summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/libnet/libnet_join.c114
-rw-r--r--source4/torture/rpc/alter_context.c14
-rw-r--r--source4/torture/rpc/lsa.c252
-rw-r--r--source4/torture/rpc/schannel.c134
-rw-r--r--source4/torture/rpc/session_key.c4
5 files changed, 325 insertions, 193 deletions
diff --git a/source4/libnet/libnet_join.c b/source4/libnet/libnet_join.c
index 78f239eab5..ec366aeb73 100644
--- a/source4/libnet/libnet_join.c
+++ b/source4/libnet/libnet_join.c
@@ -227,7 +227,11 @@ static NTSTATUS libnet_JoinADSDomain(struct libnet_context *ctx, struct libnet_J
}
*drsuapi_binding = *samr_binding;
- drsuapi_binding->transport = NCACN_IP_TCP;
+
+ /* DRSUAPI is only available on IP_TCP, and locally on NCALRPC */
+ if (drsuapi_binding->transport != NCALRPC) {
+ drsuapi_binding->transport = NCACN_IP_TCP;
+ }
drsuapi_binding->endpoint = NULL;
drsuapi_binding->flags |= DCERPC_SEAL;
@@ -655,52 +659,57 @@ NTSTATUS libnet_JoinDomain(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, stru
lsa_open_policy.out.handle = &lsa_p_handle;
status = dcerpc_lsa_OpenPolicy2(lsa_pipe, tmp_ctx, &lsa_open_policy);
- if (!NT_STATUS_IS_OK(status)) {
- r->out.error_string = talloc_asprintf(mem_ctx,
- "lsa_OpenPolicy2 failed: %s",
- nt_errstr(status));
- talloc_free(tmp_ctx);
- return status;
- }
-
- /* Look to see if this is ADS (a fault indicates NT4 or Samba 3.0) */
-
- lsa_query_info2.in.handle = &lsa_p_handle;
- lsa_query_info2.in.level = LSA_POLICY_INFO_DNS;
- status = dcerpc_lsa_QueryInfoPolicy2(lsa_pipe, tmp_ctx,
- &lsa_query_info2);
-
- if (!NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
+ /* This now fails on ncacn_ip_tcp against Win2k3 SP1 */
+ if (NT_STATUS_IS_OK(status)) {
+ /* Look to see if this is ADS (a fault indicates NT4 or Samba 3.0) */
+
+ lsa_query_info2.in.handle = &lsa_p_handle;
+ lsa_query_info2.in.level = LSA_POLICY_INFO_DNS;
+
+ status = dcerpc_lsa_QueryInfoPolicy2(lsa_pipe, tmp_ctx,
+ &lsa_query_info2);
+
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
+ if (!NT_STATUS_IS_OK(status)) {
+ r->out.error_string = talloc_asprintf(mem_ctx,
+ "lsa_QueryInfoPolicy2 failed: %s",
+ nt_errstr(status));
+ talloc_free(tmp_ctx);
+ return status;
+ }
+ realm = lsa_query_info2.out.info->dns.dns_domain.string;
+ }
+
+ /* Grab the domain SID (regardless of the result of the previous call */
+
+ lsa_query_info.in.handle = &lsa_p_handle;
+ lsa_query_info.in.level = LSA_POLICY_INFO_DOMAIN;
+
+ status = dcerpc_lsa_QueryInfoPolicy(lsa_pipe, tmp_ctx,
+ &lsa_query_info);
+
if (!NT_STATUS_IS_OK(status)) {
r->out.error_string = talloc_asprintf(mem_ctx,
- "lsa_QueryInfoPolicy2 failed: %s",
- nt_errstr(status));
+ "lsa_QueryInfoPolicy2 failed: %s",
+ nt_errstr(status));
talloc_free(tmp_ctx);
return status;
}
- realm = lsa_query_info2.out.info->dns.dns_domain.string;
- }
-
- /* Grab the domain SID (regardless of the result of the previous call */
-
- lsa_query_info.in.handle = &lsa_p_handle;
- lsa_query_info.in.level = LSA_POLICY_INFO_DOMAIN;
-
- status = dcerpc_lsa_QueryInfoPolicy(lsa_pipe, tmp_ctx,
- &lsa_query_info);
-
- if (!NT_STATUS_IS_OK(status)) {
- r->out.error_string = talloc_asprintf(mem_ctx,
- "lsa_QueryInfoPolicy2 failed: %s",
- nt_errstr(status));
- talloc_free(tmp_ctx);
- return status;
+
+ domain_sid = lsa_query_info.out.info->domain.sid;
+ domain_name = lsa_query_info.out.info->domain.name.string;
