2004-05-26 03:12:52 +04:00
/*
Unix SMB / CIFS implementation .
2005-04-25 07:37:37 +04:00
Small self - tests for the NTLMSSP code
2004-05-26 03:12:52 +04:00
Copyright ( C ) Andrew Bartlett < abartlet @ samba . org > 2004
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-10 06:07:03 +04:00
the Free Software Foundation ; either version 3 of the License , or
2004-05-26 03:12:52 +04:00
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
2007-07-10 06:07:03 +04:00
along with this program . If not , see < http : //www.gnu.org/licenses/>.
2004-05-26 03:12:52 +04:00
*/
# include "includes.h"
2006-11-07 03:48:36 +03:00
# include "auth/gensec/gensec.h"
2005-04-25 09:03:50 +04:00
# include "auth/ntlmssp/ntlmssp.h"
2005-04-25 07:37:37 +04:00
# include "lib/cmdline/popt_common.h"
2006-03-25 19:01:28 +03:00
# include "torture/torture.h"
2008-11-02 04:05:48 +03:00
# include "param/param.h"
2011-03-19 02:45:16 +03:00
# include "torture/auth/proto.h"
2004-05-26 03:12:52 +04:00
2006-10-16 17:06:41 +04:00
static bool torture_ntlmssp_self_check ( struct torture_context * tctx )
2004-05-26 03:12:52 +04:00
{
2005-04-25 07:37:37 +04:00
struct gensec_security * gensec_security ;
2009-12-30 10:23:13 +03:00
struct gensec_ntlmssp_context * gensec_ntlmssp ;
2009-12-30 19:57:54 +03:00
struct ntlmssp_state * ntlmssp_state ;
2004-05-26 03:12:52 +04:00
DATA_BLOB data ;
DATA_BLOB sig , expected_sig ;
2006-10-16 17:06:41 +04:00
TALLOC_CTX * mem_ctx = tctx ;
2004-05-26 03:12:52 +04:00
2006-10-16 17:06:41 +04:00
torture_assert_ntstatus_ok ( tctx ,
2008-04-22 01:58:23 +04:00
gensec_client_start ( mem_ctx , & gensec_security ,
2010-07-16 08:32:42 +04:00
tctx - > ev , lpcfg_gensec_settings ( tctx , tctx - > lp_ctx ) ) ,
2006-06-12 23:19:34 +04:00
" gensec client start " ) ;
2005-04-25 07:37:37 +04:00
gensec_set_credentials ( gensec_security , cmdline_credentials ) ;
2005-05-16 03:40:22 +04:00
gensec_want_feature ( gensec_security , GENSEC_FEATURE_SIGN ) ;
gensec_want_feature ( gensec_security , GENSEC_FEATURE_SEAL ) ;
2006-10-16 17:06:41 +04:00
torture_assert_ntstatus_ok ( tctx ,
2006-06-12 23:19:34 +04:00
gensec_start_mech_by_oid ( gensec_security , GENSEC_OID_NTLMSSP ) ,
" Failed to start GENSEC for NTLMSSP " ) ;
2004-05-26 03:12:52 +04:00
2009-12-30 10:23:13 +03:00
gensec_ntlmssp = talloc_get_type_abort ( gensec_security - > private_data ,
struct gensec_ntlmssp_context ) ;
2009-12-30 19:57:54 +03:00
ntlmssp_state = gensec_ntlmssp - > ntlmssp_state ;
2005-04-25 07:37:37 +04:00
2009-12-30 19:57:54 +03:00
ntlmssp_state - > session_key = strhex_to_data_blob ( tctx , " 0102030405060708090a0b0c0d0e0f00 " ) ;
2004-05-26 03:12:52 +04:00
dump_data_pw ( " NTLMSSP session key: \n " ,
2009-12-30 19:57:54 +03:00
ntlmssp_state - > session_key . data ,
ntlmssp_state - > session_key . length ) ;
2004-05-26 03:12:52 +04:00
2009-12-30 19:57:54 +03:00
ntlmssp_state - > neg_flags = NTLMSSP_NEGOTIATE_SIGN | NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_KEY_EXCH | NTLMSSP_NEGOTIATE_NTLM2 ;
