summaryrefslogtreecommitdiff
path: root/source4/torture
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2006-02-21 00:07:59 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:51:58 -0500
commit9d1954c25d646c46daa38c3f96f4c4029b9bb417 (patch)
treecf7c42a24e88ba091d9a1f5bf2d460cf45f62790 /source4/torture
parenteefb44079160b66dc69f63a0d9bae955bcb6acc9 (diff)
downloadsamba-9d1954c25d646c46daa38c3f96f4c4029b9bb417.tar.gz
samba-9d1954c25d646c46daa38c3f96f4c4029b9bb417.tar.bz2
samba-9d1954c25d646c46daa38c3f96f4c4029b9bb417.zip
r13583: Realise that the member server name appears in all calls that use the
credentials. Consistantly rename these elements in the IDL to computer_name. Fix the server-side code to always lookup by this name. Add new, even nastier tests to RPC-SCHANNEL to prove this. Andrew Bartlett (This used to be commit 341a0abeb4a9f88d64ffd4681249cb1f643a7a5a)
Diffstat (limited to 'source4/torture')
-rw-r--r--source4/torture/rpc/netlogon.c5
-rw-r--r--source4/torture/rpc/samlogon.c8
-rw-r--r--source4/torture/rpc/samsync.c2
-rw-r--r--source4/torture/rpc/schannel.c30
4 files changed, 34 insertions, 11 deletions
diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c
index 7919e7c441..79e85cce57 100644
--- a/source4/torture/rpc/netlogon.c
+++ b/source4/torture/rpc/netlogon.c
@@ -539,7 +539,7 @@ BOOL test_netlogon_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
ninfo.identity_info.workstation.string = cli_credentials_get_workstation(credentials);
r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
- r.in.workstation = cli_credentials_get_workstation(credentials);
+ r.in.computer_name = cli_credentials_get_workstation(credentials);
r.in.credential = &auth;
r.in.return_authenticator = &auth2;
r.in.logon_level = 2;
@@ -564,7 +564,6 @@ BOOL test_netlogon_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
printf("Credential chaining failed\n");
ret = False;
}
-
}
r.in.credential = NULL;
@@ -573,7 +572,7 @@ BOOL test_netlogon_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
r.in.validation_level = i;
- printf("Testing SamLogon with validation level %d\n", i);
+ printf("Testing SamLogon with validation level %d and a NULL credential\n", i);
status = dcerpc_netr_LogonSamLogon(p, mem_ctx, &r);
if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
diff --git a/source4/torture/rpc/samlogon.c b/source4/torture/rpc/samlogon.c
index 69c9ff6ea9..03bec56ab6 100644
--- a/source4/torture/rpc/samlogon.c
+++ b/source4/torture/rpc/samlogon.c
@@ -1335,17 +1335,17 @@ static BOOL test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
generate_random_buffer(samlogon_state.chall.data, 8);
samlogon_state.r_flags.in.server_name = talloc_asprintf(fn_ctx, "\\\\%s", dcerpc_server_name(p));
- samlogon_state.r_flags.in.workstation = TEST_MACHINE_NAME;
+ samlogon_state.r_flags.in.computer_name = TEST_MACHINE_NAME;
samlogon_state.r_flags.in.credential = &samlogon_state.auth;
samlogon_state.r_flags.in.return_authenticator = &samlogon_state.auth2;
samlogon_state.r_flags.in.flags = 0;
samlogon_state.r_ex.in.server_name = talloc_asprintf(fn_ctx, "\\\\%s", dcerpc_server_name(p));
- samlogon_state.r_ex.in.workstation = TEST_MACHINE_NAME;
+ samlogon_state.r_ex.in.computer_name = TEST_MACHINE_NAME;
samlogon_state.r_ex.in.flags = 0;
samlogon_state.r.in.server_name = talloc_asprintf(fn_ctx, "\\\\%s", dcerpc_server_name(p));
- samlogon_state.r.in.workstation = TEST_MACHINE_NAME;