+ } else {
+ /* Cause the code further down to try this with just SAMR */
+ domain_sid = NULL;
+ if (r->in.level == LIBNET_JOINDOMAIN_AUTOMATIC) {
+ domain_name = talloc_strdup(tmp_ctx, r->in.domain_name);
+ } else {
+ /* Bugger, we just lost our way to automaticly find the domain name */
+ domain_name = talloc_strdup(tmp_ctx, lp_workgroup());
+ }
}
- domain_sid = lsa_query_info.out.info->domain.sid;
- domain_name = lsa_query_info.out.info->domain.name.string;
-
DEBUG(0, ("Joining domain %s\n", domain_name));
/*
@@ -766,16 +775,25 @@ NTSTATUS libnet_JoinDomain(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, stru
return status;
}
- /* check result of samr_Connect */
- if (!NT_STATUS_IS_OK(sc.out.result)) {
- r->out.error_string = talloc_asprintf(mem_ctx,
- "samr_Connect failed: %s",
- nt_errstr(sc.out.result));
- status = sc.out.result;
- talloc_free(tmp_ctx);
- return status;
+ /* Perhaps we didn't get a SID above, because we are against ncacn_ip_tcp */
+ if (!domain_sid) {
+ struct lsa_String name;
+ struct samr_LookupDomain l;
+ name.string = domain_name;
+ l.in.connect_handle = &p_handle;
+ l.in.domain_name = &name;
+
+ status = dcerpc_samr_LookupDomain(samr_pipe, tmp_ctx, &l);
+ if (!NT_STATUS_IS_OK(status)) {
+ r->out.error_string = talloc_asprintf(mem_ctx,
+ "SAMR LookupDomain failed: %s",
+ nt_errstr(status));
+ talloc_free(tmp_ctx);
+ return status;
+ }
+ domain_sid = l.out.sid;
}
-
+
/* prepare samr_OpenDomain */
ZERO_STRUCT(d_handle);
od.in.connect_handle = &p_handle;
diff --git a/source4/torture/rpc/alter_context.c b/source4/torture/rpc/alter_context.c
index ad00a34913..0b2c324d36 100644
--- a/source4/torture/rpc/alter_context.c
+++ b/source4/torture/rpc/alter_context.c
@@ -31,7 +31,7 @@ BOOL torture_rpc_alter_context(void)
struct dcerpc_pipe *p, *p2;
TALLOC_CTX *mem_ctx;
BOOL ret = True;
- struct policy_handle handle;
+ struct policy_handle *handle;
struct dcerpc_syntax_id syntax;
struct dcerpc_syntax_id transfer_syntax;
@@ -70,8 +70,10 @@ BOOL torture_rpc_alter_context(void)
printf("testing DSSETUP pipe operations\n");
ret &= test_DsRoleGetPrimaryDomainInformation(p2, mem_ctx);
- if (!test_lsa_Close(p, mem_ctx, &handle)) {
- ret = False;
+ if (handle) {
+ if (!test_lsa_Close(p, mem_ctx, handle)) {
+ ret = False;
+ }
}
syntax = p->syntax;
@@ -94,8 +96,10 @@ BOOL torture_rpc_alter_context(void)
ret = False;
}
- if (!test_lsa_Close(p, mem_ctx, &handle)) {
- ret = False;
+ if (handle) {
+ if (!test_lsa_Close(p, mem_ctx, handle)) {
+ ret = False;
+ }
}
printf("testing DSSETUP pipe operations\n");
diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c
index 7630056503..4d53048d8e 100644
--- a/source4/torture/rpc/lsa.c
+++ b/source4/torture/rpc/lsa.c
@@ -58,6 +58,11 @@ static BOOL test_OpenPolicy(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
status = dcerpc_lsa_OpenPolicy(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
+ if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) ||
+ NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED)) {
+ printf("not considering %s to be an error\n", nt_errstr(status));
+ return True;
+ }
printf("OpenPolicy failed - %s\n", nt_errstr(status));
return False;
}
@@ -67,7 +72,7 @@ static BOOL test_OpenPolicy(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
BOOL test_lsa_OpenPolicy2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
