]> git.ipfire.org Git - thirdparty/samba.git/commitdiff
selftests: Test lsa over netlogon in nt4 dc environment
authorSamuel Cabrero <scabrero@samba.org>
Fri, 15 Nov 2019 13:24:31 +0000 (14:24 +0100)
committerSamuel Cabrero <scabrero@sn-devel-184>
Fri, 20 Mar 2020 15:36:31 +0000 (15:36 +0000)
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
source3/selftest/tests.py
source4/torture/rpc/samba3rpc.c

index c4305a4590819fdd5160576e5bb8a1b4f2d7831a..45b892e17e233124cc6cedf27ebf15cf97e9c032 100755 (executable)
@@ -516,6 +516,7 @@ rpc = ["rpc.authcontext", "rpc.samba3.bind", "rpc.samba3.srvsvc", "rpc.samba3.sh
        "rpc.samba3.netlogon", "rpc.samba3.sessionkey", "rpc.samba3.getusername",
        "rpc.samba3.smb1-pipe-name", "rpc.samba3.smb2-pipe-name",
        "rpc.samba3.smb-reauth1", "rpc.samba3.smb-reauth2",
+       "rpc.samba3.lsa_over_netlogon",
        "rpc.svcctl", "rpc.ntsvcs", "rpc.winreg", "rpc.eventlog",
        "rpc.spoolss.printserver", "rpc.spoolss.win", "rpc.spoolss.notify", "rpc.spoolss.printer",
        "rpc.spoolss.driver",
@@ -739,6 +740,8 @@ for t in tests:
     elif t == "rpc.srvsvc":
         plansmbtorture4testsuite(t, "ad_member", '//$SERVER/tmp -U$DC_USERNAME%$DC_PASSWORD')
         plansmbtorture4testsuite(t, "ad_dc", '//$SERVER/tmp -U$DC_USERNAME%$DC_PASSWORD')
+    elif t == "rpc.samba3.lsa_over_netlogon":
+        plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD')
     else:
         plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD')
         plansmbtorture4testsuite(t, "ad_dc", '//$SERVER/tmp -U$USERNAME%$PASSWORD')
index 83b2107e9fc5c00adfa309b7716f2a831ba7d5bd..07991e4bb7a4cb4345fab87b92f88a0b5de4778d 100644 (file)
@@ -4540,6 +4540,78 @@ done:
        return ret;
 }
 
+static bool torture_rpc_lsa_over_netlogon(struct torture_context *torture)
+{
+       TALLOC_CTX *mem_ctx;
+       NTSTATUS status;
+       bool ret = false;
+       struct smbcli_options options;
+       struct smb2_tree *tree;
+       struct dcerpc_pipe *netlogon_pipe;
+       struct dcerpc_binding_handle *lsa_handle;
+       struct lsa_ObjectAttribute attr;
+       struct lsa_QosInfo qos;
+       struct lsa_OpenPolicy2 o;
+       struct policy_handle handle;
+
+       torture_comment(torture, "Testing if we can access LSA server over "
+                       "\\\\pipe\\netlogon rather than \\\\pipe\\lsarpc\n");
+
+       mem_ctx = talloc_init("torture_samba3_rpc_lsa_over_netlogon");
+       torture_assert(torture, (mem_ctx != NULL), "talloc_init failed");
+
+       lpcfg_smbcli_options(torture->lp_ctx, &options);
+
+       status = smb2_connect(mem_ctx,
+                             torture_setting_string(torture, "host", NULL),
+                             lpcfg_smb_ports(torture->lp_ctx),
+                             "IPC$",
+                             lpcfg_resolve_context(torture->lp_ctx),
+                             popt_get_cmdline_credentials(),
+                             &tree,
+                             torture->ev,
+                             &options,
+                             lpcfg_socket_options(torture->lp_ctx),
+                             lpcfg_gensec_settings(torture, torture->lp_ctx)
+                             );
+       torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+                                       "smb2_connect failed");
+
+       status = pipe_bind_smb2(torture, mem_ctx, tree, "netlogon",
+                               &ndr_table_lsarpc, &netlogon_pipe);
+       torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+                                       "pipe_bind_smb2 failed");
+       lsa_handle = netlogon_pipe->binding_handle;
+
+       qos.len = 0;
+       qos.impersonation_level = 2;
+       qos.context_mode = 1;
+       qos.effective_only = 0;
+
+       attr.len = 0;
+       attr.root_dir = NULL;
+       attr.object_name = NULL;
+       attr.attributes = 0;
+       attr.sec_desc = NULL;
+       attr.sec_qos = &qos;
+
+       o.in.system_name = "\\";
+       o.in.attr = &attr;
+       o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+       o.out.handle = &handle;
+
+       torture_assert_ntstatus_ok(torture,
+                       dcerpc_lsa_OpenPolicy2_r(lsa_handle, torture, &o),
+                       "OpenPolicy2 failed");
+       torture_assert_ntstatus_ok(torture,
+                                  o.out.result,
+                                  "OpenPolicy2 failed");
+
+       ret = true;
+ done:
+       talloc_free(mem_ctx);
+       return ret;
+}
 
 struct torture_suite *torture_rpc_samba3(TALLOC_CTX *mem_ctx)
 {
@@ -4567,6 +4639,9 @@ struct torture_suite *torture_rpc_samba3(TALLOC_CTX *mem_ctx)
        torture_suite_add_simple_test(suite, "smb2-pipe-read-close", torture_rpc_smb2_pipe_read_close);
        torture_suite_add_simple_test(suite, "smb2-pipe-read-tdis", torture_rpc_smb2_pipe_read_tdis);
        torture_suite_add_simple_test(suite, "smb2-pipe-read-logoff", torture_rpc_smb2_pipe_read_logoff);
+       torture_suite_add_simple_test(suite,
+                                     "lsa_over_netlogon",
+                                     torture_rpc_lsa_over_netlogon);
 
        suite->description = talloc_strdup(suite, "samba3 DCERPC interface tests");