summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2016-11-09 14:22:33 +1300
committerAndrew Bartlett <abartlet@samba.org>2016-12-01 05:54:22 +0100
commitbf7342bdf4fea9ce49915d88ab4bf5202cb1b64b (patch)
tree11048a04786f2673b23143403d10e8027be84150 /source4
parent5a1dcf2385cc03c45c546522e38585b3092c35af (diff)
downloadsamba-bf7342bdf4fea9ce49915d88ab4bf5202cb1b64b.tar.gz
torture: Remove access to LSARPC via \\pipe\netlogon in rpc.netlogon for ManyGetDCName test
This exploited the fact that we had \\pipe\lsass in both netlogon.idl and lsarpc.idl To do this, we reset the binding to a new endpoint and reset the association group. We add a new test specifically for this "feature" that we can knownfail if we break it to add other new functionality. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Diffstat (limited to 'source4')
-rw-r--r--source4/torture/rpc/netlogon.c70
1 files changed, 68 insertions, 2 deletions
diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c
index eb4cb4cece9..bb793a6b61a 100644
--- a/source4/torture/rpc/netlogon.c
+++ b/source4/torture/rpc/netlogon.c
@@ -4011,7 +4011,7 @@ static bool test_ManyGetDCName(struct torture_context *tctx,
{
NTSTATUS status;
struct cli_credentials *anon_creds;
- const struct dcerpc_binding *binding2;
+ struct dcerpc_binding *binding2;
struct dcerpc_pipe *p2;
struct lsa_ObjectAttribute attr;
struct lsa_QosInfo qos;
@@ -4037,7 +4037,12 @@ static bool test_ManyGetDCName(struct torture_context *tctx,
anon_creds = cli_credentials_init_anon(tctx);
torture_assert(tctx, anon_creds != NULL, "cli_credentials_init_anon failed");
- binding2 = p->binding;
+ binding2 = dcerpc_binding_dup(tctx, p->binding);
+ /* Swap the binding details from NETLOGON to LSA */
+ status = dcerpc_epm_map_binding(tctx, binding2, &ndr_table_lsarpc, tctx->ev, tctx->lp_ctx);
+ dcerpc_binding_set_assoc_group_id(binding2, 0);
+ torture_assert_ntstatus_ok(tctx, status, "epm map");
+
status = dcerpc_secondary_auth_connection(p, binding2, &ndr_table_lsarpc,
anon_creds, tctx->lp_ctx,
tctx, &p2);
@@ -4100,6 +4105,65 @@ static bool test_ManyGetDCName(struct torture_context *tctx,
return true;
}
+static bool test_lsa_over_netlogon(struct torture_context *tctx,
+ struct dcerpc_pipe *p)
+{
+ NTSTATUS status;
+ struct cli_credentials *anon_creds;
+ const struct dcerpc_binding *binding2;
+ struct dcerpc_pipe *p2;
+ struct lsa_ObjectAttribute attr;
+ struct lsa_QosInfo qos;
+ struct lsa_OpenPolicy2 o;
+ struct policy_handle lsa_handle;
+
+ struct dcerpc_binding_handle *b2;
+
+
+ if (p->conn->transport.transport != NCACN_NP) {
+ torture_skip(tctx, "test_lsa_over_netlogon works only with NCACN_NP");
+ }
+
+ torture_comment(tctx, "Testing if we can access the LSA server over\n"
+ " \\\\pipe\\netlogon rather than \\\\pipe\\lsarpc\n");
+
+ anon_creds = cli_credentials_init_anon(tctx);
+ torture_assert(tctx, anon_creds != NULL, "cli_credentials_init_anon failed");
+
+ binding2 = p->binding;
+
+ status = dcerpc_secondary_auth_connection(p, binding2, &ndr_table_lsarpc,
+ anon_creds, tctx->lp_ctx,
+ tctx, &p2);
+ torture_assert_ntstatus_ok(tctx, status, "Failed to create secondary connection");
+ b2 = p2->binding_handle;
+
+ qos.len = 0;
+ qos.impersonation_level = 2;
+ qos.context_mode = 1;
+ qos.effective_only = 0;
+
+ attr.len = 0;
+ attr.root_dir = NULL;
+ attr.object_name = NULL;
+ attr.attributes = 0;
+ attr.sec_desc = NULL;
+ attr.sec_qos = &qos;
+
+ o.in.system_name = "\\";
+ o.in.attr = &attr;
+ o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+ o.out.handle = &lsa_handle;
+
+ torture_assert_ntstatus_ok(tctx, dcerpc_lsa_OpenPolicy2_r(b2, tctx, &o),
+ "OpenPolicy2 failed");
+ torture_assert_ntstatus_ok(tctx, o.out.result, "OpenPolicy2 failed");
+
+ talloc_free(p2);
+
+ return true;
+}
+
static bool test_SetPassword_with_flags(struct torture_context *tctx,
struct dcerpc_pipe *p,
struct cli_credentials *machine_credentials)
@@ -4171,6 +4235,8 @@ struct torture_suite *torture_rpc_netlogon(TALLOC_CTX *mem_ctx)
torture_rpc_tcase_add_test_creds(tcase, "ServerGetTrustInfo_AES", test_netr_ServerGetTrustInfo_AES);
torture_rpc_tcase_add_test_creds(tcase, "GetForestTrustInformation", test_netr_GetForestTrustInformation);
+ torture_rpc_tcase_add_test(tcase, "lsa_over_netlogon", test_lsa_over_netlogon);
+
return suite;
}