From 030ccc42b974e0dfc991c0a908a748be5a657996 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 14 Dec 2011 11:07:11 +0100 Subject: s4-smbtorture: make sure we can successfully run the schannel test against windows. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit lsa lookupsids3/lookupnames4 is only available over schannel sealed ncacn_ip_tcp. Guenther Autobuild-User: Günther Deschner Autobuild-Date: Wed Dec 14 17:28:29 CET 2011 on sn-devel-104 --- source4/torture/rpc/schannel.c | 46 +++++++++++++++++++++++++++--------------- 1 file changed, 30 insertions(+), 16 deletions(-) diff --git a/source4/torture/rpc/schannel.c b/source4/torture/rpc/schannel.c index 7eb5148152..dff9fe7055 100644 --- a/source4/torture/rpc/schannel.c +++ b/source4/torture/rpc/schannel.c @@ -244,10 +244,6 @@ static bool test_lsa_ops(struct torture_context *tctx, struct dcerpc_pipe *p) } } } - if (!test_many_LookupSids(p, tctx, NULL)) { - torture_comment(tctx, "LsaLookupSids3 failed!\n"); - return false; - } return ret; } @@ -272,6 +268,7 @@ static bool test_schannel(struct torture_context *tctx, struct dcerpc_pipe *p_lsa = NULL; struct netlogon_creds_CredentialState *creds; struct cli_credentials *credentials; + enum dcerpc_transport_t transport; join_ctx = torture_join_domain(tctx, talloc_asprintf(tctx, "%s%d", TEST_MACHINE_NAME, i), @@ -287,7 +284,7 @@ static bool test_schannel(struct torture_context *tctx, status = dcerpc_pipe_connect_b(tctx, &p, b, &ndr_table_samr, credentials, tctx->ev, tctx->lp_ctx); torture_assert_ntstatus_ok(tctx, status, - "Failed to connect with schannel"); + "Failed to connect to samr with schannel"); torture_assert(tctx, test_samr_ops(tctx, p->binding_handle), "Failed to process schannel secured SAMR ops"); @@ -326,21 +323,35 @@ static bool test_schannel(struct torture_context *tctx, status = dcerpc_epm_map_binding(tctx, b, &ndr_table_lsarpc, tctx->ev, tctx->lp_ctx); torture_assert_ntstatus_ok(tctx, status, "epm map"); - status = dcerpc_secondary_connection(p, &p_lsa, - b); + torture_assert_ntstatus_ok(tctx, + dcerpc_pipe_connect_b(tctx, &p_lsa, b, &ndr_table_lsarpc, + credentials, tctx->ev, tctx->lp_ctx), + "failed to connect lsarpc with schannel"); - torture_assert_ntstatus_ok(tctx, status, "secondary connection"); + torture_assert(tctx, test_lsa_ops(tctx, p_lsa), + "Failed to process schannel secured LSA ops"); - status = dcerpc_bind_auth(p_lsa, &ndr_table_lsarpc, - credentials, lpcfg_gensec_settings(tctx, tctx->lp_ctx), - DCERPC_AUTH_TYPE_SCHANNEL, - dcerpc_auth_level(p->conn), - NULL); + talloc_free(p_lsa); + p_lsa = NULL; - torture_assert_ntstatus_ok(tctx, status, "bind auth"); + /* we *MUST* use ncacn_ip_tcp for lookupsids3/lookupnames4 */ + transport = b->transport; + b->transport = NCACN_IP_TCP; - torture_assert(tctx, test_lsa_ops(tctx, p_lsa), - "Failed to process schannel secured LSA ops"); + torture_assert_ntstatus_ok(tctx, + dcerpc_epm_map_binding(tctx, b, &ndr_table_lsarpc, tctx->ev, tctx->lp_ctx), + "failed to call epm map"); + + torture_assert_ntstatus_ok(tctx, + dcerpc_pipe_connect_b(tctx, &p_lsa, b, &ndr_table_lsarpc, + credentials, tctx->ev, tctx->lp_ctx), + "failed to connect lsarpc with schannel"); + + torture_assert(tctx, + test_many_LookupSids(p_lsa, tctx, NULL), + "LsaLookupSids3 failed!\n"); + + b->transport = transport; /* Drop the socket, we want to start from scratch */ talloc_free(p); @@ -438,6 +449,9 @@ bool torture_rpc_schannel(struct torture_context *torture) int i; for (i=0;i