git.samba.org / samba.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
s4:torture/netlogon: add/use test_SetupCredentialsPipe() helper function
[samba.git] / source4 / torture / rpc / samba3rpc.c
diff --git a/source4/torture/rpc/samba3rpc.c b/source4/torture/rpc/samba3rpc.c
index 30a3b85b072c1c856663cee9784545c03c6a42a4..5f3f3d5a1f5d36b35b1d3b131283777d4d741ad3 100644 (file)
--- a/source4/torture/rpc/samba3rpc.c
+++ b/source4/torture/rpc/samba3rpc.c
@@ -46,7 +46,115 @@
 #include "libcli/smb2/smb2_calls.h"
 #include "librpc/rpc/dcerpc.h"
 #include "librpc/rpc/dcerpc_proto.h"
-#include "../source3/libsmb/smb2cli.h"
+#include "libcli/smb/smbXcli_base.h"
+
+/*
+ * open pipe and bind, given an IPC$ context
+ */
+
+static NTSTATUS pipe_bind_smb(struct torture_context *tctx,
+                             TALLOC_CTX *mem_ctx,
+                             struct smbcli_tree *tree,
+                             const char *pipe_name,
+                             const struct ndr_interface_table *iface,
+                             struct dcerpc_pipe **p)
+{
+       struct dcerpc_pipe *result;
+       NTSTATUS status;
+
+       if (!(result = dcerpc_pipe_init(mem_ctx, tctx->ev))) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       status = dcerpc_pipe_open_smb(result, tree, pipe_name);
+       if (!NT_STATUS_IS_OK(status)) {
+               torture_comment(tctx, "dcerpc_pipe_open_smb failed: %s\n",
+                        nt_errstr(status));
+               talloc_free(result);
+               return status;
+       }
+
+       status = dcerpc_bind_auth_none(result, iface);
+       if (!NT_STATUS_IS_OK(status)) {
+               torture_comment(tctx, "dcerpc_bind_auth_none failed: %s\n", nt_errstr(status));
+               talloc_free(result);
+               return status;
+       }
+
+       *p = result;
+       return NT_STATUS_OK;
+}
+
+static NTSTATUS pipe_bind_smb2(struct torture_context *tctx,
+                              TALLOC_CTX *mem_ctx,
+                              struct smb2_tree *tree,
+                              const char *pipe_name,
+                              const struct ndr_interface_table *iface,
+                              struct dcerpc_pipe **p)
+{
+       struct dcerpc_pipe *result;
+       NTSTATUS status;
+
+       if (!(result = dcerpc_pipe_init(mem_ctx, tctx->ev))) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       status = dcerpc_pipe_open_smb2(result, tree, pipe_name);
+       if (!NT_STATUS_IS_OK(status)) {
+               torture_comment(tctx, "dcerpc_pipe_open_smb2 failed: %s\n",
+                        nt_errstr(status));
+               talloc_free(result);
+               return status;
+       }
+
+       status = dcerpc_bind_auth_none(result, iface);
+       if (!NT_STATUS_IS_OK(status)) {
+               torture_comment(tctx, "dcerpc_bind_auth_none failed: %s\n", nt_errstr(status));
+               talloc_free(result);
+               return status;
+       }
+
+       *p = result;
+       return NT_STATUS_OK;
+}
+
+static NTSTATUS pipe_bind_smb_auth(struct torture_context *tctx,
+                                  TALLOC_CTX *mem_ctx,
+                                  struct smbcli_tree *tree,
+                                  struct cli_credentials *creds,
+                                  uint8_t auth_type,
+                                  uint8_t auth_level,
+                                  const char *pipe_name,
+                                  const struct ndr_interface_table *iface,
+                                  struct dcerpc_pipe **p)
+{
+       struct dcerpc_pipe *result;
+       NTSTATUS status;
+
+       if (!(result = dcerpc_pipe_init(mem_ctx, tctx->ev))) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       status = dcerpc_pipe_open_smb(result, tree, pipe_name);
+       if (!NT_STATUS_IS_OK(status)) {
+               torture_comment(tctx, "dcerpc_pipe_open_smb failed: %s\n",
+                        nt_errstr(status));
+               talloc_free(result);
+               return status;
+       }
+
+       status = dcerpc_bind_auth(result, iface, creds,
+                        lpcfg_gensec_settings(tctx->lp_ctx, tctx->lp_ctx),
+                        auth_type, auth_level, NULL);
+       if (!NT_STATUS_IS_OK(status)) {
+               torture_comment(tctx, "dcerpc_bind_auth failed: %s\n", nt_errstr(status));
+               talloc_free(result);
+               return status;
+       }
+
+       *p = result;
+       return NT_STATUS_OK;
+}
 
 /*
  * This tests a RPC call using an invalid vuid
@@ -62,6 +170,7 @@ bool torture_bind_authcontext(struct torture_context *torture)
        struct policy_handle handle;
        struct lsa_Close close_handle;
        struct smbcli_session *tmp;
+       uint16_t tmp_vuid;
        struct smbcli_session *session2;
        struct smbcli_state *cli;
        struct dcerpc_pipe *lsa_pipe;
@@ -96,27 +205,12 @@ bool torture_bind_authcontext(struct torture_context *torture)
                goto done;
        }
 
-       lsa_pipe = dcerpc_pipe_init(mem_ctx, torture->ev);
-       if (lsa_pipe == NULL) {
-               torture_comment(torture, "dcerpc_pipe_init failed\n");
-               goto done;
-       }
+       status = pipe_bind_smb(torture, mem_ctx, cli->tree, "\\lsarpc",
+                              &ndr_table_lsarpc, &lsa_pipe);
+       torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+                                       "pipe_bind_smb failed");
        lsa_handle = lsa_pipe->binding_handle;
 
-       status = dcerpc_pipe_open_smb(lsa_pipe, cli->tree, "\\lsarpc");
-       if (!NT_STATUS_IS_OK(status)) {
-               torture_comment(torture, "dcerpc_pipe_open_smb failed: %s\n",
-                        nt_errstr(status));
-               goto done;
-       }
-
-       status = dcerpc_bind_auth_none(lsa_pipe, &ndr_table_lsarpc);
-       if (!NT_STATUS_IS_OK(status)) {
-               torture_comment(torture, "dcerpc_bind_auth_none failed: %s\n",
-                        nt_errstr(status));
-               goto done;
-       }
-
        openpolicy.in.system_name =talloc_asprintf(
                mem_ctx, "\\\\%s", dcerpc_server_name(lsa_pipe));
        ZERO_STRUCT(objectattr);
@@ -178,21 +272,38 @@ bool torture_bind_authcontext(struct torture_context *torture)
        session2->vuid = setup.out.vuid;
 
        tmp = cli->tree->session;
+       tmp_vuid = smb1cli_session_current_id(tmp->smbXcli);
+       smb1cli_session_set_id(tmp->smbXcli, session2->vuid);
        cli->tree->session = session2;
 
        status = dcerpc_lsa_OpenPolicy2_r(lsa_handle, mem_ctx, &openpolicy);
 
-       cli->tree->session = tmp;
-       talloc_free(lsa_pipe);
-       lsa_pipe = NULL;
+       torture_assert(torture, smbXcli_conn_is_connected(cli->transport->conn),
+                      "smb still connected");
+       torture_assert(torture, !dcerpc_binding_handle_is_connected(lsa_handle),
+                      "dcerpc disonnected");
 
