+/*
+ Unix SMB/CIFS implementation.
+ test suite for backupkey remote protocol rpc operations
+
+ Copyright (C) Matthieu Patou 2010
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "hx_locl.h"
+#include "auth/auth.h"
+#include "lib/cmdline/popt_common.h"
+#include "auth/gensec/gensec.h"
+#include "libcli/auth/libcli_auth.h"
+#include "librpc/gen_ndr/ndr_backupkey_c.h"
+#include "librpc/gen_ndr/backupkey.h"
+#include "librpc/gen_ndr/ndr_backupkey.h"
+#include "librpc/gen_ndr/ndr_security.h"
+#include "libcli/security/security.h"
+#include "torture/rpc/torture_rpc.h"
+#include "param/param.h"
+#include "librpc/gen_ndr/ndr_lsa_c.h"
+
+/* Our very special and valued secret */
+static char secret[] = "tata yoyo mais qu'est ce qu'il y a sous ton grand chapeau ?";
+
+# if 0
+static void print_hex(uint8_t *tab, uint32_t size) {
+ uint32_t i;
+ for (i=0; i<size; i++) {
+ if( i%16 == 0 && i != 0) {
+ printf("\n");
+ }
+ printf("%02X ", tab[i]);
+ }
+ printf("\n");
+}
+#endif
+
+static bool test_RetreiveBackupKeyGUID(struct torture_context *tctx,
+ struct dcerpc_pipe *p) {
+ struct dcerpc_binding_handle *b = p->binding_handle;
+ struct dcerpc_binding *binding = p->binding;
+ struct bkrp_BackupKey r;
+ struct bkrp_client_side_wrapped data;
+ struct GUID g;
+ enum ndr_err_code ret;
+ DATA_BLOB blob;
+ DATA_BLOB out_blob;
+
+ binding->flags = binding->flags &(DCERPC_SEAL|DCERPC_AUTH_SPNEGO);
+ ZERO_STRUCT(r);
+ ZERO_STRUCT(data);
+ GUID_from_string(BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID, &g);
+ r.in.guidActionAgent = &g;
+ ret = ndr_push_struct_blob(&blob, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped);
+ r.in.data_in = blob.data;
+ r.in.data_in_len = blob.length;
+ data.version = 2;
+ data.encrypted_secret_len = 0;
+ data.access_check_len = 0;
+ r.out.data_out = &out_blob.data;
+ r.out.data_out_len = &out_blob.length;
+
+ //torture_comment(tctx, "No seal or sign ? %d\n", p->conn->security_state.auth_info == NULL);
+ if( p->conn->security_state.auth_info != NULL &&
+ p->conn->security_state.auth_info->auth_level == 6) {
+ torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r),
+ "Get GUID");
+ torture_assert_werr_equal(tctx, r.out.result, WERR_OK, "Wrong dce/rpc error code");
+ } else {
+ torture_assert_ntstatus_equal(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r),
+ NT_STATUS_ACCESS_DENIED, "Get GUID");
+ }
+ return true;
+}
+
+static struct dom_sid *get_user_sid(struct torture_context *tctx, struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, const char* user) {
+ struct lsa_ObjectAttribute attr;
+ struct lsa_QosInfo qos;
+ struct lsa_OpenPolicy2 r;
+ struct lsa_Close c;
+ NTSTATUS status;
+ struct policy_handle handle;
+ struct lsa_LookupNames l;
+ struct lsa_TransSidArray sids;
+ struct lsa_RefDomainList *domains = NULL;
+ struct lsa_String lsa_name;
+ uint32_t count = 0;
+ struct dom_sid *result;
+ TALLOC_CTX *tmp_ctx;
+ struct dcerpc_pipe *p2;
+ struct dcerpc_binding_handle *b;
+
+ const char* domain = cli_credentials_get_domain(cmdline_credentials);
+
+ torture_assert_ntstatus_ok(tctx,
+ torture_rpc_connection(tctx, &p2, &ndr_table_lsarpc),
+ "could not open lsarpc pipe");
+ b = p2->binding_handle;
+
+ if (!(tmp_ctx = talloc_new(mem_ctx))) {
+ return NULL;
+ }
+ qos.len = 0;
+ qos.impersonation_level = 2;
+ qos.context_mode = 1;
+ qos.effective_only = 0;
+
+ attr.len = 0;
+ attr.root_dir = NULL;
+ attr.object_name = NULL;
+ attr.attributes = 0;
+ attr.sec_desc = NULL;
+ attr.sec_qos = &qos;
+
+ r.in.system_name = "\\";
+ r.in.attr = &attr;
+ r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+ r.out.handle = &handle;
+
+ status = dcerpc_lsa_OpenPolicy2_r(b, tmp_ctx, &r);
+ if (!NT_STATUS_IS_OK(status)) {
+ torture_comment(tctx, "OpenPolicy2 failed - %s\n", nt_errstr(status));
+ talloc_free(tmp_ctx);
+ return NULL;
+ }
+ if (!NT_STATUS_IS_OK(r.out.result)) {
+ torture_comment(tctx, "OpenPolicy2_ failed - %s\n", nt_errstr(r.out.result));
+ talloc_free(tmp_ctx);
+ return NULL;
+ }
+
+ sids.count = 0;
+ sids.sids = NULL;
+
+ lsa_name.string = talloc_asprintf(tmp_ctx, "%s\\%s", domain, user);
+
+ l.in.handle = &handle;
+ l.in.num_names = 1;
+ l.in.names = &lsa_name;
+ l.in.sids = &sids;
+ l.in.level = 1;
+ l.in.count = &count;
+ l.out.count = &count;
+ l.out.sids = &sids;
+ l.out.domains = &domains;
+
+ status = dcerpc_lsa_LookupNames_r(b, tmp_ctx, &l);
+ if (!NT_STATUS_IS_OK(status)) {
+ torture_comment(tctx, "LookupNames of %s failed - %s\n", lsa_name.string,
+ nt_errstr(status));
+ talloc_free(tmp_ctx);
+ return NULL;
+ }
+
+ if (domains->count == 0) {
+ return NULL;
+ }
+
+ result = dom_sid_add_rid(mem_ctx, domains->domains[0].sid,
+ l.out.sids->sids[0].rid);
+ c.in.handle = &handle;
+ c.out.handle = &handle;
+
+ status = dcerpc_lsa_Close_r(b, tmp_ctx, &c);
+ if (!NT_STATUS_IS_OK(status)) {
+ torture_comment(tctx, "dcerpc_lsa_Close failed - %s\n", nt_errstr(status));
+ talloc_free(tmp_ctx);
+ return NULL;
+ }
+ if (!NT_STATUS_IS_OK(c.out.result)) {
+ torture_comment(tctx, "dcerpc_lsa_Close failed - %s\n", nt_errstr(c.out.result));
+ talloc_free(tmp_ctx);
+ return NULL;
+ }
+
+ talloc_free(tmp_ctx);
+ talloc_free(p2);
+
+ torture_comment(tctx, "GET user finished\n");
+ return result;
+}
+
+static DATA_BLOB* create_unencryptedsecret(TALLOC_CTX *mem_ctx, bool broken, int version) {
+ TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+ DATA_BLOB *blob = talloc(mem_ctx, DATA_BLOB);
+ if (version == 2) {
+ struct bkrp_encrypted_secret_v2 unenc_sec;
+ uint32_t key_size = 32;
+ uint8_t *tab = talloc_array(tmp_ctx, uint8_t, key_size);
+
+ unenc_sec.secret_len = strlen(secret)+1;
+ unenc_sec.secret = (uint8_t*)secret;
+ unenc_sec.secret = talloc_array(tmp_ctx, uint8_t, sizeof(secret));
+
+ memcpy(unenc_sec.secret, secret, sizeof(secret));
+
+ generate_random_buffer(tab, key_size);
+ memcpy(unenc_sec.payload_key, tab, key_size);
+
+ ndr_push_struct_blob(blob, mem_ctx, &unenc_sec, (ndr_push_flags_fn_t)ndr_push_bkrp_encrypted_secret_v2);
+ if (broken) {
+ /* We broke the magic value to check server behavior */
+ /* Was 0x20 */
+ ((uint8_t*)blob->data)[4] = 19; /* A great year !!! */
+ }
+ }
+ if (version ==3) {
+ struct bkrp_encrypted_secret_v3 unenc_sec;
+ uint32_t key_size = 48;
+ uint8_t *tab = talloc_array(tmp_ctx, uint8_t, key_size);
+
+ unenc_sec.secret_len = strlen(secret)+1;
+ unenc_sec.secret = (uint8_t*)secret;
+ unenc_sec.secret = talloc_array(tmp_ctx, uint8_t, sizeof(secret));
+
+ memcpy(unenc_sec.secret, secret, sizeof(secret));
+
+ generate_random_buffer(tab, key_size);
+ memcpy(unenc_sec.payload_key, tab, key_size);
+
+ ndr_push_struct_blob(blob, mem_ctx, &unenc_sec, (ndr_push_flags_fn_t)ndr_push_bkrp_encrypted_secret_v3);
+ if (broken) {
+ /* We broke the magic value to check server behavior */
+ /* Was 0x30 */
+ ((uint8_t*)blob->data)[4] = 19; /* A great year !!! */
+ }
+ }
+ talloc_free(tmp_ctx);
+ return blob;
