diff options
author | Andrew Bartlett <abartlet@samba.org> | 2006-05-04 10:03:41 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 14:05:36 -0500 |
commit | 5f4d86f955d939e96ec9b81c8a9d080aab4354b6 (patch) | |
tree | b785a6c2aa092fea9bd64391cc45915788b31692 | |
parent | 086c9cc5f4a9145ee93060db2eebb3badc325e44 (diff) | |
download | samba-5f4d86f955d939e96ec9b81c8a9d080aab4354b6.tar.gz samba-5f4d86f955d939e96ec9b81c8a9d080aab4354b6.tar.bz2 samba-5f4d86f955d939e96ec9b81c8a9d080aab4354b6.zip |
r15426: Implement SPNEGO as the default RPC authentication mechanism. Where
this isn't supported, fallback to NTLM.
Also, where we get a failure as 'logon failure', try and do a '3
tries' for the password, like we already do for CIFS. (Incomplete:
needs a mapping between RPC errors and the logon failure NTSTATUS).
Because we don't yet support Kerberos sign/seal to win2k3 SP1 for
DCE/RPC, disable this (causing SPNEGO to negotiate NTLM) when kerberos
isn't demanded.
Andrew Bartlett
(This used to be commit b3212d1fb91b26c1d326a289560106dffe1d2e80)
-rw-r--r-- | source4/auth/gensec/gensec_gssapi.c | 9 | ||||
-rw-r--r-- | source4/libnet/libnet_join.c | 4 | ||||
-rw-r--r-- | source4/librpc/rpc/dcerpc.h | 9 | ||||
-rw-r--r-- | source4/librpc/rpc/dcerpc_connect.c | 51 | ||||
-rw-r--r-- | source4/librpc/rpc/dcerpc_util.c | 156 | ||||
-rwxr-xr-x | source4/script/tests/test_session_key.sh | 14 | ||||
-rwxr-xr-x | source4/script/tests/test_w2k3.sh | 2 | ||||
-rwxr-xr-x | source4/script/tests/tests_all.sh | 2 | ||||
-rw-r--r-- | source4/torture/rpc/bind.c | 2 |
9 files changed, 201 insertions, 48 deletions
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c index 4cc067ffde..070e83e97c 100644 --- a/source4/auth/gensec/gensec_gssapi.c +++ b/source4/auth/gensec/gensec_gssapi.c @@ -257,6 +257,15 @@ static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_securi return NT_STATUS_INVALID_PARAMETER; } + if (((gensec_security->want_features & GENSEC_FEATURE_SIGN) + || (gensec_security->want_features & GENSEC_FEATURE_SEAL)) + && (gensec_security->want_features & GENSEC_FEATURE_DCE_STYLE) + && !lp_parm_bool(-1, "gensec_gssapi", "dce_signseal", + cli_credentials_get_kerberos_state(creds) == CRED_MUST_USE_KERBEROS)) { + DEBUG(2, ("GSSAPI sign/seal disabled for DCE/RPC. ")); + return NT_STATUS_INVALID_PARAMETER; + } + nt_status = gensec_gssapi_start(gensec_security); if (!NT_STATUS_IS_OK(nt_status)) { return nt_status; diff --git a/source4/libnet/libnet_join.c b/source4/libnet/libnet_join.c index 9185015da0..743076ee72 100644 --- a/source4/libnet/libnet_join.c +++ b/source4/libnet/libnet_join.c @@ -481,9 +481,9 @@ NTSTATUS libnet_JoinDomain(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, stru return status; } - samr_pipe = connect_with_info->out.dcerpc_pipe, + samr_pipe = connect_with_info->out.dcerpc_pipe; - status = dcerpc_pipe_auth(samr_pipe, + status = dcerpc_pipe_auth(tmp_ctx, &samr_pipe, connect_with_info->out.dcerpc_pipe->binding, &dcerpc_table_samr, ctx->cred); if (!NT_STATUS_IS_OK(status)) { diff --git a/source4/librpc/rpc/dcerpc.h b/source4/librpc/rpc/dcerpc.h index 4c8a615ce5..39de9fcaa8 100644 --- a/source4/librpc/rpc/dcerpc.h +++ b/source4/librpc/rpc/dcerpc.h @@ -144,16 +144,19 @@ struct dcerpc_pipe { /* set LIBNDR_FLAG_REF_ALLOC flag when decoding NDR */ #define DCERPC_NDR_REF_ALLOC (1<<14) -#define DCERPC_AUTH_OPTIONS (DCERPC_SEAL|DCERPC_SIGN|DCERPC_SCHANNEL|DCERPC_AUTH_SPNEGO|DCERPC_AUTH_KRB5) +#define DCERPC_AUTH_OPTIONS (DCERPC_SEAL|DCERPC_SIGN|DCERPC_SCHANNEL|DCERPC_AUTH_SPNEGO|DCERPC_AUTH_KRB5|DCERPC_AUTH_NTLM) -/* enable spnego auth */ +/* select spnego auth */ #define DCERPC_AUTH_SPNEGO (1<<15) -/* enable krb5 auth */ +/* select krb5 auth */ #define DCERPC_AUTH_KRB5 (1<<16) #define DCERPC_SMB2 (1<<17) +/* select NTLM auth */ +#define DCERPC_AUTH_NTLM (1<<18) + /* this is used to find pointers to calls */ diff --git a/source4/librpc/rpc/dcerpc_connect.c b/source4/librpc/rpc/dcerpc_connect.c index 2b40935be6..64bb78ec60 100644 --- a/source4/librpc/rpc/dcerpc_connect.c +++ b/source4/librpc/rpc/dcerpc_connect.c @@ -28,6 +28,7 @@ #include "smb.h" #include "libcli/composite/composite.h" #include "libcli/smb_composite/smb_composite.h" +#include "lib/events/events.h" #include "libcli/smb2/smb2.h" #include "libcli/smb2/smb2_calls.h" #include "auth/credentials/credentials.h" @@ -762,8 +763,9 @@ static void continue_pipe_auth(struct composite_context *ctx) { struct composite_context *c = talloc_get_type(ctx->async.private_data, struct composite_context); + struct pipe_connect_state *s = talloc_get_type(c->private_data, struct pipe_connect_state); - c->status = dcerpc_pipe_auth_recv(ctx); + c->status = dcerpc_pipe_auth_recv(ctx, s, &s->pipe); if (!composite_is_ok(c)) return; composite_done(c); @@ -775,7 +777,6 @@ static void continue_pipe_auth(struct composite_context *ctx) specified binding structure to determine the endpoint and options */ struct composite_context* dcerpc_pipe_connect_b_send(TALLOC_CTX *parent_ctx, - struct dcerpc_pipe **pp, struct dcerpc_binding *binding, const struct dcerpc_interface_table *table, struct cli_credentials *credentials, @@ -796,16 +797,19 @@ struct composite_context* dcerpc_pipe_connect_b_send(TALLOC_CTX *parent_ctx, c->state = COMPOSITE_STATE_IN_PROGRESS; c->private_data = s; - (*pp) = NULL; + if (ev == NULL) { + ev = event_context_init(c); + if (ev == NULL) { + talloc_free(c); + return NULL; + } + } + c->event_ctx = ev; /* initialise dcerpc pipe structure */ s->pipe = dcerpc_pipe_init(c, ev); if (composite_nomem(s->pipe, c)) return c; - /* get event context from initialised dcerpc pipe */ - c->event_ctx = s->pipe->conn->event_ctx; - (*pp) = s->pipe; - /* store parameters in state structure */ s->binding = binding; s->table = table; @@ -842,12 +846,10 @@ NTSTATUS dcerpc_pipe_connect_b_recv(struct composite_context *c, TALLOC_CTX *mem status = composite_wait(c); - if (NT_STATUS_IS_OK(status) && p) { - s = talloc_get_type(c->private_data, struct pipe_connect_state); - talloc_steal(mem_ctx, s->pipe); - *p = s->pipe; - } - + s = talloc_get_type(c->private_data, struct pipe_connect_state); + talloc_steal(mem_ctx, s->pipe); + *p = s->pipe; + talloc_free(c); return status; } @@ -866,7 +868,7 @@ NTSTATUS dcerpc_pipe_connect_b(TALLOC_CTX *parent_ctx, { struct composite_context *c; - c = dcerpc_pipe_connect_b_send(parent_ctx, pp, binding, table, + c = dcerpc_pipe_connect_b_send(parent_ctx, binding, table, credentials, ev); return dcerpc_pipe_connect_b_recv(c, parent_ctx, pp); } @@ -908,6 +910,15 @@ struct composite_context* dcerpc_pipe_connect_send(TALLOC_CTX *parent_ctx, c->state = COMPOSITE_STATE_IN_PROGRESS; c->private_data = s; + if (ev == NULL) { + ev = event_context_init(c); + if (ev == NULL) { + talloc_free(c); + return NULL; + } + } + c->event_ctx = ev; + /* parse binding string to the structure */ status = dcerpc_parse_binding(c, binding, &b); if (!NT_STATUS_IS_OK(status)) { @@ -922,12 +933,9 @@ struct composite_context* dcerpc_pipe_connect_send(TALLOC_CTX *parent_ctx, start connecting to a rpc pipe after binding structure is established */ - pipe_conn_req = dcerpc_pipe_connect_b_send(c, &s->pipe, b, table, + pipe_conn_req = dcerpc_pipe_connect_b_send(c, b, table, credentials, ev); - /* event context for created dcerpc_pipe would be useful... */ - c->event_ctx = s->pipe->conn->event_ctx; - if (composite_nomem(pipe_conn_req, c)) return c; composite_continue(c, pipe_conn_req, continue_pipe_connect_b, c); @@ -947,6 +955,7 @@ static void continue_pipe_connect_b(struct composite_context *ctx) struct pipe_conn_state); c->status = dcerpc_pipe_connect_b_recv(ctx, c, &s->pipe); + talloc_steal(s, s->pipe); if (!composite_is_ok(c)) return; composite_done(c); @@ -965,10 +974,8 @@ NTSTATUS dcerpc_pipe_connect_recv(struct composite_context *c, struct pipe_conn_state *s; status = composite_wait(c); - if (NT_STATUS_IS_OK(status) && pp) { - s = talloc_get_type(c->private_data, struct pipe_conn_state); - *pp = talloc_steal(mem_ctx, s->pipe); - } + s = talloc_get_type(c->private_data, struct pipe_conn_state); + *pp = talloc_steal(mem_ctx, s->pipe); talloc_free(c); return status; diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c index dc2eded967..6c8ed7ecd8 100644 --- a/source4/librpc/rpc/dcerpc_util.c +++ b/source4/librpc/rpc/dcerpc_util.c @@ -141,6 +141,7 @@ static const struct { {"seal", DCERPC_SEAL}, {"connect", DCERPC_CONNECT}, {"spnego", DCERPC_AUTH_SPNEGO}, + {"ntlm", DCERPC_AUTH_NTLM}, {"krb5", DCERPC_AUTH_KRB5}, {"validate", DCERPC_DEBUG_VALIDATE_BOTH}, {"print", DCERPC_DEBUG_PRINT_BOTH}, @@ -936,7 +937,7 @@ struct composite_context *dcerpc_epm_map_binding_send(TALLOC_CTX *mem_ctx, epmapper_binding->endpoint = NULL; /* initiate rpc pipe connection */ - pipe_connect_req = dcerpc_pipe_connect_b_send(c, &s->pipe, epmapper_binding, &dcerpc_table_epmapper, + pipe_connect_req = dcerpc_pipe_connect_b_send(c, epmapper_binding, &dcerpc_table_epmapper, anon_creds, c->event_ctx); if (composite_nomem(pipe_connect_req, c)) return c; @@ -981,6 +982,8 @@ struct pipe_auth_state { static void continue_auth_schannel(struct composite_context *ctx); static void continue_auth(struct composite_context *ctx); static void continue_auth_none(struct composite_context *ctx); +static void continue_ntlmssp_connection(struct composite_context *ctx); +static void continue_spnego_after_wrong_pass(struct composite_context *ctx); /* @@ -1011,6 +1014,111 @@ static void continue_auth(struct