mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
* netr_ServerPasswordSet() now works - the test suite changes the
machine account password.
* neater handling on value() options in IDL. The auto-print code
will now display the right value so you don't need to initialise
it in your C code
(This used to be commit 3dd978b12b
)
This commit is contained in:
parent
8b30b0071c
commit
06ae424835
@ -405,6 +405,12 @@ sub ParseElementPrintScalar($$)
|
||||
return;
|
||||
}
|
||||
|
||||
if (my $value = util::has_property($e, "value")) {
|
||||
pidl "\tif (ndr->flags & LIBNDR_PRINT_SET_VALUES) {\n";
|
||||
pidl "\t\t$cprefix$var_prefix$e->{NAME} = $value;\n";
|
||||
pidl "\t}\n";
|
||||
}
|
||||
|
||||
if (util::is_fixed_array($e)) {
|
||||
ParseElementPrintBuffer($e, $var_prefix);
|
||||
} elsif (util::has_direct_buffers($e)) {
|
||||
@ -1100,7 +1106,11 @@ sub ParseFunctionPrint($)
|
||||
pidl "\n{\n";
|
||||
pidl "\tndr_print_struct(ndr, name, \"$fn->{NAME}\");\n";
|
||||
pidl "\tndr->depth++;\n";
|
||||
|
||||
|
||||
pidl "\tif (flags & NDR_SET_VALUES) {\n";
|
||||
pidl "\t\tndr->flags |= LIBNDR_PRINT_SET_VALUES;\n";
|
||||
pidl "}\n";
|
||||
|
||||
pidl "\tif (flags & NDR_IN) {\n";
|
||||
pidl "\t\tndr_print_struct(ndr, \"in\", \"$fn->{NAME}\");\n";
|
||||
pidl "\tndr->depth++;\n";
|
||||
|
@ -109,3 +109,14 @@ void creds_authenticator(struct netr_CredentialState *creds,
|
||||
next->cred = creds->cred2;
|
||||
next->timestamp = creds->sequence;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
encrypt a 16 byte password buffer using the session key
|
||||
*/
|
||||
void creds_encrypt(struct netr_CredentialState *creds, struct netr_Password *pass)
|
||||
{
|
||||
struct netr_Password tmp;
|
||||
cred_hash3(tmp.data, pass->data, creds->session_key, 1);
|
||||
*pass = tmp;
|
||||
}
|
||||
|
@ -91,7 +91,7 @@ interface netlogon
|
||||
} netr_IdentityInfo;
|
||||
|
||||
typedef [flag(NDR_PAHEX)] struct {
|
||||
uint8 password[16];
|
||||
uint8 data[16];
|
||||
} netr_Password;
|
||||
|
||||
typedef struct {
|
||||
@ -252,19 +252,18 @@ interface netlogon
|
||||
[in,out] netr_Credential credentials
|
||||
);
|
||||
|
||||
#if 0
|
||||
typedef struct {
|
||||
uint8 encrypted_password[16];
|
||||
} ENCRYPTED_LM_OWF_PASSWORD;
|
||||
WERROR netr_ServerPasswordSet(
|
||||
[in] unistr *server_name,
|
||||
[in] unistr username,
|
||||
[in] uint16 secure_challenge_type,
|
||||
[in] unistr ComputerName,
|
||||
[in][ref] AUTHENTICATOR credential,
|
||||
[in][ref] LM_OWF_PASSWORD UasNewPassword,
|
||||
[out][ref] AUTHENTICATOR return_authenticator
|
||||
|
||||
NTSTATUS netr_ServerPasswordSet(
|
||||
[in] unistr *server_name,
|
||||
[in] unistr username,
|
||||
[in] uint16 secure_challenge_type,
|
||||
[in] unistr computer_name,
|
||||
[in] netr_Authenticator credential,
|
||||
[in] netr_Password new_password,
|
||||
[out] netr_Authenticator return_authenticator
|
||||
);
|
||||
|
||||
#if 0
|
||||
typedef struct {
|
||||
unistr *username;
|
||||
netr_String dummy1;
|
||||
|
@ -111,6 +111,7 @@ struct ndr_print {
|
||||
#define LIBNDR_ALIGN_FLAGS (LIBNDR_FLAG_ALIGN2|LIBNDR_FLAG_ALIGN4|LIBNDR_FLAG_ALIGN8)
|
||||
|
||||
#define LIBNDR_PRINT_ARRAY_HEX (1<<15)
|
||||
#define LIBNDR_PRINT_SET_VALUES (1<<16)
|
||||
|
||||
|
||||
/* useful macro for debugging */
|
||||
@ -119,7 +120,7 @@ struct ndr_print {
|
||||
#define NDR_PRINT_FUNCTION_DEBUG(type, flags, p) ndr_print_function_debug((ndr_print_function_t)ndr_print_ ##type, #type, flags, p)
|
||||
#define NDR_PRINT_BOTH_DEBUG(type, p) NDR_PRINT_FUNCTION_DEBUG(type, NDR_BOTH, p)
|
||||
#define NDR_PRINT_OUT_DEBUG(type, p) NDR_PRINT_FUNCTION_DEBUG(type, NDR_OUT, p)
