Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 :
4 : test suite for behaviour of rpc policy handles
5 :
6 : Copyright (C) Andrew Tridgell 2007
7 :
8 : This program is free software; you can redistribute it and/or modify
9 : it under the terms of the GNU General Public License as published by
10 : the Free Software Foundation; either version 3 of the License, or
11 : (at your option) any later version.
12 :
13 : This program is distributed in the hope that it will be useful,
14 : but WITHOUT ANY WARRANTY; without even the implied warranty of
15 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 : GNU General Public License for more details.
17 :
18 : You should have received a copy of the GNU General Public License
19 : along with this program. If not, see <http://www.gnu.org/licenses/>.
20 : */
21 :
22 : #include "includes.h"
23 : #include "librpc/gen_ndr/ndr_samr_c.h"
24 : #include "librpc/gen_ndr/ndr_lsa_c.h"
25 : #include "librpc/gen_ndr/ndr_drsuapi_c.h"
26 : #include "torture/rpc/torture_rpc.h"
27 :
28 : /*
29 : this tests the use of policy handles between connections
30 : */
31 :
32 12 : static bool test_handles_lsa(struct torture_context *torture)
33 : {
34 3 : NTSTATUS status;
35 3 : struct dcerpc_pipe *p1, *p2;
36 3 : struct dcerpc_binding_handle *b1, *b2;
37 3 : struct policy_handle handle;
38 3 : struct policy_handle handle2;
39 3 : struct lsa_ObjectAttribute attr;
40 3 : struct lsa_QosInfo qos;
41 3 : struct lsa_OpenPolicy r;
42 3 : struct lsa_Close c;
43 12 : uint16_t system_name = '\\';
44 12 : TALLOC_CTX *mem_ctx = talloc_new(torture);
45 :
46 12 : torture_comment(torture, "RPC-HANDLE-LSARPC\n");
47 :
48 12 : status = torture_rpc_connection(torture, &p1, &ndr_table_lsarpc);
49 12 : torture_assert_ntstatus_ok(torture, status, "opening lsa pipe1");
50 12 : b1 = p1->binding_handle;
51 :
52 12 : status = torture_rpc_connection(torture, &p2, &ndr_table_lsarpc);
53 12 : torture_assert_ntstatus_ok(torture, status, "opening lsa pipe1");
54 12 : b2 = p2->binding_handle;
55 :
56 12 : qos.len = 0;
57 12 : qos.impersonation_level = 2;
58 12 : qos.context_mode = 1;
59 12 : qos.effective_only = 0;
60 :
61 12 : attr.len = 0;
62 12 : attr.root_dir = NULL;
63 12 : attr.object_name = NULL;
64 12 : attr.attributes = 0;
65 12 : attr.sec_desc = NULL;
66 12 : attr.sec_qos = &qos;
67 :
68 12 : r.in.system_name = &system_name;
69 12 : r.in.attr = &attr;
70 12 : r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
71 12 : r.out.handle = &handle;
72 :
73 12 : torture_assert_ntstatus_ok(torture, dcerpc_lsa_OpenPolicy_r(b1, mem_ctx, &r),
74 : "OpenPolicy failed");
75 12 : if (!NT_STATUS_IS_OK(r.out.result)) {
76 0 : torture_comment(torture, "lsa_OpenPolicy not supported - skipping\n");
77 0 : talloc_free(mem_ctx);
78 0 : return true;
79 : }
80 :
81 12 : c.in.handle = &handle;
82 12 : c.out.handle = &handle2;
83 :
84 12 : status = dcerpc_lsa_Close_r(b2, mem_ctx, &c);
85 12 : torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
86 : "closing policy handle on p2");
87 :
88 12 : torture_assert_ntstatus_ok(torture, dcerpc_lsa_Close_r(b1, mem_ctx, &c),
89 : "Close failed");
90 12 : torture_assert_ntstatus_ok(torture, c.out.result, "closing policy handle on p1");
91 :
92 12 : status = dcerpc_lsa_Close_r(b1, mem_ctx, &c);
93 12 : torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
94 : "closing policy handle on p1 again");
