ldb: cmocka test for empty attributes bug

Cmocka test exposing LDB bug where a request with an empty attributes
list returns a response containing all attributes.  The bug is in the
ACL module and will be fixed in the next commit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13836

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/selftest/knownfail.d/dsdb b/selftest/knownfail.d/dsdb
new file mode 100644 (file)
index 0000000..7a3a314
--- /dev/null
+++ b/selftest/knownfail.d/dsdb
@@ -0,0 +1 @@
+samba4.dsdb.no_attrs

diff --git a/source4/dsdb/common/tests/dsdb.c b/source4/dsdb/common/tests/dsdb.c
new file mode 100644 (file)
index 0000000..b38dee1
--- /dev/null
+++ b/source4/dsdb/common/tests/dsdb.c
@@ -0,0 +1,93 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Test DSDB search
+
+   Copyright (C) Andrew Bartlet <abartlet@samba.org> 2019
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include <ldb_module.h>
+#include "ldb_wrap.h"
+#include "param/param.h"
+#include "param/loadparm.h"
+#include "torture/smbtorture.h"
+#include "torture/dsdb_proto.h"
+#include "auth/auth.h"
+
+bool torture_ldb_no_attrs(struct torture_context *torture)
+{
+       struct ldb_context *ldb;
+       int ret;
+       struct ldb_request *req;
+       struct ldb_result *ctx;
+       struct ldb_dn *dn;
+       const char *attrs[] = { NULL };
+
+       struct auth_session_info *session;
+       struct dom_sid *domain_sid = NULL;
+       const char *path;
+
+       path = lpcfg_private_path(NULL, torture->lp_ctx, "sam.ldb");
+       torture_assert(torture, path != NULL,
+                      "Couldn't find sam.ldb. Run with -s $SERVERCONFFILE");
+
+       domain_sid = dom_sid_parse_talloc(NULL, SID_BUILTIN);
+       session = admin_session(NULL, torture->lp_ctx, domain_sid);
+       ldb = ldb_wrap_connect(torture, torture->ev, torture->lp_ctx,
+                              path, session, NULL, 0);
+       torture_assert(torture, ldb, "Failed to connect to LDB target");
+
+       ctx = talloc_zero(ldb, struct ldb_result);
+
+       dn = ldb_get_default_basedn(ldb);
+       ldb_dn_add_child_fmt(dn, "cn=users");
+       ret = ldb_build_search_req(&req, ldb, ctx, dn, LDB_SCOPE_SUBTREE,
+                                  "(objectClass=*)", attrs, NULL,
+                                  ctx, ldb_search_default_callback, NULL);
+       torture_assert(torture, ret == LDB_SUCCESS,
+                      "Failed to build search request");
+       ldb_req_mark_untrusted(req);
+
+       ret = ldb_request(ldb, req);
+       torture_assert(torture, ret == LDB_SUCCESS, ldb_errstring(ldb));
+
+       ret = ldb_wait(req->handle, LDB_WAIT_ALL);
+       torture_assert(torture, ret == LDB_SUCCESS, ldb_errstring(ldb));
+
+       torture_assert(torture, ctx->count > 0, "Users container empty");
+       torture_assert_int_equal(torture, ctx->msgs[0]->num_elements, 0,
+                                "Attributes returned for request "
+                                "with empty attribute list");
+
+       return true;
+}
+
+NTSTATUS torture_dsdb_init(TALLOC_CTX *mem_ctx)
+{
+       struct torture_suite *suite = torture_suite_create(mem_ctx, "dsdb");
+
+       if (suite == NULL) {
+               return NT_STATUS_NO_MEMORY;
+       }
+       torture_suite_add_simple_test(suite, "no_attrs", torture_ldb_no_attrs);
+
+       suite->description = talloc_strdup(suite, "DSDB tests");
+
+       torture_register_suite(mem_ctx, suite);
+
+       return NT_STATUS_OK;
+}

diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index 5a3f69f232d8813e63b314ef8a470e4c538d30a9..7e0ce96c45c8a87a5bf1fcd8ee6caf921eae42ca 100755 (executable)
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -152,6 +152,9 @@ for options in ['-U"$USERNAME%$PASSWORD"']:
 for t in smbtorture4_testsuites("ldap."):
     plansmbtorture4testsuite(t, "ad_dc_default", '-U"$USERNAME%$PASSWORD" //$SERVER_IP/_none_')
 
+for t in smbtorture4_testsuites("dsdb."):
+    plansmbtorture4testsuite(t, "ad_dc:local", "localhost")
+
 ldbdir = os.path.join(srcdir(), "lib/ldb")
 # Don't run LDB tests when using system ldb, as we won't have ldbtest installed
 if os.path.exists(os.path.join(samba4bindir, "ldbtest")):

diff --git a/source4/torture/wscript_build b/source4/torture/wscript_build
index 09904134d3ed8305238bc95ff54721d39f3d3709..0189300aca95c6d47933201ec81996c5c03f5291 100644 (file)
--- a/source4/torture/wscript_build
+++ b/source4/torture/wscript_build
@@ -344,3 +344,12 @@ bld.SAMBA_BINARY('locktest',
        deps='popt POPT_SAMBA POPT_CREDENTIALS samba-util LIBCLI_SMB samba-hostconfig param_options',
        )
 
+bld.SAMBA_MODULE('TORTURE_DSDB',
+       source="../../source4/dsdb/common/tests/dsdb.c",
+       autoproto='dsdb_proto.h',
+       subsystem='smbtorture',
+       init_function='torture_dsdb_init',
+       deps="TORTURE_UTIL samba-util",
+       internal_module=True,
+       enabled=bld.PYTHON_BUILD_IS_ENABLED()
+       )