Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 :
4 : test suite for behaviour of rpc policy handles
5 :
6 : Copyright (C) Andrew Tridgell 2007
7 :
8 : This program is free software; you can redistribute it and/or modify
9 : it under the terms of the GNU General Public License as published by
10 : the Free Software Foundation; either version 3 of the License, or
11 : (at your option) any later version.
12 :
13 : This program is distributed in the hope that it will be useful,
14 : but WITHOUT ANY WARRANTY; without even the implied warranty of
15 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 : GNU General Public License for more details.
17 :
18 : You should have received a copy of the GNU General Public License
19 : along with this program. If not, see <http://www.gnu.org/licenses/>.
20 : */
21 :
22 : #include "includes.h"
23 : #include "librpc/gen_ndr/ndr_samr_c.h"
24 : #include "librpc/gen_ndr/ndr_lsa_c.h"
25 : #include "librpc/gen_ndr/ndr_drsuapi_c.h"
26 : #include "torture/rpc/torture_rpc.h"
27 :
28 : /*
29 : this tests the use of policy handles between connections
30 : */
31 :
32 3 : static bool test_handles_lsa(struct torture_context *torture)
33 : {
34 : NTSTATUS status;
35 : struct dcerpc_pipe *p1, *p2;
36 : struct dcerpc_binding_handle *b1, *b2;
37 : struct policy_handle handle;
38 : struct policy_handle handle2;
39 : struct lsa_ObjectAttribute attr;
40 : struct lsa_QosInfo qos;
41 : struct lsa_OpenPolicy r;
42 : struct lsa_Close c;
43 3 : uint16_t system_name = '\\';
44 3 : TALLOC_CTX *mem_ctx = talloc_new(torture);
45 :
46 3 : torture_comment(torture, "RPC-HANDLE-LSARPC\n");
47 :
48 3 : status = torture_rpc_connection(torture, &p1, &ndr_table_lsarpc);
49 3 : torture_assert_ntstatus_ok(torture, status, "opening lsa pipe1");
50 3 : b1 = p1->binding_handle;
51 :
52 3 : status = torture_rpc_connection(torture, &p2, &ndr_table_lsarpc);
53 3 : torture_assert_ntstatus_ok(torture, status, "opening lsa pipe1");
54 3 : b2 = p2->binding_handle;
55 :
56 3 : qos.len = 0;
57 3 : qos.impersonation_level = 2;
58 3 : qos.context_mode = 1;
59 3 : qos.effective_only = 0;
60 :
61 3 : attr.len = 0;
62 3 : attr.root_dir = NULL;
63 3 : attr.object_name = NULL;
64 3 : attr.attributes = 0;
65 3 : attr.sec_desc = NULL;
66 3 : attr.sec_qos = &qos;
67 :
68 3 : r.in.system_name = &system_name;
69 3 : r.in.attr = &attr;
70 3 : r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
71 3 : r.out.handle = &handle;
72 :
73 3 : torture_assert_ntstatus_ok(torture, dcerpc_lsa_OpenPolicy_r(b1, mem_ctx, &r),
74 : "OpenPolicy failed");
75 3 : if (!NT_STATUS_IS_OK(r.out.result)) {
76 0 : torture_comment(torture, "lsa_OpenPolicy not supported - skipping\n");
77 0 : talloc_free(mem_ctx);
78 0 : return true;
79 : }
80 :
81 3 : c.in.handle = &handle;
82 3 : c.out.handle = &handle2;
83 :
84 3 : status = dcerpc_lsa_Close_r(b2, mem_ctx, &c);
85 3 : torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
86 : "closing policy handle on p2");
87 :
88 3 : torture_assert_ntstatus_ok(torture, dcerpc_lsa_Close_r(b1, mem_ctx, &c),
89 : "Close failed");
90 3 : torture_assert_ntstatus_ok(torture, c.out.result, "closing policy handle on p1");
91 :
92 3 : status = dcerpc_lsa_Close_r(b1, mem_ctx, &c);
93 3 : torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
94 : "closing policy handle on p1 again");