95 :
96 12 : talloc_free(mem_ctx);
97 :
98 12 : return true;
99 : }
100 :
101 12 : static bool test_handles_lsa_shared(struct torture_context *torture)
102 : {
103 3 : NTSTATUS status;
104 3 : struct dcerpc_pipe *p1, *p2, *p3, *p4, *p5;
105 3 : struct dcerpc_binding_handle *b1, *b2, *b3, *b4;
106 3 : struct policy_handle handle;
107 3 : struct policy_handle handle2;
108 3 : struct lsa_ObjectAttribute attr;
109 3 : struct lsa_QosInfo qos;
110 3 : struct lsa_OpenPolicy r;
111 3 : struct lsa_Close c;
112 3 : struct lsa_QuerySecurity qsec;
113 12 : struct sec_desc_buf *sdbuf = NULL;
114 12 : uint16_t system_name = '\\';
115 12 : TALLOC_CTX *mem_ctx = talloc_new(torture);
116 3 : enum dcerpc_transport_t transport;
117 3 : uint32_t assoc_group_id;
118 :
119 12 : torture_comment(torture, "RPC-HANDLE-LSARPC-SHARED\n");
120 :
121 12 : torture_comment(torture, "connect lsa pipe1\n");
122 12 : status = torture_rpc_connection(torture, &p1, &ndr_table_lsarpc);
123 12 : torture_assert_ntstatus_ok(torture, status, "opening lsa pipe1");
124 12 : b1 = p1->binding_handle;
125 :
126 12 : transport = p1->conn->transport.transport;
127 12 : assoc_group_id = dcerpc_binding_get_assoc_group_id(p1->binding);
128 :
129 12 : torture_comment(torture, "use assoc_group_id[0x%08X] for new connections\n", assoc_group_id);
130 :
131 12 : torture_comment(torture, "connect lsa pipe2\n");
132 12 : status = torture_rpc_connection_transport(torture, &p2, &ndr_table_lsarpc,
133 : transport,
134 : assoc_group_id,
135 : 0);
136 12 : torture_assert_ntstatus_ok(torture, status, "opening lsa pipe2");
137 12 : b2 = p2->binding_handle;
138 :
139 12 : torture_comment(torture, "got assoc_group_id[0x%08X] for p2\n",
140 9 : dcerpc_binding_get_assoc_group_id(p2->binding));
141 :
142 12 : qos.len = 0;
143 12 : qos.impersonation_level = 2;
144 12 : qos.context_mode = 1;
145 12 : qos.effective_only = 0;
146 :
147 12 : attr.len = 0;
148 12 : attr.root_dir = NULL;
149 12 : attr.object_name = NULL;
150 12 : attr.attributes = 0;
151 12 : attr.sec_desc = NULL;
152 12 : attr.sec_qos = &qos;
153 :
154 12 : r.in.system_name = &system_name;
155 12 : r.in.attr = &attr;
156 12 : r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
157 12 : r.out.handle = &handle;
158 :
159 12 : torture_comment(torture, "open lsa policy handle\n");
160 12 : torture_assert_ntstatus_ok(torture, dcerpc_lsa_OpenPolicy_r(b1, mem_ctx, &r),
161 : "OpenPolicy failed");
162 12 : if (!NT_STATUS_IS_OK(r.out.result)) {
163 0 : torture_comment(torture, "lsa_OpenPolicy not supported - skipping\n");
164 0 : talloc_free(mem_ctx);
165 0 : return true;
166 : }
167 :
168 : /*
169 : * connect p3 after the policy handle is opened
170 : */
171 12 : torture_comment(torture, "connect lsa pipe3 after the policy handle is opened\n");
172 12 : status = torture_rpc_connection_transport(torture, &p3, &ndr_table_lsarpc,
173 : transport,
174 : assoc_group_id,
175 : 0);
176 12 : torture_assert_ntstatus_ok(torture, status, "opening lsa pipe3");
177 12 : b3 = p3->binding_handle;
178 :
179 12 : qsec.in.handle = &handle;
180 12 : qsec.in.sec_info = 0;
181 12 : qsec.out.sdbuf = &sdbuf;
182 12 : c.in.handle = &handle;
183 12 : c.out.handle = &handle2;
184 :
185 : /*
186 : * use policy handle on all 3 connections
187 : */
188 12 : torture_comment(torture, "use the policy handle on p1,p2,p3\n");
