diff options
author | Andrew Bartlett <abartlet@samba.org> | 2008-05-21 12:37:36 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2008-05-21 12:37:36 +1000 |
commit | f67156fc920b9a5c84c4fcaf1bf41640ddae6005 (patch) | |
tree | f02f96e7e94448b4597426734afd3d71bdfae0d7 | |
parent | fdec7fdaf5d4150e14311d9b3bb2da7358a407ff (diff) | |
download | samba-f67156fc920b9a5c84c4fcaf1bf41640ddae6005.tar.gz samba-f67156fc920b9a5c84c4fcaf1bf41640ddae6005.tar.bz2 samba-f67156fc920b9a5c84c4fcaf1bf41640ddae6005.zip |
Extend the 'netlogon' CLDAP and NBT implementation.
This now handles checking if the user exists, including validating the
ACB mask on the user.
This would be a nasty security hole, if Kerberos did not already
expose this information anonymously...
Andrew Bartlett
(This used to be commit 441b286c00f9a7743cdefeb243545bdbd2c94c5e)
-rw-r--r-- | source4/cldap_server/netlogon.c | 60 | ||||
-rw-r--r-- | source4/nbt_server/dgram/netlogon.c | 2 | ||||
-rw-r--r-- | source4/torture/ldap/cldap.c | 22 | ||||
-rw-r--r-- | source4/torture/nbt/dgram.c | 276 |
4 files changed, 329 insertions, 31 deletions
diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index b2a034d5a4..bca965781a 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -46,6 +46,7 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, struct dom_sid *domain_sid, const char *domain_guid, const char *user, + uint32_t acct_control, const char *src_address, uint32_t version, struct loadparm_context *lp_ctx, @@ -53,7 +54,8 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, { const char *ref_attrs[] = {"nETBIOSName", "dnsRoot", "ncName", NULL}; const char *dom_attrs[] = {"objectGUID", NULL}; - struct ldb_result *ref_res = NULL, *dom_res = NULL; + const char *none_attrs[] = {NULL}; + struct ldb_result *ref_res = NULL, *dom_res = NULL, *user_res = NULL; int ret; const char **services = lp_server_services(lp_ctx); uint32_t server_type; @@ -68,6 +70,7 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, const char *pdc_ip; struct ldb_dn *partitions_basedn; struct interface *ifaces; + bool user_known; partitions_basedn = samdb_partitions_dn(sam_ctx, mem_ctx); @@ -201,6 +204,7 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, } } + if ((ref_res == NULL || ref_res->count == 0)) { DEBUG(2,("Unable to find domain reference with name %s or GUID {%s}\n", domain, domain_guid)); return NT_STATUS_NO_SUCH_DOMAIN; @@ -211,6 +215,44 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, return NT_STATUS_NO_SUCH_DOMAIN; } + /* work around different inputs for not-specified users */ + if (!user) { + user = ""; + } + + /* Enquire about any valid username with just a CLDAP packet - + * if kerberos didn't also do this, the security folks would + * scream... */ + if (user[0]) { \ + /* Only allow some bits to be enquired: [MS-ATDS] 7.3.3.2 */ + if (acct_control == (uint32_t)-1) { + acct_control = 0; + } + acct_control = acct_control & (ACB_TEMPDUP | ACB_NORMAL | ACB_DOMTRUST | ACB_WSTRUST | ACB_SVRTRUST); + + /* We must exclude disabled accounts, but otherwise do the bitwise match the client asked for */ + ret = ldb_search_exp_fmt(sam_ctx, mem_ctx, &user_res, + dom_res->msgs[0]->dn, LDB_SCOPE_SUBTREE, + none_attrs, + "(&(objectClass=user)(samAccountName=%s)" + "(!