mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
* netr_ServerPasswordSet() now works - the test suite changes the
machine account password.
* neater handling on value() options in IDL. The auto-print code
will now display the right value so you don't need to initialise
it in your C code
(This used to be commit 3dd978b12b
)
This commit is contained in:
parent
8b30b0071c
commit
06ae424835
@ -405,6 +405,12 @@ sub ParseElementPrintScalar($$)
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (my $value = util::has_property($e, "value")) {
|
||||||
|
pidl "\tif (ndr->flags & LIBNDR_PRINT_SET_VALUES) {\n";
|
||||||
|
pidl "\t\t$cprefix$var_prefix$e->{NAME} = $value;\n";
|
||||||
|
pidl "\t}\n";
|
||||||
|
}
|
||||||
|
|
||||||
if (util::is_fixed_array($e)) {
|
if (util::is_fixed_array($e)) {
|
||||||
ParseElementPrintBuffer($e, $var_prefix);
|
ParseElementPrintBuffer($e, $var_prefix);
|
||||||
} elsif (util::has_direct_buffers($e)) {
|
} elsif (util::has_direct_buffers($e)) {
|
||||||
@ -1100,7 +1106,11 @@ sub ParseFunctionPrint($)
|
|||||||
pidl "\n{\n";
|
pidl "\n{\n";
|
||||||
pidl "\tndr_print_struct(ndr, name, \"$fn->{NAME}\");\n";
|
pidl "\tndr_print_struct(ndr, name, \"$fn->{NAME}\");\n";
|
||||||
pidl "\tndr->depth++;\n";
|
pidl "\tndr->depth++;\n";
|
||||||
|
|
||||||
|
pidl "\tif (flags & NDR_SET_VALUES) {\n";
|
||||||
|
pidl "\t\tndr->flags |= LIBNDR_PRINT_SET_VALUES;\n";
|
||||||
|
pidl "}\n";
|
||||||
|
|
||||||
pidl "\tif (flags & NDR_IN) {\n";
|
pidl "\tif (flags & NDR_IN) {\n";
|
||||||
pidl "\t\tndr_print_struct(ndr, \"in\", \"$fn->{NAME}\");\n";
|
pidl "\t\tndr_print_struct(ndr, \"in\", \"$fn->{NAME}\");\n";
|
||||||
pidl "\tndr->depth++;\n";
|
pidl "\tndr->depth++;\n";
|
||||||
|
@ -109,3 +109,14 @@ void creds_authenticator(struct netr_CredentialState *creds,
|
|||||||
next->cred = creds->cred2;
|
next->cred = creds->cred2;
|
||||||
next->timestamp = creds->sequence;
|
next->timestamp = creds->sequence;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/*
|
||||||
|
encrypt a 16 byte password buffer using the session key
|
||||||
|
*/
|
||||||
|
void creds_encrypt(struct netr_CredentialState *creds, struct netr_Password *pass)
|
||||||
|
{
|
||||||
|
struct netr_Password tmp;
|
||||||
|
cred_hash3(tmp.data, pass->data, creds->session_key, 1);
|
||||||
|
*pass = tmp;
|
||||||
|
}
|
||||||
|
@ -91,7 +91,7 @@ interface netlogon
|
|||||||
} netr_IdentityInfo;
|
} netr_IdentityInfo;
|
||||||
|
|
||||||
typedef [flag(NDR_PAHEX)] struct {
|
typedef [flag(NDR_PAHEX)] struct {
|
||||||
uint8 password[16];
|
uint8 data[16];
|
||||||
} netr_Password;
|
} netr_Password;
|
||||||
|
|
||||||
typedef struct {
|
typedef struct {
|
||||||
@ -252,19 +252,18 @@ interface netlogon
|
|||||||
[in,out] netr_Credential credentials
|
[in,out] netr_Credential credentials
|
||||||
);
|
);
|
||||||
