svn commit: samba r17064 - in branches: SAMBA_3_0/source/rpc_server SAMBA_4_0/source/torture/rpc

Sat Jul 15 17:55:01 GMT 2006

Author: vlendec
Date: 2006-07-15 17:55:01 +0000 (Sat, 15 Jul 2006)
New Revision: 17064

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=17064

Log:
lsa_GetUserName needs to return the name for S-1-5-7 on an anonymous login.

Found that because I want to play around with setsharesecurity, for this I
need the "whoami" call figuring out the SID of the currently connected user.

Not activating this test yet until the build farm has picked up the new samba4
revision.

Volker

Modified:
   branches/SAMBA_3_0/source/rpc_server/srv_lsa_nt.c
   branches/SAMBA_4_0/source/torture/rpc/rpc.c
   branches/SAMBA_4_0/source/torture/rpc/samba3rpc.c


Changeset:
Modified: branches/SAMBA_3_0/source/rpc_server/srv_lsa_nt.c
===================================================================

--- branches/SAMBA_3_0/source/rpc_server/srv_lsa_nt.c	2006-07-15 16:51:23 UTC (rev 17063)
+++ branches/SAMBA_3_0/source/rpc_server/srv_lsa_nt.c	2006-07-15 17:55:01 UTC (rev 17064)
@@ -1514,15 +1514,27 @@
 
 NTSTATUS _lsa_unk_get_connuser(pipes_struct *p, LSA_Q_UNK_GET_CONNUSER *q_u, LSA_R_UNK_GET_CONNUSER *r_u)
 {
-	fstring username, domname;
+	const char *username, *domname;
 	user_struct *vuser = get_valid_user_struct(p->vuid);
   
 	if (vuser == NULL)
 		return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+
+	if (vuser->guest) {
+		/*
+		 * I'm 99% sure this is not the right place to do this,
+		 * global_sid_Anonymous should probably be put into the token
+		 * instead of the guest id -- vl
+		 */
+		if (!lookup_sid(p->mem_ctx, &global_sid_Anonymous,
+				&domname, &username, NULL)) {
+			return NT_STATUS_NO_MEMORY;
+		}
+	} else {
+		username = vuser->user.smb_name;
+		domname = vuser->user.domain;
+	}
   
-	fstrcpy(username, vuser->user.smb_name);
-	fstrcpy(domname, vuser->user.domain);
-  
 	r_u->ptr_user_name = 1;
 	init_unistr2(&r_u->uni2_user_name, username, UNI_STR_TERMINATE);
 	init_uni_hdr(&r_u->hdr_user_name, &r_u->uni2_user_name);

Modified: branches/SAMBA_4_0/source/torture/rpc/rpc.c
===================================================================
--- branches/SAMBA_4_0/source/torture/rpc/rpc.c	2006-07-15 16:51:23 UTC (rev 17063)
+++ branches/SAMBA_4_0/source/torture/rpc/rpc.c	2006-07-15 17:55:01 UTC (rev 17064)
@@ -130,6 +130,8 @@
 	register_torture_op("RPC-NETLOGSAMBA3", torture_netlogon_samba3);
 	register_torture_op("RPC-SAMBA3SESSIONKEY", torture_samba3_sessionkey);
 	register_torture_op("RPC-SAMBA3-SRVSVC", torture_samba3_rpc_srvsvc);
+	register_torture_op("RPC-SAMBA3-GETUSERNAME",
+			    torture_samba3_rpc_getusername);
 	register_torture_op("RPC-DRSUAPI", torture_rpc_drsuapi);
 	register_torture_op("RPC-CRACKNAMES", torture_rpc_drsuapi_cracknames);
 	register_torture_op("RPC-ROT", torture_rpc_rot);

Modified: branches/SAMBA_4_0/source/torture/rpc/samba3rpc.c
===================================================================
--- branches/SAMBA_4_0/source/torture/rpc/samba3rpc.c	2006-07-15 16:51:23 UTC (rev 17063)
+++ branches/SAMBA_4_0/source/torture/rpc/samba3rpc.c	2006-07-15 17:55:01 UTC (rev 17064)
@@ -21,7 +21,9 @@
 */
 
