diff options
| -rwxr-xr-x | source4/script/tests/test_rpc_quick.sh | 6 | ||||
| -rw-r--r-- | source4/torture/rpc/schannel.c | 29 |
2 files changed, 32 insertions, 3 deletions
diff --git a/source4/script/tests/test_rpc_quick.sh b/source4/script/tests/test_rpc_quick.sh index fe3fad73ea..62b2d6cb9d 100755 --- a/source4/script/tests/test_rpc_quick.sh +++ b/source4/script/tests/test_rpc_quick.sh @@ -2,9 +2,9 @@ # add tests to this list as they start passing, so we test # that they stay passing -ncacn_np_tests="RPC-ALTERCONTEXT RPC-JOIN RPC-ECHO" -ncalrpc_tests="RPC-ALTERCONTEXT RPC-JOIN RPC-ECHO" -ncacn_ip_tcp_tests="RPC-ALTERCONTEXT RPC-JOIN RPC-ECHO" +ncacn_np_tests="RPC-ALTERCONTEXT RPC-JOIN RPC-ECHO RPC-SCHANNEL" +ncalrpc_tests="RPC-ALTERCONTEXT RPC-JOIN RPC-ECHO RPC-SCHANNEL" +ncacn_ip_tcp_tests="RPC-ALTERCONTEXT RPC-JOIN RPC-ECHO RPC-SCHANNEL" if [ $# -lt 4 ]; then cat <<EOF diff --git a/source4/torture/rpc/schannel.c b/source4/torture/rpc/schannel.c index 4e9d644138..9341fc4a93 100644 --- a/source4/torture/rpc/schannel.c +++ b/source4/torture/rpc/schannel.c @@ -157,6 +157,7 @@ static BOOL test_schannel(TALLOC_CTX *mem_ctx, struct dcerpc_binding *b; struct dcerpc_pipe *p = NULL; struct dcerpc_pipe *p_netlogon = NULL; + struct dcerpc_pipe *p_samr2 = NULL; struct dcerpc_pipe *p_lsa = NULL; struct creds_CredentialState *creds; struct cli_credentials *credentials; @@ -256,6 +257,34 @@ static BOOL test_schannel(TALLOC_CTX *mem_ctx, ret = False; } + /* Drop the socket, we want to start from scratch */ + talloc_free(p); + p = NULL; + + /* Now see what we are still allowed to do */ + + status = dcerpc_parse_binding(test_ctx, binding, &b); + if (!NT_STATUS_IS_OK(status)) { + printf("Bad binding string %s\n", binding); + goto failed; + } + + b->flags &= ~DCERPC_AUTH_OPTIONS; + b->flags |= dcerpc_flags; + + status = dcerpc_pipe_connect_b(test_ctx, &p_samr2, b, &dcerpc_table_samr, + credentials, NULL); + if (!NT_STATUS_IS_OK(status)) { + printf("Failed to connect with schannel: %s\n", nt_errstr(status)); + goto failed; + } + + /* do a couple of logins. We have *not* done a new serverauthenticate */ + if (!test_samr_ops(p_samr2, test_ctx)) { + printf("Failed to process schannel secured SAMR ops (on fresh connection)\n"); + ret = False; + } + torture_leave_domain(join_ctx); talloc_free(test_ctx); return ret; |