r13380: Drop the socket, then try SAMR operations secured with netlogon on the new socket.

We should also test netlogon operations, but there are issues with
what state is expected to be stored (far more than we currently do).

Andrew Bartlett
(This used to be commit 39ddba0d0dc4475f9f7c5b7aa19ffff42c9fd1f5)

1 files changed, 29 insertions, 0 deletions

diff --git a/source4/torture/rpc/schannel.c b/source4/torture/rpc/schannel.c
index 4e9d644138..9341fc4a93 100644
--- a/source4/torture/rpc/schannel.c
+++ b/source4/torture/rpc/schannel.c
@@ -157,6 +157,7 @@ static BOOL test_schannel(TALLOC_CTX *mem_ctx,
 	struct dcerpc_binding *b;
 	struct dcerpc_pipe *p = NULL;
 	struct dcerpc_pipe *p_netlogon = NULL;
+	struct dcerpc_pipe *p_samr2 = NULL;
 	struct dcerpc_pipe *p_lsa = NULL;
 	struct creds_CredentialState *creds;
 	struct cli_credentials *credentials;
@@ -256,6 +257,34 @@ static BOOL test_schannel(TALLOC_CTX *mem_ctx,
 		ret = False;
 	}
 
+	/* Drop the socket, we want to start from scratch */
+	talloc_free(p);
+	p = NULL;
+
+	/* Now see what we are still allowed to do */
+	
+	status = dcerpc_parse_binding(test_ctx, binding, &b);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("Bad binding string %s\n", binding);
+		goto failed;
+	}
+
+	b->flags &= ~DCERPC_AUTH_OPTIONS;
+	b->flags |= dcerpc_flags;
+
+	status = dcerpc_pipe_connect_b(test_ctx, &p_samr2, b, &dcerpc_table_samr,
+				       credentials, NULL);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("Failed to connect with schannel: %s\n", nt_errstr(status));
+		goto failed;
+	}
+
+	/* do a couple of logins.  We have *not* done a new serverauthenticate */
+	if (!test_samr_ops(p_samr2, test_ctx)) {
+		printf("Failed to process schannel secured SAMR ops (on fresh connection)\n");
+		ret = False;
+	}
+
 	torture_leave_domain(join_ctx);
 	talloc_free(test_ctx);
 	return ret;