-       if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_HANDLE)) {
+       if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_HANDLE)) {
                torture_comment(torture, "dcerpc_lsa_OpenPolicy2 with wrong vuid gave %s, "
-                        "expected NT_STATUS_INVALID_HANDLE\n",
+                        "expected NT_STATUS_CONNECTION_DISCONNECTED\n",
                         nt_errstr(status));
-               goto done;
+               status = NT_STATUS_CONNECTION_DISCONNECTED;
+       }
+       if (NT_STATUS_EQUAL(status, NT_STATUS_IO_DEVICE_ERROR)) {
+               torture_comment(torture, "dcerpc_lsa_OpenPolicy2 with wrong vuid gave %s, "
+                        "expected NT_STATUS_CONNECTION_DISCONNECTED\n",
+                        nt_errstr(status));
+               status = NT_STATUS_CONNECTION_DISCONNECTED;
        }
 
+       torture_assert_ntstatus_equal(torture, status, NT_STATUS_CONNECTION_DISCONNECTED,
+                                     "lsa connection disconnected");
+
+       smb1cli_session_set_id(tmp->smbXcli, tmp_vuid);
+       cli->tree->session = tmp;
+       talloc_free(lsa_pipe);
+       lsa_pipe = NULL;
+
        ret = true;
  done:
        talloc_free(mem_ctx);
@@ -226,28 +337,13 @@ static bool bindtest(struct torture_context *tctx,
                return false;
        }
 
-       lsa_pipe = dcerpc_pipe_init(mem_ctx, tctx->ev);
-       if (lsa_pipe == NULL) {
-               torture_comment(tctx, "dcerpc_pipe_init failed\n");
-               goto done;
-       }
+       status = pipe_bind_smb_auth(tctx, mem_ctx, cli->tree,
+                                   credentials, auth_type, auth_level,
+                                   "\\lsarpc", &ndr_table_lsarpc, &lsa_pipe);
+       torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+                                       "pipe_bind_smb_auth failed");
        lsa_handle = lsa_pipe->binding_handle;
 
-       status = dcerpc_pipe_open_smb(lsa_pipe, cli->tree, "\\lsarpc");
-       if (!NT_STATUS_IS_OK(status)) {
-               torture_comment(tctx, "dcerpc_pipe_open_smb failed: %s\n",
-                        nt_errstr(status));
-               goto done;
-       }
-
-       status = dcerpc_bind_auth(lsa_pipe, &ndr_table_lsarpc,
-                                 credentials, lpcfg_gensec_settings(tctx->lp_ctx, tctx->lp_ctx), auth_type, auth_level,
-                                 NULL);
-       if (!NT_STATUS_IS_OK(status)) {
-               torture_comment(tctx, "dcerpc_bind_auth failed: %s\n", nt_errstr(status));
-               goto done;
-       }
-
        openpolicy.in.system_name =talloc_asprintf(
                mem_ctx, "\\\\%s", dcerpc_server_name(lsa_pipe));
        ZERO_STRUCT(objectattr);
@@ -396,27 +492,21 @@ static bool get_usr_handle(struct torture_context *tctx,
        struct samr_CreateUser2 c;
        uint32_t user_rid,access_granted;
 
-       samr_pipe = dcerpc_pipe_init(mem_ctx, tctx->ev);
-       torture_assert(tctx, samr_pipe, "dcerpc_pipe_init failed");
-
-       samr_handle = samr_pipe->binding_handle;
-
-       torture_assert_ntstatus_ok(tctx,
-               dcerpc_pipe_open_smb(samr_pipe, cli->tree, "\\samr"),
-               "dcerpc_pipe_open_smb failed");
-
        if (admin_creds != NULL) {
-               torture_assert_ntstatus_ok(tctx,
-                       dcerpc_bind_auth(samr_pipe, &ndr_table_samr,
-                                         admin_creds, lpcfg_gensec_settings(tctx->lp_ctx, tctx->lp_ctx), auth_type, auth_level,
-                                         NULL),
-                       "dcerpc_bind_auth failed");
+               status = pipe_bind_smb_auth(tctx, mem_ctx, cli->tree,
+                                           admin_creds, auth_type, auth_level,
+                                           "\\samr", &ndr_table_samr, &samr_pipe);
+               torture_assert_ntstatus_ok(tctx, status, "pipe_bind_smb_auth failed");
        } else {
                /* We must have an authenticated SMB connection */
-               torture_assert_ntstatus_ok(tctx,
-                       dcerpc_bind_auth_none(samr_pipe, &ndr_table_samr),
-                       "dcerpc_bind_auth_none failed");
+               status = pipe_bind_smb(tctx, mem_ctx, cli->tree,
+                                      "\\samr", &ndr_table_samr, &samr_pipe);
+               torture_assert_ntstatus_ok(tctx, status, "pipe_bind_smb_auth failed");
        }
+#if 0
+       samr_pipe->conn->flags |= DCERPC_DEBUG_PRINT_IN | DCERPC_DEBUG_PRINT_OUT;
+#endif
+       samr_handle = samr_pipe->binding_handle;
 
        conn.in.system_name = talloc_asprintf(
                mem_ctx, "\\\\%s", dcerpc_server_name(samr_pipe));
@@ -743,7 +833,7 @@ static bool join3(struct torture_context *tctx,
                goto done;
        }
        samr_handle = samr_pipe->binding_handle;
-
+       ret = false;
        {
                struct samr_QueryUserInfo q;
                union samr_UserInfo *info;
@@ -777,7 +867,7 @@ static bool join3(struct torture_context *tctx,
                DATA_BLOB session_key;
                DATA_BLOB confounded_session_key = data_blob_talloc(
                        mem_ctx, NULL, 16);
-               struct MD5Context ctx;
+               MD5_CTX ctx;
                uint8_t confounder[16];
 
                ZERO_STRUCT(u_info);
@@ -950,27 +1040,12 @@ static bool auth2(struct torture_context *tctx,
                return false;
        }
 
-       net_pipe = dcerpc_pipe_init(mem_ctx, tctx->ev);
-       if (net_pipe == NULL) {
-               torture_comment(tctx, "dcerpc_pipe_init failed\n");
-               goto done;
-       }
+       status = pipe_bind_smb(tctx, mem_ctx, cli->tree, "\\netlogon",
+                              &ndr_table_netlogon, &net_pipe);
+       torture_assert_ntstatus_ok_goto(tctx, status, result, done,
+                                       "pipe_bind_smb failed");
        net_handle = net_pipe->binding_handle;
 
-       status = dcerpc_pipe_open_smb(net_pipe, cli->tree, "\\netlogon");
-       if (!NT_STATUS_IS_OK(status)) {
-               torture_comment(tctx, "dcerpc_pipe_open_smb failed: %s\n",
-                        nt_errstr(status));
-               goto done;
-       }
-
-       status = dcerpc_bind_auth_none(net_pipe, &ndr_table_netlogon);
-       if (!NT_STATUS_IS_OK(status)) {
-               torture_comment(tctx, "dcerpc_bind_auth_none failed: %s\n",
-                        nt_errstr(status));
-               goto done;
-       }
-
        r.in.computer_name = cli_credentials_get_workstation(wks_cred);
        r.in.server_name = talloc_asprintf(
                mem_ctx, "\\\\%s", dcerpc_server_name(net_pipe));
@@ -1012,6 +1087,7 @@ static bool auth2(struct torture_context *tctx,
        creds_state = netlogon_creds_client_init(mem_ctx,
                                                 a.in.account_name,
                                                 a.in.computer_name,
+                                                a.in.secure_channel_type,
                                                 r.in.credentials,
                                                 r.out.return_credentials, &mach_pw,
                                                 &netr_cred, negotiate_flags);
@@ -1066,42 +1142,31 @@ static bool schan(struct torture_context *tctx,
                return false;
        }
 