189 12 : torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b1, mem_ctx, &qsec),
190 : "QuerySecurity failed");
191 12 : torture_assert_ntstatus_equal(torture, qsec.out.result, NT_STATUS_OK,
192 : "use policy handle on p1");
193 :
194 12 : torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b2, mem_ctx, &qsec),
195 : "QuerySecurity failed");
196 12 : torture_assert_ntstatus_equal(torture, qsec.out.result, NT_STATUS_OK,
197 : "use policy handle on p2");
198 :
199 12 : torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b3, mem_ctx, &qsec),
200 : "QuerySecurity failed");
201 12 : torture_assert_ntstatus_equal(torture, qsec.out.result, NT_STATUS_OK,
202 : "use policy handle on p3");
203 :
204 : /*
205 : * close policy handle on connection 2 and the others get a fault
206 : */
207 12 : torture_comment(torture, "close the policy handle on p2 others get a fault\n");
208 12 : torture_assert_ntstatus_ok(torture, dcerpc_lsa_Close_r(b2, mem_ctx, &c),
209 : "Close failed");
210 12 : torture_assert_ntstatus_equal(torture, c.out.result, NT_STATUS_OK,
211 : "closing policy handle on p2");
212 :
213 12 : status = dcerpc_lsa_Close_r(b1, mem_ctx, &c);
214 :
215 12 : torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
216 : "closing policy handle on p1 again");
217 :
218 12 : status = dcerpc_lsa_Close_r(b3, mem_ctx, &c);
219 12 : torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
220 : "closing policy handle on p3");
221 :
222 12 : status = dcerpc_lsa_Close_r(b2, mem_ctx, &c);
223 12 : torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
224 : "closing policy handle on p2 again");
225 :
226 : /*
227 : * open a new policy handle on p3
228 : */
229 12 : torture_comment(torture, "open a new policy handle on p3\n");
230 12 : torture_assert_ntstatus_ok(torture, dcerpc_lsa_OpenPolicy_r(b3, mem_ctx, &r),
231 : "OpenPolicy failed");
232 12 : torture_assert_ntstatus_equal(torture, r.out.result, NT_STATUS_OK,
233 : "open policy handle on p3");
234 :
235 : /*
236 : * use policy handle on all 3 connections
237 : */
238 12 : torture_comment(torture, "use the policy handle on p1,p2,p3\n");
239 12 : torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b1, mem_ctx, &qsec),
240 : "Query Security failed");
241 12 : torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK,
242 : "use policy handle on p1");
243 :
244 0 : torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b2, mem_ctx, &qsec),
245 : "Query Security failed");
246 0 : torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK,
247 : "use policy handle on p2");
248 :
249 0 : torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b3, mem_ctx, &qsec),
250 : "Query Security failed");
251 0 : torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK,
252 : "use policy handle on p3");
253 :
254 : /*
255 : * close policy handle on connection 2 and the others get a fault
256 : */
257 0 : torture_comment(torture, "close the policy handle on p2 others get a fault\n");
258 0 : torture_assert_ntstatus_ok(torture, dcerpc_lsa_Close_r(b2, mem_ctx, &c),
259 : "Close failed");
260 0 : torture_assert_ntstatus_equal(torture, c.out.result, NT_STATUS_OK,
261 : "closing policy handle on p2");
262 :
263 0 : status = dcerpc_lsa_Close_r(b1, mem_ctx, &c);
264 0 : torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
265 : "closing policy handle on p1 again");
266 :
267 0 : status = dcerpc_lsa_Close_r(b3, mem_ctx, &c);
