r4510: Some more tests for RPC-NETLOGON, checking the idea that we could

combine the NTLM and LMv2 responses, for maximum compatability from a client perspective, allowing access to servers that require NTLMv2, as well as those that don't support it. Currently, this is unfortunetly not possible against Win2k3 (and Samba is being coded to match that behaviour at this point). Andrew Bartlett (This used to be commit 93b46ebe0f3cccd26b5ddd213553667e612c3701)
author: Andrew Bartlett <abartlet@samba.org> 2005-01-04 03:06:23 +0000
committer: Gerald (Jerry) Carter <jerry@samba.org> 2007-10-10 13:08:17 -0500
commit: 967b77a827826b8ac546c302e139ea5395c21eb2 (patch)
tree: 9ea7510e439ef6a5665dcc9e472d8cd2adfe0ce7 /source4
parent: ed1634c68462328d2c6dccb24798d672733f29f9 (diff)
download: samba-967b77a827826b8ac546c302e139ea5395c21eb2.tar.gz
samba-967b77a827826b8ac546c302e139ea5395c21eb2.tar.bz2
samba-967b77a827826b8ac546c302e139ea5395c21eb2.zip
1 files changed, 147 insertions, 0 deletions
diff --git a/source4/torture/rpc/samlogon.c b/source4/torture/rpc/samlogon.c
index 29a87f9804..0c5afd44fe 100644
--- a/source4/torture/rpc/samlogon.c
+++ b/source4/torture/rpc/samlogon.c
@@ -626,6 +626,135 @@ static BOOL test_lmv2_ntlmv2_broken(struct samlogon_state *samlogon_state, enum
 }
 
 /* 
+ * Test the NTLM and LMv2 responses
+ */
+
+static BOOL test_lmv2_ntlm_broken(struct samlogon_state *samlogon_state, enum ntlm_break break_which, char **error_string) 
+{
+	BOOL pass = True;
+	NTSTATUS nt_status;
+	DATA_BLOB ntlmv2_response = data_blob(NULL, 0);
+	DATA_BLOB lmv2_response = data_blob(NULL, 0);
+	DATA_BLOB lmv2_session_key = data_blob(NULL, 0);
+	DATA_BLOB ntlmv2_session_key = data_blob(NULL, 0);
+	DATA_BLOB names_blob = NTLMv2_generate_names_blob(samlogon_state->mem_ctx, lp_netbios_name(), lp_workgroup());
+
+	DATA_BLOB ntlm_response = data_blob_talloc(samlogon_state->mem_ctx, NULL, 24);
+	DATA_BLOB ntlm_session_key = data_blob_talloc(samlogon_state->mem_ctx, NULL, 16);
+
+	uint8_t lm_hash[16];
+	uint8_t lm_session_key[8];
+	uint8_t user_session_key[16];
+	uint8_t nt_hash[16];
+
+	SMBNTencrypt(samlogon_state->password, samlogon_state->chall.data, 
+		     ntlm_response.data);
+	E_md4hash(samlogon_state->password, nt_hash);
+	SMBsesskeygen_ntv1(nt_hash, 
+			   ntlm_session_key.data);
+	E_deshash(samlogon_state->password, lm_hash); 
+
+	ZERO_STRUCT(lm_session_key);
+	ZERO_STRUCT(user_session_key);
+	
+	/* TODO - test with various domain cases, and without domain */
+	if (!SMBNTLMv2encrypt(samlogon_state->account_name, samlogon_state->account_domain, 
+			      samlogon_state->password, &samlogon_state->chall,
+			      &names_blob,
+			      &lmv2_response, &ntlmv2_response, 
+			      &lmv2_session_key, &ntlmv2_session_key)) {
+		data_blob_free(&names_blob);
+		return False;
+	}
+	data_blob_free(&names_blob);
+
+	nt_status = check_samlogon(samlogon_state,
+				   break_which,
+				   &samlogon_state->chall,
+				   &lmv2_response,
+				   &ntlm_response,
+				   lm_session_key, 
+				   user_session_key,
+				   error_string);
+	
+	data_blob_free(&lmv2_response);
+	data_blob_free(&ntlmv2_response);
+
+
+	if (NT_STATUS_EQUAL(NT_STATUS_WRONG_PASSWORD, nt_status)) {
+		return ((break_which == BREAK_NT) || (break_which == BREAK_BOTH));
+	}
+
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		return False;
+	}
+
+	switch (break_which) {
+	case NO_NT:
+		if (memcmp(lmv2_session_key.data, user_session_key, 
+			   sizeof(user_session_key)) != 0) {
+			printf("USER (LMv2) Session Key does not match expectations!\n");
+			printf("user_session_key:\n");
+			dump_data(1, user_session_key, 16);
+			printf("expected:\n");
+			dump_data(1, lmv2_session_key.data, ntlmv2_session_key.length);
+			pass = False;
+		}
+		if (memcmp(lmv2_session_key.data, lm_session_key, 
+			   sizeof(lm_session_key)) != 0) {
+			printf("LM (LMv2) Session Key does not match expectations!\n");
+			printf("lm_session_key:\n");
+			dump_data(1, lm_session_key, 8);
+			printf("expected:\n");
+			dump_data(1, lmv2_session_key.data, 8);
+			pass = False;
+		}
+		break;
+	case BREAK_LM:
+		if (memcmp(ntlm_session_key.data, user_session_key, 
+			   sizeof(user_session_key)) != 0) {
+			printf("USER (NTLMv2) Session Key does not match expectations!\n");
+			printf("user_session_key:\n");
+			dump_data(1, user_session_key, 16);
+			printf("expected:\n");
+			dump_data(1, ntlm_session_key.data, ntlm_session_key.length);
+			pass = False;
+		}
+		if (memcmp(lm_hash, lm_session_key, 
+			   sizeof(lm_session_key)) != 0) {
+			printf("LM Session Key does not match expectations!\n");
+			printf("lm_session_key:\n");
+			dump_data(1, lm_session_key, 8);
+			printf("expected:\n");
+			dump_data(1, lm_hash, 8);
+			pass = False;
+		}
+		break;
+	default:
+		if (memcmp(ntlm_session_key.data, user_session_key, 
+			   sizeof(user_session_key)) != 0) {
+			printf("USER (NTLMv2) Session Key does not match expectations!\n");
+			printf("user_session_key:\n");
+			dump_data(1, user_session_key, 16);
+			printf("expected:\n");
+			dump_data(1, ntlm_session_key.data, ntlm_session_key.length);
+			pass = False;
+		}
+		if (memcmp(ntlm_session_key.data, lm_session_key, 
+			   sizeof(lm_session_key)) != 0) {
+			printf("LM (NTLMv2) Session Key does not match expectations!\n");
+			printf("lm_session_key:\n");
+			dump_data(1, lm_session_key, 8);
+			printf("expected:\n");
+			dump_data(1, ntlm_session_key.data, 8);
+			pass = False;
+		}
+	}
+
+        return pass;
+}
+
+/* 
  * Test the NTLMv2 and LMv2 responses
  */
 