+}
+
+static DATA_BLOB* create_access_check(struct torture_context *tctx, struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, const char* user, bool broken, uint32_t version) {
+ TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+ DATA_BLOB *blob = talloc(mem_ctx, DATA_BLOB);
+ if (version == 2) {
+ struct bkrp_access_check_v2 access_struct;
+ uint32_t len = 32;
+ uint32_t hash_size = 20;
+ struct sha sctx;
+ DATA_BLOB buf;
+ struct dom_sid* sid = get_user_sid(tctx, p, tmp_ctx, user);
+
+ if (sid == NULL) {
+ return NULL;
+ }
+
+ buf.data = talloc_array(tmp_ctx, uint8_t, len);
+ buf.length = len;
+
+ generate_random_buffer(buf.data, len);
+ access_struct.nonce_len = buf.length;
+ access_struct.nonce = buf.data;
+ access_struct.sid = *sid;
+ ZERO_STRUCT(access_struct.hash);
+ ndr_push_struct_blob(blob, mem_ctx, &access_struct, (ndr_push_flags_fn_t)ndr_push_bkrp_access_check_v2);
+ /*We pushed the whole structure including a null hash
+ * but the hash need to be calculated only up to the hash field
+ * so we reduce the size of what has to be calculated
+ */
+ SHA1_Init(&sctx);
+ SHA1_Update(&sctx, blob->data, blob->length - hash_size);
+ SHA1_Final(blob->data+blob->length - hash_size, &sctx);
+ /* Altering the SHA */
+ if (broken) {
+ blob->data[blob->length -1]++;
+ }
+ }
+ if (version == 3) {
+ struct bkrp_access_check_v3 access_struct;
+ uint32_t len = 32;
+ uint32_t hash_size = 64;
+ struct hc_sha512state sctx;
+ DATA_BLOB buf;
+ struct dom_sid* sid = get_user_sid(tctx, p, tmp_ctx, user);
+
+ if (sid == NULL) {
+ return NULL;
+ }
+
+ buf.data = talloc_array(tmp_ctx, uint8_t, len);
+ buf.length = len;
+
+ generate_random_buffer(buf.data, len);
+ access_struct.nonce_len = buf.length;
+ access_struct.nonce = buf.data;
+ access_struct.sid = *sid;
+ ZERO_STRUCT(access_struct.hash);
+ ndr_push_struct_blob(blob, mem_ctx, &access_struct, (ndr_push_flags_fn_t)ndr_push_bkrp_access_check_v3);
+ /*We pushed the whole structure including a null hash
+ * but the hash need to be calculated only up to the hash field
+ * so we reduce the size of what has to be calculated
+ */
+ /*
+ SHA1_Init(&sctx);
+ SHA1_Update(&sctx, blob->data, blob->length - hash_size);
+ SHA1_Final(blob->data+blob->length - hash_size, &sctx);
+ */
+
+ SHA512_Init(&sctx);
+ SHA512_Update(&sctx, blob->data, blob->length - hash_size);
+ SHA512_Final(blob->data+blob->length - hash_size, &sctx);
+
+ /* Altering the SHA */
+ if (broken) {
+ blob->data[blob->length -1]++;
+ }
+ }
+ talloc_free(tmp_ctx);
+ return blob;
+}
+
+static DATA_BLOB* encrypt_blob_aes(struct torture_context *tctx, TALLOC_CTX *mem_ctx, DATA_BLOB *aes_key, DATA_BLOB *iv, DATA_BLOB *to_encrypt) {
+ hx509_crypto crypto;
+ hx509_context hctx;
+ heim_octet_string ivos;
+ heim_octet_string *encrypted;
+ DATA_BLOB *blob = talloc(mem_ctx, DATA_BLOB);
+ int res;
+ const AlgorithmIdentifier *alg = hx509_crypto_aes256_cbc();
+
+ ivos.data = talloc_array(mem_ctx, uint8_t, iv->length);
+ ivos.length = iv->length;
+ memcpy(ivos.data, iv->data, iv->length);
+
+ hx509_context_init(&hctx);
+ res = hx509_crypto_init(hctx, NULL, &(alg->algorithm), &crypto);
+ if (res) {
+ torture_comment(tctx, "error while doing the init of the crypto obj\n");
+ return NULL;
+ }
+ res = hx509_crypto_set_key_data(crypto, aes_key->data, aes_key->length);
+ if (res) {
+ torture_comment(tctx, "error while setting the key of the crypto object\n");
+ return NULL;
+ }
+ hx509_crypto_set_padding(crypto, HX509_CRYPTO_PADDING_NONE);
+ res = hx509_crypto_encrypt(crypto,
+ to_encrypt->data,
+ to_encrypt->length,
+ &ivos,
+ &encrypted);
+ if (res) {
+ torture_comment(tctx, "error while encrypting\n");
+ return NULL;
+ }
+
+ blob->data = talloc_memdup(blob, encrypted->data, encrypted->length);
+ blob->length = encrypted->length;
+ hx509_crypto_destroy(crypto);
+ hx509_context_free(&hctx);
+ return blob;
+
+}
+
+static DATA_BLOB* encrypt_blob_3des(struct torture_context *tctx, TALLOC_CTX *mem_ctx, DATA_BLOB *des3_key, DATA_BLOB *iv, DATA_BLOB *to_encrypt) {
+ hx509_crypto crypto;
+ hx509_context hctx;
+ heim_octet_string ivos;
+ heim_octet_string *encrypted;
+ DATA_BLOB *blob = talloc(mem_ctx, DATA_BLOB);
+ int res;
+ const AlgorithmIdentifier *alg2 = hx509_crypto_des_rsdi_ede3_cbc();
+
+ ivos.data = talloc_array(mem_ctx, uint8_t, iv->length);
+ ivos.length = iv->length;
+ memcpy(ivos.data, iv->data, iv->length);
+
+ hx509_context_init(&hctx);
+ res = hx509_crypto_init(hctx, NULL, &(alg2->algorithm), &crypto);
+ if (res) {
+ torture_comment(tctx, "error while doing the init of the crypto obj\n");
+ return NULL;
+ }
+ res = hx509_crypto_set_key_data(crypto, des3_key->data, des3_key->length);
+ if (res) {
+ torture_comment(tctx, "error while setting the key of the crypto object\n");
+ return NULL;
+ }
+ hx509_crypto_set_padding(crypto, HX509_CRYPTO_PADDING_NONE);
+ res = hx509_crypto_encrypt(crypto,
+ to_encrypt->data,
+ to_encrypt->length,
+ &ivos,
+ &encrypted);
+ if (res) {
+ torture_comment(tctx, "error while encrypting\n");
+ return NULL;
+ }
+
+ blob->data = talloc_memdup(blob, encrypted->data, encrypted->length);
+ blob->length = encrypted->length;
+ hx509_crypto_destroy(crypto);
+ hx509_context_free(&hctx);
+ return blob;
+}
+
+static struct GUID* get_cert_guid(struct torture_context *tctx, TALLOC_CTX *mem_ctx, uint8_t *cert_data, uint32_t cert_len) {
+ hx509_context hctx;
+ hx509_cert cert;
+ heim_bit_string subjectuniqid;
+ DATA_BLOB data;
+ int hret;
+ uint32_t size;
+ struct GUID *guid = talloc(mem_ctx, struct GUID);
+
+ hx509_context_init(&hctx);
+
+ hret = hx509_cert_init_data(hctx, cert_data, cert_len, &cert);
+ if (hret) {
+ torture_comment(tctx, "error while loading the cert\n");
+ return NULL;
+ }
+ hret = hx509_cert_get_issuer_unique_id(hctx, cert, &subjectuniqid);
+ if (hret) {
+ torture_comment(tctx, "error while getting the certificate\n");
+ return NULL;
+ }
+ /* in bit string the real size has to be divided by 8*/
+ size = subjectuniqid.length / 8;
+ data.data = talloc_memdup(mem_ctx,subjectuniqid.data, size);
+ data.length = size;
+ GUID_from_data_blob(&data, guid);
+ talloc_free(data.data);
+ return guid;
+}
+
+static DATA_BLOB* encrypt_blob_pk(struct torture_context *tctx, TALLOC_CTX *mem_ctx, uint8_t *cert_data, uint32_t cert_len, DATA_BLOB *to_encrypt) {
+ hx509_context hctx;
+ hx509_cert cert;
+ heim_octet_string secretdata;
+ heim_octet_string encrypted;
+ heim_oid encryption_oid;
+ DATA_BLOB *blob;
+ int hret;
+
+ hx509_context_init(&hctx);
+
+ hret = hx509_cert_init_data(hctx, cert_data, cert_len, &cert);
+ if (hret) {
+ torture_comment(tctx, "error while loading the cert\n");
+ return NULL;
+ }
+
+ secretdata.data = to_encrypt->data;
+ secretdata.length = to_encrypt->length;
+ hret = _hx509_cert_public_encrypt(hctx, &secretdata, cert, &encryption_oid, &encrypted);
+ if (hret) {
+ torture_comment(tctx, "error while encrypting\n");
+ return NULL;
+ }
+