2004-05-26 03:12:52 +04:00
2006-10-16 17:06:41 +04:00
torture_assert_ntstatus_ok ( tctx ,
2009-12-30 19:57:54 +03:00
ntlmssp_sign_init ( ntlmssp_state ) ,
2006-06-12 23:19:34 +04:00
" Failed to sign_init " ) ;
2004-05-26 03:12:52 +04:00
2008-10-18 20:09:04 +04:00
data = strhex_to_data_blob ( tctx , " 6a43494653 " ) ;
2005-04-25 07:37:37 +04:00
gensec_ntlmssp_sign_packet ( gensec_security , gensec_security ,
data . data , data . length , data . data , data . length , & sig ) ;
2004-05-26 03:12:52 +04:00
2008-10-18 20:09:04 +04:00
expected_sig = strhex_to_data_blob ( tctx , " 01000000e37f97f2544f4d7e00000000 " ) ;
2004-05-26 03:12:52 +04:00
2004-08-22 09:37:39 +04:00
dump_data_pw ( " NTLMSSP calc sig: " , sig . data , sig . length ) ;
dump_data_pw ( " NTLMSSP expected sig: " , expected_sig . data , expected_sig . length ) ;
2006-10-16 17:06:41 +04:00
torture_assert_int_equal ( tctx , sig . length , expected_sig . length , " Wrong sig length " ) ;
2004-08-22 09:37:39 +04:00
2008-04-14 00:00:36 +04:00
torture_assert_mem_equal ( tctx , sig . data , expected_sig . data , sig . length ,
2006-06-12 23:19:34 +04:00
" data mismatch " ) ;
2004-05-26 03:12:52 +04:00
2007-01-22 15:33:27 +03:00
torture_assert_ntstatus_equal ( tctx ,
gensec_ntlmssp_check_packet ( gensec_security , gensec_security ,
data . data , data . length , data . data , data . length , & sig ) ,
NT_STATUS_ACCESS_DENIED , " Check of just signed packet (should fail, wrong end) " ) ;
2009-12-30 19:57:54 +03:00
ntlmssp_state - > session_key = data_blob ( NULL , 0 ) ;
2007-01-22 15:33:27 +03:00
torture_assert_ntstatus_equal ( tctx ,
gensec_ntlmssp_check_packet ( gensec_security , gensec_security ,
data . data , data . length , data . data , data . length , & sig ) ,
NT_STATUS_NO_USER_SESSION_KEY , " Check of just signed packet without a session key should fail " ) ;
2005-04-25 07:37:37 +04:00
talloc_free ( gensec_security ) ;
2004-06-16 06:08:30 +04:00
2006-10-16 17:06:41 +04:00
torture_assert_ntstatus_ok ( tctx ,
2008-04-22 01:58:23 +04:00
gensec_client_start ( mem_ctx , & gensec_security ,
2010-07-16 08:32:42 +04:00
tctx - > ev , lpcfg_gensec_settings ( tctx , tctx - > lp_ctx ) ) ,
2006-06-12 23:19:34 +04:00
" Failed to start GENSEC for NTLMSSP " ) ;
2005-04-25 07:37:37 +04:00
gensec_set_credentials ( gensec_security , cmdline_credentials ) ;
2005-05-16 03:40:22 +04:00
gensec_want_feature ( gensec_security , GENSEC_FEATURE_SIGN ) ;
gensec_want_feature ( gensec_security , GENSEC_FEATURE_SEAL ) ;
2006-10-16 17:06:41 +04:00
torture_assert_ntstatus_ok ( tctx ,
2006-06-12 23:19:34 +04:00
gensec_start_mech_by_oid ( gensec_security , GENSEC_OID_NTLMSSP ) ,
" GENSEC start mech by oid " ) ;
2004-06-16 06:08:30 +04:00
2009-12-30 10:23:13 +03:00
gensec_ntlmssp = talloc_get_type_abort ( gensec_security - > private_data ,
struct gensec_ntlmssp_context ) ;
2009-12-30 19:57:54 +03:00
ntlmssp_state = gensec_ntlmssp - > ntlmssp_state ;
