diff options
author | Andrew Bartlett <abartlet@samba.org> | 2004-11-11 23:24:30 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:05:43 -0500 |
commit | fd5135a63b4c81688c4e2d729380ca954f22286d (patch) | |
tree | 7179bf31f404359a702f94ed5db03a1a4732617c /source4/torture/rpc/netlogon.c | |
parent | 32e368502d80517dd7b00c1c3bc8b042887d9db0 (diff) | |
download | samba-fd5135a63b4c81688c4e2d729380ca954f22286d.tar.gz samba-fd5135a63b4c81688c4e2d729380ca954f22286d.tar.bz2 samba-fd5135a63b4c81688c4e2d729380ca954f22286d.zip |
r3686: The results of some work on the NETLOGON pipe:
Break out the samsync tests from RPC-NETLOGON into a new RPC-SAMSYNC,
that will cross-verify all the values.
Add support for the way netlogon credentials are shared between the
pipe that sets up schannel and the pipe that is encrypted with it.
Test this support, by calling both NETLOGON and SAMR operations in the
RPC-SCHANNEL test.
Move some of the Netlogon NEG flags into the .idl, now we have an idea
what a few of them really are.
Rename the sam_pwd_hash into a name that has meaning (all other crypto
functions were renamed in Samba4 ages ago).
Break out NTLMv2 functionality for operation on the NT hash - I intend
to do NTLMv2 logins in the samsync test in future, and naturally I
only have the hash.
Andrew Bartlett
(This used to be commit 6e6cc6fb9842113a1b0c7f6904dac709b320a6e5)
Diffstat (limited to 'source4/torture/rpc/netlogon.c')
-rw-r--r-- | source4/torture/rpc/netlogon.c | 76 |
1 files changed, 73 insertions, 3 deletions
diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c index fe64727d79..9c87106550 100644 --- a/source4/torture/rpc/netlogon.c +++ b/source4/torture/rpc/netlogon.c @@ -316,6 +316,72 @@ static BOOL test_SetPassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) return True; } +/* + try a netlogon SamLogon +*/ +static BOOL test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) +{ + NTSTATUS status; + struct netr_LogonSamLogon r; + struct netr_Authenticator auth, auth2; + struct netr_NetworkInfo ninfo; + const char *username = lp_parm_string(-1, "torture", "username"); + const char *password = lp_parm_string(-1, "torture", "password"); + struct creds_CredentialState creds; + + int i; + BOOL ret = True; + + if (!test_SetupCredentials(p, mem_ctx, TEST_MACHINE_NAME, + machine_password, &creds)) { + return False; + } + + ninfo.identity_info.domain_name.string = lp_workgroup(); + ninfo.identity_info.parameter_control = 0; + ninfo.identity_info.logon_id_low = 0; + ninfo.identity_info.logon_id_high = 0; + ninfo.identity_info.account_name.string = username; + ninfo.identity_info.workstation.string = TEST_MACHINE_NAME; + generate_random_buffer(ninfo.challenge, + sizeof(ninfo.challenge)); + ninfo.nt.length = 24; + ninfo.nt.data = talloc(mem_ctx, 24); + SMBNTencrypt(password, ninfo.challenge, ninfo.nt.data); + ninfo.lm.length = 24; + ninfo.lm.data = talloc(mem_ctx, 24); + SMBencrypt(password, ninfo.challenge, ninfo.lm.data); + + r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p)); + r.in.workstation = TEST_MACHINE_NAME; + r.in.credential = &auth; + r.in.return_authenticator = &auth2; + r.in.logon_level = 2; + r.in.logon.network = &ninfo; + + for (i=2;i<=3;i++) { + ZERO_STRUCT(auth2); + creds_client_authenticator(&creds, &auth); + + r.in.validation_level = i; + + printf("Testing SamLogon with validation level %d\n", i); + + status = dcerpc_netr_LogonSamLogon(p, mem_ctx, &r); + if (!NT_STATUS_IS_OK(status)) { + printf("LogonSamLogon - %s\n", nt_errstr(status)); + ret = False; + } + + if (!creds_client_check(&creds, &r.out.return_authenticator->cred)) { + printf("Credential chaining failed\n"); + } + } + + return ret; +} + + /* we remember the sequence numbers so we can easily do a DatabaseDelta */ static uint64_t sequence_nums[3]; @@ -328,7 +394,7 @@ static BOOL test_DatabaseSync(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) NTSTATUS status; struct netr_DatabaseSync r; struct creds_CredentialState creds; - const uint32_t database_ids[] = {0, 1, 2}; + const uint32_t database_ids[] = {SAM_DATABASE_DOMAIN, SAM_DATABASE_BUILTIN, SAM_DATABASE_PRIVS}; int i; BOOL ret = True; @@ -366,7 +432,7 @@ static BOOL test_DatabaseSync(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) if (r.out.delta_enum_array && r.out.delta_enum_array->num_deltas > 0 && - r.out.delta_enum_array->delta_enum[0].delta_type == 1 && + r.out.delta_enum_array->delta_enum[0].delta_type == NETR_DELTA_DOMAIN && r.out.delta_enum_array->delta_enum[0].delta_union.domain) { sequence_nums[r.in.database_id] = r.out.delta_enum_array->delta_enum[0].delta_union.domain->sequence_num; @@ -969,7 +1035,7 @@ BOOL torture_rpc_netlogon(void) struct dcerpc_pipe *p; TALLOC_CTX *mem_ctx; BOOL ret = True; - void *join_ctx; + struct test_join *join_ctx; mem_ctx = talloc_init("torture_rpc_netlogon"); @@ -996,6 +1062,10 @@ BOOL torture_rpc_netlogon(void) ret = False; } + if (!test_SamLogon(p, mem_ctx)) { + ret = False; + } + if (!test_SetPassword(p, mem_ctx)) { ret = False; } |