diff options
-rw-r--r-- | source4/libnet/libnet_join.c | 114 | ||||
-rw-r--r-- | source4/torture/rpc/alter_context.c | 14 | ||||
-rw-r--r-- | source4/torture/rpc/lsa.c | 252 | ||||
-rw-r--r-- | source4/torture/rpc/schannel.c | 134 | ||||
-rw-r--r-- | source4/torture/rpc/session_key.c | 4 |
5 files changed, 325 insertions, 193 deletions
diff --git a/source4/libnet/libnet_join.c b/source4/libnet/libnet_join.c index 78f239eab5..ec366aeb73 100644 --- a/source4/libnet/libnet_join.c +++ b/source4/libnet/libnet_join.c @@ -227,7 +227,11 @@ static NTSTATUS libnet_JoinADSDomain(struct libnet_context *ctx, struct libnet_J } *drsuapi_binding = *samr_binding; - drsuapi_binding->transport = NCACN_IP_TCP; + + /* DRSUAPI is only available on IP_TCP, and locally on NCALRPC */ + if (drsuapi_binding->transport != NCALRPC) { + drsuapi_binding->transport = NCACN_IP_TCP; + } drsuapi_binding->endpoint = NULL; drsuapi_binding->flags |= DCERPC_SEAL; @@ -655,52 +659,57 @@ NTSTATUS libnet_JoinDomain(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, stru lsa_open_policy.out.handle = &lsa_p_handle; status = dcerpc_lsa_OpenPolicy2(lsa_pipe, tmp_ctx, &lsa_open_policy); - if (!NT_STATUS_IS_OK(status)) { - r->out.error_string = talloc_asprintf(mem_ctx, - "lsa_OpenPolicy2 failed: %s", - nt_errstr(status)); - talloc_free(tmp_ctx); - return status; - } - - /* Look to see if this is ADS (a fault indicates NT4 or Samba 3.0) */ - - lsa_query_info2.in.handle = &lsa_p_handle; - lsa_query_info2.in.level = LSA_POLICY_INFO_DNS; - status = dcerpc_lsa_QueryInfoPolicy2(lsa_pipe, tmp_ctx, - &lsa_query_info2); - - if (!NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) { + /* This now fails on ncacn_ip_tcp against Win2k3 SP1 */ + if (NT_STATUS_IS_OK(status)) { + /* Look to see if this is ADS (a fault indicates NT4 or Samba 3.0) */ + + lsa_query_info2.in.handle = &lsa_p_handle; + lsa_query_info2.in.level = LSA_POLICY_INFO_DNS; + + status = dcerpc_lsa_QueryInfoPolicy2(lsa_pipe, tmp_ctx, + &lsa_query_info2); + + if (!NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) { + if (!NT_STATUS_IS_OK(status)) { + r->out.error_string = talloc_asprintf(mem_ctx, + "lsa_QueryInfoPolicy2 failed: %s", + nt_errstr(status)); + talloc_free(tmp_ctx); + return status; + } + realm = lsa_query_info2.out.info->dns.dns_domain.string; + } + + /* Grab the domain SID (regardless of the result of the previous call */ + + lsa_query_info.in.handle = &lsa_p_handle; + lsa_query_info.in.level = LSA_POLICY_INFO_DOMAIN; + + status = dcerpc_lsa_QueryInfoPolicy(lsa_pipe, tmp_ctx, + &lsa_query_info); + if (!NT_STATUS_IS_OK(status)) { r->out.error_string = talloc_asprintf(mem_ctx, - "lsa_QueryInfoPolicy2 failed: %s", - nt_errstr(status)); + "lsa_QueryInfoPolicy2 failed: %s", + nt_errstr(status)); talloc_free(tmp_ctx); return status; } - realm = lsa_query_info2.out.info->dns.dns_domain.string; - } - - /* Grab the domain SID (regardless of the result of the previous call */ - - lsa_query_info.in.handle = &lsa_p_handle; - lsa_query_info.in.level = LSA_POLICY_INFO_DOMAIN; - - status = dcerpc_lsa_QueryInfoPolicy(lsa_pipe, tmp_ctx, - &lsa_query_info); - - if (!NT_STATUS_IS_OK(status)) { - r->out.error_string = talloc_asprintf(mem_ctx, - "lsa_QueryInfoPolicy2 failed: %s", - nt_errstr(status)); - talloc_free(tmp_ctx); - return status; + + domain_sid = lsa_query_info.out.info->domain.sid; + domain_name = lsa_query_info.out.info->domain.name.string; + } else { + /* Cause the code further down to try this with just SAMR */ + domain_sid = NULL; + if (r->in.level == LIBNET_JOINDOMAIN_AUTOMATIC) { + domain_name = talloc_strdup(tmp_ctx, r->in.domain_name); + } else { + /* Bugger, we just lost our way to automaticly find the domain name */ + domain_name = talloc_strdup(tmp_ctx, lp_workgroup()); + } } - domain_sid = lsa_query_info.out.info->domain.sid; - domain_name = lsa_query_info.out.info->domain.name.string; - DEBUG(0, ("Joining domain %s\n", domain_name)); /* @@ -766,16 +775,25 @@ NTSTATUS libnet_JoinDomain(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, stru return status; } - /* check result of samr_Connect */ - if (!NT_STATUS_IS_OK(sc.out.result)) { - r->out.error_string = talloc_asprintf(mem_ctx, - "samr_Connect failed: %s", - nt_errstr(sc.out.result)); - status = sc.out.result; - talloc_free(tmp_ctx); - return status; + /* Perhaps we didn't get a SID above, because we are against ncacn_ip_tcp */ + if (!domain_sid) { + struct lsa_String name; + struct samr_LookupDomain l; + name.string = domain_name; + l.in.connect_handle = &p_handle; + l.in.domain_name = &name; + + status = dcerpc_samr_LookupDomain(samr_pipe, tmp_ctx, &l); + if (!NT_STATUS_IS_OK(status)) { + r->out.error_string = talloc_asprintf(mem_ctx, + "SAMR LookupDomain failed: %s", + nt_errstr(status)); + talloc_free(tmp_ctx); + return status; + } + domain_sid = l.out.sid; } - + /* prepare samr_OpenDomain */ ZERO_STRUCT(d_handle); od.in.connect_handle = &p_handle; diff --git a/source4/torture/rpc/alter_context.c b/source4/torture/rpc/alter_context.c index ad00a34913..0b2c324d36 100644 --- a/source4/torture/rpc/alter_context.c +++ b/source4/torture/rpc/alter_context.c @@ -31,7 +31,7 @@ BOOL torture_rpc_alter_context(void) struct dcerpc_pipe *p, *p2; TALLOC_CTX *mem_ctx; BOOL ret = True; - struct policy_handle handle; + struct policy_handle *handle; struct dcerpc_syntax_id syntax; struct dcerpc_syntax_id transfer_syntax; @@ -70,8 +70,10 @@ BOOL torture_rpc_alter_context(void) printf("testing DSSETUP pipe operations\n"); ret &= test_DsRoleGetPrimaryDomainInformation(p2, mem_ctx); - if (!test_lsa_Close(p, mem_ctx, &handle)) { - ret = False; + if (handle) { + if (!test_lsa_Close(p, mem_ctx, handle)) { + ret = False; + } } syntax = p->syntax; @@ -94,8 +96,10 @@ BOOL torture_rpc_alter_context(void) ret = False; } - if (!test_lsa_Close(p, mem_ctx, &handle)) { - ret = False; + if (handle) { + if (!test_lsa_Close(p, mem_ctx, handle)) { + ret = False; + } } printf("testing DSSETUP pipe operations\n"); diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c index 7630056503..4d53048d8e 100644 --- a/source4/torture/rpc/lsa.c +++ b/source4/torture/rpc/lsa.c @@ -58,6 +58,11 @@ static BOOL test_OpenPolicy(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) status = dcerpc_lsa_OpenPolicy(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { + if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) || + NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED)) { + printf("not considering %s to be an error\n", nt_errstr(status)); + return True; + } printf("OpenPolicy failed - %s\n", nt_errstr(status)); return False; } @@ -67,7 +72,7 @@ static BOOL test_OpenPolicy(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) BOOL test_lsa_OpenPolicy2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, - struct policy_handle *handle) + struct policy_handle **handle) { struct lsa_ObjectAttribute attr; struct lsa_QosInfo qos; @@ -76,6 +81,11 @@ BOOL test_lsa_OpenPolicy2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, printf("\ntesting OpenPolicy2\n"); + *handle = talloc(mem_ctx, struct policy_handle); + if (!