summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVolker Lendecke <vlendec@samba.org>2006-05-27 21:39:56 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 14:08:39 -0500
commit53107aed4a45f28aa1a159019ff4c3b45fbc8f02 (patch)
tree902f275f98434c0f971107a728f8d2405211b243
parent066ecf0c6fb0bc9fc948a70c0e329c4c3d4c09b7 (diff)
downloadsamba-53107aed4a45f28aa1a159019ff4c3b45fbc8f02.tar.gz
samba-53107aed4a45f28aa1a159019ff4c3b45fbc8f02.tar.bz2
samba-53107aed4a45f28aa1a159019ff4c3b45fbc8f02.zip
r15912: Run an rpc request with an invalid uid and make sure NT_STATUS_INVALID_HANDLE
is returned. Volker (This used to be commit 0ef6ecda1dd009174c2c684a1dd3adabf4772daf)
-rw-r--r--source4/torture/rpc/bind.c127
-rw-r--r--source4/torture/rpc/rpc.c1
2 files changed, 128 insertions, 0 deletions
diff --git a/source4/torture/rpc/bind.c b/source4/torture/rpc/bind.c
index 17580737f8..4c0ceb29c4 100644
--- a/source4/torture/rpc/bind.c
+++ b/source4/torture/rpc/bind.c
@@ -24,9 +24,13 @@
#include "includes.h"
#include "torture/torture.h"
#include "librpc/gen_ndr/ndr_lsa.h"
+#include "librpc/gen_ndr/ndr_lsa_c.h"
#include "lib/cmdline/popt_common.h"
#include "librpc/rpc/dcerpc.h"
#include "torture/rpc/rpc.h"
+#include "libcli/libcli.h"
+#include "libcli/composite/composite.h"
+#include "libcli/smb_composite/smb_composite.h"
/*
This test is 'bogus' in that it doesn't actually perform to the
@@ -78,3 +82,126 @@ BOOL torture_multi_bind(struct torture_context *torture)
return ret;
}
+
+BOOL torture_bind_authcontext(struct torture_context *torture)
+{
+ TALLOC_CTX *mem_ctx;
+ NTSTATUS status;
+ BOOL ret = False;
+ struct lsa_ObjectAttribute objectattr;
+ struct lsa_OpenPolicy2 openpolicy;
+ struct policy_handle handle;
+ struct lsa_Close close;
+ struct smbcli_session *tmp;
+ struct smbcli_session *session2;
+ struct smbcli_state *cli;
+ struct dcerpc_pipe *lsa_pipe;
+ struct cli_credentials *anon_creds;
+ struct smb_composite_sesssetup setup;
+
+ mem_ctx = talloc_init("torture_bind_auth");
+
+ if (mem_ctx == NULL) {
+ d_printf("talloc_init failed\n");
+ return False;
+ }
+
+ status = smbcli_full_connection(mem_ctx, &cli,
+ lp_parm_string(-1, "torture", "host"),
+ "IPC$", NULL, cmdline_credentials,
+ NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ d_printf("smbcli_full_connection failed: %s\n",
+ nt_errstr(status));
+ goto done;
+ }
+
+ lsa_pipe = dcerpc_pipe_init(mem_ctx, cli->transport->socket->event.ctx);
+ if (lsa_pipe == NULL) {
+ d_printf("dcerpc_pipe_init failed\n");
+ goto done;
+ }
+
+ status = dcerpc_pipe_open_smb(lsa_pipe->conn, cli->tree, "\\lsarpc");
+ if (!NT_STATUS_IS_OK(status)) {
+ d_printf("dcerpc_pipe_open_smb failed: %s\n",
+ nt_errstr(status));
+ goto done;
+ }
+
+ status = dcerpc_bind_auth_none(lsa_pipe, &dcerpc_table_lsarpc);
+ if (!NT_STATUS_IS_OK(status)) {
+ d_printf("dcerpc_bind_auth_none failed: %s\n",
+ nt_errstr(status));
+ goto done;
+ }
+
+ openpolicy.in.system_name =talloc_asprintf(
+ mem_ctx, "\\\\%s", dcerpc_server_name(lsa_pipe));
+ ZERO_STRUCT(objectattr);
+ openpolicy.in.attr = &objectattr;
+ openpolicy.in.access_mask = SEC_GENERIC_WRITE;
+ openpolicy.out.handle = &handle;
+
+ status = dcerpc_lsa_OpenPolicy2(lsa_pipe, mem_ctx, &openpolicy);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ d_printf("dcerpc_lsa_OpenPolicy2 failed: %s\n",
+ nt_errstr(status));
+ goto done;
+ }
+
+ close.in.handle = &handle;
+ close.out.handle = &handle;
+
+ status = dcerpc_lsa_Close(lsa_pipe, mem_ctx, &close);
+ if (!NT_STATUS_IS_OK(status)) {
+ d_printf("dcerpc_lsa_Close failed: %s\n",
+ nt_errstr(status));
+ goto done;
+ }
+
+ session2 = smbcli_session_init(cli->transport, mem_ctx, False);
+ if (session2 == NULL) {
+ d_printf("smbcli_session_init failed\n");
+ goto done;
+ }
+
+ anon_creds = cli_credentials_init(mem_ctx);
+ if (anon_creds == NULL) {
+ d_printf("cli_credentials_init failed\n");
+ goto done;
+ }
+
+ cli_credentials_set_conf(anon_creds);
+ cli_credentials_set_anonymous(anon_creds);
+
+ setup.in.sesskey = cli->transport->negotiate.sesskey;
+ setup.in.capabilities = cli->transport->negotiate.capabilities;
+ setup.in.workgroup = "";
+ setup.in.credentials = anon_creds;
+
+ status = smb_composite_sesssetup(session2, &setup);
+ if (!NT_STATUS_IS_OK(status)) {
+ d_printf("anon session setup failed: %s\n",
+ nt_errstr(status));
+ goto done;
+ }
+
+ tmp = cli->tree->session;
+ cli->tree->session = session2;
+
+ status = dcerpc_lsa_OpenPolicy2(lsa_pipe, mem_ctx, &openpolicy);
+
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_HANDLE)) {
+ d_printf("dcerpc_lsa_OpenPolicy2 with wrong vuid gave %s, "
+ "expected NT_STATUS_INVALID_HANDLE\n",
+ nt_errstr(status));
+ goto done;
+ }
+
+ ret = True;
+ done:
+ talloc_free(mem_ctx);
+ return ret;
+}
diff --git a/source4/torture/rpc/rpc.c b/source4/torture/rpc/rpc.c
index f5b2629e81..75634f90ff 100644
--- a/source4/torture/rpc/rpc.c
+++ b/source4/torture/rpc/rpc.c
@@ -122,6 +122,7 @@ NTSTATUS torture_rpc_init(void)
register_torture_op("RPC-AUTOIDL", torture_rpc_autoidl, 0);
register_torture_op("RPC-COUNTCALLS", torture_rpc_countcalls, 0);
register_torture_op("RPC-MULTIBIND", torture_multi_bind, 0);
+ register_torture_op("RPC-AUTHCONTEXT", torture_bind_authcontext, 0);
register_torture_op("RPC-DRSUAPI", torture_rpc_drsuapi, 0);
register_torture_op("RPC-CRACKNAMES", torture_rpc_drsuapi_cracknames, 0);
register_torture_op("RPC-ROT", torture_rpc_rot, 0);