diff options
Diffstat (limited to 'source4/torture/rpc/netlogon.c')
| -rw-r--r-- | source4/torture/rpc/netlogon.c | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c index 6128495043..3da539aea5 100644 --- a/source4/torture/rpc/netlogon.c +++ b/source4/torture/rpc/netlogon.c @@ -268,6 +268,37 @@ static BOOL test_SetPassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) r.in.secure_channel_type = SEC_CHAN_BDC; r.in.computer_name = TEST_MACHINE_NAME; + password = ""; + E_md4hash(password, r.in.new_password.hash); + + creds_des_encrypt(&creds, &r.in.new_password); + /* by changing the machine password to "" + * we check if the server uses password restrictions + * for ServerPasswordSet2 + * (win2k3 accepts "") + */ + printf("Testing a second ServerPasswordSet on machine account\n"); + printf("Changing machine account password to '%s'\n", password); + + creds_client_authenticator(&creds, &r.in.credential); + + status = dcerpc_netr_ServerPasswordSet(p, mem_ctx, &r); + if (!NT_STATUS_IS_OK(status)) { + printf("ServerPasswordSet (2) - %s\n", nt_errstr(status)); + return False; + } + + if (!creds_client_check(&creds, &r.out.return_authenticator.cred)) { + printf("Credential chaining failed\n"); + } + + machine_password = password; + + if (!test_SetupCredentials(p, mem_ctx, TEST_MACHINE_NAME, machine_password, &creds)) { + printf("ServerPasswordSet failed to actually change the password\n"); + return False; + } + password = generate_random_str(mem_ctx, 8); E_md4hash(password, r.in.new_password.hash); @@ -337,6 +368,38 @@ static BOOL test_SetPassword2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) r.in.secure_channel_type = SEC_CHAN_BDC; r.in.computer_name = TEST_MACHINE_NAME; + password = ""; + encode_pw_buffer(r.in.new_password.data, password, STR_UNICODE); + creds_arcfour_crypt(&creds, r.in.new_password.data, 516); + + /* by changing the machine password to "" + * we check if the server uses password restrictions + * for ServerPasswordSet2 + * (win2k3 accepts "") + */ + printf("Testing a second ServerPasswordSet2 on machine account\n"); + printf("Changing machine account password to '%s'\n", password); + + creds_client_authenticator(&creds, &r.in.credential); + + status = dcerpc_netr_ServerPasswordSet2(p, mem_ctx, &r); + if (!NT_STATUS_IS_OK(status)) { + printf("ServerPasswordSet (2) - %s\n", nt_errstr(status)); + return False; + } + + if (!creds_client_check(&creds, &r.out.return_authenticator.cred)) { + printf("Credential chaining failed\n"); + } + + machine_password = password; + + if (!test_SetupCredentials(p, mem_ctx, TEST_MACHINE_NAME, machine_password, &creds)) { + printf("ServerPasswordSet failed to actually change the password\n"); + return False; + } + + /* now try a random password */ password = generate_random_str(mem_ctx, 8); encode_pw_buffer(r.in.new_password.data, password, STR_UNICODE); creds_arcfour_crypt(&creds, r.in.new_password.data, 516); |