- struct policy_handle *handle)
+ struct policy_handle **handle)
{
struct lsa_ObjectAttribute attr;
struct lsa_QosInfo qos;
@@ -76,6 +81,11 @@ BOOL test_lsa_OpenPolicy2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
printf("\ntesting OpenPolicy2\n");
+ *handle = talloc(mem_ctx, struct policy_handle);
+ if (!*handle) {
+ return False;
+ }
+
qos.len = 0;
qos.impersonation_level = 2;
qos.context_mode = 1;
@@ -91,10 +101,17 @@ BOOL test_lsa_OpenPolicy2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
r.in.system_name = "\\";
r.in.attr = &attr;
r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
- r.out.handle = handle;
+ r.out.handle = *handle;
status = dcerpc_lsa_OpenPolicy2(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
+ if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) ||
+ NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED)) {
+ printf("not considering %s to be an error\n", nt_errstr(status));
+ talloc_free(*handle);
+ *handle = NULL;
+ return True;
+ }
printf("OpenPolicy2 failed - %s\n", nt_errstr(status));
return False;
}
@@ -233,6 +250,48 @@ static BOOL test_LookupNames3(struct dcerpc_pipe *p,
return True;
}
+static BOOL test_LookupNames4(struct dcerpc_pipe *p,
+ TALLOC_CTX *mem_ctx,
+ struct lsa_TransNameArray2 *tnames)
+{
+ struct lsa_LookupNames4 r;
+ struct lsa_TransSidArray3 sids;
+ struct lsa_String *names;
+ uint32_t count = 0;
+ NTSTATUS status;
+ int i;
+
+ printf("\nTesting LookupNames4 with %d names\n", tnames->count);
+
+ sids.count = 0;
+ sids.sids = NULL;
+
+ names = talloc_array(mem_ctx, struct lsa_String, tnames->count);
+ for (i=0;i<tnames->count;i++) {
+ init_lsa_String(&names[i], tnames->names[i].name.string);
+ }
+
+ r.in.num_names = tnames->count;
+ r.in.names = names;
+ r.in.sids = &sids;
+ r.in.level = 1;
+ r.in.count = &count;
+ r.in.unknown1 = 0;
+ r.in.unknown2 = 0;
+ r.out.count = &count;
+ r.out.sids = &sids;
+
+ status = dcerpc_lsa_LookupNames4(p, mem_ctx, &r);
+ if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) {
+ printf("LookupNames4 failed - %s\n", nt_errstr(status));
+ return False;
+ }
+
+ printf("\n");
+
+ return True;
+}
+
static BOOL test_LookupSids(struct dcerpc_pipe *p,
TALLOC_CTX *mem_ctx,
@@ -319,7 +378,6 @@ static BOOL test_LookupSids2(struct dcerpc_pipe *p,
static BOOL test_LookupSids3(struct dcerpc_pipe *p,
TALLOC_CTX *mem_ctx,
- struct policy_handle *handle,
struct lsa_SidArray *sids)
{
struct lsa_LookupSids3 r;
@@ -355,19 +413,17 @@ static BOOL test_LookupSids3(struct dcerpc_pipe *p,
printf("\n");
- if (!test_LookupNames3(p, mem_ctx, handle, &names)) {
+ if (!test_LookupNames4(p, mem_ctx, &names)) {
return False;
}
return True;
}
-static BOOL test_many_LookupSids(struct dcerpc_pipe *p,
- TALLOC_CTX *mem_ctx,
- struct policy_handle *handle)
+BOOL test_many_LookupSids(struct dcerpc_pipe *p,
+ TALLOC_CTX *mem_ctx,
+ struct policy_handle *handle)
{
- struct lsa_LookupSids r;
- struct lsa_TransNameArray names;
uint32_t count;
NTSTATUS status;
struct lsa_SidArray sids;
@@ -375,9 +431,6 @@ static BOOL test_many_LookupSids(struct dcerpc_pipe *p,
printf("\nTesting LookupSids with lots of SIDs\n");
- names.count = 0;
- names.names = NULL;
-
sids.num_sids = 100;
sids.sids = talloc_array(mem_ctx, struct lsa_SidPtr, sids.num_sids);
@@ -389,25 +442,68 @@ static BOOL test_many_LookupSids(struct dcerpc_pipe *p,
count = sids.num_sids;