 #include "includes.h"
+#include "libcli/raw/libcliraw.h"
 #include "torture/torture.h"
+#include "torture/util.h"
 #include "librpc/gen_ndr/ndr_lsa.h"
 #include "librpc/gen_ndr/ndr_lsa_c.h"
 #include "librpc/gen_ndr/ndr_samr.h"
@@ -39,7 +41,22 @@
 #include "libcli/auth/libcli_auth.h"
 #include "libcli/auth/credentials.h"
 #include "lib/crypto/crypto.h"
+#include "libcli/security/proto.h"
 
+static struct cli_credentials *create_anon_creds(TALLOC_CTX *mem_ctx)
+{
+	struct cli_credentials *result;
+
+	if (!(result = cli_credentials_init(mem_ctx))) {
+		return NULL;
+	}
+
+	cli_credentials_set_conf(result);
+	cli_credentials_set_anonymous(result);
+
+	return result;
+}
+
 /*
  * This tests a RPC call using an invalid vuid
  */
@@ -128,15 +145,11 @@
 		goto done;
 	}
 
-	anon_creds = cli_credentials_init(mem_ctx);
-	if (anon_creds == NULL) {
-		d_printf("cli_credentials_init failed\n");
+	if (!(anon_creds = create_anon_creds(mem_ctx))) {
+		d_printf("create_anon_creds failed\n");
 		goto done;
 	}
 
-	cli_credentials_set_conf(anon_creds);
-	cli_credentials_set_anonymous(anon_creds);
-
 	setup.in.sesskey = cli->transport->negotiate.sesskey;
 	setup.in.capabilities = cli->transport->negotiate.capabilities;
 	setup.in.workgroup = "";
@@ -986,15 +999,11 @@
 		return False;
 	}
 
-	anon_creds = cli_credentials_init(mem_ctx);
-	if (anon_creds == NULL) {
-		d_printf("cli_credentials_init failed\n");
+	if (!(anon_creds = create_anon_creds(mem_ctx))) {
+		d_printf("create_anon_creds failed\n");
 		goto done;
 	}
 
-	cli_credentials_set_conf(anon_creds);
-	cli_credentials_set_anonymous(anon_creds);
-
 	status = smbcli_full_connection(mem_ctx, &cli,
 					lp_parm_string(-1, "torture", "host"),
 					"IPC$", NULL, anon_creds, NULL);
@@ -1148,15 +1157,11 @@
 		return False;
 	}
 
-	anon_creds = cli_credentials_init(mem_ctx);
-	if (anon_creds == NULL) {
-		d_printf("cli_credentials_init failed\n");
+	if (!(anon_creds = create_anon_creds(mem_ctx))) {
+		d_printf("create_anon_creds failed\n");
 		goto done;
 	}
 
-	cli_credentials_set_conf(anon_creds);
-	cli_credentials_set_anonymous(anon_creds);
-
 	ret = True;
 
 	if (!lp_parm_bool(-1, "target", "samba3", False)) {
@@ -1214,6 +1219,235 @@
 	return ret;
 }
 