*handle) { + return False; + } + qos.len = 0; qos.impersonation_level = 2; qos.context_mode = 1; @@ -91,10 +101,17 @@ BOOL test_lsa_OpenPolicy2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, r.in.system_name = "\\"; r.in.attr = &attr; r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; - r.out.handle = handle; + r.out.handle = *handle; status = dcerpc_lsa_OpenPolicy2(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { + if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) || + NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED)) { + printf("not considering %s to be an error\n", nt_errstr(status)); + talloc_free(*handle); + *handle = NULL; + return True; + } printf("OpenPolicy2 failed - %s\n", nt_errstr(status)); return False; } @@ -233,6 +250,48 @@ static BOOL test_LookupNames3(struct dcerpc_pipe *p, return True; } +static BOOL test_LookupNames4(struct dcerpc_pipe *p, + TALLOC_CTX *mem_ctx, + struct lsa_TransNameArray2 *tnames) +{ + struct lsa_LookupNames4 r; + struct lsa_TransSidArray3 sids; + struct lsa_String *names; + uint32_t count = 0; + NTSTATUS status; + int i; + + printf("\nTesting LookupNames4 with %d names\n", tnames->count); + + sids.count = 0; + sids.sids = NULL; + + names = talloc_array(mem_ctx, struct lsa_String, tnames->count); + for (i=0;i<tnames->count;i++) { + init_lsa_String(&names[i], tnames->names[i].name.string); + } + + r.in.num_names = tnames->count; + r.in.names = names; + r.in.sids = &sids; + r.in.level = 1; + r.in.count = &count; + r.in.unknown1 = 0; + r.in.unknown2 = 0; + r.out.count = &count; + r.out.sids = &sids; + + status = dcerpc_lsa_LookupNames4(p, mem_ctx, &r); + if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) { + printf("LookupNames4 failed - %s\n", nt_errstr(status)); + return False; + } + + printf("\n"); + + return True; +} + static BOOL test_LookupSids(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, @@ -319,7 +378,6 @@ static BOOL test_LookupSids2(struct dcerpc_pipe *p, static BOOL test_LookupSids3(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, - struct policy_handle *handle, struct lsa_SidArray *sids) { struct lsa_LookupSids3 r; @@ -355,19 +413,17 @@ static BOOL test_LookupSids3(struct dcerpc_pipe *p, printf("\n"); - if (!test_LookupNames3(p, mem_ctx, handle, &names)) { + if (!test_LookupNames4(p, mem_ctx, &names)) { return False; } return True; } -static BOOL test_many_LookupSids(struct dcerpc_pipe *p, - TALLOC_CTX *mem_ctx, - struct policy_handle *handle) +BOOL test_many_LookupSids(struct dcerpc_pipe *p, + TALLOC_CTX *mem_ctx, + struct policy_handle *handle) { - struct lsa_LookupSids r; - struct lsa_TransNameArray names; uint32_t count; NTSTATUS status; struct lsa_SidArray sids; @@ -375,9 +431,6 @@ static BOOL test_many_LookupSids(struct dcerpc_pipe *p, printf("\nTesting LookupSids with lots of SIDs\n"); - names.count = 0; - names.names = NULL; - sids.num_sids = 100; sids.sids = talloc_array(mem_ctx, struct lsa_SidPtr, sids.num_sids); @@ -389,25 +442,68 @@ static BOOL test_many_LookupSids(struct