(userAccountControl:" LDB_OID_COMPARATOR_AND ":=%u))" + "(userAccountControl:" LDB_OID_COMPARATOR_OR ":=%u))", + user, UF_ACCOUNTDISABLE, samdb_acb2uf(acct_control)); + if (ret != LDB_SUCCESS) { + DEBUG(2,("Unable to find referece to user '%s' with ACB 0x%8x under %s: %s\n", + user, acct_control, ldb_dn_get_linearized(dom_res->msgs[0]->dn), + ldb_errstring(sam_ctx))); + return NT_STATUS_NO_SUCH_USER; + } else if (user_res->count == 1) { + user_known = true; + } else { + user_known = false; + } + + } else { + user_known = true; + } + server_type = NBT_SERVER_DS | NBT_SERVER_TIMESERV | NBT_SERVER_CLOSEST | NBT_SERVER_WRITABLE | @@ -250,13 +292,13 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, ZERO_STRUCTP(netlogon); - if (version & NETLOGON_NT_VERSION_5EX) { + /* check if either of these bits is present */ + if (version & (NETLOGON_NT_VERSION_5EX|NETLOGON_NT_VERSION_5EX_WITH_IP)) { uint32_t extra_flags = 0; netlogon->ntver = NETLOGON_NT_VERSION_5EX; /* could check if the user exists */ - if (!user) { - user = ""; + if (user_known) { netlogon->nt5_ex.command = LOGON_SAM_LOGON_RESPONSE_EX; } else { netlogon->nt5_ex.command = LOGON_SAM_LOGON_USER_UNKNOWN_EX; @@ -277,7 +319,7 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, extra_flags = NETLOGON_NT_VERSION_5EX_WITH_IP; netlogon->nt5_ex.sockaddr.sa_family = 2; netlogon->nt5_ex.sockaddr.pdc_ip = pdc_ip; - netlogon->nt5_ex.sockaddr.remaining = data_blob(NULL, 4); + netlogon->nt5_ex.sockaddr.remaining = data_blob_talloc(mem_ctx, NULL, 4); } netlogon->nt5_ex.nt_version = NETLOGON_NT_VERSION_1|NETLOGON_NT_VERSION_5EX|extra_flags; netlogon->nt5_ex.lmnt_token = 0xFFFF; @@ -287,8 +329,7 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, netlogon->ntver = NETLOGON_NT_VERSION_5; /* could check if the user exists */ - if (!user) { - user = ""; + if (user_known) { netlogon->nt5.command = LOGON_SAM_LOGON_RESPONSE; } else { netlogon->nt5.command = LOGON_SAM_LOGON_USER_UNKNOWN; @@ -309,8 +350,7 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, } else /* (version & NETLOGON_NT_VERSION_1) and all other cases */ { netlogon->ntver = NETLOGON_NT_VERSION_1; /* could check if the user exists */ - if (!user) { - user = ""; + if (user_known) { netlogon->nt4.command = LOGON_SAM_LOGON_RESPONSE; } else { netlogon->nt4.command = LOGON_SAM_LOGON_USER_UNKNOWN; @@ -406,7 +446,7 @@ void cldapd_netlogon_request(struct cldap_socket *cldap, domain, host, user, version, domain_guid)); status = fill_netlogon_samlogon_response(cldapd->samctx, tmp_ctx, domain, NULL, NULL, domain_guid, - user, src->addr, + user, acct_control, src->addr, version, cldapd->task->lp_ctx, &netlogon); if (!NT_STATUS_IS_OK(status)) { goto failed; diff --git a/source4/nbt_server/dgram/netlogon.c b/source4/nbt_server/dgram/netlogon.c index 664cd56636..5e263a5854 100644 --- a/source4/nbt_server/dgram/netlogon.c +++ b/source4/nbt_server/dgram/netlogon.c @@ -139,7 +139,7 @@ static void nbtd_netlogon_samlogon(struct dgram_mailslot_handler *dgmslot, } status = fill_netlogon_samlogon_response(samctx, packet, NULL, name->name, sid, NULL, - netlogon->req.logon.user_name, src->addr, + netlogon->req.logon.user_name, netlogon->req.logon.acct_control, src->addr, netlogon->req.logon.nt_version, iface->nbtsrv->task->lp_ctx, &netlogon_response.samlogon); if (!NT_STATUS_IS_OK(status)) { DEBUG(2,("NBT netlogon query failed domain=%s sid=%s version=%d - %s\n", diff --git a/source4/torture/ldap/cldap.c b/source4/torture/ldap/cldap.c index a77920d4e6..5d4acd581b 100644 --- a/source4/torture/ldap/cldap.c +++ b/source4/torture/ldap/cldap.c @@ -144,18 +144,38 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) CHECK_STATUS(status, NT_STATUS_NOT_FOUND); printf("Trying with a AAC\n"); - search.in.acct_control = 0x180; + search.in.acct_control = ACB_WSTRUST|ACB_SVRTRUST; search.in.realm = n1.nt5_ex.dns_domain; status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); CHECK_STRING(search.out.netlogon.nt5_ex.user_name, ""); + printf("Trying with a zero AAC\n"); + search.in.acct_control = 0x0; + search.in.realm = n1.nt5_ex.dns_domain; + status = cldap_netlogon(cldap, tctx, &search); + CHECK_STATUS(status, NT_STATUS_OK); + CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); + CHECK_STRING(search.out.netlogon.nt5_ex.user_name, ""); + + printf("Trying with a zero AAC and user=Administrator\n"); + search.in.acct_control = 0x0; + search.in.user = "Administrator"; + search.in.realm = n1.nt5_ex.dns_domain; + status = cldap_netlogon(cldap, tctx, &search); + CHECK_STATUS(status, NT_STATUS_OK); + CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX); + CHECK_STRING(search.out.netlogon.nt5_ex.user_name, "Administrator"); + printf("Trying with a bad AAC\n"); + search.in.user = NULL; search.in.acct_control = 0xFF00FF00; search.in.realm = n1.nt5_ex.dns_domain; status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); + CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); + CHECK_STRING(search.out.netlogon.nt5_ex.user_name, ""); printf("Trying with a user only\n"); search = empty_search; diff --git a/source4/torture/nbt/dgram.c b/source4/torture/nbt/dgram.c index 2bc3d3d75e..66a3d142db 100644 --- a/source4/torture/nbt/dgram.c +++ b/source4/torture/nbt/dgram.c @@ -42,19 +42,24 @@ static void netlogon_handler(struct dgram_mailslot_handler *dgmslot, struct socket_address *src) { NTSTATUS status; - struct nbt_netlogon_response netlogon; - int *replies = (int *)dgmslot->private; + struct nbt_netlogon_response *netlogon = dgmslot->private; + dgmslot->private = netlogon = talloc(dgmslot, struct nbt_netlogon_response); + + if (!dgmslot->private) { + return; + } + printf("netlogon reply from %s:%d\n", src->addr, src->port); - status = dgram_mailslot_netlogon_parse_response(dgmslot, dgmslot, packet, &netlogon); + /* Fills in the netlogon pointer */ + status = dgram_mailslot_netlogon_parse_response(dgmslot, netlogon, packet, netlogon); if (!NT_STATUS_IS_OK(status)) { printf("Failed to parse netlogon packet from %s:%d\n", src->addr, src->port); return; } - - (*replies)++; + } @@ -67,10 +72,10 @@ static bool nbt_test_netlogon(struct torture_context *tctx) struct socket_address *dest; const char *myaddress; struct nbt_netlogon_packet logon; + struct nbt_netlogon_response *response; struct nbt_name myname; NTSTATUS status; struct timeval tv = timeval_current(); - int replies = 0; struct socket_address *socket_address; @@ -78,7 +83,7 @@ static bool nbt_test_netlogon(struct torture_context *tctx) struct nbt_name name; struct interface *ifaces; - + name.name = lp_workgroup(tctx->lp_ctx); name.type = NBT_NAME_LOGON; name.scope = NULL; @@ -112,7 +117,7 @@ static bool nbt_test_netlogon(struct torture_context *tctx) /* setup a temporary mailslot listener for replies */ dgmslot = dgram_mailslot_temp(dgmsock, NBT_MAILSLOT_GETDC, - netlogon_handler, &replies); + netlogon_handler, NULL); ZERO_STRUCT(logon); logon.command = LOGON_PRIMARY_QUERY; @@ -134,10 +139,17 @@ static bool nbt_test_netlogon(struct torture_context *tctx) &myname, &logon); torture_assert_ntstatus_ok(tctx, status, "Failed to send netlogon request"); - while (timeval_elapsed(&tv) < 5 && replies == 0) { + while (timeval_elapsed(&tv) < 5 && !dgmslot->private) { event_loop_once(dgmsock->event_ctx); } + response = talloc_get_type(dgmslot->private, struct