268 0 : torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
269 : "closing policy handle on p3");
270 :
271 0 : status = dcerpc_lsa_Close_r(b2, mem_ctx, &c);
272 0 : torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
273 : "closing policy handle on p2 again");
274 :
275 : /*
276 : * open a new policy handle
277 : */
278 0 : torture_comment(torture, "open a new policy handle on p1 and use it\n");
279 0 : torture_assert_ntstatus_ok(torture, dcerpc_lsa_OpenPolicy_r(b1, mem_ctx, &r),
280 : "OpenPolicy failed");
281 0 : torture_assert_ntstatus_equal(torture, r.out.result, NT_STATUS_OK,
282 : "open 2nd policy handle on p1");
283 :
284 0 : torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b1, mem_ctx, &qsec),
285 : "QuerySecurity failed");
286 0 : torture_assert_ntstatus_equal(torture, qsec.out.result, NT_STATUS_OK,
287 : "QuerySecurity handle on p1");
288 :
289 : /* close first connection */
290 0 : torture_comment(torture, "disconnect p1\n");
291 0 : talloc_free(p1);
292 0 : smb_msleep(5);
293 :
294 : /*
295 : * and it's still available on p2,p3
296 : */
297 0 : torture_comment(torture, "use policy handle on p2,p3\n");
298 0 : torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b2, mem_ctx, &qsec),
299 : "QuerySecurity failed");
300 0 : torture_assert_ntstatus_equal(torture, qsec.out.result, NT_STATUS_OK,
301 : "QuerySecurity handle on p2 after p1 was disconnected");
302 :
303 0 : torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b3, mem_ctx, &qsec),
304 : "QuerySecurity failed");
305 0 : torture_assert_ntstatus_equal(torture, qsec.out.result, NT_STATUS_OK,
306 : "QuerySecurity handle on p3 after p1 was disconnected");
307 :
308 : /*
309 : * now open p4
310 : * and use the handle on it
311 : */
312 0 : torture_comment(torture, "connect lsa pipe4 and use policy handle\n");
313 0 : status = torture_rpc_connection_transport(torture, &p4, &ndr_table_lsarpc,
314 : transport,
315 : assoc_group_id,
316 : 0);
317 0 : torture_assert_ntstatus_ok(torture, status, "opening lsa pipe4");
318 0 : b4 = p4->binding_handle;
319 :
320 0 : torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b4, mem_ctx, &qsec),
321 : "QuerySecurity failed");
322 0 : torture_assert_ntstatus_equal(torture, qsec.out.result, NT_STATUS_OK,
323 : "using policy handle on p4");
324 :
325 : /*
326 : * now close p2,p3,p4
327 : * without closing the policy handle
328 : */
329 0 : torture_comment(torture, "disconnect p2,p3,p4\n");
330 0 : talloc_free(p2);
331 0 : talloc_free(p3);
332 0 : talloc_free(p4);
333 0 : smb_msleep(10);
334 :
335 : /*
336 : * now open p5
337 : */
338 0 : torture_comment(torture, "connect lsa pipe5 - should fail\n");
339 0 : status = torture_rpc_connection_transport(torture, &p5, &ndr_table_lsarpc,
340 : transport,
341 : assoc_group_id,
342 : 0);
343 0 : torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL,
344 : "opening lsa pipe5");
345 :
346 0 : talloc_free(mem_ctx);
347 :
348 0 : return true;
349 : }
350 :
351 :
352 12 : static bool test_handles_samr(struct torture_context *torture)
353 : {
354 3 : NTSTATUS status;
355 3 : struct dcerpc_pipe *p1, *p2;
356 3 : struct dcerpc_binding_handle *b1, *b2;
357 3 : struct policy_handle handle;
358 3 : struct policy_handle handle2;
359 3 : struct samr_Connect r;
360 3 : struct samr_Close c;
361 12 : TALLOC_CTX *mem_ctx = talloc_new(torture);
