svn commit: samba r16045 - in branches/SAMBA_4_0/source/torture/rpc: .

vlendec at samba.org vlendec at samba.org
Mon Jun 5 12:00:30 GMT 2006 

Author: vlendec
Date: 2006-06-05 12:00:28 +0000 (Mon, 05 Jun 2006)
New Revision: 16045

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16045

Log:
RPC-SAMBA3SESSIONKEY tests the different variants of joins (anon/auth smb,
anon/auth bind).

Jeremy, this is the little test I promised to you that shows the places where
we need the SystemLibraryDTC key.

Volker

Modified:
   branches/SAMBA_4_0/source/torture/rpc/rpc.c
   branches/SAMBA_4_0/source/torture/rpc/samba3rpc.c


Changeset:
Modified: branches/SAMBA_4_0/source/torture/rpc/rpc.c
===================================================================
--- branches/SAMBA_4_0/source/torture/rpc/rpc.c	2006-06-05 10:00:41 UTC (rev 16044)
+++ branches/SAMBA_4_0/source/torture/rpc/rpc.c	2006-06-05 12:00:28 UTC (rev 16045)
@@ -125,6 +125,7 @@
 	register_torture_op("RPC-AUTHCONTEXT", torture_bind_authcontext, 0);
 	register_torture_op("RPC-BINDSAMBA3", torture_bind_samba3, 0);
 	register_torture_op("RPC-NETLOGSAMBA3", torture_netlogon_samba3, 0);
+	register_torture_op("RPC-SAMBA3SESSIONKEY", torture_samba3_sessionkey, 0);
 	register_torture_op("RPC-DRSUAPI", torture_rpc_drsuapi, 0);
 	register_torture_op("RPC-CRACKNAMES", torture_rpc_drsuapi_cracknames, 0);
 	register_torture_op("RPC-ROT", torture_rpc_rot, 0);

Modified: branches/SAMBA_4_0/source/torture/rpc/samba3rpc.c
===================================================================
--- branches/SAMBA_4_0/source/torture/rpc/samba3rpc.c	2006-06-05 10:00:41 UTC (rev 16044)
+++ branches/SAMBA_4_0/source/torture/rpc/samba3rpc.c	2006-06-05 12:00:28 UTC (rev 16045)
@@ -307,6 +307,8 @@
 static NTSTATUS get_usr_handle(struct smbcli_state *cli,
 			       TALLOC_CTX *mem_ctx,
 			       struct cli_credentials *admin_creds,
+			       uint8_t auth_type,
+			       uint8_t auth_level,
 			       const char *wks_name,
 			       char **domain,
 			       struct dcerpc_pipe **result_pipe,
@@ -343,12 +345,23 @@
 		goto fail;
 	}
 
-	status = dcerpc_bind_auth(samr_pipe, &dcerpc_table_samr,
-				  admin_creds, DCERPC_AUTH_TYPE_NTLMSSP,
-				  DCERPC_AUTH_LEVEL_INTEGRITY, NULL);
-	if (!NT_STATUS_IS_OK(status)) {
-		d_printf("dcerpc_bind_auth failed: %s\n", nt_errstr(status));
-		goto fail;
+	if (admin_creds != NULL) {
+		status = dcerpc_bind_auth(samr_pipe, &dcerpc_table_samr,
+					  admin_creds, auth_type, auth_level,
+					  NULL);
+		if (!NT_STATUS_IS_OK(status)) {
+			d_printf("dcerpc_bind_auth failed: %s\n",
+				 nt_errstr(status));
+			goto fail;
+		}
+	} else {
+		/* We must have an authenticated SMB connection */
+		status = dcerpc_bind_auth_none(samr_pipe, &dcerpc_table_samr);
+		if (!NT_STATUS_IS_OK(status)) {
+			d_printf("dcerpc_bind_auth_none failed: %s\n",
+				 nt_errstr(status));
+			goto fail;
+		}
 	}
 
 	conn.in.system_name = talloc_asprintf(
@@ -479,6 +492,8 @@
 	}
 
 	status = get_usr_handle(cli, mem_ctx, admin_creds,
+				DCERPC_AUTH_TYPE_NTLMSSP,
+				DCERPC_AUTH_LEVEL_PRIVACY,
 				cli_credentials_get_workstation(wks_creds),
 				&dom_name, &samr_pipe, &wks_handle);
 
@@ -577,8 +592,6 @@
 		goto done;
 	}
 
-	d_printf("Got the netlogon pipe\n");
-
 	status = dcerpc_bind_auth_none(net_pipe, &dcerpc_table_netlogon);
 	if (!NT_STATUS_IS_OK(status)) {
 		d_printf("dcerpc_bind_auth_none failed: %s\n",
@@ -858,12 +871,14 @@
 	struct policy_handle *wks_handle;
 	BOOL ret = False;
 
-	if ((mem_ctx = talloc_init("join3")) == NULL) {
+	if ((mem_ctx = talloc_init("leave")) == NULL) {
 		d_printf("talloc_init failed\n");
 		return False;
 	}
 
 	status = get_usr_handle(cli, mem_ctx, admin_creds,
+				DCERPC_AUTH_TYPE_NTLMSSP,
+				DCERPC_AUTH_LEVEL_INTEGRITY,
 				cli_credentials_get_workstation(wks_creds),
 				&dom_name, &samr_pipe, &wks_handle);
 
