diff options
author | Andrew Bartlett <abartlet@samba.org> | 2005-01-11 06:04:44 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:08:41 -0500 |
commit | 7b4d1a4448f3b1ed3920c26619a5f45c6d269d6c (patch) | |
tree | 78550c4400e6a160db5b5fe612d68a6d0d7118bb /source4/torture/rpc | |
parent | 462ef44745d56dbb00b3e31d12d2ecdc9d309219 (diff) | |
download | samba-7b4d1a4448f3b1ed3920c26619a5f45c6d269d6c.tar.gz samba-7b4d1a4448f3b1ed3920c26619a5f45c6d269d6c.tar.bz2 samba-7b4d1a4448f3b1ed3920c26619a5f45c6d269d6c.zip |
r4674: Test SetSecret behaviour for local and global secrets, when setting
only the OLD secret value.
Andrew Bartlett
(This used to be commit 5853af89c8dd5c4d6220f395bcc18708398999af)
Diffstat (limited to 'source4/torture/rpc')
-rw-r--r-- | source4/torture/rpc/lsa.c | 118 |
1 files changed, 103 insertions, 15 deletions
diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c index 11b736d158..f1a5b76040 100644 --- a/source4/torture/rpc/lsa.c +++ b/source4/torture/rpc/lsa.c @@ -680,6 +680,8 @@ static BOOL test_CreateSecret(struct dcerpc_pipe *p, struct lsa_QuerySecret r4; struct lsa_SetSecret r5; struct lsa_QuerySecret r6; + struct lsa_SetSecret r7; + struct lsa_QuerySecret r8; struct policy_handle sec_handle, sec_handle2; struct lsa_Delete d; struct lsa_DATA_BUF buf1; @@ -694,12 +696,15 @@ static BOOL test_CreateSecret(struct dcerpc_pipe *p, char *secret2; const char *secret3 = "ABCDEF12345699QWERTY"; char *secret4; + const char *secret5 = "NEW-SAMBA4-SECRET"; + char *secret6; char *secname[2]; int i; + const int LOCAL = 0; + const int GLOBAL = 1; - - secname[0] = talloc_asprintf(mem_ctx, "torturesecret-%u", (uint_t)random()); - secname[1] = talloc_asprintf(mem_ctx, "G$torturesecret-%u", (uint_t)random()); + secname[LOCAL] = talloc_asprintf(mem_ctx, "torturesecret-%u", (uint_t)random()); + secname[GLOBAL] = talloc_asprintf(mem_ctx, "G$torturesecret-%u", (uint_t)random()); for (i=0; i< 2; i++) { printf("Testing CreateSecret of %s\n", secname[i]); @@ -782,10 +787,9 @@ static BOOL test_CreateSecret(struct dcerpc_pipe *p, secret2 = sess_decrypt_string(&blob1, &session_key); - printf("returned secret '%s'\n", secret2); - if (strcmp(secret1, secret2) != 0) { - printf("Returned secret doesn't match\n"); + printf("Returned secret '%s' doesn't match '%s'\n", + secret2, secret1); ret = False; } } @@ -800,7 +804,7 @@ static BOOL test_CreateSecret(struct dcerpc_pipe *p, r5.in.new_val->length = enc_key.length; r5.in.new_val->size = enc_key.length; - printf("Testing SetSecret\n"); + printf("Testing SetSecret (existing value should move to old)\n"); status = dcerpc_lsa_SetSecret(p, mem_ctx, &r5); if (!NT_STATUS_IS_OK(status)) { @@ -841,24 +845,20 @@ static BOOL test_CreateSecret(struct dcerpc_pipe *p, secret4 = sess_decrypt_string(&blob1, &session_key); - printf("returned secret '%s'\n", secret4); - if (strcmp(secret3, secret4) != 0) { printf("Returned NEW secret %s doesn't match %s\n", secret4, secret3); ret = False; } - blob1.data = r6.out.new_val->buf->data; - blob1.length = r6.out.new_val->buf->length; + blob1.data = r6.out.old_val->buf->data; + blob1.length = r6.out.old_val->buf->length; blob2 = data_blob_talloc(mem_ctx, NULL, blob1.length); secret2 = sess_decrypt_string(&blob1, &session_key); - printf("returned OLD secret '%s'\n", secret2); - - if (strcmp(secret3, secret4) != 0) { - printf("Returned secret %s doesn't match %s\n", secret2, secret1); + if (strcmp(secret1, secret2) != 0) { + printf("Returned OLD secret %s doesn't match %s\n", secret2, secret1); ret = False; } @@ -871,6 +871,94 @@ static BOOL test_CreateSecret(struct dcerpc_pipe *p, } } + enc_key = sess_encrypt_string(secret5, &session_key); + + r7.in.handle = &sec_handle; + r7.in.old_val = &buf1; + r7.in.old_val->data = enc_key.data; + r7.in.old_val->length = enc_key.length; + r7.in.old_val->size = enc_key.length; + r7.in.new_val = NULL; + + printf("Testing SetSecret of old Secret only\n"); + + status = dcerpc_lsa_SetSecret(p, mem_ctx, &r7); + if (!NT_STATUS_IS_OK(status)) { + printf("SetSecret failed - %s\n", nt_errstr(status)); + ret = False; + } + + data_blob_free(&enc_key); + + /* fetch the secret back again */ + r8.in.handle = &sec_handle; + r8.in.new_val = &bufp1; + r8.in.new_mtime = &new_mtime; + r8.in.old_val = &bufp2; + r8.in.old_mtime = &old_mtime; + + bufp1.buf = NULL; + bufp2.buf = NULL; + + status = dcerpc_lsa_QuerySecret(p, mem_ctx, &r8); + if (!NT_STATUS_IS_OK(status)) { + printf("QuerySecret failed - %s\n", nt_errstr(status)); + ret = False; + } else { + + if (r8.out.new_val->buf == NULL) { + if (i != LOCAL) { + printf("NEW secret buffer not returned after OLD set\n"); + ret = False; + } + } else if (r8.out.old_val->buf == NULL) { + printf("OLD secret buffer not returned after OLD set\n"); + ret = False; + } else if (r8.out.new_mtime == NULL || r8.out.old_mtime == NULL) { + printf("Both times not returned after OLD set\n"); + ret = False; + } else { + blob1.data = r8.out.new_val->buf->data; + blob1.length = r8.out.new_val->buf->length; + + blob2 = data_blob_talloc(mem_ctx, NULL, blob1.length); + + secret6 = sess_decrypt_string(&blob1, &session_key); + + if (strcmp(secret3, secret4) != 0) { + printf("Returned NEW secret '%s' doesn't match '%s'\n", secret4, secret3); + ret = False; + } + + blob1.data = r8.out.old_val->buf->data; + blob1.length = r8.out.old_val->buf->length; + + blob2 = data_blob_talloc(mem_ctx, NULL, blob1.length); + + secret6 = sess_decrypt_string(&blob1, &session_key); + + if (strcmp(secret5, secret6) != 0) { + printf("Returned OLD secret %s doesn't match %s\n", secret5, secret6); + ret = False; + } + + if (*r8.out.new_mtime == *r8.out.old_mtime) { + if (i != GLOBAL) { + printf("Returned secret %s had same mtime for both secrets: %s\n", + secname[i], + nt_time_string(mem_ctx, *r8.out.new_mtime)); + ret = False; + } + } else { + printf("Returned secret %s should have had same mtime for both secrets: %s != %s\n", + secname[i], + nt_time_string(mem_ctx, *r8.out.old_mtime), + nt_time_string(mem_ctx, *r8.out.new_mtime)); + ret = False; + } + } + } + if (!test_Delete(p, mem_ctx, &sec_handle)) { ret = False; } |