diff options
author | Andreas Schneider <asn@samba.org> | 2015-12-03 18:10:51 +0100 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2015-12-10 08:49:20 +0100 |
commit | 59c11db03d4c3e0c53b27d685e406de16c52e2a3 (patch) | |
tree | 959d1e7988a8fa3502d739472f954659c11a6baa /source4/torture | |
parent | 97765d48f625738135b6cfe9fb55fa9bc6eba5e0 (diff) | |
download | samba-59c11db03d4c3e0c53b27d685e406de16c52e2a3.tar.gz |
s4-torture: Rename backupkey test to backupkey_heimdal
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Diffstat (limited to 'source4/torture')
-rw-r--r-- | source4/torture/rpc/backupkey_heimdal.c (renamed from source4/torture/rpc/backupkey.c) | 96 | ||||
-rwxr-xr-x | source4/torture/wscript_build | 2 |
2 files changed, 49 insertions, 49 deletions
diff --git a/source4/torture/rpc/backupkey.c b/source4/torture/rpc/backupkey_heimdal.c index 557aaae7c00..e8cc4a6ba00 100644 --- a/source4/torture/rpc/backupkey.c +++ b/source4/torture/rpc/backupkey_heimdal.c @@ -255,7 +255,7 @@ static DATA_BLOB *create_unencryptedsecret(TALLOC_CTX *mem_ctx, /* * Create an access check structure, the format depends on the version parameter. - * If broken is specified then we create a stucture that isn't conform to the + * If broken is specified then we create a stucture that isn't conform to the * specification. * * If the structure can't be created then NULL is returned. @@ -622,7 +622,7 @@ static struct bkrp_BackupKey *createRestoreGUIDStruct(struct torture_context *tc } if (broken_magic_access){ - /* The start of the access_check structure contains the + /* The start of the access_check structure contains the * GUID of the certificate */ xs->data[0]++; @@ -774,7 +774,7 @@ static bool test_RetrieveBackupKeyGUID(struct torture_context *tctx, return true; } -/* Test to check the failure to recover a secret because the +/* Test to check the failure to recover a secret because the * secret blob is not reversed */ static bool test_RestoreGUID_ko(struct torture_context *tctx, @@ -1005,9 +1005,9 @@ static bool test_RestoreGUID_badcertguid(struct torture_context *tctx, ndr_err = ndr_pull_struct_blob(&out_blob, tctx, &resp, (ndr_pull_flags_fn_t)ndr_pull_bkrp_client_side_unwrapped); torture_assert_int_equal(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), 0, "Unable to unmarshall bkrp_client_side_unwrapped"); - /* + /* * Windows 2012R2 has, presumably, a programming error - * returning an NTSTATUS code on this interface + * returning an NTSTATUS code on this interface */ if (W_ERROR_V(r->out.result) != NT_STATUS_V(NT_STATUS_OBJECT_NAME_NOT_FOUND)) { torture_assert_werr_equal(tctx, r->out.result, WERR_INVALID_DATA, "Bad error code on wrong has in access check"); @@ -1078,7 +1078,7 @@ static bool test_RestoreGUID_badhashaccesscheck(struct torture_context *tctx, return true; } -/* +/* * Check that the RSA modulus in the certificate of the DCs has 2048 bits. */ static bool test_RetrieveBackupKeyGUID_2048bits(struct torture_context *tctx, @@ -1098,7 +1098,7 @@ static bool test_RetrieveBackupKeyGUID_2048bits(struct torture_context *tctx, int RSA_returned_bits; torture_assert(tctx, r != NULL, "createRetrieveBackupKeyGUIDStruct