diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2005-06-17 11:48:01 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:18:22 -0500 |
| commit | b0f5ac82484f6ce4b2ef1e92ec8fe5d826540f6c (patch) | |
| tree | e11f49ea4a153766b60a6238e725677c773f4040 | |
| parent | dd39c8cedf939a26409467968317c3fd5edd3e3f (diff) | |
| download | samba-b0f5ac82484f6ce4b2ef1e92ec8fe5d826540f6c.tar.gz samba-b0f5ac82484f6ce4b2ef1e92ec8fe5d826540f6c.tar.bz2 samba-b0f5ac82484f6ce4b2ef1e92ec8fe5d826540f6c.zip | |
r7684: Add a test aimed at checking we have agreement between client and
server as to the CIFS session key.
JRA had pain with this being wrong against NT4 (without spnego), hence
this specific test.
Andrew Bartlett
(This used to be commit 47f433708ba38db9bf569567cc048e65f2786ebe)
| -rwxr-xr-x | source4/script/tests/selftest.sh | 1 | ||||
| -rwxr-xr-x | source4/script/tests/test_rpc.sh | 18 | ||||
| -rwxr-xr-x | source4/script/tests/test_session_key.sh | 33 | ||||
| -rw-r--r-- | source4/torture/rpc/lsa.c | 34 | ||||
| -rw-r--r-- | source4/torture/torture.c | 1 |
5 files changed, 87 insertions, 0 deletions
diff --git a/source4/script/tests/selftest.sh b/source4/script/tests/selftest.sh index 9ffb283886..c40d59759f 100755 --- a/source4/script/tests/selftest.sh +++ b/source4/script/tests/selftest.sh @@ -87,6 +87,7 @@ START=`date` failed=0 $SRCDIR/script/tests/test_ldap.sh localhost || failed=`expr $failed + $?` $SRCDIR/script/tests/test_rpc.sh localhost $USERNAME $PASSWORD $DOMAIN $ADDARG || failed=`expr $failed + $?` + $SRCDIR/script/tests/test_session_key.sh localhost $USERNAME $PASSWORD $DOMAIN $ADDARG || failed=`expr $failed + $?` $SRCDIR/script/tests/test_binding_string.sh localhost $USERNAME $PASSWORD $DOMAIN $ADDARG || failed=`expr $failed + $?` $SRCDIR/script/tests/test_echo.sh localhost $USERNAME $PASSWORD $DOMAIN $ADDARG || failed=`expr $failed + $?` $SRCDIR/script/tests/test_posix.sh //localhost/tmp $USERNAME $PASSWORD "" $ADDARG || failed=`expr $failed + $?` diff --git a/source4/script/tests/test_rpc.sh b/source4/script/tests/test_rpc.sh index d7272b0e6e..e2cf7c8c03 100755 --- a/source4/script/tests/test_rpc.sh +++ b/source4/script/tests/test_rpc.sh @@ -5,6 +5,9 @@ ncacn_np_tests="RPC-SPOOLSS RPC-SCHANNEL RPC-ECHO RPC-DSSETUP RPC-ALTERCONTEXT RPC-MULTIBIND" ncalrpc_tests="RPC-SCHANNEL RPC-ECHO RPC-DSSETUP RPC-ALTERCONTEXT RPC-MULTIBIND" ncacn_ip_tcp_tests="RPC-SCHANNEL RPC-ECHO RPC-DSSETUP RPC-ALTERCONTEXT RPC-MULTIBIND" +slow_ncacn_np_tests="RPC-SAMLOGON" +slow_ncalrpc_tests="RPC-SAMLOGON" +slow_ncacn_ip_tcp_tests="RPC-SAMLOGON" if [ $# -lt 4 ]; then cat <<EOF @@ -42,3 +45,18 @@ for bindoptions in connect sign seal sign,seal spnego spnego,sign spnego,seal va done testok $0 $failed + +#for bindoptions in connect validate padcheck bigendian bigendian,seal; do +# for transport in ncalrpc ncacn_np ncacn_ip_tcp; do +# case $transport in +# ncalrpc) tests=$slow_ncalrpc_tests ;; +# ncacn_np) tests=$slow_ncacn_np_tests ;; +# ncacn_ip_tcp) tests=$slow_ncacn_ip_tcp_tests ;; +# esac +# for t in $tests; do +# name="$t on $transport with $bindoptions" +# testit "$name" $VALGRIND bin/smbtorture $TORTURE_OPTIONS $transport:"$server[$bindoptions]" -U"$username"%"$password" -W $domain $t "$*" || failed=`expr $failed + 1` +# done +# done +#done + diff --git a/source4/script/tests/test_session_key.sh b/source4/script/tests/test_session_key.sh new file mode 100755 index 0000000000..48f3d19183 --- /dev/null +++ b/source4/script/tests/test_session_key.sh @@ -0,0 +1,33 @@ +#!/bin/sh + +if [ $# -lt 4 ]; then +cat <<EOF +Usage: test_session_key.sh SERVER USERNAME PASSWORD DOMAIN +EOF +exit 1; +fi + +server="$1" +username="$2" +password="$3" +domain="$4" +shift 4 + +incdir=`dirname $0` +. $incdir/test_functions.sh + +failed=0 +transport="ncacn_np" + for ntlmoptions in \ + "--option=usespnego=yes --option=ntlmssp_client:ntlm2=yes" \ + "--option=usespnego=yes --option=ntlmssp_client:ntlm2=no" \ + "--option=usespnego=yes --option=ntlmssp_client:ntlm2=yes --option=ntlmssp_client:128bit=no" \ + "--option=usespnego=yes--option=ntlmssp_client:ntlm2=no --option=ntlmssp_client:128bit=no" \ + "--option=usespnego=yes --option=ntlmssp_client:ntlm2=yes --option=ntlmssp_client:keyexchange=no" \ + "--option=usespnego=yes --option=ntlmssp_client:ntlm2=no --option=ntlmssp_client:keyexchange=no" \ + "--option=usespnego=no" \ + ; do + name="$transport with $ntlmoptions" + testit "$name" bin/smbtorture $TORTURE_OPTIONS $transport:"$server[$bindoptions]" $ntlmoptions -U"$username"%"$password" -W $domain RPC-SECRETS "$*" || failed=`expr $failed + 1` + done +testok $0 $failed diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c index f723f68a02..543ea4f48a 100644 --- a/source4/torture/rpc/lsa.c +++ b/source4/torture/rpc/lsa.c @@ -1680,3 +1680,37 @@ BOOL torture_rpc_lsa(void) return ret; } + + +BOOL torture_rpc_lsa_secrets(void) +{ + NTSTATUS status; + struct dcerpc_pipe *p; + TALLOC_CTX *mem_ctx; + BOOL ret = True; + struct policy_handle handle; + + mem_ctx = talloc_init("torture_rpc_lsa_secrets"); + + status = torture_rpc_connection(mem_ctx, + &p, + DCERPC_LSARPC_NAME, + DCERPC_LSARPC_UUID, + DCERPC_LSARPC_VERSION); + if (!NT_STATUS_IS_OK(status)) { + talloc_free(mem_ctx); + return False; + } + + if (!test_lsa_OpenPolicy2(p, mem_ctx, &handle)) { + ret = False; + } + + if (!test_CreateSecret(p, mem_ctx, &handle)) { + ret = False; + } + + talloc_free(mem_ctx); + + return ret; +} diff --git a/source4/torture/torture.c b/source4/torture/torture.c index c96f862142..5036822aa4 100644 --- a/source4/torture/torture.c +++ b/source4/torture/torture.c @@ -2280,6 +2280,7 @@ static struct { /* rpc testers */ {"RPC-LSA", torture_rpc_lsa, 0}, + {"RPC-SECRETS", torture_rpc_lsa_secrets, 0}, {"RPC-ECHO", torture_rpc_echo, 0}, {"RPC-DFS", torture_rpc_dfs, 0}, {"RPC-SPOOLSS", torture_rpc_spoolss, 0}, |