summaryrefslogtreecommitdiff
path: root/source4/torture
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2008-05-21 12:37:36 +1000
committerAndrew Bartlett <abartlet@samba.org>2008-05-21 12:37:36 +1000
commitf67156fc920b9a5c84c4fcaf1bf41640ddae6005 (patch)
treef02f96e7e94448b4597426734afd3d71bdfae0d7 /source4/torture
parentfdec7fdaf5d4150e14311d9b3bb2da7358a407ff (diff)
downloadsamba-f67156fc920b9a5c84c4fcaf1bf41640ddae6005.tar.gz
samba-f67156fc920b9a5c84c4fcaf1bf41640ddae6005.tar.bz2
samba-f67156fc920b9a5c84c4fcaf1bf41640ddae6005.zip
Extend the 'netlogon' CLDAP and NBT implementation.
This now handles checking if the user exists, including validating the ACB mask on the user. This would be a nasty security hole, if Kerberos did not already expose this information anonymously... Andrew Bartlett (This used to be commit 441b286c00f9a7743cdefeb243545bdbd2c94c5e)
Diffstat (limited to 'source4/torture')
-rw-r--r--source4/torture/ldap/cldap.c22
-rw-r--r--source4/torture/nbt/dgram.c276
2 files changed, 278 insertions, 20 deletions
diff --git a/source4/torture/ldap/cldap.c b/source4/torture/ldap/cldap.c
index a77920d4e6..5d4acd581b 100644
--- a/source4/torture/ldap/cldap.c
+++ b/source4/torture/ldap/cldap.c
@@ -144,18 +144,38 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest)
CHECK_STATUS(status, NT_STATUS_NOT_FOUND);
printf("Trying with a AAC\n");
- search.in.acct_control = 0x180;
+ search.in.acct_control = ACB_WSTRUST|ACB_SVRTRUST;
search.in.realm = n1.nt5_ex.dns_domain;
status = cldap_netlogon(cldap, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
CHECK_STRING(search.out.netlogon.nt5_ex.user_name, "");
+ printf("Trying with a zero AAC\n");
+ search.in.acct_control = 0x0;
+ search.in.realm = n1.nt5_ex.dns_domain;
+ status = cldap_netlogon(cldap, tctx, &search);
+ CHECK_STATUS(status, NT_STATUS_OK);
+ CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
+ CHECK_STRING(search.out.netlogon.nt5_ex.user_name, "");
+
+ printf("Trying with a zero AAC and user=Administrator\n");
+ search.in.acct_control = 0x0;
+ search.in.user = "Administrator";
+ search.in.realm = n1.nt5_ex.dns_domain;
+ status = cldap_netlogon(cldap, tctx, &search);
+ CHECK_STATUS(status, NT_STATUS_OK);
+ CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX);
+ CHECK_STRING(search.out.netlogon.nt5_ex.user_name, "Administrator");
+
printf("Trying with a bad AAC\n");
+ search.in.user = NULL;
search.in.acct_control = 0xFF00FF00;
search.in.realm = n1.nt5_ex.dns_domain;
status = cldap_netlogon(cldap, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
+ CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
+ CHECK_STRING(search.out.netlogon.nt5_ex.user_name, "");
printf("Trying with a user only\n");
search = empty_search;
diff --git a/source4/torture/nbt/dgram.c b/source4/torture/nbt/dgram.c
index 2bc3d3d75e..66a3d142db 100644
--- a/source4/torture/nbt/dgram.c
+++ b/source4/torture/nbt/dgram.c
@@ -42,19 +42,24 @@ static void netlogon_handler(struct dgram_mailslot_handler *dgmslot,
struct socket_address *src)
{
NTSTATUS status;
- struct nbt_netlogon_response netlogon;
- int *replies = (int *)dgmslot->private;
+ struct nbt_netlogon_response *netlogon = dgmslot->private;
