summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/librpc/idl/netlogon.idl52
-rw-r--r--source4/torture/rpc/netlogon.c148
2 files changed, 173 insertions, 27 deletions
diff --git a/source4/librpc/idl/netlogon.idl b/source4/librpc/idl/netlogon.idl
index 6281821d88..548209e0f4 100644
--- a/source4/librpc/idl/netlogon.idl
+++ b/source4/librpc/idl/netlogon.idl
@@ -266,7 +266,7 @@ interface netlogon
NTSTATUS netr_ServerAuthenticate(
[in] unistr *server_name,
[in] unistr username,
- [in] uint16 secure_challenge_type,
+ [in] uint16 secure_channel_type,
[in] unistr computer_name,
[in,out] netr_Credential credentials
);
@@ -278,7 +278,7 @@ interface netlogon
NTSTATUS netr_ServerPasswordSet(
[in] unistr *server_name,
[in] unistr username,
- [in] uint16 secure_challenge_type,
+ [in] uint16 secure_channel_type,
[in] unistr computer_name,
[in] netr_Authenticator credential,
[in] netr_Password new_password,
@@ -695,6 +695,12 @@ interface netlogon
[case(3)] netr_NETLOGON_INFO_3 *info3;
} netr_CONTROL_QUERY_INFORMATION;
+ /* function_code values */
+ const int NETLOGON_CONTROL_REDISCOVER = 5;
+ const int NETLOGON_CONTROL_TC_QUERY = 6;
+ const int NETLOGON_CONTROL_TRANSPORT_NOTIFY = 7;
+ const int NETLOGON_CONTROL_SET_DBFLAG = 65534;
+
WERROR netr_LogonControl(
[in] unistr *logon_server,
[in] uint32 function_code,
@@ -712,25 +718,23 @@ interface netlogon
[out] unistr *dcname
);
-#if 0
-
- typedef [switch_type(long)] union {
- [case(5)] unistr *unknown;
- [case(6)] unistr *unknown;
- [case(0xfffe)] uint32 unknown;
- [case(7)] unistry*unknown;
- } CONTROL_DATA_INFORMATION;
-
/*****************/
/* Function 0x0E */
- NTSTATUS netr_LogonControl2(
- [in][string] wchar_t *logon_server,
- [in] uint32 function_code,
- [in] uint32 level,
- [in][ref] CONTROL_DATA_INFORMATION *data,
- [out][ref] CONTROL_QUERY_INFORMATION *query
+ typedef union {
+ [case(NETLOGON_CONTROL_REDISCOVER)] unistr *domain;
+ [case(NETLOGON_CONTROL_TC_QUERY)] unistr *domain;
+ [case(NETLOGON_CONTROL_TRANSPORT_NOTIFY)] unistr *domain;
+ [case(NETLOGON_CONTROL_SET_DBFLAG)] uint32 debug_level;
+ } netr_CONTROL_DATA_INFORMATION;
+
+ WERROR netr_LogonControl2(
+ [in] unistr *logon_server,
+ [in] uint32 function_code,
+ [in] uint32 level,
+ [in][switch_is(function_code)] netr_CONTROL_DATA_INFORMATION data,
+ [out][switch_is(level)] netr_CONTROL_QUERY_INFORMATION query
);
@@ -738,15 +742,15 @@ interface netlogon
/* Function 0x0F */
NTSTATUS netr_ServerAuthenticate2(
- [in][string] wchar_t *logon_server,
- [in] unistr username,
- [in] uint16 secure_channel_type,
- [in] unistr computername,
- [in][ref] CREDENTIAL *client_chal,
- [out][ref] CREDENTIAL *server_chal,
- [in][out][ref] uint32 *negotiate_flags,
+ [in] unistr *server_name,
+ [in] unistr username,
+ [in] uint16 secure_channel_type,
+ [in] unistr computer_name,
+ [in,out] netr_Credential credentials,
+ [in,out,ref] uint32 *negotiate_flags
);
+#if 0
/*****************/
/* Function 0x10 */
diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c
index 008d03109e..b5a981c531 100644
--- a/source4/torture/rpc/netlogon.c
+++ b/source4/torture/rpc/netlogon.c
@@ -99,7 +99,7 @@ static BOOL test_SetupCredentials(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
a.in.server_name = NULL;
a.in.username = talloc_asprintf(mem_ctx, "%s$", lp_netbios_name());
- a.in.secure_challenge_type = SEC_CHAN_BDC;
+ a.in.secure_channel_type = SEC_CHAN_BDC;
a.in.computer_name = lp_netbios_name();
printf("Testing ServerAuthenticate\n");
@@ -118,6 +118,64 @@ static BOOL test_SetupCredentials(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
return True;
}
+static BOOL test_SetupCredentials2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+ struct netr_CredentialState *creds)
+{
+ NTSTATUS status;
+ struct netr_ServerReqChallenge r;
+ struct netr_ServerAuthenticate2 a;
+ const char *plain_pass;
+ uint8 mach_pwd[16];
+ uint32 negotiate_flags = 0;
+
+ printf("Testing ServerReqChallenge\n");
+
+ r.in.server_name = NULL;
+ r.in.computer_name = lp_netbios_name();
+ generate_random_buffer(r.in.credentials.data, sizeof(r.in.credentials.data), False);
