summaryrefslogtreecommitdiff
path: root/source4/torture/rpc
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2005-01-11 14:04:58 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:08:42 -0500
commita249198d539685be5cb97e179e85ae00dbba8c83 (patch)
tree1e0ae58592cc6a4d7a09934a1fabca03e53871b6 /source4/torture/rpc
parent7ab7debcf17d833ac15512604f73b551c27534c2 (diff)
downloadsamba-a249198d539685be5cb97e179e85ae00dbba8c83.tar.gz
samba-a249198d539685be5cb97e179e85ae00dbba8c83.tar.bz2
samba-a249198d539685be5cb97e179e85ae00dbba8c83.zip
r4682: A LDB-based secrets implementation in Samba4.
This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
Diffstat (limited to 'source4/torture/rpc')
-rw-r--r--source4/torture/rpc/lsa.c67
-rw-r--r--source4/torture/rpc/samsync.c12
2 files changed, 58 insertions, 21 deletions
diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c
index f1a5b76040..c9f730cd27 100644
--- a/source4/torture/rpc/lsa.c
+++ b/source4/torture/rpc/lsa.c
@@ -3,6 +3,7 @@
test suite for lsa rpc operations
Copyright (C) Andrew Tridgell 2003
+ Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -682,7 +683,7 @@ static BOOL test_CreateSecret(struct dcerpc_pipe *p,
struct lsa_QuerySecret r6;
struct lsa_SetSecret r7;
struct lsa_QuerySecret r8;
- struct policy_handle sec_handle, sec_handle2;
+ struct policy_handle sec_handle, sec_handle2, sec_handle3;
struct lsa_Delete d;
struct lsa_DATA_BUF buf1;
struct lsa_DATA_BUF_PTR bufp1;
@@ -721,6 +722,16 @@ static BOOL test_CreateSecret(struct dcerpc_pipe *p,
return False;
}
+ r.in.handle = handle;
+ r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+ r.out.sec_handle = &sec_handle3;
+
+ status = dcerpc_lsa_CreateSecret(p, mem_ctx, &r);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_COLLISION)) {
+ printf("CreateSecret should have failed OBJECT_NAME_COLLISION - %s\n", nt_errstr(status));
+ return False;
+ }
+
r2.in.handle = handle;
r2.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
r2.in.name = r.in.name;
@@ -742,7 +753,7 @@ static BOOL test_CreateSecret(struct dcerpc_pipe *p,
enc_key = sess_encrypt_string(secret1, &session_key);
- r3.in.handle = &sec_handle;
+ r3.in.sec_handle = &sec_handle;
r3.in.new_val = &buf1;
r3.in.old_val = NULL;
r3.in.new_val->data = enc_key.data;
@@ -757,13 +768,31 @@ static BOOL test_CreateSecret(struct dcerpc_pipe *p,
ret = False;
}
+ r3.in.sec_handle = &sec_handle;
+ r3.in.new_val = &buf1;
+ r3.in.old_val = NULL;
+ r3.in.new_val->data = enc_key.data;
+ r3.in.new_val->length = enc_key.length;
+ r3.in.new_val->size = enc_key.length;
+
+ /* break the encrypted data */
+ enc_key.data[0]++;
+
+ printf("Testing SetSecret with broken key\n");
+
+ status = dcerpc_lsa_SetSecret(p, mem_ctx, &r3);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_UNKNOWN_REVISION)) {
+ printf("SetSecret should have failed UNKNOWN_REVISION - %s\n", nt_errstr(status));
+ ret = False;
+ }
+
data_blob_free(&enc_key);
ZERO_STRUCT(new_mtime);
ZERO_STRUCT(old_mtime);
/* fetch the secret back again */
- r4.in.handle = &sec_handle;
+ r4.in.sec_handle = &sec_handle;
r4.in.new_val = &bufp1;
r4.in.new_mtime = &new_mtime;
r4.in.old_val = NULL;
@@ -771,17 +800,18 @@ static BOOL test_CreateSecret(struct dcerpc_pipe *p,
bufp1.buf = NULL;
+ printf("Testing QuerySecret\n");
status = dcerpc_lsa_QuerySecret(p, mem_ctx, &r4);
if (!NT_STATUS_IS_OK(status)) {
printf("QuerySecret failed - %s\n", nt_errstr(status));
ret = False;
} else {
- if (r4.out.new_val->buf == NULL) {
+ if (r4.out.new_val == NULL || r4.out.new_val->buf == NULL) {
printf("No secret buffer returned\n");
ret = False;
} else {
blob1.data = r4.out.new_val->buf->data;
- blob1.length = r4.out.new_val->buf->length;
