← Back to branch summary

~ubuntu-branches/ubuntu/maverick/samba/maverick-security

« back to all changes in this revision

Viewing changes to source4/torture/rpc/spoolss.c

  • Committer: Bazaar Package Importer
  • Author(s): Chuck Short
  • Date: 2010-01-29 06:16:15 UTC
  • mfrom: (0.27.9 upstream) (0.34.4 squeeze)
  • Revision ID: james.westby@ubuntu.com-20100129061615-37hs6xqpsdhjq3ld
Tags: 2:3.4.5~dfsg-1ubuntu1
https://launchpad.net/bugs/462169
https://launchpad.net/bugs/493565
* Merge from debian testing.  Remaining changes:
  + debian/patches/VERSION.patch:
    - set SAMBA_VERSION_SUFFIX to Ubuntu.
  + debian/smb.conf:
    - Add "(Samba, Ubuntu)" to server string.
    - Comment out the default [homes] share, and add a comment about "valid users = %s"
      to show users how to restrict access to \\server\username to only username.
    - Set 'usershare allow guests', so that usershare admins are allowed to create
      public shares in additon to authenticated ones.
    - add map to guest = Bad user, maps bad username to gues access.
  + debian/samba-common.conf:
    - Do not change priority to high if dhclient3 is installed.
    - Use priority medium instead of high for the workgroup question.
  + debian/mksambapasswd.awk:
    - Do not add user with UID less than 1000 to smbpasswd.
  + debian/control: 
    - Make libswbclient0 replace/conflict with hardy's likewise-open.
    - Don't build against ctdb, since its not in main yet.
  + debian/rules:
    - Enable "native" PIE hardening.
    - Add BIND_NOW to maximize benefit of RELRO hardening.
  + Add ufw integration:
    - Created debian/samba.ufw.profile.
    - debian/rules, debian/samba.dirs, debian/samba.files: install
  + Add apoort hook:
    - Created debian/source_samba.py.
    - debian/rules, debian/samba.dirs, debian/samba-common-bin.files: install
  + debian/rules, debian/samba.if-up: allow "NetworkManager" as a recognized address
    family... it's obviously /not/ an address family, but it's what gets
    sent when using NM, so we'll cope for now.  (LP: #462169). Taken from karmic-proposed.
  + debian/control: Recommend keyutils for smbfs (LP: #493565)
  + Dropped patches:
    - debian/patches/security-CVE-2009-3297.patch: No longer needed
    - debian/patches/fix-too-many-open-files.patch: No longer needed

Show diffs side-by-side

added added

removed removed

Lines of Context:
source4/torture/rpc/spoolss.c
23
23
#include "includes.h"
24
24
#include "torture/torture.h"
25
25
#include "torture/rpc/rpc.h"
 
26
#include "librpc/gen_ndr/ndr_misc.h"
26
27
#include "librpc/gen_ndr/ndr_spoolss_c.h"
 
28
#include "param/param.h"
27
29
 
28
30
struct test_spoolss_context {
29
31
        /* print server handle */
2000
2002
        return true;
2001
2003
}
2002
2004
 
 
2005
static bool test_EnumPrinterKey(struct torture_context *tctx,
 
2006
                                struct dcerpc_pipe *p,
 
2007
                                struct policy_handle *handle,
 
2008
                                const char *key_name,
 
2009
                                const char ***array)
 
2010
{
 
2011
        struct spoolss_EnumPrinterKey r;
 
2012
        uint32_t needed = 0;
 
2013
        union spoolss_KeyNames key_buffer;
 
2014
        int32_t offered[] = { 0, 1, 2, 3, 4, 5, -1, -2, -3, -4, -5, 256, 512, 1024, 2048 };
 
2015
        uint32_t _ndr_size;
 
2016
        int i;
 
2017
 
 
2018
        r.in.handle = handle;
 
2019
        r.in.key_name = key_name;
 
2020
        r.out.key_buffer = &key_buffer;
 
2021
        r.out.needed = &needed;
 
2022
        r.out._ndr_size = &_ndr_size;
 
2023
 
 
2024
        for (i=0; i < ARRAY_SIZE(offered); i++) {
 
2025
 
 
2026
                if (offered[i] < 0 && needed) {
 
2027
                        if (needed <= 4) {
 
2028
                                continue;
 
2029
                        }
 
2030
                        r.in.offered = needed + offered[i];
 
2031
                } else {
 
2032
                        r.in.offered = offered[i];
 
2033
                }
 
2034
 
 
2035
                ZERO_STRUCT(key_buffer);
 
2036
 
 
2037
                torture_comment(tctx, "Testing EnumPrinterKey(%s) with %d offered\n", r.in.key_name, r.in.offered);
 
2038
 
 
2039
                torture_assert_ntstatus_ok(tctx, dcerpc_spoolss_EnumPrinterKey(p, tctx, &r),
 
2040
                        "failed to call EnumPrinterKey");
 
2041
                if (W_ERROR_EQUAL(r.out.result, WERR_MORE_DATA)) {
 
2042
 
 
2043
                        torture_assert(tctx, (_ndr_size == r.in.offered/2),
 
2044
                                talloc_asprintf(tctx, "EnumPrinterKey size mismatch, _ndr_size %d (expected %d)",
 
2045
                                        _ndr_size, r.in.offered/2));
 
