From 19f3bfc0ac317cfd3320187d957972ab3fbd3cad Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 14 Jun 2004 11:33:28 +0000 Subject: r1140: added IDL and test code for validation level 6 in sam logon (This used to be commit c8541098436d2cd83538375889560405ecb50034) --- source4/librpc/idl/netlogon.idl | 56 +++++++++++++++++++++++++++++------------ source4/torture/rpc/netlogon.c | 19 ++++++++++---- 2 files changed, 54 insertions(+), 21 deletions(-) diff --git a/source4/librpc/idl/netlogon.idl b/source4/librpc/idl/netlogon.idl index 9e695aafc6..844bc7ec83 100644 --- a/source4/librpc/idl/netlogon.idl +++ b/source4/librpc/idl/netlogon.idl @@ -171,13 +171,7 @@ interface netlogon dom_sid2 *domain_sid; netr_LMSessionKey LMSessKey; uint32 AccountControl; - uint32 unknown1; - uint32 unknown2; - uint32 unknown3; - uint32 unknown4; - uint32 unknown5; - uint32 unknown6; - uint32 unknown7; + uint32 unknown[7]; } netr_SamInfo2; typedef struct { @@ -211,17 +205,46 @@ interface netlogon dom_sid2 *domain_sid; netr_LMSessionKey LMSessKey; uint32 AccountControl; - uint32 unknown1; - uint32 unknown2; - uint32 unknown3; - uint32 unknown4; - uint32 unknown5; - uint32 unknown6; - uint32 unknown7; + uint32 unknown[7]; uint32 sidcount; [size_is(sidcount)] netr_SidAttr *sids; } netr_SamInfo3; + + typedef struct { + NTTIME last_logon; + NTTIME last_logoff; + NTTIME acct_expiry; + NTTIME last_password_change; + NTTIME allow_password_change; + NTTIME force_password_change; + netr_String account_name; + netr_String full_name; + netr_String logon_script; + netr_String profile_path; + netr_String home_directory; + netr_String home_drive; + uint16 logon_count; + uint16 bad_password_count; + uint32 rid; + uint32 primary_gid; + uint32 group_count; + [size_is(group_count)] netr_GroupMembership *groupids; + uint32 acct_flags; + netr_UserSessionKey key; + netr_String logon_server; + netr_String domain; + dom_sid2 *domain_sid; + netr_LMSessionKey LMSessKey; + uint32 AccountControl; + uint32 unknown1[9]; + netr_String forest; + netr_String principle; + uint32 unknown4[18]; + uint32 sidcount; + [size_is(sidcount)] netr_SidAttr *sids; + } netr_SamInfo6; + typedef struct { uint32 pac_size; [size_is(pac_size)] uint8 *pac; @@ -239,10 +262,11 @@ interface netlogon } netr_PacInfo; typedef union { - [case(2)] netr_SamInfo2 *sam2; + [case(2)] netr_SamInfo2 *sam2; [case(3)] netr_SamInfo3 *sam3; [case(4)] netr_PacInfo *pac; - [case(5)] netr_PacInfo *pac2; + [case(5)] netr_PacInfo *pac; + [case(6)] netr_SamInfo6 *sam6; } netr_Validation; NTSTATUS netr_LogonSamLogon( diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c index 2505868af6..55d60871b6 100644 --- a/source4/torture/rpc/netlogon.c +++ b/source4/torture/rpc/netlogon.c @@ -421,14 +421,22 @@ static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state, if (lm_key) { memcpy(lm_key, r->out.validation.sam3->LMSessKey.key, 8); + } + } else if (r->in.validation_level == 6) { + /* they aren't encrypted! */ + if (user_session_key) { + memcpy(user_session_key, r->out.validation.sam6->key.key, 16); + } + if (lm_key) { + memcpy(lm_key, r->out.validation.sam6->LMSessKey.key, 8); } - } } return status; } + /* * Test the normal 'LM and NTLM' combination */ @@ -888,7 +896,7 @@ static BOOL test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) { int i, j; BOOL ret = True; - + int validation_levels[] = {2,3,6}; struct samlogon_state samlogon_state; samlogon_state.mem_ctx = mem_ctx; @@ -918,11 +926,12 @@ static BOOL test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) samlogon_state.r.in.credential = &samlogon_state.auth; samlogon_state.r.in.return_authenticator = &samlogon_state.auth2; - for (i=2;i<=3;i++) { - samlogon_state.r.in.validation_level = i; + for (i=0;i