Author: jelmer Date: 2007-09-02 12:26:06 +0000 (Sun, 02 Sep 2007) New Revision: 24889
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=24889 Log: Move choosing the binding options into RPC-SECRETS. Modified: branches/SAMBA_4_0/ branches/SAMBA_4_0/source/selftest/test_session_key.sh branches/SAMBA_4_0/source/torture/rpc/rpc.c branches/SAMBA_4_0/source/torture/rpc/session_key.c Changeset: Property changes on: branches/SAMBA_4_0 ___________________________________________________________________ Name: bzr:revision-info ...skipped... Name: bzr:revision-id:v3-trunk0 ...skipped... Modified: branches/SAMBA_4_0/source/selftest/test_session_key.sh =================================================================== --- branches/SAMBA_4_0/source/selftest/test_session_key.sh 2007-09-02 11:30:40 UTC (rev 24888) +++ branches/SAMBA_4_0/source/selftest/test_session_key.sh 2007-09-02 12:26:06 UTC (rev 24889) @@ -4,8 +4,7 @@ . $incdir/test_functions.sh transport="ncacn_np" -for bindoptions in bigendian seal; do - for keyexchange in "yes" "no"; do +for keyexchange in "yes" "no"; do for ntlm2 in "yes" "no"; do for lm_key in "yes" "no"; do for ntlmoptions in \ @@ -27,12 +26,11 @@ done done done - name="RPC-SECRETS on $transport with $bindoptions with Kerberos" - plantest "$name" dc $samba4bindir/smbtorture $TORTURE_OPTIONS $transport:"\$SERVER[$bindoptions]" -k yes -U"\$USERNAME"%"\$PASSWORD" -W \$DOMAIN "--option=gensec:target_hostname=\$NETBIOSNAME" RPC-SECRETS "$*" - name="RPC-SECRETS on $transport with $bindoptions with Kerberos - use target principal" - plantest "$name" dc $samba4bindir/smbtorture $TORTURE_OPTIONS $transport:"\$SERVER[$bindoptions]" -k yes -U"\$USERNAME"%"\$PASSWORD" -W \$DOMAIN "--option=clientusespnegoprincipal=yes" "--option=gensec:target_hostname=\$NETBIOSNAME" RPC-SECRETS "$*" -done +name="RPC-SECRETS on $transport with $bindoptions with Kerberos" +plantest "$name" dc $samba4bindir/smbtorture $TORTURE_OPTIONS $transport:"\$SERVER[$bindoptions]" -k yes -U"\$USERNAME"%"\$PASSWORD" -W \$DOMAIN "--option=gensec:target_hostname=\$NETBIOSNAME" RPC-SECRETS "$*" +name="RPC-SECRETS on $transport with $bindoptions with Kerberos - use target principal" +plantest "$name" dc $samba4bindir/smbtorture $TORTURE_OPTIONS $transport:"\$SERVER[$bindoptions]" -k yes -U"\$USERNAME"%"\$PASSWORD" -W \$DOMAIN "--option=clientusespnegoprincipal=yes" "--option=gensec:target_hostname=\$NETBIOSNAME" RPC-SECRETS "$*" name="RPC-SECRETS on $transport with Kerberos - use Samba3 style login" - plantest "$name" dc $samba4bindir/smbtorture $TORTURE_OPTIONS $transport:"\$SERVER" -k yes -U"\$USERNAME"%"\$PASSWORD" -W "\$DOMAIN" "--option=gensec:fake_gssapi_krb5=yes" "--option=gensec:gssapi_krb5=no" "--option=gensec:target_hostname=\$NETBIOSNAME" RPC-SECRETS "$*" + plantest "$name" dc $samba4bindir/smbtorture $TORTURE_OPTIONS $transport:"\$SERVER" -k yes -U"\$USERNAME"%"\$PASSWORD" -W "\$DOMAIN" "--option=gensec:fake_gssapi_krb5=yes" "--option=gensec:gssapi_krb5=no" "--option=gensec:target_hostname=\$NETBIOSNAME" RPC-SECRETS-none "$*" name="RPC-SECRETS on $transport with Kerberos - use Samba3 style login, use target principal" - plantest "$name" dc $samba4bindir/smbtorture $TORTURE_OPTIONS $transport:"\$SERVER" -k yes -U"\$USERNAME"%"\$PASSWORD" -W "\$DOMAIN" "--option=clientusespnegoprincipal=yes" "--option=gensec:fake_gssapi_krb5=yes" "--option=gensec:gssapi_krb5=no" "--option=gensec:target_hostname=\$NETBIOSNAME" RPC-SECRETS "$*" + plantest "$name" dc $samba4bindir/smbtorture $TORTURE_OPTIONS $transport:"\$SERVER" -k yes -U"\$USERNAME"%"\$PASSWORD" -W "\$DOMAIN" "--option=clientusespnegoprincipal=yes" "--option=gensec:fake_gssapi_krb5=yes" "--option=gensec:gssapi_krb5=no" "--option=gensec:target_hostname=\$NETBIOSNAME" RPC-SECRETS-none "$*" Modified: branches/SAMBA_4_0/source/torture/rpc/rpc.c =================================================================== --- branches/SAMBA_4_0/source/torture/rpc/rpc.c 2007-09-02 11:30:40 UTC (rev 24888) +++ branches/SAMBA_4_0/source/torture/rpc/rpc.c 2007-09-02 12:26:06 UTC (rev 24889) @@ -378,7 +378,7 @@ torture_suite_add_simple_test(suite, "LSA", torture_rpc_lsa); torture_suite_add_simple_test(suite, "LSALOOKUP", torture_rpc_lsa_lookup); torture_suite_add_simple_test(suite, "LSA-GETUSER", torture_rpc_lsa_get_user); - torture_suite_add_simple_test(suite, "SECRETS", torture_rpc_lsa_secrets); + torture_suite_add_suite(suite, torture_rpc_lsa_secrets(suite)); torture_suite_add_suite(suite, torture_rpc_echo(suite)); torture_suite_add_simple_test(suite, "DFS", torture_rpc_dfs); torture_suite_add_suite(suite, torture_rpc_unixinfo(suite)); Modified: branches/SAMBA_4_0/source/torture/rpc/session_key.c =================================================================== --- branches/SAMBA_4_0/source/torture/rpc/session_key.c 2007-09-02 11:30:40 UTC (rev 24888) +++ branches/SAMBA_4_0/source/torture/rpc/session_key.c 2007-09-02 12:26:06 UTC (rev 24889) @@ -25,6 +25,7 @@ #include "libcli/auth/libcli_auth.h" #include "torture/rpc/rpc.h" +#include "lib/cmdline/popt_common.h" static void init_lsa_String(struct lsa_String *name, const char *s) { @@ -114,18 +115,16 @@ torture_comment(tctx, "Testing QuerySecret\n"); status = dcerpc_lsa_QuerySecret(p, tctx, &r4); torture_assert_ntstatus_ok(tctx, status, "QuerySecret failed"); - if (r4.out.new_val == NULL || r4.out.new_val->buf == NULL) { + if (r4.out.new_val == NULL || r4.out.new_val->buf == NULL) torture_fail(tctx, "No secret buffer returned"); - } else { - blob1.data = r4.out.new_val->buf->data; - blob1.length = r4.out.new_val->buf->size; - - blob2 = data_blob_talloc(tctx, NULL, blob1.length); - - secret2 = sess_decrypt_string(tctx, &blob1, &session_key); - - torture_assert_str_equal(tctx, secret1, secret2, "Returned secret invalid"); - } + blob1.data = r4.out.new_val->buf->data; + blob1.length = r4.out.new_val->buf->size; + + blob2 = data_blob_talloc(tctx, NULL, blob1.length); + + secret2 = sess_decrypt_string(tctx, &blob1, &session_key); + + torture_assert_str_equal(tctx, secret1, secret2, "Returned secret invalid"); d.in.handle = &sec_handle; status = dcerpc_lsa_Delete(p, tctx, &d); @@ -133,27 +132,31 @@ return true; } +struct secret_settings { + uint32_t bindoptions; +}; -/* TEST session key correctness by pushing and pulling secrets */ - -bool torture_rpc_lsa_secrets(struct torture_context *torture) +static bool test_secrets(struct torture_context *torture, const void *_data) { - NTSTATUS status; struct dcerpc_pipe *p; struct policy_handle *handle; + struct dcerpc_binding *binding; + const struct secret_settings *settings = _data; - status = torture_rpc_connection(torture, - &p, - &ndr_table_lsarpc); - torture_assert_ntstatus_ok(torture, status, "Creating connection"); + torture_assert_ntstatus_ok(torture, torture_rpc_binding(torture, &binding), + "Getting bindoptions"); + binding->flags |= settings->bindoptions; + + torture_assert_ntstatus_ok(torture, + dcerpc_pipe_connect_b(torture, &p, binding, &ndr_table_lsarpc, cmdline_credentials, NULL), + "connect"); + if (!test_lsa_OpenPolicy2(p, torture, &handle)) { return false; } - if (!handle) { - torture_fail(torture, "OpenPolicy2 failed. This test cannot run against this server"); - } + torture_assert(torture, handle, "OpenPolicy2 failed. This test cannot run against this server"); if (!test_CreateSecret_basic(p, torture, handle)) { return false; @@ -161,3 +164,28 @@ return true; } + +/* TEST session key correctness by pushing and pulling secrets */ + +struct torture_suite *torture_rpc_lsa_secrets(TALLOC_CTX *mem_ctx) +{ + struct torture_suite *suite = torture_suite_create(mem_ctx, "SECRETS"); + struct secret_settings *settings; + + settings = talloc_zero(suite, struct secret_settings); + settings->bindoptions = DCERPC_PUSH_BIGENDIAN; + + torture_suite_add_simple_tcase(suite, "bigendian", test_secrets, settings); + + settings = talloc_zero(suite, struct secret_settings); + settings->bindoptions = DCERPC_SEAL; + + torture_suite_add_simple_tcase(suite, "seal", test_secrets, settings); + + settings = talloc_zero(suite, struct secret_settings); + settings->bindoptions = 0; + + torture_suite_add_simple_tcase(suite, "none", test_secrets, settings); + + return suite; +}