-       net_pipe = dcerpc_pipe_init(mem_ctx, tctx->ev);
-       if (net_pipe == NULL) {
-               torture_comment(tctx, "dcerpc_pipe_init failed\n");
-               goto done;
-       }
-       net_handle = net_pipe->binding_handle;
-
-       status = dcerpc_pipe_open_smb(net_pipe, cli->tree, "\\netlogon");
-       if (!NT_STATUS_IS_OK(status)) {
-               torture_comment(tctx, "dcerpc_pipe_open_smb failed: %s\n",
-                        nt_errstr(status));
-               goto done;
-       }
-
-#if 0
-       net_pipe->conn->flags |= DCERPC_DEBUG_PRINT_IN |
-               DCERPC_DEBUG_PRINT_OUT;
-#endif
 #if 1
+       status = pipe_bind_smb_auth(tctx, mem_ctx, cli->tree,
+                                   wks_creds,
+                                   DCERPC_AUTH_TYPE_SCHANNEL,
+                                   DCERPC_AUTH_LEVEL_PRIVACY,
+                                   "\\netlogon", &ndr_table_netlogon, &net_pipe);
+       torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+                                       "pipe_bind_smb_auth failed");
        net_pipe->conn->flags |= (DCERPC_SIGN | DCERPC_SEAL);
-       status = dcerpc_bind_auth(net_pipe, &ndr_table_netlogon,
-                                 wks_creds, lpcfg_gensec_settings(tctx->lp_ctx, tctx->lp_ctx), DCERPC_AUTH_TYPE_SCHANNEL,
-                                 DCERPC_AUTH_LEVEL_PRIVACY,
-                                 NULL);
 #else
-       status = dcerpc_bind_auth_none(net_pipe, &ndr_table_netlogon);
+       status = pipe_bind_smb(tctx, mem_ctx, cli->tree,
+                              "\\netlogon", &ndr_table_netlogon, &net_pipe);
+       torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+                                       "pipe_bind_smb failed");
 #endif
-       if (!NT_STATUS_IS_OK(status)) {
-               torture_comment(tctx, "schannel bind failed: %s\n", nt_errstr(status));
-               goto done;
-       }
+#if 0
+       net_pipe->conn->flags |= DCERPC_DEBUG_PRINT_IN |
+               DCERPC_DEBUG_PRINT_OUT;
+#endif
+       net_handle = net_pipe->binding_handle;
 
 
        for (i=2; i<4; i++) {
                int flags;
-               DATA_BLOB chal, nt_resp, lm_resp, names_blob, session_key;
+               DATA_BLOB chal, nt_resp, lm_resp, names_blob;
                struct netlogon_creds_CredentialState *creds_state;
                struct netr_Authenticator netr_auth, netr_auth2;
                struct netr_NetworkInfo ninfo;
@@ -1162,7 +1227,7 @@ static bool schan(struct torture_context *tctx,
                        cli_credentials_get_workstation(wks_creds);
                r.in.credential = &netr_auth;
                r.in.return_authenticator = &netr_auth2;
-               r.in.logon_level = 2;
+               r.in.logon_level = NetlogonNetworkInformation;
                r.in.validation_level = i;
                r.in.logon = &logon;
                r.out.validation = &validation;
@@ -1194,15 +1259,12 @@ static bool schan(struct torture_context *tctx,
                ZERO_STRUCT(pinfo.lmpassword.hash);
                E_md4hash(cli_credentials_get_password(user_creds),
                          pinfo.ntpassword.hash);
-               session_key = data_blob_talloc(mem_ctx,
-                                              creds_state->session_key, 16);
-               arcfour_crypt_blob(pinfo.ntpassword.hash,
-                                  sizeof(pinfo.ntpassword.hash),
-                                  &session_key);
+
+               netlogon_creds_arcfour_crypt(creds_state, pinfo.ntpassword.hash, 16);
 
                logon.password = &pinfo;
 
-               r.in.logon_level = 1;
+               r.in.logon_level = NetlogonInteractiveInformation;
                r.in.logon = &logon;
                r.out.return_authenticator = &return_authenticator;
 
@@ -1300,7 +1362,6 @@ static bool torture_netlogon_samba3(struct torture_context *torture)
 {
        NTSTATUS status;
        struct smbcli_state *cli;
-       struct cli_credentials *anon_creds;
        struct cli_credentials *wks_creds;
        const char *wks_name;
        int i;
@@ -1312,10 +1373,6 @@ static bool torture_netlogon_samba3(struct torture_context *torture)
                wks_name = get_myname(torture);
        }
 
-       if (!(anon_creds = cli_credentials_init_anon(torture))) {
-               torture_fail(torture, "create_anon_creds failed\n");
-       }
-
        lpcfg_smbcli_options(torture->lp_ctx, &options);
        lpcfg_smbcli_session_options(torture->lp_ctx, &session_options);
 
@@ -1324,7 +1381,7 @@ static bool torture_netlogon_samba3(struct torture_context *torture)
                                        lpcfg_smb_ports(torture->lp_ctx),
                                        "IPC$", NULL,
                                        lpcfg_socket_options(torture->lp_ctx),
-                                       anon_creds,
+                                       cmdline_credentials,
                                        lpcfg_resolve_context(torture->lp_ctx),
                                        torture->ev, &options, &session_options,
                                        lpcfg_gensec_settings(torture, torture->lp_ctx));
@@ -1344,7 +1401,7 @@ static bool torture_netlogon_samba3(struct torture_context *torture)
                                     CRED_SPECIFIED);
 
        torture_assert(torture,
-               join3(torture, cli, false, cmdline_credentials, wks_creds),
+               join3(torture, cli, false, NULL, wks_creds),
                "join failed");
 
        cli_credentials_set_domain(
@@ -1371,7 +1428,7 @@ static bool torture_netlogon_samba3(struct torture_context *torture)
        }
 
        torture_assert(torture,
-               leave(torture, cli, cmdline_credentials, wks_creds),
+               leave(torture, cli, NULL, wks_creds),
                "leave failed");
 
        return true;
@@ -1469,26 +1526,14 @@ static bool torture_samba3_sessionkey(struct torture_context *torture)
                }
        }
 
-       torture_assert(torture,
-               test_join3(torture, false, anon_creds, cmdline_credentials, wks_name),
-               "join using ntlmssp bind on an anonymous smb connection failed");
-
        torture_assert(torture,
                test_join3(torture, false, cmdline_credentials, NULL, wks_name),
                "join using anonymous bind on an authenticated smb connection failed");
 
-       torture_assert(torture,
-               test_join3(torture, false, cmdline_credentials, cmdline_credentials, wks_name),
-               "join using ntlmssp bind on an authenticated smb connection failed");
-
        /*
         * The following two are tests for setuserinfolevel 25
         */
 
