From 4e5e316022c96857ed2de1d10e87b12bfdd545d4 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vlendec@samba.org>
Date: Wed, 17 Oct 2007 18:26:40 +0200
Subject: r25688: Add a simple test for a samba3 regression

When trying an reqchal/auth2 for an unknown workstation account, we have
to return NT_STATUS_NO_TRUST_SAM_ACCOUNT to the auth2. v3-2-test right
now returns NT_STATUS_ACCESS_DENIED, which seems to prevent XP from
joining a Samba3 PDC.
(This used to be commit 99cc861238a33d43ccc4e97cb5ab756c0a097e1d)
---
 source4/torture/rpc/rpc.c       |   2 +
 source4/torture/rpc/samba3rpc.c | 114 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 116 insertions(+)

(limited to 'source4/torture')

diff --git a/source4/torture/rpc/rpc.c b/source4/torture/rpc/rpc.c
index 19511108b5..c17da561ff 100644
--- a/source4/torture/rpc/rpc.c
+++ b/source4/torture/rpc/rpc.c
@@ -419,6 +419,8 @@ NTSTATUS torture_rpc_init(void)
 			    torture_samba3_rpc_sharesec);
 	torture_suite_add_simple_test(suite, "SAMBA3-GETUSERNAME",
 			    torture_samba3_rpc_getusername);
+	torture_suite_add_simple_test(suite, "SAMBA3-RANDOMAUTH2",
+				      torture_samba3_rpc_randomauth2);
 	torture_suite_add_simple_test(suite, "SAMBA3-LSA", torture_samba3_rpc_lsa);
 	torture_suite_add_simple_test(suite, "SAMBA3-SPOOLSS", torture_samba3_rpc_spoolss);
 	torture_suite_add_simple_test(suite, "SAMBA3-WKSSVC", torture_samba3_rpc_wkssvc);
diff --git a/source4/torture/rpc/samba3rpc.c b/source4/torture/rpc/samba3rpc.c
index fe75fabad6..c8d58bf620 100644
--- a/source4/torture/rpc/samba3rpc.c
+++ b/source4/torture/rpc/samba3rpc.c
@@ -1859,6 +1859,120 @@ bool torture_samba3_rpc_srvsvc(struct torture_context *torture)
 	return ret;
 }
 
+/*
+ * Do a ReqChallenge/Auth2 with a random wks name, make sure it returns
+ * NT_STATUS_NO_SAM_ACCOUNT
+ */
+
+bool torture_samba3_rpc_randomauth2(struct torture_context *torture)
+{
+	TALLOC_CTX *mem_ctx;
+	struct dcerpc_pipe *net_pipe;
+	char *wksname;
+	bool result = false;
+	NTSTATUS status;
+	struct netr_ServerReqChallenge r;
+	struct netr_Credential netr_cli_creds;
+	struct netr_Credential netr_srv_creds;
+	uint32_t negotiate_flags;
+	struct netr_ServerAuthenticate2 a;
+	struct creds_CredentialState *creds_state;
+	struct netr_Credential netr_cred;
+	struct samr_Password mach_pw;
+	struct smbcli_state *cli;
+
+	if (!(mem_ctx = talloc_new(torture))) {
+		d_printf("talloc_new failed\n");
+		return false;
+	}
+
+	if (!(wksname = generate_random_str_list(
+		      mem_ctx, 14, "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"))) {
+		d_printf("generate_random_str_list failed\n");
+		goto done;
+	}
+
+	if (!(torture_open_connection_share(
+		      mem_ctx, &cli,
+		      torture_setting_string(torture, "host", NULL),
+		      "IPC$", NULL))) {
+		d_printf("IPC$ connection failed\n");
+		goto done;
+	}
+
+	if (!(net_pipe = dcerpc_pipe_init(
+		      mem_ctx, cli->transport->socket->event.ctx))) {
+		d_printf("dcerpc_pipe_init failed\n");
+		goto done;
+	}
+
+	status = dcerpc_pipe_open_smb(net_pipe, cli->tree, "\\netlogon");
+	if (!NT_STATUS_IS_OK(status)) {
+		d_printf("dcerpc_pipe_open_smb failed: %s\n",
+			 nt_errstr(status));
+		goto done;
+	}
+
+	status = dcerpc_bind_auth_none(net_pipe, &ndr_table_netlogon);
+	if (!NT_STATUS_IS_OK(status)) {
+		d_printf("dcerpc_bind_auth_none failed: %s\n",
+			 nt_errstr(status));
+		goto done;
+	}
+
+	r.in.computer_name = wksname;
+	r.in.server_name = talloc_asprintf(
+		mem_ctx, "\\\\%s", dcerpc_server_name(net_pipe));
+	if (r.in.server_name == NULL) {
+		d_printf("talloc_asprintf failed\n");
+		goto done;
+	}
+	generate_random_buffer(netr_cli_creds.data,
+			       sizeof(netr_cli_creds.data));
+	r.in.credentials = &netr_cli_creds;
+	r.out.credentials = &netr_srv_creds;
+
+	status = dcerpc_netr_ServerReqChallenge(net_pipe, mem_ctx, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		d_printf("netr_ServerReqChallenge failed: %s\n",
+			 nt_errstr(status));
+		goto done;
+	}
+
+	negotiate_flags = NETLOGON_NEG_AUTH2_FLAGS;
+	E_md4hash("foobar", mach_pw.hash);
+
+	creds_state = talloc(mem_ctx, struct creds_CredentialState);
+	creds_client_init(creds_state, r.in.credentials,
+			  r.out.credentials, &mach_pw,
+			  &netr_cred, negotiate_flags);
+
+	a.in.server_name = talloc_asprintf(
+		mem_ctx, "\\\\%s", dcerpc_server_name(net_pipe));
+	a.in.account_name = talloc_asprintf(
+		mem_ctx, "%s$", wksname);
+	a.in.computer_name = wksname;
+	a.in.secure_channel_type = SEC_CHAN_WKSTA;
+	a.in.negotiate_flags = &negotiate_flags;
+	a.out.negotiate_flags = &negotiate_flags;
+	a.in.credentials = &netr_cred;
+	a.out.credentials = &netr_cred;
+
+	status = dcerpc_netr_ServerAuthenticate2(net_pipe, mem_ctx, &a);
+
+	if (!NT_STATUS_EQUAL(status, NT_STATUS_NO_TRUST_SAM_ACCOUNT)) {
+		d_printf("dcerpc_netr_ServerAuthenticate2 returned %s, "
+			 "expected NT_STATUS_NO_TRUST_SAM_ACCOUNT\n",
+			 nt_errstr(status));
+		goto done;
+	}
+
+	result = true;
+ done:
+	talloc_free(mem_ctx);
+	return result;
+}
+
 static struct security_descriptor *get_sharesec(TALLOC_CTX *mem_ctx,
 						struct smbcli_session *sess,
 						const char *sharename)
-- 
cgit