summaryrefslogtreecommitdiff
path: root/source4/torture/rpc
diff options
context:
space:
mode:
Diffstat (limited to 'source4/torture/rpc')
-rw-r--r--source4/torture/rpc/netlogon.c76
-rw-r--r--source4/torture/rpc/schannel.c98
-rw-r--r--source4/torture/rpc/xplogin.c15
3 files changed, 181 insertions, 8 deletions
diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c
index fe64727d79..9c87106550 100644
--- a/source4/torture/rpc/netlogon.c
+++ b/source4/torture/rpc/netlogon.c
@@ -316,6 +316,72 @@ static BOOL test_SetPassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
return True;
}
+/*
+ try a netlogon SamLogon
+*/
+static BOOL test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
+{
+ NTSTATUS status;
+ struct netr_LogonSamLogon r;
+ struct netr_Authenticator auth, auth2;
+ struct netr_NetworkInfo ninfo;
+ const char *username = lp_parm_string(-1, "torture", "username");
+ const char *password = lp_parm_string(-1, "torture", "password");
+ struct creds_CredentialState creds;
+
+ int i;
+ BOOL ret = True;
+
+ if (!test_SetupCredentials(p, mem_ctx, TEST_MACHINE_NAME,
+ machine_password, &creds)) {
+ return False;
+ }
+
+ ninfo.identity_info.domain_name.string = lp_workgroup();
+ ninfo.identity_info.parameter_control = 0;
+ ninfo.identity_info.logon_id_low = 0;
+ ninfo.identity_info.logon_id_high = 0;
+ ninfo.identity_info.account_name.string = username;
+ ninfo.identity_info.workstation.string = TEST_MACHINE_NAME;
+ generate_random_buffer(ninfo.challenge,
+ sizeof(ninfo.challenge));
+ ninfo.nt.length = 24;
+ ninfo.nt.data = talloc(mem_ctx, 24);
+ SMBNTencrypt(password, ninfo.challenge, ninfo.nt.data);
+ ninfo.lm.length = 24;
+ ninfo.lm.data = talloc(mem_ctx, 24);
+ SMBencrypt(password, ninfo.challenge, ninfo.lm.data);
+
+ r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
+ r.in.workstation = TEST_MACHINE_NAME;
+ r.in.credential = &auth;
+ r.in.return_authenticator = &auth2;
+ r.in.logon_level = 2;
+ r.in.logon.network = &ninfo;
+
+ for (i=2;i<=3;i++) {
+ ZERO_STRUCT(auth2);
+ creds_client_authenticator(&creds, &auth);
+
+ r.in.validation_level = i;
+
+ printf("Testing SamLogon with validation level %d\n", i);
+
+ status = dcerpc_netr_LogonSamLogon(p, mem_ctx, &r);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("LogonSamLogon - %s\n", nt_errstr(status));
+ ret = False;
+ }
+
+ if (!creds_client_check(&creds, &r.out.return_authenticator->cred)) {
+ printf("Credential chaining failed\n");
+ }
+ }
+
+ return ret;
+}
+
+
/* we remember the sequence numbers so we can easily do a DatabaseDelta */
static uint64_t sequence_nums[3];
@@ -328,7 +394,7 @@ static BOOL test_DatabaseSync(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
NTSTATUS status;
struct netr_DatabaseSync r;
struct creds_CredentialState creds;
- const uint32_t database_ids[] = {0, 1, 2};
+ const uint32_t database_ids[] = {SAM_DATABASE_DOMAIN, SAM_DATABASE_BUILTIN, SAM_DATABASE_PRIVS};
int i;
BOOL ret = True;
@@ -366,7 +432,7 @@ static BOOL test_DatabaseSync(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
