r4560: - fixed crash bugs in the RPC-SCHANNEL and RPC-NETLOGON tests
[samba.git] / source4 / torture / rpc / schannel.c
1 /* 
2    Unix SMB/CIFS implementation.
3
4    test suite for schannel operations
5
6    Copyright (C) Andrew Tridgell 2004
7    
8    This program is free software; you can redistribute it and/or modify
9    it under the terms of the GNU General Public License as published by
10    the Free Software Foundation; either version 2 of the License, or
11    (at your option) any later version.
12    
13    This program is distributed in the hope that it will be useful,
14    but WITHOUT ANY WARRANTY; without even the implied warranty of
15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16    GNU General Public License for more details.
17    
18    You should have received a copy of the GNU General Public License
19    along with this program; if not, write to the Free Software
20    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21 */
22
23 #include "includes.h"
24 #include "librpc/gen_ndr/ndr_samr.h"
25 #include "librpc/gen_ndr/ndr_netlogon.h"
26
27 #define TEST_MACHINE_NAME "schanneltest"
28
29 /*
30   do some samr ops using the schannel connection
31  */
32 static BOOL test_samr_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
33 {
34         NTSTATUS status;
35         struct samr_GetDomPwInfo r;
36         int i;
37         struct samr_String name;
38
39         name.string = lp_workgroup();
40         r.in.name = &name;
41
42         printf("Testing GetDomPwInfo with name %s\n", r.in.name->string);
43         
44         /* do several ops to test credential chaining */
45         for (i=0;i<5;i++) {
46                 status = dcerpc_samr_GetDomPwInfo(p, mem_ctx, &r);
47                 if (!NT_STATUS_IS_OK(status)) {
48                         printf("GetDomPwInfo op %d failed - %s\n", i, nt_errstr(status));
49                         return False;
50                 }
51         }
52
53         return True;
54 }
55
56
57 /*
58   try a netlogon SamLogon
59 */
60 static BOOL test_netlogon_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, 
61                                   struct creds_CredentialState *creds)
62 {
63         NTSTATUS status;
64         struct netr_LogonSamLogon r;
65         struct netr_Authenticator auth, auth2;
66         struct netr_NetworkInfo ninfo;
67         const char *username = lp_parm_string(-1, "torture", "username");
68         const char *password = lp_parm_string(-1, "torture", "password");
69
70         int i;
71         BOOL ret = True;
72
73         ninfo.identity_info.domain_name.string = lp_workgroup();
74         ninfo.identity_info.parameter_control = 0;
75         ninfo.identity_info.logon_id_low = 0;
76         ninfo.identity_info.logon_id_high = 0;
77         ninfo.identity_info.account_name.string = username;
78         ninfo.identity_info.workstation.string = TEST_MACHINE_NAME;
79         generate_random_buffer(ninfo.challenge, 
80                                sizeof(ninfo.challenge));
81         ninfo.nt.length = 24;
82         ninfo.nt.data = talloc_size(mem_ctx, 24);
83         SMBNTencrypt(password, ninfo.challenge, ninfo.nt.data);
84         ninfo.lm.length = 24;
85         ninfo.lm.data = talloc_size(mem_ctx, 24);
86         SMBencrypt(password, ninfo.challenge, ninfo.lm.data);
87
88
89         r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
90         r.in.workstation = TEST_MACHINE_NAME;
91         r.in.credential = &auth;
92         r.in.return_authenticator = &auth2;
93         r.in.logon_level = 2;
94         r.in.logon.network = &ninfo;
95
96         for (i=2;i<3;i++) {
97                 ZERO_STRUCT(auth2);
98                 creds_client_authenticator(creds, &auth);
99                 
100                 r.in.validation_level = i;
101                 
102                 status = dcerpc_netr_LogonSamLogon(p, mem_ctx, &r);
103                 
104                 if (!creds_client_check(creds, &r.out.return_authenticator->cred)) {
105                         printf("Credential chaining failed\n");
106                         ret = False;
107                 }
108                 
109         }
110                 return ret;
111 }
112
113 /*
114   test a schannel connection with the given flags
115  */
116 static BOOL test_schannel(TALLOC_CTX *mem_ctx, 
117                           uint16 acct_flags, uint32 dcerpc_flags,
118                           uint32 schannel_type)
119 {
120         void *join_ctx;
121         const char *machine_password;
122         NTSTATUS status;
123         const char *binding = lp_parm_string(-1, "torture", "binding");
124         struct dcerpc_binding b;
125         struct dcerpc_pipe *p = NULL;
126         struct dcerpc_pipe *p_netlogon = NULL;
127         struct creds_CredentialState *creds;
128