2005-04-25 07:37:37 +04:00
2009-12-30 19:57:54 +03:00
ntlmssp_state - > session_key = strhex_to_data_blob ( tctx , " 0102030405e538b0 " ) ;
2004-06-16 06:08:30 +04:00
dump_data_pw ( " NTLMSSP session key: \n " ,
2009-12-30 19:57:54 +03:00
ntlmssp_state - > session_key . data ,
ntlmssp_state - > session_key . length ) ;
2004-06-16 06:08:30 +04:00
2009-12-30 19:57:54 +03:00
ntlmssp_state - > neg_flags = NTLMSSP_NEGOTIATE_SIGN | NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_KEY_EXCH ;
2004-06-16 06:08:30 +04:00
2006-10-16 17:06:41 +04:00
torture_assert_ntstatus_ok ( tctx ,
2009-12-30 19:57:54 +03:00
ntlmssp_sign_init ( ntlmssp_state ) ,
2006-06-12 23:19:34 +04:00
" Failed to sign_init " ) ;
2004-06-16 06:08:30 +04:00
2008-10-18 20:09:04 +04:00
data = strhex_to_data_blob ( tctx , " 6a43494653 " ) ;
2005-04-25 07:37:37 +04:00
gensec_ntlmssp_sign_packet ( gensec_security , gensec_security ,
2004-09-11 19:11:36 +04:00
data . data , data . length , data . data , data . length , & sig ) ;
2004-06-16 06:08:30 +04:00
2008-10-18 20:09:04 +04:00
expected_sig = strhex_to_data_blob ( tctx , " 0100000078010900397420fe0e5a0f89 " ) ;
2004-06-16 06:08:30 +04:00
2004-08-22 09:37:39 +04:00
dump_data_pw ( " NTLMSSP calc sig: " , sig . data , sig . length ) ;
dump_data_pw ( " NTLMSSP expected sig: " , expected_sig . data , expected_sig . length ) ;
2006-10-16 17:06:41 +04:00
torture_assert_int_equal ( tctx , sig . length , expected_sig . length , " Wrong sig length " ) ;
2004-08-22 09:37:39 +04:00
2008-04-14 00:00:36 +04:00
torture_assert_mem_equal ( tctx , sig . data + 8 , expected_sig . data + 8 , sig . length - 8 ,
2006-06-12 23:19:34 +04:00
" data mismatch " ) ;
2004-06-16 06:08:30 +04:00
2007-01-22 15:33:27 +03:00
torture_assert_ntstatus_equal ( tctx ,
gensec_ntlmssp_check_packet ( gensec_security , gensec_security ,
data . data , data . length , data . data , data . length , & sig ) ,
NT_STATUS_ACCESS_DENIED , " Check of just signed packet (should fail, wrong end) " ) ;
2007-01-28 10:58:39 +03:00
sig . length / = 2 ;
torture_assert_ntstatus_equal ( tctx ,
gensec_ntlmssp_check_packet ( gensec_security , gensec_security ,
data . data , data . length , data . data , data . length , & sig ) ,
NT_STATUS_ACCESS_DENIED , " Check of just signed packet with short sig " ) ;
2005-04-25 07:37:37 +04:00
talloc_free ( gensec_security ) ;
2006-10-16 17:06:41 +04:00
return true ;
2004-05-26 03:12:52 +04:00
}
2006-06-17 02:06:09 +04:00
2008-04-02 06:53:27 +04:00
struct torture_suite * torture_ntlmssp ( TALLOC_CTX * mem_ctx )
2006-06-17 02:06:09 +04:00
{
2010-12-11 05:26:31 +03:00
struct torture_suite * suite = torture_suite_create ( mem_ctx , " ntlmssp " ) ;
2006-06-17 02:06:09 +04:00
2006-10-16 17:06:41 +04:00
torture_suite_add_simple_test ( suite , " NTLMSSP self check " ,
torture_ntlmssp_self_check ) ;
2006-06-17 02:06:09 +04:00
2006-06-17 04:17:50 +04:00
return suite ;
2006-06-17 02:06:09 +04:00
}