- r.in.handle = handle;
- r.in.sids = &sids;
- r.in.names = &names;
- r.in.level = 1;
- r.in.count = &names.count;
- r.out.count = &count;
- r.out.names = &names;
+ if (handle) {
+ struct lsa_LookupSids r;
+ struct lsa_TransNameArray names;
+ names.count = 0;
+ names.names = NULL;
- status = dcerpc_lsa_LookupSids(p, mem_ctx, &r);
- if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) {
- printf("LookupSids failed - %s\n", nt_errstr(status));
- return False;
+ r.in.handle = handle;
+ r.in.sids = &sids;
+ r.in.names = &names;
+ r.in.level = 1;
+ r.in.count = &names.count;
+ r.out.count = &count;
+ r.out.names = &names;
+
+ status = dcerpc_lsa_LookupSids(p, mem_ctx, &r);
+ if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) {
+ printf("LookupSids failed - %s\n", nt_errstr(status));
+ return False;
+ }
+
+ printf("\n");
+
+ if (!test_LookupNames(p, mem_ctx, handle, &names)) {
+ return False;
+ }
+ } else {
+ struct lsa_LookupSids3 r;
+ struct lsa_TransNameArray2 names;
+
+ names.count = 0;
+ names.names = NULL;
+
+ printf("\nTesting LookupSids3\n");
+
+ r.in.sids = &sids;
+ r.in.names = &names;
+ r.in.level = 1;
+ r.in.count = &count;
+ r.in.unknown1 = 0;
+ r.in.unknown2 = 0;
+ r.out.count = &count;
+ r.out.names = &names;
+
+ status = dcerpc_lsa_LookupSids3(p, mem_ctx, &r);
+ if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) {
+ if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) ||
+ NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED)) {
+ printf("not considering %s to be an error\n", nt_errstr(status));
+ return True;
+ }
+ printf("LookupSids3 failed - %s\n",
+ nt_errstr(status));
+ return False;
+ }
+ if (!test_LookupNames4(p, mem_ctx, &names)) {
+ return False;
+ }
}
printf("\n");
- if (!test_LookupNames(p, mem_ctx, handle, &names)) {
- return False;
- }
+
return True;
}
@@ -1097,7 +1193,7 @@ static BOOL test_EnumAccounts(struct dcerpc_pipe *p,
return False;
}
- if (!test_LookupSids3(p, mem_ctx, handle, &sids1)) {
+ if (!test_LookupSids3(p, mem_ctx, &sids1)) {
return False;
}
@@ -1637,7 +1733,7 @@ BOOL torture_rpc_lsa(void)
struct dcerpc_pipe *p;
TALLOC_CTX *mem_ctx;
BOOL ret = True;
- struct policy_handle handle;
+ struct policy_handle *handle;
mem_ctx = talloc_init("torture_rpc_lsa");
@@ -1659,56 +1755,64 @@ BOOL torture_rpc_lsa(void)
ret = False;
}
- if (!test_QueryDomainInfoPolicy(p, mem_ctx, &handle)) {
- ret = False;
- }
-
- if (!test_many_LookupSids(p, mem_ctx, &handle)) {
- ret = False;
- }
-
- if (!test_CreateAccount(p, mem_ctx, &handle)) {
- ret = False;
- }
-
- if (!test_CreateSecret(p, mem_ctx, &handle)) {
- ret = False;
- }
-
- if (!test_CreateTrustedDomain(p, mem_ctx, &handle)) {
- ret = False;
- }
-
- if (!test_EnumAccounts(p, mem_ctx, &handle)) {
- ret = False;
- }
-
- if (!test_EnumPrivs(p, mem_ctx, &handle)) {
- ret = False;
- }
-
- if (!test_QueryInfoPolicy(p, mem_ctx, &handle)) {
- ret = False;
- }
-
- if (!test_QueryInfoPolicy2(p, mem_ctx, &handle)) {
- ret = False;
- }
-
- if (!test_GetUserName(p, mem_ctx, &handle)) {
- ret = False;
- }
-
+ if (handle) {
+ if (!test_QueryDomainInfoPolicy(p, mem_ctx, handle)) {
+ ret = False;
+ }
+
+ if (!test_CreateAccount(p, mem_ctx, handle)) {
+ ret = False;
+ }
+
+ if (!test_CreateSecret(p, mem_ctx, handle)) {
+ ret = False;
+ }
+
+ if (!test_CreateTrustedDomain(p, mem_ctx, handle)) {
+ ret = False;
+ }
+