|
||||
#define NDR_PRINT_IN_DEBUG(type, p) NDR_PRINT_FUNCTION_DEBUG(type, NDR_IN, p)
|
||||
#define NDR_PRINT_IN_DEBUG(type, p) NDR_PRINT_FUNCTION_DEBUG(type, NDR_IN | NDR_SET_VALUES, p)
|
||||
|
||||
|
||||
enum ndr_err_code {
|
||||
@ -149,6 +150,7 @@ enum ndr_err_code {
|
||||
#define NDR_IN 1
|
||||
#define NDR_OUT 2
|
||||
#define NDR_BOTH 3
|
||||
#define NDR_SET_VALUES 4
|
||||
|
||||
#define NDR_PULL_NEED_BYTES(ndr, n) do { \
|
||||
if ((n) > ndr->data_size || ndr->offset + (n) > ndr->data_size) { \
|
||||
|
@ -82,7 +82,7 @@ BOOL secrets_store(const char *key, const void *data, size_t size)
|
||||
dbuf.dptr = memdup(data, size);
|
||||
dbuf.dsize = size;
|
||||
|
||||
ret = tdb_store(tdb, kbuf, dbuf, TDB_REPLACE) == 0;
|
||||
ret = tdb_store(tdb, kbuf, dbuf, TDB_REPLACE);
|
||||
|
||||
free(kbuf.dptr);
|
||||
free(dbuf.dptr);
|
||||
|
@ -21,14 +21,9 @@
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
/*
|
||||
this makes the debug code display the right thing
|
||||
*/
|
||||
static void init_lsa_Name(struct lsa_Name *name, const char *s)
|
||||
{
|
||||
name->name = s;
|
||||
name->name_len = strlen_m(s)*2;
|
||||
name->name_size = name->name_len;
|
||||
}
|
||||
|
||||
static BOOL test_OpenPolicy(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
|
||||
|
@ -65,20 +65,14 @@ static BOOL test_LogonUasLogoff(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
|
||||
|
||||
}
|
||||
|
||||
static BOOL test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
|
||||
static BOOL test_SetupCredentials(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
|
||||
struct netr_CredentialState *creds)
|
||||
{
|
||||
NTSTATUS status;
|
||||
struct netr_ServerReqChallenge r;
|
||||
struct netr_ServerAuthenticate a;
|
||||
struct netr_LogonSamLogon l;
|
||||
struct netr_LogonSamLogoff lo;
|
||||
const char *plain_pass;
|
||||
uint8 mach_pwd[16];
|
||||
struct netr_Authenticator auth, auth2;
|
||||
struct netr_NetworkInfo ninfo;
|
||||
const char *username = lp_parm_string(-1, "torture", "username");
|
||||
const char *password = lp_parm_string(-1, "torture", "password");
|
||||
struct netr_CredentialState creds;
|
||||
|
||||
printf("Testing ServerReqChallenge\n");
|
||||
|
||||
@ -100,7 +94,7 @@ static BOOL test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
|
||||
|
||||
E_md4hash(plain_pass, mach_pwd);
|
||||
|
||||
creds_init(&creds, &r.in.credentials, &r.out.credentials, mach_pwd,
|
||||
creds_init(creds, &r.in.credentials, &r.out.credentials, mach_pwd,
|
||||
&a.in.credentials);
|
||||
|
||||
a.in.server_name = NULL;
|
||||
@ -116,11 +110,31 @@ static BOOL test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
|
||||
return False;
|
||||
}
|
||||
|
||||
if (!creds_check(&creds, &a.out.credentials)) {
|
||||
if (!creds_check(creds, &a.out.credentials)) {
|
||||
printf("Credential chaining failed\n");
|
||||
return False;
|
||||
}
|
||||
|
||||
return True;
|
||||
}
|
||||
|
||||
/*
|
||||
try a netlogon SamLogon
|
||||
*/
|
||||
static BOOL test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
|
||||
{
|
||||
NTSTATUS status;
|
||||
struct netr_LogonSamLogon r;
|
||||
struct netr_Authenticator auth, auth2;
|
||||
struct netr_NetworkInfo ninfo;
|
||||
const char *username = lp_parm_string(-1, "torture", "username");
|
||||
const char *password = lp_parm_string(-1, "torture", "password");
|
||||
struct netr_CredentialState creds;
|
||||
|
||||
if (!test_SetupCredentials(p, mem_ctx, &creds)) {
|
||||
return False;
|
||||
}
|
||||
|
||||
ninfo.logon_info.domain_name.string = lp_workgroup();
|
||||
ninfo.logon_info.parameter_control = 0;
