diff options
-rw-r--r-- | source4/build/pidl/parser.pm | 2 | ||||
-rw-r--r-- | source4/libcli/auth/credentials.c | 3 | ||||
-rw-r--r-- | source4/librpc/idl/netlogon.idl | 201 | ||||
-rw-r--r-- | source4/librpc/idl/samr.idl | 3 | ||||
-rw-r--r-- | source4/torture/rpc/netlogon.c | 66 |
5 files changed, 162 insertions, 113 deletions
diff --git a/source4/build/pidl/parser.pm b/source4/build/pidl/parser.pm index 579c577d3c..095c083514 100644 --- a/source4/build/pidl/parser.pm +++ b/source4/build/pidl/parser.pm @@ -444,7 +444,7 @@ sub ParseElementPullSwitch($$$$) pidl "\t\tif (_level != $switch_var) {\n"; } pidl "\t\t\treturn ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, \"Bad switch value %u in $e->{NAME}\");\t\t}\n"; - if ($switch =~ /r->/) { + if ($switch_var =~ /r->/) { pidl "else { $switch_var = _level; }\n"; } pidl "\t}\n"; diff --git a/source4/libcli/auth/credentials.c b/source4/libcli/auth/credentials.c index 6df163bdfc..72572d8f91 100644 --- a/source4/libcli/auth/credentials.c +++ b/source4/libcli/auth/credentials.c @@ -143,8 +143,6 @@ BOOL clnt_deal_with_creds(uchar sess_key[8], time_t new_clnt_time; uint32 new_cred; - DEBUG(5,("clnt_deal_with_creds: %d\n", __LINE__)); - /* increment client time by one second !?! */ new_clnt_time = sto_clnt_cred->timestamp + 1; @@ -161,7 +159,6 @@ BOOL clnt_deal_with_creds(uchar sess_key[8], /* store new seed in client credentials */ SIVAL(sto_clnt_cred->cred.data, 0, new_cred); - DEBUG(5,(" new clnt cred: %s\n", credstr(sto_clnt_cred->cred.data))); return True; } diff --git a/source4/librpc/idl/netlogon.idl b/source4/librpc/idl/netlogon.idl index 7bdb4ae6ed..f6749b4e57 100644 --- a/source4/librpc/idl/netlogon.idl +++ b/source4/librpc/idl/netlogon.idl @@ -19,7 +19,7 @@ interface netlogon /* Function 0x00 */ typedef struct { - unistr *effective_name; + unistr *account_name; uint32 priv; uint32 auth_flags; uint32 logon_count; @@ -65,54 +65,51 @@ interface netlogon /* Function 0x02 */ typedef struct { - uint16 size; - uint16 length; - unistr *string; + [value(strlen_m(r->string)*2)] uint16 size; + [value(r->size)] uint16 length; + unistr_noterm *string; } netr_String; typedef struct { - netr_String LogonDomainName; - uint32 ParameterControl; - HYPER_T LogonID; + netr_String domain_name; + uint32 parameter_control; + uint32 logon_id_low; + uint32 logon_id_high; netr_String username; netr_String workstation; - } LOGON_IDENTITY_INFO; - - typedef struct { - uint8 password[16]; - } LM_OWF_PASSWORD; + } netr_IdentityInfo; - typedef struct { + typedef [flag(NDR_PAHEX)] struct { uint8 password[16]; - } NT_OWF_PASSWORD; + } netr_Password; typedef struct { - LOGON_IDENTITY_INFO identity_info; - LM_OWF_PASSWORD lmpassword; - NT_OWF_PASSWORD ntpassword; - } INTERACTIVE_INFO; + netr_IdentityInfo identity_info; + netr_Password lmpassword; + netr_Password ntpassword; + } netr_PasswordInfo; typedef [flag(NDR_PAHEX)] struct { uint8 data[8]; } netr_Credential; - typedef struct { - LOGON_IDENTITY_INFO logon_info; - netr_Credential challenge; - unistr ntchallengeresponse; - unistr lmchallengeresponse; - } NETWORK_INFO; + typedef [flag(NDR_PAHEX)] struct { + uint16 length; + [value(r->length)] uint16 size; + [size_is(size),length_is(length)] uint8 *data; + } netr_ChallengeResponse; typedef struct { - LOGON_IDENTITY_INFO logon_info; - LM_OWF_PASSWORD lmpassword; - NT_OWF_PASSWORD ntpassword; - } SERVICE_INFO; + netr_IdentityInfo logon_info; + netr_Credential challenge; + netr_ChallengeResponse nt; + netr_ChallengeResponse lm; + } netr_NetworkInfo; typedef union { - [case(1)] INTERACTIVE_INFO *iinfo; - [case(2)] NETWORK_INFO *ninfo; - [case(3)] SERVICE_INFO *sinfo; + [case(1)] netr_PasswordInfo *interactive; + [case(2)] netr_NetworkInfo *network; + [case(3)] netr_PasswordInfo *service; } netr_LogonLevel; typedef struct { @@ -123,93 +120,97 @@ interface netlogon typedef struct { uint32 user_id; uint32 attributes; - } GROUP_MEMBERSHIP; + } netr_GroupMembership; - typedef struct { + typedef [flag(NDR_PAHEX)] struct { uint8 