+ dgmslot->private = netlogon = talloc(dgmslot, struct nbt_netlogon_response);
+
+ if (!dgmslot->private) {
+ return;
+ }
+
printf("netlogon reply from %s:%d\n", src->addr, src->port);
- status = dgram_mailslot_netlogon_parse_response(dgmslot, dgmslot, packet, &netlogon);
+ /* Fills in the netlogon pointer */
+ status = dgram_mailslot_netlogon_parse_response(dgmslot, netlogon, packet, netlogon);
if (!NT_STATUS_IS_OK(status)) {
printf("Failed to parse netlogon packet from %s:%d\n",
src->addr, src->port);
return;
}
-
- (*replies)++;
+
}
@@ -67,10 +72,10 @@ static bool nbt_test_netlogon(struct torture_context *tctx)
struct socket_address *dest;
const char *myaddress;
struct nbt_netlogon_packet logon;
+ struct nbt_netlogon_response *response;
struct nbt_name myname;
NTSTATUS status;
struct timeval tv = timeval_current();
- int replies = 0;
struct socket_address *socket_address;
@@ -78,7 +83,7 @@ static bool nbt_test_netlogon(struct torture_context *tctx)
struct nbt_name name;
struct interface *ifaces;
-
+
name.name = lp_workgroup(tctx->lp_ctx);
name.type = NBT_NAME_LOGON;
name.scope = NULL;
@@ -112,7 +117,7 @@ static bool nbt_test_netlogon(struct torture_context *tctx)
/* setup a temporary mailslot listener for replies */
dgmslot = dgram_mailslot_temp(dgmsock, NBT_MAILSLOT_GETDC,
- netlogon_handler, &replies);
+ netlogon_handler, NULL);
ZERO_STRUCT(logon);
logon.command = LOGON_PRIMARY_QUERY;
@@ -134,10 +139,17 @@ static bool nbt_test_netlogon(struct torture_context *tctx)
&myname, &logon);
torture_assert_ntstatus_ok(tctx, status, "Failed to send netlogon request");
- while (timeval_elapsed(&tv) < 5 && replies == 0) {
+ while (timeval_elapsed(&tv) < 5 && !dgmslot->private) {
event_loop_once(dgmsock->event_ctx);
}
+ response = talloc_get_type(dgmslot->private, struct nbt_netlogon_response);
+
+ torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet");
+
+ torture_assert(tctx, response->response_type == NETLOGON_GET_PDC, "Got incorrect type of netlogon response");
+ torture_assert(tctx, response->get_pdc.command == NETLOGON_RESPONSE_FROM_PDC, "Got incorrect netlogon response command");
+
return true;
}
@@ -151,10 +163,10 @@ static bool nbt_test_netlogon2(struct torture_context *tctx)
struct socket_address *dest;
const char *myaddress;
struct nbt_netlogon_packet logon;
+ struct nbt_netlogon_response *response;
struct nbt_name myname;
NTSTATUS status;
struct timeval tv = timeval_current();
- int replies = 0;
struct socket_address *socket_address;
@@ -198,7 +210,7 @@ static bool nbt_test_netlogon2(struct torture_context *tctx)
/* setup a temporary mailslot listener for replies */
dgmslot = dgram_mailslot_temp(dgmsock, NBT_MAILSLOT_GETDC,
- netlogon_handler, &replies);
+ netlogon_handler, NULL);
ZERO_STRUCT(logon);
@@ -207,7 +219,7 @@ static bool nbt_test_netlogon2(struct torture_context *tctx)
logon.req.logon.computer_name = TEST_NAME;
logon.req.logon.user_name = "";
logon.req.logon.mailslot_name = dgmslot->mailslot_name;
- logon.req.logon.nt_version = 11;
+ logon.req.logon.nt_version = NETLOGON_NT_VERSION_5EX_WITH_IP|NETLOGON_NT_VERSION_5|NETLOGON_NT_VERSION_1;
logon.req.logon.lmnt_token = 0xFFFF;
logon.req.logon.lm20_token = 0xFFFF;
