RPC-SCHANNEL: test netr_LogonGetCapability

metze

diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c
index 35f1a5942f78f5710f8da168ce23a53a9f36cae2..c72a07598e618e19214e31483e61b94bc6caac33 100644 (file)
--- a/source4/torture/rpc/netlogon.c
+++ b/source4/torture/rpc/netlogon.c
@@ -764,6 +764,60 @@ bool test_netlogon_ops(struct dcerpc_pipe *p, struct torture_context *tctx,
        return true;
 }
 
+/*
+  try a netlogon GetCapabilities
+*/
+bool test_netlogon_capabilities(struct dcerpc_pipe *p, struct torture_context *tctx,
+                               struct cli_credentials *credentials,
+                               struct netlogon_creds_CredentialState *creds)
+{
+       NTSTATUS status;
+       struct netr_LogonGetCapabilities r;
+       union netr_Capabilities capabilities;
+       struct netr_Authenticator auth, return_auth;
+       struct netlogon_creds_CredentialState tmp_creds;
+
+       r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+       r.in.computer_name = cli_credentials_get_workstation(credentials);
+       r.in.credential = &auth;
+       r.in.return_authenticator = &return_auth;
+       r.in.query_level = 1;
+       r.out.capabilities = &capabilities;
+       r.out.return_authenticator = &return_auth;
+
+       torture_comment(tctx, "Testing LogonGetCapabilities\n");
+
+       ZERO_STRUCT(return_auth);
+
+       /*
+        * we need to operate on a temporary copy of creds
+        * because dcerpc_netr_LogonGetCapabilities was
+        * dcerpc_netr_DummyFunction and returns NT_STATUS_NOT_IMPLEMENTED
+        * without looking a the authenticator.
+        */
+       tmp_creds = *creds;
+       netlogon_creds_client_authenticator(&tmp_creds, &auth);
+
+       status = dcerpc_netr_LogonGetCapabilities(p, tctx, &r);
+       if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)) {
+               return true;
+       }
+
+       *creds = tmp_creds;
+
+       torture_assert_ntstatus_ok(tctx, status, "LogonGetCapabilities failed");
+
+       torture_assert(tctx, netlogon_creds_client_check(creds,
+                                                        &r.out.return_authenticator->cred),
+                      "Credential chaining failed");
+
+       torture_assert_int_equal(tctx, creds->negotiate_flags,
+                                capabilities.server_capabilities,
+                                "negitiate flags");
+
+       return true;
+}
+
 /*
   try a netlogon SamLogon
 */

diff --git a/source4/torture/rpc/schannel.c b/source4/torture/rpc/schannel.c
index c88a95632b6db77af81642e9742b89817874d441..99e6db1b60d44354d24f964f83e1f9f51a9f548d 100644 (file)
--- a/source4/torture/rpc/schannel.c
+++ b/source4/torture/rpc/schannel.c
@@ -310,6 +310,10 @@ static bool test_schannel(struct torture_context *tctx,
        status = dcerpc_schannel_creds(p_netlogon->conn->security_state.generic_state, tctx, &creds);
        torture_assert_ntstatus_ok(tctx, status, "schannel creds");
 
+       /* checks the capabilities */
+       torture_assert(tctx, test_netlogon_capabilities(p_netlogon, tctx, credentials, creds),
+                      "Failed to process schannel secured capability ops (on fresh connection)");
+
        /* do a couple of logins */
        torture_assert(tctx, test_netlogon_ops(p_netlogon, tctx, credentials, creds),
                "Failed to process schannel secured NETLOGON ops");
@@ -374,7 +378,11 @@ static bool test_schannel(struct torture_context *tctx,
                                  NULL);
 
        torture_assert_ntstatus_ok(tctx, status, "auth failed");
-       
+
+       /* checks the capabilities */
+       torture_assert(tctx, test_netlogon_capabilities(p_netlogon2, tctx, credentials, creds),
+                      "Failed to process schannel secured capability ops (on fresh connection)");
+
        /* Try the schannel-only SamLogonEx operation */
        torture_assert(tctx, test_netlogon_ex_ops(p_netlogon2, tctx, credentials, creds), 
                       "Failed to process schannel secured NETLOGON EX ops (on fresh connection)");