svn commit: samba r24889 - in branches/SAMBA_4_0: . source/selftest source/torture/rpc

jelmer at samba.org jelmer at samba.org
Sun Sep 2 12:26:07 GMT 2007 

Author: jelmer
Date: 2007-09-02 12:26:06 +0000 (Sun, 02 Sep 2007)
New Revision: 24889

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=24889

Log:
Move choosing the binding options into RPC-SECRETS.
Modified:
   branches/SAMBA_4_0/
   branches/SAMBA_4_0/source/selftest/test_session_key.sh
   branches/SAMBA_4_0/source/torture/rpc/rpc.c
   branches/SAMBA_4_0/source/torture/rpc/session_key.c


Changeset:

Property changes on: branches/SAMBA_4_0
___________________________________________________________________
Name: bzr:revision-info
...skipped...
Name: bzr:revision-id:v3-trunk0
...skipped...

Modified: branches/SAMBA_4_0/source/selftest/test_session_key.sh
===================================================================
--- branches/SAMBA_4_0/source/selftest/test_session_key.sh	2007-09-02 11:30:40 UTC (rev 24888)
+++ branches/SAMBA_4_0/source/selftest/test_session_key.sh	2007-09-02 12:26:06 UTC (rev 24889)
@@ -4,8 +4,7 @@
 . $incdir/test_functions.sh
 
 transport="ncacn_np"
-for bindoptions in bigendian seal; do
- for keyexchange in "yes" "no"; do
+for keyexchange in "yes" "no"; do
  for ntlm2 in "yes" "no"; do
  for lm_key in "yes" "no"; do
   for ntlmoptions in \
@@ -27,12 +26,11 @@
  done
  done
  done
- name="RPC-SECRETS on $transport with $bindoptions with Kerberos"
- plantest "$name" dc $samba4bindir/smbtorture $TORTURE_OPTIONS $transport:"\$SERVER[$bindoptions]" -k yes -U"\$USERNAME"%"\$PASSWORD" -W \$DOMAIN "--option=gensec:target_hostname=\$NETBIOSNAME" RPC-SECRETS "$*"
- name="RPC-SECRETS on $transport with $bindoptions with Kerberos - use target principal"
- plantest "$name" dc $samba4bindir/smbtorture $TORTURE_OPTIONS $transport:"\$SERVER[$bindoptions]" -k yes -U"\$USERNAME"%"\$PASSWORD" -W \$DOMAIN "--option=clientusespnegoprincipal=yes" "--option=gensec:target_hostname=\$NETBIOSNAME" RPC-SECRETS "$*"
-done
+name="RPC-SECRETS on $transport with $bindoptions with Kerberos"
+plantest "$name" dc $samba4bindir/smbtorture $TORTURE_OPTIONS $transport:"\$SERVER[$bindoptions]" -k yes -U"\$USERNAME"%"\$PASSWORD" -W \$DOMAIN "--option=gensec:target_hostname=\$NETBIOSNAME" RPC-SECRETS "$*"
+name="RPC-SECRETS on $transport with $bindoptions with Kerberos - use target principal"
+plantest "$name" dc $samba4bindir/smbtorture $TORTURE_OPTIONS $transport:"\$SERVER[$bindoptions]" -k yes -U"\$USERNAME"%"\$PASSWORD" -W \$DOMAIN "--option=clientusespnegoprincipal=yes" "--option=gensec:target_hostname=\$NETBIOSNAME" RPC-SECRETS "$*"
 name="RPC-SECRETS on $transport with Kerberos - use Samba3 style login"
- plantest "$name" dc $samba4bindir/smbtorture $TORTURE_OPTIONS $transport:"\$SERVER" -k yes -U"\$USERNAME"%"\$PASSWORD" -W "\$DOMAIN" "--option=gensec:fake_gssapi_krb5=yes" "--option=gensec:gssapi_krb5=no" "--option=gensec:target_hostname=\$NETBIOSNAME" RPC-SECRETS "$*"
+ plantest "$name" dc $samba4bindir/smbtorture $TORTURE_OPTIONS $transport:"\$SERVER" -k yes -U"\$USERNAME"%"\$PASSWORD" -W "\$DOMAIN" "--option=gensec:fake_gssapi_krb5=yes" "--option=gensec:gssapi_krb5=no" "--option=gensec:target_hostname=\$NETBIOSNAME" RPC-SECRETS-none "$*"
 name="RPC-SECRETS on $transport with Kerberos - use Samba3 style login, use target principal"
- plantest "$name" dc $samba4bindir/smbtorture $TORTURE_OPTIONS $transport:"\$SERVER" -k yes -U"\$USERNAME"%"\$PASSWORD" -W "\$DOMAIN" "--option=clientusespnegoprincipal=yes" "--option=gensec:fake_gssapi_krb5=yes" "--option=gensec:gssapi_krb5=no" "--option=gensec:target_hostname=\$NETBIOSNAME" RPC-SECRETS "$*"
+ plantest "$name" dc $samba4bindir/smbtorture $TORTURE_OPTIONS $transport:"\$SERVER" -k yes -U"\$USERNAME"%"\$PASSWORD" -W "\$DOMAIN" "--option=clientusespnegoprincipal=yes" "--option=gensec:fake_gssapi_krb5=yes" "--option=gensec:gssapi_krb5=no" "--option=gensec:target_hostname=\$NETBIOSNAME" RPC-SECRETS-none "$*"

