diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2006-02-21 00:07:59 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:51:58 -0500 |
| commit | 9d1954c25d646c46daa38c3f96f4c4029b9bb417 (patch) | |
| tree | cf7c42a24e88ba091d9a1f5bf2d460cf45f62790 /source4/torture/rpc/schannel.c | |
| parent | eefb44079160b66dc69f63a0d9bae955bcb6acc9 (diff) | |
| download | samba-9d1954c25d646c46daa38c3f96f4c4029b9bb417.tar.gz samba-9d1954c25d646c46daa38c3f96f4c4029b9bb417.tar.bz2 samba-9d1954c25d646c46daa38c3f96f4c4029b9bb417.zip | |
r13583: Realise that the member server name appears in all calls that use the
credentials.
Consistantly rename these elements in the IDL to computer_name.
Fix the server-side code to always lookup by this name.
Add new, even nastier tests to RPC-SCHANNEL to prove this.
Andrew Bartlett
(This used to be commit 341a0abeb4a9f88d64ffd4681249cb1f643a7a5a)
Diffstat (limited to 'source4/torture/rpc/schannel.c')
| -rw-r--r-- | source4/torture/rpc/schannel.c | 30 |
1 files changed, 27 insertions, 3 deletions
diff --git a/source4/torture/rpc/schannel.c b/source4/torture/rpc/schannel.c index 80b223656d..3ad781c145 100644 --- a/source4/torture/rpc/schannel.c +++ b/source4/torture/rpc/schannel.c @@ -85,7 +85,7 @@ BOOL test_netlogon_ex_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, ninfo.identity_info.workstation.string = cli_credentials_get_workstation(credentials); r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p)); - r.in.workstation = cli_credentials_get_workstation(credentials); + r.in.computer_name = cli_credentials_get_workstation(credentials); r.in.logon_level = 2; r.in.logon.network = &ninfo; r.in.flags = 0; @@ -238,6 +238,7 @@ static BOOL test_schannel(TALLOC_CTX *mem_ctx, struct dcerpc_pipe *p = NULL; struct dcerpc_pipe *p_netlogon = NULL; struct dcerpc_pipe *p_netlogon2 = NULL; + struct dcerpc_pipe *p_netlogon3 = NULL; struct dcerpc_pipe *p_samr2 = NULL; struct dcerpc_pipe *p_lsa = NULL; struct creds_CredentialState *creds; @@ -395,14 +396,37 @@ static BOOL test_schannel(TALLOC_CTX *mem_ctx, /* Try the schannel-only SamLogonEx operation */ if (!test_netlogon_ex_ops(p_netlogon2, test_ctx, credentials, creds)) { - printf("Failed to process schannel secured NETLOGON EX ops\n"); + printf("Failed to process schannel secured NETLOGON EX ops (on fresh connection)\n"); ret = False; } /* And the more traditional style, proving that the * credentials chaining state is fully present */ if (!test_netlogon_ops(p_netlogon2, test_ctx, credentials, creds)) { - printf("Failed to process schannel secured NETLOGON EX ops\n"); + printf("Failed to process schannel secured NETLOGON ops (on fresh connection)\n"); + ret = False; + } + + /* Drop the socket, we want to start from scratch (again) */ + talloc_free(p_samr2); + + /* We don't want schannel for this test */ + b->flags &= ~DCERPC_AUTH_OPTIONS; + + status = dcerpc_pipe_connect_b(test_ctx, &p_netlogon3, b, &dcerpc_table_netlogon, + credentials, NULL); + if (!NT_STATUS_IS_OK(status)) { + printf("Failed to connect without schannel: %s\n", nt_errstr(status)); + goto failed; + } + + if (test_netlogon_ex_ops(p_netlogon3, test_ctx, credentials, creds)) { + printf("Processed NOT schannel secured NETLOGON EX ops without SCHANNEL (unsafe)\n"); + ret = False; + } + + if (!test_netlogon_ops(p_netlogon3, test_ctx, credentials, creds)) { + printf("Failed to processed NOT schannel secured NETLOGON ops without new ServerAuth\n"); ret = False; } |