+ blob = talloc(mem_ctx, DATA_BLOB);
+ blob->data = talloc_memdup(blob, encrypted.data, encrypted.length);
+ blob->length = encrypted.length;
+
+ hx509_cert_free(cert);
+ hx509_context_free(&hctx);
+ return blob;
+}
+
+static bool test_RestoreGUID_ko(struct torture_context *tctx,
+ struct dcerpc_pipe *p) {
+ struct dcerpc_binding_handle *b = p->binding_handle;
+ struct dcerpc_binding *binding = p->binding;
+ struct bkrp_BackupKey r;
+ struct bkrp_client_side_wrapped data;
+ struct GUID g;
+ enum ndr_err_code ndr_err;
+ DATA_BLOB blob;
+ DATA_BLOB out_blob;
+
+ binding->flags = binding->flags &(DCERPC_SEAL|DCERPC_AUTH_SPNEGO);
+ ZERO_STRUCT(r);
+ ZERO_STRUCT(data);
+ GUID_from_string(BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID, &g);
+ r.in.guidActionAgent = &g;
+ data.version = 2;
+ data.encrypted_secret_len = 0;
+ data.access_check_len = 0;
+ ndr_err = ndr_push_struct_blob(&blob, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped);
+
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ return false;
+ }
+
+ r.in.data_in = blob.data;
+ r.in.data_in_len = blob.length;
+ r.in.param = 0;
+ r.out.data_out = &out_blob.data;
+ r.out.data_out_len = &out_blob.length;
+ if( p->conn->security_state.auth_info != NULL &&
+ p->conn->security_state.auth_info->auth_level == 6) {
+
+ DATA_BLOB *xs;
+ DATA_BLOB *sec;
+ DATA_BLOB *enc_sec;
+ DATA_BLOB enc_sec_reverted;
+ DATA_BLOB *enc_xs;
+ DATA_BLOB des3_key;
+ DATA_BLOB iv;
+ DATA_BLOB blob2;
+ struct bkrp_client_side_unwrapped resp;
+ struct GUID * guid;
+ int t;
+ uint32_t size;
+ const char* user = cli_credentials_get_username(cmdline_credentials);
+
+ torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r),
+ "Get GUID");
+
+ sec = create_unencryptedsecret(tctx, false, 2);
+ xs = create_access_check(tctx, p, tctx, user, false, 2);
+ if (xs == NULL) {
+ return false;
+ }
+
+ enc_sec = encrypt_blob_pk(tctx, tctx, out_blob.data, out_blob.length, sec);
+ if (!enc_sec) {
+ return false;
+ }
+ /*
+ printf("Encrypted secret not encrypted\n");
+ print_hex(sec->data, sec->length);
+ printf("Access check not encrypted\n");
+ print_hex(xs->data, xs->length);
+ */
+ enc_sec_reverted.data = talloc_array(tctx, uint8_t, enc_sec->length);
+ enc_sec_reverted.length = enc_sec->length;
+
+ /* We DO NOT revert the array on purpose it's in order to check that
+ * when the server is not able to decrypt then it answer the correct error
+ */
+ for(t=0; t< enc_sec->length; t++) {
+ //enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[enc_sec->length - t -1];
+ enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[t];
+ }
+
+ size = sec->length;
+ iv.data = sec->data+(size-8);
+ iv.length = 8;
+
+ des3_key.data = sec->data+(size-32);
+ des3_key.length = 24;
+
+ enc_xs = encrypt_blob_3des(tctx, tctx, &des3_key, &iv, xs);
+ if (!enc_xs) {
+ return false;
+ }
+ /* To cope with the fact that heimdal do padding at the end for the moment */
+ enc_xs->length = xs->length;
+
+ data.version = 2;
+ data.encrypted_secret_len = enc_sec->length;
+ data.access_check_len = enc_xs->length;
+ guid = get_cert_guid(tctx, tctx, out_blob.data, out_blob.length);
+ if (guid == NULL) {
+ return false;
+ }
+ data.guid = *guid;
+ data.encrypted_secret = enc_sec_reverted.data;
+ data.access_check = enc_xs->data;
+ ndr_err = ndr_push_struct_blob(&blob2, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped);
+ ZERO_STRUCT(r);
+ GUID_from_string(BACKUPKEY_RESTORE_GUID, &g);
+ r.in.guidActionAgent = &g;
+ r.in.data_in = blob2.data;
+ r.in.data_in_len = blob2.length;
+ r.in.param = 0;
+ r.out.data_out = &out_blob.data;
+ r.out.data_out_len = &out_blob.length;
+
+ torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r), "Restore GUID");
+ ndr_err = ndr_pull_struct_blob(&out_blob, tctx, &resp, (ndr_pull_flags_fn_t)ndr_pull_bkrp_client_side_unwrapped);
+ torture_assert_int_equal(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), 0, "Unable to unmarshall bkrp_client_side_unwrapped");
+ torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_DATA, "Wrong error code");
+ } else {
+ torture_assert_ntstatus_equal(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r),
+ NT_STATUS_ACCESS_DENIED, "Get GUID");
+ }
+ return true;
+}
+
+static bool test_RestoreGUID_wrongversion(struct torture_context *tctx,
+ struct dcerpc_pipe *p) {
+ struct dcerpc_binding_handle *b = p->binding_handle;
+ struct dcerpc_binding *binding = p->binding;
+ struct bkrp_BackupKey r;
+ struct bkrp_client_side_wrapped data;
+ struct GUID g;
+ enum ndr_err_code ndr_err;
+ DATA_BLOB blob;
+ DATA_BLOB out_blob;
+
+ binding->flags = binding->flags &(DCERPC_SEAL|DCERPC_AUTH_SPNEGO);
+ ZERO_STRUCT(r);
+ ZERO_STRUCT(data);
+ GUID_from_string(BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID, &g);
+ r.in.guidActionAgent = &g;
+ data.version = 2;
+ data.encrypted_secret_len = 0;
+ data.access_check_len = 0;
+ ndr_err = ndr_push_struct_blob(&blob, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped);
+
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ return false;
+ }
+
+ r.in.data_in = blob.data;
+ r.in.data_in_len = blob.length;
+ r.in.param = 0;
+ r.out.data_out = &out_blob.data;
+ r.out.data_out_len = &out_blob.length;
+ if( p->conn->security_state.auth_info != NULL &&
+ p->conn->security_state.auth_info->auth_level == 6) {
+
+ DATA_BLOB *xs;
+ DATA_BLOB *sec;
+ DATA_BLOB *enc_sec;
+ DATA_BLOB enc_sec_reverted;
+ DATA_BLOB *enc_xs;
+ DATA_BLOB des3_key;
+ DATA_BLOB iv;
+ DATA_BLOB blob2;
+ struct bkrp_client_side_unwrapped resp;
+ struct GUID * guid;
+ int t;
+ uint32_t size;
+
+ const char* user = cli_credentials_get_username(cmdline_credentials);
+ torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r),
+ "Get GUID");
+
+ sec = create_unencryptedsecret(tctx, false, 2);
+ xs = create_access_check(tctx, p, tctx, user, false, 2);
+ if (xs == NULL) {
+ return false;
+ }
+
+ enc_sec = encrypt_blob_pk(tctx, tctx, out_blob.data, out_blob.length, sec);
+ if (!enc_sec) {
+ return false;
+ }
+ /*
+ printf("Encrypted secret not encrypted\n");
+ print_hex(sec->data, sec->length);
+ printf("Access check not encrypted\n");
+ print_hex(xs->data, xs->length);
+ */
+ enc_sec_reverted.data = talloc_array(tctx, uint8_t, enc_sec->length);
+ enc_sec_reverted.length = enc_sec->length;
+
+ for(t=0; t< enc_sec->length; t++) {
+ enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[enc_sec->length - t -1];
+ //enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[t];
+ }
+
+ size = sec->length;
+ iv.data = sec->data+(size-8);
+ iv.length = 8;
+
+ des3_key.data = sec->data+(size-32);
+ des3_key.length = 24;
+
+ /*
+ printf("Triple des key\n");
+ print_hex(des3_key.data, 24);
+ */
+ enc_xs = encrypt_blob_3des(tctx, tctx, &des3_key, &iv, xs);
+ if (!enc_xs) {
+ return false;
+ }
+ /* To cope with the fact that heimdal do padding at the end for the moment */
+ enc_xs->length = xs->length;