|
||||
ninfo.logon_info.logon_id_low = 0;
|
||||
@ -140,23 +154,69 @@ static BOOL test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
|
||||
|
||||
creds_authenticator(&creds, &auth);
|
||||
|
||||
l.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
|
||||
l.in.workstation = lp_netbios_name();
|
||||
l.in.credential = &auth;
|
||||
l.in.authenticator = &auth2;
|
||||
l.in.logon_level = 2;
|
||||
l.in.logon.network = &ninfo;
|
||||
l.in.validation_level = 2;
|
||||
r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
|
||||
r.in.workstation = lp_netbios_name();
|
||||
r.in.credential = &auth;
|
||||
r.in.authenticator = &auth2;
|
||||
r.in.logon_level = 2;
|
||||
r.in.logon.network = &ninfo;
|
||||
r.in.validation_level = 2;
|
||||
|
||||
printf("Testing SamLogon\n");
|
||||
|
||||
status = dcerpc_netr_LogonSamLogon(p, mem_ctx, &l);
|
||||
status = dcerpc_netr_LogonSamLogon(p, mem_ctx, &r);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
printf("LogonSamLogon - %s\n", nt_errstr(status));
|
||||
return False;
|
||||
}
|
||||
|
||||
if (!creds_check(&creds, &l.out.authenticator->cred)) {
|
||||
if (!creds_check(&creds, &r.out.authenticator->cred)) {
|
||||
printf("Credential chaining failed\n");
|
||||
}
|
||||
|
||||
return True;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
try a change password for our machine account
|
||||
*/
|
||||
static BOOL test_SetPassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
|
||||
{
|
||||
NTSTATUS status;
|
||||
struct netr_ServerPasswordSet r;
|
||||
const char *password;
|
||||
struct netr_CredentialState creds;
|
||||
|
||||
if (!test_SetupCredentials(p, mem_ctx, &creds)) {
|
||||
return False;
|
||||
}
|
||||
|
||||
creds_authenticator(&creds, &r.in.credential);
|
||||
|
||||
r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
|
||||
r.in.username = talloc_asprintf(mem_ctx, "%s$", lp_netbios_name());
|
||||
r.in.secure_challenge_type = 2;
|
||||
r.in.computer_name = lp_netbios_name();
|
||||
|
||||
password = generate_random_str(8);
|
||||
E_md4hash(password, r.in.new_password.data);
|
||||
|
||||
creds_encrypt(&creds, &r.in.new_password);
|
||||
|
||||
printf("Testing ServerPasswordSet on machine account\n");
|
||||
|
||||
status = dcerpc_netr_ServerPasswordSet(p, mem_ctx, &r);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
printf("ServerPasswordSet - %s\n", nt_errstr(status));
|
||||
return False;
|
||||
}
|
||||
|
||||
if (!secrets_store_machine_password(password)) {
|
||||
printf("Failed to save machine password\n");
|
||||
}
|
||||
|
||||
if (!creds_check(&creds, &r.out.return_authenticator.cred)) {
|
||||
printf("Credential chaining failed\n");
|
||||
}
|
||||
|
||||
@ -191,6 +251,10 @@ BOOL torture_rpc_netlogon(int dummy)
|
||||
ret = False;
|
||||
}
|
||||
|
||||
if (!test_SetPassword(p, mem_ctx)) {
|
||||
ret = False;
|
||||
}
|
||||
|
||||
if (!test_SamLogon(p, mem_ctx)) {
|
||||
ret = False;
|
||||
}
|
||||
|
@ -26,18 +26,9 @@
|
||||
static BOOL test_QueryUserInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
|
||||
struct policy_handle *handle);
|
||||
|
||||
/*
|
||||
this makes the debug code display the right thing
|
||||
*/
|
||||
static void init_samr_Name(struct samr_Name *name, const char *s)
|
||||
{
|
||||
name->name_len = strlen_m(s)*2;
|
||||
name->name_size = name->name_len;
|
||||
if (name->name_len == 0) {
|
||||
name->name = NULL;
|
||||
} else {
|
||||
name->name = s;
|
||||
}
|
||||
name->name = s;
|
||||
}
|
||||
|
||||
static BOOL test_Close(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
|
||||
|
Loading…
Reference in New Issue
Block a user