summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/build/pidl/parser.pm2
-rw-r--r--source4/libcli/auth/credentials.c3
-rw-r--r--source4/librpc/idl/netlogon.idl201
-rw-r--r--source4/librpc/idl/samr.idl3
-rw-r--r--source4/torture/rpc/netlogon.c66
5 files changed, 162 insertions, 113 deletions
diff --git a/source4/build/pidl/parser.pm b/source4/build/pidl/parser.pm
index 579c577d3c..095c083514 100644
--- a/source4/build/pidl/parser.pm
+++ b/source4/build/pidl/parser.pm
@@ -444,7 +444,7 @@ sub ParseElementPullSwitch($$$$)
pidl "\t\tif (_level != $switch_var) {\n";
}
pidl "\t\t\treturn ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, \"Bad switch value %u in $e->{NAME}\");\t\t}\n";
- if ($switch =~ /r->/) {
+ if ($switch_var =~ /r->/) {
pidl "else { $switch_var = _level; }\n";
}
pidl "\t}\n";
diff --git a/source4/libcli/auth/credentials.c b/source4/libcli/auth/credentials.c
index 6df163bdfc..72572d8f91 100644
--- a/source4/libcli/auth/credentials.c
+++ b/source4/libcli/auth/credentials.c
@@ -143,8 +143,6 @@ BOOL clnt_deal_with_creds(uchar sess_key[8],
time_t new_clnt_time;
uint32 new_cred;
- DEBUG(5,("clnt_deal_with_creds: %d\n", __LINE__));
-
/* increment client time by one second !?! */
new_clnt_time = sto_clnt_cred->timestamp + 1;
@@ -161,7 +159,6 @@ BOOL clnt_deal_with_creds(uchar sess_key[8],
/* store new seed in client credentials */
SIVAL(sto_clnt_cred->cred.data, 0, new_cred);
- DEBUG(5,(" new clnt cred: %s\n", credstr(sto_clnt_cred->cred.data)));
return True;
}
diff --git a/source4/librpc/idl/netlogon.idl b/source4/librpc/idl/netlogon.idl
index 7bdb4ae6ed..f6749b4e57 100644
--- a/source4/librpc/idl/netlogon.idl
+++ b/source4/librpc/idl/netlogon.idl
@@ -19,7 +19,7 @@ interface netlogon
/* Function 0x00 */
typedef struct {
- unistr *effective_name;
+ unistr *account_name;
uint32 priv;
uint32 auth_flags;
uint32 logon_count;
@@ -65,54 +65,51 @@ interface netlogon
/* Function 0x02 */
typedef struct {
- uint16 size;
- uint16 length;
- unistr *string;
+ [value(strlen_m(r->string)*2)] uint16 size;
+ [value(r->size)] uint16 length;
+ unistr_noterm *string;
} netr_String;
typedef struct {
- netr_String LogonDomainName;
- uint32 ParameterControl;
- HYPER_T LogonID;
+ netr_String domain_name;
+ uint32 parameter_control;
+ uint32 logon_id_low;
+ uint32 logon_id_high;
netr_String username;
netr_String workstation;
- } LOGON_IDENTITY_INFO;
-
- typedef struct {
- uint8 password[16];
- } LM_OWF_PASSWORD;
+ } netr_IdentityInfo;
- typedef struct {
+ typedef [flag(NDR_PAHEX)] struct {
uint8 password[16];
- } NT_OWF_PASSWORD;
+ } netr_Password;
typedef struct {
- LOGON_IDENTITY_INFO identity_info;
- LM_OWF_PASSWORD lmpassword;
- NT_OWF_PASSWORD ntpassword;
- } INTERACTIVE_INFO;
+ netr_IdentityInfo identity_info;
+ netr_Password lmpassword;
+ netr_Password ntpassword;
+ } netr_PasswordInfo;
typedef [flag(NDR_PAHEX)] struct {
uint8 data[8];
} netr_Credential;
- typedef struct {
- LOGON_IDENTITY_INFO logon_info;
- netr_Credential challenge;
- unistr ntchallengeresponse;