nbt_netlogon_response); + + torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet"); + + torture_assert(tctx, response->response_type == NETLOGON_GET_PDC, "Got incorrect type of netlogon response"); + torture_assert(tctx, response->get_pdc.command == NETLOGON_RESPONSE_FROM_PDC, "Got incorrect netlogon response command"); + return true; } @@ -151,10 +163,10 @@ static bool nbt_test_netlogon2(struct torture_context *tctx) struct socket_address *dest; const char *myaddress; struct nbt_netlogon_packet logon; + struct nbt_netlogon_response *response; struct nbt_name myname; NTSTATUS status; struct timeval tv = timeval_current(); - int replies = 0; struct socket_address *socket_address; @@ -198,7 +210,7 @@ static bool nbt_test_netlogon2(struct torture_context *tctx) /* setup a temporary mailslot listener for replies */ dgmslot = dgram_mailslot_temp(dgmsock, NBT_MAILSLOT_GETDC, - netlogon_handler, &replies); + netlogon_handler, NULL); ZERO_STRUCT(logon); @@ -207,7 +219,7 @@ static bool nbt_test_netlogon2(struct torture_context *tctx) logon.req.logon.computer_name = TEST_NAME; logon.req.logon.user_name = ""; logon.req.logon.mailslot_name = dgmslot->mailslot_name; - logon.req.logon.nt_version = 11; + logon.req.logon.nt_version = NETLOGON_NT_VERSION_5EX_WITH_IP|NETLOGON_NT_VERSION_5|NETLOGON_NT_VERSION_1; logon.req.logon.lmnt_token = 0xFFFF; logon.req.logon.lm20_token = 0xFFFF; @@ -222,10 +234,23 @@ static bool nbt_test_netlogon2(struct torture_context *tctx) &myname, &logon); torture_assert_ntstatus_ok(tctx, status, "Failed to send netlogon request"); - while (timeval_elapsed(&tv) < 5 && replies == 0) { + while (timeval_elapsed(&tv) < 5 && dgmslot->private == NULL) { event_loop_once(dgmsock->event_ctx); } + response = talloc_get_type(dgmslot->private, struct nbt_netlogon_response); + + torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet"); + + torture_assert_int_equal(tctx, response->response_type, NETLOGON_SAMLOGON, "Got incorrect type of netlogon response"); + map_netlogon_samlogon_response(&response->samlogon); + + torture_assert_int_equal(tctx, response->samlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX, "Got incorrect netlogon response command"); + + /* setup (another) temporary mailslot listener for replies */ + dgmslot = dgram_mailslot_temp(dgmsock, NBT_MAILSLOT_GETDC, + netlogon_handler, NULL); + ZERO_STRUCT(logon); logon.command = LOGON_SAM_LOGON_REQUEST; logon.req.logon.request_count = 0; @@ -247,15 +272,109 @@ static bool nbt_test_netlogon2(struct torture_context *tctx) &myname, &logon); torture_assert_ntstatus_ok(tctx, status, "Failed to send netlogon request"); - while (timeval_elapsed(&tv) < 5 && replies == 0) { + while (timeval_elapsed(&tv) < 5 && dgmslot->private == NULL) { event_loop_once(dgmsock->event_ctx); } + response = talloc_get_type(dgmslot->private, struct nbt_netlogon_response); + + torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet"); + + torture_assert_int_equal(tctx, response->response_type, NETLOGON_SAMLOGON, "Got incorrect type of netlogon response"); + map_netlogon_samlogon_response(&response->samlogon); + + torture_assert_int_equal(tctx, response->samlogon.