129         join_ctx = torture_join_domain(TEST_MACHINE_NAME, lp_workgroup(), acct_flags,
130                                        &machine_password);
131         if (!join_ctx) {
132                 printf("Failed to join domain with acct_flags=0x%x\n", acct_flags);
133                 return False;
134         }
135
136         status = dcerpc_parse_binding(mem_ctx, binding, &b);
137         if (!NT_STATUS_IS_OK(status)) {
138                 printf("Bad binding string %s\n", binding);
139                 goto failed;
140         }
141
142         b.flags &= ~DCERPC_AUTH_OPTIONS;
143         b.flags |= dcerpc_flags;
144
145         status = dcerpc_pipe_connect_b(&p, &b, 
146                                        DCERPC_SAMR_UUID,
147                                        DCERPC_SAMR_VERSION,
148                                        lp_workgroup(), 
149                                        TEST_MACHINE_NAME,
150                                        machine_password);
151         if (!NT_STATUS_IS_OK(status)) {
152                 printf("Failed to connect with schannel\n");
153                 goto failed;
154         }
155
156         if (!test_samr_ops(p, mem_ctx)) {
157                 printf("Failed to process schannel secured ops\n");
158                 goto failed;
159         }
160
161
162         status = dcerpc_parse_binding(mem_ctx, binding, &b);
163         if (!NT_STATUS_IS_OK(status)) {
164                 printf("Bad binding string %s\n", binding);
165                 goto failed;
166         }
167
168
169         /* Also test that when we connect to the netlogon pipe, that
170          * the credentials we setup on the first pipe are valid for
171          * the second */
172
173         b.flags &= ~DCERPC_AUTH_OPTIONS;
174         b.flags |= dcerpc_flags;
175
176         status = dcerpc_pipe_connect_b(&p_netlogon, &b, 
177                                        DCERPC_NETLOGON_UUID,
178                                        DCERPC_NETLOGON_VERSION,
179                                        lp_workgroup(), 
180                                        TEST_MACHINE_NAME,
181                                        machine_password);
182
183         if (!NT_STATUS_IS_OK(status)) {
184                 goto failed;
185         }
186
187         status = dcerpc_schannel_creds(p_netlogon->security_state.generic_state, mem_ctx, &creds);
188         if (!NT_STATUS_IS_OK(status)) {
189                 goto failed;
190         }
191
192         /* do a couple of logins */
193         if (!test_netlogon_ops(p_netlogon, mem_ctx, creds)) {
194                 printf("Failed to process schannel secured ops\n");
195                 goto failed;
196         }
197
198         torture_leave_domain(join_ctx);
199         dcerpc_pipe_close(p_netlogon);
200         dcerpc_pipe_close(p);
201         return True;
202
203 failed:
204         torture_leave_domain(join_ctx);
205         dcerpc_pipe_close(p_netlogon);
206         dcerpc_pipe_close(p);
207         return False;   
208 }
209
210 /*
211   a schannel test suite
212  */
213 BOOL torture_rpc_schannel(void)
214 {
215         TALLOC_CTX *mem_ctx;
216         BOOL ret = True;
217         struct {
218                 uint16 acct_flags;
219                 uint32 dcerpc_flags;
220                 uint32 schannel_type;
221         } tests[] = {
222                 { ACB_WSTRUST,   DCERPC_SCHANNEL_WORKSTATION | DCERPC_SIGN,                       3 },
223                 { ACB_WSTRUST,   DCERPC_SCHANNEL_WORKSTATION | DCERPC_SEAL,                       3 },
224                 { ACB_WSTRUST,   DCERPC_SCHANNEL_WORKSTATION | DCERPC_SIGN | DCERPC_SCHANNEL_128, 3 },
225                 { ACB_WSTRUST,   DCERPC_SCHANNEL_WORKSTATION | DCERPC_SEAL | DCERPC_SCHANNEL_128, 3 },
226                 { ACB_SVRTRUST,  DCERPC_SCHANNEL_BDC | DCERPC_SIGN,                               3 },
227                 { ACB_SVRTRUST,  DCERPC_SCHANNEL_BDC | DCERPC_SEAL,                               3 },
228                 { ACB_SVRTRUST,  DCERPC_SCHANNEL_BDC | DCERPC_SIGN | DCERPC_SCHANNEL_128,         3 },
229                 { ACB_SVRTRUST,  DCERPC_SCHANNEL_BDC | DCERPC_SEAL | DCERPC_SCHANNEL_128,         3 }
230         };
231         int i;
232
233         mem_ctx = talloc_init("torture_rpc_schannel");
234
235         for (i=0;i<ARRAY_SIZE(tests);i++) {
236                 if (!test_schannel(mem_ctx, 
237                                    tests[i].acct_flags, tests[i].dcerpc_flags, tests[i].schannel_type)) {
238                         printf("Failed with acct_flags=0x%x dcerpc_flags=0x%x schannel_type=%d\n",
239                                tests[i].acct_flags, tests[i].dcerpc_flags, tests[i].schannel_type);
240                         ret = False;
241                         break;
242                 }
243         }
244
245         talloc_free(mem_ctx);
246
247         return ret;
248 }