@@ -222,10 +234,23 @@ static bool nbt_test_netlogon2(struct torture_context *tctx)
&myname, &logon);
torture_assert_ntstatus_ok(tctx, status, "Failed to send netlogon request");
- while (timeval_elapsed(&tv) < 5 && replies == 0) {
+ while (timeval_elapsed(&tv) < 5 && dgmslot->private == NULL) {
event_loop_once(dgmsock->event_ctx);
}
+ response = talloc_get_type(dgmslot->private, struct nbt_netlogon_response);
+
+ torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet");
+
+ torture_assert_int_equal(tctx, response->response_type, NETLOGON_SAMLOGON, "Got incorrect type of netlogon response");
+ map_netlogon_samlogon_response(&response->samlogon);
+
+ torture_assert_int_equal(tctx, response->samlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX, "Got incorrect netlogon response command");
+
+ /* setup (another) temporary mailslot listener for replies */
+ dgmslot = dgram_mailslot_temp(dgmsock, NBT_MAILSLOT_GETDC,
+ netlogon_handler, NULL);
+
ZERO_STRUCT(logon);
logon.command = LOGON_SAM_LOGON_REQUEST;
logon.req.logon.request_count = 0;
@@ -247,15 +272,109 @@ static bool nbt_test_netlogon2(struct torture_context *tctx)
&myname, &logon);
torture_assert_ntstatus_ok(tctx, status, "Failed to send netlogon request");
- while (timeval_elapsed(&tv) < 5 && replies == 0) {
+ while (timeval_elapsed(&tv) < 5 && dgmslot->private == NULL) {
event_loop_once(dgmsock->event_ctx);
}
+ response = talloc_get_type(dgmslot->private, struct nbt_netlogon_response);
+
+ torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet");
+
+ torture_assert_int_equal(tctx, response->response_type, NETLOGON_SAMLOGON, "Got incorrect type of netlogon response");
+ map_netlogon_samlogon_response(&response->samlogon);
+
+ torture_assert_int_equal(tctx, response->samlogon.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN, "Got incorrect netlogon response command");
+
+ torture_assert_str_equal(tctx, response->samlogon.nt5_ex.user_name, TEST_NAME"$", "Got incorrect user in netlogon response");
+
join_ctx = torture_join_domain(tctx, TEST_NAME,
ACB_WSTRUST, &machine_credentials);
dom_sid = torture_join_sid(join_ctx);
+ /* setup (another) temporary mailslot listener for replies */
+ dgmslot = dgram_mailslot_temp(dgmsock, NBT_MAILSLOT_GETDC,
+ netlogon_handler, NULL);
+
+ ZERO_STRUCT(logon);
+ logon.command = LOGON_SAM_LOGON_REQUEST;
+ logon.req.logon.request_count = 0;
+ logon.req.logon.computer_name = TEST_NAME;
+ logon.req.logon.user_name = TEST_NAME"$";
+ logon.req.logon.mailslot_name = dgmslot->mailslot_name;
+ logon.req.logon.sid = *dom_sid;
+ logon.req.logon.nt_version = 1;
+ logon.req.logon.lmnt_token = 0xFFFF;
+ logon.req.logon.lm20_token = 0xFFFF;
+
+ make_nbt_name_client(&myname, TEST_NAME);
+
+ dest = socket_address_from_strings(dgmsock, dgmsock->sock->backend_name,
+ address, lp_dgram_port(tctx->lp_ctx));
+
+ torture_assert(tctx, dest != NULL, "Error getting address");
+ status = dgram_mailslot_netlogon_send(dgmsock, &name, dest,
+ NBT_MAILSLOT_NETLOGON,
+ &myname, &logon);
+ torture_assert_ntstatus_ok(tctx, status, "Failed to send netlogon request");
+
+
+ while (timeval_elapsed(&tv) < 5 && dgmslot->private == NULL) {
+ event_loop_once(dgmsock->event_ctx);
