From 9ebe4489e7211c2c191347cb348f123863d8e537 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Tue, 2 Dec 2003 11:43:09 +0000
Subject: added netr_LogonControl2() and netr_ServerAuthenticate2() (This used
 to be commit cc4123db4baec6a217500dc55113f89e1ea8ef61)

---
 source4/librpc/idl/netlogon.idl |  52 +++++++-------
 source4/torture/rpc/netlogon.c  | 148 +++++++++++++++++++++++++++++++++++++++-
 2 files changed, 173 insertions(+), 27 deletions(-)

(limited to 'source4')

diff --git a/source4/librpc/idl/netlogon.idl b/source4/librpc/idl/netlogon.idl
index 6281821d88..548209e0f4 100644
--- a/source4/librpc/idl/netlogon.idl
+++ b/source4/librpc/idl/netlogon.idl
@@ -266,7 +266,7 @@ interface netlogon
 	NTSTATUS netr_ServerAuthenticate(
 		[in]        unistr *server_name,
 		[in]        unistr username,
-		[in]        uint16 secure_challenge_type,
+		[in]        uint16 secure_channel_type,
 		[in]        unistr computer_name,
 		[in,out]    netr_Credential credentials
 		);
@@ -278,7 +278,7 @@ interface netlogon
 	NTSTATUS netr_ServerPasswordSet(
 		[in]  unistr *server_name,
 		[in]  unistr username,
-		[in]  uint16 secure_challenge_type,
+		[in]  uint16 secure_channel_type,
 		[in]  unistr computer_name,
 		[in]  netr_Authenticator credential,
 		[in]  netr_Password new_password,
@@ -695,6 +695,12 @@ interface netlogon
 		[case(3)]  netr_NETLOGON_INFO_3 *info3;
 	} netr_CONTROL_QUERY_INFORMATION;
 
+	/* function_code values */
+	const int NETLOGON_CONTROL_REDISCOVER       = 5;
+	const int NETLOGON_CONTROL_TC_QUERY         = 6;
+	const int NETLOGON_CONTROL_TRANSPORT_NOTIFY = 7;
+	const int NETLOGON_CONTROL_SET_DBFLAG       = 65534;
+
 	WERROR netr_LogonControl(
 		[in]   unistr *logon_server,
 		[in]   uint32 function_code,
@@ -712,25 +718,23 @@ interface netlogon
 		[out] unistr *dcname
 		);
 
-#if 0
-
-	typedef [switch_type(long)] union {
-		[case(5)] unistr *unknown;
-		[case(6)] unistr *unknown;
-		[case(0xfffe)] uint32 unknown;
-		[case(7)] unistry*unknown;
-	} CONTROL_DATA_INFORMATION;
-
 
 	/*****************/
 	/* Function 0x0E */
 
-	NTSTATUS netr_LogonControl2(
-		[in][string] wchar_t *logon_server,
-		[in] uint32 function_code,
-		[in] uint32 level,
-		[in][ref] CONTROL_DATA_INFORMATION *data,
-		[out][ref] CONTROL_QUERY_INFORMATION *query
+	typedef union {
+		[case(NETLOGON_CONTROL_REDISCOVER)]        unistr *domain;
+		[case(NETLOGON_CONTROL_TC_QUERY)]          unistr *domain;
+		[case(NETLOGON_CONTROL_TRANSPORT_NOTIFY)]  unistr *domain;
+		[case(NETLOGON_CONTROL_SET_DBFLAG)]        uint32 debug_level;
+	} netr_CONTROL_DATA_INFORMATION;
+
+	WERROR netr_LogonControl2(
+		[in]    unistr *logon_server,
+		[in]    uint32 function_code,
+		[in]    uint32 level,
+		[in][switch_is(function_code)] netr_CONTROL_DATA_INFORMATION  data,
+		[out][switch_is(level)]        netr_CONTROL_QUERY_INFORMATION query
 		);
 
 
@@ -738,15 +742,15 @@ interface netlogon
 	/* Function 0x0F */
 
 	NTSTATUS netr_ServerAuthenticate2(
-		[in][string] wchar_t *logon_server,
-		[in] unistr username,
-		[in] uint16 secure_channel_type,
-		[in] unistr computername,
-		[in][ref] CREDENTIAL *client_chal,
-		[out][ref] CREDENTIAL *server_chal,
-		[in][out][ref] uint32 *negotiate_flags,
+		[in]         unistr *server_name,
+		[in]         unistr username,
+		[in]         uint16 secure_channel_type,
+		[in]         unistr computer_name,
+		[in,out]     netr_Credential credentials,
+		[in,out,ref] uint32 *negotiate_flags
 		);
 
+#if 0
 
 	/*****************/
 	/* Function 0x10 */
diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c
index 008d03109e..b5a981c531 100644
--- a/source4/torture/rpc/netlogon.c
+++ b/source4/torture/rpc/netlogon.c
@@ -99,7 +99,7 @@ static BOOL test_SetupCredentials(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
 
 	a.in.server_name = NULL;
 	a.in.username = talloc_asprintf(mem_ctx, "%s$", lp_netbios_name());
-	a.in.secure_challenge_type = SEC_CHAN_BDC;
+	a.in.secure_channel_type = SEC_CHAN_BDC;
 	a.in.computer_name = lp_netbios_name();
 
 	printf("Testing ServerAuthenticate\n");
@@ -118,6 +118,64 @@ static BOOL test_SetupCredentials(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
 	return True;
 }
 