composite_context *ctx) composite_done(c); } +/* + Stage 2 of pipe_auth: Receive result of authenticated bind request, but handle fallbacks: + SPNEGO -> NTLMSSP +*/ +static void continue_auth_auto(struct composite_context *ctx) +{ + struct composite_context *c = talloc_get_type(ctx->async.private_data, + struct composite_context); + + c->status = dcerpc_bind_auth_recv(ctx); + if (NT_STATUS_EQUAL(c->status, NT_STATUS_INVALID_PARAMETER)) { + struct pipe_auth_state *s = talloc_get_type(c->private_data, struct pipe_auth_state); + struct composite_context *sec_conn_req; + + /* send a request for secondary rpc connection */ + sec_conn_req = dcerpc_secondary_connection_send(s->pipe, + s->binding); + if (composite_nomem(sec_conn_req, c)) return; + + composite_continue(c, sec_conn_req, continue_ntlmssp_connection, c); + + return; + } else if (NT_STATUS_EQUAL(c->status, NT_STATUS_LOGON_FAILURE)) { + struct pipe_auth_state *s = talloc_get_type(c->private_data, struct pipe_auth_state); + struct composite_context *sec_conn_req; + if (cli_credentials_wrong_password(s->credentials)) { + /* send a request for secondary rpc connection */ + sec_conn_req = dcerpc_secondary_connection_send(s->pipe, + s->binding); + if (composite_nomem(sec_conn_req, c)) return; + + composite_continue(c, sec_conn_req, continue_spnego_after_wrong_pass, c); + } + } + + if (!composite_is_ok(c)) return; + + composite_done(c); +} + +/* + Stage 3 of pipe_auth (fallback to NTLMSSP case): Receive secondary + rpc connection (the first one can't be used any more, due to the + bind nak) and perform authenticated bind request +*/ +static void continue_ntlmssp_connection(struct composite_context *ctx) +{ + struct composite_context *c; + struct pipe_auth_state *s; + struct composite_context *auth_req; + struct dcerpc_pipe *p2; + + c = talloc_get_type(ctx->async.private_data, struct composite_context); + s = talloc_get_type(c->private_data, struct pipe_auth_state); + + /* receive secondary rpc connection */ + c->status = dcerpc_secondary_connection_recv(ctx, &p2); + talloc_steal(s, p2); + talloc_steal(p2, s->pipe); + s->pipe = p2; + + if (!composite_is_ok(c)) return; + + /* initiate a authenticated bind */ + auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table, + s->credentials, DCERPC_AUTH_TYPE_NTLMSSP, + dcerpc_auth_level(s->pipe->conn), + s->table->authservices->names[0]); + if (composite_nomem(auth_req, c)) return; + + composite_continue(c, auth_req, continue_auth, c); +} + +/* + Stage 3 of pipe_auth (retry on wrong password): Receive secondary + rpc connection (the first one can't be used any more, due to the + bind nak) and perform authenticated bind request +*/ +static void continue_spnego_after_wrong_pass(struct composite_context *ctx) +{ + struct composite_context *c; + struct pipe_auth_state *s; + struct composite_context *auth_req; + struct dcerpc_pipe *p2; + + c = talloc_get_type(ctx->async.private_data, struct composite_context); + s = talloc_get_type(c->private_data, struct pipe_auth_state); + + /* receive secondary rpc connection */ + c->status = dcerpc_secondary_connection_recv(ctx, &p2); + talloc_steal(s, p2); + talloc_steal(p2, s->pipe); + s->pipe = p2; + + if (!composite_is_ok(c)) return; + + /* initiate a authenticated bind */ + auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table, + s->credentials, DCERPC_AUTH_TYPE_SPNEGO, + dcerpc_auth_level(s->pipe->conn), + s->table->authservices->names[0]); + if (composite_nomem(auth_req, c)) return; + + composite_continue(c, auth_req, continue_auth, c); +} /* @@ -1042,6 +1150,7 @@ struct composite_context *dcerpc_pipe_auth_send(struct dcerpc_pipe *p, struct composite_context *auth_schannel_req; struct composite_context *auth_req; struct composite_context *auth_none_req; + struct dcerpc_connection *conn; /* composite context allocation and setup */ c = talloc_zero(NULL, struct composite_context); @@ -1060,10 +1169,11 @@ struct composite_context *dcerpc_pipe_auth_send(struct dcerpc_pipe *p, s->credentials = credentials; s->pipe = p; - s->pipe->conn->flags = binding->flags; + conn = s->pipe->conn; + conn->flags = binding->flags; /* remember the binding string for possible secondary connections */ - s->pipe->conn->binding_string = dcerpc_binding_string(p, binding); + conn->binding_string = dcerpc_binding_string(p, binding); if (!cli_credentials_is_anonymous(s->credentials) && (binding->flags & DCERPC_SCHANNEL) && @@ -1074,13 +1184,13 @@ struct composite_context *dcerpc_pipe_auth_send(struct dcerpc_pipe *p, * first */ auth_schannel_req = dcerpc_bind_auth_schannel_send(c, s->pipe, s->table, s->credentials, - dcerpc_auth_level(s->pipe->conn)); + dcerpc_auth_level(conn)); if (composite_nomem(auth_schannel_req, c)) return c; composite_continue(c, auth_schannel_req, continue_auth_schannel, c); } else if (!cli_credentials_is_anonymous(s->credentials) && - !(s->pipe->conn->transport.transport == NCACN_NP && + !(conn->transport.transport == NCACN_NP && !(s->binding->flags & DCERPC_SIGN) && !(s->binding->flags & DCERPC_SEAL))) { @@ -1092,7 +1202,7 @@ struct composite_context *dcerpc_pipe_auth_send(struct dcerpc_pipe *p, uint8_t auth_type; - if ((s->pipe->conn->flags & (DCERPC_SIGN|DCERPC_SEAL)) == 0) { + if ((conn->flags & (DCERPC_SIGN|DCERPC_SEAL)) == 0) { /* we are doing an authenticated connection, but not using sign or seal. We must force @@ -1100,7 +1210,7 @@ struct composite_context *dcerpc_pipe_auth_send(struct dcerpc_pipe *p, type doesn't allow authentication information to be passed. */ - s->pipe->conn->flags |= DCERPC_CONNECT; + conn->flags |= DCERPC_CONNECT; } if (s->binding->flags & DCERPC_AUTH_SPNEGO) { @@ -1112,13 +1222,22 @@ struct composite_context *dcerpc_pipe_auth_send(struct dcerpc_pipe *p, } else if (s->binding->flags & DCERPC_SCHANNEL) { auth_type = DCERPC_AUTH_TYPE_SCHANNEL; - } else { + } else if (s->binding->flags & DCERPC_AUTH_NTLM) { auth_type = DCERPC_AUTH_TYPE_NTLMSSP; + } else { + auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table, + s->credentials, DCERPC_AUTH_TYPE_SPNEGO, + dcerpc_auth_level(conn), + s->table->authservices->names[0]); + if (composite_nomem(auth_req, c)) return c; + + composite_continue(c, auth_req, continue_auth_auto, c); + return c; } auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table, s->credentials, auth_type, - dcerpc_auth_level(s->pipe->conn), + dcerpc_auth_level(conn), s->table->authservices->names[0]); if (composite_nomem(auth_req, c)) return c; @@ -1137,8 +1256,13 @@ struct composite_context *dcerpc_pipe_auth_send(struct dcerpc_pipe *p, /* Receive result of authenticated bind request on dcerpc pipe + + This returns *p, which may be different to the one originally + supllied, as it rebinds to a new pipe due to authentication fallback + */ -NTSTATUS dcerpc_pipe_auth_recv(struct composite_context *c) +NTSTATUS dcerpc_pipe_auth_recv(struct composite_context *c, TALLOC_CTX *mem_ctx, + struct dcerpc_pipe **p) { NTSTATUS status; @@ -1149,6 +1273,9 @@ NTSTATUS dcerpc_pipe_auth_recv(struct composite_context *c) char *uuid_str = GUID_string(s->pipe, &s->table->syntax_id.uuid); DEBUG(0, ("Failed to bind to uuid %s - %s\n", uuid_str, nt_errstr(status))); talloc_free(uuid_str); + } else { + talloc_steal(mem_ctx, s->pipe); + *p = s->pipe; } talloc_free(c); @@ -1158,16 +1285,19 @@ NTSTATUS dcerpc_pipe_auth_recv(struct composite_context *c) /* Perform an authenticated bind if needed - sync version + + This may change *p, as it rebinds to a new pipe due to authentication fallback */ -NTSTATUS dcerpc_pipe_auth(struct dcerpc_pipe *p, +NTSTATUS dcerpc_pipe_auth(TALLOC_CTX *mem_ctx, + struct dcerpc_pipe **p, struct dcerpc_binding *binding, const struct dcerpc_interface_table *table, struct cli_credentials *credentials) { struct composite_context *c; - c = dcerpc_pipe_auth_send(p, binding, table, credentials); - return dcerpc_pipe_auth_recv(c); + c = dcerpc_pipe_auth_send(*p, binding, table, credentials); + return dcerpc_pipe_auth_recv(c, mem_ctx, p); } diff --git a/source4/script/tests/test_session_key.sh b/source4/script/tests/test_session_key.sh index 74de90f479..5dbb4052ee 100755 --- a/source4/script/tests/test_session_key.sh +++ b/source4/script/tests/test_session_key.sh @@ -2,7 +2,7 @@ if [ $# -lt 4 ]; then cat <<EOF -Usage: test_session_key.sh SERVER USERNAME PASSWORD DOMAIN +Usage: test_session_key.sh SERVER USERNAME PASSWORD DOMAIN NETBIOSNAME EOF exit 1; fi @@ -11,7 +11,8 @@ server="$1" username="$2" password="$3" domain="$4" -shift 4 +netbios_name="$5" +shift 5 incdir=`dirname $0` . $incdir/test_functions.sh @@ -33,13 +34,16 @@ for bindoptions in validate seal; do "-k no --option=usespnego=yes --option=clientntlmv2auth=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=yes" \ "-k no --option=usespnego=no --option=clientntlmv2auth=yes" \ "-k no --option=gensec:spnego=no --option=clientntlmv2auth=yes" \ - "-k no --option=usespnego=no" \ - ; do + "-k no --option=usespnego=no"; do name="RPC-SECRETS on $transport:$server[$bindoptions] with NTLM2:$ntlm2 KEYEX:$keyexchange LM_KEY:$lm_key $ntlmoptions" - testit "$name" bin/smbtorture $TORTURE_OPTIONS $transport:"$server[$bindoptions]" --option=ntlmssp_client:keyexchange=$keyexchange --option=ntlmssp_client:ntlm2=$ntlm2 --option=ntlmssp_client:lm_key=$lm_key $ntlmoptions -U"$username"%"$password" -W $domain RPC-SECRETS "$*" || failed=`expr $failed + 1` + testit "$name" bin/smbtorture $TORTURE_OPTIONS $transport:"$server[$bindoptions]" --option=ntlmssp_client:keyexchange=$keyexchange --option=ntlmssp_client:ntlm2=$ntlm2 --option=ntlmssp_client:lm_key=$lm_key $ntlmoptions -U"$username"%"$password" -W $domain --option=gensec:target_hostname=$netbios_name RPC-SECRETS "$*" || failed=`expr $failed + 1` done done done done + name="RPC-SECRETS on $transport:$server[$bindoptions] with Kerberos" + testit "$name" bin/smbtorture $TORTURE_OPTIONS $transport:"$server[$bindoptions]" -k yes -U"$username"%"$password" -W $domain "--option=gensec:target_hostname=$netbios_name" RPC-SECRETS "$*" || failed=`expr $failed + 1` + name="RPC-SECRETS on $transport:$server[$bindoptions] with Kerberos (use target principal)" + testit "$name" bin/smbtorture $TORTURE_OPTIONS $transport:"$server[$bindoptions]" -k yes -U"$username"%"$password" -W $domain "--option=clientusespnegoprincipal=yes" "--option=gensec:target_hostname=$netbios_name" RPC-SECRETS "$*" || failed=`expr $failed + 1` done testok $0 $failed diff --git a/source4/script/tests/test_w2k3.sh b/source4/script/tests/test_w2k3.sh index 3e7da590c0..d3192e7bc9 100755 --- a/source4/script/tests/test_w2k3.sh +++ b/source4/script/tests/test_w2k3.sh @@ -31,7 +31,7 @@ failed=0 name="RPC-SPOOLSS on ncacn_np" testit "$name" bin/smbtorture $TORTURE_OPTIONS ncacn_np:"$server" $OPTIONS RPC-SPOOLSS "$*" || failed=`expr $failed + 1` -for bindoptions in padcheck connect sign seal spnego,sign spnego,seal validate bigendian; do +for bindoptions in padcheck connect sign seal ntlm,sign ntlm,seal validate bigendian; do for transport in ncacn_ip_tcp ncacn_np; do case $transport in ncacn_np) tests=$ncacn_np_tests ;; diff --git a/source4/script/tests/tests_all.sh b/source4/script/tests/tests_all.sh index d5d20d8f92..a93614b91c 100755 --- a/source4/script/tests/tests_all.sh +++ b/source4/script/tests/tests_all.sh @@ -3,7 +3,7 @@ $SRCDIR/script/tests/test_nbt.sh $SERVER || failed=`expr $failed + $?` $SRCDIR/script/tests/test_quick.sh //$SERVER/cifs $USERNAME $PASSWORD "" || failed=`expr $failed + $?` $SRCDIR/script/tests/test_rpc.sh $SERVER $USERNAME $PASSWORD $DOMAIN || failed=`expr $failed + $?` - $SRCDIR/script/tests/test_session_key.sh $SERVER $USERNAME $PASSWORD $DOMAIN || failed=`expr $failed + $?` + $SRCDIR/script/tests/test_session_key.sh $SERVER $USERNAME $PASSWORD $DOMAIN $NETBIOSNAME || failed=`expr $failed + $?` $SRCDIR/script/tests/test_binding_string.sh $SERVER $USERNAME $PASSWORD $DOMAIN || failed=`expr $failed + $?` $SRCDIR/script/tests/test_echo.sh $SERVER $USERNAME $PASSWORD $DOMAIN || failed=`expr $failed + $?` $SRCDIR/script/tests/test_posix.sh //$SERVER/tmp $USERNAME $PASSWORD "" || failed=`expr $failed + $?` diff --git a/source4/torture/rpc/bind.c b/source4/torture/rpc/bind.c index 56f3e9a040..17580737f8 100644 --- a/source4/torture/rpc/bind.c +++ b/source4/torture/rpc/bind.c @@ -63,7 +63,7 @@ BOOL torture_multi_bind(struct torture_context *torture) return False; } - status = dcerpc_pipe_auth(p, binding, &dcerpc_table_lsarpc, cmdline_credentials); + status = dcerpc_pipe_auth(mem_ctx, &p, binding, &dcerpc_table_lsarpc, cmdline_credentials); if (NT_STATUS_IS_OK(status)) { printf("(incorrectly) allowed re-bind to uuid %s - %s\n", |