From 5b044b30ca6a9595b88b676e9ab282555bf29b84 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Tue, 15 Jun 2004 03:53:21 +0000
Subject: r1150: - fixed interactive sam logon in the rpc server

- added a torture test for interactive login in smbtorture

These changes allow winxp to perform an interactive login (a login on
the winxp console) against a Samba4 DC. Our netlogon server code is
still filling in many of the fields incorrectly, but it fills in
enough that winxp can login.
(This used to be commit db9ea488b047b5f0f7538fd75fb7dde8277eb06b)
---
 source4/librpc/idl/netlogon.idl               | 20 +++----
 source4/rpc_server/netlogon/dcerpc_netlogon.c | 13 ++---
 source4/torture/rpc/netlogon.c                | 81 +++++++++++++++++++++++----
 3 files changed, 84 insertions(+), 30 deletions(-)

diff --git a/source4/librpc/idl/netlogon.idl b/source4/librpc/idl/netlogon.idl
index a055583e9f..f0a418940e 100644
--- a/source4/librpc/idl/netlogon.idl
+++ b/source4/librpc/idl/netlogon.idl
@@ -165,13 +165,13 @@ interface netlogon
 		uint32 primary_gid;
 		uint32 group_count;
 		[size_is(group_count)] netr_GroupMembership *groupids;
-		uint32 acct_flags;
+		uint32 user_flags;
 		netr_UserSessionKey key;
 		netr_String logon_server;
 		netr_String domain;
 		dom_sid2 *domain_sid;
 		netr_LMSessionKey LMSessKey;
-		uint32 AccountControl;
+		uint32 acct_flags;
 		uint32 unknown[7];
 	} netr_SamBaseInfo;
 
@@ -908,17 +908,15 @@ interface netlogon
 		netr_Blob blob;
 		unistr *workstation_domain;
 		unistr *workstation_site;
-		unistr *foo2;
-		unistr *p1;
-		unistr *p2;
-		unistr *p3;
+		unistr *unknown1;
+		unistr *unknown2;
+		unistr *unknown3;
+		unistr *unknown4;
 		netr_BinaryString blob2;
 		netr_String product;
-		uint32 i1;
-		unistr *p4;
-		uint32 i2;
-		uint32 pp;
-		uint32 xx[4];
+		uint32 unknown5;
+		unistr *unknown6;
+		uint32 unknown7[6];
 	} netr_DomainQuery1;
 
 	typedef union {
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index aa7c9eb019..c3b1bfc516 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -586,7 +586,7 @@ static NTSTATUS netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce_call,
 	
 	sam->account_name.string = talloc_strdup(mem_ctx, server_info->account_name);
 	sam->full_name.string = talloc_strdup(mem_ctx, server_info->full_name);
-	sam->logon_script.string = talloc_strdup(mem_ctx, server_info->account_name);
+	sam->logon_script.string = talloc_strdup(mem_ctx, server_info->logon_script);
 	sam->profile_path.string = talloc_strdup(mem_ctx, server_info->profile_path);
 	sam->home_directory.string = talloc_strdup(mem_ctx, server_info->home_directory);
 	sam->home_drive.string = talloc_strdup(mem_ctx, server_info->home_drive);
@@ -597,9 +597,8 @@ static NTSTATUS netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce_call,
 	sam->primary_gid = server_info->primary_group_sid->sub_auths[server_info->primary_group_sid->num_auths-1];
 	sam->group_count = 0;
 	sam->groupids = NULL;
-	
-	sam->acct_flags = server_info->acct_flags;
-	
+	sam->user_flags = 0; /* TODO: w2k3 uses 0x120 - what is this? */
+	sam->acct_flags = server_info->acct_flags;	
 	sam->logon_server.string = lp_netbios_name();
 	
 	sam->domain.string = talloc_strdup(mem_ctx, server_info->domain);
@@ -607,8 +606,6 @@ static NTSTATUS netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce_call,
 	sam->domain_sid = dom_sid_dup(mem_ctx, server_info->user_sid);
 	sam->domain_sid->num_auths--;
 
-	sam->AccountControl = 0;
-	
 	if (server_info->user_session_key.length == sizeof(sam->key.key)) {
 		memcpy(sam->key.key, server_info->user_session_key.data, sizeof(sam->key.key));
 	} else {
@@ -657,9 +654,9 @@ static NTSTATUS netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce_call,
 		sam6 = talloc_p(mem_ctx, struct netr_SamInfo6);
 		ZERO_STRUCTP(sam6);
 		sam6->base = *sam;
-		sam6->forest.string = sam->domain.string;
+		sam6->forest.string = lp_realm();
 		sam6->principle.string = talloc_asprintf(mem_ctx, "%s@%s", 
-							 sam->account_name.string, sam->domain.string);
+							 sam->account_name.string, sam6->forest.string);
 		r->out.validation.sam6 = sam6;
 		break;
 
diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c
index c334651d46..a7012922dc 100644
--- a/source4/torture/rpc/netlogon.c
+++ b/source4/torture/rpc/netlogon.c
@@ -284,7 +284,6 @@ struct samlogon_state {
    Authenticate a user with a challenge/response, checking session key
    and valid authentication types
 */
-
 static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state, 
 			       enum ntlm_break break_which,
 			       DATA_BLOB *chall, 
@@ -1522,6 +1521,65 @@ static BOOL test_DsrEnumerateDomainTrusts(struct dcerpc_pipe *p, TALLOC_CTX *mem
 }
 
