From 5b044b30ca6a9595b88b676e9ab282555bf29b84 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell <tridge@samba.org> Date: Tue, 15 Jun 2004 03:53:21 +0000 Subject: r1150: - fixed interactive sam logon in the rpc server - added a torture test for interactive login in smbtorture These changes allow winxp to perform an interactive login (a login on the winxp console) against a Samba4 DC. Our netlogon server code is still filling in many of the fields incorrectly, but it fills in enough that winxp can login. (This used to be commit db9ea488b047b5f0f7538fd75fb7dde8277eb06b) --- source4/librpc/idl/netlogon.idl | 20 +++---- source4/rpc_server/netlogon/dcerpc_netlogon.c | 13 ++--- source4/torture/rpc/netlogon.c | 81 +++++++++++++++++++++++---- 3 files changed, 84 insertions(+), 30 deletions(-) diff --git a/source4/librpc/idl/netlogon.idl b/source4/librpc/idl/netlogon.idl index a055583e9f..f0a418940e 100644 --- a/source4/librpc/idl/netlogon.idl +++ b/source4/librpc/idl/netlogon.idl @@ -165,13 +165,13 @@ interface netlogon uint32 primary_gid; uint32 group_count; [size_is(group_count)] netr_GroupMembership *groupids; - uint32 acct_flags; + uint32 user_flags; netr_UserSessionKey key; netr_String logon_server; netr_String domain; dom_sid2 *domain_sid; netr_LMSessionKey LMSessKey; - uint32 AccountControl; + uint32 acct_flags; uint32 unknown[7]; } netr_SamBaseInfo; @@ -908,17 +908,15 @@ interface netlogon netr_Blob blob; unistr *workstation_domain; unistr *workstation_site; - unistr *foo2; - unistr *p1; - unistr *p2; - unistr *p3; + unistr *unknown1; + unistr *unknown2; + unistr *unknown3; + unistr *unknown4; netr_BinaryString blob2; netr_String product; - uint32 i1; - unistr *p4; - uint32 i2; - uint32 pp; - uint32 xx[4]; + uint32 unknown5; + unistr *unknown6; + uint32 unknown7[6]; } netr_DomainQuery1; typedef union { diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index aa7c9eb019..c3b1bfc516 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -586,7 +586,7 @@ static NTSTATUS netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce_call, sam->account_name.string = talloc_strdup(mem_ctx, server_info->account_name); sam->full_name.string = talloc_strdup(mem_ctx, server_info->full_name); - sam->logon_script.string = talloc_strdup(mem_ctx, server_info->account_name); + sam->logon_script.string = talloc_strdup(mem_ctx, server_info->logon_script); sam->profile_path.string = talloc_strdup(mem_ctx, server_info->profile_path); sam->home_directory.string = talloc_strdup(mem_ctx, server_info->home_directory); sam->home_drive.string = talloc_strdup(mem_ctx, server_info->home_drive); @@ -597,9 +597,8 @@ static NTSTATUS netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce_call, sam->primary_gid = server_info->primary_group_sid->sub_auths[server_info->primary_group_sid->num_auths-1]; sam->group_count = 0; sam->groupids = NULL; - - sam->acct_flags = server_info->acct_flags; - + sam->user_flags = 0; /* TODO: w2k3 uses 0x120 - what is this? */ + sam->acct_flags = server_info->acct_flags; sam->logon_server.string = lp_netbios_name(); sam->domain.string = talloc_strdup(mem_ctx, server_info->domain); @@ -607,8 +606,6 @@ static NTSTATUS netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce_call, sam->domain_sid = dom_sid_dup(mem_ctx, server_info->user_sid); sam->domain_sid->num_auths--; - sam->AccountControl = 0; - if (server_info->user_session_key.length == sizeof(sam->key.key)) { memcpy(sam->key.key, server_info->user_session_key.data, sizeof(sam->key.key)); } else { @@ -657,9 +654,9 @@ static NTSTATUS netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce_call, sam6 = talloc_p(mem_ctx, struct netr_SamInfo6); ZERO_STRUCTP(sam6); sam6->base = *sam; - sam6->forest.string = sam->domain.string; + sam6->forest.string = lp_realm(); sam6->principle.string = talloc_asprintf(mem_ctx, "%s@%s", - sam->account_name.string, sam->domain.string); + sam->account_name.string, sam6->forest.string); r->out.validation.sam6 = sam6; break; diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c index c334651d46..a7012922dc 100644 --- a/source4/torture/rpc/netlogon.c +++ b/source4/torture/rpc/netlogon.c @@ -284,7 +284,6 @@ struct samlogon_state { Authenticate a user with a challenge/response, checking session key and valid authentication types */ - static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state, enum ntlm_break break_which, DATA_BLOB *chall, @@ -1522,6 +1521,65 @@ static BOOL test_DsrEnumerateDomainTrusts(struct dcerpc_pipe *p, TALLOC_CTX *mem } +/* + test an ADS style interactive domain login +*/ +static BOOL test_InteractiveLogin(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, + struct creds_CredentialState *creds) +{ + NTSTATUS status; + struct netr_LogonSamLogonWithFlags r; + struct netr_Authenticator a, ra; + struct netr_PasswordInfo pinfo; + const char *plain_pass; + + ZERO_STRUCT(r); + ZERO_STRUCT(ra); + + creds_client_authenticator(creds, &a); + + r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p)); + r.in.workstation = TEST_MACHINE_NAME; + r.in.credential = &a; + r.in.return_authenticator = &ra; + r.in.logon_level = 5; + r.in.logon.password = &pinfo; + r.in.validation_level = 6; + r.in.flags = 0; + + pinfo.identity_info.domain_name.string = lp_workgroup(); + pinfo.identity_info.parameter_control = 0; + pinfo.identity_info.logon_id_low = 0; + pinfo.identity_info.logon_id_high = 0; + pinfo.identity_info.account_name.string = lp_parm_string(-1, "torture", "username"); + pinfo.identity_info.workstation.string = TEST_MACHINE_NAME; + + plain_pass = lp_parm_string(-1, "torture", "password"); + + E_deshash(plain_pass, pinfo.lmpassword.hash); + E_md4hash(plain_pass, pinfo.ntpassword.hash); + + creds_arcfour_crypt(creds, pinfo.lmpassword.hash, 16); + creds_arcfour_crypt(creds, pinfo.ntpassword.hash, 16); + + printf("Testing netr_LogonSamLogonWithFlags\n"); + + status = dcerpc_netr_LogonSamLogonWithFlags(p, mem_ctx, &r); + if (!NT_STATUS_IS_OK(status)) { + printf("netr_LogonSamLogonWithFlags - %s\n", nt_errstr(status)); + exit(1); + return False; + } + + if (!creds_client_check(creds, &r.out.return_authenticator->cred)) { + printf("Credential chaining failed\n"); + return False; + } + + return True; +} + + static BOOL test_GetDomainInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) { NTSTATUS status; @@ -1531,7 +1589,7 @@ static BOOL test_GetDomainInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) uint32_t i1; struct creds_CredentialState creds; - if (!test_SetupCredentials(p, mem_ctx, &creds)) { + if (!test_SetupCredentials3(p, mem_ctx, NETLOGON_NEG_AUTH2_ADS_FLAGS, &creds)) { return False; } @@ -1555,29 +1613,30 @@ static BOOL test_GetDomainInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) /* this should really be the fully qualified name */ q1.workstation_domain = TEST_MACHINE_NAME; q1.workstation_site = "Default-First-Site-Name"; - q1.foo2 = "foo"; q1.blob2.length = 0; q1.blob2.size = 0; q1.blob2.data = NULL; q1.product.string = "product string"; - q1.p4 = NULL; - q1.pp = 0x00000000; printf("Testing netr_LogonGetDomainInfo\n"); status = dcerpc_netr_LogonGetDomainInfo(p, mem_ctx, &r); + if (!NT_STATUS_IS_OK(status)) { + printf("netr_LogonGetDomainInfo - %s\n", nt_errstr(status)); + return False; + } if (!creds_client_check(&creds, &a.cred)) { printf("Credential chaining failed\n"); + return False; } - printf("fault code 0x%x status=%s\n", p->last_fault_code, nt_errstr(status)); + test_InteractiveLogin(p, mem_ctx, &creds); return True; } - BOOL torture_rpc_netlogon(int dummy) { NTSTATUS status; @@ -1603,10 +1662,6 @@ BOOL torture_rpc_netlogon(int dummy) return False; } - if (!test_GetDomainInfo(p, mem_ctx)) { - ret = False; - } - if (!test_LogonUasLogon(p, mem_ctx)) { ret = False; } @@ -1623,6 +1678,10 @@ BOOL torture_rpc_netlogon(int dummy) ret = False; } + if (!test_GetDomainInfo(p, mem_ctx)) { + ret = False; + } + if (!test_DatabaseSync(p, mem_ctx)) { ret = False; } -- cgit