r13380: Drop the socket, then try SAMR operations secured with netlogon on the new...
authorAndrew Bartlett <abartlet@samba.org>
Tue, 7 Feb 2006 23:30:50 +0000 (23:30 +0000)
committerGerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 18:51:51 +0000 (13:51 -0500)
We should also test netlogon operations, but there are issues with
what state is expected to be stored (far more than we currently do).

Andrew Bartlett

source/script/tests/test_rpc_quick.sh
source/torture/rpc/schannel.c

index fe3fad73eac16bd379896fbc5c2384c6d030f89f..62b2d6cb9ddf90309dbbf9d3f6cce7fca61fae26 100755 (executable)
@@ -2,9 +2,9 @@
 
 # add tests to this list as they start passing, so we test
 # that they stay passing
-ncacn_np_tests="RPC-ALTERCONTEXT RPC-JOIN RPC-ECHO"
-ncalrpc_tests="RPC-ALTERCONTEXT RPC-JOIN RPC-ECHO"
-ncacn_ip_tcp_tests="RPC-ALTERCONTEXT RPC-JOIN RPC-ECHO"
+ncacn_np_tests="RPC-ALTERCONTEXT RPC-JOIN RPC-ECHO RPC-SCHANNEL"
+ncalrpc_tests="RPC-ALTERCONTEXT RPC-JOIN RPC-ECHO RPC-SCHANNEL"
+ncacn_ip_tcp_tests="RPC-ALTERCONTEXT RPC-JOIN RPC-ECHO RPC-SCHANNEL"
 
 if [ $# -lt 4 ]; then
 cat <<EOF
index 4e9d644138dfbf488ae715b7bb2359b4c42772aa..9341fc4a933c4cee824041f46345da8302657fd3 100644 (file)
@@ -157,6 +157,7 @@ static BOOL test_schannel(TALLOC_CTX *mem_ctx,
        struct dcerpc_binding *b;
        struct dcerpc_pipe *p = NULL;
        struct dcerpc_pipe *p_netlogon = NULL;
+       struct dcerpc_pipe *p_samr2 = NULL;
        struct dcerpc_pipe *p_lsa = NULL;
        struct creds_CredentialState *creds;
        struct cli_credentials *credentials;
@@ -256,6 +257,34 @@ static BOOL test_schannel(TALLOC_CTX *mem_ctx,
                ret = False;
        }
 
+       /* Drop the socket, we want to start from scratch */
+       talloc_free(p);
+       p = NULL;
+
+       /* Now see what we are still allowed to do */
+       
+       status = dcerpc_parse_binding(test_ctx, binding, &b);
+       if (!NT_STATUS_IS_OK(status)) {
+               printf("Bad binding string %s\n", binding);
+               goto failed;
+       }
+
+       b->flags &= ~DCERPC_AUTH_OPTIONS;
+       b->flags |= dcerpc_flags;
+
+       status = dcerpc_pipe_connect_b(test_ctx, &p_samr2, b, &dcerpc_table_samr,
+                                      credentials, NULL);
+       if (!NT_STATUS_IS_OK(status)) {
+               printf("Failed to connect with schannel: %s\n", nt_errstr(status));
+               goto failed;
+       }
+
+       /* do a couple of logins.  We have *not* done a new serverauthenticate */
+       if (!test_samr_ops(p_samr2, test_ctx)) {
+               printf("Failed to process schannel secured SAMR ops (on fresh connection)\n");
+               ret = False;
+       }
+
        torture_leave_domain(join_ctx);
        talloc_free(test_ctx);
        return ret;