diff options
-rw-r--r-- | source3/librpc/idl/netlogon.idl | 2 | ||||
-rw-r--r-- | source4/librpc/idl/netlogon.idl | 22 | ||||
-rw-r--r-- | source4/rpc_server/netlogon/dcerpc_netlogon.c | 76 | ||||
-rw-r--r-- | source4/torture/rpc/netlogon.c | 9 | ||||
-rw-r--r-- | source4/torture/rpc/remote_pac.c | 34 | ||||
-rw-r--r-- | source4/torture/rpc/samba3rpc.c | 18 | ||||
-rw-r--r-- | source4/torture/rpc/samlogon.c | 72 | ||||
-rw-r--r-- | source4/torture/rpc/samsync.c | 11 | ||||
-rw-r--r-- | source4/torture/rpc/schannel.c | 21 | ||||
-rw-r--r-- | source4/winbind/wb_sam_logon.c | 11 |
10 files changed, 185 insertions, 91 deletions
diff --git a/source3/librpc/idl/netlogon.idl b/source3/librpc/idl/netlogon.idl index d6c3bd4374..4980a3e151 100644 --- a/source3/librpc/idl/netlogon.idl +++ b/source3/librpc/idl/netlogon.idl @@ -1460,7 +1460,7 @@ interface netlogon [in,unique] netr_Authenticator *credential, [in,out,unique] netr_Authenticator *return_authenticator, [in] netr_LogonInfoClass logon_level, - [in] [switch_is(logon_level)] netr_LogonLevel logon, + [in,ref] [switch_is(logon_level)] netr_LogonLevel *logon, [in] uint16 validation_level, [out,ref] [switch_is(validation_level)] netr_Validation *validation, [out,ref] uint8 *authoritative, diff --git a/source4/librpc/idl/netlogon.idl b/source4/librpc/idl/netlogon.idl index 3418f08b00..a11bca7028 100644 --- a/source4/librpc/idl/netlogon.idl +++ b/source4/librpc/idl/netlogon.idl @@ -289,10 +289,10 @@ interface netlogon [in,unique] netr_Authenticator *credential, [in,out,unique] netr_Authenticator *return_authenticator, [in] netr_LogonInfoClass logon_level, - [in] [switch_is(logon_level)] netr_LogonLevel logon, + [in,ref] [switch_is(logon_level)] netr_LogonLevel *logon, [in] uint16 validation_level, - [out] [switch_is(validation_level)] netr_Validation validation, - [out] uint8 authoritative + [out,ref] [switch_is(validation_level)] netr_Validation *validation, + [out,ref] uint8 *authoritative ); @@ -1384,11 +1384,11 @@ interface netlogon [in,unique] [string,charset(UTF16)] uint16 *server_name, [in,unique] [string,charset(UTF16)] uint16 *computer_name, [in] netr_LogonInfoClass logon_level, - [in] [switch_is(logon_level)] netr_LogonLevel logon, + [in,ref] [switch_is(logon_level)] netr_LogonLevel *logon, [in] uint16 validation_level, - [out] [switch_is(validation_level)] netr_Validation validation, - [out] uint8 authoritative, - [in,out] uint32 flags + [out,ref] [switch_is(validation_level)] netr_Validation *validation, + [out,ref] uint8 *authoritative, + [in,out,ref] uint32 *flags ); /****************/ @@ -1457,11 +1457,11 @@ interface netlogon [in,unique] netr_Authenticator *credential, [in,out,unique] netr_Authenticator *return_authenticator, [in] netr_LogonInfoClass logon_level, - [in] [switch_is(logon_level)] netr_LogonLevel logon, + [in,ref] [switch_is(logon_level)] netr_LogonLevel *logon, [in] uint16 validation_level, - [out] [switch_is(validation_level)] netr_Validation validation, - [out] uint8 authoritative, - [in,out] uint32 flags + [out,ref] [switch_is(validation_level)] netr_Validation *validation, + [out,ref] uint8 *authoritative, + [in,out,ref] uint32 *flags ); /****************/ diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index 04c16ab484..0152604d43 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -474,14 +474,14 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal case NetlogonServiceTransitiveInformation: if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) { creds_arcfour_crypt(creds, - r->in.logon.password->lmpassword.hash, - sizeof(r->in.logon.password->lmpassword.hash)); + r->in.logon->password->lmpassword.hash, + sizeof(r->in.logon->password->lmpassword.hash)); creds_arcfour_crypt(creds, - r->in.logon.password->ntpassword.hash, - sizeof(r->in.logon.password->ntpassword.hash)); + r->in.logon->password->ntpassword.hash, + sizeof(r->in.logon->password->ntpassword.hash)); } else { - creds_des_decrypt(creds, &r->in.logon.password->lmpassword); - creds_des_decrypt(creds, &r->in.logon.password->ntpassword); + creds_des_decrypt(creds, &r->in.logon->password->lmpassword); + creds_des_decrypt(creds, &r->in.logon->password->ntpassword); } /* TODO: we need to deny anonymous access here */ @@ -491,21 +491,21 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal &auth_context); NT_STATUS_NOT_OK_RETURN(nt_status); - user_info->logon_parameters = r->in.logon.password->identity_info.parameter_control; - user_info->client.account_name = r->in.logon.password->identity_info.account_name.string; - user_info->client.domain_name = r->in.logon.password->identity_info.domain_name.string; - user_info->workstation_name = r->in.logon.password->identity_info.workstation.string; + user_info->logon_parameters = r->in.logon->password->identity_info.parameter_control; + user_info->client.account_name = r->in.logon->password->identity_info.account_name.string; + user_info->client.domain_name = r->in.logon->password->identity_info.domain_name.string; + user_info->workstation_name = r->in.logon->password->identity_info.workstation.string; user_info->flags |= USER_INFO_INTERACTIVE_LOGON; user_info->password_state = AUTH_PASSWORD_HASH; user_info->password.hash.lanman = talloc(user_info, struct samr_Password); NT_STATUS_HAVE_NO_MEMORY(user_info->password.hash.lanman); - *user_info->password.hash.lanman = r->in.logon.password->lmpassword; + *user_info->password.hash.lanman = r->in.logon->password->lmpassword; user_info->password.hash.nt = talloc(user_info, struct samr_Password); NT_STATUS_HAVE_NO_MEMORY(user_info->password.hash.nt); - *user_info->password.hash.nt = r->in.logon.password->ntpassword; + *user_info->password.hash.nt = r->in.logon->password->ntpassword; break; case NetlogonNetworkInformation: @@ -518,17 +518,17 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal &auth_context); NT_STATUS_NOT_OK_RETURN(nt_status); - nt_status = auth_context_set_challenge(auth_context, r->in.logon.network->challenge, "netr_LogonSamLogonWithFlags"); + nt_status = auth_context_set_challenge(auth_context, r->in.logon->network->challenge, "netr_LogonSamLogonWithFlags"); NT_STATUS_NOT_OK_RETURN(nt_status); - user_info->logon_parameters = r->in.logon.network->identity_info.parameter_control; - user_info->client.account_name = r->in.logon.network->identity_info.account_name.string; - user_info->client.domain_name = r->in.logon.network->identity_info.domain_name.string; - user_info->workstation_name = r->in.logon.network->identity_info.workstation.string; + user_info->logon_parameters = r->in.logon->network->identity_info.parameter_control; + user_info->client.account_name = r->in.logon->network->identity_info.account_name.string; + user_info->client.domain_name = r->in.logon->network->identity_info.domain_name.string; + user_info->workstation_name = r->in.logon->network->identity_info.workstation.string; user_info->password_state = AUTH_PASSWORD_RESPONSE; - user_info->password.response.lanman = data_blob_talloc(mem_ctx, r->in.logon.network->lm.data, r->in.logon.network->lm.length); - user_info->password.response.nt = data_blob_talloc(mem_ctx, r->in.logon.network->nt.data, r->in.logon.network->nt.length); + user_info->password.response.lanman = data_blob_talloc(mem_ctx, r->in.logon->network->lm.data, r->in.logon->network->lm.length); + user_info->password.response.nt = data_blob_talloc(mem_ctx, r->in.logon->network->nt.data, r->in.logon->network->nt.length); break; @@ -537,24 +537,24 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal { if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) { creds_arcfour_crypt(creds, - r->in.logon.generic->data, r->in.logon.generic->length); + r->in.logon->generic->data, r->in.logon->generic->length); } else { /* Using DES to verify kerberos tickets makes no sense */ return NT_STATUS_INVALID_PARAMETER; } - if (strcmp(r->in.logon.generic->package_name.string, "Kerberos") == 0) { + if (strcmp(r->in.logon->generic->package_name.string, "Kerberos") == 0) { NTSTATUS status; struct server_id *kdc; struct kdc_check_generic_kerberos check; struct netr_GenericInfo2 *generic = talloc_zero(mem_ctx, struct netr_GenericInfo2); NT_STATUS_HAVE_NO_MEMORY(generic); - r->out.authoritative = 1; + *r->out.authoritative = 1; /* TODO: Describe and deal with these flags */ - r->out.flags = 0; + *r->out.flags = 0; - r->out.validation.generic = generic; + r->out.validation->generic = generic; kdc = irpc_servers_byname(dce_call->msg_ctx, mem_ctx, "kdc_server"); if ((kdc == NULL) || (kdc[0].id == 0)) { @@ -562,8 +562,8 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal } check.in.generic_request = - data_blob_const(r->in.logon.generic->data, - r->in.logon.generic->length); + data_blob_const(r->in.logon->generic->data, + r->in.logon->generic->length); status = irpc_call(dce_call->msg_ctx, kdc[0], &ndr_table_irpc, NDR_KDC_CHECK_GENERIC_KERBEROS, @@ -620,14 +620,14 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal sam2 = talloc_zero(mem_ctx, struct netr_SamInfo2); NT_STATUS_HAVE_NO_MEMORY(sam2); sam2->base = *sam; - r->out.validation.sam2 = sam2; + r->out.validation->sam2 = sam2; break; case 3: sam3 = talloc_zero(mem_ctx, struct netr_SamInfo3); NT_STATUS_HAVE_NO_MEMORY(sam3); sam3->base = *sam; - r->out.validation.sam3 = sam3; + r->out.validation->sam3 = sam3; break; case 6: @@ -638,17 +638,17 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal sam6->principle.string = talloc_asprintf(mem_ctx, "%s@%s", sam->account_name.string, sam6->forest.string); NT_STATUS_HAVE_NO_MEMORY(sam6->principle.string); - r->out.validation.sam6 = sam6; + r->out.validation->sam6 = sam6; break; default: break; } - r->out.authoritative = 1; + *r->out.authoritative = 1; /* TODO: Describe and deal with these flags */ - r->out.flags = 0; + *r->out.flags = 0; return NT_STATUS_OK; } @@ -700,13 +700,13 @@ static NTSTATUS dcesrv_netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce r2.in.logon = r->in.logon; r2.in.validation_level = r->in.validation_level; r2.in.flags = r->in.flags; + r2.out.validation = r->out.validation; + r2.out.authoritative = r->out.authoritative; + r2.out.flags = r->out.flags; nt_status = dcesrv_netr_LogonSamLogon_base(dce_call, mem_ctx, &r2, creds); r->out.return_authenticator = return_authenticator; - r->out.validation = r2.out.validation; - r->out.authoritative = r2.out.authoritative; - r->out.flags = r2.out.flags; return nt_status; } @@ -718,6 +718,7 @@ static NTSTATUS dcesrv_netr_LogonSamLogon(struct dcesrv_call_state *dce_call, TA struct netr_LogonSamLogon *r) { struct netr_LogonSamLogonWithFlags r2; + uint32_t flags = 0; NTSTATUS status; ZERO_STRUCT(r2); @@ -729,13 +730,14 @@ static NTSTATUS dcesrv_netr_LogonSamLogon(struct dcesrv_call_state *dce_call, TA r2.in.logon_level = r->in.logon_level; r2.in.logon = r->in.logon; r2.in.validation_level = r->in.validation_level; - r2.in.flags = 0; + r2.in.flags = &flags; + r2.out.validation = r->out.validation; + r2.out.authoritative = r->out.authoritative; + r2.out.flags = &flags; status = dcesrv_netr_LogonSamLogonWithFlags(dce_call, mem_ctx, &r2); r->out.return_authenticator = r2.out.return_authenticator; - r->out.validation = r2.out.validation; - r->out.authoritative = r2.out.authoritative; return status; } diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c index 2e9800fede..38fe8b58f5 100644 --- a/source4/torture/rpc/netlogon.c +++ b/source4/torture/rpc/netlogon.c @@ -575,6 +575,9 @@ bool test_netlogon_ops(struct dcerpc_pipe *p, struct torture_context *tctx, NTSTATUS status; struct netr_LogonSamLogon r; struct netr_Authenticator auth, auth2; + union netr_LogonLevel logon; + union netr_Validation validation; + uint8_t authoritative; struct netr_NetworkInfo ninfo; DATA_BLOB names_blob, chal, lm_resp, nt_resp; int i; @@ -618,12 +621,16 @@ bool test_netlogon_ops(struct dcerpc_pipe *p, struct torture_context *tctx, ninfo.identity_info.logon_id_high = 0; ninfo.identity_info.workstation.string = cli_credentials_get_workstation(credentials); + logon.network = &ninfo; + r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p)); r.in.computer_name = cli_credentials_get_workstation(credentials); r.in.credential = &auth; r.in.return_authenticator = &auth2; r.in.logon_level = 2; - r.in.logon.network = &ninfo; + r.in.logon = &logon; + r.out.validation = &validation; + r.out.authoritative = &authoritative; d_printf("Testing LogonSamLogon with name %s\n", ninfo.identity_info.account_name.string); diff --git a/source4/torture/rpc/remote_pac.c b/source4/torture/rpc/remote_pac.c index a4111d1c3e..1f03ad6396 100644 --- a/source4/torture/rpc/remote_pac.c +++ b/source4/torture/rpc/remote_pac.c @@ -47,7 +47,12 @@ static bool test_PACVerify(struct torture_context *tctx, NTSTATUS status; struct netr_LogonSamLogon r; - + + union netr_LogonLevel logon; + union netr_Validation validation; + uint8_t authoritative; + struct netr_Authenticator return_authenticator; + struct netr_GenericInfo generic; struct netr_Authenticator auth, auth2; @@ -166,15 +171,20 @@ static bool test_PACVerify(struct torture_context *tctx, generic.package_name.string = "Kerberos"; + logon.generic = &generic; + ZERO_STRUCT(auth2); creds_client_authenticator(creds, &auth); r.in.credential = &auth; r.in.return_authenticator = &auth2; + r.in.logon = &logon; r.in.logon_level = NetlogonGenericInformation; - r.in.logon.generic = &generic; r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p)); r.in.computer_name = cli_credentials_get_workstation(credentials); r.in.validation_level = NetlogonValidationGenericInfo2; + r.out.validation = &validation; + r.out.authoritative = &authoritative; + r.out.return_authenticator = &return_authenticator; status = dcerpc_netr_LogonSamLogon(p, tctx, &r); @@ -183,12 +193,14 @@ static bool test_PACVerify(struct torture_context *tctx, /* This will break the signature nicely (even in the crypto wrapping), check we get a logon failure */ generic.data[generic.length-1]++; + logon.generic = &generic; + ZERO_STRUCT(auth2); creds_client_authenticator(creds, &auth); r.in.credential = &auth; r.in.return_authenticator = &auth2; r.in.logon_level = NetlogonGenericInformation; - r.in.logon.generic = &generic; + r.in.logon = &logon; r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p)); r.in.computer_name = cli_credentials_get_workstation(credentials); r.in.validation_level = NetlogonValidationGenericInfo2; @@ -203,12 +215,14 @@ static bool test_PACVerify(struct torture_context *tctx, /* This will break the parsing nicely (even in the crypto wrapping), check we get INVALID_PARAMETER */ generic.length--; + logon.generic = &generic; + ZERO_STRUCT(auth2); creds_client_authenticator(creds, &auth); r.in.credential = &auth; r.in.return_authenticator = &auth2; r.in.logon_level = NetlogonGenericInformation; - r.in.logon.generic = &generic; + r.in.logon = &logon; r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p)); r.in.computer_name = cli_credentials_get_workstation(credentials); r.in.validation_level = NetlogonValidationGenericInfo2; @@ -247,13 +261,15 @@ static bool test_PACVerify(struct torture_context *tctx, generic.length = pac_wrapped.length; generic.data = pac_wrapped.data; - + + logon.generic = &generic; + ZERO_STRUCT(auth2); creds_client_authenticator(creds, &auth); r.in.credential = &auth; r.in.return_authenticator = &auth2; r.in.logon_level = NetlogonGenericInformation; - r.in.logon.generic = &generic; + r.in.logon = &logon; r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p)); r.in.computer_name = cli_credentials_get_workstation(credentials); r.in.validation_level = NetlogonValidationGenericInfo2; @@ -292,13 +308,15 @@ static bool test_PACVerify(struct torture_context *tctx, generic.length = pac_wrapped.length; generic.data = pac_wrapped.data; - + + logon.generic = &generic; + ZERO_STRUCT(auth2); creds_client_authenticator(creds, &auth); r.in.credential = &auth; r.in.return_authenticator = &auth2; r.in.logon_level = NetlogonGenericInformation; - r.in.logon.generic = &generic; + r.in.logon = &logon; r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p)); r.in.computer_name = cli_credentials_get_workstation(credentials); r.in.validation_level = NetlogonValidationGenericInfo2; diff --git a/source4/torture/rpc/samba3rpc.c b/source4/torture/rpc/samba3rpc.c index a45397de46..5f8225cb33 100644 --- a/source4/torture/rpc/samba3rpc.c +++ b/source4/torture/rpc/samba3rpc.c @@ -1033,6 +1033,10 @@ static bool schan(struct smbcli_state *cli, struct netr_NetworkInfo ninfo; struct netr_PasswordInfo pinfo; struct netr_LogonSamLogon r; + union netr_LogonLevel logon; + union netr_Validation validation; + uint8_t authoritative; + struct netr_Authenticator return_authenticator; flags = CLI_CRED_LANMAN_AUTH | CLI_CRED_NTLM_AUTH | CLI_CRED_NTLMv2_AUTH; @@ -1075,6 +1079,8 @@ static bool schan(struct smbcli_state *cli, ninfo.lm.length = lm_resp.length; ninfo.lm.data = lm_resp.data; + logon.network = &ninfo; + r.in.server_name = talloc_asprintf( mem_ctx, "\\\\%s", dcerpc_server_name(net_pipe)); ZERO_STRUCT(netr_auth2); @@ -1084,8 +1090,10 @@ static bool schan(struct smbcli_state *cli, r.in.return_authenticator = &netr_auth2; r.in.logon_level = 2; r.in.validation_level = i; - r.in.logon.network = &ninfo; - r.out.return_authenticator = NULL; + r.in.logon = &logon; + r.out.validation = &validation; + r.out.authoritative = &authoritative; + r.out.return_authenticator = &return_authenticator; status = dcerpc_netr_LogonSamLogon(net_pipe, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { @@ -1113,9 +1121,11 @@ static bool schan(struct smbcli_state *cli, sizeof(pinfo.ntpassword.hash), &session_key); + logon.password = &pinfo; + r.in.logon_level = 1; - r.in.logon.password = &pinfo; - r.out.return_authenticator = NULL; + r.in.logon = &logon; + r.out.return_authenticator = &return_authenticator; status = dcerpc_netr_LogonSamLogon(net_pipe, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { diff --git a/source4/torture/rpc/samlogon.c b/source4/torture/rpc/samlogon.c index fc47a86730..9a707605e6 100644 --- a/source4/torture/rpc/samlogon.c +++ b/source4/torture/rpc/samlogon.c @@ -92,9 +92,9 @@ static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state, struct netr_SamBaseInfo *base = NULL; uint16_t validation_level = 0; - samlogon_state->r.in.logon.network = &ninfo; - samlogon_state->r_ex.in.logon.network = &ninfo; - samlogon_state->r_flags.in.logon.network = &ninfo; + samlogon_state->r.in.logon->network = &ninfo; + samlogon_state->r_ex.in.logon->network = &ninfo; + samlogon_state->r_flags.in.logon->network = &ninfo; ninfo.identity_info.domain_name.string = samlogon_state->account_domain; ninfo.identity_info.parameter_control = parameter_control; @@ -170,17 +170,17 @@ static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state, validation_level = r->in.validation_level; - creds_decrypt_samlogon(samlogon_state->creds, validation_level, &r->out.validation); + creds_decrypt_samlogon(samlogon_state->creds, validation_level, r->out.validation); switch (validation_level) { case 2: - base = &r->out.validation.sam2->base; + base = &r->out.validation->sam2->base; break; case 3: - base = &r->out.validation.sam3->base; + base = &r->out.validation->sam3->base; break; case 6: - base = &r->out.validation.sam6->base; + base = &r->out.validation->sam6->base; break; } break; @@ -195,17 +195,17 @@ static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state, validation_level = r_ex->in.validation_level; - creds_decrypt_samlogon(samlogon_state->creds, validation_level, &r_ex->out.validation); + creds_decrypt_samlogon(samlogon_state->creds, validation_level, r_ex->out.validation); switch (validation_level) { case 2: - base = &r_ex->out.validation.sam2->base; + base = &r_ex->out.validation->sam2->base; break; case 3: - base = &r_ex->out.validation.sam3->base; + base = &r_ex->out.validation->sam3->base; break; case 6: - base = &r_ex->out.validation.sam6->base; + base = &r_ex->out.validation->sam6->base; break; } break; @@ -228,17 +228,17 @@ static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state, validation_level = r_flags->in.validation_level; - creds_decrypt_samlogon(samlogon_state->creds, validation_level, &r_flags->out.validation); + creds_decrypt_samlogon(samlogon_state->creds, validation_level, r_flags->out.validation); switch (validation_level) { case 2: - base = &r_flags->out.validation.sam2->base; + base = &r_flags->out.validation->sam2->base; break; case 3: - base = &r_flags->out.validation.sam3->base; + base = &r_flags->out.validation->sam3->base; break; case 6: - base = &r_flags->out.validation.sam6->base; + base = &r_flags->out.validation->sam6->base; break; } break; @@ -1331,7 +1331,14 @@ static bool test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, NDR_NETR_LOGONSAMLOGONEX, NDR_NETR_LOGONSAMLOGONWITHFLAGS }; struct samlogon_state samlogon_state; - + + union netr_LogonLevel logon; + union netr_Validation validation; + uint8_t authoritative = 0; + uint32_t flags = 0; + + ZERO_STRUCT(logon); + d_printf("testing netr_LogonSamLogon and netr_LogonSamLogonWithFlags\n"); samlogon_state.comment = comment; @@ -1353,16 +1360,28 @@ static bool test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, samlogon_state.r_flags.in.computer_name = TEST_MACHINE_NAME; samlogon_state.r_flags.in.credential = &samlogon_state.auth; samlogon_state.r_flags.in.return_authenticator = &samlogon_state.auth2; - samlogon_state.r_flags.in.flags = 0; + samlogon_state.r_flags.in.flags = &flags; + samlogon_state.r_flags.in.logon = &logon; + samlogon_state.r_flags.out.validation = &validation; + samlogon_state.r_flags.out.authoritative = &authoritative; + samlogon_state.r_flags.out.flags = &flags; samlogon_state.r_ex.in.server_name = talloc_asprintf(fn_ctx, "\\\\%s", dcerpc_server_name(p)); samlogon_state.r_ex.in.computer_name = TEST_MACHINE_NAME; - samlogon_state.r_ex.in.flags = 0; + samlogon_state.r_ex.in.flags = &flags; + samlogon_state.r_ex.in.logon = &logon; + samlogon_state.r_ex.out.validation = &validation; + samlogon_state.r_ex.out.authoritative = &authoritative; + samlogon_state.r_ex.out.flags = &flags; samlogon_state.r.in.server_name = talloc_asprintf(fn_ctx, "\\\\%s", dcerpc_server_name(p)); samlogon_state.r.in.computer_name = TEST_MACHINE_NAME; samlogon_state.r.in.credential = &samlogon_state.auth; samlogon_state.r.in.return_authenticator = &samlogon_state.auth2; + samlogon_state.r.in.logon = &logon; + samlogon_state.r.out.validation = &validation; + samlogon_state.r.out.authoritative = &authoritative; + for (f=0;f<ARRAY_SIZE(function_levels);f++) { for (i=0; test_table[i].fn; i++) { @@ -1422,21 +1441,34 @@ bool test_InteractiveLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct netr_LogonSamLogonWithFlags r; struct netr_Authenticator a, ra; struct netr_PasswordInfo pinfo; + uint32_t flags = 0; + + union netr_LogonLevel logon; + union netr_Validation validation; + uint8_t authoritative = 0; ZERO_STRUCT(a); ZERO_STRUCT(r); ZERO_STRUCT(ra); + ZERO_STRUCT(logon); + ZERO_STRUCT(validation); + creds_client_authenticator(creds, &a); + logon.password = &pinfo; + r.in.server_name = talloc_asprintf(fn_ctx, "\\\\%s", dcerpc_server_name(p)); r.in.computer_name = TEST_MACHINE_NAME; r.in.credential = &a; r.in.return_authenticator = &ra; r.in.logon_level = 5; - r.in.logon.password = &pinfo; + r.in.logon = &logon; r.in.validation_level = 6; - r.in.flags = 0; + r.in.flags = &flags; + r.out.validation = &validation; + r.out.authoritative = &authoritative; + r.out.flags = &flags; pinfo.identity_info.domain_name.string = account_domain; pinfo.identity_info.parameter_control = parameter_control; diff --git a/source4/torture/rpc/samsync.c b/source4/torture/rpc/samsync.c index 88101912e6..e1129435a0 100644 --- a/source4/torture/rpc/samsync.c +++ b/source4/torture/rpc/samsync.c @@ -58,6 +58,9 @@ static NTSTATUS test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct netr_LogonSamLogon r; struct netr_Authenticator auth, auth2; struct netr_NetworkInfo ninfo; + union netr_LogonLevel logon; + union netr_Validation validation; + uint8_t authoritative; ninfo.identity_info.domain_name.string = domain; ninfo.identity_info.parameter_control = 0; @@ -85,12 +88,16 @@ static NTSTATUS test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, ninfo.lm.data = NULL; } + logon.network = &ninfo; + r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p)); r.in.computer_name = workstation; r.in.credential = &auth; r.in.return_authenticator = &auth2; r.in.logon_level = 2; - r.in.logon.network = &ninfo; + r.in.logon = &logon; + r.out.validation = &validation; + r.out.authoritative = &authoritative; ZERO_STRUCT(auth2); creds_client_authenticator(creds, &auth); @@ -104,7 +111,7 @@ static NTSTATUS test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, } if (info3) { - *info3 = r.out.validation.sam3; + *info3 = validation.sam3; } return status; diff --git a/source4/torture/rpc/schannel.c b/source4/torture/rpc/schannel.c index a8aa046280..81c3ecf878 100644 --- a/source4/torture/rpc/schannel.c +++ b/source4/torture/rpc/schannel.c @@ -48,6 +48,10 @@ bool test_netlogon_ex_ops(struct dcerpc_pipe *p, struct torture_context *tctx, NTSTATUS status; struct netr_LogonSamLogonEx r; struct netr_NetworkInfo ninfo; + union netr_LogonLevel logon; + union netr_Validation validation; + uint8_t authoritative = 0; + uint32_t _flags = 0; DATA_BLOB names_blob, chal, lm_resp, nt_resp; int i; int flags = CLI_CRED_NTLM_AUTH; @@ -91,11 +95,16 @@ bool test_netlogon_ex_ops(struct dcerpc_pipe *p, struct torture_context *tctx, ninfo.identity_info.logon_id_high = 0; ninfo.identity_info.workstation.string = cli_credentials_get_workstation(credentials); + logon.network = &ninfo; + r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p)); r.in.computer_name = cli_credentials_get_workstation(credentials); r.in.logon_level = 2; - r.in.logon.network = &ninfo; - r.in.flags = 0; + r.in.logon= &logon; + r.in.flags = &_flags; + r.out.validation = &validation; + r.out.authoritative = &authoritative; + r.out.flags = &_flags; torture_comment(tctx, "Testing LogonSamLogonEx with name %s\n", @@ -603,9 +612,13 @@ static bool torture_schannel_bench_start(struct torture_schannel_bench_conn *con conn->r.in.server_name = talloc_asprintf(conn->tmp, "\\\\%s", dcerpc_server_name(conn->pipe)); conn->r.in.computer_name = cli_credentials_get_workstation(conn->wks_creds); conn->r.in.logon_level = 2; - conn->r.in.logon.network = &conn->ninfo; - conn->r.in.flags = 0; + conn->r.in.logon = talloc(conn->tmp, union netr_LogonLevel); + conn->r.in.logon->network = &conn->ninfo; + conn->r.in.flags = talloc(conn->tmp, uint32_t); conn->r.in.validation_level = 2; + conn->r.out.validation = talloc(conn->tmp, union netr_Validation); + conn->r.out.authoritative = talloc(conn->tmp, uint8_t); + conn->r.out.flags = conn->r.in.flags; req = dcerpc_netr_LogonSamLogonEx_send(conn->pipe, conn->tmp, &conn->r); torture_assert(s->tctx, req, "Failed to setup LogonSamLogonEx request"); diff --git a/source4/winbind/wb_sam_logon.c b/source4/winbind/wb_sam_logon.c index c9203c8bec..5ceb6e4af0 100644 --- a/source4/winbind/wb_sam_logon.c +++ b/source4/winbind/wb_sam_logon.c @@ -96,9 +96,14 @@ static void wb_sam_logon_recv_domain(struct composite_context *creq) s->r.in.credential = &s->auth1; s->r.in.return_authenticator = &s->auth2; s->r.in.logon_level = s->req->in.logon_level; - s->r.in.logon = s->req->in.logon; + s->r.in.logon = &s->req->in.logon; s->r.in.validation_level = s->req->in.validation_level; s->r.out.return_authenticator = NULL; + s->r.out.validation = talloc(s, union netr_Validation); + if (composite_nomem(s->r.out.validation, s->ctx)) return; + s->r.out.authoritative = talloc(s, uint8_t); + if (composite_nomem(s->r.out.authoritative, s->ctx)) return; + /* * use a new talloc context for the LogonSamLogon call @@ -142,7 +147,7 @@ static void wb_sam_logon_recv_samlogon(struct rpc_request *req) * They won't have the encryption key anyway */ creds_decrypt_samlogon(s->creds_state, s->r.in.validation_level, - &s->r.out.validation); + s->r.out.validation); composite_done(s->ctx); } @@ -157,7 +162,7 @@ NTSTATUS wb_sam_logon_recv(struct composite_context *c, if (NT_STATUS_IS_OK(status)) { talloc_steal(mem_ctx, s->r_mem_ctx); - req->out.validation = s->r.out.validation; + req->out.validation = *s->r.out.validation; req->out.authoritative = 1; } |