diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2004-06-07 08:54:49 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:56:35 -0500 |
| commit | 46c88d561f9a5cbaf2b70e937fbc20dff6d31703 (patch) | |
| tree | ca3a6cd0b0a18052d56f48c87cb6ed9cf7965973 /source4/torture | |
| parent | bd40d94a05e5f3353b54b2cc94d76c58be7e3766 (diff) | |
| download | samba-46c88d561f9a5cbaf2b70e937fbc20dff6d31703.tar.gz samba-46c88d561f9a5cbaf2b70e937fbc20dff6d31703.tar.bz2 samba-46c88d561f9a5cbaf2b70e937fbc20dff6d31703.zip | |
r1061: The start of the SamLogon call for the NETLOGON pipe.
Changes:
- Check for a valid 'pipe_state' in netr_ServerAuthenticate3 before
we dereference it
- removes the expansionroom[7] in the netr_SamInfo* structs to 7
individual elements.
- renames netr_SamInfo -> netr_SamInfo2
netr_SamInfo2 -> netr_SamInfo3
- Having the thing we always called an 'info3' being 'netr_SamInfo2'
was just too confusing.
- Expand and fill in extra details about users from the SAM, into
the server_info, for processing into the SamLogon reply.
- Add a dum_sid_dup() function to duplicate a struct dom_sid
The SamLogon code currently does not return supplementary groups, and is
only tested with Samba4 smbtorture.
Andrew Bartlett
(This used to be commit 6c92563b7961f15fc74b02601e105d5e1d04f04d)
Diffstat (limited to 'source4/torture')
| -rw-r--r-- | source4/torture/rpc/netlogon.c | 56 |
1 files changed, 30 insertions, 26 deletions
diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c index a0b49d91eb..a336ef7acb 100644 --- a/source4/torture/rpc/netlogon.c +++ b/source4/torture/rpc/netlogon.c @@ -355,7 +355,7 @@ static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state, ZERO_STRUCT(samlogon_state->auth2); creds_client_authenticator(&samlogon_state->creds, &samlogon_state->auth); - r->out.authenticator = NULL; + r->out.return_authenticator = NULL; status = dcerpc_netr_LogonSamLogon(samlogon_state->p, samlogon_state->mem_ctx, r); if (!NT_STATUS_IS_OK(status)) { if (error_string) { @@ -363,8 +363,8 @@ static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state, } } - if (!r->out.authenticator || - !creds_client_check(&samlogon_state->creds, &r->out.authenticator->cred)) { + if (!r->out.return_authenticator || + !creds_client_check(&samlogon_state->creds, &r->out.return_authenticator->cred)) { printf("Credential chaining failed\n"); } @@ -377,30 +377,19 @@ static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state, if (r->in.validation_level == 2) { static const char zeros[16]; - if (memcmp(r->out.validation.sam->LMSessKey.key, zeros, - sizeof(r->out.validation.sam->LMSessKey.key)) != 0) { + if (memcmp(r->out.validation.sam2->key.key, zeros, + sizeof(r->out.validation.sam2->key.key)) != 0) { creds_arcfour_crypt(&samlogon_state->creds, - r->out.validation.sam->LMSessKey.key, - sizeof(r->out.validation.sam->LMSessKey.key)); - } - - if (lm_key) { - memcpy(lm_key, r->out.validation.sam->LMSessKey.key, 8); - } - - if (memcmp(r->out.validation.sam->key.key, zeros, sizeof(r->out.validation.sam->key.key)) != 0) { - creds_arcfour_crypt(&samlogon_state->creds, - r->out.validation.sam->key.key, - sizeof(r->out.validation.sam->key.key)); + r->out.validation.sam2->key.key, + sizeof(r->out.validation.sam2->key.key)); } if (user_session_key) { - memcpy(user_session_key, r->out.validation.sam->key.key, 16); + memcpy(user_session_key, r->out.validation.sam2->key.key, 16); } - } else if (r->in.validation_level == 3) { - static const char zeros[16]; - if (memcmp(r->out.validation.sam2->LMSessKey.key, zeros, sizeof(r->out.validation.sam2->LMSessKey.key)) != 0) { + if (memcmp(r->out.validation.sam2->LMSessKey.key, zeros, + sizeof(r->out.validation.sam2->LMSessKey.key)) != 0) { creds_arcfour_crypt(&samlogon_state->creds, r->out.validation.sam2->LMSessKey.key, sizeof(r->out.validation.sam2->LMSessKey.key)); @@ -410,15 +399,30 @@ static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state, memcpy(lm_key, r->out.validation.sam2->LMSessKey.key, 8); } - if (memcmp(r->out.validation.sam2->key.key, zeros, sizeof(r->out.validation.sam2->key.key)) != 0) { + } else if (r->in.validation_level == 3) { + static const char zeros[16]; + if (memcmp(r->out.validation.sam3->key.key, zeros, + sizeof(r->out.validation.sam3->key.key)) != 0) { creds_arcfour_crypt(&samlogon_state->creds, - r->out.validation.sam2->key.key, - sizeof(r->out.validation.sam2->key.key)); + r->out.validation.sam3->key.key, + sizeof(r->out.validation.sam3->key.key)); } if (user_session_key) { - memcpy(user_session_key, r->out.validation.sam2->key.key, 16); + memcpy(user_session_key, r->out.validation.sam3->key.key, 16); } + + if (memcmp(r->out.validation.sam3->LMSessKey.key, zeros, + sizeof(r->out.validation.sam3->LMSessKey.key)) != 0) { + creds_arcfour_crypt(&samlogon_state->creds, + r->out.validation.sam3->LMSessKey.key, + sizeof(r->out.validation.sam3->LMSessKey.key)); + } + + if (lm_key) { + memcpy(lm_key, r->out.validation.sam3->LMSessKey.key, 8); + } + } } @@ -912,7 +916,7 @@ static BOOL test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) samlogon_state.r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p)); samlogon_state.r.in.workstation = TEST_MACHINE_NAME; samlogon_state.r.in.credential = &samlogon_state.auth; - samlogon_state.r.in.authenticator = &samlogon_state.auth2; + samlogon_state.r.in.return_authenticator = &samlogon_state.auth2; for (i=2;i<=3;i++) { samlogon_state.r.in.validation_level = i; |