svn commit: samba r4674 - in branches/SAMBA_4_0/source/torture/rpc:
.
abartlet at samba.org
abartlet at samba.org
Tue Jan 11 06:04:44 GMT 2005
Author: abartlet
Date: 2005-01-11 06:04:44 +0000 (Tue, 11 Jan 2005)
New Revision: 4674
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=4674
Log:
Test SetSecret behaviour for local and global secrets, when setting
only the OLD secret value.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/torture/rpc/lsa.c
Changeset:
Modified: branches/SAMBA_4_0/source/torture/rpc/lsa.c
===================================================================
--- branches/SAMBA_4_0/source/torture/rpc/lsa.c 2005-01-11 05:16:43 UTC (rev 4673)
+++ branches/SAMBA_4_0/source/torture/rpc/lsa.c 2005-01-11 06:04:44 UTC (rev 4674)
@@ -680,6 +680,8 @@
struct lsa_QuerySecret r4;
struct lsa_SetSecret r5;
struct lsa_QuerySecret r6;
+ struct lsa_SetSecret r7;
+ struct lsa_QuerySecret r8;
struct policy_handle sec_handle, sec_handle2;
struct lsa_Delete d;
struct lsa_DATA_BUF buf1;
@@ -694,13 +696,16 @@
char *secret2;
const char *secret3 = "ABCDEF12345699QWERTY";
char *secret4;
+ const char *secret5 = "NEW-SAMBA4-SECRET";
+ char *secret6;
char *secname[2];
int i;
+ const int LOCAL = 0;
+ const int GLOBAL = 1;
+ secname[LOCAL] = talloc_asprintf(mem_ctx, "torturesecret-%u", (uint_t)random());
+ secname[GLOBAL] = talloc_asprintf(mem_ctx, "G$torturesecret-%u", (uint_t)random());
- secname[0] = talloc_asprintf(mem_ctx, "torturesecret-%u", (uint_t)random());
- secname[1] = talloc_asprintf(mem_ctx, "G$torturesecret-%u", (uint_t)random());
-
for (i=0; i< 2; i++) {
printf("Testing CreateSecret of %s\n", secname[i]);
@@ -782,10 +787,9 @@
secret2 = sess_decrypt_string(&blob1, &session_key);
- printf("returned secret '%s'\n", secret2);
-
if (strcmp(secret1, secret2) != 0) {
- printf("Returned secret doesn't match\n");
+ printf("Returned secret '%s' doesn't match '%s'\n",
+ secret2, secret1);
ret = False;
}
}
@@ -800,7 +804,7 @@
r5.in.new_val->length = enc_key.length;
r5.in.new_val->size = enc_key.length;
- printf("Testing SetSecret\n");
+ printf("Testing SetSecret (existing value should move to old)\n");
status = dcerpc_lsa_SetSecret(p, mem_ctx, &r5);
if (!NT_STATUS_IS_OK(status)) {
@@ -841,24 +845,20 @@
secret4 = sess_decrypt_string(&blob1, &session_key);
- printf("returned secret '%s'\n", secret4);
-
if (strcmp(secret3, secret4) != 0) {
printf("Returned NEW secret %s doesn't match %s\n", secret4, secret3);
ret = False;
}
- blob1.data = r6.out.new_val->buf->data;
- blob1.length = r6.out.new_val->buf->length;
+ blob1.data = r6.out.old_val->buf->data;
+ blob1.length = r6.out.old_val->buf->length;
blob2 = data_blob_talloc(mem_ctx, NULL, blob1.length);
secret2 = sess_decrypt_string(&blob1, &session_key);
- printf("returned OLD secret '%s'\n", secret2);
-
- if (strcmp(secret3, secret4) != 0) {
- printf("Returned secret %s doesn't match %s\n", secret2, secret1);
+ if (strcmp(secret1, secret2) != 0) {
+ printf("Returned OLD secret %s doesn't match %s\n", secret2, secret1);
ret = False;
}
@@ -871,6 +871,94 @@
}
}
+ enc_key = sess_encrypt_string(secret5, &session_key);
+
+ r7.in.handle = &sec_handle;
+ r7.in.old_val = &buf1;
+ r7.in.old_val->data = enc_key.data;
+ r7.in.old_val->length = enc_key.length;
+ r7.in.old_val->size = enc_key.length;
+ r7.in.new_val = NULL;
+
+ printf("Testing SetSecret of old Secret only\n");
+
+ status = dcerpc_lsa_SetSecret(p, mem_ctx, &r7);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("SetSecret failed - %s\n", nt_errstr(status));
+ ret = False;
+ }
+
+ data_blob_free(&enc_key);
+
+ /* fetch the secret back again */
+ r8.in.handle = &sec_handle;
+ r8.in.new_val = &bufp1;
+ r8.in.new_mtime = &new_mtime;
+ r8.in.old_val = &bufp2;
+ r8.in.old_mtime = &old_mtime;
+
+ bufp1.buf = NULL;
+ bufp2.buf = NULL;
+
+ status = dcerpc_lsa_QuerySecret(p, mem_ctx, &r8);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("QuerySecret failed - %s\n", nt_errstr(status));
+ ret = False;
+ } else {
+
+ if (r8.out.new_val->buf == NULL) {
+ if (i != LOCAL) {
+ printf("NEW secret buffer not returned after OLD set\n");
+ ret = False;
+ }
+ } else if (r8.out.old_val->buf == NULL) {
+ printf("OLD secret buffer not returned after OLD set\n");
+ ret = False;
+ } else if (r8.out.new_mtime == NULL || r8.out.old_mtime == NULL) {
+ printf("Both times not returned after OLD set\n");
+ ret = False;
+ } else {
+ blob1.data = r8.out.new_val->buf->data;
+ blob1.length = r8.out.new_val->buf->length;
+
+ blob2 = data_blob_talloc(mem_ctx, NULL, blob1.length);
+
+ secret6 = sess_decrypt_string(&blob1, &session_key);
+
+ if (strcmp(secret3, secret4) != 0) {
+ printf("Returned NEW secret '%s' doesn't match '%s'\n", secret4, secret3);
+ ret = False;
+ }
+
+ blob1.data = r8.out.old_val->buf->data;
+ blob1.length = r8.out.old_val->buf->length;
+
+ blob2 = data_blob_talloc(mem_ctx, NULL, blob1.length);
+
+ secret6 = sess_decrypt_string(&blob1, &session_key);
+
+ if (strcmp(secret5, secret6) != 0) {
+ printf("Returned OLD secret %s doesn't match %s\n", secret5, secret6);
+ ret = False;
+ }
+
+ if (*r8.out.new_mtime == *r8.out.old_mtime) {
+ if (i != GLOBAL) {
+ printf("Returned secret %s had same mtime for both secrets: %s\n",
+ secname[i],
+ nt_time_string(mem_ctx, *r8.out.new_mtime));
+ ret = False;
+ }
+ } else {
+ printf("Returned secret %s should have had same mtime for both secrets: %s != %s\n",
+ secname[i],
+ nt_time_string(mem_ctx, *r8.out.old_mtime),
+ nt_time_string(mem_ctx, *r8.out.new_mtime));
+ ret = False;
+ }
+ }
+ }
+
if (!test_Delete(p, mem_ctx, &sec_handle)) {
ret = False;
}
More information about the samba-cvs
mailing list