mirror of
https://github.com/samba-team/samba.git
synced 2025-01-11 05:18:09 +03:00
selftest: test plugin_s4_dc against all ncacn_np tests
Changes to the s3 epmapper behaviour seem to have fixed the rest of these tests. Andrew Bartlett
This commit is contained in:
Andrew Bartlett
parent
7c4eb9e32e
commit
7b1d6a6a05
@ -462,9 +462,10 @@ static NTSTATUS make_auth_context_text_list(TALLOC_CTX *mem_ctx,
|
||||
|
||||
/* Look for the first module to provide a start_gensec hook, and set that if provided */
|
||||
for (method = (*auth_context)->auth_method_list; method; method = method->next) {
|
||||
if (method->prepare_gensec && method->gensec_start_mech_by_oid) {
|
||||
if (method->prepare_gensec) {
|
||||
(*auth_context)->prepare_gensec = method->prepare_gensec;
|
||||
(*auth_context)->gensec_start_mech_by_oid = method->gensec_start_mech_by_oid;
|
||||
(*auth_context)->gensec_start_mech_by_authtype = method->gensec_start_mech_by_authtype;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
@ -27,6 +27,7 @@
|
||||
#include "../librpc/gen_ndr/netlogon.h"
|
||||
#include "../lib/tsocket/tsocket.h"
|
||||
#include "auth/gensec/gensec.h"
|
||||
#include "librpc/rpc/dcerpc.h"
|
||||
|
||||
NTSTATUS auth_ntlmssp_session_info(TALLOC_CTX *mem_ctx,
|
||||
struct auth_ntlmssp_state *auth_ntlmssp_state,
|
||||
@ -290,6 +291,41 @@ NTSTATUS auth_generic_start(struct auth_ntlmssp_state *auth_ntlmssp_state, const
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
NTSTATUS auth_generic_authtype_start(struct auth_ntlmssp_state *auth_ntlmssp_state,
|
||||
uint8_t auth_type, uint8_t auth_level)
|
||||
{
|
||||
if (auth_ntlmssp_state->auth_context->gensec_start_mech_by_authtype) {
|
||||
return auth_ntlmssp_state->auth_context->gensec_start_mech_by_authtype(auth_ntlmssp_state->gensec_security,
|
||||
auth_type, auth_level);
|
||||
}
|
||||
|
||||
if (auth_type != DCERPC_AUTH_TYPE_NTLMSSP) {
|
||||
/* The caller will then free the auth_ntlmssp_state,
|
||||
* undoing what was done in auth_ntlmssp_prepare().
|
||||
*
|
||||
* We can't do that logic here, as
|
||||
* auth_ntlmssp_want_feature() may have been called in
|
||||
* between.
|
||||
*/
|
||||
return NT_STATUS_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
||||
if (auth_level == DCERPC_AUTH_LEVEL_INTEGRITY) {
|
||||
auth_ntlmssp_want_feature(auth_ntlmssp_state, NTLMSSP_FEATURE_SIGN);
|
||||
} else if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
|
||||
/* Always implies both sign and seal for ntlmssp */
|
||||
auth_ntlmssp_want_feature(auth_ntlmssp_state, NTLMSSP_FEATURE_SEAL);
|
||||
} else if (auth_level == DCERPC_AUTH_LEVEL_CONNECT) {
|
||||
/* Default features */
|
||||
} else {
|
||||
DEBUG(2,("auth_level %d not supported in DCE/RPC authentication\n",
|
||||
auth_level));
|
||||
return NT_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
NTSTATUS auth_ntlmssp_start(struct auth_ntlmssp_state *auth_ntlmssp_state)
|
||||
{
|
||||
return auth_generic_start(auth_ntlmssp_state, GENSEC_OID_NTLMSSP);
