From 63c5ca7d583691fae5ccf0b760f24b9d11a2141b Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 12 Aug 2004 07:29:49 +0000
Subject: r1769: Add a new torture test to check vuid properties, and
 SPNEGO/non-SPNEGO games.

Andrew Bartlett
(This used to be commit 90d70a63ee6d44172cec99a9115817f666b5d06d)
---
 source4/libcli/raw/clisession.c |  2 +-
 source4/torture/config.mk       |  3 ++-
 source4/torture/raw/context.c   | 46 ++++++++++++++++++++++++++++++++++++++---
 3 files changed, 46 insertions(+), 5 deletions(-)

diff --git a/source4/libcli/raw/clisession.c b/source4/libcli/raw/clisession.c
index b32d59f340..f46c238378 100644
--- a/source4/libcli/raw/clisession.c
+++ b/source4/libcli/raw/clisession.c
@@ -394,7 +394,7 @@ static NTSTATUS smb_raw_session_setup_generic_spnego(struct smbcli_session *sess
 	s2.spnego.in.domain = parms->generic.in.domain;
 	s2.spnego.in.os = "Unix";
 	s2.spnego.in.lanman = "Samba";
-	s2.spnego.out.vuid = UID_FIELD_INVALID;
+	s2.spnego.out.vuid = session->vuid;
 
 	smbcli_temp_set_signing(session->transport);
 
diff --git a/source4/torture/config.mk b/source4/torture/config.mk
index 157b06b3b8..09a6dcb991 100644
--- a/source4/torture/config.mk
+++ b/source4/torture/config.mk
@@ -87,7 +87,8 @@ REQUIRED_SUBSYSTEMS = \
 # Start SUBSYSTEM TORTURE_AUTH
 [SUBSYSTEM::TORTURE_AUTH]
 ADD_OBJ_FILES = \
-		torture/auth/ntlmssp.o
+		torture/auth/ntlmssp.o \
+		torture/auth/multi_sesssetup.o
 REQUIRED_SUBSYSTEMS = \
 		LIBSMB
 # End SUBSYSTEM TORTURE_AUTH
diff --git a/source4/torture/raw/context.c b/source4/torture/raw/context.c
index 763edffeb2..5fd027ef5c 100644
--- a/source4/torture/raw/context.c
+++ b/source4/torture/raw/context.c
@@ -38,6 +38,14 @@
 		goto done; \
 	}} while (0)
 
+#define CHECK_NOT_VALUE(v, correct) do { \
+	if ((v) == (correct)) { \
+		printf("(%d) Incorrect value %s=%d - should be %d\n", \
+		       __LINE__, #v, v, correct); \
+		ret = False; \
+		goto done; \
+	}} while (0)
+
 
 /*
   test session ops
@@ -48,6 +56,8 @@ static BOOL test_session(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
 	BOOL ret = True;
 	char *username, *domain, *password;
 	struct smbcli_session *session;
+	struct smbcli_session *session2;
+	struct smbcli_session *session3;
 	struct smbcli_tree *tree;
 	union smb_sesssetup setup;
 	union smb_open io;
@@ -73,7 +83,7 @@ static BOOL test_session(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
 	session = smbcli_session_init(cli->transport);
 	setup.generic.level = RAW_SESSSETUP_GENERIC;
 	setup.generic.in.sesskey = cli->transport->negotiate.sesskey;
-	setup.generic.in.capabilities = 0; /* ignored in secondary session setup */
+	setup.generic.in.capabilities = cli->transport->negotiate.capabilities; /* ignored in secondary session setup, except by our libs, which care about the extended security bit */
 	setup.generic.in.password = password;
 	setup.generic.in.user = username;
 	setup.generic.in.domain = domain;
@@ -83,13 +93,43 @@ static BOOL test_session(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
 
 	session->vuid = setup.generic.out.vuid;
 
+	printf("create a third security context on the same transport, with vuid set\n");
+	session2 = smbcli_session_init(cli->transport);
+	session2->vuid = session->vuid;
+	setup.generic.level = RAW_SESSSETUP_GENERIC;
+	setup.generic.in.sesskey = cli->transport->negotiate.sesskey;
+	setup.generic.in.capabilities = cli->transport->negotiate.capabilities; /* ignored in secondary session setup, except by our libs, which care about the extended security bit */
+	setup.generic.in.password = password;
+	setup.generic.in.user = username;
+	setup.generic.in.domain = domain;
+
+	status = smb_raw_session_setup(session2, mem_ctx, &setup);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	printf("vuid1=%d vuid2=%d vuid3=%d\n", cli->session->vuid, session->vuid, session2->vuid);
+	
+	CHECK_NOT_VALUE(session->vuid, session2->vuid);
+
+	if (cli->transport->negotiate.capabilities & CAP_EXTENDED_SECURITY) {
+		printf("create a fourth security context on the same transport, without extended security\n");
+		session3 = smbcli_session_init(cli->transport);
+		session3->vuid = session->vuid;
+		setup.generic.level = RAW_SESSSETUP_GENERIC;
+		setup.generic.in.sesskey = cli->transport->negotiate.sesskey;
+		setup.generic.in.capabilities = 0; /* force a non extended security login (should fail) */
+		setup.generic.in.password = password;
+		setup.generic.in.user = username;
+		setup.generic.in.domain = domain;
+
+		status = smb_raw_session_setup(session3, mem_ctx, &setup);
+		CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+	}
+		
 	printf("use the same tree as the existing connection\n");
 	tree = smbcli_tree_init(session);
 	tree->tid = cli->tree->tid;
 	cli->tree->reference_count++;
 
-	printf("vuid1=%d vuid2=%d\n", cli->session->vuid, session->vuid);
-
 	printf("create a file using the new vuid\n");
 	io.generic.level = RAW_OPEN_NTCREATEX;
 	io.ntcreatex.in.root_fid = 0;
-- 
cgit