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN, "Got incorrect netlogon response command"); + + torture_assert_str_equal(tctx, response->samlogon.nt5_ex.user_name, TEST_NAME"$", "Got incorrect user in netlogon response"); + join_ctx = torture_join_domain(tctx, TEST_NAME, ACB_WSTRUST, &machine_credentials); dom_sid = torture_join_sid(join_ctx); + /* setup (another) temporary mailslot listener for replies */ + dgmslot = dgram_mailslot_temp(dgmsock, NBT_MAILSLOT_GETDC, + netlogon_handler, NULL); + + ZERO_STRUCT(logon); + logon.command = LOGON_SAM_LOGON_REQUEST; + logon.req.logon.request_count = 0; + logon.req.logon.computer_name = TEST_NAME; + logon.req.logon.user_name = TEST_NAME"$"; + logon.req.logon.mailslot_name = dgmslot->mailslot_name; + logon.req.logon.sid = *dom_sid; + logon.req.logon.nt_version = 1; + logon.req.logon.lmnt_token = 0xFFFF; + logon.req.logon.lm20_token = 0xFFFF; + + make_nbt_name_client(&myname, TEST_NAME); + + dest = socket_address_from_strings(dgmsock, dgmsock->sock->backend_name, + address, lp_dgram_port(tctx->lp_ctx)); + + torture_assert(tctx, dest != NULL, "Error getting address"); + status = dgram_mailslot_netlogon_send(dgmsock, &name, dest, + NBT_MAILSLOT_NETLOGON, + &myname, &logon); + torture_assert_ntstatus_ok(tctx, status, "Failed to send netlogon request"); + + + while (timeval_elapsed(&tv) < 5 && dgmslot->private == NULL) { + event_loop_once(dgmsock->event_ctx); + } + + response = talloc_get_type(dgmslot->private, struct nbt_netlogon_response); + + torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet"); + + torture_assert_int_equal(tctx, response->response_type, NETLOGON_SAMLOGON, "Got incorrect type of netlogon response"); + map_netlogon_samlogon_response(&response->samlogon); + + torture_assert_int_equal(tctx, response->samlogon.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN, "Got incorrect netlogon response command"); + + /* setup (another) temporary mailslot listener for replies */ + dgmslot = dgram_mailslot_temp(dgmsock, NBT_MAILSLOT_GETDC, + netlogon_handler, NULL); + + ZERO_STRUCT(logon); + logon.command = LOGON_SAM_LOGON_REQUEST; + logon.req.logon.request_count = 0; + logon.req.logon.computer_name = TEST_NAME; + logon.req.logon.user_name = TEST_NAME"$"; + logon.req.logon.mailslot_name = dgmslot->mailslot_name; + logon.req.logon.sid = *dom_sid; + logon.req.logon.acct_control = ACB_WSTRUST; + logon.req.logon.nt_version = 1; + logon.req.logon.lmnt_token = 0xFFFF; + logon.req.logon.lm20_token = 0xFFFF; + + make_nbt_name_client(&myname, TEST_NAME); + + dest = socket_address_from_strings(dgmsock, dgmsock->sock->backend_name, + address, lp_dgram_port(tctx->lp_ctx)); + + torture_assert(tctx, dest != NULL, "Error getting address"); + status = dgram_mailslot_netlogon_send(dgmsock, &name, dest, + NBT_MAILSLOT_NETLOGON, + &myname, &logon); + torture_assert_ntstatus_ok(tctx, status, "Failed to send netlogon request"); + + + while (timeval_elapsed(&tv) < 5 && dgmslot->private == NULL) { + event_loop_once(dgmsock->event_ctx); + } + + response = talloc_get_type(dgmslot->private, struct nbt_netlogon_response); + + torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet"); + + torture_assert_int_equal(tctx, response->response_type, NETLOGON_SAMLOGON, "Got incorrect type of netlogon response"); + map_netlogon_samlogon_response(&response->samlogon); + + torture_assert_int_equal(tctx, response->samlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE, "Got incorrect netlogon response command"); + + dgmslot->private = NULL; + ZERO_STRUCT(logon); logon.command = LOGON_SAM_LOGON_REQUEST; logon.req.logon.request_count = 0; @@ -263,6 +382,7 @@ static bool nbt_test_netlogon2(struct torture_context *tctx) logon.req.logon.user_name = TEST_NAME"$"; logon.req.logon.mailslot_name = dgmslot->mailslot_name; logon.req.logon.sid = *dom_sid; + logon.req.logon.acct_control = ACB_NORMAL; logon.req.logon.nt_version = 