diff options
-rw-r--r-- | source4/librpc/idl/drsuapi.idl | 22 | ||||
-rw-r--r-- | source4/torture/rpc/drsuapi.c | 208 |
2 files changed, 44 insertions, 186 deletions
diff --git a/source4/librpc/idl/drsuapi.idl b/source4/librpc/idl/drsuapi.idl index 2ced72398f..93a7caa48c 100644 --- a/source4/librpc/idl/drsuapi.idl +++ b/source4/librpc/idl/drsuapi.idl @@ -11,18 +11,24 @@ interface drsuapi { /*****************/ /* Function 0x00 */ - void DRSUAPI_BIND( - /* [in] 8-60 bytes are possible - * but I saw 56 bytes - */ - [in] uint8 blob[56], - /* [out] 60 bytes */ - [out] uint8 blob[60] + + typedef [flag(NDR_PAHEX)] struct { + uint32 length; + [size_is(length)] uint8 data[]; + } drsuapi_BindInfo; + + NTSTATUS drsuapi_Bind( + [in] GUID *server_guid, + [in] uint32 unknown, + [out] drsuapi_BindInfo *info, + [out,ref] policy_handle *handle ); /*****************/ /* Function 0x01 */ - void DRSUAPI_UNBIND(); + NTSTATUS drsuapi_Unbind( + [in,out,ref] policy_handle *handle + ); /*****************/ /* Function 0x02 */ diff --git a/source4/torture/rpc/drsuapi.c b/source4/torture/rpc/drsuapi.c index d056ab92da..590e8b8f11 100644 --- a/source4/torture/rpc/drsuapi.c +++ b/source4/torture/rpc/drsuapi.c @@ -23,183 +23,47 @@ #include "includes.h" -static const char *machine_password; - #define TEST_MACHINE_NAME "torturetest" -#if 0 -static void reopen(struct dcerpc_pipe **p, const struct dcerpc_interface_table *iface) +static BOOL test_Bind(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, + struct policy_handle *handle) { NTSTATUS status; + struct drsuapi_Bind r; + BOOL ret = True; - if (*p) { - dcerpc_pipe_close(*p); - } + ZERO_STRUCT(r); + r.out.handle = handle; - status = torture_rpc_connection(p, iface->endpoints->names[0], iface->uuid, iface->if_version); + status = dcerpc_drsuapi_Bind(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { - printf("Failed to reopen '%s' - %s\n", iface->name, nt_errstr(status)); - exit(1); - } -} - -static void print_depth(int depth) -{ - int i; - for (i=0;i<depth;i++) { - printf(" "); - } -} - -static void test_ptr_scan(TALLOC_CTX *mem_ctx, const struct dcerpc_interface_table *iface, - int opnum, DATA_BLOB *base_in, int min_ofs, int max_ofs, int depth); - -static void try_expand(TALLOC_CTX *mem_ctx, const struct dcerpc_interface_table *iface, - int opnum, DATA_BLOB *base_in, int insert_ofs, int depth) -{ - DATA_BLOB stub_in, stub_out; - int n; - NTSTATUS status; - struct dcerpc_pipe *p = NULL; - - reopen(&p, iface); - - /* work out how much to expand to get a non fault */ - for (n=0;n<2000;n++) { - stub_in = data_blob(NULL, base_in->length + n); - data_blob_clear(&stub_in); - memcpy(stub_in.data, base_in->data, insert_ofs); - memcpy(stub_in.data+insert_ofs+n, base_in->data+insert_ofs, base_in->length-insert_ofs); - - status = dcerpc_request(p, opnum, mem_ctx, &stub_in, &stub_out); - - if (!NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) { - print_depth(depth); - printf("expand by %d gives %s\n", n, nt_errstr(status)); - if (n >= 4) { - test_ptr_scan(mem_ctx, iface, opnum, &stub_in, - insert_ofs, insert_ofs+n, depth+1); - } - return; - } else { -#if 0 - print_depth(depth); - printf("expand by %d gives fault 0x%x\n", n, p->last_fault_code); -#endif - } - if (p->last_fault_code == 5) { - reopen(&p, iface); - } - } - - dcerpc_pipe_close(p); -} - - -static void test_ptr_scan(TALLOC_CTX *mem_ctx, const struct dcerpc_interface_table *iface, - int opnum, DATA_BLOB *base_in, int min_ofs, int max_ofs, int depth) -{ - DATA_BLOB stub_in, stub_out; - int ofs; - NTSTATUS status; - struct dcerpc_pipe *p = NULL; - - reopen(&p, iface); - - stub_in = data_blob(NULL, base_in->length); - memcpy(stub_in.data, base_in->data, base_in->length); - - /* work out which elements are pointers */ - for (ofs=min_ofs;ofs<=max_ofs-4;ofs+=4) { - SIVAL(stub_in.data, ofs, 1); - status = dcerpc_request(p, opnum, mem_ctx, &stub_in, &stub_out); - - if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) { - print_depth(depth); - printf("possible