static bool test_lp_service(struct torture_context *tctx)
{
struct loadparm_context *lp_ctx = loadparm_init(tctx);
struct loadparm_service *service = lpcfg_add_service(lp_ctx, lpcfg_default_service(lp_ctx), "foo");
torture_assert(tctx, service == lpcfg_service(lp_ctx, "foo"), "invalid service");
return true;
}
static bool test_lp_do_service_parameter(struct torture_context *tctx)
{
struct loadparm_context *lp_ctx = loadparm_init(tctx);
struct loadparm_service *service = lpcfg_add_service(lp_ctx, lpcfg_default_service(lp_ctx), "foo");
torture_assert(tctx, lpcfg_do_service_parameter(lp_ctx, service,
"some:thing", "foo"), "lpcfg_set_option failed");
torture_assert_str_equal(tctx, lpcfg_parm_string(lp_ctx, service, "some", "thing"), "foo",
"invalid parametric option");
return true;
}
static PyObject *py_lp_ctx_default_service(py_talloc_Object *self, void *closure)
{
return PyLoadparmService_FromService(lpcfg_default_service(PyLoadparmContext_AsLoadparmContext(self)));
}
bool torture_gpo_system_access_policies(struct torture_context *tctx)
{
TALLOC_CTX *ctx = talloc_new(tctx);
int ret, vers = 0, i;
const char *sysvol_path = NULL, *gpo_dir = NULL;
const char *gpo_file = NULL, *gpt_file = NULL;
struct ldb_context *samdb = NULL;
struct ldb_result *result;
const char *attrs[] = {
"minPwdAge",
"maxPwdAge",
"minPwdLength",
"pwdProperties",
NULL
};
FILE *fp = NULL;
const char **gpo_update_cmd;
char **gpo_unapply_cmd;
int minpwdcases[] = { 0, 1, 998 };
int maxpwdcases[] = { 0, 1, 999 };
int pwdlencases[] = { 0, 1, 14 };
int pwdpropcases[] = { 0, 1, 1 };
struct ldb_message *old_message = NULL;
const char **itr;
int gpo_update_len = 0;
sysvol_path = lpcfg_path(lpcfg_service(tctx->lp_ctx, "sysvol"),
lpcfg_default_service(tctx->lp_ctx), tctx);
torture_assert(tctx, sysvol_path, "Failed to fetch the sysvol path");
/* Ensure the sysvol path exists */
gpo_dir = talloc_asprintf(ctx, "%s/%s", sysvol_path, GPODIR);
mkdir_p(gpo_dir, S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH);
gpo_file = talloc_asprintf(ctx, "%s/%s", gpo_dir, GPOFILE);
/* Get the gpo update command */
gpo_update_cmd = lpcfg_gpo_update_command(tctx->lp_ctx);
torture_assert(tctx, gpo_update_cmd && gpo_update_cmd[0],
"Failed to fetch the gpo update command");
/* Open and read the samba db and store the initial password settings */
samdb = samdb_connect(ctx,
tctx->ev,
tctx->lp_ctx,
system_session(tctx->lp_ctx),
NULL,
0);
torture_assert(tctx, samdb, "Failed to connect to the samdb");
ret = ldb_search(samdb, ctx, &result, ldb_get_default_basedn(samdb),
LDB_SCOPE_BASE, attrs, NULL);
torture_assert(tctx, ret == LDB_SUCCESS && result->count == 1,
"Searching the samdb failed");
old_message = result->msgs[0];
for (i = 0; i < 3; i++) {
/* Write out the sysvol */
if ( (fp = fopen(gpo_file, "w")) ) {
fputs(talloc_asprintf(ctx, GPTTMPL, minpwdcases[i],
maxpwdcases[i], pwdlencases[i],
pwdpropcases[i]), fp);
fclose(fp);
}
/* Update the version in the GPT.INI */
gpt_file = talloc_asprintf(ctx, "%s/%s", sysvol_path, GPTINI);
if ( (fp = fopen(gpt_file, "r")) ) {
char line[256];
while (fgets(line, 256, fp)) {
if (strncasecmp(line, "Version=", 8) == 0) {
vers = atoi(line+8);
break;
}
}
fclose(fp);
}
if ( (fp = fopen(gpt_file, "w")) ) {
char *data = talloc_asprintf(ctx,
"[General]\nVersion=%d\n",
++vers);
fputs(data, fp);
fclose(fp);
}
/* Run the gpo update command */
ret = exec_wait(discard_const_p(char *, gpo_update_cmd));
torture_assert(tctx, ret == 0,
"Failed to execute the gpo update command");
ret = ldb_search(samdb, ctx, &result,
ldb_get_default_basedn(samdb),
LDB_SCOPE_BASE, attrs, NULL);
torture_assert(tctx, ret == LDB_SUCCESS && result->count == 1,
"Searching the samdb failed");
/* minPwdAge */
torture_assert_int_equal(tctx, unix2nttime(
ldb_msg_find_attr_as_string(
result->msgs[0],
attrs[0],
"")), minpwdcases[i],
"The minPwdAge was not applied");
/* maxPwdAge */
torture_assert_int_equal(tctx, unix2nttime(
ldb_msg_find_attr_as_string(
result->msgs[0],
attrs[1],
"")), maxpwdcases[i],
"The maxPwdAge was not applied");
/* minPwdLength */
torture_assert_int_equal(tctx, ldb_msg_find_attr_as_int(
result->msgs[0],
attrs[2],
-1),
pwdlencases[i],
"The minPwdLength was not applied");
/* pwdProperties */
torture_assert_int_equal(tctx, ldb_msg_find_attr_as_int(
