diff options
Diffstat (limited to 'source4/torture')
| -rw-r--r-- | source4/torture/libnet/userinfo.c | 4 | ||||
| -rw-r--r-- | source4/torture/local/binding_string.c | 14 | ||||
| -rw-r--r-- | source4/torture/rpc/bind.c | 26 | ||||
| -rw-r--r-- | source4/torture/rpc/epmapper.c | 4 | ||||
| -rw-r--r-- | source4/torture/rpc/mgmt.c | 10 | ||||
| -rw-r--r-- | source4/torture/rpc/netlogon.c | 148 | ||||
| -rw-r--r-- | source4/torture/rpc/samlogon.c | 235 | ||||
| -rw-r--r-- | source4/torture/rpc/samsync.c | 43 | ||||
| -rw-r--r-- | source4/torture/rpc/scanner.c | 10 | ||||
| -rw-r--r-- | source4/torture/rpc/schannel.c | 50 | ||||
| -rw-r--r-- | source4/torture/rpc/spoolss.c | 21 | ||||
| -rw-r--r-- | source4/torture/rpc/testjoin.c | 6 | ||||
| -rw-r--r-- | source4/torture/rpc/xplogin.c | 53 | ||||
| -rw-r--r-- | source4/torture/torture.c | 10 |
14 files changed, 357 insertions, 277 deletions
diff --git a/source4/torture/libnet/userinfo.c b/source4/torture/libnet/userinfo.c index c541474a75..9a775277cb 100644 --- a/source4/torture/libnet/userinfo.c +++ b/source4/torture/libnet/userinfo.c @@ -209,7 +209,7 @@ BOOL torture_userinfo(void) NTSTATUS status; const char *binding; struct dcerpc_pipe *p; - struct dcerpc_binding b; + struct dcerpc_binding *b; TALLOC_CTX *mem_ctx; BOOL ret = True; struct policy_handle h; @@ -236,7 +236,7 @@ BOOL torture_userinfo(void) ret = False; goto done; } - name.string = b.host; + name.string = b->host; if (!test_opendomain(p, mem_ctx, &h, &name, &sid)) { ret = False; diff --git a/source4/torture/local/binding_string.c b/source4/torture/local/binding_string.c index 66e8a5350f..79d1e89ed6 100644 --- a/source4/torture/local/binding_string.c +++ b/source4/torture/local/binding_string.c @@ -25,7 +25,7 @@ static BOOL test_BindingString(TALLOC_CTX *mem_ctx, const char *binding) { - struct dcerpc_binding b, b2; + struct dcerpc_binding *b, *b2; const char *s, *s2; struct epm_tower tower; NTSTATUS status; @@ -37,7 +37,7 @@ static BOOL test_BindingString(TALLOC_CTX *mem_ctx, const char *binding) return False; } - s = dcerpc_binding_string(mem_ctx, &b); + s = dcerpc_binding_string(mem_ctx, b); if (!s) { DEBUG(0, ("Error converting binding back to string for '%s'\n", binding)); return False; @@ -49,7 +49,7 @@ static BOOL test_BindingString(TALLOC_CTX *mem_ctx, const char *binding) } /* Generate protocol towers */ - status = dcerpc_binding_build_tower(mem_ctx, &b, &tower); + status = dcerpc_binding_build_tower(mem_ctx, b, &tower); if (NT_STATUS_IS_ERR(status)) { DEBUG(0, ("Error generating protocol tower from '%s': %s\n", binding, nt_errstr(status))); return False; @@ -65,18 +65,18 @@ static BOOL test_BindingString(TALLOC_CTX *mem_ctx, const char *binding) /* Compare to a stripped down version of the binding string because * the protocol tower doesn't contain the extra option data */ - b.options = NULL; + b->options = NULL; - b.flags = 0; + b->flags = 0; - s = dcerpc_binding_string(mem_ctx, &b); + s = dcerpc_binding_string(mem_ctx, b); if (!s) { DEBUG(0, ("Error converting binding back to string for (stripped down) '%s'\n", binding)); return False; } - s2 = dcerpc_binding_string(mem_ctx, &b2); + s2 = dcerpc_binding_string(mem_ctx, b2); if (!s) { DEBUG(0, ("Error converting binding back to string for '%s'\n", binding)); return False; diff --git a/source4/torture/rpc/bind.c b/source4/torture/rpc/bind.c index 10ffa50289..3eb02c31eb 100644 --- a/source4/torture/rpc/bind.c +++ b/source4/torture/rpc/bind.c @@ -37,12 +37,12 @@ BOOL torture_multi_bind(void) { struct dcerpc_pipe *p; + const char *workstation = lp_netbios_name(); const char *domain = lp_parm_string(-1, "torture", "userdomain"); const char *username = lp_parm_string(-1, "torture", "username"); const char *password = lp_parm_string(-1, "torture", "password"); const char *pipe_uuid = DCERPC_LSARPC_UUID; uint32_t pipe_version = DCERPC_LSARPC_VERSION; - struct dcerpc_binding b; struct dcerpc_binding *binding; const char *binding_string = lp_parm_string(-1, "torture", "binding"); TALLOC_CTX *mem_ctx; @@ -51,15 +51,13 @@ BOOL torture_multi_bind(void) mem_ctx = talloc_init("torture_multi_bind"); - status = dcerpc_parse_binding(mem_ctx, binding_string, &b); + status = dcerpc_parse_binding(mem_ctx, binding_string, &binding); if (!NT_STATUS_IS_OK(status)) { printf("Failed to parse dcerpc binding '%s'\n", binding_string); talloc_free(mem_ctx); return False; } - binding = &b; - status = torture_rpc_connection(&p, NULL, pipe_uuid, @@ -69,24 +67,8 @@ BOOL torture_multi_bind(void) return False; } - if (username && username[0] && (binding->flags & DCERPC_SCHANNEL_ANY)) { - status = dcerpc_bind_auth_schannel(p, pipe_uuid, pipe_version, - domain, username, password); - } else if (username && username[0]) { - uint8_t auth_type; - if (binding->flags & DCERPC_AUTH_SPNEGO) { - auth_type = DCERPC_AUTH_TYPE_SPNEGO; - } else { - auth_type = DCERPC_AUTH_TYPE_NTLMSSP; - } - - status = dcerpc_bind_auth_password(p, pipe_uuid, pipe_version, - domain, username, password, - auth_type, - binding->authservice); - } else { - status = dcerpc_bind_auth_none(p, pipe_uuid, pipe_version); - } + status = dcerpc_pipe_auth(p, binding, pipe_uuid, pipe_version, + workstation, domain, username, password); if (NT_STATUS_IS_OK(status)) { printf("(incorrectly) allowed re-bind to uuid %s - %s\n", diff --git a/source4/torture/rpc/epmapper.c b/source4/torture/rpc/epmapper.c index eecfdb3f89..debcd98756 100644 --- a/source4/torture/rpc/epmapper.c +++ b/source4/torture/rpc/epmapper.c @@ -213,7 +213,7 @@ static BOOL test_Insert(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) { NTSTATUS status; struct epm_Insert r; - struct dcerpc_binding bd; + struct dcerpc_binding *bd; r.in.num_ents = 1; @@ -228,7 +228,7 @@ static BOOL test_Insert(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) r.in.entries[0].tower = talloc(mem_ctx, struct epm_twr_t); - status = dcerpc_binding_build_tower(mem_ctx, &bd, &r.in.entries[0].tower->tower); + status = dcerpc_binding_build_tower(mem_ctx, bd, &r.in.entries[0].tower->tower); if (NT_STATUS_IS_ERR(status)) { printf("Unable to build tower from binding struct\n"); return False; diff --git a/source4/torture/rpc/mgmt.c b/source4/torture/rpc/mgmt.c index 1dea24517d..cb2023b64c 100644 --- a/source4/torture/rpc/mgmt.c +++ b/source4/torture/rpc/mgmt.c @@ -181,7 +181,7 @@ BOOL torture_rpc_mgmt(void) BOOL ret = True; const char *binding = lp_parm_string(-1, "torture", "binding"); const struct dcerpc_interface_list *l; - struct dcerpc_binding b; + struct dcerpc_binding *b; mem_ctx = talloc_init("torture_rpc_mgmt"); @@ -205,8 +205,8 @@ BOOL torture_rpc_mgmt(void) printf("\nTesting pipe '%s'\n", l->table->name); - if (b.transport == NCACN_IP_TCP) { - status = dcerpc_epm_map_binding(mem_ctx, &b, + if (b->transport == NCACN_IP_TCP) { + status = dcerpc_epm_map_binding(mem_ctx, b, l->table->uuid, l->table->if_version); if (!NT_STATUS_IS_OK(status)) { @@ -214,10 +214,10 @@ BOOL torture_rpc_mgmt(void) continue; } } else { - b.endpoint = l->table->name; + b->endpoint = talloc_strdup(b, l->table->name); } - lp_set_cmdline("torture:binding", dcerpc_binding_string(mem_ctx, &b)); + lp_set_cmdline("torture:binding", dcerpc_binding_string(mem_ctx, b)); status = torture_rpc_connection(&p, l->table->name, diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c index 7c516da118..2266659c37 100644 --- a/source4/torture/rpc/netlogon.c +++ b/source4/torture/rpc/netlogon.c @@ -76,16 +76,22 @@ static BOOL test_LogonUasLogoff(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) BOOL test_SetupCredentials(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, const char *machine_name, const char *plain_pass, - struct creds_CredentialState *creds) + struct creds_CredentialState **creds_out) { NTSTATUS status; struct netr_ServerReqChallenge r; struct netr_ServerAuthenticate a; struct netr_Credential credentials1, credentials2, credentials3; + struct creds_CredentialState *creds; struct samr_Password mach_password; printf("Testing ServerReqChallenge\n"); + creds = talloc(mem_ctx, struct creds_CredentialState); + if (!creds) { + return False; + } + r.in.server_name = NULL; r.in.computer_name = machine_name; r.in.credentials = &credentials1; @@ -108,7 +114,11 @@ BOOL test_SetupCredentials(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, a.in.credentials = &credentials3; a.out.credentials = &credentials3; - creds_client_init(creds, &credentials1, &credentials2, &mach_password, &credentials3, + creds_client_init(creds, &credentials1, &credentials2, + machine_name, + lp_workgroup(), + a.in.account_name, + &mach_password, &credentials3, 0); printf("Testing ServerAuthenticate\n"); @@ -124,6 +134,7 @@ BOOL test_SetupCredentials(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, return False; } + *creds_out = creds; return True; } @@ -132,16 +143,22 @@ BOOL test_SetupCredentials2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, const char *machine_name, const char *plain_pass, int sec_chan_type, - struct creds_CredentialState *creds) + struct creds_CredentialState **creds_out) { NTSTATUS status; struct netr_ServerReqChallenge r; struct netr_ServerAuthenticate2 a; struct netr_Credential credentials1, credentials2, credentials3; + struct creds_CredentialState *creds; struct samr_Password mach_password; printf("Testing ServerReqChallenge\n"); + creds = talloc(mem_ctx, struct creds_CredentialState); + if (!creds) { + return False; + } + r.in.server_name = NULL; r.in.computer_name = machine_name; r.in.credentials = &credentials1; @@ -166,7 +183,11 @@ BOOL test_SetupCredentials2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, a.in.credentials = &credentials3; a.out.credentials = &credentials3; - creds_client_init(creds, &credentials1, &credentials2, &mach_password, &credentials3, + creds_client_init(creds, &credentials1, &credentials2, + machine_name, + lp_workgroup(), + a.in.account_name, + &mach_password, &credentials3, negotiate_flags); printf("Testing ServerAuthenticate2\n"); @@ -184,6 +205,7 @@ BOOL test_SetupCredentials2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, printf("negotiate_flags=0x%08x\n", negotiate_flags); + *creds_out = creds; return True; } @@ -192,17 +214,23 @@ BOOL test_SetupCredentials3(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, uint32_t negotiate_flags, const char *machine_name, const char *plain_pass, - struct creds_CredentialState *creds) + struct creds_CredentialState **creds_out) { NTSTATUS status; struct netr_ServerReqChallenge r; struct netr_ServerAuthenticate3 a; struct netr_Credential credentials1, credentials2, credentials3; + struct creds_CredentialState *creds; struct samr_Password mach_password; uint32_t rid; printf("Testing ServerReqChallenge\n"); + creds = talloc(mem_ctx, struct creds_CredentialState); + if (!creds) { + return False; + } + r.in.server_name = NULL; r.in.computer_name = machine_name; r.in.credentials = &credentials1; @@ -228,7 +256,11 @@ BOOL test_SetupCredentials3(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, a.out.negotiate_flags = &negotiate_flags; a.out.rid = &rid; - creds_client_init(creds, &credentials1, &credentials2, &mach_password, &credentials3, + creds_client_init(creds, &credentials1, &credentials2, + machine_name, + lp_workgroup(), + a.in.account_name, + &mach_password, &credentials3, negotiate_flags); printf("Testing ServerAuthenticate3\n"); @@ -246,6 +278,7 @@ BOOL test_SetupCredentials3(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, printf("negotiate_flags=0x%08x\n", negotiate_flags); + *creds_out = creds; return True; } @@ -257,7 +290,7 @@ static BOOL test_SetPassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) NTSTATUS status; struct netr_ServerPasswordSet r; const char *password; - struct creds_CredentialState creds; + struct creds_CredentialState *creds; if (!test_SetupCredentials(p, mem_ctx, TEST_MACHINE_NAME, machine_password, &creds)) { @@ -272,7 +305,7 @@ static BOOL test_SetPassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) password = ""; E_md4hash(password, r.in.new_password.hash); - creds_des_encrypt(&creds, &r.in.new_password); + creds_des_encrypt(creds, &r.in.new_password); /* by changing the machine password to "" * we check if the server uses password restrictions * for ServerPasswordSet2 @@ -281,7 +314,7 @@ static BOOL test_SetPassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) printf("Testing a second ServerPasswordSet on machine account\n"); printf("Changing machine account password to '%s'\n", password); - creds_client_authenticator(&creds, &r.in.credential); + creds_client_authenticator(creds, &r.in.credential); status = dcerpc_netr_ServerPasswordSet(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { @@ -289,7 +322,7 @@ static BOOL test_SetPassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) return False; } - if (!creds_client_check(&creds, &r.out.return_authenticator.cred)) { + if (!creds_client_check(creds, &r.out.return_authenticator.cred)) { printf("Credential chaining failed\n"); } @@ -303,12 +336,12 @@ static BOOL test_SetPassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) password = generate_random_str(mem_ctx, 8); E_md4hash(password, r.in.new_password.hash); - creds_des_encrypt(&creds, &r.in.new_password); + creds_des_encrypt(creds, &r.in.new_password); printf("Testing ServerPasswordSet on machine account\n"); printf("Changing machine account password to '%s'\n", password); - creds_client_authenticator(&creds, &r.in.credential); + creds_client_authenticator(creds, &r.in.credential); status = dcerpc_netr_ServerPasswordSet(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { @@ -316,7 +349,7 @@ static BOOL test_SetPassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) return False; } - if (!creds_client_check(&creds, &r.out.return_authenticator.cred)) { + if (!creds_client_check(creds, &r.out.return_authenticator.cred)) { printf("Credential chaining failed\n"); } @@ -327,7 +360,7 @@ static BOOL test_SetPassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) printf("Testing a second ServerPasswordSet on machine account\n"); printf("Changing machine account password to '%s' (same as previous run)\n", password); - creds_client_authenticator(&creds, &r.in.credential); + creds_client_authenticator(creds, &r.in.credential); status = dcerpc_netr_ServerPasswordSet(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { @@ -335,7 +368,7 @@ static BOOL test_SetPassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) return False; } - if (!creds_client_check(&creds, &r.out.return_authenticator.cred)) { + if (!creds_client_check(creds, &r.out.return_authenticator.cred)) { printf("Credential chaining failed\n"); } @@ -357,7 +390,7 @@ static BOOL test_SetPassword2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) NTSTATUS status; struct netr_ServerPasswordSet2 r; const char *password; - struct creds_CredentialState creds; + struct creds_CredentialState *creds; if (!test_SetupCredentials(p, mem_ctx, TEST_MACHINE_NAME, machine_password, &creds)) { @@ -371,7 +404,7 @@ static BOOL test_SetPassword2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) password = ""; encode_pw_buffer(r.in.new_password.data, password, STR_UNICODE); - creds_arcfour_crypt(&creds, r.in.new_password.data, 516); + creds_arcfour_crypt(creds, r.in.new_password.data, 516); /* by changing the machine password to "" * we check if the server uses password restrictions @@ -381,7 +414,7 @@ static BOOL test_SetPassword2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) printf("Testing a second ServerPasswordSet2 on machine account\n"); printf("Changing machine account password to '%s'\n", password); - creds_client_authenticator(&creds, &r.in.credential); + creds_client_authenticator(creds, &r.in.credential); status = dcerpc_netr_ServerPasswordSet2(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { @@ -389,7 +422,7 @@ static BOOL test_SetPassword2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) return False; } - if (!creds_client_check(&creds, &r.out.return_authenticator.cred)) { + if (!creds_client_check(creds, &r.out.return_authenticator.cred)) { printf("Credential chaining failed\n"); } @@ -403,12 +436,12 @@ static BOOL test_SetPassword2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) /* now try a random password */ password = generate_random_str(mem_ctx, 8); encode_pw_buffer(r.in.new_password.data, password, STR_UNICODE); - creds_arcfour_crypt(&creds, r.in.new_password.data, 516); + creds_arcfour_crypt(creds, r.in.new_password.data, 516); printf("Testing ServerPasswordSet2 on machine account\n"); printf("Changing machine account password to '%s'\n", password); - creds_client_authenticator(&creds, &r.in.credential); + creds_client_authenticator(creds, &r.in.credential); status = dcerpc_netr_ServerPasswordSet2(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { @@ -416,7 +449,7 @@ static BOOL test_SetPassword2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) return False; } - if (!creds_client_check(&creds, &r.out.return_authenticator.cred)) { + if (!creds_client_check(creds, &r.out.return_authenticator.cred)) { printf("Credential chaining failed\n"); } @@ -427,7 +460,7 @@ static BOOL test_SetPassword2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) printf("Testing a second ServerPasswordSet2 on machine account\n"); printf("Changing machine account password to '%s' (same as previous run)\n", password); - creds_client_authenticator(&creds, &r.in.credential); + creds_client_authenticator(creds, &r.in.credential); status = dcerpc_netr_ServerPasswordSet2(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { @@ -435,7 +468,7 @@ static BOOL test_SetPassword2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) return False; } - if (!creds_client_check(&creds, &r.out.return_authenticator.cred)) { + if (!creds_client_check(creds, &r.out.return_authenticator.cred)) { printf("Credential chaining failed\n"); } @@ -460,7 +493,7 @@ static BOOL test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) struct netr_NetworkInfo ninfo; const char *username = lp_parm_string(-1, "torture", "username"); const char *password = lp_parm_string(-1, "torture", "password"); - struct creds_CredentialState creds; + struct creds_CredentialState *creds; int i; BOOL ret = True; @@ -494,7 +527,7 @@ static BOOL test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) for (i=2;i<=3;i++) { ZERO_STRUCT(auth2); - creds_client_authenticator(&creds, &auth); + creds_client_authenticator(creds, &auth); r.in.validation_level = i; @@ -506,7 +539,7 @@ static BOOL test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) ret = False; } - if (!creds_client_check(&creds, &r.out.return_authenticator->cred)) { + if (!creds_client_check(creds, &r.out.return_authenticator->cred)) { printf("Credential chaining failed\n"); } } @@ -540,7 +573,7 @@ static BOOL test_DatabaseSync(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) { NTSTATUS status; struct netr_DatabaseSync r; - struct creds_CredentialState creds; + struct creds_CredentialState *creds; const uint32_t database_ids[] = {SAM_DATABASE_DOMAIN, SAM_DATABASE_BUILTIN, SAM_DATABASE_PRIVS}; int i; BOOL ret = True; @@ -561,7 +594,7 @@ static BOOL test_DatabaseSync(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) printf("Testing DatabaseSync of id %d\n", r.in.database_id); do { - creds_client_authenticator(&creds, &r.in.credential); + creds_client_authenticator(creds, &r.in.credential); status = dcerpc_netr_DatabaseSync(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status) && @@ -571,7 +604,7 @@ static BOOL test_DatabaseSync(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) break; } - if (!creds_client_check(&creds, &r.out.return_authenticator.cred)) { + if (!creds_client_check(creds, &r.out.return_authenticator.cred)) { printf("Credential chaining failed\n"); } @@ -601,7 +634,7 @@ static BOOL test_DatabaseDeltas(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) { NTSTATUS status; struct netr_DatabaseDeltas r; - struct creds_CredentialState creds; + struct creds_CredentialState *creds; const uint32_t database_ids[] = {0, 1, 2}; int i; BOOL ret = True; @@ -628,7 +661,7 @@ static BOOL test_DatabaseDeltas(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) r.in.database_id, r.in.sequence_num); do { - creds_client_authenticator(&creds, &r.in.credential); + creds_client_authenticator(creds, &r.in.credential); status = dcerpc_netr_DatabaseDeltas(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status) && @@ -638,7 +671,7 @@ static BOOL test_DatabaseDeltas(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) break; } - if (!creds_client_check(&creds, &r.out.return_authenticator.cred)) { + if (!creds_client_check(creds, &r.out.return_authenticator.cred)) { printf("Credential chaining failed\n"); } @@ -657,7 +690,7 @@ static BOOL test_AccountDeltas(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) { NTSTATUS status; struct netr_AccountDeltas r; - struct creds_CredentialState creds; + struct creds_CredentialState *creds; BOOL ret = True; if (!test_SetupCredentials(p, mem_ctx, TEST_MACHINE_NAME, machine_password, &creds)) { @@ -667,7 +700,7 @@ static BOOL test_AccountDeltas(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) r.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p)); r.in.computername = TEST_MACHINE_NAME; ZERO_STRUCT(r.in.return_authenticator); - creds_client_authenticator(&creds, &r.in.credential); + creds_client_authenticator(creds, &r.in.credential); ZERO_STRUCT(r.in.uas); r.in.count=10; r.in.level=0; @@ -692,7 +725,7 @@ static BOOL test_AccountSync(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) { NTSTATUS status; struct netr_AccountSync r; - struct creds_CredentialState creds; + struct creds_CredentialState *creds; BOOL ret = True; if (!test_SetupCredentials(p, mem_ctx, TEST_MACHINE_NAME, machine_password, &creds)) { @@ -702,7 +735,7 @@ static BOOL test_AccountSync(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) r.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p)); r.in.computername = TEST_MACHINE_NAME; ZERO_STRUCT(r.in.return_authenticator); - creds_client_authenticator(&creds, &r.in.credential); + creds_client_authenticator(creds, &r.in.credential); ZERO_STRUCT(r.in.recordid); r.in.reference=0; r.in.level=0; @@ -886,7 +919,7 @@ static BOOL test_DatabaseSync2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) { NTSTATUS status; struct netr_DatabaseSync2 r; - struct creds_CredentialState creds; + struct creds_CredentialState *creds; const uint32_t database_ids[] = {0, 1, 2}; int i; BOOL ret = True; @@ -910,7 +943,7 @@ static BOOL test_DatabaseSync2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) printf("Testing DatabaseSync2 of id %d\n", r.in.database_id); do { - creds_client_authenticator(&creds, &r.in.credential); + creds_client_authenticator(creds, &r.in.credential); status = dcerpc_netr_DatabaseSync2(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status) && @@ -920,7 +953,7 @@ static BOOL test_DatabaseSync2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) break; } - if (!creds_client_check(&creds, &r.out.return_authenticator.cred)) { + if (!creds_client_check(creds, &r.out.return_authenticator.cred)) { printf("Credential chaining failed\n"); } @@ -1082,7 +1115,7 @@ static BOOL test_GetDomainInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) struct netr_LogonGetDomainInfo r; struct netr_DomainQuery1 q1; struct netr_Authenticator a; - struct creds_CredentialState creds; + struct creds_CredentialState *creds; if (!test_SetupCredentials3(p, mem_ctx, NETLOGON_NEG_AUTH2_ADS_FLAGS, TEST_MACHINE_NAME, machine_password, &creds)) { @@ -1091,7 +1124,7 @@ static BOOL test_GetDomainInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) ZERO_STRUCT(r); - creds_client_authenticator(&creds, &a); + creds_client_authenticator(creds, &a); r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p)); r.in.computer_name = TEST_MACHINE_NAME; @@ -1119,7 +1152,7 @@ static BOOL test_GetDomainInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) return False; } - if (!creds_client_check(&creds, &a.cred)) { + if (!creds_client_check(creds, &a.cred)) { printf("Credential chaining failed\n"); return False; } @@ -1143,8 +1176,8 @@ static BOOL test_GetDomainInfo_async(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) struct netr_DomainQuery1 q1; struct netr_Authenticator a; #define ASYNC_COUNT 100 - struct creds_CredentialState creds; - struct creds_CredentialState creds_async[ASYNC_COUNT]; + struct creds_CredentialState *creds; + struct creds_CredentialState *creds_async[ASYNC_COUNT]; struct rpc_request *req[ASYNC_COUNT]; int i; int *async_counter = talloc(mem_ctx, int); @@ -1183,9 +1216,9 @@ static BOOL test_GetDomainInfo_async(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) *async_counter = 0; for (i=0;i<ASYNC_COUNT;i++) { - creds_client_authenticator(&creds, &a); + creds_client_authenticator(creds, &a); - creds_async[i] = creds; + creds_async[i] = talloc_memdup(creds, creds, sizeof(*creds)); req[i] = dcerpc_netr_LogonGetDomainInfo_send(p, mem_ctx, &r); req[i]->async.callback = async_callback; @@ -1206,7 +1239,7 @@ static BOOL test_GetDomainInfo_async(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) break; } - if (!creds_client_check(&creds_async[i], &a.cred)) { + if (!creds_client_check(creds_async[i], &a.cred)) { printf("Credential chaining failed at async %d\n", i); break; } @@ -1220,6 +1253,7 @@ static BOOL test_GetDomainInfo_async(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) static BOOL test_ManyGetDCName(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) { NTSTATUS status; + struct dcerpc_binding *b; struct dcerpc_pipe *p2; struct lsa_ObjectAttribute attr; struct lsa_QosInfo qos; @@ -1240,15 +1274,25 @@ static BOOL test_ManyGetDCName(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) printf("Torturing GetDCName\n"); - status = dcerpc_secondary_connection(p, &p2, - DCERPC_LSARPC_NAME, - DCERPC_LSARPC_UUID, - DCERPC_LSARPC_VERSION); + status = dcerpc_parse_binding(mem_ctx, p->conn->binding_string, &b); + if (!NT_STATUS_IS_OK(status)) { + printf("Failed to parse dcerpc binding '%s'\n", p->conn->binding_string); + return False; + } + + status = dcerpc_secondary_connection(p, &p2, b); if (!NT_STATUS_IS_OK(status)) { printf("Failed to create secondary connection\n"); return False; } + status = dcerpc_bind_auth_none(p2, DCERPC_LSARPC_UUID, + DCERPC_LSARPC_VERSION); + if (!NT_STATUS_IS_OK(status)) { + printf("Failed to create bind on secondary connection\n"); + return False; + } + qos.len = 0; qos.impersonation_level = 2; qos.context_mode = 1; diff --git a/source4/torture/rpc/samlogon.c b/source4/torture/rpc/samlogon.c index 4fe7903332..e08eaca22e 100644 --- a/source4/torture/rpc/samlogon.c +++ b/source4/torture/rpc/samlogon.c @@ -28,6 +28,7 @@ #include "lib/crypto/crypto.h" #define TEST_MACHINE_NAME "samlogontest" +#define TEST_USER_NAME "samlogontestuser" enum ntlm_break { BREAK_BOTH, @@ -1067,6 +1068,7 @@ static const struct ntlm_tests { static BOOL test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct creds_CredentialState *creds, const char *account_domain, const char *account_name, + const char *plain_pass, int n_subtests) { int i, v, l, f; @@ -1084,7 +1086,7 @@ static BOOL test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, samlogon_state.mem_ctx = mem_ctx; samlogon_state.account_name = account_name; samlogon_state.account_domain = account_domain; - samlogon_state.password = lp_parm_string(-1, "torture", "password"); + samlogon_state.password = plain_pass; samlogon_state.p = p; samlogon_state.creds = creds; @@ -1149,13 +1151,13 @@ static BOOL test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, */ static BOOL test_InteractiveLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct creds_CredentialState *creds, - const char *account_domain, const char *account_name) + const char *account_domain, const char *account_name, + const char *plain_pass) { NTSTATUS status; struct netr_LogonSamLogonWithFlags r; struct netr_Authenticator a, ra; struct netr_PasswordInfo pinfo; - const char *plain_pass; ZERO_STRUCT(a); ZERO_STRUCT(r); @@ -1179,8 +1181,6 @@ static BOOL test_InteractiveLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, pinfo.identity_info.account_name.string = account_name; pinfo.identity_info.workstation.string = TEST_MACHINE_NAME; - plain_pass = lp_parm_string(-1, "torture", "password"); - E_deshash(plain_pass, pinfo.lmpassword.hash); E_md4hash(plain_pass, pinfo.ntpassword.hash); @@ -1195,13 +1195,13 @@ static BOOL test_InteractiveLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, printf("Testing netr_LogonSamLogonWithFlags (Interactive Logon)\n"); status = dcerpc_netr_LogonSamLogonWithFlags(p, mem_ctx, &r); - if (!NT_STATUS_IS_OK(status)) { - printf("netr_LogonSamLogonWithFlags - %s\n", nt_errstr(status)); + if (!r.out.return_authenticator || !creds_client_check(creds, &r.out.return_authenticator->cred)) { + printf("Credential chaining failed\n"); return False; } - if (!creds_client_check(creds, &r.out.return_authenticator->cred)) { - printf("Credential chaining failed\n"); + if (!NT_STATUS_IS_OK(status)) { + printf("netr_LogonSamLogonWithFlags - %s\n", nt_errstr(status)); return False; } @@ -1214,14 +1214,20 @@ BOOL torture_rpc_samlogon(void) { NTSTATUS status; struct dcerpc_pipe *p; - struct dcerpc_binding b; - TALLOC_CTX *mem_ctx; + struct dcerpc_binding *b; + TALLOC_CTX *mem_ctx = talloc_init("torture_rpc_netlogon"); BOOL ret = True; - void *join_ctx; + struct test_join *join_ctx; +#if 0 + struct test_join *user_ctx; + const char *user_password; +#endif + char *test_machine_account; const char *machine_password; const char *binding = lp_parm_string(-1, "torture", "binding"); int i; - + int ci; + unsigned int credential_flags[] = { NETLOGON_NEG_AUTH2_FLAGS, NETLOGON_NEG_ARCFOUR, @@ -1232,17 +1238,88 @@ BOOL torture_rpc_samlogon(void) struct creds_CredentialState *creds; - mem_ctx = talloc_init("torture_rpc_netlogon"); - + struct { + const char *domain; + const char *username; + const char *password; + BOOL network_login; + } usercreds[] = { + { + lp_parm_string(-1, "torture", "userdomain"), + lp_parm_string(-1, "torture", "username"), + lp_parm_string(-1, "torture", "password"), + True + }, + { + NULL, + talloc_asprintf(mem_ctx, + "%s@%s", + lp_parm_string(-1, "torture", "username"), + lp_parm_string(-1, "torture", "userdomain")), + lp_parm_string(-1, "torture", "password"), + False + }, + { + NULL, + talloc_asprintf(mem_ctx, + "%s@%s", + lp_parm_string(-1, "torture", "username"), + lp_realm()), + lp_parm_string(-1, "torture", "password"), + True + }, +#if 0 + { + lp_parm_string(-1, "torture", "userdomain"), + TEST_USER_NAME, + NULL, + True + }, + { + NULL, + talloc_asprintf(mem_ctx, + "%s@%s", + TEST_USER_NAME, + lp_realm()), + NULL, + True + }, + { + NULL, + talloc_asprintf(mem_ctx, + "%s@%s", + TEST_USER_NAME, + lp_parm_string(-1, "torture", "userdomain")), + NULL, + False + } +#endif + }; + + test_machine_account = talloc_asprintf(mem_ctx, "%s$", TEST_MACHINE_NAME); /* We only need to join as a workstation here, and in future, * if we wish to test against trusted domains, we must be a * workstation here */ - join_ctx = torture_join_domain(TEST_MACHINE_NAME, lp_workgroup(), ACB_WSTRUST, - &machine_password); + join_ctx = torture_create_testuser(test_machine_account, lp_workgroup(), ACB_WSTRUST, + &machine_password); if (!join_ctx) { printf("Failed to join as Workstation\n"); return False; } +#if 0 + user_ctx = torture_create_testuser(TEST_USER_NAME, + lp_parm_string(-1, "torture", "userdomain"), + ACB_NORMAL, + &user_password); + if (!user_ctx) { + printf("Failed to join as Workstation\n"); + return False; + } + + usercreds[3].password = user_password; + usercreds[4].password = user_password; + usercreds[5].password = user_password; +#endif status = dcerpc_parse_binding(mem_ctx, binding, &b); if (!NT_STATUS_IS_OK(status)) { @@ -1254,14 +1331,15 @@ BOOL torture_rpc_samlogon(void) /* We have to use schannel, otherwise the SamLogonEx fails * with INTERNAL_ERROR */ - b.flags &= ~DCERPC_AUTH_OPTIONS; - b.flags |= DCERPC_SCHANNEL_WORKSTATION | DCERPC_SIGN | DCERPC_SCHANNEL_128; + b->flags &= ~DCERPC_AUTH_OPTIONS; + b->flags |= DCERPC_SCHANNEL_WORKSTATION | DCERPC_SIGN | DCERPC_SCHANNEL_128; - status = dcerpc_pipe_connect_b(&p, &b, + status = dcerpc_pipe_connect_b(&p, b, DCERPC_NETLOGON_UUID, DCERPC_NETLOGON_VERSION, - lp_workgroup(), TEST_MACHINE_NAME, + lp_workgroup(), + test_machine_account, machine_password); if (!NT_STATUS_IS_OK(status)) { @@ -1275,91 +1353,46 @@ BOOL torture_rpc_samlogon(void) goto failed; } - if (!test_InteractiveLogon(p, mem_ctx, creds, - lp_parm_string(-1, "torture", "userdomain"), - lp_parm_string(-1, "torture", "username"))) { - ret = False; - } - - if (!test_SamLogon(p, mem_ctx, creds, - lp_parm_string(-1, "torture", "userdomain"), - lp_parm_string(-1, "torture", "username"), - 0)) { - ret = False; - } - - if (!test_InteractiveLogon(p, mem_ctx, creds, - NULL, - talloc_asprintf(mem_ctx, - "%s@%s", - lp_parm_string(-1, "torture", "username"), - lp_parm_string(-1, "torture", "userdomain")))) { - ret = False; - } - - if (!test_InteractiveLogon(p, mem_ctx, creds, - NULL, - talloc_asprintf(mem_ctx, - "%s@%s", - lp_parm_string(-1, "torture", "username"), - lp_realm()))) { - ret = False; - } - - if (!test_SamLogon(p, mem_ctx, creds, - NULL, - talloc_asprintf(mem_ctx, - "%s@%s", - lp_parm_string(-1, "torture", "username"), - lp_realm()), - 0)) { - ret = False; - } - - if (!test_SamLogon(p, mem_ctx, creds, - NULL, - talloc_asprintf(mem_ctx, - "%s@%s", - lp_parm_string(-1, "torture", "username"), - lp_realm()), - 0)) { - ret = False; - } - - for (i=0; i < ARRAY_SIZE(credential_flags); i++) { - - if (!test_SetupCredentials2(p, mem_ctx, credential_flags[i], - TEST_MACHINE_NAME, machine_password, - SEC_CHAN_WKSTA, creds)) { - return False; - } + for (ci = 0; ci < ARRAY_SIZE(usercreds); ci++) { if (!test_InteractiveLogon(p, mem_ctx, creds, - NULL, - talloc_asprintf(mem_ctx, - "%s@%s", - lp_parm_string(-1, "torture", "username"), - lp_parm_string(-1, "torture", "userdomain")))) { + usercreds[ci].domain, + usercreds[ci].username, + usercreds[ci].password)) { ret = False; } - if (!test_InteractiveLogon(p, mem_ctx, creds, - NULL, - talloc_asprintf(mem_ctx, - "%s@%s", - lp_parm_string(-1, "torture", "username"), - lp_realm()))) { - ret = False; + if (usercreds[ci].network_login) { + if (!test_SamLogon(p, mem_ctx, creds, + usercreds[ci].domain, + usercreds[ci].username, + usercreds[ci].password, + 0)) { + ret = False; + } } + } + + for (i=0; i < ARRAY_SIZE(credential_flags); i++) { - if (!test_SamLogon(p, mem_ctx, creds, - NULL, - talloc_asprintf(mem_ctx, - "%s@%s", - lp_parm_string(-1, "torture", "username"), - lp_realm()), - 1)) { - ret = False; + for (ci = 0; ci < ARRAY_SIZE(usercreds); ci++) { + + if (!test_InteractiveLogon(p, mem_ctx, creds, + usercreds[ci].domain, + usercreds[ci].username, + usercreds[ci].password)) { + ret = False; + } + + if (usercreds[ci].network_login) { + if (!test_SamLogon(p, mem_ctx, creds, + usercreds[ci].domain, + usercreds[ci].username, + usercreds[ci].password, + 1)) { + ret = False; + } + } } } @@ -1369,6 +1402,8 @@ failed: torture_rpc_close(p); torture_leave_domain(join_ctx); - +#if 0 + torture_leave_domain(user_ctx); +#endif return ret; } diff --git a/source4/torture/rpc/samsync.c b/source4/torture/rpc/samsync.c index cd39b625c3..505e331d19 100644 --- a/source4/torture/rpc/samsync.c +++ b/source4/torture/rpc/samsync.c @@ -1284,10 +1284,10 @@ BOOL torture_rpc_samsync(void) struct test_join *join_ctx2; struct test_join *user_ctx; const char *machine_password; - const char *machine_password2; + const char *wksta_machine_password; const char *binding = lp_parm_string(-1, "torture", "binding"); - struct dcerpc_binding b; - struct dcerpc_binding b_netlogon_wksta; + struct dcerpc_binding *b; + struct dcerpc_binding *b_netlogon_wksta; struct samr_Connect c; struct samr_SetDomainInfo s; struct policy_handle *domain_policy; @@ -1298,17 +1298,23 @@ BOOL torture_rpc_samsync(void) struct samsync_state *samsync_state; + char *test_machine_account; + + char *test_wksta_machine_account; + mem_ctx = talloc_init("torture_rpc_netlogon"); - join_ctx = torture_join_domain(TEST_MACHINE_NAME, lp_workgroup(), ACB_SVRTRUST, - &machine_password); + test_machine_account = talloc_asprintf(mem_ctx, "%s$", TEST_MACHINE_NAME); + join_ctx = torture_create_testuser(test_machine_account, lp_workgroup(), ACB_SVRTRUST, + &machine_password); if (!join_ctx) { printf("Failed to join as BDC\n"); return False; } - join_ctx2 = torture_join_domain(TEST_WKSTA_MACHINE_NAME, lp_workgroup(), ACB_WSTRUST, - &machine_password2); + test_wksta_machine_account = talloc_asprintf(mem_ctx, "%s$", TEST_WKSTA_MACHINE_NAME); + join_ctx2 = torture_create_testuser(test_wksta_machine_account, lp_workgroup(), ACB_WSTRUST, + &wksta_machine_password); if (!join_ctx2) { printf("Failed to join as member\n"); return False; @@ -1409,17 +1415,19 @@ BOOL torture_rpc_samsync(void) goto failed; } - b.flags &= ~DCERPC_AUTH_OPTIONS; - b.flags |= DCERPC_SCHANNEL_BDC | DCERPC_SIGN; + b->flags &= ~DCERPC_AUTH_OPTIONS; + b->flags |= DCERPC_SCHANNEL_BDC | DCERPC_SIGN; - status = dcerpc_pipe_connect_b(&samsync_state->p, &b, + status = dcerpc_pipe_connect_b(&samsync_state->p, b, DCERPC_NETLOGON_UUID, DCERPC_NETLOGON_VERSION, - lp_workgroup(), TEST_MACHINE_NAME, + lp_workgroup(), + test_machine_account, machine_password); if (!NT_STATUS_IS_OK(status)) { + printf("Failed to connect to server as a BDC: %s\n", nt_errstr(status)); ret = False; goto failed; } @@ -1438,17 +1446,20 @@ BOOL torture_rpc_samsync(void) goto failed; } - b_netlogon_wksta.flags &= ~DCERPC_AUTH_OPTIONS; - b_netlogon_wksta.flags |= DCERPC_SCHANNEL_WORKSTATION | DCERPC_SIGN; + b_netlogon_wksta->flags &= ~DCERPC_AUTH_OPTIONS; + b_netlogon_wksta->flags |= DCERPC_SCHANNEL_WORKSTATION | DCERPC_SIGN; - status = dcerpc_pipe_connect_b(&samsync_state->p_netlogon_wksta, &b_netlogon_wksta, + status = dcerpc_pipe_connect_b(&samsync_state->p_netlogon_wksta, + b_netlogon_wksta, DCERPC_NETLOGON_UUID, DCERPC_NETLOGON_VERSION, - lp_workgroup(), TEST_WKSTA_MACHINE_NAME, - machine_password2); + lp_workgroup(), + test_wksta_machine_account, + wksta_machine_password); if (!NT_STATUS_IS_OK(status)) { + printf("Failed to connect to server as a Workstation: %s\n", nt_errstr(status)); ret = False; goto failed; } diff --git a/source4/torture/rpc/scanner.c b/source4/torture/rpc/scanner.c index a0ebf9d642..3d78d7a888 100644 --- a/source4/torture/rpc/scanner.c +++ b/source4/torture/rpc/scanner.c @@ -136,7 +136,7 @@ BOOL torture_rpc_scanner(void) BOOL ret = True; const struct dcerpc_interface_list *l; const char *binding = lp_parm_string(-1, "torture", "binding"); - struct dcerpc_binding b; + struct dcerpc_binding *b; mem_ctx = talloc_init("torture_rpc_scanner"); @@ -160,8 +160,8 @@ BOOL torture_rpc_scanner(void) printf("\nTesting pipe '%s'\n", l->table->name); - if (b.transport == NCACN_IP_TCP) { - status = dcerpc_epm_map_binding(mem_ctx, &b, + if (b->transport == NCACN_IP_TCP) { + status = dcerpc_epm_map_binding(mem_ctx, b, l->table->uuid, l->table->if_version); if (!NT_STATUS_IS_OK(status)) { @@ -169,10 +169,10 @@ BOOL torture_rpc_scanner(void) continue; } } else { - b.endpoint = l->table->name; + b->endpoint = talloc_strdup(b, l->table->name); } - lp_set_cmdline("torture:binding", dcerpc_binding_string(mem_ctx, &b)); + lp_set_cmdline("torture:binding", dcerpc_binding_string(mem_ctx, b)); status = torture_rpc_connection(&p, l->table->name, diff --git a/source4/torture/rpc/schannel.c b/source4/torture/rpc/schannel.c index 820dfaf4a5..1b10e2a4f2 100644 --- a/source4/torture/rpc/schannel.c +++ b/source4/torture/rpc/schannel.c @@ -93,6 +93,8 @@ static BOOL test_netlogon_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, r.in.logon_level = 2; r.in.logon.network = &ninfo; + printf("Testing LogonSamLogon with name %s\n", username); + for (i=2;i<3;i++) { ZERO_STRUCT(auth2); creds_client_authenticator(creds, &auth); @@ -121,13 +123,14 @@ static BOOL test_schannel(TALLOC_CTX *mem_ctx, const char *machine_password; NTSTATUS status; const char *binding = lp_parm_string(-1, "torture", "binding"); - struct dcerpc_binding b; + struct dcerpc_binding *b; struct dcerpc_pipe *p = NULL; struct dcerpc_pipe *p_netlogon = NULL; struct creds_CredentialState *creds; + char *test_machine_account = talloc_asprintf(NULL, "%s$", TEST_MACHINE_NAME); - join_ctx = torture_join_domain(TEST_MACHINE_NAME, lp_workgroup(), acct_flags, - &machine_password); + join_ctx = torture_create_testuser(test_machine_account, lp_workgroup(), + acct_flags, &machine_password); if (!join_ctx) { printf("Failed to join domain with acct_flags=0x%x\n", acct_flags); return False; @@ -139,17 +142,18 @@ static BOOL test_schannel(TALLOC_CTX *mem_ctx, goto failed; } - b.flags &= ~DCERPC_AUTH_OPTIONS; - b.flags |= dcerpc_flags; + b->flags &= ~DCERPC_AUTH_OPTIONS; + b->flags |= dcerpc_flags; - status = dcerpc_pipe_connect_b(&p, &b, + status = dcerpc_pipe_connect_b(&p, b, DCERPC_SAMR_UUID, DCERPC_SAMR_VERSION, - lp_workgroup(), TEST_MACHINE_NAME, + lp_workgroup(), + test_machine_account, machine_password); if (!NT_STATUS_IS_OK(status)) { - printf("Failed to connect with schannel\n"); + printf("Failed to connect with schannel: %s\n", nt_errstr(status)); goto failed; } @@ -158,27 +162,33 @@ static BOOL test_schannel(TALLOC_CTX *mem_ctx, goto failed; } - - status = dcerpc_parse_binding(mem_ctx, binding, &b); + status = dcerpc_schannel_creds(p->conn->security_state.generic_state, mem_ctx, &creds); if (!NT_STATUS_IS_OK(status)) { - printf("Bad binding string %s\n", binding); goto failed; } - /* Also test that when we connect to the netlogon pipe, that * the credentials we setup on the first pipe are valid for * the second */ - b.flags &= ~DCERPC_AUTH_OPTIONS; - b.flags |= dcerpc_flags; + /* Swap the binding details from SAMR to NETLOGON */ + status = dcerpc_epm_map_binding(mem_ctx, b, DCERPC_NETLOGON_UUID, + DCERPC_NETLOGON_VERSION); + if (!NT_STATUS_IS_OK(status)) { + goto failed; + } + + status = dcerpc_secondary_connection(p, &p_netlogon, + b); - status = dcerpc_pipe_connect_b(&p_netlogon, &b, - DCERPC_NETLOGON_UUID, - DCERPC_NETLOGON_VERSION, - lp_workgroup(), - TEST_MACHINE_NAME, - machine_password); + if (!NT_STATUS_IS_OK(status)) { + goto failed; + } + + status = dcerpc_bind_auth_schannel_withkey(p_netlogon, + DCERPC_NETLOGON_UUID, + DCERPC_NETLOGON_VERSION, + creds); if (!NT_STATUS_IS_OK(status)) { goto failed; diff --git a/source4/torture/rpc/spoolss.c b/source4/torture/rpc/spoolss.c index 7a9d8c3635..e5c827afaa 100644 --- a/source4/torture/rpc/spoolss.c +++ b/source4/torture/rpc/spoolss.c @@ -705,6 +705,7 @@ static BOOL test_SecondaryClosePrinter(struct dcerpc_pipe *p, TALLOC_CTX *mem_ct struct policy_handle *handle) { NTSTATUS status; + struct dcerpc_binding *b; struct