Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 : test suite for rpc bind operations
4 :
5 : Copyright (C) Guenther Deschner 2010
6 :
7 : This program is free software; you can redistribute it and/or modify
8 : it under the terms of the GNU General Public License as published by
9 : the Free Software Foundation; either version 3 of the License, or
10 : (at your option) any later version.
11 :
12 : This program is distributed in the hope that it will be useful,
13 : but WITHOUT ANY WARRANTY; without even the implied warranty of
14 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 : GNU General Public License for more details.
16 :
17 : You should have received a copy of the GNU General Public License
18 : along with this program; if not, write to the Free Software
19 : Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 : */
21 :
22 : #include "includes.h"
23 : #include "torture/rpc/torture_rpc.h"
24 : #include "librpc/gen_ndr/ndr_lsa_c.h"
25 : #include "librpc/gen_ndr/ndr_epmapper_c.h"
26 : #include "lib/cmdline/cmdline.h"
27 :
28 24 : static bool test_openpolicy(struct torture_context *tctx,
29 : struct dcerpc_pipe *p)
30 : {
31 24 : struct dcerpc_binding_handle *b = p->binding_handle;
32 : struct policy_handle *handle;
33 :
34 24 : torture_assert(tctx,
35 : test_lsa_OpenPolicy2(b, tctx, &handle),
36 : "failed to open policy");
37 :
38 24 : torture_assert(tctx,
39 : test_lsa_Close(b, tctx, handle),
40 : "failed to close policy");
41 :
42 24 : return true;
43 : }
44 :
45 24 : static bool test_bind(struct torture_context *tctx,
46 : const void *private_data)
47 : {
48 : struct dcerpc_binding *binding;
49 : struct dcerpc_pipe *p;
50 : NTSTATUS status;
51 24 : const uint32_t *flags = (const uint32_t *)private_data;
52 :
53 24 : torture_assert_ntstatus_ok(tctx,
54 : torture_rpc_binding(tctx, &binding),
55 : "failed to parse binding string");
56 :
57 24 : status = dcerpc_binding_set_flags(binding, *flags, DCERPC_AUTH_OPTIONS);
58 24 : torture_assert_ntstatus_ok(tctx, status, "set flags");
59 :
60 24 : torture_assert_ntstatus_ok(tctx,
61 : dcerpc_pipe_connect_b(tctx, &p, binding,
62 : &ndr_table_lsarpc,
63 : samba_cmdline_get_creds(),
64 : tctx->ev,
65 : tctx->lp_ctx),
66 : "failed to connect pipe");
67 :
68 24 : torture_assert(tctx,
69 : test_openpolicy(tctx, p),
70 : "failed to test openpolicy");
71 :
72 24 : talloc_free(p);
73 :
74 24 : return true;
75 : }
76 :
77 : /**
78 : * Verifies a handle created in a connection is available on
79 : * a second connection when the same association group is
80 : * requested in the bind operation. The LSA interface can't be
81 : * used because it runs in preforking mode in the selftests.
82 : * Association groups should work when binding to interfaces
83 : * running in the same process.
84 : */
85 3 : static bool test_assoc_group_handles_external(struct torture_context *tctx,
86 : const void *private_data)
87 : {
88 3 : struct dcerpc_binding *binding1 = NULL;
89 3 : struct dcerpc_binding *binding2 = NULL;
90 3 : struct dcerpc_pipe *p1 = NULL;
91 3 : struct dcerpc_pipe *p2 = NULL;
92 : struct epm_Lookup r;
93 : struct epm_LookupHandleFree f;
94 : struct policy_handle handle;
95 : uint32_t assoc_group_id;
96 3 : uint32_t num_ents = 0;
97 :
98 3 : ZERO_STRUCT(handle);
99 :
100 : /* Open first pipe and open a policy handle */
101 3 : torture_assert_ntstatus_ok(tctx,
102 : torture_rpc_binding(tctx, &binding1),
103 : "failed to parse binding string");
104 3 : dcerpc_binding_set_transport(binding1, NCACN_IP_TCP);
105 3 : dcerpc_binding_set_string_option(binding1, "endpoint", "135");
106 :
107 3 : torture_assert_ntstatus_ok(tctx,
108 : dcerpc_pipe_connect_b(tctx, &p1, binding1,
109 : &ndr_table_epmapper,
110 : samba_cmdline_get_creds(),
111 : tctx->ev,
112 : tctx->lp_ctx),
113 : "failed to connect first pipe");
114 :
115 3 : r.in.inquiry_type = RPC_C_EP_ALL_ELTS;
116 3 : r.in.object = NULL;
117 3 : r.in.interface_id = NULL;
118 3 : r.in.vers_option = RPC_C_VERS_ALL;