ptr at ofs %d - fault 0x%08x\n", - ofs-min_ofs, p->last_fault_code); - if (p->last_fault_code == 5) { - reopen(&p, iface); - } - if (depth == 0) { - try_expand(mem_ctx, iface, opnum, &stub_in, ofs+4, depth+1); - } else { - try_expand(mem_ctx, iface, opnum, &stub_in, max_ofs, depth+1); - } - SIVAL(stub_in.data, ofs, 0); - continue; - } - SIVAL(stub_in.data, ofs, 0); - } - - dcerpc_pipe_close(p); -} - - -static void test_scan_call(TALLOC_CTX *mem_ctx, const struct dcerpc_interface_table *iface, int opnum) -{ - DATA_BLOB stub_in, stub_out; - int i; - NTSTATUS status; - struct dcerpc_pipe *p = NULL; - - reopen(&p, iface); - - /* work out the minimum amount of input data */ - for (i=0;i<2000;i++) { - stub_in = data_blob(NULL, i); - data_blob_clear(&stub_in); - - - status = dcerpc_request(p, opnum, mem_ctx, &stub_in, &stub_out); - - if (NT_STATUS_IS_OK(status)) { - printf("opnum %d min_input %d - output %d\n", - opnum, stub_in.length, stub_out.length); - dump_data(0, stub_out.data, stub_out.length); - dcerpc_pipe_close(p); - test_ptr_scan(mem_ctx, iface, opnum, &stub_in, 0, stub_in.length, 0); - return; - } - + const char *errstr = nt_errstr(status); if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) { - printf("opnum %d size %d fault 0x%08x\n", opnum, i, p->last_fault_code); - if (p->last_fault_code == 5) { - reopen(&p, iface); - } - continue; + errstr = dcerpc_errstr(mem_ctx, p->last_fault_code); } - - printf("opnum %d size %d error %s\n", opnum, i, nt_errstr(status)); + printf("drsuapi_Bind level failed - %s\n", errstr); + ret = False; } - printf("opnum %d minimum not found!?\n", opnum); - dcerpc_pipe_close(p); -} - - -static BOOL test_scan(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) -{ - test_scan_call(mem_ctx, &dcerpc_table_drsuapi, 0x0); - return True; + return ret; } -#endif -static BOOL test_DRSBind(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) +static BOOL test_Unbind(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, + struct policy_handle *handle) { NTSTATUS status; - struct DRSUAPI_BIND r; + struct drsuapi_Unbind r; BOOL ret = True; - ZERO_STRUCT(r.in.blob); + r.in.handle = handle; - status = dcerpc_DRSUAPI_BIND(p, mem_ctx, &r); + status = dcerpc_drsuapi_Unbind(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { const char *errstr = nt_errstr(status); if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) { errstr = dcerpc_errstr(mem_ctx, p->last_fault_code); } - printf("DRSUAPI_BIND level failed - %s\n", errstr); + printf("drsuapi_Unbind level failed - %s\n", errstr); ret = False; } @@ -212,37 +76,27 @@ BOOL torture_rpc_drsuapi(int dummy) struct dcerpc_pipe *p; TALLOC_CTX *mem_ctx; BOOL ret = True; - void *join_ctx; - const char *binding = lp_parm_string(-1, "torture", "binding"); + struct policy_handle handle; - if (!binding) { - printf("You must specify a ncacn binding string\n"); + status = torture_rpc_connection(&p, + DCERPC_DRSUAPI_NAME, + DCERPC_DRSUAPI_UUID, + DCERPC_DRSUAPI_VERSION); + if (!NT_STATUS_IS_OK(status)) { return False; } - lp_set_cmdline("netbios name", TEST_MACHINE_NAME); + printf("Connected to DRAUAPI pipe\n"); - join_ctx = torture_join_domain(TEST_MACHINE_NAME, lp_workgroup(), ACB_SVRTRUST, - &machine_password); - if (!join_ctx) { - printf("Failed to join as BDC\n"); - return False; - } + event_loop_once(p->transport.event_context(p)); - status = dcerpc_pipe_connect(&p, binding, - DCERPC_DRSUAPI_UUID, - DCERPC_DRSUAPI_VERSION, - lp_workgroup(), - TEST_MACHINE_NAME"$", - machine_password); + mem_ctx = talloc_init("torture_rpc_drsuapi"); - if (!NT_STATUS_IS_OK(status)) { - return False; + if (!test_Bind(p, mem_ctx, &handle)) { + ret = False; } - mem_ctx = talloc_init("torture_rpc_drsuapi"); - - if (!test_DRSBind(p, mem_ctx)) { + if (!test_Unbind(p, mem_ctx, &handle)) { ret = False; } @@ -255,7 +109,5 @@ BOOL torture_rpc_drsuapi(int dummy) torture_rpc_close(p); - torture_leave_domain(join_ctx); - return ret; } |