summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
Diffstat (limited to 'source4')
-rw-r--r--source4/torture/rpc/netlogon.c54
-rw-r--r--source4/torture/rpc/schannel.c8
2 files changed, 62 insertions, 0 deletions
diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c
index 0fe594cf7e..d60b2e3c18 100644
--- a/source4/torture/rpc/netlogon.c
+++ b/source4/torture/rpc/netlogon.c
@@ -885,6 +885,60 @@ bool test_netlogon_ops(struct dcerpc_pipe *p, struct torture_context *tctx,
}
/*
+ try a netlogon GetCapabilities
+*/
+bool test_netlogon_capabilities(struct dcerpc_pipe *p, struct torture_context *tctx,
+ struct cli_credentials *credentials,
+ struct netlogon_creds_CredentialState *creds)
+{
+ NTSTATUS status;
+ struct netr_LogonGetCapabilities r;
+ union netr_Capabilities capabilities;
+ struct netr_Authenticator auth, return_auth;
+ struct netlogon_creds_CredentialState tmp_creds;
+ struct dcerpc_binding_handle *b = p->binding_handle;
+
+ r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+ r.in.computer_name = cli_credentials_get_workstation(credentials);
+ r.in.credential = &auth;
+ r.in.return_authenticator = &return_auth;
+ r.in.query_level = 1;
+ r.out.capabilities = &capabilities;
+ r.out.return_authenticator = &return_auth;
+
+ torture_comment(tctx, "Testing LogonGetCapabilities\n");
+
+ ZERO_STRUCT(return_auth);
+
+ /*
+ * we need to operate on a temporary copy of creds
+ * because dcerpc_netr_LogonGetCapabilities was
+ * dcerpc_netr_DummyFunction and returns NT_STATUS_NOT_IMPLEMENTED
+ * without looking a the authenticator.
+ */
+ tmp_creds = *creds;
+ netlogon_creds_client_authenticator(&tmp_creds, &auth);
+
+ status = dcerpc_netr_LogonGetCapabilities_r(b, tctx, &r);
+ torture_assert_ntstatus_ok(tctx, status, "LogonGetCapabilities failed");
+ if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_NOT_IMPLEMENTED)) {
+ return true;
+ }
+
+ *creds = tmp_creds;
+
+ torture_assert(tctx, netlogon_creds_client_check(creds,
+ &r.out.return_authenticator->cred),
+ "Credential chaining failed");
+
+ torture_assert_int_equal(tctx, creds->negotiate_flags,
+ capabilities.server_capabilities,
+ "negotiate flags");
+
+ return true;
+}
+
+/*
try a netlogon SamLogon
*/
static bool test_SamLogon(struct torture_context *tctx,
diff --git a/source4/torture/rpc/schannel.c b/source4/torture/rpc/schannel.c
index dff9fe7055..30b8a1d1ae 100644
--- a/source4/torture/rpc/schannel.c
+++ b/source4/torture/rpc/schannel.c
@@ -312,6 +312,10 @@ static bool test_schannel(struct torture_context *tctx,
status = dcerpc_schannel_creds(p_netlogon->conn->security_state.generic_state, tctx, &creds);
torture_assert_ntstatus_ok(tctx, status, "schannel creds");
+ /* checks the capabilities */
+ torture_assert(tctx, test_netlogon_capabilities(p_netlogon, tctx, credentials, creds),
+ "Failed to process schannel secured capability ops (on fresh connection)");
+
/* do a couple of logins */
torture_assert(tctx, test_netlogon_ops(p_netlogon, tctx, credentials, creds),
"Failed to process schannel secured NETLOGON ops");
@@ -391,6 +395,10 @@ static bool test_schannel(struct torture_context *tctx,
torture_assert_ntstatus_ok(tctx, status, "auth failed");
+ /* checks the capabilities */
+ torture_assert(tctx, test_netlogon_capabilities(p_netlogon2, tctx, credentials, creds),
+ "Failed to process schannel secured capability ops (on fresh connection)");
+
/* Try the schannel-only SamLogonEx operation */
torture_assert(tctx, test_netlogon_ex_ops(p_netlogon2, tctx, credentials, creds),
"Failed to process schannel secured NETLOGON EX ops (on fresh connection)");