diff options
author | Andrew Tridgell <tridge@samba.org> | 2004-06-03 23:15:16 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:56:25 -0500 |
commit | 8087d844ef59a82617be51f7c887b9bafe362f80 (patch) | |
tree | e09e1761bc871b73eeaf5c25109e9d8daf207c1d /source4/torture | |
parent | 4309727424a0a27bbf5372789bc8644b96a28ba9 (diff) | |
download | samba-8087d844ef59a82617be51f7c887b9bafe362f80.tar.gz samba-8087d844ef59a82617be51f7c887b9bafe362f80.tar.bz2 samba-8087d844ef59a82617be51f7c887b9bafe362f80.zip |
r995: - renamed many of our crypto routines to use the industry standard
names rather than our crazy naming scheme. So DES is now called
des_crypt() rather than smbhash()
- added the code from the solution of the ADS crypto challenge that
allows Samba to correctly handle a 128 bit session key in all of the
netr_ServerAuthenticateX() varients. A huge thanks to Luke Howard
from PADL for solving this one!
- restructured the server side rpc authentication to allow for other
than NTLMSSP sign and seal. This commit just adds the structure, the
next commit will add schannel server side support.
- added 128 bit session key support to our client side code, and
testing against w2k3 with smbtorture. Works well.
(This used to be commit 729b2f41c924a0b435d44a14209e6dacc2304cee)
Diffstat (limited to 'source4/torture')
-rw-r--r-- | source4/torture/rpc/netlogon.c | 12 | ||||
-rw-r--r-- | source4/torture/rpc/samr.c | 18 |
2 files changed, 17 insertions, 13 deletions
diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c index 58c071dcdb..bfa63c2af7 100644 --- a/source4/torture/rpc/netlogon.c +++ b/source4/torture/rpc/netlogon.c @@ -147,7 +147,7 @@ again: return False; } - SamOEMhashBlob(u.info24.password.data, 516, &session_key); + arcfour_crypt_blob(u.info24.password.data, 516, &session_key); status = dcerpc_samr_SetUserInfo(join.p, mem_ctx, &s); if (!NT_STATUS_IS_OK(status)) { @@ -274,7 +274,8 @@ static BOOL test_SetupCredentials(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, a.in.credentials = &credentials3; a.out.credentials = &credentials3; - creds_client_init(creds, &credentials1, &credentials2, mach_pwd, &credentials3); + creds_client_init(creds, &credentials1, &credentials2, mach_pwd, &credentials3, + NETLOGON_NEG_AUTH2_FLAGS); printf("Testing ServerAuthenticate\n"); @@ -335,7 +336,8 @@ static BOOL test_SetupCredentials2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, a.in.credentials = &credentials3; a.out.credentials = &credentials3; - creds_client_init(creds, &credentials1, &credentials2, mach_pwd, &credentials3); + creds_client_init(creds, &credentials1, &credentials2, mach_pwd, &credentials3, + negotiate_flags); printf("Testing ServerAuthenticate2\n"); @@ -374,6 +376,7 @@ static BOOL test_SetupCredentials3(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, r.in.computer_name = TEST_MACHINE_NAME; r.in.credentials = &credentials1; r.out.credentials = &credentials2; + generate_random_buffer(credentials1.data, sizeof(credentials1.data), False); status = dcerpc_netr_ServerReqChallenge(p, mem_ctx, &r); @@ -400,7 +403,8 @@ static BOOL test_SetupCredentials3(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, a.out.negotiate_flags = &negotiate_flags; a.out.rid = &rid; - creds_client_init(creds, &credentials1, &credentials2, mach_pwd, &credentials3); + creds_client_init(creds, &credentials1, &credentials2, mach_pwd, &credentials3, + negotiate_flags); printf("Testing ServerAuthenticate3\n"); diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index 3a243abfce..dab1b3bed5 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -364,7 +364,7 @@ static BOOL test_SetUserPass(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, return False; } - SamOEMhashBlob(u.info24.password.data, 516, &session_key); + arcfour_crypt_blob(u.info24.password.data, 516, &session_key); printf("Testing SetUserInfo level 24 (set password)\n"); @@ -408,7 +408,7 @@ static BOOL test_SetUserPass_23(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, return False; } - SamOEMhashBlob(u.info23.password.data, 516, &session_key); + arcfour_crypt_blob(u.info23.password.data, 516, &session_key); printf("Testing SetUserInfo level 23 (set password)\n"); @@ -459,7 +459,7 @@ static BOOL test_SetUserPassEx(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, MD5Update(&ctx, session_key.data, session_key.length); MD5Final(confounded_session_key.data, &ctx); - SamOEMhashBlob(u.info26.password.data, 516, &confounded_session_key); + arcfour_crypt_blob(u.info26.password.data, 516, &confounded_session_key); memcpy(&u.info26.password.data[516], confounder, 16); printf("Testing SetUserInfo level 26 (set password ex)\n"); @@ -513,7 +513,7 @@ static BOOL test_SetUserPass_25(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, MD5Update(&ctx, session_key.data, session_key.length); MD5Final(confounded_session_key.data, &ctx); - SamOEMhashBlob(u.info25.password.data, 516, &confounded_session_key); + arcfour_crypt_blob(u.info25.password.data, 516, &confounded_session_key); memcpy(&u.info25.password.data[516], confounder, 16); printf("Testing SetUserInfo level 25 (set password ex)\n"); @@ -810,7 +810,7 @@ static BOOL test_OemChangePasswordUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_c E_deshash(newpass, new_lm_hash); encode_pw_buffer(lm_pass.data, newpass, STR_ASCII); - SamOEMhash(lm_pass.data, old_lm_hash, 516); + arcfour_crypt(lm_pass.data, old_lm_hash, 516); E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash); r.in.server = &server; @@ -856,11 +856,11 @@ static BOOL test_ChangePasswordUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, E_deshash(newpass, new_lm_hash); encode_pw_buffer(lm_pass.data, newpass, STR_ASCII|STR_TERMINATE); - SamOEMhash(lm_pass.data, old_lm_hash, 516); + arcfour_crypt(lm_pass.data, old_lm_hash, 516); E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash); encode_pw_buffer(nt_pass.data, newpass, STR_UNICODE); - SamOEMhash(nt_pass.data, old_nt_hash, 516); + arcfour_crypt(nt_pass.data, old_nt_hash, 516); E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash); r.in.server = &server; @@ -909,11 +909,11 @@ static BOOL test_ChangePasswordUser3(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, E_deshash(newpass, new_lm_hash); encode_pw_buffer(lm_pass.data, newpass, STR_UNICODE); - SamOEMhash(lm_pass.data, old_nt_hash, 516); + arcfour_crypt(lm_pass.data, old_nt_hash, 516); E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash); encode_pw_buffer(nt_pass.data, newpass, STR_UNICODE); - SamOEMhash(nt_pass.data, old_nt_hash, 516); + arcfour_crypt(nt_pass.data, old_nt_hash, 516); E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash); r.in.server = &server; |