf("Server should have failed level %u: %s\n", i, nt_errstr(status)); > ret = false; > } > break; > case LSA_POLICY_INFO_DOMAIN: > case LSA_POLICY_INFO_ACCOUNT_DOMAIN: >+ case LSA_POLICY_INFO_L_ACCOUNT_DOMAIN: > case LSA_POLICY_INFO_DNS: >+ case LSA_POLICY_INFO_DNS_INT: > if (!NT_STATUS_IS_OK(status)) { >- printf("QueryInfoPolicy failed - %s\n", nt_errstr(status)); >+ if (version2) >+ printf("QueryInfoPolicy2 failed - %s\n", nt_errstr(status)); >+ else >+ printf("QueryInfoPolicy failed - %s\n", nt_errstr(status)); > ret = false; > } > break; >@@ -2271,17 +2347,24 @@ static bool test_QueryInfoPolicy(struct dcerpc_pipe *p, > if (torture_setting_bool(tctx, "samba4", false)) { > /* Other levels not implemented yet */ > if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_INFO_CLASS)) { >- printf("QueryInfoPolicy failed - %s\n", nt_errstr(status)); >+ if (version2) >+ printf("QueryInfoPolicy2 failed - %s\n", nt_errstr(status)); >+ else >+ printf("QueryInfoPolicy failed - %s\n", nt_errstr(status)); > ret = false; > } > } else if (!NT_STATUS_IS_OK(status)) { >- printf("QueryInfoPolicy failed - %s\n", nt_errstr(status)); >+ if (version2) >+ printf("QueryInfoPolicy2 failed - %s\n", nt_errstr(status)); >+ else >+ printf("QueryInfoPolicy failed - %s\n", nt_errstr(status)); > ret = false; > } > break; > } > >- if (NT_STATUS_IS_OK(status) && i == LSA_POLICY_INFO_DNS) { >+ if (NT_STATUS_IS_OK(status) && (i == LSA_POLICY_INFO_DNS >+ || i == LSA_POLICY_INFO_DNS_INT)) { > /* Let's look up some of these names */ > > struct lsa_TransNameArray tnames; >@@ -2323,56 +2406,18 @@ static bool test_QueryInfoPolicy(struct dcerpc_pipe *p, > return ret; > } > >+static bool test_QueryInfoPolicy(struct dcerpc_pipe *p, >+ struct torture_context *tctx, >+ struct policy_handle *handle) >+{ >+ return test_QueryInfoPolicyCalls(false, p, tctx, handle); >+} >+ > static bool test_QueryInfoPolicy2(struct dcerpc_pipe *p, > struct torture_context *tctx, > struct policy_handle *handle) > { >- struct lsa_QueryInfoPolicy2 r; >- NTSTATUS status; >- int i; >- bool ret = true; >- printf("\nTesting QueryInfoPolicy2\n"); >- for (i=1;i<13;i++) { >- r.in.handle = handle; >- r.in.level = i; >- >- printf("\ntrying QueryInfoPolicy2 level %d\n", i); >- >- status = dcerpc_lsa_QueryInfoPolicy2(p, tctx, &r); >- >- switch (i) { >- case LSA_POLICY_INFO_DB: >- case LSA_POLICY_INFO_AUDIT_FULL_SET: >- case LSA_POLICY_INFO_AUDIT_FULL_QUERY: >- if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) { >- printf("server should have failed level %u: %s\n", i, nt_errstr(status)); >- ret = false; >- } >- break; >- case LSA_POLICY_INFO_DOMAIN: >- case LSA_POLICY_INFO_ACCOUNT_DOMAIN: >- case LSA_POLICY_INFO_DNS: >- if (!NT_STATUS_IS_OK(status)) { >- printf("QueryInfoPolicy2 failed - %s\n", nt_errstr(status)); >- ret = false; >- } >- break; >- default: >- if (torture_setting_bool(tctx, "samba4", false)) { >- /* Other levels not implemented yet */ >- if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_INFO_CLASS)) { >- printf("QueryInfoPolicy2 failed - %s\n", nt_errstr(status)); >- ret = false; >- } >- } else if (!NT_STATUS_IS_OK(status)) { >- printf("QueryInfoPolicy2 failed - %s\n", nt_errstr(status)); >- ret = false; >- } >- break; >- } >- } >- >- return ret; >+ return test_QueryInfoPolicyCalls(true, p, tctx, handle); > } > > static bool test_GetUserName(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) >@@ -2407,7 +2452,7 @@ bool test_lsa_Close(struct dcerpc_pipe *p, > struct lsa_Close r; > struct policy_handle handle2; > >- printf("\ntesting Close\n"); >+ printf("\nTesting Close\n"); > > r.in.handle = handle; > r.out.handle = &handle2;
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 4842
:
3190
|
3642
|
3648
|
3649
|
3657