-       torture_assert(torture,
-               test_join3(torture, true, anon_creds, cmdline_credentials, wks_name),
-               "join using ntlmssp bind on an anonymous smb connection failed");
-
        torture_assert(torture,
                test_join3(torture, true, cmdline_credentials, NULL, wks_name),
                "join using anonymous bind on an authenticated smb connection failed");
@@ -1496,43 +1541,6 @@ static bool torture_samba3_sessionkey(struct torture_context *torture)
        return true;
 }
 
-/*
- * open pipe and bind, given an IPC$ context
- */
-
-static NTSTATUS pipe_bind_smb(struct torture_context *tctx,
-                             TALLOC_CTX *mem_ctx,
-                             struct smbcli_tree *tree,
-                             const char *pipe_name,
-                             const struct ndr_interface_table *iface,
-                             struct dcerpc_pipe **p)
-{
-       struct dcerpc_pipe *result;
-       NTSTATUS status;
-
-       if (!(result = dcerpc_pipe_init(mem_ctx, tctx->ev))) {
-               return NT_STATUS_NO_MEMORY;
-       }
-
-       status = dcerpc_pipe_open_smb(result, tree, pipe_name);
-       if (!NT_STATUS_IS_OK(status)) {
-               torture_comment(tctx, "dcerpc_pipe_open_smb failed: %s\n",
-                        nt_errstr(status));
-               talloc_free(result);
-               return status;
-       }
-
-       status = dcerpc_bind_auth_none(result, iface);
-       if (!NT_STATUS_IS_OK(status)) {
-               torture_comment(tctx, "schannel bind failed: %s\n", nt_errstr(status));
-               talloc_free(result);
-               return status;
-       }
-
-       *p = result;
-       return NT_STATUS_OK;
-}
-
 /*
  * Sane wrapper around lsa_LookupNames
  */
@@ -1727,7 +1735,8 @@ static NTSTATUS secondary_tcon(struct torture_context *tctx,
        }
 
        tcon.generic.level = RAW_TCON_TCONX;
-       tcon.tconx.in.flags = 0;
+       tcon.tconx.in.flags = TCONX_FLAG_EXTENDED_RESPONSE;
+       tcon.tconx.in.flags |= TCONX_FLAG_EXTENDED_SIGNATURES;
        tcon.tconx.in.password = data_blob(NULL, 0);
        tcon.tconx.in.path = sharename;
        tcon.tconx.in.device = "?????";
@@ -1741,6 +1750,11 @@ static NTSTATUS secondary_tcon(struct torture_context *tctx,
        }
 
        result->tid = tcon.tconx.out.tid;
+
+       if (tcon.tconx.out.options & SMB_EXTENDED_SIGNATURES) {
+               smb1cli_session_protect_session_key(result->session->smbXcli);
+       }
+
        result = talloc_steal(mem_ctx, result);
        talloc_set_destructor(result, destroy_tree);
        talloc_free(tmp_ctx);
@@ -1768,20 +1782,6 @@ static bool torture_samba3_rpc_getusername(struct torture_context *torture)
        lpcfg_smbcli_options(torture->lp_ctx, &options);
        lpcfg_smbcli_session_options(torture->lp_ctx, &session_options);
 
-       status = smbcli_full_connection(
-               torture, &cli, torture_setting_string(torture, "host", NULL),
-               lpcfg_smb_ports(torture->lp_ctx),
-               "IPC$", NULL, lpcfg_socket_options(torture->lp_ctx), cmdline_credentials,
-               lpcfg_resolve_context(torture->lp_ctx), torture->ev, &options,
-               &session_options, lpcfg_gensec_settings(torture, torture->lp_ctx));
-       torture_assert_ntstatus_ok(torture, status, "smbcli_full_connection failed\n");
-
-       if (!(user_sid = whoami(torture, torture, cli->tree))) {
-               torture_fail(torture, "whoami on auth'ed connection failed\n");
-       }
-
-       talloc_free(cli);
-
        if (!(anon_creds = cli_credentials_init_anon(torture))) {
                torture_fail(torture, "create_anon_creds failed\n");
        }
@@ -1802,6 +1802,20 @@ static bool torture_samba3_rpc_getusername(struct torture_context *torture)
        torture_assert_sid_equal(torture, user_sid, dom_sid_parse_talloc(torture, "s-1-5-7"),
                "Anon lsa_GetUserName returned unexpected SID");
 
+       talloc_free(cli);
+
+       status = smbcli_full_connection(
+               torture, &cli, torture_setting_string(torture, "host", NULL),
+               lpcfg_smb_ports(torture->lp_ctx),
+               "IPC$", NULL, lpcfg_socket_options(torture->lp_ctx), cmdline_credentials,
+               lpcfg_resolve_context(torture->lp_ctx), torture->ev, &options,
+               &session_options, lpcfg_gensec_settings(torture, torture->lp_ctx));
+       torture_assert_ntstatus_ok(torture, status, "smbcli_full_connection failed\n");
+
+       if (!(user_sid = whoami(torture, torture, cli->tree))) {
+               torture_fail(torture, "whoami on auth'ed connection failed\n");
+       }
+
        if (!(user_creds = cli_credentials_init(torture))) {
                torture_fail(torture, "cli_credentials_init failed\n");
        }
@@ -1813,7 +1827,7 @@ static bool torture_samba3_rpc_getusername(struct torture_context *torture)
                                     generate_random_password(user_creds, 8, 255),
                                     CRED_SPECIFIED);
 
-       if (!create_user(torture, torture, cli, cmdline_credentials,
+       if (!create_user(torture, torture, cli, NULL,
                         cli_credentials_get_username(user_creds),
                         cli_credentials_get_password(user_creds),
                         &domain_name, &created_sid)) {
@@ -1868,7 +1882,7 @@ static bool torture_samba3_rpc_getusername(struct torture_context *torture)
 
  del:
        if (!delete_user(torture, cli,
-                        cmdline_credentials,
+                        NULL,
                         cli_credentials_get_username(user_creds))) {
                torture_fail(torture, "delete_user failed\n");
        }
@@ -2079,26 +2093,12 @@ static bool torture_samba3_rpc_randomauth2(struct torture_context *torture)
                goto done;
        }
 
-       if (!(net_pipe = dcerpc_pipe_init(mem_ctx, torture->ev))) {
-               torture_comment(torture, "dcerpc_pipe_init failed\n");
-               goto done;
-       }
+       status = pipe_bind_smb(torture, mem_ctx, cli->tree, "\\netlogon",
+                              &ndr_table_netlogon, &net_pipe);
+       torture_assert_ntstatus_ok_goto(torture, status, result, done,
+                                       "pipe_bind_smb failed");
        net_handle = net_pipe->binding_handle;
 
