summaryrefslogtreecommitdiff
path: root/source4/torture/rpc
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2007-07-30 08:58:39 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 15:01:21 -0500
commit649d4bf8aa1e957d6a059dd265d5c9b313a43f15 (patch)
tree467dee39c92a2909ea96814ac31ea8a065f9c5d8 /source4/torture/rpc
parent06a6194eadef9fa9c9f6b3c200c41d2a59dc76af (diff)
downloadsamba-649d4bf8aa1e957d6a059dd265d5c9b313a43f15.tar.gz
samba-649d4bf8aa1e957d6a059dd265d5c9b313a43f15.tar.bz2
samba-649d4bf8aa1e957d6a059dd265d5c9b313a43f15.zip
r24074: Test both permitted logon hours and permitted workstations in the
RPC-SAMLOGON test. This showed that, as noted by bug #4823, we didn't test for invalid workstations. In fact, the code had been ported across, but because untested code is broken code, it never worked... Andrew Bartlett (This used to be commit 5e07417ada56d189a911ef888b0c87adebe60763)
Diffstat (limited to 'source4/torture/rpc')
-rw-r--r--source4/torture/rpc/samlogon.c75
-rw-r--r--source4/torture/rpc/testjoin.c1
2 files changed, 72 insertions, 4 deletions
diff --git a/source4/torture/rpc/samlogon.c b/source4/torture/rpc/samlogon.c
index 10cb1b4557..2baeda5a75 100644
--- a/source4/torture/rpc/samlogon.c
+++ b/source4/torture/rpc/samlogon.c
@@ -24,6 +24,7 @@
#include "includes.h"
#include "librpc/gen_ndr/ndr_netlogon.h"
#include "librpc/gen_ndr/ndr_netlogon_c.h"
+#include "librpc/gen_ndr/ndr_samr_c.h"
#include "auth/auth.h"
#include "lib/crypto/crypto.h"
#include "lib/cmdline/popt_common.h"
@@ -33,6 +34,8 @@
#define TEST_MACHINE_NAME "samlogontest"
#define TEST_USER_NAME "samlogontestuser"
+#define TEST_USER_NAME_WRONG_WKS "samlogontest2"
+#define TEST_USER_NAME_WRONG_TIME "samlogontest3"
enum ntlm_break {
BREAK_BOTH,
@@ -1476,13 +1479,15 @@ BOOL torture_rpc_samlogon(struct torture_context *torture)
struct cli_credentials *machine_credentials;
TALLOC_CTX *mem_ctx = talloc_init("torture_rpc_netlogon");
BOOL ret = True;
- struct test_join *join_ctx;
- struct test_join *user_ctx;
- char *user_password;
+ struct test_join *join_ctx = NULL;
+ struct test_join *user_ctx = NULL, *user_ctx_wrong_wks = NULL, *user_ctx_wrong_time = NULL;
+ char *user_password, *user_password_wrong_wks, *user_password_wrong_time;
const char *old_user_password;
char *test_machine_account;
const char *binding = torture_setting_string(torture, "binding", NULL);
const char *userdomain;
+ struct samr_SetUserInfo s;
+ union samr_UserInfo u;
int i;
int ci;
@@ -1514,7 +1519,7 @@ BOOL torture_rpc_samlogon(struct torture_context *torture)
ACB_NORMAL,
(const char **)&user_password);
if (!user_ctx) {
- d_printf("Failed to join as Workstation\n");
+ d_printf("Failed to create a test user\n");
return False;
}
@@ -1524,6 +1529,57 @@ BOOL torture_rpc_samlogon(struct torture_context *torture)
TEST_USER_NAME, 16 /* > 14 */, &user_password,
NULL, 0, False);
+ user_ctx_wrong_wks = torture_create_testuser(TEST_USER_NAME_WRONG_WKS,
+ userdomain,
+ ACB_NORMAL,
+ (const char **)&user_password_wrong_wks);
+ if (!user_ctx_wrong_wks) {
+ d_printf("Failed to create a test user (wrong workstation test)\n");
+ return False;
+ }
+
+ ZERO_STRUCT(u);
+ s.in.user_handle = torture_join_samr_user_policy(user_ctx_wrong_wks);
+ s.in.info = &u;
+ s.in.level = 21;
+
+ u.info21.fields_present = SAMR_FIELD_WORKSTATIONS;
+ u.info21.workstations.string = "not" TEST_MACHINE_NAME;
+
+ status = dcerpc_samr_SetUserInfo(torture_join_samr_pipe(user_ctx_wrong_wks), mem_ctx, &s);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("SetUserInfo (list of workstations) failed - %s\n", nt_errstr(status));
+ ret = False;
+ goto failed;
+ }
+
+ user_ctx_wrong_time
+ = torture_create_testuser(TEST_USER_NAME_WRONG_TIME,
+ userdomain,
+ ACB_NORMAL,
+ (const char **)&user_password_wrong_time);
+ if (!user_ctx_wrong_time) {
+ d_printf("Failed to create a test user (wrong workstation test)\n");
+ return False;
+ }
+
+ ZERO_STRUCT(u);
+ s.in.user_handle = torture_join_samr_user_policy(user_ctx_wrong_time);
+ s.in.info = &u;
+ s.in.level = 21;
+
+ u.info21.fields_present = SAMR_FIELD_WORKSTATIONS | SAMR_FIELD_LOGON_HOURS;
+ u.info21.workstations.string = TEST_MACHINE_NAME;
+ u.info21.logon_hours.units_per_week = 168;
+ u.info21.logon_hours.bits = talloc_zero_size(mem_ctx, 168);
+
+ status = dcerpc_samr_SetUserInfo(torture_join_samr_pipe(user_ctx_wrong_time), mem_ctx, &s);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("SetUserInfo (logon times and list of workstations) failed - %s\n", nt_errstr(status));
+ ret = False;
+ goto failed;
+ }
+
status = dcerpc_parse_binding(mem_ctx, binding, &b);
if (!NT_STATUS_IS_OK(status)) {
d_printf("Bad binding string %s\n", binding);
@@ -1706,6 +1762,15 @@ BOOL torture_rpc_samlogon(struct torture_context *torture)
.expected_interactive_error = NT_STATUS_WRONG_PASSWORD,
.expected_network_error = NT_STATUS_OK,
.old_password = True
+ },
+ {
+ .comment = "test user (wong workstation): domain\\user",
+ .domain = userdomain,
+ .username = TEST_USER_NAME_WRONG_WKS,
+ .password = user_password_wrong_wks,
+ .network_login = True,
+ .expected_interactive_error = NT_STATUS_INVALID_WORKSTATION,
+ .expected_network_error = NT_STATUS_INVALID_WORKSTATION
}
};
@@ -1777,5 +1842,7 @@ failed:
torture_leave_domain(join_ctx);
torture_leave_domain(user_ctx);
+ torture_leave_domain(user_ctx_wrong_wks);
+ torture_leave_domain(user_ctx_wrong_time);
return ret;
}
diff --git a/source4/torture/rpc/testjoin.c b/source4/torture/rpc/testjoin.c
index 31d782ae24..a349178563 100644
--- a/source4/torture/rpc/testjoin.c
+++ b/source4/torture/rpc/testjoin.c
@@ -232,6 +232,7 @@ again:
printf("Setting account password '%s'\n", random_pw);
+ ZERO_STRUCT(u);
s.in.user_handle = &join->user_handle;
s.in.info = &u;
s.in.level = 24;