Modified: branches/SAMBA_4_0/source/torture/rpc/rpc.c
===================================================================
--- branches/SAMBA_4_0/source/torture/rpc/rpc.c	2007-09-02 11:30:40 UTC (rev 24888)
+++ branches/SAMBA_4_0/source/torture/rpc/rpc.c	2007-09-02 12:26:06 UTC (rev 24889)
@@ -378,7 +378,7 @@
 	torture_suite_add_simple_test(suite, "LSA", torture_rpc_lsa);
 	torture_suite_add_simple_test(suite, "LSALOOKUP", torture_rpc_lsa_lookup);
 	torture_suite_add_simple_test(suite, "LSA-GETUSER", torture_rpc_lsa_get_user);
-	torture_suite_add_simple_test(suite, "SECRETS", torture_rpc_lsa_secrets);
+	torture_suite_add_suite(suite, torture_rpc_lsa_secrets(suite));
 	torture_suite_add_suite(suite, torture_rpc_echo(suite));
 	torture_suite_add_simple_test(suite, "DFS", torture_rpc_dfs);
 	torture_suite_add_suite(suite, torture_rpc_unixinfo(suite));

Modified: branches/SAMBA_4_0/source/torture/rpc/session_key.c
===================================================================
--- branches/SAMBA_4_0/source/torture/rpc/session_key.c	2007-09-02 11:30:40 UTC (rev 24888)
+++ branches/SAMBA_4_0/source/torture/rpc/session_key.c	2007-09-02 12:26:06 UTC (rev 24889)
@@ -25,6 +25,7 @@
 
 #include "libcli/auth/libcli_auth.h"
 #include "torture/rpc/rpc.h"
+#include "lib/cmdline/popt_common.h"
 
 static void init_lsa_String(struct lsa_String *name, const char *s)
 {
@@ -114,18 +115,16 @@
 	torture_comment(tctx, "Testing QuerySecret\n");
 	status = dcerpc_lsa_QuerySecret(p, tctx, &r4);
 	torture_assert_ntstatus_ok(tctx, status, "QuerySecret failed");
-	if (r4.out.new_val == NULL || r4.out.new_val->buf == NULL) {
+	if (r4.out.new_val == NULL || r4.out.new_val->buf == NULL)
 		torture_fail(tctx, "No secret buffer returned");
-	} else {
-		blob1.data = r4.out.new_val->buf->data;
-		blob1.length = r4.out.new_val->buf->size;
-		
-		blob2 = data_blob_talloc(tctx, NULL, blob1.length);
-		
-		secret2 = sess_decrypt_string(tctx, &blob1, &session_key);
-		
-		torture_assert_str_equal(tctx, secret1, secret2, "Returned secret invalid");
-	}
+	blob1.data = r4.out.new_val->buf->data;
+	blob1.length = r4.out.new_val->buf->size;
+	
+	blob2 = data_blob_talloc(tctx, NULL, blob1.length);
+	
+	secret2 = sess_decrypt_string(tctx, &blob1, &session_key);
+	
+	torture_assert_str_equal(tctx, secret1, secret2, "Returned secret invalid");
 
 	d.in.handle = &sec_handle;
 	status = dcerpc_lsa_Delete(p, tctx, &d);
@@ -133,27 +132,31 @@
 	return true;
 }
 
+struct secret_settings {
+	uint32_t bindoptions;
+};
 
-/* TEST session key correctness by pushing and pulling secrets */
-
-bool torture_rpc_lsa_secrets(struct torture_context *torture) 
+static bool test_secrets(struct torture_context *torture, const void *_data)
 {
-        NTSTATUS status;
         struct dcerpc_pipe *p;
 	struct policy_handle *handle;
+	struct dcerpc_binding *binding;
+	const struct secret_settings *settings = _data;
 
-	status = torture_rpc_connection(torture, 
-					&p, 
-					&ndr_table_lsarpc);
-	torture_assert_ntstatus_ok(torture, status, "Creating connection");
+	torture_assert_ntstatus_ok(torture, torture_rpc_binding(torture, &binding), 
+				   "Getting bindoptions");
 
+	binding->flags |= settings->bindoptions;
+
+	torture_assert_ntstatus_ok(torture, 
+				   dcerpc_pipe_connect_b(torture, &p, binding, &ndr_table_lsarpc, cmdline_credentials, NULL),
+				   "connect");
+
 	if (!test_lsa_OpenPolicy2(p, torture, &handle)) {
 		return false;
 	}
 
-	if (!handle) {
-		torture_fail(torture, "OpenPolicy2 failed.  This test cannot run against this server");
-	} 
+	torture_assert(torture, handle, "OpenPolicy2 failed.  This test cannot run against this server");
 	
 	if (!test_CreateSecret_basic(p, torture, handle)) {
 		return false;
@@ -161,3 +164,28 @@
 
 	return true;
 }
+
+/* TEST session key correctness by pushing and pulling secrets */
+
+struct torture_suite *torture_rpc_lsa_secrets(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "SECRETS");
+	struct secret_settings *settings;
+
+	settings = talloc_zero(suite, struct secret_settings);
+	settings->bindoptions = DCERPC_PUSH_BIGENDIAN;
+
+	torture_suite_add_simple_tcase(suite, "bigendian", test_secrets, settings);
+
+	settings = talloc_zero(suite, struct secret_settings);
+	settings->bindoptions = DCERPC_SEAL;
+
+	torture_suite_add_simple_tcase(suite, "seal", test_secrets, settings);
+
+	settings = talloc_zero(suite, struct secret_settings);
+	settings->bindoptions = 0;
+
+	torture_suite_add_simple_tcase(suite, "none", test_secrets, settings);
+
+	return suite;
+}

More information about the samba-cvs mailing list