119 :
120 3 : r.in.entry_handle = &handle;
121 3 : r.in.max_ents = 1;
122 :
123 3 : r.out.entry_handle = &handle;
124 3 : r.out.num_ents = &num_ents;
125 :
126 3 : torture_assert_ntstatus_ok(tctx,
127 : dcerpc_epm_Lookup_r(p1->binding_handle, tctx, &r),
128 : "failed EPM Lookup");
129 3 : torture_assert_int_equal(tctx,
130 : r.out.result,
131 : EPMAPPER_STATUS_OK,
132 : "failed EPM Lookup");
133 :
134 : /* Open second pipe, different association group. Handle not found */
135 3 : torture_assert_ntstatus_ok(tctx,
136 : torture_rpc_binding(tctx, &binding2),
137 : "failed to parse binding string");
138 3 : dcerpc_binding_set_transport(binding2, NCACN_IP_TCP);
139 3 : dcerpc_binding_set_string_option(binding2, "endpoint", "135");
140 :
141 3 : torture_assert_ntstatus_ok(tctx,
142 : dcerpc_pipe_connect_b(tctx, &p2, binding2,
143 : &ndr_table_epmapper,
144 : samba_cmdline_get_creds(),
145 : tctx->ev,
146 : tctx->lp_ctx),
147 : "failed to connect second pipe");
148 :
149 3 : torture_assert_ntstatus_equal(tctx,
150 : dcerpc_epm_Lookup_r(p2->binding_handle, tctx, &r),
151 : NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
152 : "Unexpected EPM Lookup success");
153 :
154 : /* Open second pipe, same association group. Handle is found */
155 3 : assoc_group_id = dcerpc_binding_get_assoc_group_id(p1->binding);
156 3 : dcerpc_binding_set_assoc_group_id(binding2, assoc_group_id);
157 :
158 3 : TALLOC_FREE(p2);
159 3 : torture_assert_ntstatus_ok(tctx,
160 : dcerpc_pipe_connect_b(tctx, &p2, binding2,
161 : &ndr_table_epmapper,
162 : samba_cmdline_get_creds(),
163 : tctx->ev,
164 : tctx->lp_ctx),
165 : "failed to connect second pipe");
166 :
167 3 : torture_assert_ntstatus_ok(tctx,
168 : dcerpc_epm_Lookup_r(p2->binding_handle, tctx, &r),
169 : "failed EPM Lookup");
170 :
171 3 : torture_assert_int_equal(tctx,
172 : r.out.result,
173 : EPMAPPER_STATUS_OK,
174 : "failed EPM Lookup");
175 :
176 : /* Cleanup */
177 3 : f.in.entry_handle = &handle;
178 3 : f.out.entry_handle = &handle;
179 :
180 3 : torture_assert_ntstatus_ok(tctx,
181 : dcerpc_epm_LookupHandleFree_r(p1->binding_handle, tctx, &f),
182 : "failed EPM LookupHandleFree");
183 :
184 3 : torture_assert_int_equal(tctx,
185 : r.out.result,
186 : EPMAPPER_STATUS_OK,
187 : "failed EPM LookupHandleFree");
188 :
189 3 : TALLOC_FREE(p1);
190 3 : TALLOC_FREE(p2);
191 3 : TALLOC_FREE(binding2);
192 3 : TALLOC_FREE(binding1);
193 :
194 3 : return true;
195 : }
196 :
197 7712 : static void test_bind_op(struct torture_suite *suite,
198 : const char *name,
199 : uint32_t flags)
200 : {
201 7712 : uint32_t *flags_p = talloc(suite, uint32_t);
202 :
203 7712 : *flags_p = flags;
204 :
205 7712 : torture_suite_add_simple_tcase_const(suite, name, test_bind, flags_p);
206 7712 : }
207 :
208 :
209 964 : struct torture_suite *torture_rpc_bind(TALLOC_CTX *mem_ctx)
210 : {
211 964 : struct torture_suite *suite = torture_suite_create(mem_ctx, "bind");
212 : struct {
213 : const char *test_name;
214 : uint32_t flags;
215 964 : } tests[] = {
216 : {
217 : .test_name = "ntlm,sign",
218 : .flags = DCERPC_AUTH_NTLM | DCERPC_SIGN
219 : },{
220 : .test_name = "ntlm,sign,seal",
221 : .flags = DCERPC_AUTH_NTLM | DCERPC_SIGN | DCERPC_SEAL
222 : },{
223 : .test_name = "spnego,sign",
224 : .flags = DCERPC_AUTH_SPNEGO | DCERPC_SIGN
225 : },{
226 : .test_name = "spnego,sign,seal",
227 : .flags = DCERPC_AUTH_SPNEGO | DCERPC_SIGN | DCERPC_SEAL
228 : }
229 : };
230 : int i;
231 :
232 4820 : for (i=0; i < ARRAY_SIZE(tests); i++) {
233 3856 : test_bind_op(suite, tests[i].test_name, tests[i].flags);
234 : }
235 4820 : for (i=0; i < ARRAY_SIZE(tests); i++) {
236 3856 : test_bind_op(suite, talloc_asprintf(suite, "bigendian,%s", tests[i].test_name), tests[i].flags | DCERPC_PUSH_BIGENDIAN);
237 : }
238 :
239 964 : torture_suite_add_simple_tcase_const(suite,
240 : "assoc_group_handles_external",
241 : test_assoc_group_handles_external,
242 : NULL);
243 :
244 964 : return suite;
245 : }
|