 
+/*
+  test an ADS style interactive domain login
+*/
+static BOOL test_InteractiveLogin(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, 
+				  struct creds_CredentialState *creds)
+{
+	NTSTATUS status;
+	struct netr_LogonSamLogonWithFlags r;
+	struct netr_Authenticator a, ra;
+	struct netr_PasswordInfo pinfo;
+	const char *plain_pass;
+
+	ZERO_STRUCT(r);
+	ZERO_STRUCT(ra);
+
+	creds_client_authenticator(creds, &a);
+
+	r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.workstation = TEST_MACHINE_NAME;
+	r.in.credential = &a;
+	r.in.return_authenticator = &ra;
+	r.in.logon_level = 5;
+	r.in.logon.password = &pinfo;
+	r.in.validation_level = 6;
+	r.in.flags = 0;
+
+	pinfo.identity_info.domain_name.string = lp_workgroup();
+	pinfo.identity_info.parameter_control = 0;
+	pinfo.identity_info.logon_id_low = 0;
+	pinfo.identity_info.logon_id_high = 0;
+	pinfo.identity_info.account_name.string = lp_parm_string(-1, "torture", "username");
+	pinfo.identity_info.workstation.string = TEST_MACHINE_NAME;
+
+	plain_pass = lp_parm_string(-1, "torture", "password");
+
+	E_deshash(plain_pass, pinfo.lmpassword.hash);
+	E_md4hash(plain_pass, pinfo.ntpassword.hash);
+
+	creds_arcfour_crypt(creds, pinfo.lmpassword.hash, 16);
+	creds_arcfour_crypt(creds, pinfo.ntpassword.hash, 16);
+
+	printf("Testing netr_LogonSamLogonWithFlags\n");
+
+	status = dcerpc_netr_LogonSamLogonWithFlags(p, mem_ctx, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("netr_LogonSamLogonWithFlags - %s\n", nt_errstr(status));
+		exit(1);
+		return False;
+	}
+
+	if (!creds_client_check(creds, &r.out.return_authenticator->cred)) {
+		printf("Credential chaining failed\n");
+		return False;
+	}
+
+	return True;
+}
+
+
 static BOOL test_GetDomainInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
 {
 	NTSTATUS status;
@@ -1531,7 +1589,7 @@ static BOOL test_GetDomainInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
 	uint32_t i1;
 	struct creds_CredentialState creds;
 
-	if (!test_SetupCredentials(p, mem_ctx, &creds)) {
+	if (!test_SetupCredentials3(p, mem_ctx, NETLOGON_NEG_AUTH2_ADS_FLAGS, &creds)) {
 		return False;
 	}
 
@@ -1555,29 +1613,30 @@ static BOOL test_GetDomainInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
 	/* this should really be the fully qualified name */
 	q1.workstation_domain = TEST_MACHINE_NAME;
 	q1.workstation_site = "Default-First-Site-Name";
-	q1.foo2 = "foo";
 	q1.blob2.length = 0;
 	q1.blob2.size = 0;
 	q1.blob2.data = NULL;
 	q1.product.string = "product string";
-	q1.p4 = NULL;
-	q1.pp = 0x00000000;
 
 	printf("Testing netr_LogonGetDomainInfo\n");
 
 	status = dcerpc_netr_LogonGetDomainInfo(p, mem_ctx, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("netr_LogonGetDomainInfo - %s\n", nt_errstr(status));
+		return False;
+	}
 
 	if (!creds_client_check(&creds, &a.cred)) {
 		printf("Credential chaining failed\n");
+		return False;
 	}
 
-	printf("fault code 0x%x  status=%s\n", p->last_fault_code, nt_errstr(status));
+	test_InteractiveLogin(p, mem_ctx, &creds);
 
 	return True;
 }
 
 
-
 BOOL torture_rpc_netlogon(int dummy)
 {
         NTSTATUS status;
@@ -1603,10 +1662,6 @@ BOOL torture_rpc_netlogon(int dummy)
 		return False;
 	}
 
-	if (!test_GetDomainInfo(p, mem_ctx)) {
-		ret = False;
-	}
-
 	if (!test_LogonUasLogon(p, mem_ctx)) {
 		ret = False;
 	}
@@ -1623,6 +1678,10 @@ BOOL torture_rpc_netlogon(int dummy)
 		ret = False;
 	}
 
+	if (!test_GetDomainInfo(p, mem_ctx)) {
+		ret = False;
+	}
+
 	if (!test_DatabaseSync(p, mem_ctx)) {
 		ret = False;
 	}
-- 
cgit