diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2005-10-25 12:14:08 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:45:13 -0500 |
| commit | 2a2a35005749766e407c2a106720e74b7dfcc005 (patch) | |
| tree | 52aa739fe2aa00e1cf4e497755e5e8b81a2324a7 /source4/torture/rpc/lsa.c | |
| parent | 75d3a8f6dc74601e30f667a1dbd09a4dad0ebe1c (diff) | |
| download | samba-2a2a35005749766e407c2a106720e74b7dfcc005.tar.gz samba-2a2a35005749766e407c2a106720e74b7dfcc005.tar.bz2 samba-2a2a35005749766e407c2a106720e74b7dfcc005.zip | |
r11287: Understand the new behaviour of the LSA pipe on ncacn_ip_tcp in Win2k3 SP1.
Only a few operations are supported (LookupSids3 and LookupNames4),
and these are only supported under schannel. This appears to be the
operations Win2k3 SP1 uses to verify part of the PAC back to the
server.
The test is setup to pass, but not enforce (so far) this new
behaviour.
Andrew Bartlett
(This used to be commit e15e39866e9775ba662f669a19836d33f7633f6f)
Diffstat (limited to 'source4/torture/rpc/lsa.c')
| -rw-r--r-- | source4/torture/rpc/lsa.c | 252 |
1 files changed, 178 insertions, 74 deletions
diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c index 7630056503..4d53048d8e 100644 --- a/source4/torture/rpc/lsa.c +++ b/source4/torture/rpc/lsa.c @@ -58,6 +58,11 @@ static BOOL test_OpenPolicy(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) status = dcerpc_lsa_OpenPolicy(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { + if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) || + NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED)) { + printf("not considering %s to be an error\n", nt_errstr(status)); + return True; + } printf("OpenPolicy failed - %s\n", nt_errstr(status)); return False; } @@ -67,7 +72,7 @@ static BOOL test_OpenPolicy(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) BOOL test_lsa_OpenPolicy2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, - struct policy_handle *handle) + struct policy_handle **handle) { struct lsa_ObjectAttribute attr; struct lsa_QosInfo qos; @@ -76,6 +81,11 @@ BOOL test_lsa_OpenPolicy2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, printf("\ntesting OpenPolicy2\n"); + *handle = talloc(mem_ctx, struct policy_handle); + if (!*handle) { + return False; + } + qos.len = 0; qos.impersonation_level = 2; qos.context_mode = 1; @@ -91,10 +101,17 @@ BOOL test_lsa_OpenPolicy2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, r.in.system_name = "\\"; r.in.attr = &attr; r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; - r.out.handle = handle; + r.out.handle = *handle; status = dcerpc_lsa_OpenPolicy2(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { + if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) || + NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED)) { + printf("not considering %s to be an error\n", nt_errstr(status)); + talloc_free(*handle); + *handle = NULL; + return True; + } printf("OpenPolicy2 failed - %s\n", nt_errstr(status)); return False; } @@ -233,6 +250,48 @@ static BOOL test_LookupNames3(struct dcerpc_pipe *p, return True; } +static BOOL test_LookupNames4(struct dcerpc_pipe *p, + TALLOC_CTX *mem_ctx, + struct lsa_TransNameArray2 *tnames) +{ + struct lsa_LookupNames4 r; + struct lsa_TransSidArray3 sids; + struct lsa_String *names; + uint32_t count = 0; + NTSTATUS status; + int i; + + printf("\nTesting LookupNames4 with %d names\n", tnames->count); + + sids.count = 0; + sids.sids = NULL; + + names = talloc_array(mem_ctx, struct lsa_String, tnames->count); + for (i=0;i<tnames->count;i++) { + init_lsa_String(&names[i], tnames->names[i].name.string); + } + + r.in.num_names = tnames->count; + r.in.names = names; + r.in.sids = &sids; + r.in.level = 1; + r.in.count = &count; + r.in.unknown1 = 0; + r.in.unknown2 = 0; + r.out.count = &count; + r.out.sids = &sids; + + status = dcerpc_lsa_LookupNames4(p, mem_ctx, &r); + if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) { + printf("LookupNames4 failed - %s\n", nt_errstr(status)); + return False; + } + + printf("\n"); + + return True; +} + static BOOL test_LookupSids(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, @@ -319,7 +378,6 @@ static BOOL test_LookupSids2(struct dcerpc_pipe *p, static BOOL test_LookupSids3(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, - struct policy_handle *handle, struct lsa_SidArray *sids) { struct lsa_LookupSids3 r; @@ -355,19 +413,17 @@ static BOOL test_LookupSids3(struct dcerpc_pipe *p, printf("\n"); - if (!test_LookupNames3(p, mem_ctx, handle, &names)) { + if (!test_LookupNames4(p, mem_ctx, &names)) { return False; } return True; } -static BOOL test_many_LookupSids(struct dcerpc_pipe *p, - TALLOC_CTX *mem_ctx, - struct policy_handle *handle) +BOOL