From 78996e64b4c066ce9476448fec4375f47158c7fd Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sun, 2 Sep 2007 12:48:58 +0000 Subject: [PATCH] r24890: Integrate more of the RPC-SECRETS tests. (This used to be commit 84cc1d42ab201d4a8fb0ef06b85d79a3ed8bc1d4) --- source4/selftest/test_session_key.sh | 14 ++----- source4/torture/rpc/session_key.c | 58 ++++++++++++++++++++++------ 2 files changed, 50 insertions(+), 22 deletions(-) diff --git a/source4/selftest/test_session_key.sh b/source4/selftest/test_session_key.sh index 46f6a4ee3a2..90f5585cd66 100755 --- a/source4/selftest/test_session_key.sh +++ b/source4/selftest/test_session_key.sh @@ -4,10 +4,7 @@ incdir=`dirname $0` . $incdir/test_functions.sh transport="ncacn_np" -for keyexchange in "yes" "no"; do - for ntlm2 in "yes" "no"; do - for lm_key in "yes" "no"; do - for ntlmoptions in \ +for ntlmoptions in \ "-k no --option=usespnego=yes" \ "-k no --option=usespnego=yes --option=ntlmssp_client:128bit=no" \ "-k no --option=usespnego=yes --option=ntlmssp_client:56bit=yes" \ @@ -20,12 +17,9 @@ for keyexchange in "yes" "no"; do "-k no --option=usespnego=no --option=clientntlmv2auth=yes" \ "-k no --option=gensec:spnego=no --option=clientntlmv2auth=yes" \ "-k no --option=usespnego=no"; do - name="RPC-SECRETS on $transport with $bindoptions with NTLM2:$ntlm2 KEYEX:$keyexchange LM_KEY:$lm_key $ntlmoptions" - plantest "$name" dc $samba4bindir/smbtorture $TORTURE_OPTIONS $transport:"\$SERVER[$bindoptions]" --option=ntlmssp_client:keyexchange=$keyexchange --option=ntlmssp_client:ntlm2=$ntlm2 --option=ntlmssp_client:lm_key=$lm_key $ntlmoptions -U"\$USERNAME"%"\$PASSWORD" -W \$DOMAIN --option=gensec:target_hostname=\$NETBIOSNAME RPC-SECRETS "$*" - done - done - done - done + name="RPC-SECRETS on $transport with $bindoptions with $ntlmoptions" + plantest "$name" dc $samba4bindir/smbtorture $TORTURE_OPTIONS $transport:"\$SERVER[$bindoptions]" $ntlmoptions -U"\$USERNAME"%"\$PASSWORD" -W \$DOMAIN --option=gensec:target_hostname=\$NETBIOSNAME RPC-SECRETS "$*" +done name="RPC-SECRETS on $transport with $bindoptions with Kerberos" plantest "$name" dc $samba4bindir/smbtorture $TORTURE_OPTIONS $transport:"\$SERVER[$bindoptions]" -k yes -U"\$USERNAME"%"\$PASSWORD" -W \$DOMAIN "--option=gensec:target_hostname=\$NETBIOSNAME" RPC-SECRETS "$*" name="RPC-SECRETS on $transport with $bindoptions with Kerberos - use target principal" diff --git a/source4/torture/rpc/session_key.c b/source4/torture/rpc/session_key.c index 29dfdcc1c5e..d35d9fd4fc0 100644 --- a/source4/torture/rpc/session_key.c +++ b/source4/torture/rpc/session_key.c @@ -134,6 +134,9 @@ static bool test_CreateSecret_basic(struct dcerpc_pipe *p, struct secret_settings { uint32_t bindoptions; + bool keyexchange; + bool ntlm2; + bool lm_key; }; static bool test_secrets(struct torture_context *torture, const void *_data) @@ -143,6 +146,10 @@ static bool test_secrets(struct torture_context *torture, const void *_data) struct dcerpc_binding *binding; const struct secret_settings *settings = _data; + lp_set_cmdline("ntlmssp client:keyexchange", settings->keyexchange?"True":"False"); + lp_set_cmdline("ntlmssp_client:ntlm2", settings->ntlm2?"True":"False"); + lp_set_cmdline("ntlmssp_client:lm_key", settings->lm_key?"True":"False"); + torture_assert_ntstatus_ok(torture, torture_rpc_binding(torture, &binding), "Getting bindoptions"); @@ -165,27 +172,54 @@ static bool test_secrets(struct torture_context *torture, const void *_data) return true; } -/* TEST session key correctness by pushing and pulling secrets */ - -struct torture_suite *torture_rpc_lsa_secrets(TALLOC_CTX *mem_ctx) +static struct torture_tcase *add_test(struct torture_suite *suite, uint32_t bindoptions, + bool keyexchange, bool ntlm2, bool lm_key) { - struct torture_suite *suite = torture_suite_create(mem_ctx, "SECRETS"); + char *name = NULL; struct secret_settings *settings; settings = talloc_zero(suite, struct secret_settings); - settings->bindoptions = DCERPC_PUSH_BIGENDIAN; + settings->bindoptions = bindoptions; - torture_suite_add_simple_tcase(suite, "bigendian", test_secrets, settings); + if (bindoptions == DCERPC_PUSH_BIGENDIAN) + name = talloc_strdup(suite, "bigendian"); + else if (bindoptions == DCERPC_SEAL) + name = talloc_strdup(suite, "seal"); + else if (bindoptions == 0) + name = talloc_strdup(suite, "none"); + else + name = talloc_strdup(suite, "unknown"); - settings = talloc_zero(suite, struct secret_settings); - settings->bindoptions = DCERPC_SEAL; + name = talloc_asprintf_append(name, " keyexchange:%s", keyexchange?"yes":"no"); + settings->keyexchange = keyexchange; - torture_suite_add_simple_tcase(suite, "seal", test_secrets, settings); + name = talloc_asprintf_append(name, " ntlm2:%s", ntlm2?"yes":"no"); + settings->ntlm2 = ntlm2; - settings = talloc_zero(suite, struct secret_settings); - settings->bindoptions = 0; + name = talloc_asprintf_append(name, " lm_key:%s", lm_key?"yes":"no"); + settings->lm_key = lm_key; - torture_suite_add_simple_tcase(suite, "none", test_secrets, settings); + return torture_suite_add_simple_tcase(suite, name, test_secrets, settings); +} + +static const bool bool_vals[] = { true, false }; + +/* TEST session key correctness by pushing and pulling secrets */ +struct torture_suite *torture_rpc_lsa_secrets(TALLOC_CTX *mem_ctx) +{ + struct torture_suite *suite = torture_suite_create(mem_ctx, "SECRETS"); + int keyexchange, ntlm2, lm_key; + + for (keyexchange = 0; keyexchange < ARRAY_SIZE(bool_vals); keyexchange++) { + for (ntlm2 = 0; ntlm2 < ARRAY_SIZE(bool_vals); ntlm2++) { + for (lm_key = 0; lm_key < ARRAY_SIZE(bool_vals); lm_key++) { + add_test(suite, DCERPC_PUSH_BIGENDIAN, bool_vals[keyexchange], bool_vals[ntlm2], + bool_vals[lm_key]); + add_test(suite, DCERPC_SEAL, bool_vals[keyexchange], bool_vals[ntlm2], bool_vals[lm_key]); + add_test(suite, 0, bool_vals[keyexchange], bool_vals[ntlm2], bool_vals[lm_key]); + } + } + } return suite; }