1; logon.req.logon.lmnt_token = 0xFFFF; logon.req.logon.lm20_token = 0xFFFF; @@ -278,10 +398,20 @@ static bool nbt_test_netlogon2(struct torture_context *tctx) &myname, &logon); torture_assert_ntstatus_ok(tctx, status, "Failed to send netlogon request"); - while (timeval_elapsed(&tv) < 5 && replies == 0) { + + while (timeval_elapsed(&tv) < 5 && dgmslot->private == NULL) { event_loop_once(dgmsock->event_ctx); } + response = talloc_get_type(dgmslot->private, struct nbt_netlogon_response); + + torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet"); + + torture_assert_int_equal(tctx, response->response_type, NETLOGON_SAMLOGON, "Got incorrect type of netlogon response"); + map_netlogon_samlogon_response(&response->samlogon); + + torture_assert_int_equal(tctx, response->samlogon.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN, "Got incorrect netlogon response command"); + torture_leave_domain(join_ctx); return true; } @@ -295,14 +425,15 @@ static bool nbt_test_ntlogon(struct torture_context *tctx) lp_iconv_convenience(tctx->lp_ctx)); struct socket_address *dest; struct test_join *join_ctx; + const struct dom_sid *dom_sid; struct cli_credentials *machine_credentials; const char *myaddress; struct nbt_netlogon_packet logon; + struct nbt_netlogon_response *response; struct nbt_name myname; NTSTATUS status; struct timeval tv = timeval_current(); - int replies = 0; struct socket_address *socket_address; const char *address; @@ -342,13 +473,60 @@ static bool nbt_test_ntlogon(struct torture_context *tctx) join_ctx = torture_join_domain(tctx, TEST_NAME, ACB_WSTRUST, &machine_credentials); + dom_sid = torture_join_sid(join_ctx); + torture_assert(tctx, join_ctx != NULL, talloc_asprintf(tctx, "Failed to join domain %s as %s\n", lp_workgroup(tctx->lp_ctx), TEST_NAME)); /* setup a temporary mailslot listener for replies */ dgmslot = dgram_mailslot_temp(dgmsock, NBT_MAILSLOT_GETDC, - netlogon_handler, &replies); + netlogon_handler, NULL); + + + ZERO_STRUCT(logon); + logon.command = LOGON_SAM_LOGON_REQUEST; + logon.req.logon.request_count = 0; + logon.req.logon.computer_name = TEST_NAME; + logon.req.logon.user_name = TEST_NAME"$"; + logon.req.logon.mailslot_name = dgmslot->mailslot_name; + logon.req.logon.acct_control = ACB_WSTRUST; + /* Try with a SID this time */ + logon.req.logon.sid = *dom_sid; + logon.req.logon.nt_version = 1; + logon.req.logon.lmnt_token = 0xFFFF; + logon.req.logon.lm20_token = 0xFFFF; + + make_nbt_name_client(&myname, TEST_NAME); + + dest = socket_address_from_strings(dgmsock, dgmsock->sock->backend_name, + address, lp_dgram_port(tctx->lp_ctx)); + torture_assert(tctx, dest != NULL, "Error getting address"); + status = dgram_mailslot_netlogon_send(dgmsock, + &name, dest, + NBT_MAILSLOT_NTLOGON, + &myname, &logon); + torture_assert_ntstatus_ok(tctx, status, "Failed to send ntlogon request"); + + while (timeval_elapsed(&tv) < 5 && dgmslot->private == NULL) { + event_loop_once(dgmsock->event_ctx); + } + + response = talloc_get_type(dgmslot->private, struct nbt_netlogon_response); + + torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet"); + + torture_assert_int_equal(tctx, response->response_type, NETLOGON_SAMLOGON, "Got incorrect type of netlogon response"); + map_netlogon_samlogon_response(&response->samlogon); + + torture_assert_int_equal(tctx, response->samlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE, "Got incorrect netlogon response command"); + + torture_assert_str_equal(tctx, response->samlogon.nt5_ex.user_name, TEST_NAME"$", "Got incorrect user