-       status = dcerpc_pipe_open_smb(net_pipe, cli->tree, "\\netlogon");
-       if (!NT_STATUS_IS_OK(status)) {
-               torture_comment(torture, "dcerpc_pipe_open_smb failed: %s\n",
-                        nt_errstr(status));
-               goto done;
-       }
-
-       status = dcerpc_bind_auth_none(net_pipe, &ndr_table_netlogon);
-       if (!NT_STATUS_IS_OK(status)) {
-               torture_comment(torture, "dcerpc_bind_auth_none failed: %s\n",
-                        nt_errstr(status));
-               goto done;
-       }
-
        r.in.computer_name = wksname;
        r.in.server_name = talloc_asprintf(
                mem_ctx, "\\\\%s", dcerpc_server_name(net_pipe));
@@ -2140,6 +2140,7 @@ static bool torture_samba3_rpc_randomauth2(struct torture_context *torture)
        creds_state = netlogon_creds_client_init(mem_ctx,
                                                 a.in.account_name,
                                                 a.in.computer_name,
+                                                a.in.secure_channel_type,
                                                 r.in.credentials,
                                                 r.out.return_credentials, &mach_pw,
                                                 &netr_cred, negotiate_flags);
@@ -2384,36 +2385,129 @@ bool try_tcon(struct torture_context *tctx,
 
 static bool torture_samba3_rpc_sharesec(struct torture_context *torture)
 {
-       struct smbcli_state *cli;
-       struct security_descriptor *sd;
-       struct dom_sid *user_sid;
+       struct smbcli_state *cli = NULL;
+       struct security_descriptor *sd = NULL;
+       struct dom_sid *user_sid = NULL;
+       const char *testuser_passwd = NULL;
+       struct cli_credentials *test_credentials = NULL;
+       struct smbcli_options options;
+       struct smbcli_session_options session_options;
+       NTSTATUS status;
+       struct test_join *tj = NULL;
+       struct dcerpc_pipe *lsa_pipe = NULL;
+       const char *priv_array[1];
+
+       /* Create a new user. The normal user has SeBackup and SeRestore
+          privs so we can't lock them out with a share security descriptor. */
+       tj = torture_create_testuser(torture,
+                                       "sharesec_user",
+                                       torture_setting_string(torture, "workgroup", NULL),
+                                       ACB_NORMAL,
+                                       &testuser_passwd);
+       if (!tj) {
+               torture_fail(torture, "Creating sharesec_user failed\n");
+       }
+
+       /* Give them SeDiskOperatorPrivilege but no other privs. */
+       status = torture_rpc_connection(torture, &lsa_pipe, &ndr_table_lsarpc);
+       if (!NT_STATUS_IS_OK(status)) {
+               torture_delete_testuser(torture, tj, "sharesec_user");
+               talloc_free(tj);
+               torture_fail(torture, "Error connecting to LSA pipe");
+       }
+
+       priv_array[0] = "SeDiskOperatorPrivilege";
+       if (!torture_setup_privs(torture,
+                               lsa_pipe,
+                               1,
+                               priv_array,
+                               torture_join_user_sid(tj))) {
+               talloc_free(lsa_pipe);
+               torture_delete_testuser(torture, tj, "sharesec_user");
+               talloc_free(tj);
+               torture_fail(torture, "Failed to setup privs\n");
+       }
+       talloc_free(lsa_pipe);
 
-       if (!(torture_open_connection_share(
-                     torture, &cli, torture, torture_setting_string(torture, "host", NULL),
-                     "IPC$", torture->ev))) {
-               torture_fail(torture, "IPC$ connection failed\n");
+       test_credentials = cli_credentials_init(torture);
+       cli_credentials_set_workstation(test_credentials, "localhost", CRED_SPECIFIED);
+       cli_credentials_set_domain(test_credentials, lpcfg_workgroup(torture->lp_ctx),
+                       CRED_SPECIFIED);
+       cli_credentials_set_username(test_credentials, "sharesec_user", CRED_SPECIFIED);
+       cli_credentials_set_password(test_credentials, testuser_passwd, CRED_SPECIFIED);
+
+       ZERO_STRUCT(options);
+       ZERO_STRUCT(session_options);
+       lpcfg_smbcli_options(torture->lp_ctx, &options);
+       lpcfg_smbcli_session_options(torture->lp_ctx, &session_options);
+
+       status = smbcli_full_connection(torture,
+                                       &cli,
+                                       torture_setting_string(torture, "host", NULL),
+                                       lpcfg_smb_ports(torture->lp_ctx),
+                                       "IPC$",
+                                       NULL,
+                                       lpcfg_socket_options(torture->lp_ctx),
+                                       test_credentials,
+                                       lpcfg_resolve_context(torture->lp_ctx),
+                                       torture->ev,
+                                       &options,
+                                       &session_options,
+                                       lpcfg_gensec_settings(torture, torture->lp_ctx));
+       if (!NT_STATUS_IS_OK(status)) {
+               talloc_free(cli);
+               torture_delete_testuser(torture, tj, "sharesec_user");
+               talloc_free(tj);
+               torture_fail(torture, "Failed to open connection\n");
        }
 
        if (!(user_sid = whoami(torture, torture, cli->tree))) {
+               talloc_free(cli);
+               torture_delete_testuser(torture, tj, "sharesec_user");
+               talloc_free(tj);
                torture_fail(torture, "whoami failed\n");
        }
 
        sd = get_sharesec(torture, torture, cli->session,
                          torture_setting_string(torture, "share", NULL));
 
-       torture_assert(torture, try_tcon(
-                       torture, torture, sd, cli->session,
+       if (!try_tcon(torture, torture, sd, cli->session,
                        torture_setting_string(torture, "share", NULL),
-                       user_sid, 0, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK),
-                       "failed to test tcon with 0 access_mask");
+                       user_sid, 0, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK)) {
+               talloc_free(cli);
+               torture_delete_testuser(torture, tj, "sharesec_user");
+               talloc_free(tj);
+               torture_fail(torture, "failed to test tcon with 0 access_mask");
+       }
 
-       torture_assert(torture, try_tcon(
-                       torture, torture, sd, cli->session,
+       if (!try_tcon(torture, torture, sd, cli->session,
                        torture_setting_string(torture, "share", NULL),
                        user_sid, SEC_FILE_READ_DATA, NT_STATUS_OK,
-                       NT_STATUS_MEDIA_WRITE_PROTECTED),
-                       "failed to test tcon with SEC_FILE_READ_DATA access_mask");
+                       NT_STATUS_MEDIA_WRITE_PROTECTED)) {
+               talloc_free(cli);
+               torture_delete_testuser(torture, tj, "sharesec_user");
+               talloc_free(tj);
+               torture_fail(torture, "failed to test tcon with SEC_FILE_READ_DATA access_mask");
+       }
+
+       /* sharesec_user doesn't have any rights on the underlying file system.
+          Go back to the normal user. */
+
+       talloc_free(cli);
+       cli = NULL;
+       torture_delete_testuser(torture, tj, "sharesec_user");
+       talloc_free(tj);
+       tj = NULL;
+
+       if (!(torture_open_connection_share(
+                     torture, &cli, torture, torture_setting_string(torture, "host", NULL),
+                     "IPC$", torture->ev))) {
+               torture_fail(torture, "IPC$ connection failed\n");
+       }
 