+static BOOL test_SetupCredentials2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+				   struct netr_CredentialState *creds)
+{
+	NTSTATUS status;
+	struct netr_ServerReqChallenge r;
+	struct netr_ServerAuthenticate2 a;
+	const char *plain_pass;
+	uint8 mach_pwd[16];
+	uint32 negotiate_flags = 0;
+
+	printf("Testing ServerReqChallenge\n");
+
+	r.in.server_name = NULL;
+	r.in.computer_name = lp_netbios_name();
+	generate_random_buffer(r.in.credentials.data, sizeof(r.in.credentials.data), False);
+
+	status = dcerpc_netr_ServerReqChallenge(p, mem_ctx, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("ServerReqChallenge - %s\n", nt_errstr(status));
+		return False;
+	}
+
+	plain_pass = secrets_fetch_machine_password();
+	if (!plain_pass) {
+		printf("Unable to fetch machine password!\n");
+		return False;
+	}
+
+	E_md4hash(plain_pass, mach_pwd);
+
+	creds_client_init(creds, &r.in.credentials, &r.out.credentials, mach_pwd,
+			  &a.in.credentials);
+
+	a.in.server_name = NULL;
+	a.in.username = talloc_asprintf(mem_ctx, "%s$", lp_netbios_name());
+	a.in.secure_channel_type = SEC_CHAN_BDC;
+	a.in.computer_name = lp_netbios_name();
+	a.in.negotiate_flags = &negotiate_flags;
+	a.out.negotiate_flags = &negotiate_flags;
+
+	printf("Testing ServerAuthenticate2\n");
+
+	status = dcerpc_netr_ServerAuthenticate2(p, mem_ctx, &a);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("ServerAuthenticate2 - %s\n", nt_errstr(status));
+		return False;
+	}
+
+	if (!creds_client_check(creds, &a.out.credentials)) {
+		printf("Credential chaining failed\n");
+		return False;
+	}
+
+	printf("negotiate_flags=0x%08x\n", negotiate_flags);
+
+	return True;
+}
+
 /*
   try a netlogon SamLogon
 */
@@ -131,7 +189,7 @@ static BOOL test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
 	const char *password = lp_parm_string(-1, "torture", "password");
 	struct netr_CredentialState creds;
 
-	if (!test_SetupCredentials(p, mem_ctx, &creds)) {
+	if (!test_SetupCredentials2(p, mem_ctx, &creds)) {
 		return False;
 	}
 
@@ -194,7 +252,7 @@ static BOOL test_SetPassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
 
 	r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
 	r.in.username = talloc_asprintf(mem_ctx, "%s$", lp_netbios_name());
-	r.in.secure_challenge_type = SEC_CHAN_BDC;
+	r.in.secure_channel_type = SEC_CHAN_BDC;
 	r.in.computer_name = lp_netbios_name();
 
 	password = generate_random_str(8);
@@ -508,6 +566,86 @@ static BOOL test_GetAnyDCName(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
 }
 
 
+/*
+  try a netlogon LogonControl2
+*/
+static BOOL test_LogonControl2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
+{
+	NTSTATUS status;
+	struct netr_LogonControl2 r;
+	BOOL ret = True;
+	int i;
+
+	r.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
+
+	r.in.function_code = NETLOGON_CONTROL_REDISCOVER;
+	r.in.data.domain = lp_workgroup();
+
+	for (i=1;i<4;i++) {
+		r.in.level = i;
+
+		printf("Testing LogonControl2 level %d function %d\n", 
+		       i, r.in.function_code);
+
+		status = dcerpc_netr_LogonControl2(p, mem_ctx, &r);
+		if (!NT_STATUS_IS_OK(status)) {
+			printf("LogonControl - %s\n", nt_errstr(status));
+			ret = False;
+		}
+	}
+
+	r.in.function_code = NETLOGON_CONTROL_TC_QUERY;
+	r.in.data.domain = lp_workgroup();
+
+	for (i=1;i<4;i++) {
+		r.in.level = i;
+
+		printf("Testing LogonControl2 level %d function %d\n", 
+		       i, r.in.function_code);
+
+		status = dcerpc_netr_LogonControl2(p, mem_ctx, &r);
+		if (!NT_STATUS_IS_OK(status)) {
+			printf("LogonControl - %s\n", nt_errstr(status));
+			ret = False;
+		}
+	}
+
+	r.in.function_code = NETLOGON_CONTROL_TRANSPORT_NOTIFY;
+	r.in.data.domain = lp_workgroup();
+
+	for (i=1;i<4;i++) {
+		r.in.level = i;
+
+		printf("Testing LogonControl2 level %d function %d\n", 
+		       i, r.in.function_code);
+
+		status = dcerpc_netr_LogonControl2(p, mem_ctx, &r);
+		if (!NT_STATUS_IS_OK(status)) {
+			printf("LogonControl - %s\n", nt_errstr(status));
+			ret = False;
+		}
+	}
+
+	r.in.function_code = NETLOGON_CONTROL_SET_DBFLAG;
+	r.in.data.debug_level = ~0;
+
+	for (i=1;i<4;i++) {
+		r.in.level = i;
+
+		printf("Testing LogonControl2 level %d function %d\n", 
+		       i, r.in.function_code);
+
+		status = dcerpc_netr_LogonControl2(p, mem_ctx, &r);
+		if (!NT_STATUS_IS_OK(status)) {
+			printf("LogonControl - %s\n", nt_errstr(status));
+			ret = False;
+		}
+	}
+
+	return ret;
+}
+
+
 BOOL torture_rpc_netlogon(int dummy)
 {
         NTSTATUS status;
@@ -571,6 +709,10 @@ BOOL torture_rpc_netlogon(int dummy)
 		ret = False;
 	}
 
+	if (!test_LogonControl2(p, mem_ctx)) {
+		ret = False;
+	}
+
         torture_rpc_close(p);
 
 	return ret;
-- 
cgit