|
||||
|
||||
@ -187,6 +187,7 @@ static NTSTATUS auth_init_samba4(struct auth_context *auth_context,
|
||||
result->auth = check_samba4_security;
|
||||
result->prepare_gensec = prepare_gensec;
|
||||
result->gensec_start_mech_by_oid = gensec_start_mech_by_oid;
|
||||
result->gensec_start_mech_by_authtype = gensec_start_mech_by_authtype;
|
||||
|
||||
*auth_method = result;
|
||||
return NT_STATUS_OK;
|
||||
|
||||
@ -76,6 +76,8 @@ NTSTATUS auth_ntlmssp_prepare(const struct tsocket_address *remote_address,
|
||||
struct auth_ntlmssp_state **auth_ntlmssp_state);
|
||||
NTSTATUS auth_ntlmssp_start(struct auth_ntlmssp_state *auth_ntlmssp_state);
|
||||
NTSTATUS auth_generic_start(struct auth_ntlmssp_state *auth_ntlmssp_state, const char *oid);
|
||||
NTSTATUS auth_generic_authtype_start(struct auth_ntlmssp_state *auth_ntlmssp_state,
|
||||
uint8_t auth_type, uint8_t auth_level);
|
||||
|
||||
|
||||
/* The following definitions come from auth/auth_sam.c */
|
||||
|
||||
@ -88,6 +88,7 @@ struct auth_context {
|
||||
NTSTATUS (*prepare_gensec)(TALLOC_CTX *mem_ctx,
|
||||
struct gensec_security **gensec_context);
|
||||
NTSTATUS (*gensec_start_mech_by_oid)(struct gensec_security *gensec_context, const char *oid_string);
|
||||
NTSTATUS (*gensec_start_mech_by_authtype)(struct gensec_security *gensec_context, uint8_t auth_type, uint8_t auth_level);
|
||||
};
|
||||
|
||||
typedef struct auth_methods
|
||||
@ -113,6 +114,7 @@ typedef struct auth_methods
|
||||
NTSTATUS (*prepare_gensec)(TALLOC_CTX *mem_ctx,
|
||||
struct gensec_security **gensec_context);
|
||||
NTSTATUS (*gensec_start_mech_by_oid)(struct gensec_security *gensec_context, const char *oid_string);
|
||||
NTSTATUS (*gensec_start_mech_by_authtype)(struct gensec_security *gensec_context, uint8_t auth_type, uint8_t auth_level);
|
||||
/* Used to keep tabs on things like the cli for SMB server authentication */
|
||||
void *private_data;
|
||||
|
||||
|
||||
@ -39,6 +39,8 @@ struct NL_AUTH_MESSAGE;
|
||||
struct pipe_auth_data {
|
||||
enum dcerpc_AuthType auth_type;
|
||||
enum dcerpc_AuthLevel auth_level;
|
||||
|
||||
bool gensec_hook;
|
||||
|
||||
void *auth_ctx;
|
||||
|
||||
|
||||
@ -135,7 +135,7 @@ for bindoptions in ["seal,padcheck"] + validate_list + ["bigendian"]:
|
||||
#Plugin S4 DC tests (confirms named pipe auth forwarding). This can be expanded once kerberos is supported in the plugin DC
|
||||
#
|
||||
for bindoptions in ["seal,padcheck"] + validate_list + ["bigendian"]:
|
||||
for t in [ "rpc.lsalookup", "rpc.lsa.secrets", "rpc.lsa-getuser", "rpc.handles", "rpc.asyncbind", "rpc.authcontext", "rpc.lsa"]:
|
||||
for t in ncacn_np_tests:
|
||||
env = "plugin_s4_dc"
|
||||
transport = "ncacn_np"
|
||||
plantestsuite_loadlist("samba4.%s with %s" % (t, bindoptions), env, [valgrindify(smb4torture), "$LISTOPT", "%s:$SERVER[%s]" % (transport, bindoptions), '-U$USERNAME%$PASSWORD', '-W', '$DOMAIN', '-k', 'no', t])
|
||||
|
||||
Loading…
Reference in New Issue
Block a user