- unistr lmchallengeresponse;
- } NETWORK_INFO;
+ typedef [flag(NDR_PAHEX)] struct {
+ uint16 length;
+ [value(r->length)] uint16 size;
+ [size_is(size),length_is(length)] uint8 *data;
+ } netr_ChallengeResponse;
typedef struct {
- LOGON_IDENTITY_INFO logon_info;
- LM_OWF_PASSWORD lmpassword;
- NT_OWF_PASSWORD ntpassword;
- } SERVICE_INFO;
+ netr_IdentityInfo logon_info;
+ netr_Credential challenge;
+ netr_ChallengeResponse nt;
+ netr_ChallengeResponse lm;
+ } netr_NetworkInfo;
typedef union {
- [case(1)] INTERACTIVE_INFO *iinfo;
- [case(2)] NETWORK_INFO *ninfo;
- [case(3)] SERVICE_INFO *sinfo;
+ [case(1)] netr_PasswordInfo *interactive;
+ [case(2)] netr_NetworkInfo *network;
+ [case(3)] netr_PasswordInfo *service;
} netr_LogonLevel;
typedef struct {
@@ -123,93 +120,97 @@ interface netlogon
typedef struct {
uint32 user_id;
uint32 attributes;
- } GROUP_MEMBERSHIP;
+ } netr_GroupMembership;
- typedef struct {
+ typedef [flag(NDR_PAHEX)] struct {
uint8 user_session_key[16];
- } USER_SESSION_KEY;
-
- typedef struct {
- NTTIME LogonTime;
- NTTIME LogoffTime;
- NTTIME KickOffTime;
- NTTIME PasswdLastSet;
- NTTIME PasswdCanChange;
- NTTIME PasswdMustChange;
- netr_String effectivename;
- netr_String fullname;
- netr_String logonscript;
- netr_String profilepath;
- netr_String homedirectory;
- netr_String homedirectorydrive;
- uint16 LogonCount;
- uint16 BadPasswdCount;
+ } netr_UserSessionKey;
+
+ typedef struct {
+ NTTIME logon_time;
+ NTTIME logoff_time;
+ NTTIME kickoff_time;
+ NTTIME passwd_last_set;
+ NTTIME passwd_can_change;
+ NTTIME passwd_must_change;
+ netr_String account_name;
+ netr_String full_name;
+ netr_String logon_script;
+ netr_String profile_path;
+ netr_String home_dir;
+ netr_String home_drive;
+ uint16 logon_count;
+ uint16 bad_passwd_count;
uint32 userid;
- uint32 primarygroup;
- uint32 groupcount;
- [size_is(groupcount)] GROUP_MEMBERSHIP *groupids;
- uint32 userflags;
- USER_SESSION_KEY key;
- netr_String logonserver;
- netr_String domainname;
- dom_sid2 logondomainid;
+ uint32 primary_group;
+ uint32 group_count;
+ [size_is(group_count)] netr_GroupMembership *groupids;
+ uint32 user_flags;
+ netr_UserSessionKey key;
+ netr_String logon_server;
+ netr_String domain;
+ dom_sid2 *domain_sid;
uint32 expansionroom[10];
- } VALIDATION_SAM_INFO;
-
- typedef struct {
- NTTIME LogonTime;
- NTTIME LogoffTime;
- NTTIME KickOffTime;
- NTTIME PasswdLastSet;
- NTTIME PasswdCanChange;
- NTTIME PasswdMustChange;
- netr_String effectivename;
- netr_String fullname;
- netr_String logonscript;
- netr_String profilepath;
- netr_String homedirectory;
- netr_String homedirectorydrive;
- uint16 LogonCount;
- uint16 BadPasswdCount;
+ } netr_SamInfo;
+
+ typedef struct {
+ dom_sid2 *sid;
+ uint32 attribute;
+ } netr_SidAttr;
+
+ typedef struct {
+ NTTIME logon_time;
+ NTTIME logoff_time;
+ NTTIME kickoff_time;
+ NTTIME passwd_last_set;
+ NTTIME passwd_can_change;
+ NTTIME passwd_must_change;
+ netr_String account_name;
+ netr_String full_name;
+ netr_String logon_script;