+ /*
+ printf("Access check redecrypted: %d\n", tmp.length);
+ print_hex(tmp.data, tmp.length);
+ */
+
+ data.version = 1;
+ data.encrypted_secret_len = enc_sec->length;
+ data.access_check_len = enc_xs->length;
+ guid = get_cert_guid(tctx, tctx, out_blob.data, out_blob.length);
+ if (guid == NULL) {
+ return false;
+ }
+ data.guid = *guid;
+ data.encrypted_secret = enc_sec_reverted.data;
+ data.access_check = enc_xs->data;
+ ndr_err = ndr_push_struct_blob(&blob2, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped);
+ /*
+ printf("Encrypted secret encrypted\n");
+ print_hex(enc_sec->data, enc_sec->length);
+ printf("Access check encrypted\n");
+ print_hex(enc_xs->data, enc_xs->length);
+ */
+ ZERO_STRUCT(r);
+ GUID_from_string(BACKUPKEY_RESTORE_GUID, &g);
+ r.in.guidActionAgent = &g;
+ r.in.data_in = blob2.data;
+ r.in.data_in_len = blob2.length;
+ r.in.param = 0;
+ r.out.data_out = &out_blob.data;
+ r.out.data_out_len = &out_blob.length;
+
+ torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r), "Restore GUID");
+ ndr_err = ndr_pull_struct_blob(&out_blob, tctx, &resp, (ndr_pull_flags_fn_t)ndr_pull_bkrp_client_side_unwrapped);
+ torture_assert_int_equal(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), 0, "Unable to unmarshall bkrp_client_side_unwrapped");
+ torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_PARAM, "Wrong error code on wrong version");
+ } else {
+ torture_assert_ntstatus_equal(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r),
+ NT_STATUS_ACCESS_DENIED, "Get GUID");
+ }
+ return true;
+}
+
+static bool test_RestoreGUID_wronguser(struct torture_context *tctx,
+ struct dcerpc_pipe *p) {
+ struct dcerpc_binding_handle *b = p->binding_handle;
+ struct dcerpc_binding *binding = p->binding;
+ struct bkrp_BackupKey r;
+ struct bkrp_client_side_wrapped data;
+ struct GUID g;
+ enum ndr_err_code ndr_err;
+ DATA_BLOB blob;
+ DATA_BLOB out_blob;
+
+ binding->flags = binding->flags &(DCERPC_SEAL|DCERPC_AUTH_SPNEGO);
+ ZERO_STRUCT(r);
+ ZERO_STRUCT(data);
+ GUID_from_string(BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID, &g);
+ r.in.guidActionAgent = &g;
+ data.version = 2;
+ data.encrypted_secret_len = 0;
+ data.access_check_len = 0;
+ ndr_err = ndr_push_struct_blob(&blob, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped);
+
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ return false;
+ }
+
+ r.in.data_in = blob.data;
+ r.in.data_in_len = blob.length;
+ r.in.param = 0;
+ r.out.data_out = &out_blob.data;
+ r.out.data_out_len = &out_blob.length;
+ //DEBUG(0, ("Is the stuff not encrypted ? %s \n", p->conn->security_state.auth_info == NULL?"yes":"no"));
+ if( p->conn->security_state.auth_info != NULL &&
+ p->conn->security_state.auth_info->auth_level == 6) {
+
+ DATA_BLOB *xs;
+ DATA_BLOB *sec;
+ DATA_BLOB *enc_sec;
+ DATA_BLOB enc_sec_reverted;
+ DATA_BLOB *enc_xs;
+ DATA_BLOB des3_key;
+ DATA_BLOB iv;
+ DATA_BLOB blob2;
+ struct bkrp_client_side_unwrapped resp;
+ struct GUID * guid;
+ int t;
+ uint32_t size;
+
+ torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r),
+ "Get GUID");
+
+ sec = create_unencryptedsecret(tctx, false, 2);
+ xs = create_access_check(tctx, p, tctx, "guest", false, 2);
+ if (xs == NULL) {
+ return false;
+ }
+
+ enc_sec = encrypt_blob_pk(tctx, tctx, out_blob.data, out_blob.length, sec);
+ if (!enc_sec) {
+ return false;
+ }
+ /*
+ printf("Encrypted secret not encrypted\n");
+ print_hex(sec->data, sec->length);
+ printf("Access check not encrypted\n");
+ print_hex(xs->data, xs->length);
+ */
+ enc_sec_reverted.data = talloc_array(tctx, uint8_t, enc_sec->length);
+ enc_sec_reverted.length = enc_sec->length;
+
+ for(t=0; t< enc_sec->length; t++) {
+ enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[enc_sec->length - t -1];
+ //enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[t];
+ }
+
+ size = sec->length;
+ iv.data = sec->data+(size-8);
+ iv.length = 8;
+
+ des3_key.data = sec->data+(size-32);
+ des3_key.length = 24;
+
+ /*
+ printf("Triple des key\n");
+ print_hex(des3_key.data, 24);
+ */
+ enc_xs = encrypt_blob_3des(tctx, tctx, &des3_key, &iv, xs);
+ if (!enc_xs) {
+ return false;
+ }
+ /* To cope with the fact that heimdal do padding at the end for the moment */
+ enc_xs->length = xs->length;
+ /*
+ printf("Access check redecrypted: %d\n", tmp.length);
+ print_hex(tmp.data, tmp.length);
+ */
+
+ data.version = 2;
+ data.encrypted_secret_len = enc_sec->length;
+ data.access_check_len = enc_xs->length;
+ guid = get_cert_guid(tctx, tctx, out_blob.data, out_blob.length);
+ if (guid == NULL) {
+ return false;
+ }
+ data.guid = *guid;
+ data.encrypted_secret = enc_sec_reverted.data;
+ data.access_check = enc_xs->data;
+ ndr_err = ndr_push_struct_blob(&blob2, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped);
+ /*
+ printf("Encrypted secret encrypted\n");
+ print_hex(enc_sec->data, enc_sec->length);
+ printf("Access check encrypted\n");
+ print_hex(enc_xs->data, enc_xs->length);
+ */
+ ZERO_STRUCT(r);
+ GUID_from_string(BACKUPKEY_RESTORE_GUID, &g);
+ r.in.guidActionAgent = &g;
+ r.in.data_in = blob2.data;
+ r.in.data_in_len = blob2.length;
+ r.in.param = 0;
+ r.out.data_out = &out_blob.data;
+ r.out.data_out_len = &out_blob.length;
+
+ torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r), "Restore GUID");
+ ndr_err = ndr_pull_struct_blob(&out_blob, tctx, &resp, (ndr_pull_flags_fn_t)ndr_pull_bkrp_client_side_unwrapped);
+ torture_assert_int_equal(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), 0, "Unable to unmarshall bkrp_client_side_unwrapped");
+ torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_ACCESS, "Restore GUID");
+ } else {
+ torture_assert_ntstatus_equal(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r),
+ NT_STATUS_ACCESS_DENIED, "Get GUID");
+ }
+ return true;
+}
+
+static bool test_RestoreGUID_v3(struct torture_context *tctx,
+ struct dcerpc_pipe *p) {
+ struct dcerpc_binding_handle *b = p->binding_handle;
+ struct dcerpc_binding *binding = p->binding;
+ struct bkrp_BackupKey r;
+ struct bkrp_client_side_wrapped data;
+ struct GUID g;
+ enum ndr_err_code ndr_err;
+ DATA_BLOB blob;
+ DATA_BLOB out_blob;
+
+ binding->flags = binding->flags &(DCERPC_SEAL|DCERPC_AUTH_SPNEGO);
+ ZERO_STRUCT(r);
+ ZERO_STRUCT(data);
+ GUID_from_string(BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID, &g);
+ r.in.guidActionAgent = &g;
+ data.version = 3;
+ data.encrypted_secret_len = 0;
+ data.access_check_len = 0;
+ ndr_err = ndr_push_struct_blob(&blob, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped);
+
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ return false;
+ }
+
+ r.in.data_in = blob.data;
+ r.in.data_in_len = blob.length;
+ r.in.param = 0;
+ r.out.data_out = &out_blob.data;
+ r.out.data_out_len = &out_blob.length;
+ if( p->conn->security_state.auth_info != NULL &&
+ p->conn->security_state.auth_info->auth_level == 6) {
+
