-/*
+/*
Unix SMB/CIFS implementation.
+ test suite for rpc bind operations
- dcerpc torture tests
-
- Copyright (C) Andrew Tridgell 2003
- Copyright (C) Andrew Bartlett <abartlet@samba.org 2004
+ Copyright (C) Guenther Deschner 2010
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#include "includes.h"
-#include "torture/torture.h"
-#include "librpc/gen_ndr/ndr_lsa.h"
+#include "torture/rpc/torture_rpc.h"
#include "librpc/gen_ndr/ndr_lsa_c.h"
#include "lib/cmdline/popt_common.h"
-#include "librpc/rpc/dcerpc.h"
-#include "torture/rpc/rpc.h"
-#include "libcli/libcli.h"
-#include "libcli/composite/composite.h"
-#include "libcli/smb_composite/smb_composite.h"
-
-/*
- This test is 'bogus' in that it doesn't actually perform to the
- spec. We need to deal with other things inside the DCERPC layer,
- before we could have multiple binds.
-
- We should never pass this test, until such details are fixed in our
- client, and it looks like multible binds are never used anyway.
-*/
-
-BOOL torture_multi_bind(struct torture_context *torture)
+static bool test_openpolicy(struct torture_context *tctx,
+ struct dcerpc_pipe *p)
{
- struct dcerpc_pipe *p;
- struct dcerpc_binding *binding;
- const char *binding_string = lp_parm_string(-1, "torture", "binding");
- TALLOC_CTX *mem_ctx;
- NTSTATUS status;
- BOOL ret;
-
- mem_ctx = talloc_init("torture_multi_bind");
-
- status = dcerpc_parse_binding(mem_ctx, binding_string, &binding);
- if (!NT_STATUS_IS_OK(status)) {
- printf("Failed to parse dcerpc binding '%s'\n", binding_string);
- talloc_free(mem_ctx);
- return False;
- }
+ struct dcerpc_binding_handle *b = p->binding_handle;
+ struct policy_handle *handle;
- status = torture_rpc_connection(mem_ctx, &p, &dcerpc_table_lsarpc);
-
- if (!NT_STATUS_IS_OK(status)) {
- talloc_free(mem_ctx);
- return False;
- }
-
- status = dcerpc_pipe_auth(mem_ctx, &p, binding, &dcerpc_table_lsarpc, cmdline_credentials);
+ torture_assert(tctx,
+ test_lsa_OpenPolicy2(b, tctx, &handle),
+ "failed to open policy");
- if (NT_STATUS_IS_OK(status)) {
- printf("(incorrectly) allowed re-bind to uuid %s - %s\n",
- GUID_string(mem_ctx, &dcerpc_table_lsarpc.syntax_id.uuid), nt_errstr(status));
- ret = False;
- } else {
- printf("\n");
- ret = True;
- }
+ torture_assert(tctx,
+ test_lsa_Close(b, tctx, handle),
+ "failed to close policy");
- talloc_free(mem_ctx);
-
- return ret;
+ return true;
}
-BOOL torture_bind_authcontext(struct torture_context *torture)
+static bool test_bind(struct torture_context *tctx,
+ const void *private_data)
{
- TALLOC_CTX *mem_ctx;
+ struct dcerpc_binding *binding;
+ struct dcerpc_pipe *p;
NTSTATUS status;
- BOOL ret = False;
- struct lsa_ObjectAttribute objectattr;
- struct lsa_OpenPolicy2 openpolicy;
- struct policy_handle handle;
- struct lsa_Close close;
- struct smbcli_session *tmp;
- struct smbcli_session *session2;
- struct smbcli_state *cli;
- struct dcerpc_pipe *lsa_pipe;
- struct cli_credentials *anon_creds;
- struct smb_composite_sesssetup setup;
-
- mem_ctx = talloc_init("torture_bind_auth");
-
- if (mem_ctx == NULL) {
- d_printf("talloc_init failed\n");
- return False;
- }
-
- status = smbcli_full_connection(mem_ctx, &cli,
- lp_parm_string(-1, "torture", "host"),
- "IPC$", NULL, cmdline_credentials,
- NULL);
- if (!NT_STATUS_IS_OK(status)) {
- d_printf("smbcli_full_connection failed: %s\n",
- nt_errstr(status));
- goto done;
- }
-
- lsa_pipe = dcerpc_pipe_init(mem_ctx, cli->transport->socket->event.ctx);
- if (lsa_pipe == NULL) {
- d_printf("dcerpc_pipe_init failed\n");
- goto done;
- }
+ const uint32_t *flags = (const uint32_t *)private_data;
- status = dcerpc_pipe_open_smb(lsa_pipe->conn, cli->tree, "\\lsarpc");
- if (!NT_STATUS_IS_OK(status)) {