+ }
+
+ response = talloc_get_type(dgmslot->private, struct nbt_netlogon_response);
+
+ torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet");
+
+ torture_assert_int_equal(tctx, response->response_type, NETLOGON_SAMLOGON, "Got incorrect type of netlogon response");
+ map_netlogon_samlogon_response(&response->samlogon);
+
+ torture_assert_int_equal(tctx, response->samlogon.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN, "Got incorrect netlogon response command");
+
+ /* setup (another) temporary mailslot listener for replies */
+ dgmslot = dgram_mailslot_temp(dgmsock, NBT_MAILSLOT_GETDC,
+ netlogon_handler, NULL);
+
+ ZERO_STRUCT(logon);
+ logon.command = LOGON_SAM_LOGON_REQUEST;
+ logon.req.logon.request_count = 0;
+ logon.req.logon.computer_name = TEST_NAME;
+ logon.req.logon.user_name = TEST_NAME"$";
+ logon.req.logon.mailslot_name = dgmslot->mailslot_name;
+ logon.req.logon.sid = *dom_sid;
+ logon.req.logon.acct_control = ACB_WSTRUST;
+ logon.req.logon.nt_version = 1;
+ logon.req.logon.lmnt_token = 0xFFFF;
+ logon.req.logon.lm20_token = 0xFFFF;
+
+ make_nbt_name_client(&myname, TEST_NAME);
+
+ dest = socket_address_from_strings(dgmsock, dgmsock->sock->backend_name,
+ address, lp_dgram_port(tctx->lp_ctx));
+
+ torture_assert(tctx, dest != NULL, "Error getting address");
+ status = dgram_mailslot_netlogon_send(dgmsock, &name, dest,
+ NBT_MAILSLOT_NETLOGON,
+ &myname, &logon);
+ torture_assert_ntstatus_ok(tctx, status, "Failed to send netlogon request");
+
+
+ while (timeval_elapsed(&tv) < 5 && dgmslot->private == NULL) {
+ event_loop_once(dgmsock->event_ctx);
+ }
+
+ response = talloc_get_type(dgmslot->private, struct nbt_netlogon_response);
+
+ torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet");
+
+ torture_assert_int_equal(tctx, response->response_type, NETLOGON_SAMLOGON, "Got incorrect type of netlogon response");
+ map_netlogon_samlogon_response(&response->samlogon);
+
+ torture_assert_int_equal(tctx, response->samlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE, "Got incorrect netlogon response command");
+
+ dgmslot->private = NULL;
+
ZERO_STRUCT(logon);
logon.command = LOGON_SAM_LOGON_REQUEST;
logon.req.logon.request_count = 0;
@@ -263,6 +382,7 @@ static bool nbt_test_netlogon2(struct torture_context *tctx)
logon.req.logon.user_name = TEST_NAME"$";
logon.req.logon.mailslot_name = dgmslot->mailslot_name;
logon.req.logon.sid = *dom_sid;
+ logon.req.logon.acct_control = ACB_NORMAL;
logon.req.logon.nt_version = 1;
logon.req.logon.lmnt_token = 0xFFFF;
logon.req.logon.lm20_token = 0xFFFF;
@@ -278,10 +398,20 @@ static bool nbt_test_netlogon2(struct torture_context *tctx)
&myname, &logon);
torture_assert_ntstatus_ok(tctx, status, "Failed to send netlogon request");
- while (timeval_elapsed(&tv) < 5 && replies == 0) {
+
+ while (timeval_elapsed(&tv) < 5 && dgmslot->private == NULL) {
event_loop_once(dgmsock->event_ctx);
}
+ response = talloc_get_type(dgmslot->private, struct nbt_netlogon_response);
+
+ torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet");
+
+ torture_assert_int_equal(tctx, response->response_type, NETLOGON_SAMLOGON, "Got incorrect type of netlogon response");
