summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2003-12-02 02:15:33 +0000
committerAndrew Tridgell <tridge@samba.org>2003-12-02 02:15:33 +0000
commit2e70035f87ebcdfbdc3cf8d05cd89d4eeeebc16c (patch)
tree219ed20ba826cc8963481d98e18759b63d294dc0
parent06ae42483582ee76c3f6848697cf61cc142dd86a (diff)
downloadsamba-2e70035f87ebcdfbdc3cf8d05cd89d4eeeebc16c.tar.gz
samba-2e70035f87ebcdfbdc3cf8d05cd89d4eeeebc16c.tar.bz2
samba-2e70035f87ebcdfbdc3cf8d05cd89d4eeeebc16c.zip
another big improvement in the credentials API. I think it now
actually makes sense, and as a nice side effect it matches the debug output of the w2k3 netlogon.log (This used to be commit 3c7287c24e5970e5b7447ad042848505537c7d3b)
-rw-r--r--source4/libcli/auth/credentials.c111
-rw-r--r--source4/librpc/idl/netlogon.idl285
-rw-r--r--source4/torture/rpc/netlogon.c32
3 files changed, 285 insertions, 143 deletions
diff --git a/source4/libcli/auth/credentials.c b/source4/libcli/auth/credentials.c
index 1749037e8f..5814053d5f 100644
--- a/source4/libcli/auth/credentials.c
+++ b/source4/libcli/auth/credentials.c
@@ -28,11 +28,10 @@
this call is made after the netr_ServerReqChallenge call
*/
-void creds_init(struct netr_CredentialState *creds,
- const struct netr_Credential *client_challenge,
- const struct netr_Credential *server_challenge,
- const uint8 machine_password[16],
- struct netr_Credential *initial_creds)
+static void creds_init(struct netr_CredentialState *creds,
+ const struct netr_Credential *client_challenge,
+ const struct netr_Credential *server_challenge,
+ const uint8 machine_password[16])
{
struct netr_Credential time_cred;
uint32 sum[2];
@@ -46,36 +45,82 @@ void creds_init(struct netr_CredentialState *creds,
cred_hash1(creds->session_key, sum2, machine_password);
- creds->sequence = 0;
+ creds->sequence = time(NULL);
SIVAL(time_cred.data, 0, IVAL(client_challenge->data, 0));
SIVAL(time_cred.data, 4, IVAL(client_challenge->data, 4));
+ cred_hash2(creds->client.data, time_cred.data, creds->session_key);
- cred_hash2(creds->cred2.data, time_cred.data, creds->session_key);
+ SIVAL(time_cred.data, 0, IVAL(server_challenge->data, 0));
+ SIVAL(time_cred.data, 4, IVAL(server_challenge->data, 4));
+ cred_hash2(creds->server.data, time_cred.data, creds->session_key);
- creds->cred1 = *server_challenge;
+ creds->seed = creds->client;
+}
+
+
+/*
+ step the credentials to the next element in the chain
+*/
+static void creds_step(struct netr_CredentialState *creds)
+{
+ struct netr_Credential time_cred;
+
+ creds->sequence += 2;
+
+ DEBUG(5,("\tseed %08x:%08x\n",
+ IVAL(creds->seed.data, 0), IVAL(creds->seed.data, 4)));
+
+ SIVAL(time_cred.data, 0, IVAL(creds->seed.data, 0) + creds->sequence);
+ SIVAL(time_cred.data, 4, IVAL(creds->seed.data, 4));
+
+ DEBUG(5,("\tseed+time %08x:%08x\n", IVAL(time_cred.data, 0), IVAL(time_cred.data, 4)));
+
+ cred_hash2(creds->client.data, time_cred.data, creds->session_key);
+
+ DEBUG(5,("\tCLIENT %08x:%08x\n",
+ IVAL(creds->client.data, 0), IVAL(creds->client.data, 4)));
+
+ SIVAL(time_cred.data, 0, IVAL(creds->seed.data, 0) + creds->sequence + 1);
+ SIVAL(time_cred.data, 4, IVAL(creds->seed.data, 4));
+
+ DEBUG(5,("\tseed+time+1 %08x:%08x\n",
+ IVAL(time_cred.data, 0), IVAL(time_cred.data, 4)));
+
+ cred_hash2(creds->server.data, time_cred.data, creds->session_key);
- *initial_creds = creds->cred2;
+ DEBUG(5,("\tSERVER %08x:%08x\n",
+ IVAL(creds->server.data, 0), IVAL(creds->server.data, 4)));
+
+ creds->seed = time_cred;
}