95 :
96 3 : talloc_free(mem_ctx);
97 :
98 3 : return true;
99 : }
100 :
101 3 : static bool test_handles_lsa_shared(struct torture_context *torture)
102 : {
103 : NTSTATUS status;
104 : struct dcerpc_pipe *p1, *p2, *p3, *p4, *p5;
105 : struct dcerpc_binding_handle *b1, *b2, *b3, *b4;
106 : struct policy_handle handle;
107 : struct policy_handle handle2;
108 : struct lsa_ObjectAttribute attr;
109 : struct lsa_QosInfo qos;
110 : struct lsa_OpenPolicy r;
111 : struct lsa_Close c;
112 : struct lsa_QuerySecurity qsec;
113 3 : struct sec_desc_buf *sdbuf = NULL;
114 3 : uint16_t system_name = '\\';
115 3 : TALLOC_CTX *mem_ctx = talloc_new(torture);
116 : enum dcerpc_transport_t transport;
117 : uint32_t assoc_group_id;
118 :
119 3 : torture_comment(torture, "RPC-HANDLE-LSARPC-SHARED\n");
120 :
121 3 : torture_comment(torture, "connect lsa pipe1\n");
122 3 : status = torture_rpc_connection(torture, &p1, &ndr_table_lsarpc);
123 3 : torture_assert_ntstatus_ok(torture, status, "opening lsa pipe1");
124 3 : b1 = p1->binding_handle;
125 :
126 3 : transport = p1->conn->transport.transport;
127 3 : assoc_group_id = dcerpc_binding_get_assoc_group_id(p1->binding);
128 :
129 3 : torture_comment(torture, "use assoc_group_id[0x%08X] for new connections\n", assoc_group_id);
130 :
131 3 : torture_comment(torture, "connect lsa pipe2\n");
132 3 : status = torture_rpc_connection_transport(torture, &p2, &ndr_table_lsarpc,
133 : transport,
134 : assoc_group_id,
135 : 0);
136 3 : torture_assert_ntstatus_ok(torture, status, "opening lsa pipe2");
137 3 : b2 = p2->binding_handle;
138 :
139 3 : torture_comment(torture, "got assoc_group_id[0x%08X] for p2\n",
140 3 : dcerpc_binding_get_assoc_group_id(p2->binding));
141 :
142 3 : qos.len = 0;
143 3 : qos.impersonation_level = 2;
144 3 : qos.context_mode = 1;
145 3 : qos.effective_only = 0;
146 :
147 3 : attr.len = 0;
148 3 : attr.root_dir = NULL;
149 3 : attr.object_name = NULL;
150 3 : attr.attributes = 0;
151 3 : attr.sec_desc = NULL;
152 3 : attr.sec_qos = &qos;
153 :
154 3 : r.in.system_name = &system_name;
155 3 : r.in.attr = &attr;
156 3 : r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
157 3 : r.out.handle = &handle;
158 :
159 3 : torture_comment(torture, "open lsa policy handle\n");
160 3 : torture_assert_ntstatus_ok(torture, dcerpc_lsa_OpenPolicy_r(b1, mem_ctx, &r),
161 : "OpenPolicy failed");
162 3 : if (!NT_STATUS_IS_OK(r.out.result)) {
163 0 : torture_comment(torture, "lsa_OpenPolicy not supported - skipping\n");
164 0 : talloc_free(mem_ctx);
165 0 : return true;
166 : }
167 :
168 : /*
169 : * connect p3 after the policy handle is opened
170 : */
171 3 : torture_comment(torture, "connect lsa pipe3 after the policy handle is opened\n");
172 3 : status = torture_rpc_connection_transport(torture, &p3, &ndr_table_lsarpc,
173 : transport,
174 : assoc_group_id,
175 : 0);
176 3 : torture_assert_ntstatus_ok(torture, status, "opening lsa pipe3");
177 3 : b3 = p3->binding_handle;
178 :
179 3 : qsec.in.handle = &handle;
180 3 : qsec.in.sec_info = 0;
181 3 : qsec.out.sdbuf = &sdbuf;
182 3 : c.in.handle = &handle;
183 3 : c.out.handle = &handle2;
184 :
185 : /*
186 : * use policy handle on all 3 connections
187 : */
188 3 : torture_comment(torture, "use the policy handle on p1,p2,p3\n");
189 3 : torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b1, mem_ctx, &qsec),