+ DATA_BLOB *xs;
+ DATA_BLOB *sec;
+ DATA_BLOB *enc_sec;
+ DATA_BLOB enc_sec_reverted;
+ DATA_BLOB *enc_xs;
+ DATA_BLOB aes_key;
+ DATA_BLOB iv;
+ DATA_BLOB blob2;
+ struct bkrp_client_side_unwrapped resp;
+ struct GUID * guid;
+ int t;
+ uint32_t size;
+ const char* user = cli_credentials_get_username(cmdline_credentials);
+
+ torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r),
+ "Get GUID");
+
+ sec = create_unencryptedsecret(tctx, false, 3);
+ xs = create_access_check(tctx, p, tctx, user, false, 3);
+ if (xs == NULL) {
+ return false;
+ }
+
+ enc_sec = encrypt_blob_pk(tctx, tctx, out_blob.data, out_blob.length, sec);
+ if (!enc_sec) {
+ return false;
+ }
+ /*
+ printf("Encrypted secret not encrypted\n");
+ print_hex(sec->data, sec->length);
+ printf("Access check not encrypted\n");
+ print_hex(xs->data, xs->length);
+ printf("\n");
+ for(t=0; t<xs->length-64; t++) {
+ fprintf(stderr, "%c", xs->data[t]);
+ }
+ print_hex(xs->data, xs->length-64);
+ */
+
+ enc_sec_reverted.data = talloc_array(tctx, uint8_t, enc_sec->length);
+ enc_sec_reverted.length = enc_sec->length;
+
+ for(t=0; t< enc_sec->length; t++) {
+ enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[enc_sec->length - t -1];
+ //enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[t];
+ }
+
+ size = sec->length;
+ iv.data = sec->data+(size-16);
+ iv.length = 16;
+
+ aes_key.data = sec->data+(size-48);
+ aes_key.length = 32;
+
+ /*
+ printf("Triple des key\n");
+ print_hex(des3_key.data, 24);
+ */
+ enc_xs = encrypt_blob_aes(tctx, tctx, &aes_key, &iv, xs);
+ if (!enc_xs) {
+ return false;
+ }
+ /* To cope with the fact that heimdal do padding at the end for the moment */
+ enc_xs->length = xs->length;
+ /*
+ printf("Access check redecrypted: %d\n", tmp.length);
+ print_hex(tmp.data, tmp.length);
+ */
+
+ data.version = 3;
+ data.encrypted_secret_len = enc_sec->length;
+ data.access_check_len = enc_xs->length;
+ guid = get_cert_guid(tctx, tctx, out_blob.data, out_blob.length);
+ if (guid == NULL) {
+ return false;
+ }
+ data.guid = *guid;
+ data.encrypted_secret = enc_sec_reverted.data;
+ data.access_check = enc_xs->data;
+ ndr_err = ndr_push_struct_blob(&blob2, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped);
+ ZERO_STRUCT(r);
+ GUID_from_string(BACKUPKEY_RESTORE_GUID, &g);
+ r.in.guidActionAgent = &g;
+ r.in.data_in = blob2.data;
+ r.in.data_in_len = blob2.length;
+ r.in.param = 0;
+ r.out.data_out = &out_blob.data;
+ r.out.data_out_len = &out_blob.length;
+
+ torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r), "Restore GUID");
+ ndr_err = ndr_pull_struct_blob(&out_blob, tctx, &resp, (ndr_pull_flags_fn_t)ndr_pull_bkrp_client_side_unwrapped);
+ torture_assert_int_equal(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), 1, "Unable to unmarshall bkrp_client_side_unwrapped");
+ torture_assert_werr_equal(tctx, r.out.result, WERR_OK, "Restore GUID");
+ torture_assert_str_equal(tctx, (char*)resp.secret.data, secret, "Wrong secret");
+ } else {
+ torture_assert_ntstatus_equal(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r),
+ NT_STATUS_ACCESS_DENIED, "Get GUID");
+ }
+ return true;
+}
+
+static bool test_RestoreGUID(struct torture_context *tctx,
+ struct dcerpc_pipe *p) {
+ struct dcerpc_binding_handle *b = p->binding_handle;
+ struct dcerpc_binding *binding = p->binding;
+ struct bkrp_BackupKey r;
+ struct bkrp_client_side_wrapped data;
+ struct GUID g;
+ enum ndr_err_code ndr_err;
+ DATA_BLOB blob;
+ DATA_BLOB out_blob;
+
+ binding->flags = binding->flags &(DCERPC_SEAL|DCERPC_AUTH_SPNEGO);
+ ZERO_STRUCT(r);
+ ZERO_STRUCT(data);
+ GUID_from_string(BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID, &g);
+ r.in.guidActionAgent = &g;
+ data.version = 2;
+ data.encrypted_secret_len = 0;
+ data.access_check_len = 0;
+ ndr_err = ndr_push_struct_blob(&blob, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped);
+
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ return false;
+ }
+
+ r.in.data_in = blob.data;
+ r.in.data_in_len = blob.length;
+ r.in.param = 0;
+ r.out.data_out = &out_blob.data;
+ r.out.data_out_len = &out_blob.length;
+ if( p->conn->security_state.auth_info != NULL &&
+ p->conn->security_state.auth_info->auth_level == 6) {
+
+ DATA_BLOB *xs;
+ DATA_BLOB *sec;
+ DATA_BLOB *enc_sec;
+ DATA_BLOB enc_sec_reverted;
+ DATA_BLOB *enc_xs;
+ DATA_BLOB des3_key;
+ DATA_BLOB iv;
+ DATA_BLOB blob2;
+ struct bkrp_client_side_unwrapped resp;
+ struct GUID * guid;
+ int t;
+ uint32_t size;
+ const char* user = cli_credentials_get_username(cmdline_credentials);
+
+ torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r),
+ "Get GUID");
+
+ sec = create_unencryptedsecret(tctx, false, 2);
+ xs = create_access_check(tctx, p, tctx, user, false, 2);
+ if (xs == NULL) {
+ return false;
+ }
+
+ enc_sec = encrypt_blob_pk(tctx, tctx, out_blob.data, out_blob.length, sec);
+ if (!enc_sec) {
+ return false;
+ }
+ /*
+ printf("Encrypted secret not encrypted\n");
+ print_hex(sec->data, sec->length);
+ printf("Access check not encrypted\n");
+ print_hex(xs->data, xs->length);
+ */
+ enc_sec_reverted.data = talloc_array(tctx, uint8_t, enc_sec->length);
+ enc_sec_reverted.length = enc_sec->length;
+
+ for(t=0; t< enc_sec->length; t++) {
+ enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[enc_sec->length - t -1];
+ //enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[t];
+ }
+
+ size = sec->length;
+ iv.data = sec->data+(size-8);
+ iv.length = 8;
+
+ des3_key.data = sec->data+(size-32);
+ des3_key.length = 24;
+
+ /*
+ printf("Triple des key\n");
+ print_hex(des3_key.data, 24);
+ */
+ enc_xs = encrypt_blob_3des(tctx, tctx, &des3_key, &iv, xs);
+ if (!enc_xs) {
+ return false;
+ }
+ /* To cope with the fact that heimdal do padding at the end for the moment */
+ enc_xs->length = xs->length;
+ /*
+ printf("Access check redecrypted: %d\n", tmp.length);
+ print_hex(tmp.data, tmp.length);
+ */
+
+ data.version = 2;
+ data.encrypted_secret_len = enc_sec->length;
+ data.access_check_len = enc_xs->length;
+ guid = get_cert_guid(tctx, tctx, out_blob.data, out_blob.length);
+ if (guid == NULL) {
+ return false;
+ }
+ data.guid = *guid;
+ data.encrypted_secret = enc_sec_reverted.data;
+ data.access_check = enc_xs->data;
+ ndr_err = ndr_push_struct_blob(&blob2, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped);
+ ZERO_STRUCT(r);
+ GUID_from_string(BACKUPKEY_RESTORE_GUID, &g);
+ r.in.guidActionAgent = &g;
+ r.in.data_in = blob2.data;
+ r.in.data_in_len = blob2.length;
+ r.in.param = 0;
+ r.out.data_out = &out_blob.data;
+ r.out.data_out_len = &out_blob.length;
+
+ torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r), "Restore GUID");
+ ndr_err = ndr_pull_struct_blob(&out_blob, tctx, &resp, (ndr_pull_flags_fn_t)ndr_pull_bkrp_client_side_unwrapped);
+ torture_assert_int_equal(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), 1, "Unable to unmarshall bkrp_client_side_unwrapped");