+ samlogon_state.r.in.computer_name = TEST_MACHINE_NAME;
samlogon_state.r.in.credential = &samlogon_state.auth;
samlogon_state.r.in.return_authenticator = &samlogon_state.auth2;
@@ -1415,7 +1415,7 @@ BOOL test_InteractiveLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
creds_client_authenticator(creds, &a);
r.in.server_name = talloc_asprintf(fn_ctx, "\\\\%s", dcerpc_server_name(p));
- r.in.workstation = TEST_MACHINE_NAME;
+ r.in.computer_name = TEST_MACHINE_NAME;
r.in.credential = &a;
r.in.return_authenticator = &ra;
r.in.logon_level = 5;
diff --git a/source4/torture/rpc/samsync.c b/source4/torture/rpc/samsync.c
index afa47e5932..f0f19f0818 100644
--- a/source4/torture/rpc/samsync.c
+++ b/source4/torture/rpc/samsync.c
@@ -77,7 +77,7 @@ static NTSTATUS test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
}
r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
- r.in.workstation = workstation;
+ r.in.computer_name = workstation;
r.in.credential = &auth;
r.in.return_authenticator = &auth2;
r.in.logon_level = 2;
diff --git a/source4/torture/rpc/schannel.c b/source4/torture/rpc/schannel.c
index 80b223656d..3ad781c145 100644
--- a/source4/torture/rpc/schannel.c
+++ b/source4/torture/rpc/schannel.c
@@ -85,7 +85,7 @@ BOOL test_netlogon_ex_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
ninfo.identity_info.workstation.string = cli_credentials_get_workstation(credentials);
r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
- r.in.workstation = cli_credentials_get_workstation(credentials);
+ r.in.computer_name = cli_credentials_get_workstation(credentials);
r.in.logon_level = 2;
r.in.logon.network = &ninfo;
r.in.flags = 0;
@@ -238,6 +238,7 @@ static BOOL test_schannel(TALLOC_CTX *mem_ctx,
struct dcerpc_pipe *p = NULL;
struct dcerpc_pipe *p_netlogon = NULL;
struct dcerpc_pipe *p_netlogon2 = NULL;
+ struct dcerpc_pipe *p_netlogon3 = NULL;
struct dcerpc_pipe *p_samr2 = NULL;
struct dcerpc_pipe *p_lsa = NULL;
struct creds_CredentialState *creds;
@@ -395,14 +396,37 @@ static BOOL test_schannel(TALLOC_CTX *mem_ctx,
/* Try the schannel-only SamLogonEx operation */
if (!test_netlogon_ex_ops(p_netlogon2, test_ctx, credentials, creds)) {
- printf("Failed to process schannel secured NETLOGON EX ops\n");
+ printf("Failed to process schannel secured NETLOGON EX ops (on fresh connection)\n");
ret = False;
}
/* And the more traditional style, proving that the
* credentials chaining state is fully present */
if (!test_netlogon_ops(p_netlogon2, test_ctx, credentials, creds)) {
- printf("Failed to process schannel secured NETLOGON EX ops\n");
+ printf("Failed to process schannel secured NETLOGON ops (on fresh connection)\n");
+ ret = False;
+ }
+
+ /* Drop the socket, we want to start from scratch (again) */
+ talloc_free(p_samr2);
+
+ /* We don't want schannel for this test */
+ b->flags &= ~DCERPC_AUTH_OPTIONS;
+
+ status = dcerpc_pipe_connect_b(test_ctx, &p_netlogon3, b, &dcerpc_table_netlogon,
+ credentials, NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("Failed to connect without schannel: %s\n", nt_errstr(status));
+ goto failed;
+ }
+
+ if (test_netlogon_ex_ops(p_netlogon3, test_ctx, credentials, creds)) {
+ printf("Processed NOT schannel secured NETLOGON EX ops without SCHANNEL (unsafe)\n");
+ ret = False;
+ }
+
+ if (!test_netlogon_ops(p_netlogon3, test_ctx, credentials, creds)) {
+ printf("Failed to processed NOT schannel secured NETLOGON ops without new ServerAuth\n");
ret = False;
}