diff options
author | Andrew Bartlett <abartlet@samba.org> | 2005-10-28 11:20:48 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:45:27 -0500 |
commit | 546f63df5b214a1419069887ecfd9118aae8030a (patch) | |
tree | 62e68bfa8708780546ccc28ac16f8f4ff1448c98 /source4/torture/rpc/samlogon.c | |
parent | 134b2488c82ae13392121f71e4960178a38f3e01 (diff) | |
download | samba-546f63df5b214a1419069887ecfd9118aae8030a.tar.gz samba-546f63df5b214a1419069887ecfd9118aae8030a.tar.bz2 samba-546f63df5b214a1419069887ecfd9118aae8030a.zip |
r11370: Samba4 now passes it's own RPC-SAMLOGON test again.
This avoids the nasty user@DOMAIN test for now, as it has very odd
semantics with NTLMv2.
Allow only user accounts to do an interactive login.
Andrew Bartlett
(This used to be commit 690cad8083e176b2e58fc243a11a003a78ce4074)
Diffstat (limited to 'source4/torture/rpc/samlogon.c')
-rw-r--r-- | source4/torture/rpc/samlogon.c | 23 |
1 files changed, 17 insertions, 6 deletions
diff --git a/source4/torture/rpc/samlogon.c b/source4/torture/rpc/samlogon.c index 1094c2886e..36201aa210 100644 --- a/source4/torture/rpc/samlogon.c +++ b/source4/torture/rpc/samlogon.c @@ -304,6 +304,8 @@ static BOOL test_lm_ntlm_broken(struct samlogon_state *samlogon_state, enum ntlm return True; } return ((break_which == BREAK_NT) || (break_which == BREAK_BOTH)); + } else if (NT_STATUS_EQUAL(NT_STATUS_NOT_FOUND, nt_status) && strchr_m(samlogon_state->account_name, '@')) { + return ((break_which == BREAK_NT) || (break_which == BREAK_BOTH) || (break_which == NO_NT)); } else if (!NT_STATUS_EQUAL(samlogon_state->expected_error, nt_status)) { SAFE_FREE(*error_string); asprintf(error_string, "Expected error: %s, got %s", nt_errstr(samlogon_state->expected_error), nt_errstr(nt_status)); @@ -633,6 +635,8 @@ static BOOL test_lmv2_ntlmv2_broken(struct samlogon_state *samlogon_state, return True; } return break_which == BREAK_BOTH; + } else if (NT_STATUS_EQUAL(NT_STATUS_NOT_FOUND, nt_status) && strchr_m(samlogon_state->account_name, '@')) { + return ((break_which == BREAK_NT) || (break_which == BREAK_BOTH) || (break_which == NO_NT)); } else if (!NT_STATUS_EQUAL(samlogon_state->expected_error, nt_status)) { SAFE_FREE(*error_string); asprintf(error_string, "Expected error: %s, got %s", nt_errstr(samlogon_state->expected_error), nt_errstr(nt_status)); @@ -799,6 +803,8 @@ static BOOL test_lmv2_ntlm_broken(struct samlogon_state *samlogon_state, return True; } return ((break_which == BREAK_NT) || (break_which == BREAK_BOTH)); + } else if (NT_STATUS_EQUAL(NT_STATUS_NOT_FOUND, nt_status) && strchr_m(samlogon_state->account_name, '@')) { + return ((break_which == BREAK_NT) || (break_which == BREAK_BOTH)); } else if (!NT_STATUS_EQUAL(samlogon_state->expected_error, nt_status)) { SAFE_FREE(*error_string); asprintf(error_string, "Expected error: %s, got %s", nt_errstr(samlogon_state->expected_error), nt_errstr(nt_status)); @@ -1181,6 +1187,8 @@ static BOOL test_plaintext(struct samlogon_state *samlogon_state, enum ntlm_brea return True; } return ((break_which == BREAK_NT) || (break_which == BREAK_BOTH)); + } else if (NT_STATUS_EQUAL(NT_STATUS_NOT_FOUND, nt_status) && strchr_m(samlogon_state->account_name, '@')) { + return ((break_which == BREAK_NT) || (break_which == BREAK_BOTH) || (break_which == NO_NT)); } else if (!NT_STATUS_EQUAL(samlogon_state->expected_error, nt_status)) { SAFE_FREE(*error_string); asprintf(error_string, "Expected error: %s, got %s", nt_errstr(samlogon_state->expected_error), nt_errstr(nt_status)); @@ -1387,7 +1395,8 @@ BOOL test_InteractiveLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, const char *comment, const char *workstation_name, const char *account_domain, const char *account_name, - const char *plain_pass, NTSTATUS expected_error) + const char *plain_pass, uint32_t parameter_control, + NTSTATUS expected_error) { NTSTATUS status; TALLOC_CTX *fn_ctx = talloc_named(mem_ctx, 0, "test_InteractiveLogon function-level context"); @@ -1411,7 +1420,7 @@ BOOL test_InteractiveLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, r.in.flags = 0; pinfo.identity_info.domain_name.string = account_domain; - pinfo.identity_info.parameter_control = 0; + pinfo.identity_info.parameter_control = parameter_control; pinfo.identity_info.logon_id_low = 0; pinfo.identity_info.logon_id_high = 0; pinfo.identity_info.account_name.string = account_name; @@ -1581,7 +1590,7 @@ BOOL torture_rpc_samlogon(void) cli_credentials_get_domain(cmdline_credentials) ), .password = cli_credentials_get_password(cmdline_credentials), - .network_login = False, + .network_login = False, /* works for some things, but not NTLMv2. Odd */ .expected_interactive_error = NT_STATUS_OK, .expected_network_error = NT_STATUS_OK }, @@ -1634,7 +1643,7 @@ BOOL torture_rpc_samlogon(void) cli_credentials_get_domain(machine_credentials) ), .password = cli_credentials_get_password(machine_credentials), - .network_login = False, + .network_login = False, /* works for some things, but not NTLMv2. Odd */ .expected_interactive_error = NT_STATUS_NO_SUCH_USER, .parameter_control = MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT }, @@ -1680,7 +1689,7 @@ BOOL torture_rpc_samlogon(void) TEST_USER_NAME, userdomain), .password = user_password, - .network_login = False, + .network_login = False, /* works for some things, but not NTLMv2. Odd */ .expected_interactive_error = NT_STATUS_OK, .expected_network_error = NT_STATUS_OK }, @@ -1706,6 +1715,7 @@ BOOL torture_rpc_samlogon(void) usercreds[ci].domain, usercreds[ci].username, usercreds[ci].password, + usercreds[ci].parameter_control, usercreds[ci].expected_interactive_error)) { ret = False; } @@ -1736,6 +1746,7 @@ BOOL torture_rpc_samlogon(void) usercreds[0].domain, usercreds[0].username, usercreds[0].password, + usercreds[0].parameter_control, usercreds[0].expected_interactive_error)) { ret = False; } @@ -1748,7 +1759,7 @@ BOOL torture_rpc_samlogon(void) usercreds[0].password, usercreds[0].parameter_control, usercreds[0].expected_network_error, - usercreds[ci].old_password, + usercreds[0].old_password, 1)) { ret = False; } |