From 9331772e4ce4beba10090a99d2fb6e8915ef52c2 Mon Sep 17 00:00:00 2001
From: Samuel Cabrero <scabrero@samba.org>
Date: Tue, 26 Nov 2019 14:16:14 +0100
Subject: [PATCH] selftests: Tests only appropiate RPC interfaces are available
 in smb pipes

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 source3/selftest/tests.py       |  5 ++-
 source4/torture/rpc/samba3rpc.c | 71 +++++++++++++++++++++++++++++++++
 2 files changed, 75 insertions(+), 1 deletion(-)

diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 45b892e17e2..208c89cb071 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -516,7 +516,7 @@ rpc = ["rpc.authcontext", "rpc.samba3.bind", "rpc.samba3.srvsvc", "rpc.samba3.sh
        "rpc.samba3.netlogon", "rpc.samba3.sessionkey", "rpc.samba3.getusername",
        "rpc.samba3.smb1-pipe-name", "rpc.samba3.smb2-pipe-name",
        "rpc.samba3.smb-reauth1", "rpc.samba3.smb-reauth2",
-       "rpc.samba3.lsa_over_netlogon",
+       "rpc.samba3.lsa_over_netlogon", "rpc.samba3.pipes_supported_interfaces",
        "rpc.svcctl", "rpc.ntsvcs", "rpc.winreg", "rpc.eventlog",
        "rpc.spoolss.printserver", "rpc.spoolss.win", "rpc.spoolss.notify", "rpc.spoolss.printer",
        "rpc.spoolss.driver",
@@ -742,6 +742,9 @@ for t in tests:
         plansmbtorture4testsuite(t, "ad_dc", '//$SERVER/tmp -U$DC_USERNAME%$DC_PASSWORD')
     elif t == "rpc.samba3.lsa_over_netlogon":
         plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD')
+    elif t == "rpc.samba3.pipes_supported_interfaces":
+        plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD')
+        plansmbtorture4testsuite(t, "ad_dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD')
     else:
         plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD')
         plansmbtorture4testsuite(t, "ad_dc", '//$SERVER/tmp -U$USERNAME%$PASSWORD')
diff --git a/source4/torture/rpc/samba3rpc.c b/source4/torture/rpc/samba3rpc.c
index 07991e4bb7a..d22d58196bf 100644
--- a/source4/torture/rpc/samba3rpc.c
+++ b/source4/torture/rpc/samba3rpc.c
@@ -31,6 +31,7 @@
 #include "librpc/gen_ndr/ndr_spoolss_c.h"
 #include "librpc/gen_ndr/ndr_winreg_c.h"
 #include "librpc/gen_ndr/ndr_wkssvc_c.h"
+#include "librpc/gen_ndr/ndr_svcctl_c.h"
 #include "lib/cmdline/popt_common.h"
 #include "torture/rpc/torture_rpc.h"
 #include "libcli/libcli.h"
@@ -4613,6 +4614,73 @@ static bool torture_rpc_lsa_over_netlogon(struct torture_context *torture)
 	return ret;
 }
 
+static bool torture_rpc_pipes_supported_interfaces(
+					struct torture_context *torture)
+{
+	TALLOC_CTX *mem_ctx;
+	NTSTATUS status;
+	bool ret = false;
+	struct smbcli_options options;
+	struct smb2_tree *tree;
+	struct dcerpc_pipe *pipe1;
+	struct dcerpc_pipe *pipe2;
+	struct dcerpc_pipe *pipe3;
+
+	torture_comment(torture, "Testing only appropiate interfaces are "
+			"available in smb pipes\n");
+
+	mem_ctx = talloc_init("torture_samba3_rpc_pipes_supported_interfaces");
+	torture_assert(torture, (mem_ctx != NULL), "talloc_init failed");
+
+	lpcfg_smbcli_options(torture->lp_ctx, &options);
+
+	status = smb2_connect(mem_ctx,
+			      torture_setting_string(torture, "host", NULL),
+			      lpcfg_smb_ports(torture->lp_ctx),
+			      "IPC$",
+			      lpcfg_resolve_context(torture->lp_ctx),
+			      popt_get_cmdline_credentials(),
+			      &tree,
+			      torture->ev,
+			      &options,
+			      lpcfg_socket_options(torture->lp_ctx),
+			      lpcfg_gensec_settings(torture, torture->lp_ctx)
+			      );
+	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+					"smb2_connect failed");
+
+	/* Test embedded services pipes. The svcctl interface is
+	 * not available if we open the winreg pipe. */
+	status = pipe_bind_smb2(torture, mem_ctx, tree, "winreg",
+			        &ndr_table_svcctl, &pipe1);
+	torture_assert_ntstatus_equal(torture,
+			status,
+			NT_STATUS_RPC_UNSUPPORTED_NAME_SYNTAX,
+			"svcctl interface not supported in winreg pipe");
+
+	/* Test it is not possible to bind to S4 server provided services */
+	status = pipe_bind_smb2(torture, mem_ctx, tree, "srvsvc",
+			        &ndr_table_samr, &pipe2);
+	torture_assert_ntstatus_equal(torture,
+			status,
+			NT_STATUS_RPC_UNSUPPORTED_NAME_SYNTAX,
+			"samr interface not supported in srvsvc pipe");
+
+	/* Test pipes in forked daemons like lsassd. The lsarpc interface is
+	 * not available if we open the SAMR pipe. */
+	status = pipe_bind_smb2(torture, mem_ctx, tree, "samr",
+			        &ndr_table_lsarpc, &pipe3);
+	torture_assert_ntstatus_equal(torture,
+			status,
+			NT_STATUS_RPC_UNSUPPORTED_NAME_SYNTAX,
+			"lsarpc interface not supported in samr pipe");
+
+	ret = true;
+ done:
+	talloc_free(mem_ctx);
+	return ret;
+}
+
 struct torture_suite *torture_rpc_samba3(TALLOC_CTX *mem_ctx)
 {
 	struct torture_suite *suite = torture_suite_create(mem_ctx, "samba3");
@@ -4642,6 +4710,9 @@ struct torture_suite *torture_rpc_samba3(TALLOC_CTX *mem_ctx)
 	torture_suite_add_simple_test(suite,
 				      "lsa_over_netlogon",
 				      torture_rpc_lsa_over_netlogon);
+	torture_suite_add_simple_test(suite,
+				      "pipes_supported_interfaces",
+				      torture_rpc_pipes_supported_interfaces);
 
 	suite->description = talloc_strdup(suite, "samba3 DCERPC interface tests");