/*
- check that a credentials reply is correct
+ initialise the credentials chain and return the first client
+ credentials
*/
-BOOL creds_check(struct netr_CredentialState *creds,
- const struct netr_Credential *received_credentials)
+void creds_client_init(struct netr_CredentialState *creds,
+ const struct netr_Credential *client_challenge,
+ const struct netr_Credential *server_challenge,
+ const uint8 machine_password[16],
+ struct netr_Credential *initial_credential)
{
- struct netr_Credential cred2, time_cred;
- uint32 sequence = creds->sequence?creds->sequence+1:0;
+ creds_init(creds, client_challenge, server_challenge, machine_password);
+
+ *initial_credential = creds->client;
+}
- SIVAL(time_cred.data, 0, IVAL(creds->cred1.data, 0) + sequence);
- SIVAL(time_cred.data, 4, IVAL(creds->cred1.data, 4));
- cred_hash2(cred2.data, time_cred.data, creds->session_key);
- if (memcmp(received_credentials->data, cred2.data, 8) != 0) {
+/*
+ check that a credentials reply from a server is correct
+*/
+BOOL creds_client_check(struct netr_CredentialState *creds,
+ const struct netr_Credential *received_credentials)
+{
+ if (memcmp(received_credentials->data, creds->server.data, 8) != 0) {
DEBUG(2,("credentials check failed\n"));
return False;
}
-
return True;
}
@@ -83,30 +128,12 @@ BOOL creds_check(struct netr_CredentialState *creds,
produce the next authenticator in the sequence ready to send to
the server
*/
-void creds_authenticator(struct netr_CredentialState *creds,
- struct netr_Authenticator *next)
+void creds_client_authenticator(struct netr_CredentialState *creds,
+ struct netr_Authenticator *next)
{
- struct netr_Credential cred2;
- struct netr_Credential time_cred;
-
- if (creds->sequence == 0) {
- creds->sequence = time(NULL);
- }
-
- /* this step size is quite arbitrary - the client can choose
- any sequence number it likes */
- creds->sequence += 2;
-
- creds->cred1 = creds->cred2;
-
- SIVAL(time_cred.data, 0, IVAL(creds->cred2.data, 0) + creds->sequence);
- SIVAL(time_cred.data, 4, IVAL(creds->cred2.data, 4));
-
- cred_hash2(cred2.data, time_cred.data, creds->session_key);
-
- creds->cred2 = cred2;
+ creds_step(creds);
- next->cred = creds->cred2;
+ next->cred = creds->client;
next->timestamp = creds->sequence;
}
@@ -114,7 +141,7 @@ void creds_authenticator(struct netr_CredentialState *creds,
/*
encrypt a 16 byte password buffer using the session key
*/
-void creds_encrypt(struct netr_CredentialState *creds, struct netr_Password *pass)
+void creds_client_encrypt(struct netr_CredentialState *creds, struct netr_Password *pass)
{
struct netr_Password tmp;
cred_hash3(tmp.data, pass->data, creds->session_key, 1);
diff --git a/source4/librpc/idl/netlogon.idl b/source4/librpc/idl/netlogon.idl
index 6dd7ae3fe5..5d30b51157 100644
--- a/source4/librpc/idl/netlogon.idl
+++ b/source4/librpc/idl/netlogon.idl
@@ -71,8 +71,9 @@ interface netlogon
typedef [flag(NDR_PAHEX)] struct {
uint8 session_key[8];
uint32 sequence;
- netr_Credential cred1;
- netr_Credential cred2;
+ netr_Credential seed;
+ netr_Credential client;
+ netr_Credential server;
} netr_CredentialState;
typedef struct {
@@ -229,6 +230,10 @@ interface netlogon
[out] uint32 authoritative
);
+
+ /*****************/
+ /* Function 0x03 */
+
NTSTATUS netr_LogonSamLogoff(
[in] unistr *server_name,
[in] unistr *computer_name,
@@ -238,13 +243,22 @@ interface netlogon
[in] [switch_is(logon_level)] netr_LogonLevel logon
);
- WERROR netr_ServerReqChallenge(
+
+
+ /*****************/