+ if (!test_EnumAccounts(p, mem_ctx, handle)) {
+ ret = False;
+ }
+
+ if (!test_EnumPrivs(p, mem_ctx, handle)) {
+ ret = False;
+ }
+
+ if (!test_QueryInfoPolicy(p, mem_ctx, handle)) {
+ ret = False;
+ }
+
+ if (!test_QueryInfoPolicy2(p, mem_ctx, handle)) {
+ ret = False;
+ }
+
+ if (!test_GetUserName(p, mem_ctx, handle)) {
+ ret = False;
+ }
+
#if 0
- if (!test_Delete(p, mem_ctx, &handle)) {
- ret = False;
- }
+ if (!test_Delete(p, mem_ctx, handle)) {
+ ret = False;
+ }
#endif
-
- if (!test_lsa_Close(p, mem_ctx, &handle)) {
- ret = False;
+
+ if (!test_many_LookupSids(p, mem_ctx, handle)) {
+ ret = False;
+ }
+
+ if (!test_lsa_Close(p, mem_ctx, handle)) {
+ ret = False;
+ }
+ } else {
+ if (!test_many_LookupSids(p, mem_ctx, handle)) {
+ ret = False;
+ }
}
+
+
talloc_free(mem_ctx);
return ret;
diff --git a/source4/torture/rpc/schannel.c b/source4/torture/rpc/schannel.c
index 056684631a..05b8695844 100644
--- a/source4/torture/rpc/schannel.c
+++ b/source4/torture/rpc/schannel.c
@@ -25,7 +25,7 @@
#include "librpc/gen_ndr/ndr_netlogon.h"
#include "lib/cmdline/popt_common.h"
-#define TEST_MACHINE_NAME "schanneltest"
+#define TEST_MACHINE_NAME "schannel"
/*
do some samr ops using the schannel connection
@@ -52,19 +52,24 @@ static BOOL test_samr_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
status = dcerpc_samr_Connect(p, mem_ctx, &connect);
if (!NT_STATUS_IS_OK(status)) {
- printf("Connect failed - %s\n", nt_errstr(status));
- return False;
- }
-
- opendom.in.connect_handle = &handle;
- opendom.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
- opendom.in.sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32");
- opendom.out.domain_handle = &domain_handle;
-
- status = dcerpc_samr_OpenDomain(p, mem_ctx, &opendom);
- if (!NT_STATUS_IS_OK(status)) {
- printf("OpenDomain failed - %s\n", nt_errstr(status));
- return False;
+ if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
+ printf("Connect failed (expected, schannel mapped to anonymous): %s\n",
+ nt_errstr(status));
+ } else {
+ printf("Connect failed - %s\n", nt_errstr(status));
+ return False;
+ }
+ } else {
+ opendom.in.connect_handle = &handle;
+ opendom.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+ opendom.in.sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32");
+ opendom.out.domain_handle = &domain_handle;
+
+ status = dcerpc_samr_OpenDomain(p, mem_ctx, &opendom);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("OpenDomain failed - %s\n", nt_errstr(status));
+ return False;
+ }
}
printf("Testing GetDomPwInfo with name %s\n", r.in.domain_name->string);
@@ -73,8 +78,10 @@ static BOOL test_samr_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
for (i=0;i<5;i++) {
status = dcerpc_samr_GetDomPwInfo(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
- printf("GetDomPwInfo op %d failed - %s\n", i, nt_errstr(status));
- return False;
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
+ printf("GetDomPwInfo op %d failed - %s\n", i, nt_errstr(status));
+ return False;
+ }
}
}
@@ -91,7 +98,6 @@ static BOOL test_lsa_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
NTSTATUS status;
BOOL ret = True;
struct lsa_StringPointer authority_name_p;
- int i;
printf("\nTesting GetUserName\n");
@@ -100,34 +106,38 @@ static BOOL test_lsa_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
r.in.authority_name = &authority_name_p;