190 : "QuerySecurity failed");
191 3 : torture_assert_ntstatus_equal(torture, qsec.out.result, NT_STATUS_OK,
192 : "use policy handle on p1");
193 :
194 3 : torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b2, mem_ctx, &qsec),
195 : "QuerySecurity failed");
196 3 : torture_assert_ntstatus_equal(torture, qsec.out.result, NT_STATUS_OK,
197 : "use policy handle on p2");
198 :
199 3 : torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b3, mem_ctx, &qsec),
200 : "QuerySecurity failed");
201 3 : torture_assert_ntstatus_equal(torture, qsec.out.result, NT_STATUS_OK,
202 : "use policy handle on p3");
203 :
204 : /*
205 : * close policy handle on connection 2 and the others get a fault
206 : */
207 3 : torture_comment(torture, "close the policy handle on p2 others get a fault\n");
208 3 : torture_assert_ntstatus_ok(torture, dcerpc_lsa_Close_r(b2, mem_ctx, &c),
209 : "Close failed");
210 3 : torture_assert_ntstatus_equal(torture, c.out.result, NT_STATUS_OK,
211 : "closing policy handle on p2");
212 :
213 3 : status = dcerpc_lsa_Close_r(b1, mem_ctx, &c);
214 :
215 3 : torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
216 : "closing policy handle on p1 again");
217 :
218 3 : status = dcerpc_lsa_Close_r(b3, mem_ctx, &c);
219 3 : torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
220 : "closing policy handle on p3");
221 :
222 3 : status = dcerpc_lsa_Close_r(b2, mem_ctx, &c);
223 3 : torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
224 : "closing policy handle on p2 again");
225 :
226 : /*
227 : * open a new policy handle on p3
228 : */
229 3 : torture_comment(torture, "open a new policy handle on p3\n");
230 3 : torture_assert_ntstatus_ok(torture, dcerpc_lsa_OpenPolicy_r(b3, mem_ctx, &r),
231 : "OpenPolicy failed");
232 3 : torture_assert_ntstatus_equal(torture, r.out.result, NT_STATUS_OK,
233 : "open policy handle on p3");
234 :
235 : /*
236 : * use policy handle on all 3 connections
237 : */
238 3 : torture_comment(torture, "use the policy handle on p1,p2,p3\n");
239 3 : torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b1, mem_ctx, &qsec),
240 : "Query Security failed");
241 3 : torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK,
242 : "use policy handle on p1");
243 :
244 0 : torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b2, mem_ctx, &qsec),
245 : "Query Security failed");
246 0 : torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK,
247 : "use policy handle on p2");
248 :
249 0 : torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b3, mem_ctx, &qsec),
250 : "Query Security failed");
251 0 : torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK,
252 : "use policy handle on p3");
253 :
254 : /*
255 : * close policy handle on connection 2 and the others get a fault
256 : */
257 0 : torture_comment(torture, "close the policy handle on p2 others get a fault\n");
258 0 : torture_assert_ntstatus_ok(torture, dcerpc_lsa_Close_r(b2, mem_ctx, &c),
259 : "Close failed");
260 0 : torture_assert_ntstatus_equal(torture, c.out.result, NT_STATUS_OK,
261 : "closing policy handle on p2");
262 :
263 0 : status = dcerpc_lsa_Close_r(b1, mem_ctx, &c);
264 0 : torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
265 : "closing policy handle on p1 again");
266 :
267 0 : status = dcerpc_lsa_Close_r(b3, mem_ctx, &c);
