From c5cf47443985c34ad32c44c322901e0fc3a065d7 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 3 Nov 2003 06:22:45 +0000 Subject: a major revamp of the low level dcerpc code in samba4, We can now do a successful LSA OpenPolicy using smbtorture (This used to be commit e925c315f55905060fcca1b188ae1f7e40baf514) --- source4/torture/rpc/lsa.c | 79 ++++++++++++++++++++++ source4/torture/torture.c | 166 +++++++++++++++++++++++----------------------- 2 files changed, 163 insertions(+), 82 deletions(-) create mode 100644 source4/torture/rpc/lsa.c (limited to 'source4/torture') diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c new file mode 100644 index 0000000000..dcf97cbfe2 --- /dev/null +++ b/source4/torture/rpc/lsa.c @@ -0,0 +1,79 @@ +/* + Unix SMB/CIFS implementation. + test suite for lsa rpc operations + Copyright (C) Tim Potter 2003 + Copyright (C) Andrew Tridgell 2003 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +/* Helper function for RPC-OPEN test */ +static DATA_BLOB blob_lsa_open_policy_req(TALLOC_CTX *mem_ctx, BOOL sec_qos, + uint32 des_access) +{ + prs_struct qbuf; + LSA_Q_OPEN_POL q; + LSA_SEC_QOS qos; + + ZERO_STRUCT(q); + + /* Initialise parse structures */ + + prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); + + /* Initialise input parameters */ + + if (sec_qos) { + init_lsa_sec_qos(&qos, 2, 1, 0); + init_q_open_pol(&q, '\\', 0, des_access, &qos); + } else { + init_q_open_pol(&q, '\\', 0, des_access, NULL); + } + + if (lsa_io_q_open_pol("", &q, &qbuf, 0)) + return data_blob_talloc( + mem_ctx, prs_data_p(&qbuf), prs_offset(&qbuf)); + + return data_blob(NULL, 0); +} + +BOOL torture_rpc_lsa(int dummy) +{ + NTSTATUS status; + struct dcerpc_pipe *p; + DATA_BLOB request; + TALLOC_CTX *mem_ctx; + + mem_ctx = talloc_init("torture_rpc_lsa"); + + status = torture_rpc_connection(&p, "lsarpc"); + if (!NT_STATUS_IS_OK(status)) { + return False; + } + + request = blob_lsa_open_policy_req(mem_ctx, True, + SEC_RIGHTS_MAXIMUM_ALLOWED); + + status = cli_dcerpc_request(p, LSA_OPENPOLICY, mem_ctx, &request, NULL); + if (!NT_STATUS_IS_OK(status)) { + d_printf("Failed to LSA_OPENPOLICY - %s\n", nt_errstr(status)); + } + + torture_rpc_close(p); + + return NT_STATUS_IS_OK(status); +} diff --git a/source4/torture/torture.c b/source4/torture/torture.c index eccc6e5d11..c3f7514e9b 100644 --- a/source4/torture/torture.c +++ b/source4/torture/torture.c @@ -98,11 +98,11 @@ BOOL torture_open_connection(struct cli_state **c) if (use_kerberos) flags |= CLI_FULL_CONNECTION_USE_KERBEROS; - + status = cli_full_connection(c, lp_netbios_name(), host, NULL, share, "?????", - username, lp_workgroup(), + username, username[0]?lp_workgroup():"", password, flags, &retry); if (!NT_STATUS_IS_OK(status)) { printf("Failed to open connection - %s\n", nt_errstr(status)); @@ -131,6 +131,87 @@ BOOL torture_close_connection(struct cli_state *c) return ret; } +/* open a rpc connection to a named pipe */ +NTSTATUS torture_rpc_connection(struct dcerpc_pipe **p, const char *pipe_name) +{ + struct cli_state *cli; + int fnum; + NTSTATUS status; + char *name = NULL; + union smb_open open_parms; + TALLOC_CTX *mem_ctx; + + if (!torture_open_connection(&cli)) { + return NT_STATUS_UNSUCCESSFUL; + } + + asprintf(&name, "\\%s", pipe_name); + if (!name) { + return NT_STATUS_NO_MEMORY; + } + + open_parms.ntcreatex.level = RAW_OPEN_NTCREATEX; + open_parms.ntcreatex.in.flags = 0; + open_parms.ntcreatex.in.root_fid = 0; + open_parms.ntcreatex.in.access_mask = + STD_RIGHT_READ_CONTROL_ACCESS | + SA_RIGHT_FILE_WRITE_ATTRIBUTES | + SA_RIGHT_FILE_WRITE_EA | + GENERIC_RIGHTS_FILE_READ; + open_parms.ntcreatex.in.file_attr = 0; + open_parms.ntcreatex.in.alloc_size = 0; + open_parms.ntcreatex.in.share_access = + NTCREATEX_SHARE_ACCESS_READ | + NTCREATEX_SHARE_ACCESS_WRITE; + open_parms.