+ map_netlogon_samlogon_response(&response->samlogon);
+
+ torture_assert_int_equal(tctx, response->samlogon.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN, "Got incorrect netlogon response command");
+
torture_leave_domain(join_ctx);
return true;
}
@@ -295,14 +425,15 @@ static bool nbt_test_ntlogon(struct torture_context *tctx)
lp_iconv_convenience(tctx->lp_ctx));
struct socket_address *dest;
struct test_join *join_ctx;
+ const struct dom_sid *dom_sid;
struct cli_credentials *machine_credentials;
const char *myaddress;
struct nbt_netlogon_packet logon;
+ struct nbt_netlogon_response *response;
struct nbt_name myname;
NTSTATUS status;
struct timeval tv = timeval_current();
- int replies = 0;
struct socket_address *socket_address;
const char *address;
@@ -342,13 +473,60 @@ static bool nbt_test_ntlogon(struct torture_context *tctx)
join_ctx = torture_join_domain(tctx, TEST_NAME,
ACB_WSTRUST, &machine_credentials);
+ dom_sid = torture_join_sid(join_ctx);
+
torture_assert(tctx, join_ctx != NULL,
talloc_asprintf(tctx, "Failed to join domain %s as %s\n",
lp_workgroup(tctx->lp_ctx), TEST_NAME));
/* setup a temporary mailslot listener for replies */
dgmslot = dgram_mailslot_temp(dgmsock, NBT_MAILSLOT_GETDC,
- netlogon_handler, &replies);
+ netlogon_handler, NULL);
+
+
+ ZERO_STRUCT(logon);
+ logon.command = LOGON_SAM_LOGON_REQUEST;
+ logon.req.logon.request_count = 0;
+ logon.req.logon.computer_name = TEST_NAME;
+ logon.req.logon.user_name = TEST_NAME"$";
+ logon.req.logon.mailslot_name = dgmslot->mailslot_name;
+ logon.req.logon.acct_control = ACB_WSTRUST;
+ /* Try with a SID this time */
+ logon.req.logon.sid = *dom_sid;
+ logon.req.logon.nt_version = 1;
+ logon.req.logon.lmnt_token = 0xFFFF;
+ logon.req.logon.lm20_token = 0xFFFF;
+
+ make_nbt_name_client(&myname, TEST_NAME);
+
+ dest = socket_address_from_strings(dgmsock, dgmsock->sock->backend_name,
+ address, lp_dgram_port(tctx->lp_ctx));
+ torture_assert(tctx, dest != NULL, "Error getting address");
+ status = dgram_mailslot_netlogon_send(dgmsock,
+ &name, dest,
+ NBT_MAILSLOT_NTLOGON,
+ &myname, &logon);
+ torture_assert_ntstatus_ok(tctx, status, "Failed to send ntlogon request");
+
+ while (timeval_elapsed(&tv) < 5 && dgmslot->private == NULL) {
+ event_loop_once(dgmsock->event_ctx);
+ }
+
+ response = talloc_get_type(dgmslot->private, struct nbt_netlogon_response);
+
+ torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet");
+
+ torture_assert_int_equal(tctx, response->response_type, NETLOGON_SAMLOGON, "Got incorrect type of netlogon response");
+ map_netlogon_samlogon_response(&response->samlogon);
+
+ torture_assert_int_equal(tctx, response->samlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE, "Got incorrect netlogon response command");
+
+ torture_assert_str_equal(tctx, response->samlogon.nt5_ex.user_name, TEST_NAME"$", "Got incorrect user in netlogon response");
+
+
+ /* setup a temporary mailslot listener for replies */
+ dgmslot = dgram_mailslot_temp(dgmsock, NBT_MAILSLOT_GETDC,
+ netlogon_handler, NULL);
ZERO_STRUCT(logon);
@@ -374,10 +552,26 @@ static bool nbt_test_ntlogon(struct torture_context *tctx)
&myname, &logon);
torture_assert_ntstatus_ok(tctx, status, "Failed to send ntlogon request");
