r4499: Almost make our Samba4 server pass the RPC-SAMLOGON torture test.

I just need to fix a couple of NTLMv2 issues before we can fully pass,
and put this in test_rpc.sh, as a 'should pass' test.

Andrew Bartlett
(This used to be commit 4b52409e385366d87724bb79f4fad4803e8ecfec)

2 files changed, 24 insertions, 3 deletions

diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c
index a23cdb8b0c..35f64933a9 100644
--- a/source4/torture/rpc/netlogon.c
+++ b/source4/torture/rpc/netlogon.c
@@ -378,6 +378,22 @@ static BOOL test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
 		}
 	}
 
+	r.in.credential = NULL;
+
+	for (i=2;i<=3;i++) {
+
+		r.in.validation_level = i;
+
+		printf("Testing SamLogon with validation level %d\n", i);
+
+		status = dcerpc_netr_LogonSamLogon(p, mem_ctx, &r);
+		if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
+			printf("LogonSamLogon expected INVALID_PARAMETER, got: %s\n", nt_errstr(status));
+			ret = False;
+		}
+
+	}
+
 	return ret;
 }
 
diff --git a/source4/torture/rpc/samlogon.c b/source4/torture/rpc/samlogon.c
index 821a823595..29a87f9804 100644
--- a/source4/torture/rpc/samlogon.c
+++ b/source4/torture/rpc/samlogon.c
@@ -220,7 +220,11 @@ static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state,
 		/* we cannot check the session key, if the logon failed... */
 		return status;
 	}
-		
+
+	if (!base) {
+		printf("No user info returned from 'successful' SamLogon*() call!\n");
+		return NT_STATUS_INVALID_PARAMETER;
+	}
 
 	/* find and decyrpt the session keys, return in parameters above */
 	if (validation_level == 6) {
@@ -1043,11 +1047,12 @@ BOOL torture_rpc_samlogon(void)
 	int i;
 	
 	unsigned int credential_flags[] = {
-		0, 
 		NETLOGON_NEG_AUTH2_FLAGS,
 		NETLOGON_NEG_ARCFOUR,
 		NETLOGON_NEG_ARCFOUR | NETLOGON_NEG_128BIT,
-		NETLOGON_NEG_AUTH2_ADS_FLAGS};
+		NETLOGON_NEG_AUTH2_ADS_FLAGS, 
+		0 /* yes, this is a valid flag, causes the use of DES */ 
+	};
 
 	struct creds_CredentialState *creds;