CVE-2022-32743 s4:torture/rpc: Fix tests to match Windows

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14833

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

diff --git a/selftest/knownfail.d/netlogon-dns-host-name b/selftest/knownfail.d/netlogon-dns-host-name
index 2d0a0ec570a170942f6d0a7a1edf0c794432cee6..0164a7c4cd1e328d9b34940d3e4fcfc8772c417e 100644 (file)
--- a/selftest/knownfail.d/netlogon-dns-host-name
+++ b/selftest/knownfail.d/netlogon-dns-host-name
@@ -1,2 +1,11 @@
 ^samba.tests.py_credentials.samba.tests.py_credentials.PyCredentialsTests.test_set_dns_hostname_invalid_suffix\(
 ^samba.tests.py_credentials.samba.tests.py_credentials.PyCredentialsTests.test_set_dns_hostname_with_flag\(
+^samba4.rpc.netlogon on ncacn_ip_tcp with bigendian.netlogon.GetDomainInfo\(
+^samba4.rpc.netlogon on ncacn_ip_tcp with seal,padcheck.netlogon.GetDomainInfo\(
+^samba4.rpc.netlogon on ncacn_ip_tcp with validate.netlogon.GetDomainInfo\(
+^samba4.rpc.netlogon on ncacn_np with bigendian.netlogon.GetDomainInfo\(
+^samba4.rpc.netlogon on ncacn_np with seal,padcheck.netlogon.GetDomainInfo\(
+^samba4.rpc.netlogon on ncacn_np with validate.netlogon.GetDomainInfo\(
+^samba4.rpc.netlogon with bigendian.netlogon.GetDomainInfo\(
+^samba4.rpc.netlogon with seal,padcheck.netlogon.GetDomainInfo\(
+^samba4.rpc.netlogon with validate.netlogon.GetDomainInfo\(

diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c
index 11f950d3aab4aa34828c9bd7df2024cb1542d7bc..59d7feb43f1d022117b34f51160431916609b809 100644 (file)
--- a/source4/torture/rpc/netlogon.c
+++ b/source4/torture/rpc/netlogon.c
@@ -5251,9 +5251,9 @@ static bool test_GetDomainInfo(struct torture_context *tctx,
                torture_assert(tctx,
                               ldb_msg_find_attr_as_string(res[0], "operatingSystemServicePack", NULL) == NULL,
                               "'operatingSystemServicePack' shouldn't stick!");
-               torture_assert(tctx,
-                              ldb_msg_find_attr_as_string(res[0], "operatingSystemVersion", NULL) == NULL,
-                              "'operatingSystemVersion' shouldn't stick!");
+               torture_assert_str_equal(tctx,
+                                        ldb_msg_find_attr_as_string(res[0], "operatingSystemVersion", NULL),
+                                        version_str, "'operatingSystemVersion' wrong!");
 
                /* The DNS host name shouldn't have been updated by the server */
 
@@ -5387,9 +5387,11 @@ static bool test_GetDomainInfo(struct torture_context *tctx,
 
                torture_assert(tctx, odiT->domainname.string != NULL,
                               "trust_list domainname should be valid");
-               if (texT->trust_type == LSA_TRUST_TYPE_DOWNLEVEL) {
+               if (texT->trust_type == LSA_TRUST_TYPE_DOWNLEVEL ||
+                   texT->trust_type == LSA_TRUST_TYPE_MIT)
+               {
                        torture_assert(tctx, odiT->dns_domainname.string == NULL,
-                              "trust_list dns_domainname should be NULL for downlevel");
+                              "trust_list dns_domainname should be NULL for downlevel or MIT");
                } else {
                        torture_assert(tctx, odiT->dns_domainname.string != NULL,
                               "trust_list dns_domainname should be valid for uplevel");