+ netr_String profile_path;
+ netr_String home_dir;
+ netr_String home_drive;
+ uint16 logon_count;
+ uint16 bad_passwd_count;
uint32 userid;
- uint32 primarygroup;
- uint32 groupcount;
- GROUP_MEMBERSHIP *groupids;
- uint32 userflags;
- USER_SESSION_KEY key;
- netr_String logonserver;
- netr_String domainname;
- dom_sid2 logondomainid;
+ uint32 primary_group;
+ uint32 group_count;
+ [size_is(group_count)] netr_GroupMembership *groupids;
+ uint32 user_flags;
+ netr_UserSessionKey key;
+ netr_String logon_server;
+ netr_String domain;
+ dom_sid2 *domain_sid;
uint32 expansionroom[10];
uint32 sidcount;
- dom_sid2 sid;
- uint32 sid_attribs;
- } VALIDATION_SAM_INFO2;
+ [size_is(sidcount)] netr_SidAttr *sids;
+ } netr_SamInfo2;
typedef struct {
uint32 pac_size;
[size_is(pac_size)] uint8 *pac;
- netr_String logondomain;
- netr_String logonserver;
- netr_String principalname;
+ netr_String logon_domain;
+ netr_String logon_server;
+ netr_String principal_name;
uint32 auth_size;
[size_is(auth_size)] uint8 *auth;
- USER_SESSION_KEY user_session_key;
+ netr_UserSessionKey user_session_key;
uint32 expansionroom[10];
- netr_String dummy1;
- netr_String dummy2;
- netr_String dummy3;
- netr_String dummy4;
- } VALIDATION_PAC_INFO;
+ netr_String unknown1;
+ netr_String unknown2;
+ netr_String unknown3;
+ netr_String unknown4;
+ } netr_PacInfo;
typedef union {
- [case(2)] VALIDATION_SAM_INFO *sam;
- [case(3)] VALIDATION_SAM_INFO2 *sam2;
- [case(4)] VALIDATION_PAC_INFO *pac;
- [case(5)] VALIDATION_PAC_INFO *pac2;
+ [case(2)] netr_SamInfo *sam;
+ [case(3)] netr_SamInfo2 *sam2;
+ [case(4)] netr_PacInfo *pac;
+ [case(5)] netr_PacInfo *pac2;
} netr_Validation;
- WERROR netr_LogonSamLogon(
+ NTSTATUS netr_LogonSamLogon(
[in] unistr *server_name,
[in] unistr *workstation,
[in] netr_Authenticator *credential,
diff --git a/source4/librpc/idl/samr.idl b/source4/librpc/idl/samr.idl
index d7ae25a88a..cd44c9174a 100644
--- a/source4/librpc/idl/samr.idl
+++ b/source4/librpc/idl/samr.idl
@@ -14,12 +14,11 @@
] interface samr
{
/* a 4 byte aligned 64-bit integer */
- typedef struct {
+ typedef [public] struct {
uint32 low;
uint32 high;
} ULONG8;
-
/******************/
/* Function: 0x00 */
NTSTATUS samr_Connect (
diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c
index 68937a4947..4ed62bc543 100644
--- a/source4/torture/rpc/netlogon.c
+++ b/source4/torture/rpc/netlogon.c
@@ -32,7 +32,7 @@ static BOOL test_LogonUasLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
r.in.username = lp_parm_string(-1, "torture", "username");
r.in.workstation = lp_netbios_name();
- printf("Testing LogonUasLogon");
+ printf("Testing LogonUasLogon\n");
status = dcerpc_netr_LogonUasLogon(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
@@ -53,7 +53,7 @@ static BOOL test_LogonUasLogoff(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
r.in.username = lp_parm_string(-1, "torture", "username");
r.in.workstation = lp_netbios_name();
- printf("Testing LogonUasLogoff");
+ printf("Testing LogonUasLogoff\n");