362 :
363 12 : torture_comment(torture, "RPC-HANDLE-SAMR\n");
364 :
365 12 : status = torture_rpc_connection(torture, &p1, &ndr_table_samr);
366 12 : torture_assert_ntstatus_ok(torture, status, "opening samr pipe1");
367 12 : b1 = p1->binding_handle;
368 :
369 12 : status = torture_rpc_connection(torture, &p2, &ndr_table_samr);
370 12 : torture_assert_ntstatus_ok(torture, status, "opening samr pipe2");
371 12 : b2 = p2->binding_handle;
372 :
373 12 : r.in.system_name = 0;
374 12 : r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
375 12 : r.out.connect_handle = &handle;
376 :
377 12 : torture_assert_ntstatus_ok(torture, dcerpc_samr_Connect_r(b1, mem_ctx, &r),
378 : "Connect failed");
379 12 : torture_assert_ntstatus_ok(torture, r.out.result, "opening policy handle on p1");
380 :
381 12 : c.in.handle = &handle;
382 12 : c.out.handle = &handle2;
383 :
384 12 : status = dcerpc_samr_Close_r(b2, mem_ctx, &c);
385 12 : torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
386 : "closing policy handle on p2");
387 :
388 12 : torture_assert_ntstatus_ok(torture, dcerpc_samr_Close_r(b1, mem_ctx, &c),
389 : "Close failed");
390 12 : torture_assert_ntstatus_ok(torture, c.out.result, "closing policy handle on p1");
391 :
392 12 : status = dcerpc_samr_Close_r(b1, mem_ctx, &c);
393 12 : torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
394 : "closing policy handle on p1 again");
395 :
396 12 : talloc_free(mem_ctx);
397 :
398 12 : return true;
399 : }
400 :
401 12 : static bool test_handles_mixed_shared(struct torture_context *torture)
402 : {
403 3 : NTSTATUS status;
404 3 : struct dcerpc_pipe *p1, *p2, *p3, *p4, *p5, *p6;
405 3 : struct dcerpc_binding_handle *b1, *b2;
406 3 : struct policy_handle handle;
407 3 : struct policy_handle handle2;
408 3 : struct samr_Connect r;
409 3 : struct lsa_Close lc;
410 3 : struct samr_Close sc;
411 12 : TALLOC_CTX *mem_ctx = talloc_new(torture);
412 3 : enum dcerpc_transport_t transport;
413 3 : uint32_t assoc_group_id;
414 :
415 12 : torture_comment(torture, "RPC-HANDLE-MIXED-SHARED\n");
416 :
417 12 : torture_comment(torture, "connect samr pipe1\n");
418 12 : status = torture_rpc_connection(torture, &p1, &ndr_table_samr);
419 12 : torture_assert_ntstatus_ok(torture, status, "opening samr pipe1");
420 12 : b1 = p1->binding_handle;
421 :
422 12 : transport = p1->conn->transport.transport;
423 12 : assoc_group_id = dcerpc_binding_get_assoc_group_id(p1->binding);
424 :
425 12 : torture_comment(torture, "use assoc_group_id[0x%08X] for new connections\n", assoc_group_id);
426 :
427 12 : torture_comment(torture, "connect lsa pipe2\n");
428 12 : status = torture_rpc_connection_transport(torture, &p2, &ndr_table_lsarpc,
429 : transport,
430 : assoc_group_id,
431 : 0);
432 12 : torture_assert_ntstatus_ok(torture, status, "opening lsa pipe2");
433 12 : b2 = p2->binding_handle;
434 :
435 12 : torture_comment(torture, "got assoc_group_id[0x%08X] for p2\n",
436 9 : dcerpc_binding_get_assoc_group_id(p2->binding));
437 12 : r.in.system_name = 0;
438 12 : r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
439 12 : r.out.connect_handle = &handle;
440 :
441 12 : torture_comment(torture, "samr_Connect to open a policy handle on samr p1\n");
442 12 : torture_assert_ntstatus_ok(torture, dcerpc_samr_Connect_r(b1, mem_ctx, &r),
443 : "Connect failed");