- while (timeval_elapsed(&tv) < 5 && replies == 0) {
+ while (timeval_elapsed(&tv) < 5 && dgmslot->private == NULL) {
event_loop_once(dgmsock->event_ctx);
}
+ response = talloc_get_type(dgmslot->private, struct nbt_netlogon_response);
+
+ torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet");
+
+ torture_assert_int_equal(tctx, response->response_type, NETLOGON_SAMLOGON, "Got incorrect type of netlogon response");
+ map_netlogon_samlogon_response(&response->samlogon);
+
+ torture_assert_int_equal(tctx, response->samlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE, "Got incorrect netlogon response command");
+
+ torture_assert_str_equal(tctx, response->samlogon.nt5_ex.user_name, TEST_NAME"$", "Got incorrect user in netlogon response");
+
+
+ /* setup (another) temporary mailslot listener for replies */
+ dgmslot = dgram_mailslot_temp(dgmsock, NBT_MAILSLOT_GETDC,
+ netlogon_handler, NULL);
+
ZERO_STRUCT(logon);
logon.command = LOGON_PRIMARY_QUERY;
logon.req.pdc.computer_name = TEST_NAME;
@@ -398,11 +592,55 @@ static bool nbt_test_ntlogon(struct torture_context *tctx)
&myname, &logon);
torture_assert_ntstatus_ok(tctx, status, "Failed to send ntlogon request");
- while (timeval_elapsed(&tv) < 5 && replies == 0) {
+ while (timeval_elapsed(&tv) < 5 && !dgmslot->private) {
event_loop_once(dgmsock->event_ctx);
}
+ response = talloc_get_type(dgmslot->private, struct nbt_netlogon_response);
+
+ torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet");
+
+ torture_assert_int_equal(tctx, response->response_type, NETLOGON_GET_PDC, "Got incorrect type of ntlogon response");
+ torture_assert_int_equal(tctx, response->get_pdc.command, NETLOGON_RESPONSE_FROM_PDC, "Got incorrect ntlogon response command");
+
torture_leave_domain(join_ctx);
+
+ /* setup (another) temporary mailslot listener for replies */
+ dgmslot = dgram_mailslot_temp(dgmsock, NBT_MAILSLOT_GETDC,
+ netlogon_handler, NULL);
+
+ ZERO_STRUCT(logon);
+ logon.command = LOGON_PRIMARY_QUERY;
+ logon.req.pdc.computer_name = TEST_NAME;
+ logon.req.pdc.mailslot_name = dgmslot->mailslot_name;
+ logon.req.pdc.unicode_name = TEST_NAME;
+ logon.req.pdc.nt_version = 1;
+ logon.req.pdc.lmnt_token = 0xFFFF;
+ logon.req.pdc.lm20_token = 0xFFFF;
+
+ make_nbt_name_client(&myname, TEST_NAME);
+
+ dest = socket_address_from_strings(dgmsock, dgmsock->sock->backend_name,
+ address, lp_dgram_port(tctx->lp_ctx));
+ torture_assert(tctx, dest != NULL, "Error getting address");
+ status = dgram_mailslot_netlogon_send(dgmsock,
+ &name, dest,
+ NBT_MAILSLOT_NTLOGON,
+ &myname, &logon);
+ torture_assert_ntstatus_ok(tctx, status, "Failed to send ntlogon request");
+
+ while (timeval_elapsed(&tv) < 5 && !dgmslot->private) {
+ event_loop_once(dgmsock->event_ctx);
+ }
+
+ response = talloc_get_type(dgmslot->private, struct nbt_netlogon_response);
+
+ torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet");
+
+ torture_assert_int_equal(tctx, response->response_type, NETLOGON_GET_PDC, "Got incorrect type of ntlogon response");
+ torture_assert_int_equal(tctx, response->get_pdc.command, NETLOGON_RESPONSE_FROM_PDC, "Got incorrect ntlogon response command");
+
+
return true;
}