+
+ status = dcerpc_netr_ServerReqChallenge(p, mem_ctx, &r);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("ServerReqChallenge - %s\n", nt_errstr(status));
+ return False;
+ }
+
+ plain_pass = secrets_fetch_machine_password();
+ if (!plain_pass) {
+ printf("Unable to fetch machine password!\n");
+ return False;
+ }
+
+ E_md4hash(plain_pass, mach_pwd);
+
+ creds_client_init(creds, &r.in.credentials, &r.out.credentials, mach_pwd,
+ &a.in.credentials);
+
+ a.in.server_name = NULL;
+ a.in.username = talloc_asprintf(mem_ctx, "%s$", lp_netbios_name());
+ a.in.secure_channel_type = SEC_CHAN_BDC;
+ a.in.computer_name = lp_netbios_name();
+ a.in.negotiate_flags = &negotiate_flags;
+ a.out.negotiate_flags = &negotiate_flags;
+
+ printf("Testing ServerAuthenticate2\n");
+
+ status = dcerpc_netr_ServerAuthenticate2(p, mem_ctx, &a);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("ServerAuthenticate2 - %s\n", nt_errstr(status));
+ return False;
+ }
+
+ if (!creds_client_check(creds, &a.out.credentials)) {
+ printf("Credential chaining failed\n");
+ return False;
+ }
+
+ printf("negotiate_flags=0x%08x\n", negotiate_flags);
+
+ return True;
+}
+
/*
try a netlogon SamLogon
*/
@@ -131,7 +189,7 @@ static BOOL test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
const char *password = lp_parm_string(-1, "torture", "password");
struct netr_CredentialState creds;
- if (!test_SetupCredentials(p, mem_ctx, &creds)) {
+ if (!test_SetupCredentials2(p, mem_ctx, &creds)) {
return False;
}
@@ -194,7 +252,7 @@ static BOOL test_SetPassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
r.in.username = talloc_asprintf(mem_ctx, "%s$", lp_netbios_name());
- r.in.secure_challenge_type = SEC_CHAN_BDC;
+ r.in.secure_channel_type = SEC_CHAN_BDC;
r.in.computer_name = lp_netbios_name();
password = generate_random_str(8);
@@ -508,6 +566,86 @@ static BOOL test_GetAnyDCName(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
}
+/*
+ try a netlogon LogonControl2
+*/
+static BOOL test_LogonControl2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
+{
+ NTSTATUS status;
+ struct netr_LogonControl2 r;
+ BOOL ret = True;
+ int i;
+
+ r.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
+
+ r.in.function_code = NETLOGON_CONTROL_REDISCOVER;
+ r.in.data.domain = lp_workgroup();
+
+ for (i=1;i<4;i++) {
+ r.in.level = i;
+
+ printf("Testing LogonControl2 level %d function %d\n",
+ i, r.in.function_code);
+
+ status = dcerpc_netr_LogonControl2(p, mem_ctx, &r);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("LogonControl - %s\n", nt_errstr(status));
+ ret = False;
+ }
+ }
+
+ r.in.function_code = NETLOGON_CONTROL_TC_QUERY;
+ r.in.data.domain = lp_workgroup();
+
+ for (i=1;i<4;i++) {
+ r.in.level = i;
+
+ printf("Testing LogonControl2 level %d function %d\n",
+ i, r.in.function_code);
+
+ status = dcerpc_netr_LogonControl2(p, mem_ctx, &r);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("LogonControl - %s\n", nt_errstr(status));
+ ret = False;
+ }
+ }
+
+ r.in.function_code = NETLOGON_CONTROL_TRANSPORT_NOTIFY;
+ r.in.data.domain = lp_workgroup();
+
+ for (i=1;i<4;i++) {
+ r.in.level = i;
+
+ printf("Testing LogonControl2 level %d function %d\n",
+ i, r.in.function_code);
+
+ status = dcerpc_netr_LogonControl2(p, mem_ctx, &r);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("LogonControl - %s\n", nt_errstr(status));
+ ret = False;
+ }
+ }
+
+ r.in.function_code = NETLOGON_CONTROL_SET_DBFLAG;
+ r.in.data.debug_level = ~0;
+
+ for (i=1;i<4;i++) {
+ r.in.level = i;
+
+ printf("Testing LogonControl2 level %d function %d\n",
+ i, r.in.function_code);
+
+ status = dcerpc_netr_LogonControl2(p, mem_ctx, &r);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("LogonControl - %s\n", nt_errstr(status));
+ ret = False;
+ }
+ }
+
+ return ret;
+}
+
+
BOOL torture_rpc_netlogon(int dummy)
{
NTSTATUS status;
@@ -571,6 +709,10 @@ BOOL torture_rpc_netlogon(int dummy)
ret = False;
}
+ if (!test_LogonControl2(p, mem_ctx)) {
+ ret = False;
+ }
+
torture_rpc_close(p);
return ret;