summaryrefslogtreecommitdiff
path: root/source4/torture
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2005-01-12 10:49:52 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:08:46 -0500
commit9178e7b8bf18ca2782b4e19a3f4ce49e54366712 (patch)
tree945ddb365662f0902a86a10077e47e1c8eaa450d /source4/torture
parent062fe90c799b97265fe5b67075711726584ef21c (diff)
downloadsamba-9178e7b8bf18ca2782b4e19a3f4ce49e54366712.tar.gz
samba-9178e7b8bf18ca2782b4e19a3f4ce49e54366712.tar.bz2
samba-9178e7b8bf18ca2782b4e19a3f4ce49e54366712.zip
r4707: w2k3 don't restict passwords on
netr_ServerPasswordSet and netr_ServerPasswordSet2 so we do now I also add a torture test for this metze (This used to be commit d896ac603a5cf387a10b21e64e2c92ff2626bc4d)
Diffstat (limited to 'source4/torture')
-rw-r--r--source4/torture/rpc/netlogon.c63
1 files changed, 63 insertions, 0 deletions
diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c
index 6128495043..3da539aea5 100644
--- a/source4/torture/rpc/netlogon.c
+++ b/source4/torture/rpc/netlogon.c
@@ -268,6 +268,37 @@ static BOOL test_SetPassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
r.in.secure_channel_type = SEC_CHAN_BDC;
r.in.computer_name = TEST_MACHINE_NAME;
+ password = "";
+ E_md4hash(password, r.in.new_password.hash);
+
+ creds_des_encrypt(&creds, &r.in.new_password);
+ /* by changing the machine password to ""
+ * we check if the server uses password restrictions
+ * for ServerPasswordSet2
+ * (win2k3 accepts "")
+ */
+ printf("Testing a second ServerPasswordSet on machine account\n");
+ printf("Changing machine account password to '%s'\n", password);
+
+ creds_client_authenticator(&creds, &r.in.credential);
+
+ status = dcerpc_netr_ServerPasswordSet(p, mem_ctx, &r);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("ServerPasswordSet (2) - %s\n", nt_errstr(status));
+ return False;
+ }
+
+ if (!creds_client_check(&creds, &r.out.return_authenticator.cred)) {
+ printf("Credential chaining failed\n");
+ }
+
+ machine_password = password;
+
+ if (!test_SetupCredentials(p, mem_ctx, TEST_MACHINE_NAME, machine_password, &creds)) {
+ printf("ServerPasswordSet failed to actually change the password\n");
+ return False;
+ }
+
password = generate_random_str(mem_ctx, 8);
E_md4hash(password, r.in.new_password.hash);
@@ -337,6 +368,38 @@ static BOOL test_SetPassword2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
r.in.secure_channel_type = SEC_CHAN_BDC;
r.in.computer_name = TEST_MACHINE_NAME;
+ password = "";
+ encode_pw_buffer(r.in.new_password.data, password, STR_UNICODE);
+ creds_arcfour_crypt(&creds, r.in.new_password.data, 516);
+
+ /* by changing the machine password to ""
+ * we check if the server uses password restrictions
+ * for ServerPasswordSet2
+ * (win2k3 accepts "")
+ */
+ printf("Testing a second ServerPasswordSet2 on machine account\n");
+ printf("Changing machine account password to '%s'\n", password);
+
+ creds_client_authenticator(&creds, &r.in.credential);
+
+ status = dcerpc_netr_ServerPasswordSet2(p, mem_ctx, &r);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("ServerPasswordSet (2) - %s\n", nt_errstr(status));
+ return False;
+ }
+
+ if (!creds_client_check(&creds, &r.out.return_authenticator.cred)) {
+ printf("Credential chaining failed\n");
+ }
+
+ machine_password = password;
+
+ if (!test_SetupCredentials(p, mem_ctx, TEST_MACHINE_NAME, machine_password, &creds)) {
+ printf("ServerPasswordSet failed to actually change the password\n");
+ return False;
+ }
+
+ /* now try a random password */
password = generate_random_str(mem_ctx, 8);
encode_pw_buffer(r.in.new_password.data, password, STR_UNICODE);
creds_arcfour_crypt(&creds, r.in.new_password.data, 516);