[PATCH v2 5/6] torture: add mgmt test suite

David Disseldorp ddiss at samba.org
Thu Jan 16 09:48:11 MST 2014 

Currently only tests DCERPC inq_princ_name operations. The suite is
named srv_mgmt, to avoid overlap with the mgmt discovery loop test.

Signed-off-by: David Disseldorp <ddiss at samba.org>
---
 selftest/knownfail          |   1 +
 source3/selftest/tests.py   |   1 +
 source4/torture/rpc/fsrvp.c |   4 +-
 source4/torture/rpc/mgmt.c  | 107 ++++++++++++++++++++++++++++++++++++++++++++
 source4/torture/rpc/rpc.c   |   1 +
 5 files changed, 112 insertions(+), 2 deletions(-)

diff --git a/selftest/knownfail b/selftest/knownfail
index 52fecfb..fb87b1f 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -227,6 +227,7 @@
 ^samba3.rpc.spoolss.printer.addprinterex.driver_info_winreg # knownfail or flapping?
 ^samba3.rpc.spoolss.printer.*.publish_toggle\(.*\)$ # needs spoolss AD member env
 ^samba3.rpc.spoolss.printserver.*.add_processor\(.*\)$
+^samba4.rpc.srv_mgmt	# needs svcctl named pipe
 #
 # The following tests fail against plugin_s4_dc (aka s3fs) currently.
 # These need to be examined and either fixed or correctly categorised.
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 254e942..4e47983 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -436,3 +436,4 @@ for e in endianness_options:
             plansmbtorture4testsuite(test, "s3dc", options, 'over ncacn_ip_tcp with [%s%s%s] ' % (a, s, e))
 
 plansmbtorture4testsuite('rpc.epmapper', 's3dc:local', 'ncalrpc: -U$USERNAME%$PASSWORD', 'over ncalrpc')
+plansmbtorture4testsuite('rpc.srv_mgmt', 's3dc:local', 'ncacn_np:$SERVER_IP[/pipe/svcctl] -U$USERNAME%$PASSWORD', 'over ncacn_np')
diff --git a/source4/torture/rpc/fsrvp.c b/source4/torture/rpc/fsrvp.c
index f853ecf..a0aabcc 100644
--- a/source4/torture/rpc/fsrvp.c
+++ b/source4/torture/rpc/fsrvp.c
@@ -625,7 +625,7 @@ static bool test_fsrvp_enum_created(struct torture_context *tctx,
 	return true;
 }
 
-static bool fsrvp_rpc_setup(struct torture_context *tctx, void **data)
+bool rpc_setup_ndr_alloc(struct torture_context *tctx, void **data)
 {
 	NTSTATUS status;
 	struct torture_rpc_tcase *tcase = talloc_get_type(
@@ -659,7 +659,7 @@ struct torture_suite *torture_rpc_fsrvp(TALLOC_CTX *mem_ctx)
 		= torture_suite_add_rpc_iface_tcase(suite, "fsrvp",
 						&ndr_table_FileServerVssAgent);
 	/* override torture_rpc_setup() to set DCERPC_NDR_REF_ALLOC */
-	tcase->tcase.setup = fsrvp_rpc_setup;
+	tcase->tcase.setup = rpc_setup_ndr_alloc;
 
 	torture_rpc_tcase_add_test(tcase, "enum_created",
 				   test_fsrvp_enum_created);
diff --git a/source4/torture/rpc/mgmt.c b/source4/torture/rpc/mgmt.c
index 1b60832..9bf0094 100644
--- a/source4/torture/rpc/mgmt.c
+++ b/source4/torture/rpc/mgmt.c
@@ -3,6 +3,7 @@
    test suite for mgmt rpc operations
 
    Copyright (C) Andrew Tridgell 2003
+   Copyright (C) David Disseldorp 2014
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -270,3 +271,109 @@ bool torture_rpc_mgmt(struct torture_context *torture)
 
