diff options
author | Volker Lendecke <vlendec@samba.org> | 2006-05-27 21:39:56 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 14:08:39 -0500 |
commit | 53107aed4a45f28aa1a159019ff4c3b45fbc8f02 (patch) | |
tree | 902f275f98434c0f971107a728f8d2405211b243 | |
parent | 066ecf0c6fb0bc9fc948a70c0e329c4c3d4c09b7 (diff) | |
download | samba-53107aed4a45f28aa1a159019ff4c3b45fbc8f02.tar.gz samba-53107aed4a45f28aa1a159019ff4c3b45fbc8f02.tar.bz2 samba-53107aed4a45f28aa1a159019ff4c3b45fbc8f02.zip |
r15912: Run an rpc request with an invalid uid and make sure NT_STATUS_INVALID_HANDLE
is returned.
Volker
(This used to be commit 0ef6ecda1dd009174c2c684a1dd3adabf4772daf)
-rw-r--r-- | source4/torture/rpc/bind.c | 127 | ||||
-rw-r--r-- | source4/torture/rpc/rpc.c | 1 |
2 files changed, 128 insertions, 0 deletions
diff --git a/source4/torture/rpc/bind.c b/source4/torture/rpc/bind.c index 17580737f8..4c0ceb29c4 100644 --- a/source4/torture/rpc/bind.c +++ b/source4/torture/rpc/bind.c @@ -24,9 +24,13 @@ #include "includes.h" #include "torture/torture.h" #include "librpc/gen_ndr/ndr_lsa.h" +#include "librpc/gen_ndr/ndr_lsa_c.h" #include "lib/cmdline/popt_common.h" #include "librpc/rpc/dcerpc.h" #include "torture/rpc/rpc.h" +#include "libcli/libcli.h" +#include "libcli/composite/composite.h" +#include "libcli/smb_composite/smb_composite.h" /* This test is 'bogus' in that it doesn't actually perform to the @@ -78,3 +82,126 @@ BOOL torture_multi_bind(struct torture_context *torture) return ret; } + +BOOL torture_bind_authcontext(struct torture_context *torture) +{ + TALLOC_CTX *mem_ctx; + NTSTATUS status; + BOOL ret = False; + struct lsa_ObjectAttribute objectattr; + struct lsa_OpenPolicy2 openpolicy; + struct policy_handle handle; + struct lsa_Close close; + struct smbcli_session *tmp; + struct smbcli_session *session2; + struct smbcli_state *cli; + struct dcerpc_pipe *lsa_pipe; + struct cli_credentials *anon_creds; + struct smb_composite_sesssetup setup; + + mem_ctx = talloc_init("torture_bind_auth"); + + if (mem_ctx == NULL) { + d_printf("talloc_init failed\n"); + return False; + } + + status = smbcli_full_connection(mem_ctx, &cli, + lp_parm_string(-1, "torture", "host"), + "IPC$", NULL, cmdline_credentials, + NULL); + if (!NT_STATUS_IS_OK(status)) { + d_printf("smbcli_full_connection failed: %s\n", + nt_errstr(status)); + goto done; + } + + lsa_pipe = dcerpc_pipe_init(mem_ctx, cli->transport->socket->event.ctx); + if (lsa_pipe == NULL) { + d_printf("dcerpc_pipe_init failed\n"); + goto done; + } + + status = dcerpc_pipe_open_smb(lsa_pipe->conn, cli->tree, "\\lsarpc"); + if (!NT_STATUS_IS_OK(status)) { + d_printf("dcerpc_pipe_open_smb failed: %s\n", + nt_errstr(status)); + goto done; + } + + status = dcerpc_bind_auth_none(lsa_pipe, &dcerpc_table_lsarpc); + if (!NT_STATUS_IS_OK(status)) { + d_printf("dcerpc_bind_auth_none failed: %s\n", + nt_errstr(status)); + goto done; + } + + openpolicy.in.system_name =talloc_asprintf( + mem_ctx, "\\\\%s", dcerpc_server_name(lsa_pipe)); + ZERO_STRUCT(objectattr); + openpolicy.in.attr = &objectattr; + openpolicy.in.access_mask = SEC_GENERIC_WRITE; + openpolicy.out.handle = &handle; + + status = dcerpc_lsa_OpenPolicy2(lsa_pipe, mem_ctx, &openpolicy); + + if (!NT_STATUS_IS_OK(status)) { + d_printf("dcerpc_lsa_OpenPolicy2 failed: %s\n", + nt_errstr(status)); + goto done; + } + + close.in.handle = &handle; + close.out.handle = &handle; + + status = dcerpc_lsa_Close(lsa_pipe, mem_ctx, &close); + if (!NT_STATUS_IS_OK(status)) { + d_printf("dcerpc_lsa_Close failed: %s\n", + nt_errstr(status)); + goto done; + } + + session2 = smbcli_session_init(cli->transport, mem_ctx, False); + if (session2 == NULL) { + d_printf("smbcli_session_init failed\n"); + goto done; + } + + anon_creds = cli_credentials_init(mem_ctx); + if (anon_creds == NULL) { + d_printf("cli_credentials_init failed\n"); + goto done; + } + + cli_credentials_set_conf(anon_creds); + cli_credentials_set_anonymous(anon_creds); + + setup.in.sesskey = cli->transport->negotiate.sesskey; + setup.in.capabilities = cli->transport->negotiate.capabilities; + setup.in.workgroup = ""; + setup.in.credentials = anon_creds; + + status = smb_composite_sesssetup(session2, &setup); + if (!NT_STATUS_IS_OK(status)) { + d_printf("anon session setup failed: %s\n", + nt_errstr(status)); + goto done; + } + + tmp = cli->tree->session; + cli->tree->session = session2; + + status = dcerpc_lsa_OpenPolicy2(lsa_pipe, mem_ctx, &openpolicy); + + if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_HANDLE)) { + d_printf("dcerpc_lsa_OpenPolicy2 with wrong vuid gave %s, " + "expected NT_STATUS_INVALID_HANDLE\n", + nt_errstr(status)); + goto done; + } + + ret = True; + done: + talloc_free(mem_ctx); + return ret; +} diff --git a/source4/torture/rpc/rpc.c b/source4/torture/rpc/rpc.c index f5b2629e81..75634f90ff 100644 --- a/source4/torture/rpc/rpc.c +++ b/source4/torture/rpc/rpc.c @@ -122,6 +122,7 @@ NTSTATUS torture_rpc_init(void) register_torture_op("RPC-AUTOIDL", torture_rpc_autoidl, 0); register_torture_op("RPC-COUNTCALLS", torture_rpc_countcalls, 0); register_torture_op("RPC-MULTIBIND", torture_multi_bind, 0); + register_torture_op("RPC-AUTHCONTEXT", torture_bind_authcontext, 0); register_torture_op("RPC-DRSUAPI", torture_rpc_drsuapi, 0); register_torture_op("RPC-CRACKNAMES", torture_rpc_drsuapi_cracknames, 0); register_torture_op("RPC-ROT", torture_rpc_rot, 0); |