444 12 : torture_assert_ntstatus_ok(torture, r.out.result, "opening policy handle on p1");
445 :
446 12 : lc.in.handle = &handle;
447 12 : lc.out.handle = &handle2;
448 12 : sc.in.handle = &handle;
449 12 : sc.out.handle = &handle2;
450 :
451 12 : torture_comment(torture, "use policy handle on lsa p2 - should fail\n");
452 12 : status = dcerpc_lsa_Close_r(b2, mem_ctx, &lc);
453 12 : torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
454 : "closing handle on lsa p2");
455 :
456 12 : torture_comment(torture, "closing policy handle on samr p1\n");
457 12 : torture_assert_ntstatus_ok(torture, dcerpc_samr_Close_r(b1, mem_ctx, &sc),
458 : "Close failed");
459 12 : torture_assert_ntstatus_ok(torture, sc.out.result, "closing policy handle on p1");
460 :
461 12 : talloc_free(p1);
462 12 : talloc_free(p2);
463 12 : smb_msleep(10);
464 :
465 12 : torture_comment(torture, "connect samr pipe3 - should fail\n");
466 12 : status = torture_rpc_connection_transport(torture, &p3, &ndr_table_samr,
467 : transport,
468 : assoc_group_id,
469 : 0);
470 12 : torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL,
471 : "opening samr pipe3");
472 :
473 12 : torture_comment(torture, "connect lsa pipe4 - should fail\n");
474 12 : status = torture_rpc_connection_transport(torture, &p4, &ndr_table_lsarpc,
475 : transport,
476 : assoc_group_id,
477 : 0);
478 12 : torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL,
479 : "opening lsa pipe4");
480 :
481 : /*
482 : * We use ~assoc_group_id instead of p1->assoc_group_id, because
483 : * this way we are less likely to use an id which is already in use.
484 : */
485 12 : assoc_group_id = ~assoc_group_id;
486 12 : torture_comment(torture, "connect samr pipe5 with assoc_group_id[0x%08X]- should fail\n", ++assoc_group_id);
487 12 : status = torture_rpc_connection_transport(torture, &p5, &ndr_table_samr,
488 : transport,
489 : assoc_group_id,
490 : 0);
491 12 : torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL,
492 : "opening samr pipe5");
493 :
494 12 : torture_comment(torture, "connect lsa pipe6 with assoc_group_id[0x%08X]- should fail\n", ++assoc_group_id);
495 12 : status = torture_rpc_connection_transport(torture, &p6, &ndr_table_lsarpc,
496 : transport,
497 : assoc_group_id,
498 : 0);
499 12 : torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL,
500 : "opening lsa pipe6");
501 :
502 12 : talloc_free(mem_ctx);
503 :
504 12 : return true;
505 : }
506 :
507 12 : static bool test_handles_random_assoc(struct torture_context *torture)
508 : {
509 3 : NTSTATUS status;
510 3 : struct dcerpc_pipe *p1, *p2, *p3;
511 12 : TALLOC_CTX *mem_ctx = talloc_new(torture);
512 3 : enum dcerpc_transport_t transport;
513 3 : uint32_t assoc_group_id;
514 :
515 12 : torture_comment(torture, "RPC-HANDLE-RANDOM-ASSOC\n");
516 :
517 12 : torture_comment(torture, "connect samr pipe1\n");
518 12 : status = torture_rpc_connection(torture, &p1, &ndr_table_samr);
519 12 : torture_assert_ntstatus_ok(torture, status, "opening samr pipe1");
520 :
521 12 : torture_comment(torture, "pipe1 uses assoc_group_id[0x%08X]\n",
522 12 : dcerpc_binding_get_assoc_group_id(p1->binding));
523 :
524 12 : transport = p1->conn->transport.transport;
525 : /*
526 : * We use ~p1->assoc_group_id instead of p1->assoc_group_id, because
527 : * this way we are less likely to use an id which is already in use.
528 : *
529 : * And make sure it doesn't wrap.
