diff options
Diffstat (limited to 'source4/torture/rpc')
| -rw-r--r-- | source4/torture/rpc/dssync.c | 7 | ||||
| -rw-r--r-- | source4/torture/rpc/schannel.c | 64 |
2 files changed, 68 insertions, 3 deletions
diff --git a/source4/torture/rpc/dssync.c b/source4/torture/rpc/dssync.c index 00617f4072..989a1faf27 100644 --- a/source4/torture/rpc/dssync.c +++ b/source4/torture/rpc/dssync.c @@ -288,16 +288,17 @@ static bool test_GetInfo(struct torture_context *tctx, struct DsSyncTest *ctx) search.in.dest_address = ctx->drsuapi_binding->host; search.in.dest_port = lp_cldap_port(tctx->lp_ctx); search.in.acct_control = -1; - search.in.version = 6; + search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX; + search.in.map_response = true; status = cldap_netlogon(cldap, ctx, &search); if (!NT_STATUS_IS_OK(status)) { const char *errstr = nt_errstr(status); ctx->site_name = talloc_asprintf(ctx, "%s", "Default-First-Site-Name"); printf("cldap_netlogon() returned %s. Defaulting to Site-Name: %s\n", errstr, ctx->site_name); } else { - ctx->site_name = talloc_steal(ctx, search.out.netlogon.logon5.client_site); + ctx->site_name = talloc_steal(ctx, search.out.netlogon.nt5_ex.client_site); printf("cldap_netlogon() returned Client Site-Name: %s.\n",ctx->site_name); - printf("cldap_netlogon() returned Server Site-Name: %s.\n",search.out.netlogon.logon5.server_site); + printf("cldap_netlogon() returned Server Site-Name: %s.\n",search.out.netlogon.nt5_ex.server_site); } return ret; diff --git a/source4/torture/rpc/schannel.c b/source4/torture/rpc/schannel.c index f0279f0d04..a8f70b2ea9 100644 --- a/source4/torture/rpc/schannel.c +++ b/source4/torture/rpc/schannel.c @@ -738,6 +738,70 @@ bool torture_rpc_schannel_bench1(struct torture_context *torture) } torture_assert_ntstatus_ok(torture, s->error, "Failed establish a connect"); + /* + * Change the workstation password after establishing the netlogon + * schannel connections to prove that existing connections are not + * affected by a wks pwchange. + */ + + { + struct netr_ServerPasswordSet pwset; + char *password = generate_random_str(s->join_ctx1, 8); + struct creds_CredentialState *creds_state; + struct dcerpc_pipe *net_pipe; + + status = dcerpc_pipe_connect_b(s, &net_pipe, s->b, + &ndr_table_netlogon, + s->wks_creds1, + torture->ev, torture->lp_ctx); + + torture_assert_ntstatus_ok(torture, status, + "dcerpc_pipe_connect_b failed"); + + pwset.in.server_name = talloc_asprintf( + net_pipe, "\\\\%s", dcerpc_server_name(net_pipe)); + pwset.in.computer_name = + cli_credentials_get_workstation(s->wks_creds1); + pwset.in.account_name = talloc_asprintf( + net_pipe, "%s$", pwset.in.computer_name); + pwset.in.secure_channel_type = SEC_CHAN_WKSTA; + E_md4hash(password, pwset.in.new_password.hash); + + creds_state = cli_credentials_get_netlogon_creds( + s->wks_creds1); + creds_des_encrypt(creds_state, &pwset.in.new_password); + creds_client_authenticator(creds_state, &pwset.in.credential); + + status = dcerpc_netr_ServerPasswordSet(net_pipe, torture, &pwset); + torture_assert_ntstatus_ok(torture, status, + "ServerPasswordSet failed"); + + if (!creds_client_check(creds_state, + &pwset.out.return_authenticator.cred)) { + printf("Credential chaining failed\n"); + } + + cli_credentials_set_password(s->wks_creds1, password, + CRED_SPECIFIED); + + talloc_free(net_pipe); + + /* Just as a test, connect with the new creds */ + + talloc_free(s->wks_creds1->netlogon_creds); + s->wks_creds1->netlogon_creds = NULL; + + status = dcerpc_pipe_connect_b(s, &net_pipe, s->b, + &ndr_table_netlogon, + s->wks_creds1, + torture->ev, torture->lp_ctx); + + torture_assert_ntstatus_ok(torture, status, + "dcerpc_pipe_connect_b failed"); + + talloc_free(net_pipe); + } + torture_comment(torture, "Start looping LogonSamLogonEx on %d connections for %d secs\n", s->nprocs, s->timelimit); for (i=0; i < s->nprocs; i++) { |