status = dcerpc_netr_LogonUasLogoff(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
@@ -65,17 +65,22 @@ static BOOL test_LogonUasLogoff(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
}
-static BOOL test_Authenticate(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
+static BOOL test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
{
NTSTATUS status;
struct netr_ServerReqChallenge r;
struct netr_ServerAuthenticate a;
- struct netr_Credential client_chal, server_chal, cred2;
+ struct netr_LogonSamLogon l;
+ struct netr_Credential client_chal, server_chal, cred2, cred3;
uint8 session_key[8];
const char *plain_pass;
uint8 mach_pwd[16];
+ struct netr_Authenticator auth, auth2;
+ struct netr_NetworkInfo ninfo;
+ const char *username = lp_parm_string(-1, "torture", "username");
+ const char *password = lp_parm_string(-1, "torture", "password");
- printf("Testing ServerReqChallenge");
+ printf("Testing ServerReqChallenge\n");
ZERO_STRUCT(client_chal);
@@ -108,7 +113,9 @@ static BOOL test_Authenticate(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
a.in.secure_challenge_type = 2;
a.in.computer_name = lp_netbios_name();
a.in.client_challenge = &cred2;
- a.out.client_challenge = &cred2;
+ a.out.client_challenge = &cred3;
+
+ printf("Testing ServerAuthenticate\n");
status = dcerpc_netr_ServerAuthenticate(p, mem_ctx, &a);
if (!NT_STATUS_IS_OK(status)) {
@@ -116,6 +123,51 @@ static BOOL test_Authenticate(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
return False;
}
+
+ if (!cred_assert(&cred3, session_key, &server_chal, 0)) {
+ printf("cred_assert failed!\n");
+ }
+
+ auth.timestamp = 0;
+ auth.cred = cred3;
+ auth2.timestamp = 0;
+ auth2.cred = server_chal;
+
+ cred_create(session_key, &cred2, 0, &auth.cred);
+
+ ninfo.logon_info.domain_name.string = lp_workgroup();
+ ninfo.logon_info.parameter_control = 0;
+ ninfo.logon_info.logon_id_low = 0;
+ ninfo.logon_info.logon_id_high = 0;
+ ninfo.logon_info.username.string = username;
+ ninfo.logon_info.workstation.string = lp_netbios_name();
+ generate_random_buffer(ninfo.challenge.data,
+ sizeof(ninfo.challenge.data), False);
+ ninfo.nt.length = 24;
+ ninfo.nt.data = talloc(mem_ctx, 24);
+ SMBNTencrypt(password, ninfo.challenge.data, ninfo.nt.data);
+ ninfo.lm.length = 24;
+ ninfo.lm.data = talloc(mem_ctx, 24);
+ SMBencrypt(password, ninfo.challenge.data, ninfo.lm.data);
+
+ ZERO_STRUCT(auth2);
+
+ l.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
+ l.in.workstation = lp_netbios_name();
+ l.in.credential = &auth;
+ l.in.authenticator = &auth2;
+ l.in.logon_level = 2;
+ l.in.logon.network = &ninfo;
+ l.in.validation_level = 2;
+
+ printf("Testing SamLogon\n");
+
+ status = dcerpc_netr_LogonSamLogon(p, mem_ctx, &l);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("LogonSamLogon - %s\n", nt_errstr(status));
+ return False;
+ }
+
return True;
}
@@ -147,7 +199,7 @@ BOOL torture_rpc_netlogon(int dummy)
ret = False;
}
- if (!test_Authenticate(p, mem_ctx)) {
+ if (!test_SamLogon(p, mem_ctx)) {
ret = False;
}