authority_name_p.string = NULL;
- /* do several ops to test credential chaining */
- for (i=0;i<5;i++) {
- status = dcerpc_lsa_GetUserName(p, mem_ctx, &r);
+ /* do several ops to test credential chaining and various operations */
+ status = dcerpc_lsa_GetUserName(p, mem_ctx, &r);
+
+ if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED)) {
+ printf("not considering %s to be an error\n", nt_errstr(status));
+ } else if (!NT_STATUS_IS_OK(status)) {
+ printf("GetUserName failed - %s\n", nt_errstr(status));
+ return False;
+ } else {
+ if (!r.out.account_name) {
+ return False;
+ }
- if (!NT_STATUS_IS_OK(status)) {
- printf("GetUserName failed - %s\n", nt_errstr(status));
+ if (strcmp(r.out.account_name->string, "ANONYMOUS LOGON") != 0) {
+ printf("GetUserName returned wrong user: %s, expected %s\n",
+ r.out.account_name->string, "ANONYMOUS LOGON");
+ return False;
+ }
+ if (!r.out.authority_name || !r.out.authority_name->string) {
+ return False;
+ }
+
+ if (strcmp(r.out.authority_name->string->string, "NT AUTHORITY") != 0) {
+ printf("GetUserName returned wrong user: %s, expected %s\n",
+ r.out.authority_name->string->string, "NT AUTHORITY");
return False;
- } else {
- if (!r.out.account_name) {
- return False;
- }
-
- if (strcmp(r.out.account_name->string, "ANONYMOUS LOGON") != 0) {
- printf("GetUserName returned wrong user: %s, expected %s\n",
- r.out.account_name->string, "ANONYMOUS LOGON");
- return False;
- }
- if (!r.out.authority_name || !r.out.authority_name->string) {
- return False;
- }
-
- if (strcmp(r.out.authority_name->string->string, "NT AUTHORITY") != 0) {
- printf("GetUserName returned wrong user: %s, expected %s\n",
- r.out.authority_name->string->string, "NT AUTHORITY");
- return False;
- }
}
}
+ if (!test_many_LookupSids(p, mem_ctx, NULL)) {
+ printf("LsaLookupSids3 failed!\n");
+ return False;
+ }
return ret;
}
@@ -137,6 +147,7 @@ static BOOL test_lsa_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
try a netlogon SamLogon
*/
static BOOL test_netlogon_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+ struct cli_credentials *credentials,
struct creds_CredentialState *creds)
{
NTSTATUS status;
@@ -148,12 +159,12 @@ static BOOL test_netlogon_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
int i;
BOOL ret = True;
- ninfo.identity_info.domain_name.string = lp_workgroup();
+ ninfo.identity_info.domain_name.string = cli_credentials_get_domain(cmdline_credentials);
ninfo.identity_info.parameter_control = 0;
ninfo.identity_info.logon_id_low = 0;
ninfo.identity_info.logon_id_high = 0;
ninfo.identity_info.account_name.string = username;
- ninfo.identity_info.workstation.string = TEST_MACHINE_NAME;
+ ninfo.identity_info.workstation.string = cli_credentials_get_workstation(credentials);
generate_random_buffer(ninfo.challenge,
sizeof(ninfo.challenge));
ninfo.nt.length = 24;
@@ -165,7 +176,7 @@ static BOOL test_netlogon_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
- r.in.workstation = TEST_MACHINE_NAME;
+ r.in.workstation = cli_credentials_get_workstation(credentials);
r.in.credential = &auth;
r.in.return_authenticator = &auth2;
r.in.logon_level = 2;
@@ -195,7 +206,7 @@ static BOOL test_netlogon_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
*/
static BOOL test_schannel(TALLOC_CTX *mem_ctx,
uint16_t acct_flags, uint32_t dcerpc_flags,
- uint32_t schannel_type)
+ int i)
{
BOOL ret = True;