+ /* Function 0x04 */
+
+ NTSTATUS netr_ServerReqChallenge(
[in] unistr *server_name,
[in] unistr computer_name,
[in][out] netr_Credential credentials
);
- WERROR netr_ServerAuthenticate(
+
+ /*****************/
+ /* Function 0x05 */
+
+ NTSTATUS netr_ServerAuthenticate(
[in] unistr *server_name,
[in] unistr username,
[in] uint16 secure_challenge_type,
@@ -253,6 +267,9 @@ interface netlogon
);
+ /*****************/
+ /* Function 0x06 */
+
NTSTATUS netr_ServerPasswordSet(
[in] unistr *server_name,
[in] unistr username,
@@ -264,22 +281,28 @@ interface netlogon
);
#if 0
+
+ /*****************/
+ /* Function 0x07 */
+
typedef struct {
unistr *username;
- netr_String dummy1;
- netr_String dummy2;
- netr_String dummy3;
- netr_String dummy4;
- uint32 dummy5;
- uint32 dummy6;
- uint32 dummy7;
- uint32 dummy8;
+ netr_String unknown1;
+ netr_String unknown2;
+ netr_String unknown3;
+ netr_String unknown4;
+ uint32 unknown5;
+ uint32 unknown6;
+ uint32 unknown7;
+ uint32 unknown8;
} DELTA_DELETE_USER;
+
typedef struct {
bool SensitiveDataFlag;
uint32 DataLength;
[size_is(DataLength)] uint8 *SensitiveData;
} USER_PRIVATE_INFO;
+
typedef struct {
netr_String username;
netr_String FullName;
@@ -310,15 +333,16 @@ interface netlogon
USER_PRIVATE_INFO user_private_info;
uint32 SecurityInformation;
LSA_SECURITY_DESCRIPTOR sec_desc;
- netr_String dummy1;
- netr_String dummy2;
- netr_String dummy3;
- netr_String dummy4;
- uint32 dummy5;
- uint32 dummy6;
- uint32 dummy7;
- uint32 dummy8;
+ netr_String unknown1;
+ netr_String unknown2;
+ netr_String unknown3;
+ netr_String unknown4;
+ uint32 unknown5;
+ uint32 unknown6;
+ uint32 unknown7;
+ uint32 unknown8;
} DELTA_USER;
+
typedef struct {
netr_String DomainName;
netr_String OEMInfo;
@@ -331,72 +355,78 @@ interface netlogon
NTTIME domain_create_time;
uint32 SecurityInformation;
LSA_SECURITY_DESCRIPTOR sec_desc;
- netr_String dummy1;
- netr_String dummy2;
- netr_String dummy3;
- netr_String dummy4;
- uint32 dummy5;
- uint32 dummy6;
- uint32 dummy7;
- uint32 dummy8;
+ netr_String unknown1;
+ netr_String unknown2;
+ netr_String unknown3;
+ netr_String unknown4;
+ uint32 unknown5;
+ uint32 unknown6;
+ uint32 unknown7;
+ uint32 unknown8;
} DELTA_DOMAIN;
+
typedef struct {
netr_String groupname;
GROUP_MEMBERSHIP group_membership;
netr_String comment;
uint32 SecurityInformation;
LSA_SECURITY_DESCRIPTOR sec_desc;
- netr_String dummy1;
- netr_String dummy2;
- netr_String dummy3;
- netr_String dummy4;
- uint32 dummy5;
- uint32 dummy6;
- uint32 dummy7;
- uint32 dummy8;
+ netr_String unknown1;
+ netr_String unknown2;
+ netr_String unknown3;
+ netr_String unknown4;
+ uint32 unknown5;
+ uint32 unknown6;
+ uint32 unknown7;
+ uint32 unknown8;
} DELTA_GROUP;
+
typedef struct {
netr_String OldName;
netr_String NewName;
- netr_String dummy1;
- netr_String dummy2;
- netr_String dummy3;
- netr_String dummy4;
- uint32 dummy5;
- uint32 dummy6;
- uint32 dummy7;
- uint32 dummy8;
+ netr_String unknown1;
+ netr_String unknown2;
+ netr_String unknown3;
+ netr_String unknown4;
+ uint32 unknown5;
+ uint32 unknown6;
+ uint32 unknown7;
+ uint32 unknown8;
} DELTA_RENAME;
+
typedef struct {
[size_is(num_rids)] uint32 *rids;
[size_is(num_rids)] uint32 *attribs;
uint32 num_rids;
- uint32 dummy1;
- uint32 dummy2;
- uint32 dummy3;
- uint32 dummy4;
+ uint32 unknown1;
+ uint32 unknown2;
+ uint32 unknown3;
+ uint32 unknown4;
} DELTA_GROUP_MEMBER;
+
typedef struct {
netr_String alias_name;
uint32 rid;
uint32 SecurityInformation;
