r7684: Add a test aimed at checking we have agreement between client and

server as to the CIFS session key.

JRA had pain with this being wrong against NT4 (without spnego), hence
this specific test.

Andrew Bartlett
(This used to be commit 47f433708ba38db9bf569567cc048e65f2786ebe)

diff --git a/source4/script/tests/selftest.sh b/source4/script/tests/selftest.sh
index 9ffb2838868d823284171097aa84dfa6a8276da5..c40d59759f1ac1972799f16ac3ec2b08397af04f 100755 (executable)
--- a/source4/script/tests/selftest.sh
+++ b/source4/script/tests/selftest.sh
@@ -87,6 +87,7 @@ START=`date`
  failed=0
  $SRCDIR/script/tests/test_ldap.sh localhost || failed=`expr $failed + $?`
  $SRCDIR/script/tests/test_rpc.sh localhost $USERNAME $PASSWORD $DOMAIN $ADDARG || failed=`expr $failed + $?`
+ $SRCDIR/script/tests/test_session_key.sh localhost $USERNAME $PASSWORD $DOMAIN $ADDARG || failed=`expr $failed + $?`
  $SRCDIR/script/tests/test_binding_string.sh localhost $USERNAME $PASSWORD $DOMAIN $ADDARG || failed=`expr $failed + $?`
  $SRCDIR/script/tests/test_echo.sh localhost $USERNAME $PASSWORD $DOMAIN $ADDARG || failed=`expr $failed + $?`
  $SRCDIR/script/tests/test_posix.sh //localhost/tmp $USERNAME $PASSWORD "" $ADDARG || failed=`expr $failed + $?`

diff --git a/source4/script/tests/test_rpc.sh b/source4/script/tests/test_rpc.sh
index d7272b0e6e28c75f6fe3aac10b6ad387bb2d4bda..e2cf7c8c0366950ec645e62586068fe8d1e4ff70 100755 (executable)
--- a/source4/script/tests/test_rpc.sh
+++ b/source4/script/tests/test_rpc.sh
@@ -5,6 +5,9 @@
 ncacn_np_tests="RPC-SPOOLSS RPC-SCHANNEL RPC-ECHO RPC-DSSETUP RPC-ALTERCONTEXT RPC-MULTIBIND"
 ncalrpc_tests="RPC-SCHANNEL RPC-ECHO RPC-DSSETUP RPC-ALTERCONTEXT RPC-MULTIBIND"
 ncacn_ip_tcp_tests="RPC-SCHANNEL RPC-ECHO RPC-DSSETUP RPC-ALTERCONTEXT RPC-MULTIBIND"
+slow_ncacn_np_tests="RPC-SAMLOGON"
+slow_ncalrpc_tests="RPC-SAMLOGON"
+slow_ncacn_ip_tcp_tests="RPC-SAMLOGON"
 
 if [ $# -lt 4 ]; then
 cat <<EOF
@@ -42,3 +45,18 @@ for bindoptions in connect sign seal sign,seal spnego spnego,sign spnego,seal va
 done
 
 testok $0 $failed
+
+#for bindoptions in connect validate padcheck bigendian bigendian,seal; do
+# for transport in ncalrpc ncacn_np ncacn_ip_tcp; do
+#     case $transport in
+#       ncalrpc) tests=$slow_ncalrpc_tests ;;
+#       ncacn_np) tests=$slow_ncacn_np_tests ;;
+#       ncacn_ip_tcp) tests=$slow_ncacn_ip_tcp_tests ;;
+#     esac
+#   for t in $tests; do
+#    name="$t on $transport with $bindoptions"
+#    testit "$name" $VALGRIND bin/smbtorture $TORTURE_OPTIONS $transport:"$server[$bindoptions]" -U"$username"%"$password" -W $domain $t "$*" || failed=`expr $failed + 1`
+#   done
+# done
+#done
+

