From: Stefan Metzmacher <metze@samba.org>
Date: Sat, 19 Sep 2009 19:14:17 +0000 (+0200)
Subject: s4-torture: Test rpc schannel netr_LogonGetCapability.
X-Git-Url: http://git.samba.org/?p=mat%2Fsamba.git;a=commitdiff_plain;h=2f5e9aae860b55203c3efd2e558cd27e00f734ed

s4-torture: Test rpc schannel netr_LogonGetCapability.

metze
---

diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c
index 0fe594cf7e..d60b2e3c18 100644
--- a/source4/torture/rpc/netlogon.c
+++ b/source4/torture/rpc/netlogon.c
@@ -884,6 +884,60 @@ bool test_netlogon_ops(struct dcerpc_pipe *p, struct torture_context *tctx,
 	return test_netlogon_ops_args(p, tctx, credentials, creds, false);
 }
 
+/*
+  try a netlogon GetCapabilities
+*/
+bool test_netlogon_capabilities(struct dcerpc_pipe *p, struct torture_context *tctx,
+				struct cli_credentials *credentials,
+				struct netlogon_creds_CredentialState *creds)
+{
+	NTSTATUS status;
+	struct netr_LogonGetCapabilities r;
+	union netr_Capabilities capabilities;
+	struct netr_Authenticator auth, return_auth;
+	struct netlogon_creds_CredentialState tmp_creds;
+	struct dcerpc_binding_handle *b = p->binding_handle;
+
+	r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.computer_name = cli_credentials_get_workstation(credentials);
+	r.in.credential = &auth;
+	r.in.return_authenticator = &return_auth;
+	r.in.query_level = 1;
+	r.out.capabilities = &capabilities;
+	r.out.return_authenticator = &return_auth;
+
+	torture_comment(tctx, "Testing LogonGetCapabilities\n");
+
+	ZERO_STRUCT(return_auth);
+
+	/*
+	 * we need to operate on a temporary copy of creds
+	 * because dcerpc_netr_LogonGetCapabilities was
+	 * dcerpc_netr_DummyFunction and returns NT_STATUS_NOT_IMPLEMENTED
+	 * without looking a the authenticator.
+	 */
+	tmp_creds = *creds;
+	netlogon_creds_client_authenticator(&tmp_creds, &auth);
+
+	status = dcerpc_netr_LogonGetCapabilities_r(b, tctx, &r);
+	torture_assert_ntstatus_ok(tctx, status, "LogonGetCapabilities failed");
+	if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_NOT_IMPLEMENTED)) {
+		return true;
+	}
+
+	*creds = tmp_creds;
+
+	torture_assert(tctx, netlogon_creds_client_check(creds,
+							 &r.out.return_authenticator->cred),
+		       "Credential chaining failed");
+
+	torture_assert_int_equal(tctx, creds->negotiate_flags,
+				 capabilities.server_capabilities,
+				 "negotiate flags");
+
+	return true;
+}
+
 /*
   try a netlogon SamLogon
 */
diff --git a/source4/torture/rpc/schannel.c b/source4/torture/rpc/schannel.c
index dff9fe7055..30b8a1d1ae 100644
--- a/source4/torture/rpc/schannel.c
+++ b/source4/torture/rpc/schannel.c
@@ -312,6 +312,10 @@ static bool test_schannel(struct torture_context *tctx,
 	status = dcerpc_schannel_creds(p_netlogon->conn->security_state.generic_state, tctx, &creds);
 	torture_assert_ntstatus_ok(tctx, status, "schannel creds");
 
+	/* checks the capabilities */
+	torture_assert(tctx, test_netlogon_capabilities(p_netlogon, tctx, credentials, creds),
+		       "Failed to process schannel secured capability ops (on fresh connection)");
+
 	/* do a couple of logins */
 	torture_assert(tctx, test_netlogon_ops(p_netlogon, tctx, credentials, creds),
 		"Failed to process schannel secured NETLOGON ops");
@@ -391,6 +395,10 @@ static bool test_schannel(struct torture_context *tctx,
 
 	torture_assert_ntstatus_ok(tctx, status, "auth failed");
 
+	/* checks the capabilities */
+	torture_assert(tctx, test_netlogon_capabilities(p_netlogon2, tctx, credentials, creds),
+		       "Failed to process schannel secured capability ops (on fresh connection)");
+
 	/* Try the schannel-only SamLogonEx operation */
 	torture_assert(tctx, test_netlogon_ex_ops(p_netlogon2, tctx, credentials, creds),
 		       "Failed to process schannel secured NETLOGON EX ops (on fresh connection)");