@@ -211,7 +222,7 @@ static BOOL test_schannel(TALLOC_CTX *mem_ctx,
TALLOC_CTX *test_ctx = talloc_named(mem_ctx, 0, "test_schannel context");
- join_ctx = torture_join_domain(TEST_MACHINE_NAME,
+ join_ctx = torture_join_domain(talloc_asprintf(mem_ctx, "%s%d", TEST_MACHINE_NAME, i),
acct_flags, &credentials);
if (!join_ctx) {
printf("Failed to join domain with acct_flags=0x%x\n", acct_flags);
@@ -243,11 +254,6 @@ static BOOL test_schannel(TALLOC_CTX *mem_ctx,
ret = False;
}
- status = dcerpc_schannel_creds(p->conn->security_state.generic_state, test_ctx, &creds);
- if (!NT_STATUS_IS_OK(status)) {
- goto failed;
- }
-
/* Also test that when we connect to the netlogon pipe, that
* the credentials we setup on the first pipe are valid for
* the second */
@@ -282,7 +288,7 @@ static BOOL test_schannel(TALLOC_CTX *mem_ctx,
}
/* do a couple of logins */
- if (!test_netlogon_ops(p_netlogon, test_ctx, creds)) {
+ if (!test_netlogon_ops(p_netlogon, test_ctx, credentials, creds)) {
printf("Failed to process schannel secured NETLOGON ops\n");
ret = False;
}
@@ -336,16 +342,15 @@ BOOL torture_rpc_schannel(void)
struct {
uint16_t acct_flags;
uint32_t dcerpc_flags;
- uint32_t schannel_type;
} tests[] = {
- { ACB_WSTRUST, DCERPC_SCHANNEL | DCERPC_SIGN, 3 },
- { ACB_WSTRUST, DCERPC_SCHANNEL | DCERPC_SEAL, 3 },
- { ACB_WSTRUST, DCERPC_SCHANNEL | DCERPC_SIGN | DCERPC_SCHANNEL_128, 3 },
- { ACB_WSTRUST, DCERPC_SCHANNEL | DCERPC_SEAL | DCERPC_SCHANNEL_128, 3 },
- { ACB_SVRTRUST, DCERPC_SCHANNEL | DCERPC_SIGN, 3 },
- { ACB_SVRTRUST, DCERPC_SCHANNEL | DCERPC_SEAL, 3 },
- { ACB_SVRTRUST, DCERPC_SCHANNEL | DCERPC_SIGN | DCERPC_SCHANNEL_128, 3 },
- { ACB_SVRTRUST, DCERPC_SCHANNEL | DCERPC_SEAL | DCERPC_SCHANNEL_128, 3 }
+ { ACB_WSTRUST, DCERPC_SCHANNEL | DCERPC_SIGN},
+ { ACB_WSTRUST, DCERPC_SCHANNEL | DCERPC_SEAL},
+ { ACB_WSTRUST, DCERPC_SCHANNEL | DCERPC_SIGN | DCERPC_SCHANNEL_128},
+ { ACB_WSTRUST, DCERPC_SCHANNEL | DCERPC_SEAL | DCERPC_SCHANNEL_128 },
+ { ACB_SVRTRUST, DCERPC_SCHANNEL | DCERPC_SIGN },
+ { ACB_SVRTRUST, DCERPC_SCHANNEL | DCERPC_SEAL },
+ { ACB_SVRTRUST, DCERPC_SCHANNEL | DCERPC_SIGN | DCERPC_SCHANNEL_128 },
+ { ACB_SVRTRUST, DCERPC_SCHANNEL | DCERPC_SEAL | DCERPC_SCHANNEL_128 }
};
int i;
@@ -353,9 +358,10 @@ BOOL torture_rpc_schannel(void)
for (i=0;i<ARRAY_SIZE(tests);i++) {
if (!test_schannel(mem_ctx,
- tests[i].acct_flags, tests[i].dcerpc_flags, tests[i].schannel_type)) {
- printf("Failed with acct_flags=0x%x dcerpc_flags=0x%x schannel_type=%d\n",
- tests[i].acct_flags, tests[i].dcerpc_flags, tests[i].schannel_type);
+ tests[i].acct_flags, tests[i].dcerpc_flags,
+ i)) {
+ printf("Failed with acct_flags=0x%x dcerpc_flags=0x%x \n",
+ tests[i].acct_flags, tests[i].dcerpc_flags);
ret = False;
break;
}
diff --git a/source4/torture/rpc/session_key.c b/source4/torture/rpc/session_key.c
index ea24b0e35a..035ab7ace2 100644
--- a/source4/torture/rpc/session_key.c
+++ b/source4/torture/rpc/session_key.c
@@ -163,7 +163,7 @@ BOOL torture_rpc_lsa_secrets(void)
struct dcerpc_pipe *p;
TALLOC_CTX *mem_ctx;
BOOL ret = True;
- struct policy_handle handle;
+ struct policy_handle *handle;
mem_ctx = talloc_init("torture_rpc_lsa_secrets");
@@ -181,7 +181,7 @@ BOOL torture_rpc_lsa_secrets(void)
ret = False;
}
- if (!test_CreateSecret_basic(p, mem_ctx, &handle)) {
+ if (!test_CreateSecret_basic(p, mem_ctx, handle)) {
ret = False;
}