diff --git a/source4/script/tests/test_session_key.sh b/source4/script/tests/test_session_key.sh
new file mode 100755 (executable)
index 0000000..48f3d19
--- /dev/null
+++ b/source4/script/tests/test_session_key.sh
@@ -0,0 +1,33 @@
+#!/bin/sh
+
+if [ $# -lt 4 ]; then
+cat <<EOF
+Usage: test_session_key.sh SERVER USERNAME PASSWORD DOMAIN
+EOF
+exit 1;
+fi
+
+server="$1"
+username="$2"
+password="$3"
+domain="$4"
+shift 4
+
+incdir=`dirname $0`
+. $incdir/test_functions.sh
+
+failed=0
+transport="ncacn_np"
+  for ntlmoptions in \
+        "--option=usespnego=yes --option=ntlmssp_client:ntlm2=yes" \
+        "--option=usespnego=yes --option=ntlmssp_client:ntlm2=no" \
+        "--option=usespnego=yes --option=ntlmssp_client:ntlm2=yes --option=ntlmssp_client:128bit=no" \
+        "--option=usespnego=yes--option=ntlmssp_client:ntlm2=no  --option=ntlmssp_client:128bit=no" \
+        "--option=usespnego=yes --option=ntlmssp_client:ntlm2=yes --option=ntlmssp_client:keyexchange=no" \
+        "--option=usespnego=yes --option=ntlmssp_client:ntlm2=no  --option=ntlmssp_client:keyexchange=no" \
+        "--option=usespnego=no" \
+    ; do
+   name="$transport with $ntlmoptions"
+   testit "$name" bin/smbtorture $TORTURE_OPTIONS $transport:"$server[$bindoptions]" $ntlmoptions -U"$username"%"$password" -W $domain RPC-SECRETS "$*" || failed=`expr $failed + 1`
+  done
+testok $0 $failed

diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c
index f723f68a0226e087f0063aba53065863f7e9996d..543ea4f48afb1f07380dfc365240e177d0a19ad5 100644 (file)
--- a/source4/torture/rpc/lsa.c
+++ b/source4/torture/rpc/lsa.c
@@ -1680,3 +1680,37 @@ BOOL torture_rpc_lsa(void)
 
        return ret;
 }
+
+
+BOOL torture_rpc_lsa_secrets(void) 
+{
+        NTSTATUS status;
+        struct dcerpc_pipe *p;
+       TALLOC_CTX *mem_ctx;
+       BOOL ret = True;
+       struct policy_handle handle;
+
+       mem_ctx = talloc_init("torture_rpc_lsa_secrets");
+
+       status = torture_rpc_connection(mem_ctx, 
+                                       &p, 
+                                       DCERPC_LSARPC_NAME, 
+                                       DCERPC_LSARPC_UUID, 
+                                       DCERPC_LSARPC_VERSION);
+       if (!NT_STATUS_IS_OK(status)) {
+               talloc_free(mem_ctx);
+               return False;
+       }
+
+       if (!test_lsa_OpenPolicy2(p, mem_ctx, &handle)) {
+               ret = False;
+       }
+
+       if (!test_CreateSecret(p, mem_ctx, &handle)) {
+               ret = False;
+       }
+
+       talloc_free(mem_ctx);
+
+       return ret;
+}

diff --git a/source4/torture/torture.c b/source4/torture/torture.c
index c96f8621424ec462f2a50d1a1d67dddc12dcea01..5036822aa4c0f184f7f677bc22ee82ee31978d9f 100644 (file)
--- a/source4/torture/torture.c
+++ b/source4/torture/torture.c
@@ -2280,6 +2280,7 @@ static struct {
 
        /* rpc testers */
         {"RPC-LSA", torture_rpc_lsa, 0},
+        {"RPC-SECRETS", torture_rpc_lsa_secrets, 0},
         {"RPC-ECHO", torture_rpc_echo, 0},
         {"RPC-DFS", torture_rpc_dfs, 0},
         {"RPC-SPOOLSS", torture_rpc_spoolss, 0},