diff options
| author | Jeremy Allison <jra@samba.org> | 2017-04-27 20:31:40 -0700 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2017-05-03 15:58:23 +0200 |
| commit | 63f649f86009b274903f822e8389e10b7c940d09 (patch) | |
| tree | 5872f6cd347142945376b05824000452153b51a7 /source4 | |
| parent | 61d6882b54d975cef25d5498f1662285a97a6179 (diff) | |
| download | samba-63f649f86009b274903f822e8389e10b7c940d09.tar.gz | |
s4: torture: samr: Add test for dcesrc_lsa_valid_AccountRight change.
Against ad_dc we get NT_STATUS_OK, but against nt_dc we get NT_STATUS_NO_SUCH_PRIVILEGE,
so check for both. We can't use TARGET_IS_SAMBA3() here as this is set for talking to smbd
even when run under the ad_dc.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Diffstat (limited to 'source4')
| -rw-r--r-- | source4/torture/rpc/samr.c | 46 |
1 files changed, 45 insertions, 1 deletions
diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index dcdbb8ad550..92861f4c8aa 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -39,6 +39,7 @@ #include "auth/gensec/gensec.h" #include "auth/gensec/gensec_proto.h" #include "../libcli/auth/schannel.h" +#include "torture/util.h" #define TEST_ACCOUNT_NAME "samrtorturetest" #define TEST_ACCOUNT_NAME_PWD "samrpwdlastset" @@ -4778,6 +4779,41 @@ static bool test_DeleteUser_with_privs(struct dcerpc_pipe *p, } { + struct lsa_RightSet rights; + struct lsa_StringLarge names[2]; + struct lsa_AddAccountRights r; + + torture_comment(tctx, "Testing LSA AddAccountRights 1\n"); + + init_lsa_StringLarge(&names[0], "SeInteractiveLogonRight"); + init_lsa_StringLarge(&names[1], NULL); + + rights.count = 1; + rights.names = names; + + r.in.handle = lsa_handle; + r.in.sid = user_sid; + r.in.rights = &rights; + + torture_assert_ntstatus_ok(tctx, dcerpc_lsa_AddAccountRights_r(lb, tctx, &r), + "lsa_AddAccountRights 1 failed"); + + if (torture_setting_bool(tctx, "nt4_dc", false)) { + /* + * The NT4 DC doesn't implement Rights. + */ + torture_assert_ntstatus_equal(tctx, r.out.result, + NT_STATUS_NO_SUCH_PRIVILEGE, + "Add rights failed with incorrect error"); + } else { + torture_assert_ntstatus_ok(tctx, r.out.result, + "Failed to add rights"); + + } + } + + + { struct lsa_EnumAccounts r; uint32_t resume_handle = 0; struct lsa_SidArray lsa_sid_array; @@ -4810,6 +4846,14 @@ static bool test_DeleteUser_with_privs(struct dcerpc_pipe *p, { struct lsa_EnumAccountRights r; struct lsa_RightSet user_rights; + uint32_t expected_count = 2; + + if (torture_setting_bool(tctx, "nt4_dc", false)) { + /* + * NT4 DC doesn't store rights. + */ + expected_count = 1; + } torture_comment(tctx, "Testing LSA EnumAccountRights\n"); @@ -4822,7 +4866,7 @@ static bool test_DeleteUser_with_privs(struct dcerpc_pipe *p, torture_assert_ntstatus_ok(tctx, r.out.result, "Failed to enum rights for account"); - if (user_rights.count < 1) { + if (user_rights.count < expected_count) { torture_result(tctx, TORTURE_FAIL, "failed to find newly added rights"); return false; } |