268 0 : torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
269 : "closing policy handle on p3");
270 :
271 0 : status = dcerpc_lsa_Close_r(b2, mem_ctx, &c);
272 0 : torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
273 : "closing policy handle on p2 again");
274 :
275 : /*
276 : * open a new policy handle
277 : */
278 0 : torture_comment(torture, "open a new policy handle on p1 and use it\n");
279 0 : torture_assert_ntstatus_ok(torture, dcerpc_lsa_OpenPolicy_r(b1, mem_ctx, &r),
280 : "OpenPolicy failed");
281 0 : torture_assert_ntstatus_equal(torture, r.out.result, NT_STATUS_OK,
282 : "open 2nd policy handle on p1");
283 :
284 0 : torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b1, mem_ctx, &qsec),
285 : "QuerySecurity failed");
286 0 : torture_assert_ntstatus_equal(torture, qsec.out.result, NT_STATUS_OK,
287 : "QuerySecurity handle on p1");
288 :
289 : /* close first connection */
290 0 : torture_comment(torture, "disconnect p1\n");
291 0 : talloc_free(p1);
292 0 : smb_msleep(5);
293 :
294 : /*
295 : * and it's still available on p2,p3
296 : */
297 0 : torture_comment(torture, "use policy handle on p2,p3\n");
298 0 : torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b2, mem_ctx, &qsec),
299 : "QuerySecurity failed");
300 0 : torture_assert_ntstatus_equal(torture, qsec.out.result, NT_STATUS_OK,
301 : "QuerySecurity handle on p2 after p1 was disconnected");
302 :
303 0 : torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b3, mem_ctx, &qsec),
304 : "QuerySecurity failed");
305 0 : torture_assert_ntstatus_equal(torture, qsec.out.result, NT_STATUS_OK,
306 : "QuerySecurity handle on p3 after p1 was disconnected");
307 :
308 : /*
309 : * now open p4
310 : * and use the handle on it
311 : */
312 0 : torture_comment(torture, "connect lsa pipe4 and use policy handle\n");
313 0 : status = torture_rpc_connection_transport(torture, &p4, &ndr_table_lsarpc,
314 : transport,
315 : assoc_group_id,
316 : 0);
317 0 : torture_assert_ntstatus_ok(torture, status, "opening lsa pipe4");
318 0 : b4 = p4->binding_handle;
319 :
320 0 : torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b4, mem_ctx, &qsec),
321 : "QuerySecurity failed");
322 0 : torture_assert_ntstatus_equal(torture, qsec.out.result, NT_STATUS_OK,
323 : "using policy handle on p4");
324 :
325 : /*
326 : * now close p2,p3,p4
327 : * without closing the policy handle
328 : */
329 0 : torture_comment(torture, "disconnect p2,p3,p4\n");
330 0 : talloc_free(p2);
331 0 : talloc_free(p3);
332 0 : talloc_free(p4);
333 0 : smb_msleep(10);
334 :
335 : /*
336 : * now open p5
337 : */
338 0 : torture_comment(torture, "connect lsa pipe5 - should fail\n");
339 0 : status = torture_rpc_connection_transport(torture, &p5, &ndr_table_lsarpc,
340 : transport,
341 : assoc_group_id,
342 : 0);
343 0 : torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL,
344 : "opening lsa pipe5");
345 :
346 0 : talloc_free(mem_ctx);
347 :
348 0 : return true;
349 : }
350 :
351 :
352 3 : static bool test_handles_samr(struct torture_context *torture)
353 : {
354 : NTSTATUS status;
355 : struct dcerpc_pipe *p1, *p2;
356 : struct dcerpc_binding_handle *b1, *b2;
357 : struct policy_handle handle;
358 : struct policy_handle handle2;
359 : struct samr_Connect r;
360 : struct samr_Close c;
361 3 : TALLOC_CTX *mem_ctx = talloc_new(torture);