LSA_SECURITY_DESCRIPTOR sec_desc;
- netr_String dummy1;
- netr_String dummy2;
- netr_String dummy3;
- netr_String dummy4;
- uint32 dummy5;
- uint32 dummy6;
- uint32 dummy7;
- uint32 dummy8;
+ netr_String unknown1;
+ netr_String unknown2;
+ netr_String unknown3;
+ netr_String unknown4;
+ uint32 unknown5;
+ uint32 unknown6;
+ uint32 unknown7;
+ uint32 unknown8;
} DELTA_ALIAS;
+
typedef struct {
SID_ARRAY sids;
- uint32 dummy1;
- uint32 dummy2;
- uint32 dummy3;
- uint32 dummy4;
+ uint32 unknown1;
+ uint32 unknown2;
+ uint32 unknown3;
+ uint32 unknown4;
} DELTA_ALIAS_MEMBER;
+
typedef struct {
uint32 pagedpoollimit;
uint32 nonpagedpoollimit;
@@ -405,6 +435,7 @@ interface netlogon
uint32 pagefilelimit;
NTTIME timelimit;
} QUOTA_LIMITS;
+
typedef struct {
uint32 maxlogsize;
NTTIME auditretentionperiod;
@@ -418,30 +449,32 @@ interface netlogon
NTTIME db_create_time;
uint32 SecurityInformation;
LSA_SECURITY_DESCRIPTOR sec_desc;
- netr_String dummy1;
- netr_String dummy2;
- netr_String dummy3;
- netr_String dummy4;
- uint32 dummy5;
- uint32 dummy6;
- uint32 dummy7;
- uint32 dummy8;
+ netr_String unknown1;
+ netr_String unknown2;
+ netr_String unknown3;
+ netr_String unknown4;
+ uint32 unknown5;
+ uint32 unknown6;
+ uint32 unknown7;
+ uint32 unknown8;
} DELTA_POLICY;
+
typedef struct {
netr_String DomainName;
uint32 num_controllers;
[size_is(num_controllers)] netr_String *controller_names;
uint32 SecurityInformation;
LSA_SECURITY_DESCRIPTOR sec_desc;
- netr_String dummy1;
- netr_String dummy2;
- netr_String dummy3;
- netr_String dummy4;
- uint32 dummy5;
- uint32 dummy6;
- uint32 dummy7;
- uint32 dummy8;
+ netr_String unknown1;
+ netr_String unknown2;
+ netr_String unknown3;
+ netr_String unknown4;
+ uint32 unknown5;
+ uint32 unknown6;
+ uint32 unknown7;
+ uint32 unknown8;
} DELTA_TRUSTED_DOMAINS;
+
typedef struct {
uint32 privilegeentries;
uint32 provolegecontrol;
@@ -450,20 +483,22 @@ interface netlogon
QUOTALIMITS quotalimits;
uint32 SecurityInformation;
LSA_SECURITY_DESCRIPTOR sec_desc;
- netr_String dummy1;
- netr_String dummy2;
- netr_String dummy3;
- netr_String dummy4;
- uint32 dummy5;
- uint32 dummy6;
- uint32 dummy7;
- uint32 dummy8;
+ netr_String unknown1;
+ netr_String unknown2;
+ netr_String unknown3;
+ netr_String unknown4;
+ uint32 unknown5;
+ uint32 unknown6;
+ uint32 unknown7;
+ uint32 unknown8;
} DELTA_ACCOUNTS;
+
typedef struct {
uint32 len;
uint32 maxlen;
[size_is(maxlen)][length_is(len)] uint8 *cipher_data;
} CIPHER_VALUE;
+
typedef struct {
CIPHER_VALUE current_cipher;
NTTIME current_cipher_set_time;
@@ -471,15 +506,16 @@ interface netlogon
NTTIME old_cipher_set_time;
uint32 SecurityInformation;
LSA_SECURITY_DESCRIPTOR sec_desc;
- netr_String dummy1;
- netr_String dummy2;
- netr_String dummy3;
- netr_String dummy4;
- uint32 dummy5;
- uint32 dummy6;
- uint32 dummy7;
- uint32 dummy8;
+ netr_String unknown1;
+ netr_String unknown2;
+ netr_String unknown3;
+ netr_String unknown4;
+ uint32 unknown5;
+ uint32 unknown6;
+ uint32 unknown7;
+ uint32 unknown8;
} DELTA_SECRET;
+
typedef struct {
uint32 low_value;
uint32 high_value;
@@ -527,15 +563,19 @@ interface netlogon
[case(20)] uint32 rid;
[case(21)] uint32 rid;
} DELTA_ID_UNION;
+
typedef struct {
uint16 delta_type;
DELTA_ID_UNION delta_id_union;
DELTA_UNION delta_union;
} DELTA_ENUM;
+
typedef struct {
uint32 num_deltas;
[size_is(num_deltas)] DELTA_ENUM *delta_enum;
} DELTA_ENUM_ARRAY;
+
+
WERROR netr_DatabaseDeltas(
[in][string][ref] wchar_t *logonserver, # REF!!!