user_session_key[16]; - } USER_SESSION_KEY; - - typedef struct { - NTTIME LogonTime; - NTTIME LogoffTime; - NTTIME KickOffTime; - NTTIME PasswdLastSet; - NTTIME PasswdCanChange; - NTTIME PasswdMustChange; - netr_String effectivename; - netr_String fullname; - netr_String logonscript; - netr_String profilepath; - netr_String homedirectory; - netr_String homedirectorydrive; - uint16 LogonCount; - uint16 BadPasswdCount; + } netr_UserSessionKey; + + typedef struct { + NTTIME logon_time; + NTTIME logoff_time; + NTTIME kickoff_time; + NTTIME passwd_last_set; + NTTIME passwd_can_change; + NTTIME passwd_must_change; + netr_String account_name; + netr_String full_name; + netr_String logon_script; + netr_String profile_path; + netr_String home_dir; + netr_String home_drive; + uint16 logon_count; + uint16 bad_passwd_count; uint32 userid; - uint32 primarygroup; - uint32 groupcount; - [size_is(groupcount)] GROUP_MEMBERSHIP *groupids; - uint32 userflags; - USER_SESSION_KEY key; - netr_String logonserver; - netr_String domainname; - dom_sid2 logondomainid; + uint32 primary_group; + uint32 group_count; + [size_is(group_count)] netr_GroupMembership *groupids; + uint32 user_flags; + netr_UserSessionKey key; + netr_String logon_server; + netr_String domain; + dom_sid2 *domain_sid; uint32 expansionroom[10]; - } VALIDATION_SAM_INFO; - - typedef struct { - NTTIME LogonTime; - NTTIME LogoffTime; - NTTIME KickOffTime; - NTTIME PasswdLastSet; - NTTIME PasswdCanChange; - NTTIME PasswdMustChange; - netr_String effectivename; - netr_String fullname; - netr_String logonscript; - netr_String profilepath; - netr_String homedirectory; - netr_String homedirectorydrive; - uint16 LogonCount; - uint16 BadPasswdCount; + } netr_SamInfo; + + typedef struct { + dom_sid2 *sid; + uint32 attribute; + } netr_SidAttr; + + typedef struct { + NTTIME logon_time; + NTTIME logoff_time; + NTTIME kickoff_time; + NTTIME passwd_last_set; + NTTIME passwd_can_change; + NTTIME passwd_must_change; + netr_String account_name; + netr_String full_name; + netr_String logon_script; + netr_String profile_path; + netr_String home_dir; + netr_String home_drive; + uint16 logon_count; + uint16 bad_passwd_count; uint32 userid; - uint32 primarygroup; - uint32 groupcount; - GROUP_MEMBERSHIP *groupids; - uint32 userflags; - USER_SESSION_KEY key; - netr_String logonserver; - netr_String domainname; - dom_sid2 logondomainid; + uint32 primary_group; + uint32 group_count; + [size_is(group_count)] netr_GroupMembership *groupids; + uint32 user_flags; + netr_UserSessionKey key; + netr_String logon_server; + netr_String domain; + dom_sid2 *domain_sid; uint32 expansionroom[10]; uint32 sidcount; - dom_sid2 sid; - uint32 sid_attribs; - } VALIDATION_SAM_INFO2; + [size_is(sidcount)] netr_SidAttr *sids; + } netr_SamInfo2; typedef struct { uint32 pac_size; [size_is(pac_size)] uint8 *pac; - netr_String logondomain; - netr_String logonserver; - netr_String principalname; + netr_String logon_domain; + netr_String logon_server; + netr_String principal_name; uint32 auth_size; [size_is(auth_size)] uint8 *auth; - USER_SESSION_KEY user_session_key; + netr_UserSessionKey user_session_key; uint32 expansionroom[10]; - netr_String dummy1; - netr_String dummy2; - netr_String dummy3; - netr_String dummy4; - } VALIDATION_PAC_INFO; + netr_String unknown1; + netr_String unknown2; + netr_String unknown3; + netr_String unknown4; + } netr_PacInfo; typedef union { - [case(2)] VALIDATION_SAM_INFO *sam; - [case(3)] VALIDATION_SAM_INFO2 *sam2; - [case(4)] VALIDATION_PAC_INFO *pac; - [case(5)] VALIDATION_PAC_INFO *pac2; + [case(2)] netr_SamInfo *sam; + [case(3)] netr_SamInfo2 *sam2; + [case(4)] netr_PacInfo *pac; + [case(5)] netr_PacInfo *pac2; } netr_Validation; - WERROR netr_LogonSamLogon( + NTSTATUS netr_LogonSamLogon( [in] unistr *server_name, [in] unistr *workstation, [in] netr_Authenticator *credential, diff --git a/source4/librpc/idl/samr.idl b/source4/librpc/idl/samr.idl index d7ae25a88a..cd44c9174a 100644 --- a/source4/librpc/idl/samr.idl +++ b/source4/librpc/idl/samr.idl @@ -14,12 +14,11 @@ ] interface samr { /* a 4 byte aligned 64-bit integer */ - typedef struct { + typedef [public] struct { uint32 low; uint32 high; } ULONG8; - /******************/ /* Function: 0x00 */ NTSTATUS samr_Connect ( diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c index 68937a4947..4ed62bc543 100644 --- a/source4/torture/rpc/netlogon.c +++ b/source4/torture/rpc/netlogon.c @@ -32,7 +32,7 @@ static BOOL test_LogonUasLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) r.in.username = lp_parm_string(-1, "torture", "username"); r.in.workstation = lp_netbios_name(); - printf("Testing LogonUasLogon"); + printf("Testing LogonUasLogon\n"); status = dcerpc_netr_LogonUasLogon(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { @@ -53,7 +53,7 @@ static BOOL test_LogonUasLogoff(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) r.in.username = lp_parm_string(-1, "torture", "username"); r.in.workstation = lp_netbios_name(); - printf("Testing LogonUasLogoff"); + printf("Testing LogonUasLogoff\n"); status = dcerpc_netr_LogonUasLogoff(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { @@ -65,17 +65,22 @@ static BOOL test_LogonUasLogoff(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) } -static BOOL test_Authenticate(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) +static BOOL test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) { NTSTATUS status; struct netr_ServerReqChallenge r; struct netr_ServerAuthenticate a; - struct netr_Credential client_chal, server_chal, cred2; + struct netr_LogonSamLogon l; + struct netr_Credential client_chal, server_chal, cred2, cred3; uint8 session_key[8]; const char *plain_pass; uint8 mach_pwd[16]; + struct netr_Authenticator auth, auth2; + struct netr_NetworkInfo ninfo; + const char *username = lp_parm_string(-1, "torture", "username"); + const char *password = lp_parm_string(-1, "torture", "password"); - printf("Testing ServerReqChallenge"); + printf("Testing ServerReqChallenge\n"); ZERO_STRUCT(client_chal); @@ -108,7 +113,9 @@ static BOOL test_Authenticate(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) a.in.secure_challenge_type = 2; a.in.computer_name = lp_netbios_name(); a.in.client_challenge = &cred2; - a.out.client_challenge = &cred2; + a.out.client_challenge = &cred3; + + printf("Testing ServerAuthenticate\n"); status = dcerpc_netr_ServerAuthenticate(p, mem_ctx, &a); if (!NT_STATUS_IS_OK(status)) { @@ -116,6 +123,51 @@ static BOOL test_Authenticate(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) return False; } + + if (!cred_assert(&cred3, session_key, &server_chal, 0)) { + printf("cred_assert failed!\n"); + } + + auth.timestamp = 0; + auth.cred = cred3; + auth2.timestamp = 0; + auth2.cred = server_chal; + + cred_create(session_key, &cred2, 0, &auth.cred); + + ninfo.logon_info.domain_name.string = lp_workgroup(); + ninfo.logon_info.parameter_control = 0; + ninfo.logon_info.logon_id_low = 0; + ninfo.logon_info.logon_id_high = 0; + ninfo.logon_info.username.string = username; + ninfo.logon_info.workstation.string = lp_netbios_name(); + generate_random_buffer(ninfo.challenge.data, + sizeof(ninfo.challenge.data), False); + ninfo.nt.length = 24; + ninfo.nt.data = talloc(mem_ctx, 24); + SMBNTencrypt(password, ninfo.challenge.data, ninfo.nt.data); + ninfo.lm.length = 24; + ninfo.lm.data = talloc(mem_ctx, 24); + SMBencrypt(password, ninfo.challenge.data, ninfo.lm.data); + + ZERO_STRUCT(auth2); + + l.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p)); + l.in.workstation = lp_netbios_name(); + l.in.credential = &auth; + l.in.authenticator = &auth2; + l.in.logon_level = 2; + l.in.logon.network = &ninfo; + l.in.validation_level = 2; + + printf("Testing SamLogon\n"); + + status = dcerpc_netr_LogonSamLogon(p, mem_ctx, &l); + if (!NT_STATUS_IS_OK(status)) { + printf("LogonSamLogon - %s\n", nt_errstr(status)); + return False; + } + return True; } @@ -147,7 +199,7 @@ BOOL torture_rpc_netlogon(int dummy) ret = False; } - if (!test_Authenticate(p, mem_ctx)) { + if (!test_SamLogon(p, mem_ctx)) { ret = False; } |