changed = true;
*password = newpass;
} else if (!NT_STATUS_EQUAL(NT_STATUS_PASSWORD_RESTRICTION, r.out.result)) {
- torture_warning(tctx, "ChangePasswordUser failed: expected NT_STATUS_NT_CROSS_ENCRYPTION_REQUIRED, got %s\n", nt_errstr(r.out.result));
+ torture_warning(tctx, "ChangePasswordUser failed: expected NT_STATUS_OK, or at least NT_STATUS_PASSWORD_RESTRICTION, got %s\n", nt_errstr(r.out.result));
ret = false;
}
torture_comment(tctx, "Testing GetAliasMembership\n");
- if (torture_setting_bool(tctx, "samba4", false)) {
- torture_skip(tctx, "skipping GetAliasMembership against s4");
- }
-
r.in.domain_handle = domain_handle;
r.in.sids = &sids;
r.out.rids = &rids;
torture_assert_ntstatus_ok(tctx, dcerpc_schannel_creds(p->conn->security_state.generic_state, tctx, &creds), "");
- if (lp_client_lanman_auth(tctx->lp_ctx)) {
+ if (lpcfg_client_lanman_auth(tctx->lp_ctx)) {
flags |= CLI_CRED_LANMAN_AUTH;
}
- if (lp_client_ntlmv2_auth(tctx->lp_ctx)) {
+ if (lpcfg_client_ntlmv2_auth(tctx->lp_ctx)) {
flags |= CLI_CRED_NTLMv2_AUTH;
}
};
struct dcerpc_pipe *np = NULL;
- if (torture_setting_bool(tctx, "samba3", false)) {
+ if (torture_setting_bool(tctx, "samba3", false) ||
+ torture_setting_bool(tctx, "samba4", false)) {
delay = 999999;
torture_comment(tctx, "Samba3 has second granularity, setting delay to: %d\n",
delay);
password,
machine_credentials,
query_levels[q],
- &pwdlastset_old,
+ &pwdlastset_new,
expected_samlogon_result)) {
ret = false;
}
"been set\n");
break;
}
+ break;
default:
if (pwdlastset_new != 0) {
torture_warning(tctx, "pwdLastSet test failed: "
ret = false;
}
break;
- default:
- if ((pwdlastset_old > 0) && (pwdlastset_new > 0) &&
- (pwdlastset_old >= pwdlastset_new)) {
- torture_warning(tctx, "pwdlastset not increasing\n");
- ret = false;
- }
- break;
}
+ pwdlastset_old = pwdlastset_new;
+
usleep(delay);
/* set #2 */
case 21:
case 23:
case 25:
-
/* SAMR_FIELD_EXPIRED_FLAG has not been set and no
* password has been changed, old and new pwdlastset
* need to be the same value */
pwdlastset_new, "pwdlastset must be equal");
break;
}
+ break;
default:
if (pwdlastset_old >= pwdlastset_new) {
torture_warning(tctx, "pwdLastSet test failed: "
pwdlastset_new);
ret = false;
}
+ break;
}
switch (levels[l]) {
ret = false;
}
break;
- default:
- if ((pwdlastset_old > 0) && (pwdlastset_new > 0) &&
- (pwdlastset_old >= pwdlastset_new)) {
- torture_warning(tctx, "pwdlastset not increasing\n");
- ret = false;
- }
- break;
}
pwdlastset_old = pwdlastset_new;
case 23:
case 25:
- /* if no password has been changed, old and new pwdlastset
+ /* SAMR_FIELD_EXPIRED_FLAG has not been set and no
+ * password has been changed, old and new pwdlastset
* need to be the same value */
- if (!((fields_present[f] & SAMR_FIELD_NT_PASSWORD_PRESENT) ||
+ if (!(fields_present[f] & SAMR_FIELD_EXPIRED_FLAG) &&
+ !((fields_present[f] & SAMR_FIELD_NT_PASSWORD_PRESENT) ||
(fields_present[f] & SAMR_FIELD_LM_PASSWORD_PRESENT)))
{
torture_assert_int_equal(tctx, pwdlastset_old,
pwdlastset_new, "pwdlastset must be equal");
break;
}
+ break;
default:
if (pwdlastset_old >= pwdlastset_new) {
torture_warning(tctx, "pwdLastSet test failed: "
pwdlastset_new);
ret = false;
}
+ break;
+ }
+
+ switch (levels[l]) {
+ case 21:
+ case 23:
+ case 25:
+ if (((fields_present[f] & SAMR_FIELD_NT_PASSWORD_PRESENT) ||
+ (fields_present[f] & SAMR_FIELD_LM_PASSWORD_PRESENT)) &&
+ (pwdlastset_old > 0) && (pwdlastset_new > 0) &&
+ (pwdlastset_old >= pwdlastset_new)) {
+ torture_warning(tctx, "pwdlastset not increasing\n");
+ ret = false;
+ }
+ break;
}
+ pwdlastset_old = pwdlastset_new;
+
+ usleep(delay);
+
/* set #3 */
/* set a password and force password change (pwdlastset 0) by
pwdlastset_new, "pwdlastset must be equal");
break;
}
+ break;
default:
-
- if (pwdlastset_old == pwdlastset_new) {
- torture_warning(tctx, "pwdLastSet test failed: "
- "expected last pwdlastset (%lld) != new pwdlastset (%lld)\n",
- pwdlastset_old, pwdlastset_new);
- ret = false;
- }
-
if (pwdlastset_new != 0) {
torture_warning(tctx, "pwdLastSet test failed: "
"expected pwdLastSet 0, got %lld\n",
ret = false;
}
break;
- default:
- if ((pwdlastset_old > 0) && (pwdlastset_new > 0) &&
- (pwdlastset_old >= pwdlastset_new)) {
- torture_warning(tctx, "pwdlastset not increasing\n");
- ret = false;
- }
- break;
}
/* if the level we are testing does not have a fields_present
