The branch, master has been updated via 12ee793 s4:torture: add a check for talloc success in rpc.samba3.randomauth2 via 97d0b8b s4:torture: add a check for talloc success in the rpc.samba3 suite via 8825274 s4:torture: add a rpc.samba3.smb2-reauth2 test via 0508f84 s4:torture: add a rpc.samba3.smb2-reauth1 test via 5629eb7 s4:librpc: create a binding on the pipe if necessary in dcerpc_pipe_open_smb2_send() from 2f35c24 selftest: Add test to ensure that bug #8872 does not come back
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 12ee7933327e99c0a5db8c7b6273775a6fc9c8fd Author: Michael Adam <ob...@samba.org> Date: Sat Apr 28 00:35:56 2012 +0200 s4:torture: add a check for talloc success in rpc.samba3.randomauth2 Autobuild-User: Michael Adam <ob...@samba.org> Autobuild-Date: Sat Apr 28 02:10:39 CEST 2012 on sn-devel-104 commit 97d0b8bfff20a7dc2720fd16e4905519fc7eea47 Author: Michael Adam <ob...@samba.org> Date: Sat Apr 28 00:34:36 2012 +0200 s4:torture: add a check for talloc success in the rpc.samba3 suite commit 8825274f6cca8fc83727c31f3c3f35ac9f5c6b88 Author: Michael Adam <ob...@samba.org> Date: Sat Apr 28 00:31:57 2012 +0200 s4:torture: add a rpc.samba3.smb2-reauth2 test like smb-reauth2, only for smb2 commit 0508f84426904c53f6865fb279e727382905b406 Author: Michael Adam <ob...@samba.org> Date: Fri Apr 27 16:20:38 2012 +0200 s4:torture: add a rpc.samba3.smb2-reauth1 test commit 5629eb78028cfcd9fc183d5e4950878e135ed2c8 Author: Stefan Metzmacher <me...@samba.org> Date: Fri Apr 27 16:18:47 2012 +0200 s4:librpc: create a binding on the pipe if necessary in dcerpc_pipe_open_smb2_send() Pair-Programmed-With: Michael Adam <ob...@samba.org> ----------------------------------------------------------------------- Summary of changes: source4/librpc/rpc/dcerpc_smb2.c | 15 ++ source4/torture/rpc/samba3rpc.c | 301 +++++++++++++++++++++++++++++++++++++- 2 files changed, 314 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/librpc/rpc/dcerpc_smb2.c b/source4/librpc/rpc/dcerpc_smb2.c index b822c44..30f94a4 100644 --- a/source4/librpc/rpc/dcerpc_smb2.c +++ b/source4/librpc/rpc/dcerpc_smb2.c @@ -415,6 +415,21 @@ struct composite_context *dcerpc_pipe_open_smb2_send(struct dcerpc_pipe *p, struct smb2_request *req; struct dcecli_connection *c = p->conn; + /* if we don't have a binding on this pipe yet, then create one */ + if (p->binding == NULL) { + NTSTATUS status; + const char *r = smbXcli_conn_remote_name(tree->session->transport->conn); + char *s; + SMB_ASSERT(r != NULL); + s = talloc_asprintf(p, "ncacn_np:%s", r); + if (s == NULL) return NULL; + status = dcerpc_parse_binding(p, s, &p->binding); + talloc_free(s); + if (!NT_STATUS_IS_OK(status)) { + return NULL; + } + } + ctx = composite_create(c, c->event_ctx); if (ctx == NULL) return NULL; diff --git a/source4/torture/rpc/samba3rpc.c b/source4/torture/rpc/samba3rpc.c index d8684da..5c2dff7 100644 --- a/source4/torture/rpc/samba3rpc.c +++ b/source4/torture/rpc/samba3rpc.c @@ -1,4 +1,4 @@ -/* +/*f Unix SMB/CIFS implementation. dcerpc torture tests, designed to walk Samba3 code paths @@ -42,6 +42,10 @@ #include "lib/registry/registry.h" #include "libcli/resolve/resolve.h" #include "torture/ndr/ndr.h" +#include "libcli/smb2/smb2.h" +#include "libcli/smb2/smb2_calls.h" +#include "librpc/rpc/dcerpc.h" +#include "librpc/rpc/dcerpc_proto.h" /* * This tests a RPC call using an invalid vuid @@ -1010,6 +1014,7 @@ static bool auth2(struct torture_context *tctx, r.in.credentials, r.out.return_credentials, &mach_pw, &netr_cred, negotiate_flags); + torture_assert(tctx, (creds_state != NULL), "memory allocation failed"); status = dcerpc_netr_ServerAuthenticate2_r(net_handle, mem_ctx, &a); if (!NT_STATUS_IS_OK(status)) { @@ -2137,7 +2142,7 @@ static bool torture_samba3_rpc_randomauth2(struct torture_context *torture) r.in.credentials, r.out.return_credentials, &mach_pw, &netr_cred, negotiate_flags); - + torture_assert(torture, (creds_state != NULL), "memory allocation failed"); status = dcerpc_netr_ServerAuthenticate2_r(net_handle, mem_ctx, &a); if (!NT_STATUS_IS_OK(status)) { @@ -3580,6 +3585,296 @@ done: return ret; } +/** + * Test smb2 reauthentication while rpc pipe is in use. + */ +static bool torture_rpc_smb2_reauth1(struct torture_context *torture) +{ + TALLOC_CTX *mem_ctx; + NTSTATUS status; + bool ret = false; + struct smbcli_options options; + + struct dcerpc_pipe *lsa_pipe; + struct dcerpc_binding_handle *lsa_handle; + struct lsa_GetUserName r; + struct lsa_String *authority_name_p = NULL; + char *authority_name_saved = NULL; + struct lsa_String *account_name_p = NULL; + char *account_name_saved = NULL; + struct cli_credentials *anon_creds = NULL; + const char *host = torture_setting_string(torture, "host", NULL); + struct smb2_tree *tree; + + mem_ctx = talloc_init("torture_samba3_reauth"); + torture_assert(torture, (mem_ctx != NULL), "talloc_init failed"); + + lpcfg_smbcli_options(torture->lp_ctx, &options); + + status = smb2_connect(mem_ctx, + host, + lpcfg_smb_ports(torture->lp_ctx), + "IPC$", + lpcfg_resolve_context(torture->lp_ctx), + cmdline_credentials, + &tree, + torture->ev, + &options, + lpcfg_socket_options(torture->lp_ctx), + lpcfg_gensec_settings(torture, torture->lp_ctx) + ); + torture_assert_ntstatus_ok_goto(torture, status, ret, done, + "smb2_connect failed"); + + lsa_pipe = dcerpc_pipe_init(mem_ctx, torture->ev); + torture_assert_goto(torture, (lsa_pipe != NULL), ret, done, + "dcerpc_pipe_init failed"); + lsa_handle = lsa_pipe->binding_handle; + + status = dcerpc_pipe_open_smb2(lsa_pipe, tree, "lsarpc"); + torture_assert_ntstatus_ok_goto(torture, status, ret, done, + "dcerpc_pipe_open_smb2 failed"); + + status = dcerpc_bind_auth_none(lsa_pipe, &ndr_table_lsarpc); + torture_assert_ntstatus_ok_goto(torture, status, ret, done, + "dcerpc_bind_auth_none failed"); + + /* lsa getusername */ + + ZERO_STRUCT(r); + r.in.system_name = "\\"; + r.in.account_name = &account_name_p; + r.in.authority_name = &authority_name_p; + r.out.account_name = &account_name_p; + + status = dcerpc_lsa_GetUserName_r(lsa_handle, mem_ctx, &r); + + authority_name_p = *r.out.authority_name; + + torture_assert_ntstatus_ok_goto(torture, status, ret, done, + "GetUserName failed"); + torture_assert_ntstatus_ok_goto(torture, r.out.result, ret, done, + "GetUserName failed"); + + torture_comment(torture, "lsa_GetUserName gave '%s\\%s'\n", + authority_name_p->string, + account_name_p->string); + + account_name_saved = talloc_strdup(mem_ctx, account_name_p->string); + torture_assert_goto(torture, (account_name_saved != NULL), ret, done, + "talloc failed"); + authority_name_saved = talloc_strdup(mem_ctx, authority_name_p->string); + torture_assert_goto(torture, (authority_name_saved != NULL), ret, done, + "talloc failed"); + + /* smb re-authenticate as anonymous */ + + anon_creds = cli_credentials_init_anon(mem_ctx); + + status = smb2_session_setup_spnego(tree->session, + anon_creds, + 0 /* previous_session_id */); + torture_assert_ntstatus_ok_goto(torture, status, ret, done, + "session reauth to