summaryrefslogtreecommitdiff
path: root/source4/torture/rpc
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2007-11-29 22:22:19 +0100
committerStefan Metzmacher <metze@samba.org>2007-12-21 05:46:53 +0100
commit91da59fe0f4a2434ab35470651d38f2e530be971 (patch)
treeefa7d5dbd3b1ecd80370fecfa5558440b5d23fc7 /source4/torture/rpc
parenta3ced8817267a17b05875a2ffbcf87fc55fffe08 (diff)
downloadsamba-91da59fe0f4a2434ab35470651d38f2e530be971.tar.gz
samba-91da59fe0f4a2434ab35470651d38f2e530be971.tar.bz2
samba-91da59fe0f4a2434ab35470651d38f2e530be971.zip
r26210: w00t!
Solved the nasty crypto problem of the 524 byte wkssvc_PasswordBuffer for wkssvc_JoinDomain()/wkssvc_UnjoinDomain(). Very soon we will be able to remotely join windows workstations into AD domains using smbtorture :-) Guenther (This used to be commit 37469ed34c5ee031dc8cf31ea7efbfacf279878a)
Diffstat (limited to 'source4/torture/rpc')
-rw-r--r--source4/torture/rpc/wkssvc.c44
1 files changed, 44 insertions, 0 deletions
diff --git a/source4/torture/rpc/wkssvc.c b/source4/torture/rpc/wkssvc.c
index 6f43caebf5..861c1051c6 100644
--- a/source4/torture/rpc/wkssvc.c
+++ b/source4/torture/rpc/wkssvc.c
@@ -25,6 +25,8 @@
#include "torture/rpc/rpc.h"
#include "lib/cmdline/popt_common.h"
#include "param/param.h"
+#include "lib/crypto/crypto.h"
+#include "libcli/auth/libcli_auth.h"
#define SMBTORTURE_MACHINE_NAME "smbtrt_name"
#define SMBTORTURE_ALTERNATE_NAME "smbtrt_altname"
@@ -1115,6 +1117,48 @@ static bool test_NetrJoinDomain(struct torture_context *tctx,
return true;
}
+/* encode a wkssvc_PasswordBuffer for remote joining/unjoining:
+ *
+ * similar to samr_CryptPasswordEx. Different: 8byte confounder (instead of
+ * 16byte), confounder at the beginning of the 516 byte buffer (instead of at
+ * the end), MD5Update() reordering of session_key and confounder - Guenther */
+
+static bool encode_wkssvc_join_password_buffer(struct torture_context *tctx,
+ struct dcerpc_pipe *p,
+ const char *pwd,
+ struct wkssvc_PasswordBuffer *pwd_buf)
+{
+ NTSTATUS status;
+ uint8_t buffer[516];
+ struct MD5Context ctx;
+
+ DATA_BLOB confounded_session_key = data_blob_talloc(tctx, NULL, 16);
+ DATA_BLOB session_key;
+
+ int confounder_len = 8;
+ uint8_t confounder[8];
+
+ encode_pw_buffer(buffer, pwd, STR_UNICODE);
+
+ status = dcerpc_fetch_session_key(p, &session_key);
+ if (!NT_STATUS_IS_OK(status)) {
+ return false;
+ }
+
+ generate_random_buffer((uint8_t *)confounder, confounder_len);
+
+ MD5Init(&ctx);
+ MD5Update(&ctx, session_key.data, session_key.length);
+ MD5Update(&ctx, confounder, confounder_len);
+ MD5Final(confounded_session_key.data, &ctx);
+
+ arcfour_crypt_blob(buffer, 516, &confounded_session_key);
+
+ memcpy(&pwd_buf->data[0], confounder, confounder_len);
+ memcpy(&pwd_buf->data[8], buffer, 516);
+
+ return true;
+}
struct torture_suite *torture_rpc_wkssvc(TALLOC_CTX *mem_ctx)
{