- d_printf("dcerpc_pipe_open_smb failed: %s\n",
- nt_errstr(status));
- goto done;
- }
+ torture_assert_ntstatus_ok(tctx,
+ torture_rpc_binding(tctx, &binding),
+ "failed to parse binding string");
- status = dcerpc_bind_auth_none(lsa_pipe, &dcerpc_table_lsarpc);
- if (!NT_STATUS_IS_OK(status)) {
- d_printf("dcerpc_bind_auth_none failed: %s\n",
- nt_errstr(status));
- goto done;
- }
+ status = dcerpc_binding_set_flags(binding, *flags, DCERPC_AUTH_OPTIONS);
+ torture_assert_ntstatus_ok(tctx, status, "set flags");
- openpolicy.in.system_name =talloc_asprintf(
- mem_ctx, "\\\\%s", dcerpc_server_name(lsa_pipe));
- ZERO_STRUCT(objectattr);
- openpolicy.in.attr = &objectattr;
- openpolicy.in.access_mask = SEC_GENERIC_WRITE;
- openpolicy.out.handle = &handle;
+ torture_assert_ntstatus_ok(tctx,
+ dcerpc_pipe_connect_b(tctx, &p, binding,
+ &ndr_table_lsarpc,
+ cmdline_credentials,
+ tctx->ev,
+ tctx->lp_ctx),
+ "failed to connect pipe");
- status = dcerpc_lsa_OpenPolicy2(lsa_pipe, mem_ctx, &openpolicy);
-
- if (!NT_STATUS_IS_OK(status)) {
- d_printf("dcerpc_lsa_OpenPolicy2 failed: %s\n",
- nt_errstr(status));
- goto done;
- }
+ torture_assert(tctx,
+ test_openpolicy(tctx, p),
+ "failed to test openpolicy");
- close.in.handle = &handle;
- close.out.handle = &handle;
+ talloc_free(p);
- status = dcerpc_lsa_Close(lsa_pipe, mem_ctx, &close);
- if (!NT_STATUS_IS_OK(status)) {
- d_printf("dcerpc_lsa_Close failed: %s\n",
- nt_errstr(status));
- goto done;
- }
+ return true;
+}
- session2 = smbcli_session_init(cli->transport, mem_ctx, False);
- if (session2 == NULL) {
- d_printf("smbcli_session_init failed\n");
- goto done;
- }
+static void test_bind_op(struct torture_suite *suite,
+ const char *name,
+ uint32_t flags)
+{
+ uint32_t *flags_p = talloc(suite, uint32_t);
- anon_creds = cli_credentials_init(mem_ctx);
- if (anon_creds == NULL) {
- d_printf("cli_credentials_init failed\n");
- goto done;
- }
+ *flags_p = flags;
- cli_credentials_set_conf(anon_creds);
- cli_credentials_set_anonymous(anon_creds);
+ torture_suite_add_simple_tcase_const(suite, name, test_bind, flags_p);
+}
- setup.in.sesskey = cli->transport->negotiate.sesskey;
- setup.in.capabilities = cli->transport->negotiate.capabilities;
- setup.in.workgroup = "";
- setup.in.credentials = anon_creds;
- status = smb_composite_sesssetup(session2, &setup);
- if (!NT_STATUS_IS_OK(status)) {
- d_printf("anon session setup failed: %s\n",
- nt_errstr(status));
- goto done;
+struct torture_suite *torture_rpc_bind(TALLOC_CTX *mem_ctx)
+{
+ struct torture_suite *suite = torture_suite_create(mem_ctx, "bind");
+ struct {
+ const char *test_name;
+ uint32_t flags;
+ } tests[] = {
+ {
+ .test_name = "ntlm,sign",
+ .flags = DCERPC_AUTH_NTLM | DCERPC_SIGN
+ },{
+ .test_name = "ntlm,sign,seal",
+ .flags = DCERPC_AUTH_NTLM | DCERPC_SIGN | DCERPC_SEAL
+ },{
+ .test_name = "spnego,sign",
+ .flags = DCERPC_AUTH_SPNEGO | DCERPC_SIGN
+ },{
+ .test_name = "spnego,sign,seal",
+ .flags = DCERPC_AUTH_SPNEGO | DCERPC_SIGN | DCERPC_SEAL
+ }
+ };
+ int i;
+
+ for (i=0; i < ARRAY_SIZE(tests); i++) {
+ test_bind_op(suite, tests[i].test_name, tests[i].flags);
}
-
- tmp = cli->tree->session;
- cli->tree->session = session2;
-
- status = dcerpc_lsa_OpenPolicy2(lsa_pipe, mem_ctx, &openpolicy);
-
- if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_HANDLE)) {
- d_printf("dcerpc_lsa_OpenPolicy2 with wrong vuid gave %s, "
- "expected NT_STATUS_INVALID_HANDLE\n",
- nt_errstr(status));
- goto done;
+ for (i=0; i < ARRAY_SIZE(tests); i++) {
+ test_bind_op(suite, talloc_asprintf(suite, "bigendian,%s", tests[i].test_name), tests[i].flags | DCERPC_PUSH_BIGENDIAN);
}
- ret = True;
- done:
- talloc_free(mem_ctx);
- return ret;
+ return suite;
}