if (r.out.delta_enum_array &&
r.out.delta_enum_array->num_deltas > 0 &&
- r.out.delta_enum_array->delta_enum[0].delta_type == 1 &&
+ r.out.delta_enum_array->delta_enum[0].delta_type == NETR_DELTA_DOMAIN &&
r.out.delta_enum_array->delta_enum[0].delta_union.domain) {
sequence_nums[r.in.database_id] =
r.out.delta_enum_array->delta_enum[0].delta_union.domain->sequence_num;
@@ -969,7 +1035,7 @@ BOOL torture_rpc_netlogon(void)
struct dcerpc_pipe *p;
TALLOC_CTX *mem_ctx;
BOOL ret = True;
- void *join_ctx;
+ struct test_join *join_ctx;
mem_ctx = talloc_init("torture_rpc_netlogon");
@@ -996,6 +1062,10 @@ BOOL torture_rpc_netlogon(void)
ret = False;
}
+ if (!test_SamLogon(p, mem_ctx)) {
+ ret = False;
+ }
+
if (!test_SetPassword(p, mem_ctx)) {
ret = False;
}
diff --git a/source4/torture/rpc/schannel.c b/source4/torture/rpc/schannel.c
index 323adde534..7a9786fa2d 100644
--- a/source4/torture/rpc/schannel.c
+++ b/source4/torture/rpc/schannel.c
@@ -53,6 +53,63 @@ static BOOL test_samr_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
return True;
}
+
+/*
+ try a netlogon SamLogon
+*/
+static BOOL test_netlogon_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+ struct creds_CredentialState *creds)
+{
+ NTSTATUS status;
+ struct netr_LogonSamLogon r;
+ struct netr_Authenticator auth, auth2;
+ struct netr_NetworkInfo ninfo;
+ const char *username = lp_parm_string(-1, "torture", "username");
+ const char *password = lp_parm_string(-1, "torture", "password");
+
+ int i;
+ BOOL ret = True;
+
+ ninfo.identity_info.domain_name.string = lp_workgroup();
+ ninfo.identity_info.parameter_control = 0;
+ ninfo.identity_info.logon_id_low = 0;
+ ninfo.identity_info.logon_id_high = 0;
+ ninfo.identity_info.account_name.string = username;
+ ninfo.identity_info.workstation.string = TEST_MACHINE_NAME;
+ generate_random_buffer(ninfo.challenge,
+ sizeof(ninfo.challenge));
+ ninfo.nt.length = 24;
+ ninfo.nt.data = talloc(mem_ctx, 24);
+ SMBNTencrypt(password, ninfo.challenge, ninfo.nt.data);
+ ninfo.lm.length = 24;
+ ninfo.lm.data = talloc(mem_ctx, 24);
+ SMBencrypt(password, ninfo.challenge, ninfo.lm.data);
+
+
+ r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
+ r.in.workstation = TEST_MACHINE_NAME;
+ r.in.credential = &auth;
+ r.in.return_authenticator = &auth2;
+ r.in.logon_level = 2;
+ r.in.logon.network = &ninfo;
+
+ for (i=2;i<3;i++) {
+ ZERO_STRUCT(auth2);
+ creds_client_authenticator(creds, &auth);
+
+ r.in.validation_level = i;
+
+ status = dcerpc_netr_LogonSamLogon(p, mem_ctx, &r);
+
+ if (!creds_client_check(creds, &r.out.return_authenticator->cred)) {
+ printf("Credential chaining failed\n");
+ ret = False;
+ }
+
+ }
+ return ret;
+}
+
/*
test a schannel connection with the given flags
*/
@@ -66,6 +123,8 @@ static BOOL test_schannel(TALLOC_CTX *mem_ctx,
const char *binding = lp_parm_string(-1, "torture", "binding");
struct dcerpc_binding b;
struct dcerpc_pipe *p;
+ struct dcerpc_pipe *p_netlogon;
+ struct creds_CredentialState *creds;
join_ctx = torture_join_domain(TEST_MACHINE_NAME, lp_workgroup(), acct_flags,