dcerpc_pipe *p, count = sids.num_sids; - r.in.handle = handle; - r.in.sids = &sids; - r.in.names = &names; - r.in.level = 1; - r.in.count = &names.count; - r.out.count = &count; - r.out.names = &names; + if (handle) { + struct lsa_LookupSids r; + struct lsa_TransNameArray names; + names.count = 0; + names.names = NULL; - status = dcerpc_lsa_LookupSids(p, mem_ctx, &r); - if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) { - printf("LookupSids failed - %s\n", nt_errstr(status)); - return False; + r.in.handle = handle; + r.in.sids = &sids; + r.in.names = &names; + r.in.level = 1; + r.in.count = &names.count; + r.out.count = &count; + r.out.names = &names; + + status = dcerpc_lsa_LookupSids(p, mem_ctx, &r); + if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) { + printf("LookupSids failed - %s\n", nt_errstr(status)); + return False; + } + + printf("\n"); + + if (!test_LookupNames(p, mem_ctx, handle, &names)) { + return False; + } + } else { + struct lsa_LookupSids3 r; + struct lsa_TransNameArray2 names; + + names.count = 0; + names.names = NULL; + + printf("\nTesting LookupSids3\n"); + + r.in.sids = &sids; + r.in.names = &names; + r.in.level = 1; + r.in.count = &count; + r.in.unknown1 = 0; + r.in.unknown2 = 0; + r.out.count = &count; + r.out.names = &names; + + status = dcerpc_lsa_LookupSids3(p, mem_ctx, &r); + if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) { + if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) || + NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED)) { + printf("not considering %s to be an error\n", nt_errstr(status)); + return True; + } + printf("LookupSids3 failed - %s\n", + nt_errstr(status)); + return False; + } + if (!test_LookupNames4(p, mem_ctx, &names)) { + return False; + } } printf("\n"); - if (!test_LookupNames(p, mem_ctx, handle, &names)) { - return False; - } + return True; } @@ -1097,7 +1193,7 @@ static BOOL test_EnumAccounts(struct dcerpc_pipe *p, return False; } - if (!test_LookupSids3(p, mem_ctx, handle, &sids1)) { + if (!test_LookupSids3(p, mem_ctx, &sids1)) { return False; } @@ -1637,7 +1733,7 @@ BOOL torture_rpc_lsa(void) struct dcerpc_pipe *p; TALLOC_CTX *mem_ctx; BOOL ret = True; - struct policy_handle handle; + struct policy_handle *handle; mem_ctx = talloc_init("torture_rpc_lsa"); @@ -1659,56 +1755,64 @@ BOOL torture_rpc_lsa(void) ret = False; } - if (!test_QueryDomainInfoPolicy(p, mem_ctx, &handle)) { - ret = False; - } - - if (!test_many_LookupSids(p, mem_ctx, &handle)) { - ret = False; - } - - if (!test_CreateAccount(p, mem_ctx, &handle)) { - ret = False; - } - - if (!test_CreateSecret(p, mem_ctx, &handle)) { - ret = False; - } - - if (!test_CreateTrustedDomain(p, mem_ctx, &handle)) { - ret = False; - } - - if (!test_EnumAccounts(p, mem_ctx, &handle)) { - ret = False; - } - - if (!test_EnumPrivs(p, mem_ctx, &handle)) { - ret = False; - } - - if (!test_QueryInfoPolicy(p, mem_ctx, &handle)) { - ret = False; - } - - if (!test_QueryInfoPolicy2(p, mem_ctx, &handle)) { - ret = False; - } - - if (!test_GetUserName(p, mem_ctx, &handle)) { - ret = False; - } - + if (handle) { + if (!test_QueryDomainInfoPolicy(p, mem_ctx, handle)) { + ret = False; + } + + if (!test_CreateAccount(p, mem_ctx, handle)) { + ret = False; + } + + if (!test_CreateSecret(p, mem_ctx, handle)) { + ret = False; + } + + if (!test_CreateTrustedDomain(p, mem_ctx, handle)) { + ret = False; + } + + if (!test_EnumAccounts(p, mem_ctx, handle)) { + ret = False; + } + + if (!test_EnumPrivs(p, mem_ctx, handle)) { + ret = False; + } + + if (!test_QueryInfoPolicy(p, mem_ctx, handle)) { + ret = False; + } + + if (!test_QueryInfoPolicy2(p, mem_ctx, handle)) { + ret = False; + } + + if (!test_GetUserName(p, mem_ctx, handle)) { + ret = False; + } + #if 0 - if (!test_Delete(p, mem_ctx, &handle)) { - ret = False; - } + if (!test_Delete(p, mem_ctx, handle)) { + ret = False; + } #endif - - if (!test_lsa_Close(p, mem_ctx, &handle)) { - ret = False; + + if (!test_many_LookupSids(p, mem_ctx, handle)) { + ret = False; + } + + if (!test_lsa_Close(p, mem_ctx, handle)) { + ret = False; + } + } else { + if (!test_many_LookupSids(p, mem_ctx, handle)) { + ret = False; + } } + + talloc_free(mem_ctx); return ret; diff --git a/source4/torture/rpc/schannel.c b/source4/torture/rpc/schannel.c index 056684631a..05b8695844 100644 --- a/source4/torture/rpc/schannel.c +++ b/source4/torture/rpc/schannel.c @@ -25,7 +25,7 @@ #include "librpc/gen_ndr/ndr_netlogon.h" #include "lib/cmdline/popt_common.h" -#define TEST_MACHINE_NAME "schanneltest" +#define TEST_MACHINE_NAME "schannel" /* do some samr ops using the schannel connection @@ -52,19 +52,24 @@ static BOOL test_samr_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) status = dcerpc_samr_Connect(p, mem_ctx, &connect); if (!NT_STATUS_IS_OK(status)) { - printf("Connect failed - %s\n", nt_errstr(status)); - return False; - } - - opendom.in.connect_handle = &handle; - opendom.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; - opendom.in.sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32"); - opendom.out.domain_handle = &domain_handle; - - status = dcerpc_samr_OpenDomain(p, mem_ctx, &opendom); - if (!NT_STATUS_IS_OK(status)) { - printf("OpenDomain failed - %s\n", nt_errstr(status)); - return False; + if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) { + printf("Connect failed (expected, schannel mapped to anonymous): %s\n", + nt_errstr(status)); + } else { + printf("Connect failed - %s\n", nt_errstr(status)); + return False; + } + } else { + opendom.in.connect_handle = &handle; + opendom.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; + opendom.in.sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32"); + opendom.out.domain_handle = &domain_handle; + + status = dcerpc_samr_OpenDomain(p, mem_ctx, &opendom); + if (!NT_STATUS_IS_OK(status)) { + printf("OpenDomain failed - %s\n", nt_errstr(status)); + return False; + } } printf("Testing GetDomPwInfo with name %s\n", r.in.domain_name->string); @@ -73,8 +78,10 @@ static BOOL test_samr_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) for (i=0;i<5;i++) { status = dcerpc_samr_GetDomPwInfo(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { - printf("GetDomPwInfo op %d failed - %s\n", i, nt_errstr(status)); - return False; + if (!NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) { + printf("GetDomPwInfo op %d failed - %s\n", i, nt_errstr(status)); + return False; + } } } @@ -91,7 +98,6 @@ static BOOL test_lsa_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) NTSTATUS status; BOOL ret = True; struct lsa_StringPointer authority_name_p; - int i; printf("\nTesting GetUserName\n"); @@ -100,34 +106,38 @@ static BOOL test_lsa_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) r.in.authority_name = &authority_name_p; authority_name_p.string = NULL; - /* do several ops to test credential chaining */ - for (i=0;i<5;i++) { - status = dcerpc_lsa_GetUserName(p, mem_ctx, &r); + /* do several ops to test credential chaining and various operations */ + status = dcerpc_lsa_GetUserName(p, mem_ctx, &r); + + if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED)) { + printf("not considering %s to be an error\n", nt_errstr(status)); + } else if (!NT_STATUS_IS_OK(status)) { + printf("GetUserName failed - %s\n", nt_errstr(status)); + return False; + } else { + if (!r.out.account_name) { + return False; + } - if (!NT_STATUS_IS_OK(status)) { - printf("GetUserName failed - %s\n", nt_errstr(status)); + if (strcmp(r.out.account_name->string, "ANONYMOUS LOGON") != 0) { + printf("GetUserName returned wrong user: %s, expected %s\n", + r.out.account_name->string, "ANONYMOUS LOGON"); + return False; + } + if (!r.out.authority_name || !r.out.authority_name->string) { + return False; + } + + if (strcmp(r.out.authority_name->string->string, "NT AUTHORITY") != 0) { + printf("GetUserName returned wrong user: %s, expected %s\n", + r.out.authority_name->string->string, "NT AUTHORITY"); return False; - } else { - if (!r.out.account_name) { - return False; - } - - if (strcmp(r.out.account_name->string, "ANONYMOUS LOGON") != 0) { - printf("GetUserName returned wrong user: %s, expected %s\n", - r.out.account_name->string, "ANONYMOUS LOGON"); - return False; - } - if (!r.out.authority_name || !r.out.authority_name->string) { - return False; - } - - if (strcmp(r.out.authority_name->string->string, "NT AUTHORITY") != 0) { - printf("GetUserName returned wrong user: %s, expected %s\n", - r.out.authority_name->string->string, "NT AUTHORITY"); - return False; - } } } + if (!test_many_LookupSids(p, mem_ctx, NULL)) { + printf("LsaLookupSids3 failed!\n"); + return False; + } return ret; } @@ -137,6 +147,7 @@ static BOOL test_lsa_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) try a netlogon SamLogon */ static BOOL test_netlogon_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, + struct cli_credentials *credentials, struct creds_CredentialState *creds) { NTSTATUS status; @@ -148,12 +159,12 @@ static BOOL test_netlogon_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, int i; BOOL ret = True; - ninfo.identity_info.domain_name.string = lp_workgroup(); + ninfo.identity_info.domain_name.string = cli_credentials_get_domain(cmdline_credentials); ninfo.identity_info.parameter_control = 0; ninfo.identity_info.logon_id_low = 0; ninfo.identity_info.logon_id_high = 0; ninfo.identity_info.account_name.string = username; - ninfo.identity_info.workstation.string = TEST_MACHINE_NAME; + ninfo.identity_info.workstation.string = cli_credentials_get_workstation(credentials); generate_random_buffer(ninfo.challenge, sizeof(ninfo.challenge)); ninfo.nt.length = 24; @@ -165,7 +176,7 @@ static BOOL test_netlogon_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p)); - r.in.workstation = TEST_MACHINE_NAME; + r.in.workstation = cli_credentials_get_workstation(credentials); r.in.credential = &auth; r.in.return_authenticator = &auth2; r.in.logon_level = 2; @@ -195,7 +206,7 @@ static BOOL test_netlogon_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, */ static BOOL test_schannel(TALLOC_CTX *mem_ctx, uint16_t acct_flags, uint32_t dcerpc_flags, - uint32_t schannel_type) + int