+       if (!(user_sid = whoami(torture, torture, cli->tree))) {
+               torture_fail(torture, "whoami failed\n");
+       }
        torture_assert(torture, try_tcon(
                        torture, torture, sd, cli->session,
                        torture_setting_string(torture, "share", NULL),
@@ -2522,7 +2616,7 @@ static bool rap_get_servername(struct torture_context *tctx,
 static bool find_printers(struct torture_context *tctx,
                          struct dcerpc_pipe *p,
                          const char ***printers,
-                         int *num_printers)
+                         size_t *num_printers)
 {
        struct srvsvc_NetShareEnum r;
        struct srvsvc_NetShareInfoCtr info_ctr;
@@ -2659,7 +2753,7 @@ static bool torture_samba3_rpc_spoolss(struct torture_context *torture)
        struct dcerpc_binding_handle *b;
        struct policy_handle server_handle, printer_handle;
        const char **printers;
-       int num_printers;
+       size_t num_printers;
        struct spoolss_UserLevel1 userlevel1;
        char *servername;
 
@@ -2705,8 +2799,8 @@ static bool torture_samba3_rpc_spoolss(struct torture_context *torture)
                                                   servername);
                r.in.datatype = NULL;
                r.in.access_mask = 0;
-               r.in.level = 1;
-               r.in.userlevel.level1 = &userlevel1;
+               r.in.userlevel_ctr.level = 1;
+               r.in.userlevel_ctr.user_info.level1 = &userlevel1;
                r.out.handle = &server_handle;
 
                torture_assert_ntstatus_ok(torture,
@@ -2737,8 +2831,8 @@ static bool torture_samba3_rpc_spoolss(struct torture_context *torture)
                        torture, "\\\\%s\\%s", servername, printers[0]);
                r.in.datatype = NULL;
                r.in.access_mask = 0;
-               r.in.level = 1;
-               r.in.userlevel.level1 = &userlevel1;
+               r.in.userlevel_ctr.level = 1;
+               r.in.userlevel_ctr.user_info.level1 = &userlevel1;
                r.out.handle = &printer_handle;
 
                torture_assert_ntstatus_ok(torture,
@@ -3318,18 +3412,11 @@ static bool torture_rpc_smb_reauth1(struct torture_context *torture)
        torture_assert_ntstatus_ok_goto(torture, status, ret, done,
                                        "smbcli_full_connection failed");
 
-       lsa_pipe = dcerpc_pipe_init(mem_ctx, torture->ev);
-       torture_assert_goto(torture, (lsa_pipe != NULL), ret, done,
-                           "dcerpc_pipe_init failed");
-       lsa_handle = lsa_pipe->binding_handle;
-
-       status = dcerpc_pipe_open_smb(lsa_pipe, cli->tree, "\\lsarpc");
+       status = pipe_bind_smb(torture, mem_ctx, cli->tree, "\\lsarpc",
+                              &ndr_table_lsarpc, &lsa_pipe);
        torture_assert_ntstatus_ok_goto(torture, status, ret, done,
-                                       "dcerpc_pipe_open failed");
-
-       status = dcerpc_bind_auth_none(lsa_pipe, &ndr_table_lsarpc);
-       torture_assert_ntstatus_ok_goto(torture, status, ret, done,
-                                       "dcerpc_bind_auth_none failed");
+                                       "pipe_bind_smb failed");
+       lsa_handle = lsa_pipe->binding_handle;
 
        /* lsa getusername */
 
@@ -3501,18 +3588,11 @@ static bool torture_rpc_smb_reauth2(struct torture_context *torture)
 
        /* open the lsa pipe */
 
-       lsa_pipe = dcerpc_pipe_init(mem_ctx, torture->ev);
-       torture_assert_goto(torture, (lsa_pipe != NULL), ret, done,
-                           "dcerpc_pipe_init failed");
-       lsa_handle = lsa_pipe->binding_handle;
-
-       status = dcerpc_pipe_open_smb(lsa_pipe, cli->tree, "\\lsarpc");
-       torture_assert_ntstatus_ok_goto(torture, status, ret, done,
-                                       "dcerpc_pipe_open failed");
-
-       status = dcerpc_bind_auth_none(lsa_pipe, &ndr_table_lsarpc);
+       status = pipe_bind_smb(torture, mem_ctx, cli->tree, "\\lsarpc",
+                              &ndr_table_lsarpc, &lsa_pipe);
        torture_assert_ntstatus_ok_goto(torture, status, ret, done,
-                                       "dcerpc_bind_auth_none failed");
+                                       "pipe_bind_smb failed");
+       lsa_handle = lsa_pipe->binding_handle;
 
        /* lsa getusername */
 
@@ -3627,18 +3707,11 @@ static bool torture_rpc_smb2_reauth1(struct torture_context *torture)
        torture_assert_ntstatus_ok_goto(torture, status, ret, done,
                                        "smb2_connect failed");
 
-       lsa_pipe = dcerpc_pipe_init(mem_ctx, torture->ev);
-       torture_assert_goto(torture, (lsa_pipe != NULL), ret, done,
-                           "dcerpc_pipe_init failed");
-       lsa_handle = lsa_pipe->binding_handle;
-
-       status = dcerpc_pipe_open_smb2(lsa_pipe, tree, "lsarpc");
-       torture_assert_ntstatus_ok_goto(torture, status, ret, done,
-                                       "dcerpc_pipe_open_smb2 failed");
-
-       status = dcerpc_bind_auth_none(lsa_pipe, &ndr_table_lsarpc);
+       status = pipe_bind_smb2(torture, mem_ctx, tree, "lsarpc",
+                               &ndr_table_lsarpc, &lsa_pipe);
        torture_assert_ntstatus_ok_goto(torture, status, ret, done,
-                                       "dcerpc_bind_auth_none failed");
+                                       "pipe_bind_smb2 failed");
+       lsa_handle = lsa_pipe->binding_handle;
 
        /* lsa getusername */
 
@@ -3796,18 +3869,11 @@ static bool torture_rpc_smb2_reauth2(struct torture_context *torture)
 
        /* open the lsa pipe */
 
-       lsa_pipe = dcerpc_pipe_init(mem_ctx, torture->ev);
-       torture_assert_goto(torture, (lsa_pipe != NULL), ret, done,
-                           "dcerpc_pipe_init failed");
-       lsa_handle = lsa_pipe->binding_handle;
-
-       status = dcerpc_pipe_open_smb2(lsa_pipe, tree, "lsarpc");
+       status = pipe_bind_smb2(torture, mem_ctx, tree, "lsarpc",
+                               &ndr_table_lsarpc, &lsa_pipe);
        torture_assert_ntstatus_ok_goto(torture, status, ret, done,
-                                       "dcerpc_pipe_open_smb2 failed");
-
-       status = dcerpc_bind_auth_none(lsa_pipe, &ndr_table_lsarpc);
-       torture_assert_ntstatus_ok_goto(torture, status, ret, done,
-                                       "dcerpc_bind_auth_none failed");
+                                       "pipe_bind_smb2 failed");
+       lsa_handle = lsa_pipe->binding_handle;
 