in netlogon response"); + + + /* setup a temporary mailslot listener for replies */ + dgmslot = dgram_mailslot_temp(dgmsock, NBT_MAILSLOT_GETDC, + netlogon_handler, NULL); ZERO_STRUCT(logon); @@ -374,10 +552,26 @@ static bool nbt_test_ntlogon(struct torture_context *tctx) &myname, &logon); torture_assert_ntstatus_ok(tctx, status, "Failed to send ntlogon request"); - while (timeval_elapsed(&tv) < 5 && replies == 0) { + while (timeval_elapsed(&tv) < 5 && dgmslot->private == NULL) { event_loop_once(dgmsock->event_ctx); } + response = talloc_get_type(dgmslot->private, struct nbt_netlogon_response); + + torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet"); + + torture_assert_int_equal(tctx, response->response_type, NETLOGON_SAMLOGON, "Got incorrect type of netlogon response"); + map_netlogon_samlogon_response(&response->samlogon); + + torture_assert_int_equal(tctx, response->samlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE, "Got incorrect netlogon response command"); + + torture_assert_str_equal(tctx, response->samlogon.nt5_ex.user_name, TEST_NAME"$", "Got incorrect user in netlogon response"); + + + /* setup (another) temporary mailslot listener for replies */ + dgmslot = dgram_mailslot_temp(dgmsock, NBT_MAILSLOT_GETDC, + netlogon_handler, NULL); + ZERO_STRUCT(logon); logon.command = LOGON_PRIMARY_QUERY; logon.req.pdc.computer_name = TEST_NAME; @@ -398,11 +592,55 @@ static bool nbt_test_ntlogon(struct torture_context *tctx) &myname, &logon); torture_assert_ntstatus_ok(tctx, status, "Failed to send ntlogon request"); - while (timeval_elapsed(&tv) < 5 && replies == 0) { + while (timeval_elapsed(&tv) < 5 && !dgmslot->private) { event_loop_once(dgmsock->event_ctx); } + response = talloc_get_type(dgmslot->private, struct nbt_netlogon_response); + + torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet"); + + torture_assert_int_equal(tctx, response->response_type, NETLOGON_GET_PDC, "Got incorrect type of ntlogon response"); + torture_assert_int_equal(tctx, response->get_pdc.command, NETLOGON_RESPONSE_FROM_PDC, "Got incorrect ntlogon response command"); + torture_leave_domain(join_ctx); + + /* setup (another) temporary mailslot listener for replies */ + dgmslot = dgram_mailslot_temp(dgmsock, NBT_MAILSLOT_GETDC, + netlogon_handler, NULL); + + ZERO_STRUCT(logon); + logon.command = LOGON_PRIMARY_QUERY; + logon.req.pdc.computer_name = TEST_NAME; + logon.req.pdc.mailslot_name = dgmslot->mailslot_name; + logon.req.pdc.unicode_name = TEST_NAME; + logon.req.pdc.nt_version = 1; + logon.req.pdc.lmnt_token = 0xFFFF; + logon.req.pdc.lm20_token = 0xFFFF; + + make_nbt_name_client(&myname, TEST_NAME); + + dest = socket_address_from_strings(dgmsock, dgmsock->sock->backend_name, + address, lp_dgram_port(tctx->lp_ctx)); + torture_assert(tctx, dest != NULL, "Error getting address"); + status = dgram_mailslot_netlogon_send(dgmsock, + &name, dest, + NBT_MAILSLOT_NTLOGON, + &myname, &logon); + torture_assert_ntstatus_ok(tctx, status, "Failed to send ntlogon request"); + + while (timeval_elapsed(&tv) < 5 && !dgmslot->private) { + event_loop_once(dgmsock->event_ctx); + } + + response = talloc_get_type(dgmslot->private, struct nbt_netlogon_response); + + torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet"); + + torture_assert_int_equal(tctx, response->response_type, NETLOGON_GET_PDC, "Got incorrect type of ntlogon response"); + torture_assert_int_equal(tctx, response->get_pdc.command, NETLOGON_RESPONSE_FROM_PDC, "Got incorrect ntlogon response command"); + + return true; } |