i) { BOOL ret = True; @@ -211,7 +222,7 @@ static BOOL test_schannel(TALLOC_CTX *mem_ctx, TALLOC_CTX *test_ctx = talloc_named(mem_ctx, 0, "test_schannel context"); - join_ctx = torture_join_domain(TEST_MACHINE_NAME, + join_ctx = torture_join_domain(talloc_asprintf(mem_ctx, "%s%d", TEST_MACHINE_NAME, i), acct_flags, &credentials); if (!join_ctx) { printf("Failed to join domain with acct_flags=0x%x\n", acct_flags); @@ -243,11 +254,6 @@ static BOOL test_schannel(TALLOC_CTX *mem_ctx, ret = False; } - status = dcerpc_schannel_creds(p->conn->security_state.generic_state, test_ctx, &creds); - if (!NT_STATUS_IS_OK(status)) { - goto failed; - } - /* Also test that when we connect to the netlogon pipe, that * the credentials we setup on the first pipe are valid for * the second */ @@ -282,7 +288,7 @@ static BOOL test_schannel(TALLOC_CTX *mem_ctx, } /* do a couple of logins */ - if (!test_netlogon_ops(p_netlogon, test_ctx, creds)) { + if (!test_netlogon_ops(p_netlogon, test_ctx, credentials, creds)) { printf("Failed to process schannel secured NETLOGON ops\n"); ret = False; } @@ -336,16 +342,15 @@ BOOL torture_rpc_schannel(void) struct { uint16_t acct_flags; uint32_t dcerpc_flags; - uint32_t schannel_type; } tests[] = { - { ACB_WSTRUST, DCERPC_SCHANNEL | DCERPC_SIGN, 3 }, - { ACB_WSTRUST, DCERPC_SCHANNEL | DCERPC_SEAL, 3 }, - { ACB_WSTRUST, DCERPC_SCHANNEL | DCERPC_SIGN | DCERPC_SCHANNEL_128, 3 }, - { ACB_WSTRUST, DCERPC_SCHANNEL | DCERPC_SEAL | DCERPC_SCHANNEL_128, 3 }, - { ACB_SVRTRUST, DCERPC_SCHANNEL | DCERPC_SIGN, 3 }, - { ACB_SVRTRUST, DCERPC_SCHANNEL | DCERPC_SEAL, 3 }, - { ACB_SVRTRUST, DCERPC_SCHANNEL | DCERPC_SIGN | DCERPC_SCHANNEL_128, 3 }, - { ACB_SVRTRUST, DCERPC_SCHANNEL | DCERPC_SEAL | DCERPC_SCHANNEL_128, 3 } + { ACB_WSTRUST, DCERPC_SCHANNEL | DCERPC_SIGN}, + { ACB_WSTRUST, DCERPC_SCHANNEL | DCERPC_SEAL}, + { ACB_WSTRUST, DCERPC_SCHANNEL | DCERPC_SIGN | DCERPC_SCHANNEL_128}, + { ACB_WSTRUST, DCERPC_SCHANNEL | DCERPC_SEAL | DCERPC_SCHANNEL_128 }, + { ACB_SVRTRUST, DCERPC_SCHANNEL | DCERPC_SIGN }, + { ACB_SVRTRUST, DCERPC_SCHANNEL | DCERPC_SEAL }, + { ACB_SVRTRUST, DCERPC_SCHANNEL | DCERPC_SIGN | DCERPC_SCHANNEL_128 }, + { ACB_SVRTRUST, DCERPC_SCHANNEL | DCERPC_SEAL | DCERPC_SCHANNEL_128 } }; int i; @@ -353,9 +358,10 @@ BOOL torture_rpc_schannel(void) for (i=0;i<ARRAY_SIZE(tests);i++) { if (!test_schannel(mem_ctx, - tests[i].acct_flags, tests[i].dcerpc_flags, tests[i].schannel_type)) { - printf("Failed with acct_flags=0x%x dcerpc_flags=0x%x schannel_type=%d\n", - tests[i].acct_flags, tests[i].dcerpc_flags, tests[i].schannel_type); + tests[i].acct_flags, tests[i].dcerpc_flags, + i)) { + printf("Failed with acct_flags=0x%x dcerpc_flags=0x%x \n", + tests[i].acct_flags, tests[i].dcerpc_flags); ret = False; break; } diff --git a/source4/torture/rpc/session_key.c b/source4/torture/rpc/session_key.c index ea24b0e35a..035ab7ace2 100644 --- a/source4/torture/rpc/session_key.c +++ b/source4/torture/rpc/session_key.c @@ -163,7 +163,7 @@ BOOL torture_rpc_lsa_secrets(void) struct dcerpc_pipe *p; TALLOC_CTX *mem_ctx; BOOL ret = True; - struct policy_handle handle; + struct policy_handle *handle; mem_ctx = talloc_init("torture_rpc_lsa_secrets"); @@ -181,7 +181,7 @@ BOOL torture_rpc_lsa_secrets(void) ret = False; } - if (!test_CreateSecret_basic(p, mem_ctx, &handle)) { + if (!test_CreateSecret_basic(p, mem_ctx, handle)) { ret = False; } |