362 :
363 3 : torture_comment(torture, "RPC-HANDLE-SAMR\n");
364 :
365 3 : status = torture_rpc_connection(torture, &p1, &ndr_table_samr);
366 3 : torture_assert_ntstatus_ok(torture, status, "opening samr pipe1");
367 3 : b1 = p1->binding_handle;
368 :
369 3 : status = torture_rpc_connection(torture, &p2, &ndr_table_samr);
370 3 : torture_assert_ntstatus_ok(torture, status, "opening samr pipe2");
371 3 : b2 = p2->binding_handle;
372 :
373 3 : r.in.system_name = 0;
374 3 : r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
375 3 : r.out.connect_handle = &handle;
376 :
377 3 : torture_assert_ntstatus_ok(torture, dcerpc_samr_Connect_r(b1, mem_ctx, &r),
378 : "Connect failed");
379 3 : torture_assert_ntstatus_ok(torture, r.out.result, "opening policy handle on p1");
380 :
381 3 : c.in.handle = &handle;
382 3 : c.out.handle = &handle2;
383 :
384 3 : status = dcerpc_samr_Close_r(b2, mem_ctx, &c);
385 3 : torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
386 : "closing policy handle on p2");
387 :
388 3 : torture_assert_ntstatus_ok(torture, dcerpc_samr_Close_r(b1, mem_ctx, &c),
389 : "Close failed");
390 3 : torture_assert_ntstatus_ok(torture, c.out.result, "closing policy handle on p1");
391 :
392 3 : status = dcerpc_samr_Close_r(b1, mem_ctx, &c);
393 3 : torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
394 : "closing policy handle on p1 again");
395 :
396 3 : talloc_free(mem_ctx);
397 :
398 3 : return true;
399 : }
400 :
401 3 : static bool test_handles_mixed_shared(struct torture_context *torture)
402 : {
403 : NTSTATUS status;
404 : struct dcerpc_pipe *p1, *p2, *p3, *p4, *p5, *p6;
405 : struct dcerpc_binding_handle *b1, *b2;
406 : struct policy_handle handle;
407 : struct policy_handle handle2;
408 : struct samr_Connect r;
409 : struct lsa_Close lc;
410 : struct samr_Close sc;
411 3 : TALLOC_CTX *mem_ctx = talloc_new(torture);
412 : enum dcerpc_transport_t transport;
413 : uint32_t assoc_group_id;
414 :
415 3 : torture_comment(torture, "RPC-HANDLE-MIXED-SHARED\n");
416 :
417 3 : torture_comment(torture, "connect samr pipe1\n");
418 3 : status = torture_rpc_connection(torture, &p1, &ndr_table_samr);
419 3 : torture_assert_ntstatus_ok(torture, status, "opening samr pipe1");
420 3 : b1 = p1->binding_handle;
421 :
422 3 : transport = p1->conn->transport.transport;
423 3 : assoc_group_id = dcerpc_binding_get_assoc_group_id(p1->binding);
424 :
425 3 : torture_comment(torture, "use assoc_group_id[0x%08X] for new connections\n", assoc_group_id);
426 :
427 3 : torture_comment(torture, "connect lsa pipe2\n");
428 3 : status = torture_rpc_connection_transport(torture, &p2, &ndr_table_lsarpc,
429 : transport,
430 : assoc_group_id,
431 : 0);
432 3 : torture_assert_ntstatus_ok(torture, status, "opening lsa pipe2");
433 3 : b2 = p2->binding_handle;
434 :
435 3 : torture_comment(torture, "got assoc_group_id[0x%08X] for p2\n",
436 3 : dcerpc_binding_get_assoc_group_id(p2->binding));
437 3 : r.in.system_name = 0;
438 3 : r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
439 3 : r.out.connect_handle = &handle;
440 :
441 3 : torture_comment(torture, "samr_Connect to open a policy handle on samr p1\n");
442 3 : torture_assert_ntstatus_ok(torture, dcerpc_samr_Connect_r(b1, mem_ctx, &r),
443 : "Connect failed");