 	return ret;
 }
+
+static bool test_mgmt_inq_princ_name(struct torture_context *tctx,
+				     struct dcerpc_pipe *p)
+{
+	struct mgmt_inq_princ_name mr;
+	const char *name;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	NTSTATUS status;
+	char *princ_name;
+
+	ZERO_STRUCT(mr);
+	mr.in.authn_proto = DCERPC_AUTH_TYPE_NTLMSSP;
+	mr.in.princ_name_size = 256;
+
+	status = dcerpc_mgmt_inq_princ_name_r(b, tctx, &mr);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "inq_princ_name failed");
+	torture_assert_werr_ok(tctx, mr.out.result, "inq_princ_name error");
+
+	torture_assert_str_equal(tctx, "", mr.out.princ_name,
+				 "expected empty princ_name for TYPE_NTLMSSP");
+	name = gensec_get_name_by_authtype(NULL, mr.in.authn_proto);
+	torture_assert(tctx, name != NULL, "");
+	torture_comment(tctx, "\tprinciple name for proto %u (%s) is '%s'\n",
+			mr.in.authn_proto, name, mr.out.princ_name);
+
+	ZERO_STRUCT(mr);
+	mr.in.authn_proto = DCERPC_AUTH_TYPE_SPNEGO;
+	mr.in.princ_name_size = 256;
+
+	status = dcerpc_mgmt_inq_princ_name_r(b, tctx, &mr);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "inq_princ_name failed");
+	if (W_ERROR_EQUAL(mr.out.result, WERR_RPC_S_UNKNOWN_AUTHN_SERVICE)) {
+		/*
+		 * AUTH_TYPE_SPNEGO and AUTH_TYPE_KRB5 are only handled when
+		 * machine is an AD member.
+		 */
+		torture_comment(tctx, "skipping krb principle name checks\n");
+		return true;
+	}
+	torture_assert_werr_ok(tctx, mr.out.result, "inq_princ_name error");
+
+	name = gensec_get_name_by_authtype(NULL, mr.in.authn_proto);
+	torture_assert(tctx, name != NULL, "");
+	torture_comment(tctx, "\tprinciple name for proto %u (%s) is '%s'\n",
+			mr.in.authn_proto, name, mr.out.princ_name);
+	/* save name to compare with TYPE_KRB5 response */
+	princ_name = talloc_strdup(tctx, mr.out.princ_name);
+	torture_assert(tctx, (princ_name != NULL), "");
+
+	ZERO_STRUCT(mr);
+	mr.in.authn_proto = DCERPC_AUTH_TYPE_KRB5;
+	mr.in.princ_name_size = 256;
+
+	status = dcerpc_mgmt_inq_princ_name_r(b, tctx, &mr);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "inq_princ_name failed");
+	torture_assert_werr_ok(tctx, mr.out.result, "inq_princ_name error");
+
+	name = gensec_get_name_by_authtype(NULL, mr.in.authn_proto);
+	torture_assert(tctx, name != NULL, "");
+	torture_comment(tctx, "\tprinciple name for proto %u (%s) is '%s'\n",
+			mr.in.authn_proto, name, mr.out.princ_name);
+	torture_assert_str_equal(tctx, princ_name, mr.out.princ_name,
+				 "princ name mismatch");
+	return true;
+}
+
+static bool test_mgmt_inq_princ_name_invalid(struct torture_context *tctx,
+					     struct dcerpc_pipe *p)
+{
+	struct mgmt_inq_princ_name mr;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+	NTSTATUS status;
+
+	ZERO_STRUCT(mr);
+	mr.in.authn_proto = 42;
+	mr.in.princ_name_size = 256;
+
+	status = dcerpc_mgmt_inq_princ_name_r(b, tctx, &mr);
+	torture_assert_ntstatus_ok(tctx, status,
+				   "inq_princ_name failed");
+	torture_assert_werr_equal(tctx, mr.out.result,
+				  WERR_RPC_S_UNKNOWN_AUTHN_SERVICE,
+				  "inq_princ_name passed unexpectedly");
+	return true;
+}
+
+struct torture_suite *torture_rpc_srv_mgmt(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "srv_mgmt");
+
+	struct torture_rpc_tcase *tcase
+		= torture_suite_add_rpc_iface_tcase(suite, "srv_mgmt",
+						&ndr_table_mgmt);
+	/* override torture_rpc_setup() to set DCERPC_NDR_REF_ALLOC */
+	tcase->tcase.setup = rpc_setup_ndr_alloc;
+
+	torture_rpc_tcase_add_test(tcase, "inq_princ_name",
+				   test_mgmt_inq_princ_name);
+	torture_rpc_tcase_add_test(tcase, "inq_princ_name_invalid",
+				   test_mgmt_inq_princ_name_invalid);
+
+	return suite;
+}
diff --git a/source4/torture/rpc/rpc.c b/source4/torture/rpc/rpc.c
index 2ec55b6..6b5b28f 100644
--- a/source4/torture/rpc/rpc.c
+++ b/source4/torture/rpc/rpc.c
@@ -512,6 +512,7 @@ NTSTATUS torture_rpc_init(void)
 	torture_suite_add_suite(suite, torture_rpc_oxidresolve(suite));
 	torture_suite_add_suite(suite, torture_rpc_remact(suite));
 	torture_suite_add_simple_test(suite, "mgmt", torture_rpc_mgmt);
+	torture_suite_add_suite(suite, torture_rpc_srv_mgmt(suite));
 	torture_suite_add_simple_test(suite, "scanner", torture_rpc_scanner);
 	torture_suite_add_simple_test(suite, "autoidl", torture_rpc_autoidl);
 	torture_suite_add_simple_test(suite, "countcalls", torture_rpc_countcalls);
-- 
1.8.1.4

More information about the samba-technical mailing list