+/*
+ * open pipe and bind, given an IPC$ context
+ */
+
+static struct dcerpc_pipe *pipe_bind_smb(TALLOC_CTX *mem_ctx,
+					 struct smbcli_tree *tree,
+					 const char *pipe_name,
+					 const struct dcerpc_interface_table *iface)
+{
+	struct dcerpc_pipe *result;
+	NTSTATUS status;
+
+	if (!(result = dcerpc_pipe_init(
+		      mem_ctx, tree->session->transport->socket->event.ctx))) {
+		return NULL;
+	}
+
+	status = dcerpc_pipe_open_smb(result->conn, tree, pipe_name);
+	if (!NT_STATUS_IS_OK(status)) {
+		d_printf("dcerpc_pipe_open_smb failed: %s\n",
+			 nt_errstr(status));
+		talloc_free(result);
+		return NULL;
+	}
+
+	status = dcerpc_bind_auth_none(result, iface);
+	if (!NT_STATUS_IS_OK(status)) {
+		d_printf("schannel bind failed: %s\n", nt_errstr(status));
+		talloc_free(result);
+		return NULL;
+	}
+
+	return result;
+}
+
+/*
+ * Sane wrapper around lsa_LookupNames
+ */
+
+static struct dom_sid *name2sid(TALLOC_CTX *mem_ctx,
+				struct dcerpc_pipe *p,
+				const char *name,
+				const char *domain)
+{
+	struct lsa_ObjectAttribute attr;
+	struct lsa_QosInfo qos;
+	struct lsa_OpenPolicy2 r;
+	struct lsa_Close c;
+	NTSTATUS status;
+	struct policy_handle handle;
+	struct lsa_LookupNames l;
+	struct lsa_TransSidArray sids;
+	struct lsa_String lsa_name;
+	uint32_t count = 1;
+	struct dom_sid *result;
+	TALLOC_CTX *tmp_ctx;
+
+	if (!(tmp_ctx = talloc_new(mem_ctx))) {
+		return NULL;
+	}
+
+	qos.len = 0;
+	qos.impersonation_level = 2;
+	qos.context_mode = 1;
+	qos.effective_only = 0;
+
+	attr.len = 0;
+	attr.root_dir = NULL;
+	attr.object_name = NULL;
+	attr.attributes = 0;
+	attr.sec_desc = NULL;
+	attr.sec_qos = &qos;
+
+	r.in.system_name = "\\";
+	r.in.attr = &attr;
+	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	r.out.handle = &handle;
+
+	status = dcerpc_lsa_OpenPolicy2(p, tmp_ctx, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("OpenPolicy2 failed - %s\n", nt_errstr(status));
+		talloc_free(tmp_ctx);
+		return NULL;
+	}
+
+	sids.count = 0;
+	sids.sids = NULL;
+
+	lsa_name.string = talloc_asprintf(tmp_ctx, "%s\\%s", domain, name);
+
+	l.in.handle = &handle;
+	l.in.num_names = 1;
+	l.in.names = &lsa_name;
+	l.in.sids = &sids;
+	l.in.level = 1;
+	l.in.count = &count;
+	l.out.count = &count;
+	l.out.sids = &sids;
+
+	status = dcerpc_lsa_LookupNames(p, tmp_ctx, &l);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("LookupNames failed - %s\n", nt_errstr(status));
+		talloc_free(tmp_ctx);
+		return False;
+	}
+
+	result = dom_sid_add_rid(mem_ctx, l.out.domains->domains[0].sid,
+				 l.out.sids->sids[0].rid);
+
+	c.in.handle = &handle;
+	c.out.handle = &handle;
+
+	status = dcerpc_lsa_Close(p, tmp_ctx, &c);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("dcerpc_lsa_Close failed - %s\n", nt_errstr(status));
+		talloc_free(tmp_ctx);
+		return NULL;
+	}
+	
+	talloc_free(tmp_ctx);
+	return result;
+}
+
+/*
+ * Find out the user SID on this connection
+ */
+
+static struct dom_sid *whoami(TALLOC_CTX *mem_ctx, struct smbcli_tree *tree)
+{
+	struct dcerpc_pipe *lsa;
+	struct lsa_GetUserName r;
+	NTSTATUS status;
+	struct lsa_StringPointer authority_name_p;
+	struct dom_sid *result;
+