444 3 : torture_assert_ntstatus_ok(torture, r.out.result, "opening policy handle on p1");
445 :
446 3 : lc.in.handle = &handle;
447 3 : lc.out.handle = &handle2;
448 3 : sc.in.handle = &handle;
449 3 : sc.out.handle = &handle2;
450 :
451 3 : torture_comment(torture, "use policy handle on lsa p2 - should fail\n");
452 3 : status = dcerpc_lsa_Close_r(b2, mem_ctx, &lc);
453 3 : torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
454 : "closing handle on lsa p2");
455 :
456 3 : torture_comment(torture, "closing policy handle on samr p1\n");
457 3 : torture_assert_ntstatus_ok(torture, dcerpc_samr_Close_r(b1, mem_ctx, &sc),
458 : "Close failed");
459 3 : torture_assert_ntstatus_ok(torture, sc.out.result, "closing policy handle on p1");
460 :
461 3 : talloc_free(p1);
462 3 : talloc_free(p2);
463 3 : smb_msleep(10);
464 :
465 3 : torture_comment(torture, "connect samr pipe3 - should fail\n");
466 3 : status = torture_rpc_connection_transport(torture, &p3, &ndr_table_samr,
467 : transport,
468 : assoc_group_id,
469 : 0);
470 3 : torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL,
471 : "opening samr pipe3");
472 :
473 3 : torture_comment(torture, "connect lsa pipe4 - should fail\n");
474 3 : status = torture_rpc_connection_transport(torture, &p4, &ndr_table_lsarpc,
475 : transport,
476 : assoc_group_id,
477 : 0);
478 3 : torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL,
479 : "opening lsa pipe4");
480 :
481 : /*
482 : * We use ~assoc_group_id instead of p1->assoc_group_id, because
483 : * this way we are less likely to use an id which is already in use.
484 : */
485 3 : assoc_group_id = ~assoc_group_id;
486 3 : torture_comment(torture, "connect samr pipe5 with assoc_group_id[0x%08X]- should fail\n", ++assoc_group_id);
487 3 : status = torture_rpc_connection_transport(torture, &p5, &ndr_table_samr,
488 : transport,
489 : assoc_group_id,
490 : 0);
491 3 : torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL,
492 : "opening samr pipe5");
493 :
494 3 : torture_comment(torture, "connect lsa pipe6 with assoc_group_id[0x%08X]- should fail\n", ++assoc_group_id);
495 3 : status = torture_rpc_connection_transport(torture, &p6, &ndr_table_lsarpc,
496 : transport,
497 : assoc_group_id,
498 : 0);
499 3 : torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL,
500 : "opening lsa pipe6");
501 :
502 3 : talloc_free(mem_ctx);
503 :
504 3 : return true;
505 : }
506 :
507 3 : static bool test_handles_random_assoc(struct torture_context *torture)
508 : {
509 : NTSTATUS status;
510 : struct dcerpc_pipe *p1, *p2, *p3;
511 3 : TALLOC_CTX *mem_ctx = talloc_new(torture);
512 : enum dcerpc_transport_t transport;
513 : uint32_t assoc_group_id;
514 :
515 3 : torture_comment(torture, "RPC-HANDLE-RANDOM-ASSOC\n");
516 :
517 3 : torture_comment(torture, "connect samr pipe1\n");
518 3 : status = torture_rpc_connection(torture, &p1, &ndr_table_samr);
519 3 : torture_assert_ntstatus_ok(torture, status, "opening samr pipe1");
520 :
521 3 : torture_comment(torture, "pipe1 uses assoc_group_id[0x%08X]\n",
522 3 : dcerpc_binding_get_assoc_group_id(p1->binding));
523 :
524 3 : transport = p1->conn->transport.transport;
525 : /*
526 : * We use ~p1->assoc_group_id instead of p1->assoc_group_id, because
527 : * this way we are less likely to use an id which is already in use.
528 : *
529 : * And make sure it doesn't wrap.