result->msgs[0],
attrs[3],
-1),
pwdpropcases[i],
"The pwdProperties were not applied");
}
/* Unapply the settings and verify they are removed */
for (itr = gpo_update_cmd; *itr != NULL; itr++) {
gpo_update_len++;
}
gpo_unapply_cmd = talloc_array(ctx, char*, gpo_update_len+2);
for (i = 0; i < gpo_update_len; i++) {
gpo_unapply_cmd[i] = talloc_strdup(gpo_unapply_cmd,
gpo_update_cmd[i]);
}
gpo_unapply_cmd[i] = talloc_asprintf(gpo_unapply_cmd, "--unapply");
gpo_unapply_cmd[i+1] = NULL;
ret = exec_wait(gpo_unapply_cmd);
torture_assert(tctx, ret == 0,
"Failed to execute the gpo unapply command");
ret = ldb_search(samdb, ctx, &result, ldb_get_default_basedn(samdb),
LDB_SCOPE_BASE, attrs, NULL);
torture_assert(tctx, ret == LDB_SUCCESS && result->count == 1,
"Searching the samdb failed");
/* minPwdAge */
torture_assert_int_equal(tctx, unix2nttime(ldb_msg_find_attr_as_string(
result->msgs[0],
attrs[0],
"")),
unix2nttime(ldb_msg_find_attr_as_string(old_message,
attrs[0],
"")
),
"The minPwdAge was not unapplied");
/* maxPwdAge */
torture_assert_int_equal(tctx, unix2nttime(ldb_msg_find_attr_as_string(
result->msgs[0],
attrs[1],
"")),
unix2nttime(ldb_msg_find_attr_as_string(old_message,
attrs[1],
"")
),
"The maxPwdAge was not unapplied");
/* minPwdLength */
torture_assert_int_equal(tctx, ldb_msg_find_attr_as_int(
result->msgs[0],
attrs[2],
-1),
ldb_msg_find_attr_as_int(
old_message,
attrs[2],
-2),
"The minPwdLength was not unapplied");
/* pwdProperties */
torture_assert_int_equal(tctx, ldb_msg_find_attr_as_int(
result->msgs[0],
attrs[3],
-1),
ldb_msg_find_attr_as_int(
old_message,
attrs[3],
-2),
"The pwdProperties were not unapplied");
talloc_free(ctx);
return true;
}
/*
called when a new socket connection has been established. This is called in the process
context of the new process (if appropriate)
*/
static void stream_new_connection(struct tevent_context *ev,
struct loadparm_context *lp_ctx,
struct socket_context *sock,
struct server_id server_id, void *private_data)
{
struct stream_socket *stream_socket = talloc_get_type(private_data, struct stream_socket);
struct stream_connection *srv_conn;
srv_conn = talloc_zero(ev, struct stream_connection);
if (!srv_conn) {
DEBUG(0,("talloc(mem_ctx, struct stream_connection) failed\n"));
return;
}
talloc_steal(srv_conn, sock);
srv_conn->private_data = stream_socket->private_data;
srv_conn->model_ops = stream_socket->model_ops;
srv_conn->socket = sock;
srv_conn->server_id = server_id;
srv_conn->ops = stream_socket->ops;
srv_conn->event.ctx = ev;
srv_conn->lp_ctx = lp_ctx;
if (!socket_check_access(sock, "smbd", lpcfg_hostsallow(NULL, lpcfg_default_service(lp_ctx)), lpcfg_hostsdeny(NULL, lpcfg_default_service(lp_ctx)))) {
stream_terminate_connection(srv_conn, "denied by access rules");
return;
}
srv_conn->event.fde = tevent_add_fd(ev, srv_conn, socket_get_fd(sock),
0, stream_io_handler_fde, srv_conn);
if (!srv_conn->event.fde) {
stream_terminate_connection(srv_conn, "tevent_add_fd() failed");
return;
}
/* setup to receive internal messages on this connection */
srv_conn->msg_ctx = imessaging_init(srv_conn,
lpcfg_imessaging_path(srv_conn, lp_ctx),
srv_conn->server_id, ev, false);
if (!srv_conn->msg_ctx) {
stream_terminate_connection(srv_conn, "imessaging_init() failed");
return;
}
srv_conn->remote_address = socket_get_remote_addr(srv_conn->socket, srv_conn);
if (!srv_conn->remote_address) {
stream_terminate_connection(srv_conn, "socket_get_remote_addr() failed");
return;
}
srv_conn->local_address = socket_get_local_addr(srv_conn->socket, srv_conn);
if (!srv_conn->local_address) {
stream_terminate_connection(srv_conn, "socket_get_local_addr() failed");
return;
}
{
TALLOC_CTX *tmp_ctx;
const char *title;
tmp_ctx = talloc_new(srv_conn);
title = talloc_asprintf(tmp_ctx, "conn[%s] c[%s] s[%s] server_id[%s]",
stream_socket->ops->name,
tsocket_address_string(srv_conn->remote_address, tmp_ctx),
tsocket_address_string(srv_conn->local_address, tmp_ctx),
server_id_str(tmp_ctx, &server_id));
if (title) {
stream_connection_set_title(srv_conn, title);
}
talloc_free(tmp_ctx);
}
/* we're now ready to start receiving events on this stream */
TEVENT_FD_READABLE(srv_conn->event.fde);
/* call the server specific accept code */
stream_socket->ops->accept_connection(srv_conn);
}