anon failed"); + + /* re-do lsa getusername after reauth */ + + TALLOC_FREE(authority_name_p); + TALLOC_FREE(account_name_p); + ZERO_STRUCT(r); + r.in.system_name = "\\"; + r.in.account_name = &account_name_p; + r.in.authority_name = &authority_name_p; + r.out.account_name = &account_name_p; + + status = dcerpc_lsa_GetUserName_r(lsa_handle, mem_ctx, &r); + + authority_name_p = *r.out.authority_name; + + torture_assert_ntstatus_ok_goto(torture, status, ret, done, + "GetUserName failed"); + torture_assert_ntstatus_ok_goto(torture, r.out.result, ret, done, + "GetUserName failed"); + + torture_assert_goto(torture, (strcmp(authority_name_p->string, authority_name_saved) == 0), + ret, done, "authority_name not equal after reauth to anon"); + torture_assert_goto(torture, (strcmp(account_name_p->string, account_name_saved) == 0), + ret, done, "account_name not equal after reauth to anon"); + + /* smb re-auth again to the original user */ + + status = smb2_session_setup_spnego(tree->session, + cmdline_credentials, + 0 /* previous_session_id */); + torture_assert_ntstatus_ok_goto(torture, status, ret, done, + "session reauth to anon failed"); + + /* re-do lsa getusername */ + + TALLOC_FREE(authority_name_p); + TALLOC_FREE(account_name_p); + ZERO_STRUCT(r); + r.in.system_name = "\\"; + r.in.account_name = &account_name_p; + r.in.authority_name = &authority_name_p; + r.out.account_name = &account_name_p; + + status = dcerpc_lsa_GetUserName_r(lsa_handle, mem_ctx, &r); + + authority_name_p = *r.out.authority_name; + + torture_assert_ntstatus_ok_goto(torture, status, ret, done, + "GetUserName failed"); + torture_assert_ntstatus_ok_goto(torture, r.out.result, ret, done, + "GetUserName failed"); + + torture_assert_goto(torture, (strcmp(authority_name_p->string, authority_name_saved) == 0), + ret, done, "authority_name not equal after reauth to anon"); + torture_assert_goto(torture, (strcmp(account_name_p->string, account_name_saved) == 0), + ret, done, "account_name not equal after reauth to anon"); + + ret = true; + +done: + talloc_free(mem_ctx); + return ret; +} + +/** + * Test smb2reauthentication while rpc pipe is in use. + * Open a second lsa bind after reauth to anon. + * Do lsa getusername on that second bind. + */ +static bool torture_rpc_smb2_reauth2(struct torture_context *torture) +{ + TALLOC_CTX *mem_ctx; + NTSTATUS status; + bool ret = false; + struct smbcli_options options; + + struct dcerpc_pipe *lsa_pipe; + struct dcerpc_binding_handle *lsa_handle; + struct lsa_GetUserName r; + struct lsa_String *authority_name_p = NULL; + char *authority_name_saved = NULL; + struct lsa_String *account_name_p = NULL; + char *account_name_saved = NULL; + struct cli_credentials *anon_creds = NULL; + const char *host = torture_setting_string(torture, "host", NULL); + struct smb2_tree *tree; + + mem_ctx = talloc_init("torture_samba3_reauth"); + torture_assert(torture, (mem_ctx != NULL), "talloc_init failed"); + + lpcfg_smbcli_options(torture->lp_ctx, &options); + + status = smb2_connect(mem_ctx, + host, + lpcfg_smb_ports(torture->lp_ctx), + "IPC$", + lpcfg_resolve_context(torture->lp_ctx), + cmdline_credentials, + &tree, + torture->ev, + &options, + lpcfg_socket_options(torture->lp_ctx), + lpcfg_gensec_settings(torture, torture->lp_ctx) + ); + torture_assert_ntstatus_ok_goto(torture, status, ret, done, + "smb2_connect failed"); + + /* smb re-authenticate as anonymous */ + + anon_creds = cli_credentials_init_anon(mem_ctx); + + status = smb2_session_setup_spnego(tree->session, + anon_creds, + 