sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-20 22:50:26 +03:00
Code

s4:torture:samba3rpc: use an authenticated SMB connection and an anonymous DCERPC connection on top

Browse Source 
This is the only way to get a reliable transport session key.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit af8c4ebf9be314ddd13ef9ca17a0237927dd2ede)
This commit is contained in:
Stefan Metzmacher 2015-12-15 22:44:24 +01:00
parent fd1e4ec2ab
commit 44e2da8410
1 changed files with 19 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
source4/torture/rpc/samba3rpc.c
View File

@ -1362,7 +1362,6 @@ static bool torture_netlogon_samba3(struct torture_context *torture)
{
NTSTATUS status;
struct smbcli_state *cli;
struct cli_credentials *anon_creds;
struct cli_credentials *wks_creds;
const char *wks_name;
int i;
@ -1374,10 +1373,6 @@ static bool torture_netlogon_samba3(struct torture_context *torture)
wks_name = get_myname(torture);
}
if (!(anon_creds = cli_credentials_init_anon(torture))) {
torture_fail(torture, "create_anon_creds failed\n");
}
lpcfg_smbcli_options(torture->lp_ctx, &options);
lpcfg_smbcli_session_options(torture->lp_ctx, &session_options);
@ -1386,7 +1381,7 @@ static bool torture_netlogon_samba3(struct torture_context *torture)
lpcfg_smb_ports(torture->lp_ctx),
"IPC$", NULL,
lpcfg_socket_options(torture->lp_ctx),
anon_creds,
cmdline_credentials,
lpcfg_resolve_context(torture->lp_ctx),
torture->ev, &options, &session_options,
lpcfg_gensec_settings(torture, torture->lp_ctx));
@ -1406,7 +1401,7 @@ static bool torture_netlogon_samba3(struct torture_context *torture)
CRED_SPECIFIED);
torture_assert(torture,
join3(torture, cli, false, cmdline_credentials, wks_creds),
join3(torture, cli, false, NULL, wks_creds),
"join failed");
cli_credentials_set_domain(
@ -1433,7 +1428,7 @@ static bool torture_netlogon_samba3(struct torture_context *torture)
}
torture_assert(torture,
leave(torture, cli, cmdline_credentials, wks_creds),
leave(torture, cli, NULL, wks_creds),
"leave failed");
return true;
@ -1531,26 +1526,14 @@ static bool torture_samba3_sessionkey(struct torture_context *torture)
}
}
torture_assert(torture,
test_join3(torture, false, anon_creds, cmdline_credentials, wks_name),
"join using ntlmssp bind on an anonymous smb connection failed");
torture_assert(torture,
test_join3(torture, false, cmdline_credentials, NULL, wks_name),
"join using anonymous bind on an authenticated smb connection failed");
torture_assert(torture,
test_join3(torture, false, cmdline_credentials, cmdline_credentials, wks_name),
"join using ntlmssp bind on an authenticated smb connection failed");
/*
* The following two are tests for setuserinfolevel 25
*/
torture_assert(torture,
test_join3(torture, true, anon_creds, cmdline_credentials, wks_name),
"join using ntlmssp bind on an anonymous smb connection failed");
torture_assert(torture,
test_join3(torture, true, cmdline_credentials, NULL, wks_name),
"join using anonymous bind on an authenticated smb connection failed");
@ -1799,20 +1782,6 @@ static bool torture_samba3_rpc_getusername(struct torture_context *torture)
lpcfg_smbcli_options(torture->lp_ctx, &options);
lpcfg_smbcli_session_options(torture->lp_ctx, &session_options);
status = smbcli_full_connection(
torture, &cli, torture_setting_string(torture, "host", NULL),
lpcfg_smb_ports(torture->lp_ctx),
"IPC$", NULL, lpcfg_socket_options(torture->lp_ctx), cmdline_credentials,
lpcfg_resolve_context(torture->lp_ctx), torture->ev, &options,
&session_options, lpcfg_gensec_settings(torture, torture->lp_ctx));
torture_assert_ntstatus_ok(torture, status, "smbcli_full_connection failed\n");
if (!(user_sid = whoami(torture, torture, cli->tree))) {
torture_fail(torture, "whoami on auth'ed connection failed\n");
}
talloc_free(cli);
if (!(anon_creds = cli_credentials_init_anon(torture))) {
torture_fail(torture, "create_anon_creds failed\n");
}
@ -1833,6 +1802,20 @@ static bool torture_samba3_rpc_getusername(struct torture_context *torture)
torture_assert_sid_equal(torture, user_sid, dom_sid_parse_talloc(torture, "s-1-5-7"),
"Anon lsa_GetUserName returned unexpected SID");
talloc_free(cli);
status = smbcli_full_connection(
torture, &cli, torture_setting_string(torture, "host", NULL),
lpcfg_smb_ports(torture->lp_ctx),
"IPC$", NULL, lpcfg_socket_options(torture->lp_ctx), cmdline_credentials,
lpcfg_resolve_context(torture->lp_ctx), torture->ev, &options,
&session_options, lpcfg_gensec_settings(torture, torture->lp_ctx));
torture_assert_ntstatus_ok(torture, status, "smbcli_full_connection failed\n");
if (!(user_sid = whoami(torture, torture, cli->tree))) {
torture_fail(torture, "whoami on auth'ed connection failed\n");
}
if (!(user_creds = cli_credentials_init(torture))) {
torture_fail(torture, "cli_credentials_init failed\n");
}
@ -1844,7 +1827,7 @@ static bool torture_samba3_rpc_getusername(struct torture_context *torture)
generate_random_password(user_creds, 8, 255),
CRED_SPECIFIED);
if (!create_user(torture, torture, cli, cmdline_credentials,
if (!create_user(torture, torture, cli, NULL,
cli_credentials_get_username(user_creds),
cli_credentials_get_password(user_creds),
&domain_name, &created_sid)) {
@ -1899,7 +1882,7 @@ static bool torture_samba3_rpc_getusername(struct torture_context *torture)
del:
if (!delete_user(torture, cli,
cmdline_credentials,
NULL,
cli_credentials_get_username(user_creds))) {
torture_fail(torture, "delete_user failed\n");
}