[in][string][ref] wchar_t *computername,
@@ -546,6 +586,11 @@ interface netlogon
[in] uint32 preferredmaximumlength,
[out] DELTA_ENUM_ARRAY *delta_enum_array
);
+
+
+ /*****************/
+ /* Function 0x08 */
+
WERROR netr_DatabaseSync(
[in][string][ref] wchar_t *logonserver, # REF!!!
[in][string][ref] wchar_t *computername,
@@ -556,11 +601,17 @@ interface netlogon
[in] uint32 preferredmaximumlength,
[out] DELTA_ENUM_ARRAY *delta_enum_array
);
+
+
+ /*****************/
+ /* Function 0x09 */
+
typedef struct {
uint8 computer_name[16];
uint32 timecreated;
uint32 serial_number;
} UAS_INFO_0;
+
WERROR netr_AccountDeltas(
[in][string] wchar_t *logonserver,
[in][string][ref] wchar_t *computername,
@@ -574,6 +625,11 @@ interface netlogon
[in][long] level,
[in][long] buffersize,
);
+
+
+ /*****************/
+ /* Function 0x0A */
+
WERROR netr_AccountSync(
[in][string] wchar_t *logonserver,
[in][string][ref] wchar_t *computername,
@@ -588,21 +644,29 @@ interface netlogon
[in][long] buffersize,
[in][out][ref] UAS_INFO_0 recordid,
);
+
+
+ /*****************/
+ /* Function 0x0B */
+
WERROR netr_GetDcName(
[in] unistr logon_server,
[in] unistr *domainname,
[out]unistr *dcname,
};
+
typedef struct {
uint32 flags;
uint32 pdc_connection_status;
} NETLOGON_INFO_1;
+
typedef struct {
uint32 flags;
uint32 pdc_connection_status;
unistrtrusted_dc_name;
uint32 tc_connection_status;
} NETLOGON_INFO_2;
+
typedef struct {
uint32 flags;
uint32 logon_attempts;
@@ -612,28 +676,45 @@ interface netlogon
uint32 reserved;
uint32 reserved;
} NETLOGON_INFO_3;
+
typedef [switch_type(long)] union {
[case(1)] NETLOGON_INFO_1 *i1;
[case(2)] NETLOGON_INFO_2 *i2;
[case(3)] NETLOGON_INFO_3 *i3;
} CONTROL_QUERY_INFORMATION;
+
+
+ /*****************/
+ /* Function 0x0C */
+
WERROR netr_LogonControl(
[in][string] wchar_t *logonserver,
[in] uint32 function_code,
[in] uint32 level,
[out][ref] CONTROL_QUERY_INFORMATION
);
+
+
+ /*****************/
+ /* Function 0x0D */
+
WERROR netr_GetAnyDCName(
[in] unistr *logon_server,
[in] unistr *domainname,
[out]unistr *dcname,
};
+
typedef [switch_type(long)] union {
[case(5)] unistr *unknown;
[case(6)] unistr *unknown;
[case(0xfffe)] uint32 unknown;
[case(7)] unistry*unknown;
} CONTROL_DATA_INFORMATION;
+
+
+ /*****************/
+ /* Function 0x0E */
+
WERROR netr_LogonControl2(
[in][string] wchar_t *logonserver,
[in] uint32 function_code,
@@ -641,6 +722,11 @@ interface netlogon
[in][ref] CONTROL_DATA_INFORMATION *data,
[out][ref] CONTROL_QUERY_INFORMATION *query
);
+
+
+ /*****************/
+ /* Function 0x0F */
+
WERROR netr_ServerAuthenticate2(
[in][string] wchar_t *logonserver,
[in] unistr username,
@@ -650,6 +736,11 @@ interface netlogon
[out][ref] CREDENTIAL *server_chal,
[in][out][ref] uint32 *negotiate_flags,
);
+
+
+ /*****************/
+ /* Function 0x10 */
+
WERROR netr_DatabaseSync2(
[in][string][ref] wchar_t *logonserver, # REF!!!
