diff options
Diffstat (limited to 'source4/torture/rpc')
-rw-r--r-- | source4/torture/rpc/lsa.c | 95 | ||||
-rw-r--r-- | source4/torture/rpc/samsync.c | 71 |
2 files changed, 125 insertions, 41 deletions
diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c index 79e82a25da..11b736d158 100644 --- a/source4/torture/rpc/lsa.c +++ b/source4/torture/rpc/lsa.c @@ -684,6 +684,7 @@ static BOOL test_CreateSecret(struct dcerpc_pipe *p, struct lsa_Delete d; struct lsa_DATA_BUF buf1; struct lsa_DATA_BUF_PTR bufp1; + struct lsa_DATA_BUF_PTR bufp2; DATA_BLOB enc_key; BOOL ret = True; DATA_BLOB session_key; @@ -769,24 +770,24 @@ static BOOL test_CreateSecret(struct dcerpc_pipe *p, if (!NT_STATUS_IS_OK(status)) { printf("QuerySecret failed - %s\n", nt_errstr(status)); ret = False; - } - - if (r4.out.new_val->buf == NULL) { - printf("No secret buffer returned\n"); - ret = False; } else { - blob1.data = r4.out.new_val->buf->data; - blob1.length = r4.out.new_val->buf->length; - - blob2 = data_blob(NULL, blob1.length); - - secret2 = sess_decrypt_string(&blob1, &session_key); - - printf("returned secret '%s'\n", secret2); - - if (strcmp(secret1, secret2) != 0) { - printf("Returned secret doesn't match\n"); + if (r4.out.new_val->buf == NULL) { + printf("No secret buffer returned\n"); ret = False; + } else { + blob1.data = r4.out.new_val->buf->data; + blob1.length = r4.out.new_val->buf->length; + + blob2 = data_blob_talloc(mem_ctx, NULL, blob1.length); + + secret2 = sess_decrypt_string(&blob1, &session_key); + + printf("returned secret '%s'\n", secret2); + + if (strcmp(secret1, secret2) != 0) { + printf("Returned secret doesn't match\n"); + ret = False; + } } } @@ -816,36 +817,60 @@ static BOOL test_CreateSecret(struct dcerpc_pipe *p, r6.in.handle = &sec_handle; r6.in.new_val = &bufp1; r6.in.new_mtime = &new_mtime; - r6.in.old_val = NULL; - r6.in.old_mtime = NULL; + r6.in.old_val = &bufp2; + r6.in.old_mtime = &old_mtime; bufp1.buf = NULL; + bufp2.buf = NULL; status = dcerpc_lsa_QuerySecret(p, mem_ctx, &r6); if (!NT_STATUS_IS_OK(status)) { printf("QuerySecret failed - %s\n", nt_errstr(status)); ret = False; - } - - if (r6.out.new_val->buf == NULL) { - printf("No secret buffer returned\n"); - ret = False; } else { - blob1.data = r6.out.new_val->buf->data; - blob1.length = r6.out.new_val->buf->length; - - blob2 = data_blob(NULL, blob1.length); - - secret4 = sess_decrypt_string(&blob1, &session_key); - - printf("returned secret '%s'\n", secret3); - - if (strcmp(secret3, secret4) != 0) { - printf("Returned secret %s doesn't match %s\n", secret4, secret3); + + if (r6.out.new_val->buf == NULL || r6.out.old_val->buf == NULL + || r6.out.new_mtime == NULL || r6.out.old_mtime == NULL) { + printf("Both secret buffers and both times not returned\n"); ret = False; + } else { + blob1.data = r6.out.new_val->buf->data; + blob1.length = r6.out.new_val->buf->length; + + blob2 = data_blob_talloc(mem_ctx, NULL, blob1.length); + + secret4 = sess_decrypt_string(&blob1, &session_key); + + printf("returned secret '%s'\n", secret4); + + if (strcmp(secret3, secret4) != 0) { + printf("Returned NEW secret %s doesn't match %s\n", secret4, secret3); + ret = False; + } + + blob1.data = r6.out.new_val->buf->data; + blob1.length = r6.out.new_val->buf->length; + + blob2 = data_blob_talloc(mem_ctx, NULL, blob1.length); + + secret2 = sess_decrypt_string(&blob1, &session_key); + + printf("returned OLD secret '%s'\n", secret2); + + if (strcmp(secret3, secret4) != 0) { + printf("Returned secret %s doesn't match %s\n", secret2, secret1); + ret = False; + } + + if (*r6.out.new_mtime == *r6.out.old_mtime) { + printf("Returned secret %s had same mtime for both secrets: %s\n", + secname[i], + nt_time_string(mem_ctx, *r6.out.new_mtime)); + ret = False; + } } } - + if (!test_Delete(p, mem_ctx, &sec_handle)) { ret = False; } diff --git a/source4/torture/rpc/samsync.c b/source4/torture/rpc/samsync.c index 4a71e90957..e393cd40fe 100644 --- a/source4/torture/rpc/samsync.c +++ b/source4/torture/rpc/samsync.c @@ -121,6 +121,7 @@ struct samsync_secret { struct samsync_secret *prev, *next; DATA_BLOB secret; char *name; + NTTIME mtime; }; struct