+ torture_assert_werr_equal(tctx, r.out.result, WERR_OK, "Restore GUID");
+ torture_assert_str_equal(tctx, (char*)resp.secret.data, secret, "Wrong secret");
+ } else {
+ torture_assert_ntstatus_equal(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r),
+ NT_STATUS_ACCESS_DENIED, "Get GUID");
+ }
+ return true;
+}
+
+static bool test_RestoreGUID_badmagiconsecret(struct torture_context *tctx,
+ struct dcerpc_pipe *p) {
+ struct dcerpc_binding_handle *b = p->binding_handle;
+ struct dcerpc_binding *binding = p->binding;
+ struct bkrp_BackupKey r;
+ struct bkrp_client_side_wrapped data;
+ struct GUID g;
+ enum ndr_err_code ndr_err;
+ DATA_BLOB blob;
+ DATA_BLOB out_blob;
+
+ binding->flags = binding->flags &(DCERPC_SEAL|DCERPC_AUTH_SPNEGO);
+ ZERO_STRUCT(r);
+ ZERO_STRUCT(data);
+ GUID_from_string(BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID, &g);
+ r.in.guidActionAgent = &g;
+ data.version = 2;
+ data.encrypted_secret_len = 0;
+ data.access_check_len = 0;
+ ndr_err = ndr_push_struct_blob(&blob, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped);
+
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ return false;
+ }
+
+ r.in.data_in = blob.data;
+ r.in.data_in_len = blob.length;
+ r.in.param = 0;
+ r.out.data_out = &out_blob.data;
+ r.out.data_out_len = &out_blob.length;
+ if( p->conn->security_state.auth_info != NULL &&
+ p->conn->security_state.auth_info->auth_level == 6) {
+
+ DATA_BLOB *xs;
+ DATA_BLOB *sec;
+ DATA_BLOB *enc_sec;
+ DATA_BLOB enc_sec_reverted;
+ DATA_BLOB *enc_xs;
+ DATA_BLOB des3_key;
+ DATA_BLOB iv;
+ DATA_BLOB blob2;
+ struct bkrp_client_side_unwrapped resp;
+ struct GUID * guid;
+ int t;
+ uint32_t size;
+ const char* user = cli_credentials_get_username(cmdline_credentials);
+
+ torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r),
+ "Get GUID");
+
+ sec = create_unencryptedsecret(tctx, true, 2);
+ xs = create_access_check(tctx, p, tctx, user, false, 2);
+ if (xs == NULL) {
+ return false;
+ }
+
+ enc_sec = encrypt_blob_pk(tctx, tctx, out_blob.data, out_blob.length, sec);
+ if (!enc_sec) {
+ return false;
+ }
+ /*
+ printf("Encrypted secret not encrypted\n");
+ print_hex(sec->data, sec->length);
+ printf("Access check not encrypted\n");
+ print_hex(xs->data, xs->length);
+ */
+ enc_sec_reverted.data = talloc_array(tctx, uint8_t, enc_sec->length);
+ enc_sec_reverted.length = enc_sec->length;
+
+ for(t=0; t< enc_sec->length; t++) {
+ enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[enc_sec->length - t -1];
+ //enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[t];
+ }
+
+ size = sec->length;
+ iv.data = sec->data+(size-8);
+ iv.length = 8;
+
+ des3_key.data = sec->data+(size-32);
+ des3_key.length = 24;
+
+ /*
+ printf("Triple des key\n");
+ print_hex(des3_key.data, 24);
+ */
+ enc_xs = encrypt_blob_3des(tctx, tctx, &des3_key, &iv, xs);
+ if (!enc_xs) {
+ return false;
+ }
+ /* To cope with the fact that heimdal do padding at the end for the moment */
+ enc_xs->length = xs->length;
+ /*
+ printf("Access check redecrypted: %d\n", tmp.length);
+ print_hex(tmp.data, tmp.length);
+ */
+
+ data.version = 2;
+ data.encrypted_secret_len = enc_sec->length;
+ data.access_check_len = enc_xs->length;
+ guid = get_cert_guid(tctx, tctx, out_blob.data, out_blob.length);
+ if (guid == NULL) {
+ return false;
+ }
+ data.guid = *guid;
+ data.encrypted_secret = enc_sec_reverted.data;
+ data.access_check = enc_xs->data;
+ ndr_err = ndr_push_struct_blob(&blob2, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped);
+ ZERO_STRUCT(r);
+ GUID_from_string(BACKUPKEY_RESTORE_GUID, &g);
+ r.in.guidActionAgent = &g;
+ r.in.data_in = blob2.data;
+ r.in.data_in_len = blob2.length;
+ r.in.param = 0;
+ r.out.data_out = &out_blob.data;
+ r.out.data_out_len = &out_blob.length;
+
+ torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r), "Restore GUID");
+ ndr_err = ndr_pull_struct_blob(&out_blob, tctx, &resp, (ndr_pull_flags_fn_t)ndr_pull_bkrp_client_side_unwrapped);
+ torture_assert_int_equal(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), 0, "Unable to unmarshall bkrp_client_side_unwrapped");
+ torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_DATA, "Wrong error code while providing bad magic in secret");
+ } else {
+ torture_assert_ntstatus_equal(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r),
+ NT_STATUS_ACCESS_DENIED, "Get GUID");
+ }
+ return true;
+}
+
+static bool test_RestoreGUID_emptyrequest(struct torture_context *tctx,
+ struct dcerpc_pipe *p) {
+ struct dcerpc_binding_handle *b = p->binding_handle;
+ struct dcerpc_binding *binding = p->binding;
+ struct bkrp_BackupKey r;
+ struct bkrp_client_side_wrapped data;
+ struct GUID g;
+ enum ndr_err_code ndr_err;
+ DATA_BLOB blob;
+ DATA_BLOB out_blob;
+
+ binding->flags = binding->flags &(DCERPC_SEAL|DCERPC_AUTH_SPNEGO);
+ ZERO_STRUCT(r);
+ ZERO_STRUCT(data);
+ GUID_from_string(BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID, &g);
+ r.in.guidActionAgent = &g;
+ data.version = 2;
+ data.encrypted_secret_len = 0;
+ data.access_check_len = 0;
+ ndr_err = ndr_push_struct_blob(&blob, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped);
+
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ return false;
+ }
+
+ r.in.data_in = blob.data;
+ r.in.data_in_len = blob.length;
+ r.in.param = 0;
+ r.out.data_out = &out_blob.data;
+ r.out.data_out_len = &out_blob.length;
+ if( p->conn->security_state.auth_info != NULL &&
+ p->conn->security_state.auth_info->auth_level == 6) {
+
+ struct bkrp_client_side_unwrapped resp;
+ struct GUID * guid;
+
+ torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r),
+ "Get GUID");
+
+ guid = get_cert_guid(tctx, tctx, out_blob.data, out_blob.length);
+ if (guid == NULL) {
+ return false;
+ }
+ data.guid = *guid;
+ ZERO_STRUCT(r);
+ GUID_from_string(BACKUPKEY_RESTORE_GUID, &g);
+ r.in.guidActionAgent = &g;
+ r.in.data_in = talloc(tctx, uint8_t);
+ r.in.data_in_len = 0;
+ r.in.param = 0;
+ r.out.data_out = &out_blob.data;
+ r.out.data_out_len = &out_blob.length;
+
+ torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r), "Restore GUID");
+ ndr_err = ndr_pull_struct_blob(&out_blob, tctx, &resp, (ndr_pull_flags_fn_t)ndr_pull_bkrp_client_side_unwrapped);
+ torture_assert_int_equal(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), 0, "Unable to unmarshall bkrp_client_side_unwrapped");
+ torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_PARAM, "Bad error code on wrong has in access check");
+ } else {
+ torture_assert_ntstatus_equal(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r),
+ NT_STATUS_ACCESS_DENIED, "Get GUID");
+ }
+ return true;
+}
+
+static bool test_RestoreGUID_badcertguid(struct torture_context *tctx,
+ struct dcerpc_pipe *p) {
+ struct dcerpc_binding_handle *b = p->binding_handle;
+ struct dcerpc_binding *binding = p->binding;
+ struct bkrp_BackupKey r;