        /* lsa getusername */
 
@@ -3876,6 +3942,340 @@ done:
        return ret;
 }
 
+static bool torture_rpc_smb1_pipe_name(struct torture_context *torture)
+{
+       TALLOC_CTX *mem_ctx;
+       NTSTATUS status;
+       bool ret = false;
+       struct smbcli_state *cli;
+       struct smbcli_options options;
+       struct smbcli_session_options session_options;
+       union smb_open io;
+       union smb_close cl;
+       uint16_t fnum;
+
+       mem_ctx = talloc_init("torture_samba3_smb1_pipe_name");
+       torture_assert(torture, (mem_ctx != NULL), "talloc_init failed");
+
+       lpcfg_smbcli_options(torture->lp_ctx, &options);
+       lpcfg_smbcli_session_options(torture->lp_ctx, &session_options);
+
+       status = smbcli_full_connection(mem_ctx, &cli,
+                                       torture_setting_string(torture, "host", NULL),
+                                       lpcfg_smb_ports(torture->lp_ctx),
+                                       "IPC$", NULL,
+                                       lpcfg_socket_options(torture->lp_ctx),
+                                       cmdline_credentials,
+                                       lpcfg_resolve_context(torture->lp_ctx),
+                                       torture->ev, &options, &session_options,
+                                       lpcfg_gensec_settings(torture, torture->lp_ctx));
+       torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+                                       "smbcli_full_connection failed");
+
+       ZERO_STRUCT(io);
+       io.generic.level = RAW_OPEN_NTCREATEX;
+       io.ntcreatex.in.access_mask = DESIRED_ACCESS_PIPE;
+       io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+                                      NTCREATEX_SHARE_ACCESS_WRITE;
+       io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+       io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_IMPERSONATION;
+       io.ntcreatex.in.security_flags = 0;
+
+       io.ntcreatex.in.fname = "__none__";
+       status = smb_raw_open(cli->tree, torture, &io);
+       torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+                                          ret, done,
+                                          "smb_raw_open for '__none__'");
+
+       io.ntcreatex.in.fname = "pipe\\srvsvc";
+       status = smb_raw_open(cli->tree, torture, &io);
+       torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+                                          ret, done,
+                                          "smb_raw_open for 'pipe\\srvsvc'");
+
+       io.ntcreatex.in.fname = "\\pipe\\srvsvc";
+       status = smb_raw_open(cli->tree, torture, &io);
+       torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+                                          ret, done,
+                                          "smb_raw_open for '\\pipe\\srvsvc'");
+
+       io.ntcreatex.in.fname = "srvsvc";
+       status = smb_raw_open(cli->tree, torture, &io);
+       torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+                                       "smb2_create failed for 'srvsvc'");
+       fnum = io.ntcreatex.out.file.fnum;
+       ZERO_STRUCT(cl);
+       cl.generic.level = RAW_CLOSE_CLOSE;
+       cl.close.in.file.fnum = fnum;
+       status = smb_raw_close(cli->tree, &cl);
+       torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+                                       "smb_raw_close failed");
+
+       io.ntcreatex.in.fname = "\\srvsvc";
+       status = smb_raw_open(cli->tree, torture, &io);
+       torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+                                       "smb2_create failed for '\\srvsvc'");
+       fnum = io.ntcreatex.out.file.fnum;
+       ZERO_STRUCT(cl);
+       cl.generic.level = RAW_CLOSE_CLOSE;
+       cl.close.in.file.fnum = fnum;
+       status = smb_raw_close(cli->tree, &cl);
+       torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+                                       "smb_raw_close failed");
+
+       io.ntcreatex.in.fname = "\\\\\\\\\\srvsvc";
+       status = smb_raw_open(cli->tree, torture, &io);
+       torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+                                       "smb2_create failed for '\\\\\\\\\\srvsvc'");
+       fnum = io.ntcreatex.out.file.fnum;
+       ZERO_STRUCT(cl);
+       cl.generic.level = RAW_CLOSE_CLOSE;
+       cl.close.in.file.fnum = fnum;
+       status = smb_raw_close(cli->tree, &cl);
+       torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+                                       "smb_raw_close failed");
+
+       ZERO_STRUCT(io);
+       io.generic.level = RAW_OPEN_NTTRANS_CREATE;
+       io.nttrans.in.access_mask = DESIRED_ACCESS_PIPE;
+       io.nttrans.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+                                      NTCREATEX_SHARE_ACCESS_WRITE;
+       io.nttrans.in.open_disposition = NTCREATEX_DISP_OPEN;
+       io.nttrans.in.impersonation = NTCREATEX_IMPERSONATION_IMPERSONATION;
+       io.nttrans.in.security_flags = 0;
+
+       io.nttrans.in.fname = "__none__";
+       status = smb_raw_open(cli->tree, torture, &io);
+       torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+                                          ret, done,
+                                          "smb_raw_open for '__none__'");
+
+       io.nttrans.in.fname = "pipe\\srvsvc";
+       status = smb_raw_open(cli->tree, torture, &io);
+       torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+                                          ret, done,
+                                          "smb_raw_open for 'pipe\\srvsvc'");
+
+       io.nttrans.in.fname = "\\pipe\\srvsvc";
+       status = smb_raw_open(cli->tree, torture, &io);
+       torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+                                          ret, done,
+                                          "smb_raw_open for '\\pipe\\srvsvc'");
+
+       io.nttrans.in.fname = "srvsvc";
+       status = smb_raw_open(cli->tree, torture, &io);
+       torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+                                       "smb2_create failed for 'srvsvc'");
+       fnum = io.nttrans.out.file.fnum;
+       ZERO_STRUCT(cl);
+       cl.generic.level = RAW_CLOSE_CLOSE;
+       cl.close.in.file.fnum = fnum;
+       status = smb_raw_close(cli->tree, &cl);
+       torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+                                       "smb_raw_close failed");
+
+       io.nttrans.in.fname = "\\srvsvc";
+       status = smb_raw_open(cli->tree, torture, &io);
+       torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+                                       "smb2_create failed for '\\srvsvc'");
+       fnum = io.nttrans.out.file.fnum;
+       ZERO_STRUCT(cl);
+       cl.generic.level = RAW_CLOSE_CLOSE;
+       cl.close.in.file.fnum = fnum;
+       status = smb_raw_close(cli->tree, &cl);
+       torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+                                       "smb_raw_close failed");
+
+       io.nttrans.in.fname = "\\\\\\\\\\srvsvc";
+       status = smb_raw_open(cli->tree, torture, &io);
+       torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+                                       "smb2_create failed for '\\\\\\\\\\srvsvc'");
+       fnum = io.nttrans.out.file.fnum;
+       ZERO_STRUCT(cl);
+       cl.generic.level = RAW_CLOSE_CLOSE;
+       cl.close.in.file.fnum = fnum;
+       status = smb_raw_close(cli->tree, &cl);
+       torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+                                       "smb_raw_close failed");
+
+       ZERO_STRUCT(io);
+       io.generic.level = RAW_OPEN_OPENX;
+       io.openx.in.open_mode = OPENX_MODE_ACCESS_RDWR;
+       io.openx.in.open_func = OPENX_OPEN_FUNC_OPEN;
+
+       io.openx.in.fname = "__none__";
+       status = smb_raw_open(cli->tree, torture, &io);
+       torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_PATH_SYNTAX_BAD,
+                                          ret, done,
+                                          "smb_raw_open for '__none__'");
+
+       io.openx.in.fname = "srvsvc";