failed"); - + hx509_context_init(&hctx); if (r == NULL) { @@ -1137,9 +1137,9 @@ static bool test_RetrieveBackupKeyGUID_2048bits(struct torture_context *tctx, RSA_free(rsa); - /* + /* * Because we prevented spki from being changed above, - * we can now safely call this to free it + * we can now safely call this to free it */ free_SubjectPublicKeyInfo(&spki); hx509_cert_free(cert); @@ -1197,7 +1197,7 @@ static bool test_ServerWrap_encrypt_decrypt(struct torture_context *tctx, r.out.result, "encrypt"); encrypted.length = *r.out.data_out_len; - + /* Decrypt */ torture_assert_ntstatus_ok(tctx, GUID_from_string(BACKUPKEY_RESTORE_GUID, &guid), @@ -1300,7 +1300,7 @@ static bool test_ServerWrap_decrypt_wrong_keyGUID(struct torture_context *tctx, ndr_err = ndr_push_struct_blob(&encrypted, tctx, &server_side_wrapped, (ndr_push_flags_fn_t)ndr_push_bkrp_server_side_wrapped); torture_assert_ndr_err_equal(tctx, ndr_err, NDR_ERR_SUCCESS, "push of server_side_wrapped"); - + /* Decrypt */ torture_assert_ntstatus_ok(tctx, GUID_from_string(BACKUPKEY_RESTORE_GUID, &guid), @@ -1571,7 +1571,7 @@ static bool test_ServerWrap_encrypt_decrypt_manual(struct torture_context *tctx, ZERO_STRUCT(r_query_secret); /* Now read BCKUPKEY_P and prove we can do a matching decrypt and encrypt */ - + torture_assert_ntstatus_ok(tctx, torture_rpc_connection(tctx, &lsa_p, &ndr_table_lsarpc), "Opening LSA pipe"); @@ -1579,18 +1579,18 @@ static bool test_ServerWrap_encrypt_decrypt_manual(struct torture_context *tctx, torture_assert(tctx, test_lsa_OpenPolicy2(lsa_b, tctx, &handle), "OpenPolicy failed"); r_secret.in.name.string = "G$BCKUPKEY_P"; - + r_secret.in.handle = handle; r_secret.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; r_secret.out.sec_handle = &sec_handle; - + torture_comment(tctx, "Testing OpenSecret\n"); - + torture_assert_ntstatus_ok(tctx, dcerpc_lsa_OpenSecret_r(lsa_b, tctx, &r_secret), "OpenSecret failed"); torture_assert_ntstatus_ok(tctx, r_secret.out.result, "OpenSecret failed"); - + r_query_secret.in.sec_handle = &sec_handle; r_query_secret.in.new_val = &bufp1; bufp1.buf = NULL; @@ -1599,41 +1599,41 @@ static bool test_ServerWrap_encrypt_decrypt_manual(struct torture_context *tctx, "QuerySecret failed"); torture_assert_ntstatus_ok(tctx, r_query_secret.out.result, "QuerySecret failed"); - - + + preferred_key.data = r_query_secret.out.new_val->buf->data; preferred_key.length = r_query_secret.out.new_val->buf->size; torture_assert_ntstatus_ok(tctx, dcerpc_fetch_session_key(lsa_p, &session_key), "dcerpc_fetch_session_key failed"); - + torture_assert_ntstatus_ok(tctx, sess_decrypt_blob(tctx, &preferred_key, &session_key, &preferred_key_clear), "sess_decrypt_blob failed"); - + torture_assert_ntstatus_ok(tctx, GUID_from_ndr_blob(&preferred_key_clear, &preferred_key_guid), "GUID parse failed"); - + torture_assert_guid_equal(tctx, server_side_wrapped->guid, preferred_key_guid, "GUID didn't match value pointed at by G$BCKUPKEY_P"); /* And read BCKUPKEY_<guid> and get the actual key */ - + key_guid_string = GUID_string(tctx, &server_side_wrapped->guid); r_secret.in.name.string = talloc_asprintf(tctx, "G$BCKUPKEY_%s", key_guid_string); - + r_secret.in.handle = handle; r_secret.