summaryrefslogtreecommitdiff
path: root/source4/torture/rpc/schannel.c
diff options
context:
space:
mode:
Diffstat (limited to 'source4/torture/rpc/schannel.c')
-rw-r--r--source4/torture/rpc/schannel.c98
1 files changed, 98 insertions, 0 deletions
diff --git a/source4/torture/rpc/schannel.c b/source4/torture/rpc/schannel.c
index 323adde534..7a9786fa2d 100644
--- a/source4/torture/rpc/schannel.c
+++ b/source4/torture/rpc/schannel.c
@@ -53,6 +53,63 @@ static BOOL test_samr_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
return True;
}
+
+/*
+ try a netlogon SamLogon
+*/
+static BOOL test_netlogon_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+ struct creds_CredentialState *creds)
+{
+ NTSTATUS status;
+ struct netr_LogonSamLogon r;
+ struct netr_Authenticator auth, auth2;
+ struct netr_NetworkInfo ninfo;
+ const char *username = lp_parm_string(-1, "torture", "username");
+ const char *password = lp_parm_string(-1, "torture", "password");
+
+ int i;
+ BOOL ret = True;
+
+ ninfo.identity_info.domain_name.string = lp_workgroup();
+ ninfo.identity_info.parameter_control = 0;
+ ninfo.identity_info.logon_id_low = 0;
+ ninfo.identity_info.logon_id_high = 0;
+ ninfo.identity_info.account_name.string = username;
+ ninfo.identity_info.workstation.string = TEST_MACHINE_NAME;
+ generate_random_buffer(ninfo.challenge,
+ sizeof(ninfo.challenge));
+ ninfo.nt.length = 24;
+ ninfo.nt.data = talloc(mem_ctx, 24);
+ SMBNTencrypt(password, ninfo.challenge, ninfo.nt.data);
+ ninfo.lm.length = 24;
+ ninfo.lm.data = talloc(mem_ctx, 24);
+ SMBencrypt(password, ninfo.challenge, ninfo.lm.data);
+
+
+ r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
+ r.in.workstation = TEST_MACHINE_NAME;
+ r.in.credential = &auth;
+ r.in.return_authenticator = &auth2;
+ r.in.logon_level = 2;
+ r.in.logon.network = &ninfo;
+
+ for (i=2;i<3;i++) {
+ ZERO_STRUCT(auth2);
+ creds_client_authenticator(creds, &auth);
+
+ r.in.validation_level = i;
+
+ status = dcerpc_netr_LogonSamLogon(p, mem_ctx, &r);
+
+ if (!creds_client_check(creds, &r.out.return_authenticator->cred)) {
+ printf("Credential chaining failed\n");
+ ret = False;
+ }
+
+ }
+ return ret;
+}
+
/*
test a schannel connection with the given flags
*/
@@ -66,6 +123,8 @@ static BOOL test_schannel(TALLOC_CTX *mem_ctx,
const char *binding = lp_parm_string(-1, "torture", "binding");
struct dcerpc_binding b;
struct dcerpc_pipe *p;
+ struct dcerpc_pipe *p_netlogon;
+ struct creds_CredentialState *creds;
join_ctx = torture_join_domain(TEST_MACHINE_NAME, lp_workgroup(), acct_flags,
&machine_password);
@@ -99,12 +158,51 @@ static BOOL test_schannel(TALLOC_CTX *mem_ctx,
goto failed;
}
+
+ status = dcerpc_parse_binding(mem_ctx, binding, &b);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("Bad binding string %s\n", binding);
+ goto failed;
+ }
+
+
+ /* Also test that when we connect to the netlogon pipe, that
+ * the credentials we setup on the first pipe are valid for
+ * the second */
+
+ b.flags &= ~DCERPC_AUTH_OPTIONS;
+ b.flags |= dcerpc_flags;
+
+ status = dcerpc_pipe_connect_b(&p_netlogon, &b,
+ DCERPC_NETLOGON_UUID,
+ DCERPC_NETLOGON_VERSION,
+ lp_workgroup(),
+ TEST_MACHINE_NAME,
+ machine_password);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ goto failed;
+ }
+
+ status = dcerpc_schannel_creds(p_netlogon->security_state.generic_state, mem_ctx, &creds);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto failed;
+ }
+
+ /* do a couple of logins */
+ if (!test_netlogon_ops(p_netlogon, mem_ctx, creds)) {
+ printf("Failed to process schannel secured ops\n");
+ goto failed;
+ }
+
torture_leave_domain(join_ctx);
+ dcerpc_pipe_close(p_netlogon);
dcerpc_pipe_close(p);
return True;
failed:
torture_leave_domain(join_ctx);
+ dcerpc_pipe_close(p_netlogon);
dcerpc_pipe_close(p);
return False;
}
generated by cgit (git 2.34.1) at 2024-07-24 08:07:49 +0000