diff options
| author | Stefan Metzmacher <metze@samba.org> | 2005-01-12 07:22:34 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:08:45 -0500 |
| commit | 516dbfd5ed45159366840087398669c5224d2844 (patch) | |
| tree | 8d754716b8d21454739c1398c9a97114cbdc62c5 /source4/torture | |
| parent | fef48c0cc8b58536ed2f3338fc7c790a846f305d (diff) | |
| download | samba-516dbfd5ed45159366840087398669c5224d2844.tar.gz samba-516dbfd5ed45159366840087398669c5224d2844.tar.bz2 samba-516dbfd5ed45159366840087398669c5224d2844.zip | |
r4702: implment idl, torture test and server code for netr_ServerPasswordSet2()
metze
(This used to be commit 7d8ba92da2b8babe7165f105591fd3e5738b2319)
Diffstat (limited to 'source4/torture')
| -rw-r--r-- | source4/torture/rpc/netlogon.c | 71 |
1 files changed, 69 insertions, 2 deletions
diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c index 67e0bc9393..00a12b361b 100644 --- a/source4/torture/rpc/netlogon.c +++ b/source4/torture/rpc/netlogon.c @@ -318,6 +318,74 @@ static BOOL test_SetPassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) } /* + try a change password for our machine account +*/ +static BOOL test_SetPassword2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) +{ + NTSTATUS status; + struct netr_ServerPasswordSet2 r; + const char *password; + struct creds_CredentialState creds; + + if (!test_SetupCredentials(p, mem_ctx, TEST_MACHINE_NAME, + machine_password, &creds)) { + return False; + } + + r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p)); + r.in.account_name = talloc_asprintf(mem_ctx, "%s$", TEST_MACHINE_NAME); + r.in.secure_channel_type = SEC_CHAN_BDC; + r.in.computer_name = TEST_MACHINE_NAME; + + password = generate_random_str(mem_ctx, 8); + encode_pw_buffer(r.in.new_password.data, password, STR_UNICODE); + creds_arcfour_crypt(&creds, r.in.new_password.data, 516); + + printf("Testing ServerPasswordSet2 on machine account\n"); + printf("Changing machine account password to '%s'\n", password); + + creds_client_authenticator(&creds, &r.in.credential); + + status = dcerpc_netr_ServerPasswordSet2(p, mem_ctx, &r); + if (!NT_STATUS_IS_OK(status)) { + printf("ServerPasswordSet2 - %s\n", nt_errstr(status)); + return False; + } + + if (!creds_client_check(&creds, &r.out.return_authenticator.cred)) { + printf("Credential chaining failed\n"); + } + + /* by changing the machine password twice we test the + credentials chaining fully, and we verify that the server + allows the password to be set to the same value twice in a + row (match win2k3) */ + printf("Testing a second ServerPasswordSet2 on machine account\n"); + printf("Changing machine account password to '%s' (same as previous run)\n", password); + + creds_client_authenticator(&creds, &r.in.credential); + + status = dcerpc_netr_ServerPasswordSet2(p, mem_ctx, &r); + if (!NT_STATUS_IS_OK(status)) { + printf("ServerPasswordSet (2) - %s\n", nt_errstr(status)); + return False; + } + + if (!creds_client_check(&creds, &r.out.return_authenticator.cred)) { + printf("Credential chaining failed\n"); + } + + machine_password = password; + + if (!test_SetupCredentials(p, mem_ctx, TEST_MACHINE_NAME, machine_password, &creds)) { + printf("ServerPasswordSet failed to actually change the password\n"); + return False; + } + + return True; +} + +/* try a netlogon SamLogon */ static BOOL test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) @@ -398,8 +466,6 @@ static BOOL test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) return ret; } - - /* we remember the sequence numbers so we can easily do a DatabaseDelta */ static uint64_t sequence_nums[3]; @@ -1216,6 +1282,7 @@ BOOL torture_rpc_netlogon(void) ret &= test_LogonUasLogoff(p, mem_ctx); ret &= test_SamLogon(p, mem_ctx); ret &= test_SetPassword(p, mem_ctx); + ret &= test_SetPassword2(p, mem_ctx); ret &= test_GetDomainInfo(p, mem_ctx); ret &= test_DatabaseSync(p, mem_ctx); ret &= test_DatabaseDeltas(p, mem_ctx); |