From 3f8f9972f491228b2bbe8880cc139387e9332b09 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 25 Nov 2013 17:23:53 +1300
Subject: torture/samr: Re-open the user when checking for ACB_AUTOLOCK

This flag appears to be cached from the open, so the test incorrectly
indicated that the flag was not set over SAMR.

Andrew Bartlett

Change-Id: I2f1f017191dddb6c2ac496712064fa1b6b48be53
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
---
 source4/torture/rpc/samr.c | 36 ++++++++++++++++++++++++------------
 1 file changed, 24 insertions(+), 12 deletions(-)

(limited to 'source4/torture/rpc')

diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
index 660439e382d..c1c1c547072 100644
--- a/source4/torture/rpc/samr.c
+++ b/source4/torture/rpc/samr.c
@@ -4055,13 +4055,20 @@ static bool test_Password_badpwdcount_wrap(struct dcerpc_pipe *p,
 
 static bool test_QueryUserInfo_acct_flags(struct dcerpc_binding_handle *b,
 					  struct torture_context *tctx,
-					  struct policy_handle *handle,
+					  struct policy_handle *domain_handle,
+					  const char *acct_name,
 					  uint32_t *acct_flags)
 {
+	struct policy_handle user_handle;
 	union samr_UserInfo *info;
 	struct samr_QueryUserInfo r;
 
-	r.in.user_handle = handle;
+	NTSTATUS status = test_OpenUser_byname(b, tctx, domain_handle, acct_name, &user_handle);
+	if (!NT_STATUS_IS_OK(status)) {
+		return false;
+	}
+
+	r.in.user_handle = &user_handle;
 	r.in.level = 16;
 	r.out.info = &info;
 
@@ -4076,6 +4083,10 @@ static bool test_QueryUserInfo_acct_flags(struct dcerpc_binding_handle *b,
 
 	torture_comment(tctx, "  (acct_flags: 0x%08x)\n", *acct_flags);
 
+	if (!test_samr_handle_Close(b, tctx, &user_handle)) {
+		return false;
+	}
+
 	return true;
 }
 
@@ -4198,9 +4209,10 @@ static bool test_Password_lockout(struct dcerpc_pipe *p,
 		test_QueryUserInfo_badpwdcount(b, tctx, user_handle, &badpwdcount), "");
 	torture_assert_int_equal(tctx, badpwdcount, 1, "expected badpwdcount to be 1");
 
+	/* curiously, windows does _not_ set the autlock flag unless you re-open the user */
 	torture_assert(tctx,
-		test_QueryUserInfo_acct_flags(b, tctx, user_handle, &acct_flags), "");
-	torture_assert_int_equal(tctx, acct_flags & ACB_AUTOLOCK, 0,
+		       test_QueryUserInfo_acct_flags(b, tctx, domain_handle, acct_name, &acct_flags), "");
+	torture_assert_int_equal(tctx, acct_flags & ACB_AUTOLOCK, ACB_AUTOLOCK,
 				 "expected account to be locked");
 
 
@@ -4218,10 +4230,10 @@ static bool test_Password_lockout(struct dcerpc_pipe *p,
 		test_QueryUserInfo_badpwdcount(b, tctx, user_handle, &badpwdcount), "");
 	torture_assert_int_equal(tctx, badpwdcount, 1, "expected badpwdcount to be 1");
 
-	/* curiously, windows does _not_ set the autlock flag */
+	/* curiously, windows does _not_ set the autlock flag unless you re-open the user */
 	torture_assert(tctx,
-		test_QueryUserInfo_acct_flags(b, tctx, user_handle, &acct_flags), "");
-	torture_assert_int_equal(tctx, acct_flags & ACB_AUTOLOCK, 0,
+		       test_QueryUserInfo_acct_flags(b, tctx, domain_handle, acct_name, &acct_flags), "");
+	torture_assert_int_equal(tctx, acct_flags & ACB_AUTOLOCK, ACB_AUTOLOCK,
 				 "expected account to be locked");
 
 
@@ -4239,11 +4251,11 @@ static bool test_Password_lockout(struct dcerpc_pipe *p,
 		test_QueryUserInfo_badpwdcount(b, tctx, user_handle, &badpwdcount), "");
 	torture_assert_int_equal(tctx, badpwdcount, 1, "expected badpwdcount to be 1");
 
-	/* curiously, windows does _not_ set the autlock flag */
+	/* curiously, windows does _not_ set the autlock flag untill you re-open the user */
 	torture_assert(tctx,
-		test_QueryUserInfo_acct_flags(b, tctx, user_handle, &acct_flags), "");
-	torture_assert_int_equal(tctx, acct_flags & ACB_AUTOLOCK, 0,
-				 "expected account to be locked");
+		       test_QueryUserInfo_acct_flags(b, tctx, domain_handle, acct_name, &acct_flags), "");
+	torture_assert_int_equal(tctx, acct_flags & ACB_AUTOLOCK, ACB_AUTOLOCK,
+				 "expected account to show ACB_AUTOLOCK");
 
 
 	/* let lockout duration expire ==> unlock */
@@ -4259,7 +4271,7 @@ static bool test_Password_lockout(struct dcerpc_pipe *p,
 	}
 
 	torture_assert(tctx,
-		test_QueryUserInfo_acct_flags(b, tctx, user_handle, &acct_flags), "");
+		       test_QueryUserInfo_acct_flags(b, tctx, domain_handle, acct_name, &acct_flags), "");
 	torture_assert_int_equal(tctx, acct_flags & ACB_AUTOLOCK, 0,
 				 "expected account not to be locked");
 
-- 
cgit