@@ -686,6 +815,21 @@ static BOOL test_ntlmv2_both_broken(struct samlogon_state *samlogon_state, char
 	return test_lmv2_ntlmv2_broken(samlogon_state, BREAK_BOTH, error_string);
 }
 
+static BOOL test_lmv2_ntlm_both_broken(struct samlogon_state *samlogon_state, char **error_string) 
+{
+	return test_lmv2_ntlm_broken(samlogon_state, BREAK_BOTH, error_string);
+}
+
+static BOOL test_lmv2_ntlm_break_ntlm(struct samlogon_state *samlogon_state, char **error_string) 
+{
+	return test_lmv2_ntlm_broken(samlogon_state, BREAK_NT, error_string);
+}
+
+static BOOL test_lmv2_ntlm_break_lm(struct samlogon_state *samlogon_state, char **error_string) 
+{
+	return test_lmv2_ntlm_broken(samlogon_state, BREAK_LM, error_string);
+}
+
 /* 
  * Test the NTLM2 response (extra challenge in LM feild)
  *
@@ -885,6 +1029,9 @@ static const struct ntlm_tests {
 	{test_ntlm_lm_broken, "NTLM and LM, LM broken", False},
 	{test_ntlm_ntlm_broken, "NTLM and LM, NTLM broken", False},
 	{test_ntlm2, "NTLM2 (NTLMv2 session security)", False},
+	{test_lmv2_ntlm_both_broken, "LMv2 and NTLM, both broken", False},
+	{test_lmv2_ntlm_break_ntlm, "LMv2 and NTLM, NTLM broken", False},
+	{test_lmv2_ntlm_break_lm, "LMv2 and NTLM, LMv2 broken", False},
 	{test_plaintext_none_broken, "Plaintext", True},
 	{test_plaintext_lm_broken, "Plaintext LM broken", True},
 	{test_plaintext_nt_broken, "Plaintext NT broken", True},
author	Andrew Bartlett <abartlet@samba.org>	2005-01-04 03:06:23 +0000
committer	Gerald (Jerry) Carter <jerry@samba.org>	2007-10-10 13:08:17 -0500
commit	967b77a827826b8ac546c302e139ea5395c21eb2 (patch)
tree	9ea7510e439ef6a5665dcc9e472d8cd2adfe0ce7 /source4
parent	ed1634c68462328d2c6dccb24798d672733f29f9 (diff)
download	samba-967b77a827826b8ac546c302e139ea5395c21eb2.tar.gz samba-967b77a827826b8ac546c302e139ea5395c21eb2.tar.bz2 samba-967b77a827826b8ac546c302e139ea5395c21eb2.zip