&machine_password);
@@ -99,12 +158,51 @@ static BOOL test_schannel(TALLOC_CTX *mem_ctx,
goto failed;
}
+
+ status = dcerpc_parse_binding(mem_ctx, binding, &b);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("Bad binding string %s\n", binding);
+ goto failed;
+ }
+
+
+ /* Also test that when we connect to the netlogon pipe, that
+ * the credentials we setup on the first pipe are valid for
+ * the second */
+
+ b.flags &= ~DCERPC_AUTH_OPTIONS;
+ b.flags |= dcerpc_flags;
+
+ status = dcerpc_pipe_connect_b(&p_netlogon, &b,
+ DCERPC_NETLOGON_UUID,
+ DCERPC_NETLOGON_VERSION,
+ lp_workgroup(),
+ TEST_MACHINE_NAME,
+ machine_password);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ goto failed;
+ }
+
+ status = dcerpc_schannel_creds(p_netlogon->security_state.generic_state, mem_ctx, &creds);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto failed;
+ }
+
+ /* do a couple of logins */
+ if (!test_netlogon_ops(p_netlogon, mem_ctx, creds)) {
+ printf("Failed to process schannel secured ops\n");
+ goto failed;
+ }
+
torture_leave_domain(join_ctx);
+ dcerpc_pipe_close(p_netlogon);
dcerpc_pipe_close(p);
return True;
failed:
torture_leave_domain(join_ctx);
+ dcerpc_pipe_close(p_netlogon);
dcerpc_pipe_close(p);
return False;
}
diff --git a/source4/torture/rpc/xplogin.c b/source4/torture/rpc/xplogin.c
index a3cca7003c..e0bb706255 100644
--- a/source4/torture/rpc/xplogin.c
+++ b/source4/torture/rpc/xplogin.c
@@ -1021,7 +1021,7 @@ static BOOL xp_login(const char *dcname, const char *wksname,
struct smbcli_transport *transport;
struct dcerpc_pipe *netlogon_pipe;
- struct creds_CredentialState netlogon_creds;
+ struct creds_CredentialState *netlogon_creds;
struct dcerpc_pipe *netlogon_schannel_pipe;
@@ -1032,13 +1032,18 @@ static BOOL xp_login(const char *dcname, const char *wksname,
if (mem_ctx == NULL)
return False;
+ netlogon_creds = talloc_p(mem_ctx, struct creds_CredentialState);
+ if (!netlogon_creds) {
+ return False;
+ }
+
if (!NT_STATUS_IS_OK(after_negprot(&transport, dcname, 139,
wksname)))
return False;
if (!NT_STATUS_IS_OK(setup_netlogon_creds(transport, &netlogon_pipe,
wksname, domain, wkspwd,
- &netlogon_creds)))
+ netlogon_creds)))
return False;
if (!NT_STATUS_IS_OK(test_enumtrusts(transport)))
@@ -1063,13 +1068,13 @@ static BOOL xp_login(const char *dcname, const char *wksname,
DCERPC_NETLOGON_UUID,
DCERPC_NETLOGON_VERSION,
"", "", "",
- netlogon_creds.session_key);
+ netlogon_creds);
if (!NT_STATUS_IS_OK(status))
return False;
status = torture_samlogon(netlogon_schannel_pipe,
- &netlogon_creds, wksname, domain,
+ netlogon_creds, wksname, domain,
user1name, user1pw);
if (!NT_STATUS_IS_OK(status))
@@ -1078,7 +1083,7 @@ static BOOL xp_login(const char *dcname, const char *wksname,
talloc_free(netlogon_pipe);
status = torture_samlogon(netlogon_schannel_pipe,
- &netlogon_creds, wksname, domain,
+ netlogon_creds, wksname, domain,
user2name, user2pw);
if (!NT_STATUS_IS_OK(status))
generated by cgit (git 2.34.1) at 2024-11-11 01:25:24 +0000