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; r_secret.out.sec_handle = &sec_handle; - + torture_comment(tctx, "Testing OpenSecret\n"); - + torture_assert_ntstatus_ok(tctx, dcerpc_lsa_OpenSecret_r(lsa_b, tctx, &r_secret), "OpenSecret failed"); torture_assert_ntstatus_ok(tctx, r_secret.out.result, "OpenSecret failed"); - + r_query_secret.in.sec_handle = &sec_handle; r_query_secret.in.new_val = &bufp1; @@ -1641,16 +1641,16 @@ static bool test_ServerWrap_encrypt_decrypt_manual(struct torture_context *tctx, "QuerySecret failed"); torture_assert_ntstatus_ok(tctx, r_query_secret.out.result, "QuerySecret failed"); - - + + decrypt_key.data = r_query_secret.out.new_val->buf->data; decrypt_key.length = r_query_secret.out.new_val->buf->size; - + torture_assert_ntstatus_ok(tctx, sess_decrypt_blob(tctx, &decrypt_key, &session_key, &decrypt_key_clear), "sess_decrypt_blob failed"); - + torture_assert_ndr_err_equal(tctx, ndr_pull_struct_blob(&decrypt_key_clear, tctx, &server_key, (ndr_pull_flags_fn_t)ndr_pull_bkrp_dc_serverwrap_key), NDR_ERR_SUCCESS, "Failed to parse server_key"); @@ -1659,18 +1659,18 @@ static bool test_ServerWrap_encrypt_decrypt_manual(struct torture_context *tctx, /* * This is *not* the leading 64 bytes, as indicated in MS-BKRP 3.1.4.1.1 - * BACKUPKEY_BACKUP_GUID, it really is the whole key + * BACKUPKEY_BACKUP_GUID, it really is the whole key */ HMAC(EVP_sha1(), server_key.key, sizeof(server_key.key), server_side_wrapped->r2, sizeof(server_side_wrapped->r2), symkey, &hash_len); - + /* rc4 decrypt sid and secret using sym key */ symkey_blob = data_blob_const(symkey, sizeof(symkey)); - + encrypted_blob = data_blob_talloc(tctx, server_side_wrapped->rc4encryptedpayload, server_side_wrapped->ciphertext_length); - + arcfour_crypt_blob(encrypted_blob.data, encrypted_blob.length, &symkey_blob); torture_assert_ndr_err_equal(tctx, ndr_pull_struct_blob(&encrypted_blob, tctx, &rc4payload, @@ -1683,12 +1683,12 @@ static bool test_ServerWrap_encrypt_decrypt_manual(struct torture_context *tctx, /* * This is *not* the leading 64 bytes, as indicated in MS-BKRP 3.1.4.1.1 - * BACKUPKEY_BACKUP_GUID, it really is the whole key + * BACKUPKEY_BACKUP_GUID, it really is the whole key */ HMAC(EVP_sha1(), server_key.key, sizeof(server_key.key), rc4payload.r3, sizeof(rc4payload.r3), mackey, &hash_len); - + torture_assert_ndr_err_equal(tctx, ndr_push_struct_blob(&sid_blob, tctx, &rc4payload.sid, (ndr_push_flags_fn_t)ndr_push_dom_sid), NDR_ERR_SUCCESS, "unable to push SID"); @@ -1714,7 +1714,7 @@ static bool test_ServerWrap_encrypt_decrypt_manual(struct torture_context *tctx, torture_assert_sid_equal(tctx, &rc4payload.sid, caller_sid, "Secret saved with wrong SID"); - + /* RE-encrypt */ if (wrong == WRONG_SID) { @@ -1739,7 +1739,7 @@ static bool test_ServerWrap_encrypt_decrypt_manual(struct torture_context *tctx, HMAC_CTX_cleanup(&ctx); dump_data_pw("rc4payload.mac: \n", rc4payload.mac, sizeof(rc4payload.mac)); - + torture_assert_ndr_err_equal(tctx, ndr_push_struct_blob(&encrypted_blob, tctx, &rc4payload, (ndr_push_flags_fn_t)ndr_push_bkrp_rc4encryptedpayload), @@ -1751,7 +1751,7 @@ static bool test_ServerWrap_encrypt_decrypt_manual(struct torture_context *tctx, symkey_blob.data[1] = 78; symkey_blob.data[2] = 78; } - + /* rc4 encrypt sid and secret using sym key */ arcfour_crypt_blob(encrypted_blob.data, encrypted_blob.length, &symkey_blob); @@ -1766,7 +1766,7 @@ static bool test_ServerWrap_encrypt_decrypt_manual(struct torture_context *tctx, encrypted_blob.length, "expected encrypted data not to change"); } - + server_side_wrapped->payload_length = rc4payload.secret_data.length; server_side_wrapped->ciphertext_length = encrypted_blob.length; server_side_wrapped->rc4encryptedpayload = encrypted_blob.data; @@ -1846,7 +1846,7 @@ static bool test_ServerWrap_decrypt_wrong_stuff(struct torture_context *tctx, repush = true; break; case WRONG_CIPHERTEXT_LENGTH: - /* + /* * Change the ciphertext len. We can't push this if * we have it wrong, so do it raw */ @@ -1857,7 +1857,7 @@ static bool test_ServerWrap_decrypt_wrong_stuff(struct torture_context *tctx, repush = true; break; case SHORT_CIPHERTEXT_LENGTH: - /* + /* * Change the ciphertext len. We can't push this if * we have it wrong, so do it raw */ @@ -1868,7 +1868,7 @@ static bool test_ServerWrap_decrypt_wrong_stuff(struct torture_context *tctx, repush = true; break; case ZERO_CIPHERTEXT_LENGTH: - /* + /* * Change the ciphertext len. We can't push this if * we have it wrong, so do it raw */ @@ -1890,7 +1890,7 @@ static bool test_ServerWrap_decrypt_wrong_stuff(struct torture_context *tctx, (ndr_push_flags_fn_t)ndr_push_bkrp_server_side_wrapped); torture_assert_ndr_err_equal(tctx, ndr_err, NDR_ERR_SUCCESS, "push of server_side_wrapped"); } - + /* Decrypt */ torture_assert_ntstatus_ok(tctx, GUID_from_string(BACKUPKEY_RESTORE_GUID, &guid), @@ -1928,7 +1928,7 @@ static bool test_ServerWrap_decrypt_wrong_stuff(struct torture_context *tctx, WERR_INVALID_PARAM, "decrypt should fail with WERR_INVALID_PARAM"); } - + /* Decrypt */ torture_assert_ntstatus_ok(tctx, GUID_from_string(BACKUPKEY_RESTORE_GUID_WIN2K, &guid), @@ -1966,7 +1966,7 @@ static bool test_ServerWrap_decrypt_wrong_stuff(struct torture_context *tctx, WERR_INVALID_PARAM, "decrypt should fail with WERR_INVALID_PARAM"); } - + return true; } @@ -2132,9 +2132,9 @@ struct torture_suite *torture_rpc_backupkey(TALLOC_CTX *mem_ctx) torture_rpc_tcase_add_test(tcase, "server_wrap_decrypt_zero_ciphertext_length", test_ServerWrap_decrypt_zero_ciphertext_length); - torture_rpc_tcase_add_test(tcase, "server_wrap_encrypt_decrypt_remote_key", + torture_rpc_tcase_add_test(tcase, "server_wrap_encrypt_decrypt_remote_key", test_ServerWrap_encrypt_decrypt_remote_key); - + torture_rpc_tcase_add_test(tcase, "server_wrap_encrypt_decrypt_wrong_key", test_ServerWrap_encrypt_decrypt_wrong_key); diff --git a/source4/torture/wscript_build b/source4/torture/wscript_build index 0a5c5ccaf79..8ae3175f1a6 100755 --- a/source4/torture/wscript_build +++ b/source4/torture/wscript_build @@ -120,7 +120,7 @@ bld.SAMBA_MODULE('torture_rpc', rpc/fsrvp.c rpc/clusapi.c rpc/witness.c - rpc/backupkey.c + rpc/backupkey_heimdal.c ''' + ntvfs_specific['source'], autoproto='rpc/proto.h', subsystem='smbtorture', |