530 : */
531 12 : assoc_group_id = dcerpc_binding_get_assoc_group_id(p1->binding);
532 12 : assoc_group_id = ~MIN(assoc_group_id, UINT32_MAX - 3);
533 :
534 12 : torture_comment(torture, "connect samr pipe2 with assoc_group_id[0x%08X]- should fail\n", ++assoc_group_id);
535 12 : status = torture_rpc_connection_transport(torture, &p2, &ndr_table_samr,
536 : transport,
537 : assoc_group_id,
538 : 0);
539 12 : torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL,
540 : "opening samr pipe2");
541 :
542 12 : torture_comment(torture, "connect samr pipe3 with assoc_group_id[0x%08X]- should fail\n", ++assoc_group_id);
543 12 : status = torture_rpc_connection_transport(torture, &p3, &ndr_table_samr,
544 : transport,
545 : assoc_group_id,
546 : 0);
547 12 : torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL,
548 : "opening samr pipe3");
549 :
550 12 : talloc_free(mem_ctx);
551 :
552 12 : return true;
553 : }
554 :
555 :
556 12 : static bool test_handles_drsuapi(struct torture_context *torture)
557 : {
558 3 : NTSTATUS status;
559 3 : struct dcerpc_pipe *p1, *p2;
560 3 : struct dcerpc_binding_handle *b1, *b2;
561 3 : struct policy_handle handle;
562 3 : struct policy_handle handle2;
563 3 : struct GUID bind_guid;
564 3 : struct drsuapi_DsBind r;
565 3 : struct drsuapi_DsUnbind c;
566 12 : TALLOC_CTX *mem_ctx = talloc_new(torture);
567 :
568 12 : torture_comment(torture, "RPC-HANDLE-DRSUAPI\n");
569 :
570 12 : status = torture_rpc_connection(torture, &p1, &ndr_table_drsuapi);
571 12 : torture_assert_ntstatus_ok(torture, status, "opening drsuapi pipe1");
572 12 : b1 = p1->binding_handle;
573 :
574 12 : status = torture_rpc_connection(torture, &p2, &ndr_table_drsuapi);
575 12 : torture_assert_ntstatus_ok(torture, status, "opening drsuapi pipe1");
576 12 : b2 = p2->binding_handle;
577 :
578 12 : GUID_from_string(DRSUAPI_DS_BIND_GUID, &bind_guid);
579 :
580 12 : r.in.bind_guid = &bind_guid;
581 12 : r.in.bind_info = NULL;
582 12 : r.out.bind_handle = &handle;
583 :
584 12 : status = dcerpc_drsuapi_DsBind_r(b1, mem_ctx, &r);
585 12 : if (!NT_STATUS_IS_OK(status)) {
586 8 : torture_comment(torture, "drsuapi_DsBind not supported - skipping\n");
587 8 : talloc_free(mem_ctx);
588 8 : return true;
589 : }
590 :
591 4 : c.in.bind_handle = &handle;
592 4 : c.out.bind_handle = &handle2;
593 :
594 4 : status = dcerpc_drsuapi_DsUnbind_r(b2, mem_ctx, &c);
595 4 : torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
596 : "closing policy handle on p2");
597 :
598 4 : status = dcerpc_drsuapi_DsUnbind_r(b1, mem_ctx, &c);
599 4 : torture_assert_ntstatus_ok(torture, status, "closing policy handle on p1");
600 :
601 4 : status = dcerpc_drsuapi_DsUnbind_r(b1, mem_ctx, &c);
602 4 : torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
603 : "closing policy handle on p1 again");
604 :
605 4 : talloc_free(mem_ctx);
606 :
607 4 : return true;
608 : }
609 :
610 2338 : struct torture_suite *torture_rpc_handles(TALLOC_CTX *mem_ctx)
611 : {
612 125 : struct torture_suite *suite;
613 :
614 2338 : suite = torture_suite_create(mem_ctx, "handles");
615 2338 : torture_suite_add_simple_test(suite, "lsarpc", test_handles_lsa);
616 2338 : torture_suite_add_simple_test(suite, "lsarpc-shared", test_handles_lsa_shared);
617 2338 : torture_suite_add_simple_test(suite, "samr", test_handles_samr);
618 2338 : torture_suite_add_simple_test(suite, "mixed-shared", test_handles_mixed_shared);
619 2338 : torture_suite_add_simple_test(suite, "random-assoc", test_handles_random_assoc);
620 2338 : torture_suite_add_simple_test(suite, "drsuapi", test_handles_drsuapi);
621 2338 : return suite;
622 : }
|