diff options
author | Stefan Metzmacher <metze@samba.org> | 2011-02-01 08:32:40 +0100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2011-02-02 11:58:26 +0100 |
commit | d3e4d90d41b0fdd64bd65a2f440942b478e23e20 (patch) | |
tree | ff9277416550c283b5d9557423936303544b6c07 | |
parent | e9807916af0b145cd85d01d90f6bab107a313812 (diff) | |
download | samba-d3e4d90d41b0fdd64bd65a2f440942b478e23e20.tar.gz samba-d3e4d90d41b0fdd64bd65a2f440942b478e23e20.tar.bz2 samba-d3e4d90d41b0fdd64bd65a2f440942b478e23e20.zip |
s4:torture/rpc/netlogon: test invalid LogonSamLogon levels
This proves that the invalid parameter/info class checks
need to be done before the credential chain checks.
metze
-rw-r--r-- | source4/torture/rpc/netlogon.c | 90 |
1 files changed, 90 insertions, 0 deletions
diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c index 673aa8bc57..59bcd58245 100644 --- a/source4/torture/rpc/netlogon.c +++ b/source4/torture/rpc/netlogon.c @@ -690,6 +690,7 @@ static bool test_netlogon_ops_args(struct dcerpc_pipe *p, struct torture_context NTSTATUS status; struct netr_LogonSamLogon r; struct netr_Authenticator auth, auth2; + static const struct netr_Authenticator auth_zero; union netr_LogonLevel logon; union netr_Validation validation; uint8_t authoritative; @@ -767,11 +768,75 @@ static bool test_netlogon_ops_args(struct dcerpc_pipe *p, struct torture_context torture_assert(tctx, netlogon_creds_client_check(creds, &r.out.return_authenticator->cred), "Credential chaining failed"); + torture_assert_int_equal(tctx, *r.out.authoritative, 1, + "LogonSamLogon invalid *r.out.authoritative"); + } + + /* this makes sure we get the unmarshalling right for invalid levels */ + for (i=52;i<53;i++) { + ZERO_STRUCT(auth2); + /* the authenticator should be ignored by the server */ + generate_random_buffer(&auth, sizeof(auth)); + + r.in.validation_level = i; + + torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r), + "LogonSamLogon failed"); + torture_assert_ntstatus_equal(tctx, r.out.result, + NT_STATUS_INVALID_INFO_CLASS, + "LogonSamLogon failed"); + + torture_assert_int_equal(tctx, *r.out.authoritative, 1, + "LogonSamLogon invalid *r.out.authoritative"); + torture_assert(tctx, + memcmp(&auth2, &auth_zero, sizeof(auth2)) == 0, + "Return authenticator non zero"); + } + + for (i=2;i<=3;i++) { + ZERO_STRUCT(auth2); + netlogon_creds_client_authenticator(creds, &auth); + + r.in.validation_level = i; + + torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r), + "LogonSamLogon failed"); + torture_assert_ntstatus_ok(tctx, r.out.result, "LogonSamLogon failed"); + + torture_assert(tctx, netlogon_creds_client_check(creds, + &r.out.return_authenticator->cred), + "Credential chaining failed"); + torture_assert_int_equal(tctx, *r.out.authoritative, 1, + "LogonSamLogon invalid *r.out.authoritative"); + } + + r.in.logon_level = 52; + + for (i=2;i<=3;i++) { + ZERO_STRUCT(auth2); + /* the authenticator should be ignored by the server */ + generate_random_buffer(&auth, sizeof(auth)); + + r.in.validation_level = i; + + torture_comment(tctx, "Testing SamLogon with validation level %d and a NULL credential\n", i); + + torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r), + "LogonSamLogon failed"); + torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_INVALID_PARAMETER, + "LogonSamLogon expected INVALID_PARAMETER"); + + torture_assert(tctx, + memcmp(&auth2, &auth_zero, sizeof(auth2)) == 0, + "Return authenticator non zero"); + torture_assert_int_equal(tctx, *r.out.authoritative, 1, + "LogonSamLogon invalid *r.out.authoritative"); } r.in.credential = NULL; for (i=2;i<=3;i++) { + ZERO_STRUCT(auth2); r.in.validation_level = i; @@ -782,6 +847,31 @@ static bool test_netlogon_ops_args(struct dcerpc_pipe *p, struct torture_context torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_INVALID_PARAMETER, "LogonSamLogon expected INVALID_PARAMETER"); + torture_assert(tctx, + memcmp(&auth2, &auth_zero, sizeof(auth2)) == 0, + "Return authenticator non zero"); + torture_assert_int_equal(tctx, *r.out.authoritative, 1, + "LogonSamLogon invalid *r.out.authoritative"); + } + + r.in.logon_level = 2; + r.in.credential = &auth; + + for (i=2;i<=3;i++) { + ZERO_STRUCT(auth2); + netlogon_creds_client_authenticator(creds, &auth); + + r.in.validation_level = i; + + torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r), + "LogonSamLogon failed"); + torture_assert_ntstatus_ok(tctx, r.out.result, "LogonSamLogon failed"); + + torture_assert(tctx, netlogon_creds_client_check(creds, + &r.out.return_authenticator->cred), + "Credential chaining failed"); + torture_assert_int_equal(tctx, *r.out.authoritative, 1, + "LogonSamLogon invalid *r.out.authoritative"); } return true; |