+ blob1.length = r4.out.new_val->buf->size;
blob2 = data_blob_talloc(mem_ctx, NULL, blob1.length);
@@ -797,7 +827,7 @@ static BOOL test_CreateSecret(struct dcerpc_pipe *p,
enc_key = sess_encrypt_string(secret3, &session_key);
- r5.in.handle = &sec_handle;
+ r5.in.sec_handle = &sec_handle;
r5.in.new_val = &buf1;
r5.in.old_val = NULL;
r5.in.new_val->data = enc_key.data;
@@ -818,7 +848,7 @@ static BOOL test_CreateSecret(struct dcerpc_pipe *p,
ZERO_STRUCT(old_mtime);
/* fetch the secret back again */
- r6.in.handle = &sec_handle;
+ r6.in.sec_handle = &sec_handle;
r6.in.new_val = &bufp1;
r6.in.new_mtime = &new_mtime;
r6.in.old_val = &bufp2;
@@ -839,7 +869,7 @@ static BOOL test_CreateSecret(struct dcerpc_pipe *p,
ret = False;
} else {
blob1.data = r6.out.new_val->buf->data;
- blob1.length = r6.out.new_val->buf->length;
+ blob1.length = r6.out.new_val->buf->size;
blob2 = data_blob_talloc(mem_ctx, NULL, blob1.length);
@@ -873,7 +903,7 @@ static BOOL test_CreateSecret(struct dcerpc_pipe *p,
enc_key = sess_encrypt_string(secret5, &session_key);
- r7.in.handle = &sec_handle;
+ r7.in.sec_handle = &sec_handle;
r7.in.old_val = &buf1;
r7.in.old_val->data = enc_key.data;
r7.in.old_val->length = enc_key.length;
@@ -891,7 +921,7 @@ static BOOL test_CreateSecret(struct dcerpc_pipe *p,
data_blob_free(&enc_key);
/* fetch the secret back again */
- r8.in.handle = &sec_handle;
+ r8.in.sec_handle = &sec_handle;
r8.in.new_val = &bufp1;
r8.in.new_mtime = &new_mtime;
r8.in.old_val = &bufp2;
@@ -931,7 +961,7 @@ static BOOL test_CreateSecret(struct dcerpc_pipe *p,
}
blob1.data = r8.out.old_val->buf->data;
- blob1.length = r8.out.old_val->buf->length;
+ blob1.length = r8.out.old_val->buf->size;
blob2 = data_blob_talloc(mem_ctx, NULL, blob1.length);
@@ -968,14 +998,15 @@ static BOOL test_CreateSecret(struct dcerpc_pipe *p,
if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_HANDLE)) {
printf("Second delete expected INVALID_HANDLE - %s\n", nt_errstr(status));
ret = False;
- }
+ } else {
- printf("Testing OpenSecret of just-deleted secret\n");
-
- status = dcerpc_lsa_OpenSecret(p, mem_ctx, &r2);
- if (!NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
- printf("OpenSecret expected OBJECT_NAME_NOT_FOUND - %s\n", nt_errstr(status));
- ret = False;
+ printf("Testing OpenSecret of just-deleted secret\n");
+
+ status = dcerpc_lsa_OpenSecret(p, mem_ctx, &r2);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
+ printf("OpenSecret expected OBJECT_NAME_NOT_FOUND - %s\n", nt_errstr(status));
+ ret = False;
+ }
}
}
diff --git a/source4/torture/rpc/samsync.c b/source4/torture/rpc/samsync.c
index e393cd40fe..8c85787fe2 100644
--- a/source4/torture/rpc/samsync.c
+++ b/source4/torture/rpc/samsync.c
@@ -778,8 +778,11 @@ static BOOL samsync_handle_secret(TALLOC_CTX *mem_ctx, struct samsync_state *sam
lsa_blob1.data = q.out.old_val->buf->data;
lsa_blob1.length = q.out.old_val->buf->length;
- lsa_blob_out = sess_decrypt_blob(mem_ctx, &lsa_blob1, &session_key);
-
+ status = sess_decrypt_blob(mem_ctx, &lsa_blob1, &session_key, &lsa_blob_out);
+ if (!NT_STATUS_IS_OK(status)) {
+ return False;
+ }
+
if (!q.out.old_mtime) {
printf("OLD mtime not available on LSA for secret %s\n", old->name);
ret = False;
@@ -814,7 +817,10 @@ static BOOL samsync_handle_secret(TALLOC_CTX *mem_ctx, struct samsync_state *sam
lsa_blob1.data = q.out.new_val->buf->data;
lsa_blob1.length = q.out.new_val->buf->length;
- lsa_blob_out = sess_decrypt_blob(mem_ctx, &lsa_blob1, &session_key);
+ status = sess_decrypt_blob(mem_ctx, &lsa_blob1, &session_key, &lsa_blob_out);
+ if (!NT_STATUS_IS_OK(status)) {
+ return False;
+ }
if (!q.out.new_mtime) {
printf("NEW mtime not available on LSA for secret %s\n", new->name);