+ struct bkrp_client_side_wrapped data;
+ struct GUID g;
+ enum ndr_err_code ndr_err;
+ DATA_BLOB blob;
+ DATA_BLOB out_blob;
+
+ binding->flags = binding->flags &(DCERPC_SEAL|DCERPC_AUTH_SPNEGO);
+ ZERO_STRUCT(r);
+ ZERO_STRUCT(data);
+ GUID_from_string(BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID, &g);
+ r.in.guidActionAgent = &g;
+ data.version = 2;
+ data.encrypted_secret_len = 0;
+ data.access_check_len = 0;
+ ndr_err = ndr_push_struct_blob(&blob, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped);
+
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ return false;
+ }
+
+ r.in.data_in = blob.data;
+ r.in.data_in_len = blob.length;
+ r.in.param = 0;
+ r.out.data_out = &out_blob.data;
+ r.out.data_out_len = &out_blob.length;
+ if( p->conn->security_state.auth_info != NULL &&
+ p->conn->security_state.auth_info->auth_level == 6) {
+
+ DATA_BLOB *xs;
+ DATA_BLOB *sec;
+ DATA_BLOB *enc_sec;
+ DATA_BLOB enc_sec_reverted;
+ DATA_BLOB *enc_xs;
+ DATA_BLOB des3_key;
+ DATA_BLOB iv;
+ DATA_BLOB blob2;
+ struct bkrp_client_side_unwrapped resp;
+ struct GUID * guid;
+ int t;
+ uint32_t size;
+ const char* user = cli_credentials_get_username(cmdline_credentials);
+
+ torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r),
+ "Get GUID");
+
+ sec = create_unencryptedsecret(tctx, false, 2);
+ xs = create_access_check(tctx, p, tctx, user, false, 2);
+ if (xs == NULL) {
+ return false;
+ }
+ xs->data[0]++;
+
+ enc_sec = encrypt_blob_pk(tctx, tctx, out_blob.data, out_blob.length, sec);
+ if (!enc_sec) {
+ return false;
+ }
+ /*
+ printf("Encrypted secret not encrypted\n");
+ print_hex(sec->data, sec->length);
+ printf("Access check not encrypted\n");
+ print_hex(xs->data, xs->length);
+ */
+ enc_sec_reverted.data = talloc_array(tctx, uint8_t, enc_sec->length);
+ enc_sec_reverted.length = enc_sec->length;
+
+ for(t=0; t< enc_sec->length; t++) {
+ enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[enc_sec->length - t -1];
+ //enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[t];
+ }
+
+ size = sec->length;
+ iv.data = sec->data+(size-8);
+ iv.length = 8;
+
+ des3_key.data = sec->data+(size-32);
+ des3_key.length = 24;
+
+ /*
+ printf("Triple des key\n");
+ print_hex(des3_key.data, 24);
+ */
+ enc_xs = encrypt_blob_3des(tctx, tctx, &des3_key, &iv, xs);
+ if (!enc_xs) {
+ return false;
+ }
+ /* To cope with the fact that heimdal do padding at the end for the moment */
+ enc_xs->length = xs->length;
+ /*
+ printf("Access check redecrypted: %d\n", tmp.length);
+ print_hex(tmp.data, tmp.length);
+ */
+
+ data.version = 2;
+ data.encrypted_secret_len = enc_sec->length;
+ data.access_check_len = enc_xs->length;
+ guid = get_cert_guid(tctx, tctx, out_blob.data, out_blob.length);
+ if (guid == NULL) {
+ return false;
+ }
+ data.guid = GUID_random();
+ data.encrypted_secret = enc_sec_reverted.data;
+ data.access_check = enc_xs->data;
+ ndr_err = ndr_push_struct_blob(&blob2, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped);
+ ZERO_STRUCT(r);
+ GUID_from_string(BACKUPKEY_RESTORE_GUID, &g);
+ r.in.guidActionAgent = &g;
+ r.in.data_in = blob2.data;
+ r.in.data_in_len = blob2.length;
+ r.in.param = 0;
+ r.out.data_out = &out_blob.data;
+ r.out.data_out_len = &out_blob.length;
+
+ torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r), "Restore GUID");
+ ndr_err = ndr_pull_struct_blob(&out_blob, tctx, &resp, (ndr_pull_flags_fn_t)ndr_pull_bkrp_client_side_unwrapped);
+ torture_assert_int_equal(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), 0, "Unable to unmarshall bkrp_client_side_unwrapped");
+ torture_assert_werr_equal(tctx, r.out.result, WERR_FILE_NOT_FOUND, "Bad error code on wrong has in access check");
+ } else {
+ torture_assert_ntstatus_equal(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r),
+ NT_STATUS_ACCESS_DENIED, "Get GUID");
+ }
+ return true;
+}
+
+static bool test_RestoreGUID_badmagicaccesscheck(struct torture_context *tctx,
+ struct dcerpc_pipe *p) {
+ struct dcerpc_binding_handle *b = p->binding_handle;
+ struct dcerpc_binding *binding = p->binding;
+ struct bkrp_BackupKey r;
+ struct bkrp_client_side_wrapped data;
+ struct GUID g;
+ enum ndr_err_code ndr_err;
+ DATA_BLOB blob;
+ DATA_BLOB out_blob;
+
+ binding->flags = binding->flags &(DCERPC_SEAL|DCERPC_AUTH_SPNEGO);
+ ZERO_STRUCT(r);
+ ZERO_STRUCT(data);
+ GUID_from_string(BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID, &g);
+ r.in.guidActionAgent = &g;
+ data.version = 2;
+ data.encrypted_secret_len = 0;
+ data.access_check_len = 0;
+ ndr_err = ndr_push_struct_blob(&blob, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped);
+
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ return false;
+ }
+
+ r.in.data_in = blob.data;
+ r.in.data_in_len = blob.length;
+ r.in.param = 0;
+ r.out.data_out = &out_blob.data;
+ r.out.data_out_len = &out_blob.length;
+ if( p->conn->security_state.auth_info != NULL &&
+ p->conn->security_state.auth_info->auth_level == 6) {
+
+ DATA_BLOB *xs;
+ DATA_BLOB *sec;
+ DATA_BLOB *enc_sec;
+ DATA_BLOB enc_sec_reverted;
+ DATA_BLOB *enc_xs;
+ DATA_BLOB des3_key;
+ DATA_BLOB iv;
+ DATA_BLOB blob2;
+ struct bkrp_client_side_unwrapped resp;
+ struct GUID * guid;
+ int t;
+ uint32_t size;
+ const char* user = cli_credentials_get_username(cmdline_credentials);
+
+ torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r),
+ "Get GUID");
+
+ sec = create_unencryptedsecret(tctx, false, 2);
+ xs = create_access_check(tctx, p, tctx, user, false, 2);
+ if (xs == NULL) {
+ return false;
+ }
+ xs->data[0]++;
+
+ enc_sec = encrypt_blob_pk(tctx, tctx, out_blob.data, out_blob.length, sec);
+ if (!enc_sec) {
+ return false;
+ }
+ /*
+ printf("Encrypted secret not encrypted\n");
+ print_hex(sec->data, sec->length);
+ printf("Access check not encrypted\n");
+ print_hex(xs->data, xs->length);
+ */
+ enc_sec_reverted.data = talloc_array(tctx, uint8_t, enc_sec->length);
+ enc_sec_reverted.length = enc_sec->length;
+
+ for(t=0; t< enc_sec->length; t++) {
+ enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[enc_sec->length - t -1];
+ //enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[t];
+ }
+
+ size = sec->length;
+ iv.data = sec->data+(size-8);
+ iv.length = 8;
+
+ des3_key.data = sec->data+(size-32);
+ des3_key.length = 24;
+
+ /*
+ printf("Triple des key\n");
+ print_hex(des3_key.data, 24);
+ */
+ enc_xs = encrypt_blob_3des(tctx, tctx, &des3_key, &iv, xs);
+ if (!enc_xs) {
+ return false;
+ }
+ /* To cope with the fact that heimdal do padding at the end for the moment */
+ enc_xs->length = xs->length;
+ /*
+ printf("Access check redecrypted: %d\n", tmp.length);
+ print_hex(tmp.data, tmp.length);
+ */
+
+ data.version = 2;
+ data.encrypted_secret_len = enc_sec->length;
+ data.access_check_len = enc_xs->length;
+ guid = get_cert_guid(tctx, tctx, out_blob.data, out_blob.length);
+ if (guid == NULL) {
+ return false;
+ }
+ data.guid = *guid;