+       status = smb_raw_open(cli->tree, torture, &io);
+       torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_PATH_SYNTAX_BAD,
+                                          ret, done,
+                                          "smb_raw_open for 'srvsvc'");
+
+       io.openx.in.fname = "\\srvsvc";
+       status = smb_raw_open(cli->tree, torture, &io);
+       torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_PATH_SYNTAX_BAD,
+                                          ret, done,
+                                          "smb_raw_open for '\\srvsvc'");
+
+       io.openx.in.fname = "\\pipesrvsvc";
+       status = smb_raw_open(cli->tree, torture, &io);
+       torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_PATH_SYNTAX_BAD,
+                                          ret, done,
+                                          "smb_raw_open for '\\pipesrvsvc'");
+
+       io.openx.in.fname = "pipe\\__none__";
+       status = smb_raw_open(cli->tree, torture, &io);
+       torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+                                          ret, done,
+                                          "smb_raw_open for 'pipe\\__none__'");
+
+       io.openx.in.fname = "\\pipe\\__none__";
+       status = smb_raw_open(cli->tree, torture, &io);
+       torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+                                          ret, done,
+                                          "smb_raw_open for '\\pipe\\__none__'");
+
+       io.openx.in.fname = "pipe\\srvsvc";
+       status = smb_raw_open(cli->tree, torture, &io);
+       torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+                                       "smb2_create failed for 'pipe\\srvsvc'");
+       fnum = io.openx.out.file.fnum;
+       ZERO_STRUCT(cl);
+       cl.generic.level = RAW_CLOSE_CLOSE;
+       cl.close.in.file.fnum = fnum;
+       status = smb_raw_close(cli->tree, &cl);
+       torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+                                       "smb_raw_close failed");
+
+       io.openx.in.fname = "\\pipe\\srvsvc";
+       status = smb_raw_open(cli->tree, torture, &io);
+       torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+                                       "smb2_create failed for '\\pipe\\srvsvc'");
+       fnum = io.openx.out.file.fnum;
+       ZERO_STRUCT(cl);
+       cl.generic.level = RAW_CLOSE_CLOSE;
+       cl.close.in.file.fnum = fnum;
+       status = smb_raw_close(cli->tree, &cl);
+       torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+                                       "smb_raw_close failed");
+
+       io.openx.in.fname = "\\\\\\\\\\pipe\\srvsvc";
+       status = smb_raw_open(cli->tree, torture, &io);
+       torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+                                       "smb2_create failed for '\\\\\\\\\\pipe\\srvsvc'");
+       fnum = io.openx.out.file.fnum;
+       ZERO_STRUCT(cl);
+       cl.generic.level = RAW_CLOSE_CLOSE;
+       cl.close.in.file.fnum = fnum;
+       status = smb_raw_close(cli->tree, &cl);
+       torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+                                       "smb_raw_close failed");
+
+       io.openx.in.fname = "\\\\\\\\\\pipe\\\\\\\\\\srvsvc";
+       status = smb_raw_open(cli->tree, torture, &io);
+       torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+                                       "smb2_create failed for '\\\\\\\\\\pipe\\\\\\\\\\srvsvc'");
+       fnum = io.openx.out.file.fnum;
+       ZERO_STRUCT(cl);
+       cl.generic.level = RAW_CLOSE_CLOSE;
+       cl.close.in.file.fnum = fnum;
+       status = smb_raw_close(cli->tree, &cl);
+       torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+                                       "smb_raw_close failed");
+       ret = true;
+
+done:
+       talloc_free(mem_ctx);
+       return ret;
+}
+
+static bool torture_rpc_smb2_pipe_name(struct torture_context *torture)
+{
+       TALLOC_CTX *mem_ctx;
+       NTSTATUS status;
+       bool ret = false;
+       struct smbcli_options options;
+       const char *host = torture_setting_string(torture, "host", NULL);
+       struct smb2_tree *tree;
+       struct smb2_handle h;
+       struct smb2_create io;
+
+       mem_ctx = talloc_init("torture_samba3_smb2_pipe_name");
+       torture_assert(torture, (mem_ctx != NULL), "talloc_init failed");
+
+       lpcfg_smbcli_options(torture->lp_ctx, &options);
+
+       status = smb2_connect(mem_ctx,
+                             host,
+                             lpcfg_smb_ports(torture->lp_ctx),
+                             "IPC$",
+                             lpcfg_resolve_context(torture->lp_ctx),
+                             cmdline_credentials,
+                             &tree,
+                             torture->ev,
+                             &options,
+                             lpcfg_socket_options(torture->lp_ctx),
+                             lpcfg_gensec_settings(torture, torture->lp_ctx)
+                             );
+       torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+                                       "smb2_connect failed");
+
+       ZERO_STRUCT(io);
+       io.in.oplock_level = 0;
+       io.in.desired_access = DESIRED_ACCESS_PIPE;
+       io.in.impersonation_level = SMB2_IMPERSONATION_IMPERSONATION;
+       io.in.file_attributes = 0;
+       io.in.create_disposition = NTCREATEX_DISP_OPEN;
+       io.in.share_access =
+               NTCREATEX_SHARE_ACCESS_READ|
+               NTCREATEX_SHARE_ACCESS_WRITE;
+       io.in.create_options = 0;
+
+       io.in.fname = "__none__";
+       status = smb2_create(tree, tree, &io);
+       torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+                                          ret, done,
+                                          "smb2_create for '__none__'");
+
+       io.in.fname = "\\srvsvc";
+       status = smb2_create(tree, tree, &io);
+       torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+                                          ret, done,
+                                          "smb2_create for '\\srvsvc'");
+
+       io.in.fname = "\\pipe\\srvsvc";
+       status = smb2_create(tree, tree, &io);
+       torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+                                          ret, done,
+                                          "smb2_create for '\\pipe\\srvsvc'");
+
+       io.in.fname = "pipe\\srvsvc";
+       status = smb2_create(tree, tree, &io);
+       torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+                                          ret, done,
+                                          "smb2_create for 'pipe\\srvsvc'");
+
+       io.in.fname = "srvsvc";
+       status = smb2_create(tree, tree, &io);
+       torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+                                       "smb2_create failed for 'srvsvc'");
+
+       h = io.out.file.handle;
+
+       status = smb2_util_close(tree, h);
+       torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+                                       "smb2_util_close failed");
+
+       ret = true;
+done:
+       talloc_free(mem_ctx);
+       return ret;
+}
+
 /**
  * Test behaviour of a waiting read call on a pipe when
  * the pipe handle is closed:
@@ -4150,6 +4550,8 @@ struct torture_suite *torture_rpc_samba3(TALLOC_CTX *mem_ctx)
        torture_suite_add_simple_test(suite, "smb-reauth2", torture_rpc_smb_reauth2);
        torture_suite_add_simple_test(suite, "smb2-reauth1", torture_rpc_smb2_reauth1);
        torture_suite_add_simple_test(suite, "smb2-reauth2", torture_rpc_smb2_reauth2);
+       torture_suite_add_simple_test(suite, "smb1-pipe-name", torture_rpc_smb1_pipe_name);
+       torture_suite_add_simple_test(suite, "smb2-pipe-name", torture_rpc_smb2_pipe_name);
        torture_suite_add_simple_test(suite, "smb2-pipe-read-close", torture_rpc_smb2_pipe_read_close);
        torture_suite_add_simple_test(suite, "smb2-pipe-read-tdis", torture_rpc_smb2_pipe_read_tdis);
        torture_suite_add_simple_test(suite, "smb2-pipe-read-logoff", torture_rpc_smb2_pipe_read_logoff);
Samba Shared Repository