0 /* previous_session_id */); + torture_assert_ntstatus_ok_goto(torture, status, ret, done, + "session reauth to anon failed"); + + /* open the lsa pipe */ + + lsa_pipe = dcerpc_pipe_init(mem_ctx, torture->ev); + torture_assert_goto(torture, (lsa_pipe != NULL), ret, done, + "dcerpc_pipe_init failed"); + lsa_handle = lsa_pipe->binding_handle; + + status = dcerpc_pipe_open_smb2(lsa_pipe, tree, "lsarpc"); + torture_assert_ntstatus_ok_goto(torture, status, ret, done, + "dcerpc_pipe_open_smb2 failed"); + + status = dcerpc_bind_auth_none(lsa_pipe, &ndr_table_lsarpc); + torture_assert_ntstatus_ok_goto(torture, status, ret, done, + "dcerpc_bind_auth_none failed"); + + /* lsa getusername */ + + ZERO_STRUCT(r); + r.in.system_name = "\\"; + r.in.account_name = &account_name_p; + r.in.authority_name = &authority_name_p; + r.out.account_name = &account_name_p; + + status = dcerpc_lsa_GetUserName_r(lsa_handle, mem_ctx, &r); + + authority_name_p = *r.out.authority_name; + + torture_assert_ntstatus_ok_goto(torture, status, ret, done, + "GetUserName failed"); + torture_assert_ntstatus_ok_goto(torture, r.out.result, ret, done, + "GetUserName failed"); + + torture_comment(torture, "lsa_GetUserName gave '%s\\%s'\n", + authority_name_p->string, + account_name_p->string); + + account_name_saved = talloc_strdup(mem_ctx, account_name_p->string); + torture_assert_goto(torture, (account_name_saved != NULL), ret, done, + "talloc failed"); + authority_name_saved = talloc_strdup(mem_ctx, authority_name_p->string); + torture_assert_goto(torture, (authority_name_saved != NULL), ret, done, + "talloc failed"); + + /* smb re-auth again to the original user */ + + status = smb2_session_setup_spnego(tree->session, + cmdline_credentials, + 0 /* previous_session_id */); + torture_assert_ntstatus_ok_goto(torture, status, ret, done, + "session reauth to anon failed"); + + /* re-do lsa getusername */ + + TALLOC_FREE(authority_name_p); + TALLOC_FREE(account_name_p); + ZERO_STRUCT(r); + r.in.system_name = "\\"; + r.in.account_name = &account_name_p; + r.in.authority_name = &authority_name_p; + r.out.account_name = &account_name_p; + + status = dcerpc_lsa_GetUserName_r(lsa_handle, mem_ctx, &r); + + authority_name_p = *r.out.authority_name; + + torture_assert_ntstatus_ok_goto(torture, status, ret, done, + "GetUserName failed"); + torture_assert_ntstatus_ok_goto(torture, r.out.result, ret, done, + "GetUserName failed"); + + torture_assert_goto(torture, (strcmp(authority_name_p->string, authority_name_saved) == 0), + ret, done, "authority_name not equal after reauth to anon"); + torture_assert_goto(torture, (strcmp(account_name_p->string, account_name_saved) == 0), + ret, done, "account_name not equal after reauth to anon"); + + ret = true; + +done: + talloc_free(mem_ctx); + return ret; +} + struct torture_suite *torture_rpc_samba3(TALLOC_CTX *mem_ctx) { struct torture_suite *suite = torture_suite_create(mem_ctx, "samba3"); @@ -3599,6 +3894,8 @@ struct torture_suite *torture_rpc_samba3(TALLOC_CTX *mem_ctx) torture_suite_add_simple_test(suite, "regconfig", torture_samba3_regconfig); torture_suite_add_simple_test(suite, "smb-reauth1", torture_rpc_smb_reauth1); torture_suite_add_simple_test(suite, "smb-reauth2", torture_rpc_smb_reauth2); + torture_suite_add_simple_test(suite, "smb2-reauth1", torture_rpc_smb2_reauth1); + torture_suite_add_simple_test(suite, "smb2-reauth2", torture_rpc_smb2_reauth2); suite->description = talloc_strdup(suite, "samba3 DCERPC interface tests"); -- Samba Shared Repository