dcerpc_pipe *p2; BOOL ret = True; @@ -715,15 +716,27 @@ static BOOL test_SecondaryClosePrinter(struct dcerpc_pipe *p, TALLOC_CTX *mem_ct printf("testing close on secondary pipe\n"); - status = dcerpc_secondary_connection(p, &p2, - DCERPC_SPOOLSS_NAME, - DCERPC_SPOOLSS_UUID, - DCERPC_SPOOLSS_VERSION); + status = dcerpc_parse_binding(mem_ctx, p->conn->binding_string, &b); + if (!NT_STATUS_IS_OK(status)) { + printf("Failed to parse dcerpc binding '%s'\n", p->conn->binding_string); + return False; + } + + status = dcerpc_secondary_connection(p, &p2, b); if (!NT_STATUS_IS_OK(status)) { printf("Failed to create secondary connection\n"); return False; } + status = dcerpc_bind_auth_none(p2, DCERPC_SPOOLSS_UUID, + DCERPC_SPOOLSS_VERSION); + if (!NT_STATUS_IS_OK(status)) { + printf("Failed to create bind on secondary connection\n"); + dcerpc_pipe_close(p2); + + return False; + } + if (test_ClosePrinter(p2, mem_ctx, handle)) { printf("ERROR: Allowed close on secondary connection!\n"); ret = False; diff --git a/source4/torture/rpc/testjoin.c b/source4/torture/rpc/testjoin.c index 891bbcaf10..2d96116c0d 100644 --- a/source4/torture/rpc/testjoin.c +++ b/source4/torture/rpc/testjoin.c @@ -232,7 +232,7 @@ again: s.in.level = 21; u.info21.acct_flags = acct_type; - u.info21.fields_present = SAMR_FIELD_ACCT_FLAGS | SAMR_FIELD_COMMENT | SAMR_FIELD_FULL_NAME; + u.info21.fields_present = SAMR_FIELD_ACCT_FLAGS | SAMR_FIELD_DESCRIPTION | SAMR_FIELD_COMMENT | SAMR_FIELD_FULL_NAME; comment.string = talloc_asprintf(join, "Tortured by Samba4: %s", timestring(join, time(NULL))); @@ -242,6 +242,10 @@ again: timestring(join, time(NULL))); u.info21.full_name = full_name; + u.info21.description.string = talloc_asprintf(join, + "Samba4 torture account created by host %s: %s", + lp_netbios_name(), timestring(join, time(NULL))); + printf("Resetting ACB flags, force pw change time\n"); status = dcerpc_samr_SetUserInfo(join->p, join, &s); diff --git a/source4/torture/rpc/xplogin.c b/source4/torture/rpc/xplogin.c index c64825852c..cf42f938c1 100644 --- a/source4/torture/rpc/xplogin.c +++ b/source4/torture/rpc/xplogin.c @@ -180,7 +180,7 @@ static NTSTATUS connect_to_pipe(struct dcerpc_pipe **pp, uint32_t pipe_version) { const char *binding = lp_parm_string(-1, "torture", "binding"); - struct dcerpc_binding b; + struct dcerpc_binding *b; NTSTATUS status; struct dcerpc_pipe *p; TALLOC_CTX *tmp_ctx; @@ -205,46 +205,23 @@ static NTSTATUS connect_to_pipe(struct dcerpc_pipe **pp, return status; } - DEBUG(3,("Using binding %s\n", dcerpc_binding_string(tmp_ctx, &b))); + DEBUG(3,("Using binding %s\n", dcerpc_binding_string(tmp_ctx, b))); - if (b.endpoint == NULL) { - const struct dcerpc_interface_table *table = - idl_iface_by_uuid(pipe_uuid); - struct dcerpc_binding default_binding; - int i; - - if (!table) { - DEBUG(0,("Unknown interface endpoint '%s'\n", - pipe_uuid)); - talloc_free(tmp_ctx); - return NT_STATUS_INVALID_PARAMETER; - } - - /* Find one of the default pipes for this interface */ - for (i = 0; i < table->endpoints->count; i++) { - const char * const *names = table->endpoints->names; - status = dcerpc_parse_binding(tmp_ctx, names[i], - &default_binding); - - if (NT_STATUS_IS_OK(status) && - default_binding.transport == NCACN_NP) { - pipe_name = default_binding.endpoint; - break; - } + /* Look up identifier using the epmapper */ + if (!b->endpoint) { + status = dcerpc_epm_map_binding(tmp_ctx, b, pipe_uuid, pipe_version); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0,("Failed to map DCERPC/TCP NCACN_NP pipe for '%s' - %s\n", + pipe_uuid, nt_errstr(status))); + talloc_free(p); + return status; } - } else { - pipe_name = b.endpoint; + DEBUG(1,("Mapped to DCERPC/NP pipe %s\n", b->endpoint)); } - if (!strncasecmp(pipe_name, "/pipe/", 6) || - !strncasecmp(pipe_name, "\\pipe\\", 6)) { - pipe_name += 6; - } + pipe_name = b->endpoint; + - if (pipe_name[0] != '\\') { - pipe_name = talloc_asprintf(mem_ctx, "\\%s", pipe_name); - } - status = dcerpc_pipe_open_smb(p->conn, tree, pipe_name); if (!NT_STATUS_IS_OK(status)) { @@ -502,6 +479,9 @@ static NTSTATUS setup_netlogon_creds(struct smbcli_transport *transport, a.out.credentials = &credentials3; creds_client_init(creds, &credentials1, &credentials2, + machine_name, + domain, + a.in.account_name, &mach_password, &credentials3, negotiate_flags); @@ -1056,7 +1036,6 @@ static BOOL xp_login(const char *dcname, const char *wksname, status = dcerpc_bind_auth_schannel_withkey(netlogon_schannel_pipe, DCERPC_NETLOGON_UUID, DCERPC_NETLOGON_VERSION, - "", "", "", netlogon_creds); if (!NT_STATUS_IS_OK(status)) diff --git a/source4/torture/torture.c b/source4/torture/torture.c index 32c258068b..588bf1bcff 100644 --- a/source4/torture/torture.c +++ b/source4/torture/torture.c @@ -138,6 +138,7 @@ NTSTATUS torture_rpc_connection(struct dcerpc_pipe **p, } status = dcerpc_pipe_connect(p, binding, pipe_uuid, pipe_version, + lp_netbios_name(), lp_parm_string(-1, "torture", "userdomain"), lp_parm_string(-1, "torture", "username"), lp_parm_string(-1, "torture", "password")); @@ -154,7 +155,7 @@ NTSTATUS torture_rpc_connection_transport(struct dcerpc_pipe **p, { NTSTATUS status; const char *binding = lp_parm_string(-1, "torture", "binding"); - struct dcerpc_binding b; + struct dcerpc_binding *b; TALLOC_CTX *mem_ctx = talloc_init("torture_rpc_connection_smb"); if (!binding) { @@ -169,9 +170,10 @@ NTSTATUS torture_rpc_connection_transport(struct dcerpc_pipe **p, return status; } - b.transport = transport; + b->transport = transport; - status = dcerpc_pipe_connect_b(p, &b, pipe_uuid, pipe_version, + status = dcerpc_pipe_connect_b(p, b, pipe_uuid, pipe_version, + lp_netbios_name(), lp_parm_string(-1, "torture", "userdomain"), lp_parm_string(-1, "torture", "username"), lp_parm_string(-1, "torture", "password")); @@ -2597,7 +2599,7 @@ static void usage(poptContext pc) static BOOL is_binding_string(const char *binding_string) { TALLOC_CTX *mem_ctx = talloc_init("is_binding_string"); - struct dcerpc_binding binding_struct; + struct dcerpc_binding *binding_struct; NTSTATUS status; status = dcerpc_parse_binding(mem_ctx, binding_string, &binding_struct); |