2046
 
 
2047
                        r.in.offered = needed;
 
2048
                        torture_assert_ntstatus_ok(tctx, dcerpc_spoolss_EnumPrinterKey(p, tctx, &r),
 
2049
                                "failed to call EnumPrinterKey");
 
2050
                }
 
2051
 
 
2052
                if (offered[i] > 0) {
 
2053
                        torture_assert_werr_ok(tctx, r.out.result,
 
2054
                                "failed to call EnumPrinterKey");
 
2055
                }
 
2056
 
 
2057
                torture_assert(tctx, (_ndr_size == r.in.offered/2),
 
2058
                        talloc_asprintf(tctx, "EnumPrinterKey size mismatch, _ndr_size %d (expected %d)",
 
2059
                                _ndr_size, r.in.offered/2));
 
2060
 
 
2061
                torture_assert(tctx, (*r.out.needed <= r.in.offered),
 
2062
                        talloc_asprintf(tctx, "EnumPrinterKey size mismatch: needed %d is not <= offered %d", *r.out.needed, r.in.offered));
 
2063
 
 
2064
                torture_assert(tctx, (*r.out.needed <= _ndr_size * 2),
 
2065
                        talloc_asprintf(tctx, "EnumPrinterKey size mismatch: needed %d is not <= _ndr_size %d * 2", *r.out.needed, _ndr_size));
 
2066
 
 
2067
                if (key_buffer.string_array) {
 
2068
                        uint32_t calc_needed = 0;
 
2069
                        int s;
 
2070
                        for (s=0; key_buffer.string_array[s]; s++) {
 
2071
                                calc_needed += strlen_m_term(key_buffer.string_array[s])*2;
 
2072
                        }
 
2073
                        if (!key_buffer.string_array[0]) {
 
2074
                                calc_needed += 2;
 
2075
                        }
 
2076
                        calc_needed += 2;
 
2077
 
 
2078
                        torture_assert_int_equal(tctx, *r.out.needed, calc_needed,
 
2079
                                "EnumPrinterKey unexpected size");
 
2080
                }
 
2081
        }
 
2082
 
 
2083
        if (array) {
 
2084
                *array = key_buffer.string_array;
 
2085
        }
 
2086
 
 
2087
        return true;
 
2088
}
 
2089
 
 
2090
bool test_printer_keys(struct torture_context *tctx,
 
2091
                       struct dcerpc_pipe *p,
 
2092
                       struct policy_handle *handle)
 
2093
{
 
2094
        const char **key_array = NULL;
 
2095
        int i;
 
2096
 
 
2097
        {
 
2098
                struct spoolss_EnumPrinterKey r;
 
2099
                uint32_t needed;
 
2100
                struct spoolss_StringArray2 key_buffer;
 
2101
 
 
2102
                r.in.handle = handle;
 
2103
                r.in.key_name = "";
 
2104
                r.in.offered = 0;
 
2105
                r.out.key_buffer = &key_buffer;
 
2106
                r.out.needed = &needed;
 
2107
 
 
2108
                torture_assert_ntstatus_ok(tctx, dcerpc_spoolss_EnumPrinterKey(p, tctx, &r),
 
2109
                        "failed to call EnumPrinterKey");
 
2110
                if (W_ERROR_EQUAL(r.out.result, WERR_MORE_DATA)) {
 
2111
                        r.in.offered = needed;
 
2112
                        torture_assert_ntstatus_ok(tctx, dcerpc_spoolss_EnumPrinterKey(p, tctx, &r),
 
2113
                                "failed to call EnumPrinterKey");
 
2114
                }
 
2115
                torture_assert_werr_ok(tctx, r.out.result,
 
2116
                        "failed to call EnumPrinterKey");
 
2117
 
 
2118
                key_array = key_buffer.string;
 
2119
        }
 
2120
 
 
2121
        for (i=0; key_array[i]; i++) {
 
2122
                struct spoolss_EnumPrinterDataEx r;
 
2123
                uint32_t count;
 
2124
                struct spoolss_PrinterEnumValues *info;
 
2125
                uint32_t needed;
 
2126
 
 
2127
                r.in.handle = handle;
 
2128
                r.in.key_name = key_array[i];
 
2129
                r.in.offered = 0;
 
2130
                r.out.count = &count;
 
2131
                r.out.info = &info;
 
2132
                r.out.needed = &needed;
 
2133
 
 
2134
                torture_assert_ntstatus_ok(tctx, dcerpc_spoolss_EnumPrinterDataEx(p, tctx, &r),
 
2135
                        "failed to call EnumPrinterDataEx");
 
2136
                if (W_ERROR_EQUAL(r.out.result, WERR_MORE_DATA)) {
 
2137
                        r.in.offered = needed;
 
2138
                        torture_assert_ntstatus_ok(tctx, dcerpc_spoolss_EnumPrinterDataEx(p, tctx, &r),
 
2139
                                "failed to call EnumPrinterDataEx");
 
2140
                }
 
2141
                torture_assert_werr_ok(tctx, r.out.result,
 
2142
                        "failed to call EnumPrinterDataEx");
 
2143
        }
 
2144
 
 
2145
        return true;
 
2146
}
 
2147
 
2003
2148
bool torture_rpc_spoolss(struct torture_context *torture)
2004
2149
{
2005
2150
        NTSTATUS status;