[in][string][ref] wchar_t *computername,
@@ -661,6 +752,11 @@ interface netlogon
[in] uint32 preferredmaximumlength,
[out] DELTA_ENUM_ARRAY *delta_enum_array
);
+
+
+ /*****************/
+ /* Function 0x11 */
+
WERROR netr_DatabaseRedo(
[in][string][ref] wchar_t *logonserver, # REF!!!
[in][string][ref] wchar_t *computername,
@@ -670,6 +766,11 @@ interface netlogon
[in] uint32 change_log_entry_size,
[out] DELTA_ENUM_ARRAY *delta_enum_array
);
+
+
+ /*****************/
+ /* Function 0x12 */
+
WERROR netr_LogonControl2Ex(
[in][string] wchar_t *logonserver,
[in] uint32 function_code,
diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c
index bef658e92f..354a516884 100644
--- a/source4/torture/rpc/netlogon.c
+++ b/source4/torture/rpc/netlogon.c
@@ -94,8 +94,8 @@ static BOOL test_SetupCredentials(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
E_md4hash(plain_pass, mach_pwd);
- creds_init(creds, &r.in.credentials, &r.out.credentials, mach_pwd,
- &a.in.credentials);
+ creds_client_init(creds, &r.in.credentials, &r.out.credentials, mach_pwd,
+ &a.in.credentials);
a.in.server_name = NULL;
a.in.username = talloc_asprintf(mem_ctx, "%s$", lp_netbios_name());
@@ -110,7 +110,7 @@ static BOOL test_SetupCredentials(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
return False;
}
- if (!creds_check(creds, &a.out.credentials)) {
+ if (!creds_client_check(creds, &a.out.credentials)) {
printf("Credential chaining failed\n");
return False;
}
@@ -152,7 +152,7 @@ static BOOL test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
ZERO_STRUCT(auth2);
- creds_authenticator(&creds, &auth);
+ creds_client_authenticator(&creds, &auth);
r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
r.in.workstation = lp_netbios_name();
@@ -170,7 +170,7 @@ static BOOL test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
return False;
}
- if (!creds_check(&creds, &r.out.authenticator->cred)) {
+ if (!creds_client_check(&creds, &r.out.authenticator->cred)) {
printf("Credential chaining failed\n");
}
@@ -192,8 +192,6 @@ static BOOL test_SetPassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
return False;
}
- creds_authenticator(&creds, &r.in.credential);
-
r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
r.in.username = talloc_asprintf(mem_ctx, "%s$", lp_netbios_name());
r.in.secure_challenge_type = 2;
@@ -202,10 +200,12 @@ static BOOL test_SetPassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
password = generate_random_str(8);
E_md4hash(password, r.in.new_password.data);
- creds_encrypt(&creds, &r.in.new_password);
+ creds_client_encrypt(&creds, &r.in.new_password);
printf("Testing ServerPasswordSet on machine account\n");
+ creds_client_authenticator(&creds, &r.in.credential);
+
status = dcerpc_netr_ServerPasswordSet(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
printf("ServerPasswordSet - %s\n", nt_errstr(status));
@@ -216,7 +216,21 @@ static BOOL test_SetPassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
printf("Failed to save machine password\n");
}
- if (!creds_check(&creds, &r.out.return_authenticator.cred)) {
+ if (!creds_client_check(&creds, &r.out.return_authenticator.cred)) {
+ printf("Credential chaining failed\n");
+ }
+
+ printf("Testing a second ServerPasswordSet on machine account\n");
+
+ creds_client_authenticator(&creds, &r.in.credential);
+
+ status = dcerpc_netr_ServerPasswordSet(p, mem_ctx, &r);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("ServerPasswordSet - %s\n", nt_errstr(status));
+ return False;
+ }
+
+ if (!creds_client_check(&creds, &r.out.return_authenticator.cred)) {
printf("Credential chaining failed\n");
}