summaryrefslogtreecommitdiff
path: root/source4/torture
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2005-01-12 07:22:34 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:08:45 -0500
commit516dbfd5ed45159366840087398669c5224d2844 (patch)
tree8d754716b8d21454739c1398c9a97114cbdc62c5 /source4/torture
parentfef48c0cc8b58536ed2f3338fc7c790a846f305d (diff)
downloadsamba-516dbfd5ed45159366840087398669c5224d2844.tar.gz
samba-516dbfd5ed45159366840087398669c5224d2844.tar.bz2
samba-516dbfd5ed45159366840087398669c5224d2844.zip
r4702: implment idl, torture test and server code for netr_ServerPasswordSet2()
metze (This used to be commit 7d8ba92da2b8babe7165f105591fd3e5738b2319)
Diffstat (limited to 'source4/torture')
-rw-r--r--source4/torture/rpc/netlogon.c71
1 files changed, 69 insertions, 2 deletions
diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c
index 67e0bc9393..00a12b361b 100644
--- a/source4/torture/rpc/netlogon.c
+++ b/source4/torture/rpc/netlogon.c
@@ -318,6 +318,74 @@ static BOOL test_SetPassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
}
/*
+ try a change password for our machine account
+*/
+static BOOL test_SetPassword2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
+{
+ NTSTATUS status;
+ struct netr_ServerPasswordSet2 r;
+ const char *password;
+ struct creds_CredentialState creds;
+
+ if (!test_SetupCredentials(p, mem_ctx, TEST_MACHINE_NAME,
+ machine_password, &creds)) {
+ return False;
+ }
+
+ r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
+ r.in.account_name = talloc_asprintf(mem_ctx, "%s$", TEST_MACHINE_NAME);
+ r.in.secure_channel_type = SEC_CHAN_BDC;
+ r.in.computer_name = TEST_MACHINE_NAME;
+
+ password = generate_random_str(mem_ctx, 8);
+ encode_pw_buffer(r.in.new_password.data, password, STR_UNICODE);
+ creds_arcfour_crypt(&creds, r.in.new_password.data, 516);
+
+ printf("Testing ServerPasswordSet2 on machine account\n");
+ printf("Changing machine account password to '%s'\n", password);
+
+ creds_client_authenticator(&creds, &r.in.credential);
+
+ status = dcerpc_netr_ServerPasswordSet2(p, mem_ctx, &r);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("ServerPasswordSet2 - %s\n", nt_errstr(status));
+ return False;
+ }
+
+ if (!creds_client_check(&creds, &r.out.return_authenticator.cred)) {
+ printf("Credential chaining failed\n");
+ }
+
+ /* by changing the machine password twice we test the
+ credentials chaining fully, and we verify that the server
+ allows the password to be set to the same value twice in a
+ row (match win2k3) */
+ printf("Testing a second ServerPasswordSet2 on machine account\n");
+ printf("Changing machine account password to '%s' (same as previous run)\n", password);
+
+ creds_client_authenticator(&creds, &r.in.credential);
+
+ status = dcerpc_netr_ServerPasswordSet2(p, mem_ctx, &r);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("ServerPasswordSet (2) - %s\n", nt_errstr(status));
+ return False;
+ }
+
+ if (!creds_client_check(&creds, &r.out.return_authenticator.cred)) {
+ printf("Credential chaining failed\n");
+ }
+
+ machine_password = password;
+
+ if (!test_SetupCredentials(p, mem_ctx, TEST_MACHINE_NAME, machine_password, &creds)) {
+ printf("ServerPasswordSet failed to actually change the password\n");
+ return False;
+ }
+
+ return True;
+}
+
+/*
try a netlogon SamLogon
*/
static BOOL test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
@@ -398,8 +466,6 @@ static BOOL test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
return ret;
}
-
-
/* we remember the sequence numbers so we can easily do a DatabaseDelta */
static uint64_t sequence_nums[3];
@@ -1216,6 +1282,7 @@ BOOL torture_rpc_netlogon(void)
ret &= test_LogonUasLogoff(p, mem_ctx);
ret &= test_SamLogon(p, mem_ctx);
ret &= test_SetPassword(p, mem_ctx);
+ ret &= test_SetPassword2(p, mem_ctx);
ret &= test_GetDomainInfo(p, mem_ctx);
ret &= test_DatabaseSync(p, mem_ctx);
ret &= test_DatabaseDeltas(p, mem_ctx);