backupkey: Change expected error codes to match Windows 2008R2 and Windows 2012R2

This is done in both smbtoture and in our server

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

diff --git a/source4/rpc_server/backupkey/dcesrv_backupkey.c b/source4/rpc_server/backupkey/dcesrv_backupkey.c
index 4c9115c50e73abd694ebe3ab79995fc5ed5228b4..22c86c750f42e268030374aeee1a1a5954cec3bd 100644 (file)
--- a/source4/rpc_server/backupkey/dcesrv_backupkey.c
+++ b/source4/rpc_server/backupkey/dcesrv_backupkey.c
@@ -608,7 +608,7 @@ static WERROR bkrp_client_wrap_decrypt_data(struct dcesrv_call_state *dce_call,
                                &lsa_secret);
        if (!NT_STATUS_IS_OK(status)) {
                DEBUG(10, ("Error while fetching secret %s\n", cert_secret_name));
-               return WERR_FILE_NOT_FOUND;
+               return WERR_INVALID_DATA;
        } else if (lsa_secret.length == 0) {
                /* we do not have the real secret attribute, like if we are an RODC */
                return WERR_INVALID_PARAMETER;
@@ -661,7 +661,7 @@ static WERROR bkrp_client_wrap_decrypt_data(struct dcesrv_call_state *dce_call,
                hx509_private_key_free(&pk);
                if (res != 0) {
                        /* We are not able to decrypt the secret, looks like something is wrong */
-                       return WERR_INVALID_DATA;
+                       return WERR_INVALID_PARAMETER;
                }
                blob_us.data = uncrypted_secret.data;
                blob_us.length = uncrypted_secret.length;

diff --git a/source4/torture/rpc/backupkey.c b/source4/torture/rpc/backupkey.c
index 818764388551d178adb8f1006d483dde932bac4c..967ea47086951f82f7b1b2526ca1e7f6df4a0eb0 100644 (file)
--- a/source4/torture/rpc/backupkey.c
+++ b/source4/torture/rpc/backupkey.c
@@ -775,7 +775,7 @@ static bool test_RestoreGUID_ko(struct torture_context *tctx,
                out_blob.length = *r->out.data_out_len;
                ndr_err = ndr_pull_struct_blob(&out_blob, tctx, &resp, (ndr_pull_flags_fn_t)ndr_pull_bkrp_client_side_unwrapped);
                torture_assert_int_equal(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), 0, "Unable to unmarshall bkrp_client_side_unwrapped");
-               torture_assert_werr_equal(tctx, r->out.result, WERR_INVALID_DATA, "Wrong error code");
+               torture_assert_werr_equal(tctx, r->out.result, WERR_INVALID_PARAM, "Wrong error code");
        } else {
                struct bkrp_BackupKey *r = createRetreiveBackupKeyGUIDStruct(tctx, p, 2, &out_blob);
                torture_assert_ntstatus_equal(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, r),
@@ -980,7 +980,14 @@ static bool test_RestoreGUID_badcertguid(struct torture_context *tctx,
                out_blob.length = *r->out.data_out_len;
                ndr_err = ndr_pull_struct_blob(&out_blob, tctx, &resp, (ndr_pull_flags_fn_t)ndr_pull_bkrp_client_side_unwrapped);
                torture_assert_int_equal(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), 0, "Unable to unmarshall bkrp_client_side_unwrapped");
-               torture_assert_werr_equal(tctx, r->out.result, WERR_FILE_NOT_FOUND, "Bad error code on wrong has in access check");
+
+               /* 
+                * Windows 2012R2 has, presumably, a programming error
+                * returning an NTSTATUS code on this interface 
+                */
+               if (W_ERROR_V(r->out.result) != NT_STATUS_V(NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
+                       torture_assert_werr_equal(tctx, r->out.result, WERR_INVALID_DATA, "Bad error code on wrong has in access check");
+               }
        } else {
                struct bkrp_BackupKey *r = createRetreiveBackupKeyGUIDStruct(tctx, p, 2, &out_blob);
                torture_assert_ntstatus_equal(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, r),