@@ -947,7 +962,7 @@
 	cli_credentials_set_secure_channel_type(wks_creds, SEC_CHAN_WKSTA);
 	cli_credentials_set_username(wks_creds, wks_name, CRED_SPECIFIED);
 	cli_credentials_set_workstation(wks_creds, wks_name, CRED_SPECIFIED);
-	cli_credentials_set_password(wks_creds, "blub", CRED_SPECIFIED);
+	cli_credentials_set_password(wks_creds, "", CRED_SPECIFIED);
 
 	if (!join3(cli, cmdline_credentials, wks_creds)) {
 		d_printf("join failed\n");
@@ -990,3 +1005,131 @@
 	talloc_free(mem_ctx);
 	return ret;
 }
+
+/*
+ * Do a simple join, testjoin and leave using specified smb and samr
+ * credentials
+ */
+
+static BOOL test_join3(TALLOC_CTX *mem_ctx,
+		       struct cli_credentials *smb_creds,
+		       struct cli_credentials *samr_creds,
+		       const char *wks_name)
+{
+	NTSTATUS status;
+	BOOL ret = False;
+	struct smbcli_state *cli;
+	struct cli_credentials *wks_creds;
+
+	status = smbcli_full_connection(mem_ctx, &cli,
+					lp_parm_string(-1, "torture", "host"),
+					"IPC$", NULL, smb_creds, NULL);
+	if (!NT_STATUS_IS_OK(status)) {
+		d_printf("smbcli_full_connection failed: %s\n",
+			 nt_errstr(status));
+		goto done;
+	}
+
+	wks_creds = cli_credentials_init(cli);
+	if (wks_creds == NULL) {
+		d_printf("cli_credentials_init failed\n");
+		goto done;
+	}
+
+	cli_credentials_set_conf(wks_creds);
+	cli_credentials_set_secure_channel_type(wks_creds, SEC_CHAN_WKSTA);
+	cli_credentials_set_username(wks_creds, wks_name, CRED_SPECIFIED);
+	cli_credentials_set_workstation(wks_creds, wks_name, CRED_SPECIFIED);
+	cli_credentials_set_password(wks_creds, "", CRED_SPECIFIED);
+
+	if (!join3(cli, samr_creds, wks_creds)) {
+		d_printf("join failed\n");
+		goto done;
+	}
+
+	cli_credentials_set_domain(
+		cmdline_credentials, cli_credentials_get_domain(wks_creds),
+		CRED_SPECIFIED);
+
+	if (!auth2(cli, wks_creds)) {
+		d_printf("auth2 failed\n");
+		goto done;
+	}
+
+	if (!leave(cli, samr_creds, wks_creds)) {
+		d_printf("leave failed\n");
+		goto done;
+	}
+
+	talloc_free(cli);
+
+	ret = True;
+
+ done:
+	return ret;
+}
+
+/*
+ * Test the different session key variants. Do it by joining, this uses the
+ * session key in the setpassword routine. Test the join by doing the auth2.
+ */
+
+BOOL torture_samba3_sessionkey(struct torture_context *torture)
+{
+	TALLOC_CTX *mem_ctx;
+	BOOL ret = False;
+	struct cli_credentials *anon_creds;
+	const char *wks_name;
+
+	wks_name = lp_parm_string(-1, "torture", "wksname");
+	if (wks_name == NULL) {
+		wks_name = get_myname();
+	}
+
+	mem_ctx = talloc_init("torture_bind_authcontext");
+
+	if (mem_ctx == NULL) {
+		d_printf("talloc_init failed\n");
+		return False;
+	}
+
+	anon_creds = cli_credentials_init(mem_ctx);
+	if (anon_creds == NULL) {
+		d_printf("cli_credentials_init failed\n");
+		goto done;
+	}
+
+	cli_credentials_set_conf(anon_creds);
+	cli_credentials_set_anonymous(anon_creds);
+
+	if (test_join3(mem_ctx, anon_creds, NULL, wks_name)) {
+		d_printf("join using anonymous bind on an anonymous smb "
+			 "connection succeeded -- HUH??\n");
+		goto done;
+	}
+
+	if (!test_join3(mem_ctx, anon_creds, cmdline_credentials, wks_name)) {
+		d_printf("join using ntlmssp bind on an anonymous smb "
+			 "connection failed\n");
+		goto done;
+	}
+
+	if (!test_join3(mem_ctx, cmdline_credentials, NULL, wks_name)) {
+		d_printf("join using anonymous bind on an authenticated smb "
+			 "connection failed\n");
+		goto done;
+	}
+
+	if (!test_join3(mem_ctx, cmdline_credentials, cmdline_credentials,
+			wks_name)) {
+		d_printf("join using ntlmssp bind on an authenticated smb "
+			 "connection failed\n");
+		goto done;
+	}
+
+	ret = True;
+
+ done:
+
+	return ret;
+}

More information about the samba-cvs mailing list