530 : */
531 3 : assoc_group_id = dcerpc_binding_get_assoc_group_id(p1->binding);
532 3 : assoc_group_id = ~MIN(assoc_group_id, UINT32_MAX - 3);
533 :
534 3 : torture_comment(torture, "connect samr pipe2 with assoc_group_id[0x%08X]- should fail\n", ++assoc_group_id);
535 3 : status = torture_rpc_connection_transport(torture, &p2, &ndr_table_samr,
536 : transport,
537 : assoc_group_id,
538 : 0);
539 3 : torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL,
540 : "opening samr pipe2");
541 :
542 3 : torture_comment(torture, "connect samr pipe3 with assoc_group_id[0x%08X]- should fail\n", ++assoc_group_id);
543 3 : status = torture_rpc_connection_transport(torture, &p3, &ndr_table_samr,
544 : transport,
545 : assoc_group_id,
546 : 0);
547 3 : torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL,
548 : "opening samr pipe3");
549 :
550 3 : talloc_free(mem_ctx);
551 :
552 3 : return true;
553 : }
554 :
555 :
556 3 : static bool test_handles_drsuapi(struct torture_context *torture)
557 : {
558 : NTSTATUS status;
559 : struct dcerpc_pipe *p1, *p2;
560 : struct dcerpc_binding_handle *b1, *b2;
561 : struct policy_handle handle;
562 : struct policy_handle handle2;
563 : struct GUID bind_guid;
564 : struct drsuapi_DsBind r;
565 : struct drsuapi_DsUnbind c;
566 3 : TALLOC_CTX *mem_ctx = talloc_new(torture);
567 :
568 3 : torture_comment(torture, "RPC-HANDLE-DRSUAPI\n");
569 :
570 3 : status = torture_rpc_connection(torture, &p1, &ndr_table_drsuapi);
571 3 : torture_assert_ntstatus_ok(torture, status, "opening drsuapi pipe1");
572 3 : b1 = p1->binding_handle;
573 :
574 3 : status = torture_rpc_connection(torture, &p2, &ndr_table_drsuapi);
575 3 : torture_assert_ntstatus_ok(torture, status, "opening drsuapi pipe1");
576 3 : b2 = p2->binding_handle;
577 :
578 3 : GUID_from_string(DRSUAPI_DS_BIND_GUID, &bind_guid);
579 :
580 3 : r.in.bind_guid = &bind_guid;
581 3 : r.in.bind_info = NULL;
582 3 : r.out.bind_handle = &handle;
583 :
584 3 : status = dcerpc_drsuapi_DsBind_r(b1, mem_ctx, &r);
585 3 : if (!NT_STATUS_IS_OK(status)) {
586 2 : torture_comment(torture, "drsuapi_DsBind not supported - skipping\n");
587 2 : talloc_free(mem_ctx);
588 2 : return true;
589 : }
590 :
591 1 : c.in.bind_handle = &handle;
592 1 : c.out.bind_handle = &handle2;
593 :
594 1 : status = dcerpc_drsuapi_DsUnbind_r(b2, mem_ctx, &c);
595 1 : torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
596 : "closing policy handle on p2");
597 :
598 1 : status = dcerpc_drsuapi_DsUnbind_r(b1, mem_ctx, &c);
599 1 : torture_assert_ntstatus_ok(torture, status, "closing policy handle on p1");
600 :
601 1 : status = dcerpc_drsuapi_DsUnbind_r(b1, mem_ctx, &c);
602 1 : torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
603 : "closing policy handle on p1 again");
604 :
605 1 : talloc_free(mem_ctx);
606 :
607 1 : return true;
608 : }
609 :
610 964 : struct torture_suite *torture_rpc_handles(TALLOC_CTX *mem_ctx)
611 : {
612 : struct torture_suite *suite;
613 :
614 964 : suite = torture_suite_create(mem_ctx, "handles");
615 964 : torture_suite_add_simple_test(suite, "lsarpc", test_handles_lsa);
616 964 : torture_suite_add_simple_test(suite, "lsarpc-shared", test_handles_lsa_shared);
617 964 : torture_suite_add_simple_test(suite, "samr", test_handles_samr);
618 964 : torture_suite_add_simple_test(suite, "mixed-shared", test_handles_mixed_shared);
619 964 : torture_suite_add_simple_test(suite, "random-assoc", test_handles_random_assoc);
620 964 : torture_suite_add_simple_test(suite, "drsuapi", test_handles_drsuapi);
621 964 : return suite;
622 : }
|