samsync_trusted_domain { @@ -699,11 +700,14 @@ static BOOL samsync_handle_secret(TALLOC_CTX *mem_ctx, struct samsync_state *sam struct netr_DELTA_SECRET *secret = delta->delta_union.secret; const char *name = delta->delta_id_union.name; struct samsync_secret *new = talloc_p(samsync_state, struct samsync_secret); + struct samsync_secret *old = talloc_p(mem_ctx, struct samsync_secret); struct lsa_QuerySecret q; struct lsa_OpenSecret o; struct policy_handle sec_handle; struct lsa_DATA_BUF_PTR bufp1; + struct lsa_DATA_BUF_PTR bufp2; NTTIME new_mtime; + NTTIME old_mtime; BOOL ret = True; DATA_BLOB lsa_blob1, lsa_blob_out, session_key; NTSTATUS status; @@ -716,9 +720,14 @@ static BOOL samsync_handle_secret(TALLOC_CTX *mem_ctx, struct samsync_state *sam new->name = talloc_reference(new, name); new->secret = data_blob_talloc(new, secret->current_cipher.cipher_data, secret->current_cipher.maxlen); + new->mtime = secret->current_cipher_set_time; DLIST_ADD(samsync_state->secrets, new); + old->name = talloc_reference(old, name); + old->secret = data_blob_const(secret->old_cipher.cipher_data, secret->old_cipher.maxlen); + old->mtime = secret->old_cipher_set_time; + o.in.handle = samsync_state->lsa_handle; o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; o.in.name.string = name; @@ -742,22 +751,63 @@ static BOOL samsync_handle_secret(TALLOC_CTX *mem_ctx, struct samsync_state *sam ZERO_STRUCT(new_mtime); + ZERO_STRUCT(old_mtime); /* fetch the secret back again */ q.in.handle = &sec_handle; q.in.new_val = &bufp1; q.in.new_mtime = &new_mtime; - q.in.old_val = NULL; - q.in.old_mtime = NULL; + q.in.old_val = &bufp2; + q.in.old_mtime = &old_mtime; bufp1.buf = NULL; + bufp2.buf = NULL; status = dcerpc_lsa_QuerySecret(samsync_state->p_lsa, mem_ctx, &q); - if (!NT_STATUS_IS_OK(status)) { + if (NT_STATUS_EQUAL(NT_STATUS_ACCESS_DENIED, status)) { + /* some things are just off limits */ + return True; + } else if (!NT_STATUS_IS_OK(status)) { printf("QuerySecret failed - %s\n", nt_errstr(status)); return False; } + if (q.out.old_val->buf == NULL) { + /* probably just not available due to ACLs */ + } else { + lsa_blob1.data = q.out.old_val->buf->data; + lsa_blob1.length = q.out.old_val->buf->length; + + lsa_blob_out = sess_decrypt_blob(mem_ctx, &lsa_blob1, &session_key); + + if (!q.out.old_mtime) { + printf("OLD mtime not available on LSA for secret %s\n", old->name); + ret = False; + } + if (old->mtime != *q.out.old_mtime) { + printf("OLD mtime on secret %s does not match between SAMSYNC (%s) and LSA (%s)\n", + old->name, nt_time_string(mem_ctx, old->mtime), + nt_time_string(mem_ctx, *q.out.old_mtime)); + ret = False; + } + + if (old->secret.length != lsa_blob_out.length) { + printf("Returned secret %s doesn't match: %d != %d\n", + old->name, old->secret.length, lsa_blob_out.length); + ret = False; + } else if (memcmp(lsa_blob_out.data, + old->secret.data, old->secret.length) != 0) { + printf("Returned secret %s doesn't match: \n", + old->name); + DEBUG(1, ("SamSync Secret:\n")); + dump_data(1, old->secret.data, old->secret.length); + DEBUG(1, ("LSA Secret:\n")); + dump_data(1, lsa_blob_out.data, lsa_blob_out.length); + ret = False; + } + + } + if (q.out.new_val->buf == NULL) { /* probably just not available due to ACLs */ } else { @@ -766,13 +816,22 @@ static BOOL samsync_handle_secret(TALLOC_CTX *mem_ctx, struct samsync_state *sam lsa_blob_out = sess_decrypt_blob(mem_ctx, &lsa_blob1, &session_key); + if (!q.out.new_mtime) { + printf("NEW mtime not available on LSA for secret %s\n", new->name); + ret = False; + } + if (new->mtime != *q.out.new_mtime) { + printf("NEW mtime on secret %s does not match between SAMSYNC (%s) and LSA (%s)\n", + new->name, nt_time_string(mem_ctx, new->mtime), + nt_time_string(mem_ctx, *q.out.new_mtime)); + ret = False; + } + if (new->secret.length != lsa_blob_out.length) { printf("Returned secret %s doesn't match: %d != %d\n", new->name, new->secret.length, lsa_blob_out.length); ret = False; - } - - if (memcmp(lsa_blob_out.data, + } else if (memcmp(lsa_blob_out.data, new->secret.data, new->secret.length) != 0) { printf("Returned secret %s doesn't match: \n", new->name); |