summaryrefslogtreecommitdiff
path: root/source4/torture/auth
diff options
context:
space:
mode:
Diffstat (limited to 'source4/torture/auth')
-rw-r--r--source4/torture/auth/pac.c39
1 files changed, 35 insertions, 4 deletions
diff --git a/source4/torture/auth/pac.c b/source4/torture/auth/pac.c
index ecf67a9014..ade68fcd77 100644
--- a/source4/torture/auth/pac.c
+++ b/source4/torture/auth/pac.c
@@ -26,6 +26,7 @@
#include "auth/auth.h"
#include "auth/kerberos/kerberos.h"
#include "librpc/gen_ndr/ndr_krb5pac.h"
+#include "librpc/gen_ndr/ndr_samr.h"
#ifdef HAVE_KRB5
@@ -105,15 +106,14 @@ static BOOL torture_pac_self_check(void)
&server_keyblock,
&tmp_blob);
- krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
- &krbtgt_keyblock);
-
if (ret) {
DEBUG(1, ("PAC encoding failed: %s\n",
smb_get_krb5_error_message(smb_krb5_context->krb5_context,
ret, mem_ctx)));
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
+ &krbtgt_keyblock);
+ krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
talloc_free(mem_ctx);
return False;
@@ -125,7 +125,11 @@ static BOOL torture_pac_self_check(void)
nt_status = kerberos_decode_pac(mem_ctx, &pac_info,
tmp_blob,
smb_krb5_context,
+ &krbtgt_keyblock,
&server_keyblock);
+
+ krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
+ &krbtgt_keyblock);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
if (ret) {
@@ -196,7 +200,9 @@ static BOOL torture_pac_saved_check(void)
struct PAC_LOGON_INFO *pac_info;
struct PAC_DATA pac_data;
krb5_keyblock server_keyblock;
+ krb5_keyblock krbtgt_keyblock;
uint8_t server_bytes[16];
+ struct samr_Password *krbtgt_bytes;
krb5_error_code ret;
@@ -209,6 +215,13 @@ static BOOL torture_pac_saved_check(void)
return False;
}
+ krbtgt_bytes = smbpasswd_gethexpwd(mem_ctx, "B286757148AF7FD252C53603A150B7E7");
+ if (!krbtgt_bytes) {
+ DEBUG(0, ("Could not interpret krbtgt key"));
+ talloc_free(mem_ctx);
+ return False;
+ }
+
/* The machine trust account in use when the above PAC
was generated. It used arcfour-hmac-md5, so this is easy */
E_md4hash("iqvwmii8CuEkyY", server_bytes);
@@ -226,6 +239,21 @@ static BOOL torture_pac_saved_check(void)
return False;
}
+ ret = krb5_keyblock_init(smb_krb5_context->krb5_context,
+ ENCTYPE_ARCFOUR_HMAC,
+ krbtgt_bytes->hash, sizeof(krbtgt_bytes->hash),
+ &krbtgt_keyblock);
+ if (ret) {
+ DEBUG(1, ("Server Keyblock encoding failed: %s\n",
+ smb_get_krb5_error_message(smb_krb5_context->krb5_context,
+ ret, mem_ctx)));
+
+ krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
+ &server_keyblock);
+ talloc_free(mem_ctx);
+ return False;
+ }
+
tmp_blob = data_blob_const(saved_pac, sizeof(saved_pac));
/*tmp_blob.data = file_load(lp_parm_string(-1,"torture","pac_file"), &tmp_blob.length);*/
@@ -236,10 +264,13 @@ static BOOL torture_pac_saved_check(void)
nt_status = kerberos_decode_pac(mem_ctx, &pac_info,
tmp_blob,
smb_krb5_context,
+ &krbtgt_keyblock,
&server_keyblock);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
+ &krbtgt_keyblock);
+ krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
- if (ret) {
+ if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(1, ("PAC decoding failed: %s\n",
nt_errstr(nt_status)));