From 546f63df5b214a1419069887ecfd9118aae8030a Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 28 Oct 2005 11:20:48 +0000 Subject: r11370: Samba4 now passes it's own RPC-SAMLOGON test again. This avoids the nasty user@DOMAIN test for now, as it has very odd semantics with NTLMv2. Allow only user accounts to do an interactive login. Andrew Bartlett (This used to be commit 690cad8083e176b2e58fc243a11a003a78ce4074) --- source4/torture/rpc/samlogon.c | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) (limited to 'source4/torture/rpc') diff --git a/source4/torture/rpc/samlogon.c b/source4/torture/rpc/samlogon.c index 1094c2886e..36201aa210 100644 --- a/source4/torture/rpc/samlogon.c +++ b/source4/torture/rpc/samlogon.c @@ -304,6 +304,8 @@ static BOOL test_lm_ntlm_broken(struct samlogon_state *samlogon_state, enum ntlm return True; } return ((break_which == BREAK_NT) || (break_which == BREAK_BOTH)); + } else if (NT_STATUS_EQUAL(NT_STATUS_NOT_FOUND, nt_status) && strchr_m(samlogon_state->account_name, '@')) { + return ((break_which == BREAK_NT) || (break_which == BREAK_BOTH) || (break_which == NO_NT)); } else if (!NT_STATUS_EQUAL(samlogon_state->expected_error, nt_status)) { SAFE_FREE(*error_string); asprintf(error_string, "Expected error: %s, got %s", nt_errstr(samlogon_state->expected_error), nt_errstr(nt_status)); @@ -633,6 +635,8 @@ static BOOL test_lmv2_ntlmv2_broken(struct samlogon_state *samlogon_state, return True; } return break_which == BREAK_BOTH; + } else if (NT_STATUS_EQUAL(NT_STATUS_NOT_FOUND, nt_status) && strchr_m(samlogon_state->account_name, '@')) { + return ((break_which == BREAK_NT) || (break_which == BREAK_BOTH) || (break_which == NO_NT)); } else if (!NT_STATUS_EQUAL(samlogon_state->expected_error, nt_status)) { SAFE_FREE(*error_string); asprintf(error_string, "Expected error: %s, got %s", nt_errstr(samlogon_state->expected_error), nt_errstr(nt_status)); @@ -799,6 +803,8 @@ static BOOL test_lmv2_ntlm_broken(struct samlogon_state *samlogon_state, return True; } return ((break_which == BREAK_NT) || (break_which == BREAK_BOTH)); + } else if (NT_STATUS_EQUAL(NT_STATUS_NOT_FOUND, nt_status) && strchr_m(samlogon_state->account_name, '@')) { + return ((break_which == BREAK_NT) || (break_which == BREAK_BOTH)); } else if (!NT_STATUS_EQUAL(samlogon_state->expected_error, nt_status)) { SAFE_FREE(*error_string); asprintf(error_string, "Expected error: %s, got %s", nt_errstr(samlogon_state->expected_error), nt_errstr(nt_status)); @@ -1181,6 +1187,8 @@ static BOOL test_plaintext(struct samlogon_state *samlogon_state, enum ntlm_brea return True; } return ((break_which == BREAK_NT) || (break_which == BREAK_BOTH)); + } else if (NT_STATUS_EQUAL(NT_STATUS_NOT_FOUND, nt_status) && strchr_m(samlogon_state->account_name, '@')) { + return ((break_which == BREAK_NT) || (break_which == BREAK_BOTH) || (break_which == NO_NT)); } else if (!NT_STATUS_EQUAL(samlogon_state->expected_error, nt_status)) { SAFE_FREE(*error_string); asprintf(error_string, "Expected error: %s, got %s", nt_errstr(samlogon_state->expected_error), nt_errstr(nt_status)); @@ -1387,7 +1395,8 @@ BOOL test_InteractiveLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, const char *comment, const char *workstation_name, const char *account_domain, const char *account_name, - const char *plain_pass, NTSTATUS expected_error) + const char *plain_pass, uint32_t parameter_control, + NTSTATUS expected_error) { NTSTATUS status; TALLOC_CTX *fn_ctx = talloc_named(mem_ctx, 0, "test_InteractiveLogon function-level context"); @@ -1411,7 +1420,7 @@ BOOL test_InteractiveLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, r.in.flags = 0; pinfo.identity_info.domain_name.string = account_domain; - pinfo.identity_info.parameter_control = 0; + pinfo.identity_info.parameter_control = parameter_control; pinfo.identity_info.logon_id_low = 0; pinfo.identity_info.logon_id_high = 0; pinfo.identity_info.account_name.string = account_name; @@ -1581,7 +1590,7 @@ BOOL torture_rpc_samlogon(void) cli_credentials_get_domain(cmdline_credentials) ), .password = cli_credentials_get_password(cmdline_credentials), - .network_login = False, + .network_login = False, /* works for some things, but not NTLMv2. Odd */ .expected_interactive_error = NT_STATUS_OK, .expected_network_error = NT_STATUS_OK }, @@ -1634,7 +1643,7 @@ BOOL torture_rpc_samlogon(void) cli_credentials_get_domain(machine_credentials) ), .password = cli_credentials_get_password(machine_credentials), - .network_login = False, + .network_login = False, /* works for some things, but not NTLMv2. Odd */ .expected_interactive_error = NT_STATUS_NO_SUCH_USER, .parameter_control = MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT }, @@ -1680,7 +1689,7 @@ BOOL torture_rpc_samlogon(void) TEST_USER_NAME, userdomain), .password = user_password, - .network_login = False, + .network_login = False, /* works for some things, but not NTLMv2. Odd */ .expected_interactive_error = NT_STATUS_OK, .expected_network_error = NT_STATUS_OK }, @@ -1706,6 +1715,7 @@ BOOL torture_rpc_samlogon(void) usercreds[ci].domain, usercreds[ci].username, usercreds[ci].password, + usercreds[ci].parameter_control, usercreds[ci].expected_interactive_error)) { ret = False; } @@ -1736,6 +1746,7 @@ BOOL torture_rpc_samlogon(void) usercreds[0].domain, usercreds[0].username, usercreds[0].password, + usercreds[0].parameter_control, usercreds[0].expected_interactive_error)) { ret = False; } @@ -1748,7 +1759,7 @@ BOOL torture_rpc_samlogon(void) usercreds[0].password, usercreds[0].parameter_control, usercreds[0].expected_network_error, - usercreds[ci].old_password, + usercreds[0].old_password, 1)) { ret = False; } -- cgit