test_many_LookupSids(struct dcerpc_pipe *p, + TALLOC_CTX *mem_ctx, + struct policy_handle *handle) { - struct lsa_LookupSids r; - struct lsa_TransNameArray names; uint32_t count; NTSTATUS status; struct lsa_SidArray sids; @@ -375,9 +431,6 @@ static BOOL test_many_LookupSids(struct dcerpc_pipe *p, printf("\nTesting LookupSids with lots of SIDs\n"); - names.count = 0; - names.names = NULL; - sids.num_sids = 100; sids.sids = talloc_array(mem_ctx, struct lsa_SidPtr, sids.num_sids); @@ -389,25 +442,68 @@ static BOOL test_many_LookupSids(struct dcerpc_pipe *p, count = sids.num_sids; - r.in.handle = handle; - r.in.sids = &sids; - r.in.names = &names; - r.in.level = 1; - r.in.count = &names.count; - r.out.count = &count; - r.out.names = &names; + if (handle) { + struct lsa_LookupSids r; + struct lsa_TransNameArray names; + names.count = 0; + names.names = NULL; - status = dcerpc_lsa_LookupSids(p, mem_ctx, &r); - if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) { - printf("LookupSids failed - %s\n", nt_errstr(status)); - return False; + r.in.handle = handle; + r.in.sids = &sids; + r.in.names = &names; + r.in.level = 1; + r.in.count = &names.count; + r.out.count = &count; + r.out.names = &names; + + status = dcerpc_lsa_LookupSids(p, mem_ctx, &r); + if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) { + printf("LookupSids failed - %s\n", nt_errstr(status)); + return False; + } + + printf("\n"); + + if (!test_LookupNames(p, mem_ctx, handle, &names)) { + return False; + } + } else { + struct lsa_LookupSids3 r; + struct lsa_TransNameArray2 names; + + names.count = 0; + names.names = NULL; + + printf("\nTesting LookupSids3\n"); + + r.in.sids = &sids; + r.in.names = &names; + r.in.level = 1; + r.in.count = &count; + r.in.unknown1 = 0; + r.in.unknown2 = 0; + r.out.count = &count; + r.out.names = &names; + + status = dcerpc_lsa_LookupSids3(p, mem_ctx, &r); + if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) { + if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) || + NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED)) { + printf("not considering %s to be an error\n", nt_errstr(status)); + return True; + } + printf("LookupSids3 failed - %s\n", + nt_errstr(status)); + return False; + } + if (!test_LookupNames4(p, mem_ctx, &names)) { + return False; + } } printf("\n"); - if (!test_LookupNames(p, mem_ctx, handle, &names)) { - return False; - } + return True; } @@ -1097,7 +1193,7 @@ static BOOL test_EnumAccounts(struct dcerpc_pipe *p, return False; } - if (!test_LookupSids3(p, mem_ctx, handle, &sids1)) { + if (!test_LookupSids3(p, mem_ctx, &sids1)) { return False; } @@ -1637,7 +1733,7 @@ BOOL torture_rpc_lsa(void) struct dcerpc_pipe *p; TALLOC_CTX *mem_ctx; BOOL ret = True; - struct policy_handle handle; + struct policy_handle *handle; mem_ctx = talloc_init("torture_rpc_lsa"); @@ -1659,56 +1755,64 @@ BOOL torture_rpc_lsa(void) ret = False; } - if (!test_QueryDomainInfoPolicy(p, mem_ctx, &handle)) { - ret = False; - } - - if (!test_many_LookupSids(p, mem_ctx, &handle)) { - ret = False; - } - - if (!test_CreateAccount(p, mem_ctx, &handle)) { - ret = False; - } - - if (!test_CreateSecret(p, mem_ctx, &handle)) { - ret = False; - } - - if (!test_CreateTrustedDomain(p, mem_ctx, &handle)) { - ret = False; - } - - if (!test_EnumAccounts(p, mem_ctx, &handle)) { - ret = False; - } - - if (!test_EnumPrivs(p, mem_ctx, &handle)) { - ret = False; - } - - if (!test_QueryInfoPolicy(p, mem_ctx, &handle)) { - ret = False; - } - - if (!test_QueryInfoPolicy2(p, mem_ctx, &handle)) { - ret = False; - } - - if (!test_GetUserName(p, mem_ctx, &handle)) { - ret = False; - } - + if (handle) { + if (!test_QueryDomainInfoPolicy(p, mem_ctx, handle)) { + ret = False; + } + + if (!test_CreateAccount(p, mem_ctx, handle)) { + ret = False; + } + + if (!test_CreateSecret(p, mem_ctx, handle)) { + ret = False; + } + + if (!test_CreateTrustedDomain(p, mem_ctx, handle)) { + ret = False; + } + + if (!test_EnumAccounts(p, mem_ctx, handle)) { + ret = False; + } + + if (!test_EnumPrivs(p, mem_ctx, handle)) { + ret = False; + } + + if (!test_QueryInfoPolicy(p, mem_ctx, handle)) { + ret = False; + } + + if (!test_QueryInfoPolicy2(p, mem_ctx, handle)) { + ret = False; + } + + if (!test_GetUserName(p, mem_ctx, handle)) { + ret = False; + } + #if 0 - if (!test_Delete(p, mem_ctx, &handle)) { - ret = False; - } + if (!test_Delete(p, mem_ctx, handle)) { + ret = False; + } #endif - - if (!test_lsa_Close(p, mem_ctx, &handle)) { - ret = False; + + if (!test_many_LookupSids(p, mem_ctx, handle)) { + ret = False; + } + + if (!test_lsa_Close(p, mem_ctx, handle)) { + ret = False; + } + } else { + if (!test_many_LookupSids(p, mem_ctx, handle)) { + ret = False; + } } + + talloc_free(mem_ctx); return ret; |