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN; + open_parms.ntcreatex.in.create_options = 0; + open_parms.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_IMPERSONATION; + open_parms.ntcreatex.in.security_flags = 0; + open_parms.ntcreatex.in.fname = name; + + mem_ctx = talloc_init("torture_rpc_connection"); + status = smb_raw_open(cli->tree, mem_ctx, &open_parms); + free(name); + talloc_destroy(mem_ctx); + + if (!NT_STATUS_IS_OK(status)) { + printf("Open of pipe %s failed with error (%s)\n", + pipe_name, nt_errstr(status)); + return status; + } + + if (!(*p = dcerpc_pipe_init(cli->tree))) { + return NT_STATUS_NO_MEMORY; + } + + (*p)->fnum = open_parms.ntcreatex.out.fnum; + + status = cli_dcerpc_bind_byname(*p, pipe_name); + + if (!NT_STATUS_IS_OK(status)) { + cli_close(cli, fnum); + dcerpc_pipe_close(*p); + } + + return status; +} + +/* close a rpc connection to a named pipe */ +NTSTATUS torture_rpc_close(struct dcerpc_pipe *p) +{ + union smb_close io; + NTSTATUS status; + + io.close.level = RAW_CLOSE_CLOSE; + io.close.in.fnum = p->fnum; + io.close.in.write_time = 0; + status = smb_raw_close(p->tree, &io); + + dcerpc_pipe_close(p); + + return status; +} + /* check if the server produced the expected error code */ static BOOL check_error(int line, struct cli_state *c, @@ -3755,85 +3836,6 @@ static BOOL run_deny3test(int dummy) return True; } -/* Helper function for RPC-OPEN test */ - -static DATA_BLOB blob_lsa_open_policy_req(TALLOC_CTX *mem_ctx, BOOL sec_qos, - uint32 des_access) -{ - prs_struct qbuf; - LSA_Q_OPEN_POL q; - LSA_SEC_QOS qos; - - ZERO_STRUCT(q); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - - /* Initialise input parameters */ - - if (sec_qos) { - init_lsa_sec_qos(&qos, 2, 1, 0); - init_q_open_pol(&q, '\\', 0, des_access, &qos); - } else { - init_q_open_pol(&q, '\\', 0, des_access, NULL); - } - - if (lsa_io_q_open_pol("", &q, &qbuf, 0)) - return data_blob_talloc( - mem_ctx, prs_data_p(&qbuf), prs_offset(&qbuf)); - - return data_blob(NULL, 0); -} - -static BOOL torture_rpc_open(int dummy) -{ - struct cli_state *cli; - const char *pipe_name = "\\lsarpc"; - int fnum; - TALLOC_CTX *mem_ctx; - NTSTATUS status; - struct cli_dcerpc_pipe *p; - DATA_BLOB request; - - mem_ctx = talloc_init("rpc_open"); - - printf("starting rpc test\n"); - - if (!torture_open_connection(&cli)) - return False; - - fnum = cli_nt_create_full(cli, pipe_name, 0, SA_RIGHT_FILE_READ_DATA, - FILE_ATTRIBUTE_NORMAL, - NTCREATEX_SHARE_ACCESS_READ| - NTCREATEX_SHARE_ACCESS_WRITE, - NTCREATEX_DISP_OPEN_IF, 0, 0); - - if (fnum == -1) { - printf("Open of pipe %s failed with error (%s)\n", - pipe_name, cli_errstr(cli)); - return False; - } - - if (!(p = cli_dcerpc_pipe_init(cli->tree))) - return False; - - p->fnum = fnum; - - status = cli_dcerpc_bind_byname(p, pipe_name); - - request = blob_lsa_open_policy_req(mem_ctx, True, - SEC_RIGHTS_MAXIMUM_ALLOWED); - - status = cli_dcerpc_request(p, LSA_OPENPOLICY, request); - - talloc_destroy(mem_ctx); - - torture_close_connection(cli); - - return True; -} - static void sigcont(void) { } @@ -4023,7 +4025,7 @@ static struct { {"SCAN-NTTRANS", torture_nttrans_scan, 0}, {"SCAN-ALIASES", torture_trans2_aliases, 0}, {"SCAN-SMB", torture_smb_scan, 0}, - {"RPC-OPEN", torture_rpc_open, 0}, + {"RPC-LSA", torture_rpc_lsa, 0}, {NULL, NULL, 0}}; -- cgit