ret = false;
}
- if (torture_setting_bool(tctx, "samba4", false)) {
- torture_comment(tctx, "skipping Set Password level 18 and 21 against Samba4\n");
- } else {
+ if (!test_SetUserPass_18(p, tctx, user_handle, &password)) {
+ ret = false;
+ }
- if (!test_SetUserPass_18(p, tctx, user_handle, &password)) {
- ret = false;
+ if (!test_ChangePasswordUser3(p, tctx, base_acct_name, 0, &password, NULL, 0, false)) {
+ ret = false;
+ }
+
+ for (i = 0; password_fields[i]; i++) {
+
+ if (password_fields[i] == SAMR_FIELD_LM_PASSWORD_PRESENT) {
+ /* we need to skip as that would break
+ * the ChangePasswordUser3 verify */
+ continue;
}
- if (!test_ChangePasswordUser3(p, tctx, base_acct_name, 0, &password, NULL, 0, false)) {
+ if (!test_SetUserPass_21(p, tctx, user_handle, password_fields[i], &password)) {
ret = false;
}
- for (i = 0; password_fields[i]; i++) {
-
- if (password_fields[i] == SAMR_FIELD_LM_PASSWORD_PRESENT) {
- /* we need to skip as that would break
- * the ChangePasswordUser3 verify */
- continue;
- }
-
- if (!test_SetUserPass_21(p, tctx, user_handle, password_fields[i], &password)) {
- ret = false;
- }
-
- /* check it was set right */
- if (!test_ChangePasswordUser3(p, tctx, base_acct_name, 0, &password, NULL, 0, false)) {
- ret = false;
- }
+ /* check it was set right */
+ if (!test_ChangePasswordUser3(p, tctx, base_acct_name, 0, &password, NULL, 0, false)) {
+ ret = false;
}
}
} else {
uint32_t expected_flags = (base_acct_flags | ACB_PWNOTREQ | ACB_DISABLED);
if ((info->info5.acct_flags) != expected_flags) {
- torture_warning(tctx, "QuerUserInfo level 5 failed, it returned 0x%08x when we expected flags of 0x%08x\n",
+ torture_warning(tctx, "QueryUserInfo level 5 failed, it returned 0x%08x when we expected flags of 0x%08x\n",
info->info5.acct_flags,
expected_flags);
/* FIXME: GD */
}
}
if (info->info5.rid != rid) {
- torture_warning(tctx, "QuerUserInfo level 5 failed, it returned %u when we expected rid of %u\n",
+ torture_warning(tctx, "QueryUserInfo level 5 failed, it returned %u when we expected rid of %u\n",
info->info5.rid, rid);
}
ret = false;
} else {
if ((info->info16.acct_flags & acct_flags) != acct_flags) {
- torture_warning(tctx, "QuerUserInfo level 16 failed, it returned 0x%08x when we expected flags of 0x%08x\n",
+ torture_warning(tctx, "QueryUserInfo level 16 failed, it returned 0x%08x when we expected flags of 0x%08x\n",
info->info16.acct_flags,
acct_flags);
ret = false;
expected_flags |= ACB_PW_EXPIRED;
}
if ((info->info5.acct_flags) != expected_flags) {
- torture_warning(tctx, "QuerUserInfo level 5 failed, it returned 0x%08x when we expected flags of 0x%08x\n",
+ torture_warning(tctx, "QueryUserInfo level 5 failed, it returned 0x%08x when we expected flags of 0x%08x\n",
info->info5.acct_flags,
expected_flags);
ret = false;
switch (acct_flags) {
case ACB_SVRTRUST:
if (info->info5.primary_gid != DOMAIN_RID_DCS) {
- torture_warning(tctx, "QuerUserInfo level 5: DC should have had Primary Group %d, got %d\n",
+ torture_warning(tctx, "QueryUserInfo level 5: DC should have had Primary Group %d, got %d\n",
DOMAIN_RID_DCS, info->info5.primary_gid);
ret = false;
}
break;
case ACB_WSTRUST:
if (info->info5.primary_gid != DOMAIN_RID_DOMAIN_MEMBERS) {
- torture_warning(tctx, "QuerUserInfo level 5: Domain Member should have had Primary Group %d, got %d\n",
+ torture_warning(tctx, "QueryUserInfo level 5: Domain Member should have had Primary Group %d, got %d\n",
DOMAIN_RID_DOMAIN_MEMBERS, info->info5.primary_gid);
ret = false;
}
break;
case ACB_NORMAL:
if (info->info5.primary_gid != DOMAIN_RID_USERS) {
- torture_warning(tctx, "QuerUserInfo level 5: Users should have had Primary Group %d, got %d\n",
+ torture_warning(tctx, "QueryUserInfo level 5: Users should have had Primary Group %d, got %d\n",
DOMAIN_RID_USERS, info->info5.primary_gid);
ret = false;
}
struct policy_handle *handle)
{
struct samr_QueryGroupMember r;
- struct samr_RidTypeArray *rids = NULL;
+ struct samr_RidAttrArray *rids = NULL;
bool ret = true;
torture_comment(tctx, "Testing QueryGroupMember\n");
struct samr_AddGroupMember r;
struct samr_DeleteGroupMember d;
struct samr_QueryGroupMember q;
- struct samr_RidTypeArray *rids = NULL;
+ struct samr_RidAttrArray *rids = NULL;
struct samr_SetMemberAttributesOfGroup s;
uint32_t rid;
bool found_member = false;