+ data.encrypted_secret = enc_sec_reverted.data;
+ data.access_check = enc_xs->data;
+ ndr_err = ndr_push_struct_blob(&blob2, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped);
+ ZERO_STRUCT(r);
+ GUID_from_string(BACKUPKEY_RESTORE_GUID, &g);
+ r.in.guidActionAgent = &g;
+ r.in.data_in = blob2.data;
+ r.in.data_in_len = blob2.length;
+ r.in.param = 0;
+ r.out.data_out = &out_blob.data;
+ r.out.data_out_len = &out_blob.length;
+
+ torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r), "Restore GUID");
+ ndr_err = ndr_pull_struct_blob(&out_blob, tctx, &resp, (ndr_pull_flags_fn_t)ndr_pull_bkrp_client_side_unwrapped);
+ torture_assert_int_equal(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), 0, "Unable to unmarshall bkrp_client_side_unwrapped");
+ torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_DATA, "Bad error code on wrong has in access check");
+ } else {
+ torture_assert_ntstatus_equal(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r),
+ NT_STATUS_ACCESS_DENIED, "Get GUID");
+ }
+ return true;
+}
+
+static bool test_RestoreGUID_badhashaccesscheck(struct torture_context *tctx,
+ struct dcerpc_pipe *p) {
+ struct dcerpc_binding_handle *b = p->binding_handle;
+ struct dcerpc_binding *binding = p->binding;
+ struct bkrp_BackupKey r;
+ struct bkrp_client_side_wrapped data;
+ struct GUID g;
+ enum ndr_err_code ndr_err;
+ DATA_BLOB blob;
+ DATA_BLOB out_blob;
+
+ binding->flags = binding->flags &(DCERPC_SEAL|DCERPC_AUTH_SPNEGO);
+ ZERO_STRUCT(r);
+ ZERO_STRUCT(data);
+ GUID_from_string(BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID, &g);
+ r.in.guidActionAgent = &g;
+ data.version = 2;
+ data.encrypted_secret_len = 0;
+ data.access_check_len = 0;
+ ndr_err = ndr_push_struct_blob(&blob, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped);
+
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ return false;
+ }
+
+ r.in.data_in = blob.data;
+ r.in.data_in_len = blob.length;
+ r.in.param = 0;
+ r.out.data_out = &out_blob.data;
+ r.out.data_out_len = &out_blob.length;
+ if( p->conn->security_state.auth_info != NULL &&
+ p->conn->security_state.auth_info->auth_level == 6) {
+
+ DATA_BLOB *xs;
+ DATA_BLOB *sec;
+ DATA_BLOB *enc_sec;
+ DATA_BLOB enc_sec_reverted;
+ DATA_BLOB *enc_xs;
+ DATA_BLOB des3_key;
+ DATA_BLOB iv;
+ DATA_BLOB blob2;
+ struct bkrp_client_side_unwrapped resp;
+ struct GUID * guid;
+ int t;
+ uint32_t size;
+ const char* user = cli_credentials_get_username(cmdline_credentials);
+
+ torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r),
+ "Get GUID");
+
+ sec = create_unencryptedsecret(tctx, false, 2);
+ xs = create_access_check(tctx, p, tctx, user, true, 2);
+ if (xs == NULL) {
+ return false;
+ }
+
+ enc_sec = encrypt_blob_pk(tctx, tctx, out_blob.data, out_blob.length, sec);
+ if (!enc_sec) {
+ return false;
+ }
+ /*
+ printf("Encrypted secret not encrypted\n");
+ print_hex(sec->data, sec->length);
+ printf("Access check not encrypted\n");
+ print_hex(xs->data, xs->length);
+ */
+ enc_sec_reverted.data = talloc_array(tctx, uint8_t, enc_sec->length);
+ enc_sec_reverted.length = enc_sec->length;
+
+ for(t=0; t< enc_sec->length; t++) {
+ enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[enc_sec->length - t -1];
+ //enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[t];
+ }
+
+ size = sec->length;
+ iv.data = sec->data+(size-8);
+ iv.length = 8;
+
+ des3_key.data = sec->data+(size-32);
+ des3_key.length = 24;
+
+ /*
+ printf("Triple des key\n");
+ print_hex(des3_key.data, 24);
+ */
+ enc_xs = encrypt_blob_3des(tctx, tctx, &des3_key, &iv, xs);
+ if (!enc_xs) {
+ return false;
+ }
+ /* To cope with the fact that heimdal do padding at the end for the moment */
+ enc_xs->length = xs->length;
+ /*
+ printf("Access check redecrypted: %d\n", tmp.length);
+ print_hex(tmp.data, tmp.length);
+ */
+
+ data.version = 2;
+ data.encrypted_secret_len = enc_sec->length;
+ data.access_check_len = enc_xs->length;
+ guid = get_cert_guid(tctx, tctx, out_blob.data, out_blob.length);
+ if (guid == NULL) {
+ return false;
+ }
+ data.guid = *guid;
+ data.encrypted_secret = enc_sec_reverted.data;
+ data.access_check = enc_xs->data;
+ ndr_err = ndr_push_struct_blob(&blob2, tctx, &data, (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped);
+ ZERO_STRUCT(r);
+ GUID_from_string(BACKUPKEY_RESTORE_GUID, &g);
+ r.in.guidActionAgent = &g;
+ r.in.data_in = blob2.data;
+ r.in.data_in_len = blob2.length;
+ r.in.param = 0;
+ r.out.data_out = &out_blob.data;
+ r.out.data_out_len = &out_blob.length;
+
+ torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r), "Restore GUID");
+ ndr_err = ndr_pull_struct_blob(&out_blob, tctx, &resp, (ndr_pull_flags_fn_t)ndr_pull_bkrp_client_side_unwrapped);
+ torture_assert_int_equal(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), 0, "Unable to unmarshall bkrp_client_side_unwrapped");
+ torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_DATA, "Bad error code on wrong has in access check");
+ } else {
+ torture_assert_ntstatus_equal(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, &r),
+ NT_STATUS_ACCESS_DENIED, "Get GUID");
+ }
+ return true;
+}
+
+struct torture_suite *torture_rpc_backupkey(TALLOC_CTX *mem_ctx)
+{
+ struct torture_rpc_tcase *tcase;
+ struct torture_suite *suite = torture_suite_create(mem_ctx, "BACKUPKEY");
+ struct torture_test *test;
+
+ tcase = torture_suite_add_rpc_iface_tcase(suite, "backupkey",
+ &ndr_table_backupkey);
+
+ test = torture_rpc_tcase_add_test(tcase, "retreive_backup_key_guid",
+ test_RetreiveBackupKeyGUID);
+ test = torture_rpc_tcase_add_test(tcase, "restore_guid",
+ test_RestoreGUID);
+ test = torture_rpc_tcase_add_test(tcase, "restore_guid version 3",
+ test_RestoreGUID_v3);
+/* We double the test in order to be sure that we don't mess stuff (ie. freeing static stuff */
+
+ test = torture_rpc_tcase_add_test(tcase, "restore_guid_2nd",
+ test_RestoreGUID);
+
+ test = torture_rpc_tcase_add_test(tcase, "unable_to_decrypt_secret",
+ test_RestoreGUID_ko);
+
+ test = torture_rpc_tcase_add_test(tcase, "wrong_user_restore_guid",
+ test_RestoreGUID_wronguser);
+
+ test = torture_rpc_tcase_add_test(tcase, "wrong_version_restore_guid",
+ test_RestoreGUID_wrongversion);
+
+ test = torture_rpc_tcase_add_test(tcase, "bad_magic_on_secret_restore_guid",
+ test_RestoreGUID_badmagiconsecret);
+
+ test = torture_rpc_tcase_add_test(tcase, "bad_hash_on_secret_restore_guid",
+ test_RestoreGUID_badhashaccesscheck);
+
+ test = torture_rpc_tcase_add_test(tcase, "bad_magic_on_accesscheck_restore_guid",
+ test_RestoreGUID_badmagicaccesscheck);
+ test = torture_rpc_tcase_add_test(tcase, "bad_cert_guid_restore_guid",
+ test_RestoreGUID_badcertguid);
+ test = torture_rpc_tcase_add_test(tcase, "empty_request_restore_guid",
+ test_RestoreGUID_emptyrequest);
+ test = torture_rpc_tcase_add_test(tcase, "empty_request_restore_guid",
+ test_RestoreGUID_emptyrequest);
+
+ return suite;
+}