+	if (!(lsa = pipe_bind_smb(mem_ctx, tree, "\\pipe\\lsarpc",
+				  &dcerpc_table_lsarpc))) {
+		d_printf("Could not bind to LSA\n");
+		return NULL;
+	}
+
+	r.in.system_name = "\\";
+	r.in.account_name = NULL;
+	authority_name_p.string = NULL;
+	r.in.authority_name = &authority_name_p;
+
+	status = dcerpc_lsa_GetUserName(lsa, mem_ctx, &r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("GetUserName failed - %s\n", nt_errstr(status));
+		talloc_free(lsa);
+		return NULL;
+	}
+
+	result = name2sid(mem_ctx, lsa, r.out.account_name->string,
+			  r.out.authority_name->string->string);
+
+	talloc_free(lsa);
+	return result;
+}
+
+/*
+ * Test the getusername behaviour
+ */
+
+BOOL torture_samba3_rpc_getusername(struct torture_context *torture)
+{
+	NTSTATUS status;
+	struct smbcli_state *cli;
+	TALLOC_CTX *mem_ctx;
+	BOOL ret = True;
+	struct dom_sid *user_sid;
+	struct cli_credentials *anon_creds;
+
+	if (!(mem_ctx = talloc_new(torture))) {
+		return False;
+	}
+
+	status = smbcli_full_connection(
+		mem_ctx, &cli, lp_parm_string(-1, "torture", "host"),
+		"IPC$", NULL, cmdline_credentials, NULL);
+	if (!NT_STATUS_IS_OK(status)) {
+		d_printf("smbcli_full_connection failed: %s\n",
+			 nt_errstr(status));
+		ret = False;
+		goto done;
+	}
+
+	if (!(user_sid = whoami(mem_ctx, cli->tree))) {
+		d_printf("whoami on auth'ed connection failed\n");
+		ret = False;
+	}
+
+	talloc_free(cli);
+
+	if (!(anon_creds = create_anon_creds(mem_ctx))) {
+		d_printf("create_anon_creds failed\n");
+		ret = False;
+		goto done;
+	}
+
+	status = smbcli_full_connection(
+		mem_ctx, &cli, lp_parm_string(-1, "torture", "host"),
+		"IPC$", NULL, anon_creds, NULL);
+	if (!NT_STATUS_IS_OK(status)) {
+		d_printf("anon smbcli_full_connection failed: %s\n",
+			 nt_errstr(status));
+		ret = False;
+		goto done;
+	}
+
+	if (!(user_sid = whoami(mem_ctx, cli->tree))) {
+		d_printf("whoami on anon connection failed\n");
+		ret = False;
+		goto done;
+	}
+
+	if (!dom_sid_equal(user_sid,
+			   dom_sid_parse_talloc(mem_ctx, "s-1-5-7"))) {
+		d_printf("Anon lsa_GetUserName returned %s, expected S-1-5-7",
+			 dom_sid_string(mem_ctx, user_sid));
+		ret = False;
+	}
+
+ done:
+	talloc_free(mem_ctx);
+	return ret;
+}
+
 static BOOL test_NetShareGetInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
 				 const char *sharename)
 {
@@ -1303,20 +1537,26 @@
 
 BOOL torture_samba3_rpc_srvsvc(struct torture_context *torture)
 {
-	NTSTATUS status;
 	struct dcerpc_pipe *p;
 	TALLOC_CTX *mem_ctx;
 	BOOL ret = True;
 	const char *sharename = NULL;
+	struct smbcli_state *cli;
 
 	if (!(mem_ctx = talloc_new(torture))) {
 		return False;
 	}
 
-	status = torture_rpc_connection(mem_ctx, &p, &dcerpc_table_srvsvc);
-	if (!NT_STATUS_IS_OK(status)) {
-		printf("torture_rpc_connection failed: %s\n",
-		       nt_errstr(status));
+	if (!(torture_open_connection_share(
+		      mem_ctx, &cli, lp_parm_string(-1, "torture", "host"),
+		      "IPC$", NULL))) {
+		talloc_free(mem_ctx);
+		return False;
+	}
+
+	if (!(p = pipe_bind_smb(mem_ctx, cli->tree, "\\pipe\\srvsvc",
+				&dcerpc_table_srvsvc))) {
+		d_printf("could not bind to srvsvc pipe\n");
 		ret = False;
 		goto done;
 	}