|
|
||||||
#if 0
|
|
||||||
typedef struct {
|
NTSTATUS netr_ServerPasswordSet(
|
||||||
uint8 encrypted_password[16];
|
[in] unistr *server_name,
|
||||||
} ENCRYPTED_LM_OWF_PASSWORD;
|
[in] unistr username,
|
||||||
WERROR netr_ServerPasswordSet(
|
[in] uint16 secure_challenge_type,
|
||||||
[in] unistr *server_name,
|
[in] unistr computer_name,
|
||||||
[in] unistr username,
|
[in] netr_Authenticator credential,
|
||||||
[in] uint16 secure_challenge_type,
|
[in] netr_Password new_password,
|
||||||
[in] unistr ComputerName,
|
[out] netr_Authenticator return_authenticator
|
||||||
[in][ref] AUTHENTICATOR credential,
|
|
||||||
[in][ref] LM_OWF_PASSWORD UasNewPassword,
|
|
||||||
[out][ref] AUTHENTICATOR return_authenticator
|
|
||||||
);
|
);
|
||||||
|
|
||||||
|
#if 0
|
||||||
typedef struct {
|
typedef struct {
|
||||||
unistr *username;
|
unistr *username;
|
||||||
netr_String dummy1;
|
netr_String dummy1;
|
||||||
|
@ -111,6 +111,7 @@ struct ndr_print {
|
|||||||
#define LIBNDR_ALIGN_FLAGS (LIBNDR_FLAG_ALIGN2|LIBNDR_FLAG_ALIGN4|LIBNDR_FLAG_ALIGN8)
|
#define LIBNDR_ALIGN_FLAGS (LIBNDR_FLAG_ALIGN2|LIBNDR_FLAG_ALIGN4|LIBNDR_FLAG_ALIGN8)
|
||||||
|
|
||||||
#define LIBNDR_PRINT_ARRAY_HEX (1<<15)
|
#define LIBNDR_PRINT_ARRAY_HEX (1<<15)
|
||||||
|
#define LIBNDR_PRINT_SET_VALUES (1<<16)
|
||||||
|
|
||||||
|
|
||||||
/* useful macro for debugging */
|
/* useful macro for debugging */
|
||||||
@ -119,7 +120,7 @@ struct ndr_print {
|
|||||||
#define NDR_PRINT_FUNCTION_DEBUG(type, flags, p) ndr_print_function_debug((ndr_print_function_t)ndr_print_ ##type, #type, flags, p)
|
#define NDR_PRINT_FUNCTION_DEBUG(type, flags, p) ndr_print_function_debug((ndr_print_function_t)ndr_print_ ##type, #type, flags, p)
|
||||||
#define NDR_PRINT_BOTH_DEBUG(type, p) NDR_PRINT_FUNCTION_DEBUG(type, NDR_BOTH, p)
|
#define NDR_PRINT_BOTH_DEBUG(type, p) NDR_PRINT_FUNCTION_DEBUG(type, NDR_BOTH, p)
|
||||||
#define NDR_PRINT_OUT_DEBUG(type, p) NDR_PRINT_FUNCTION_DEBUG(type, NDR_OUT, p)
|
#define NDR_PRINT_OUT_DEBUG(type, p) NDR_PRINT_FUNCTION_DEBUG(type, NDR_OUT, p)
|
||||||
#define NDR_PRINT_IN_DEBUG(type, p) NDR_PRINT_FUNCTION_DEBUG(type, NDR_IN, p)
|
#define NDR_PRINT_IN_DEBUG(type, p) NDR_PRINT_FUNCTION_DEBUG(type, NDR_IN | NDR_SET_VALUES, p)
|
||||||
|
|
||||||
|
|
||||||
enum ndr_err_code {
|
enum ndr_err_code {
|
||||||
@ -149,6 +150,7 @@ enum ndr_err_code {
|
|||||||
#define NDR_IN 1
|
#define NDR_IN 1
|
||||||
#define NDR_OUT 2
|
#define NDR_OUT 2
|
||||||
#define NDR_BOTH 3
|
#define NDR_BOTH 3
|
||||||
|
#define NDR_SET_VALUES 4
|
||||||
|
|
||||||
#define NDR_PULL_NEED_BYTES(ndr, n) do { \
|
#define NDR_PULL_NEED_BYTES(ndr, n) do { \
|
||||||
if ((n) > ndr->data_size || ndr->offset + (n) > ndr->data_size) { \
|
if ((n) > ndr->data_size || ndr->offset + (n) > ndr->data_size) { \
|
||||||
|
@ -82,7 +82,7 @@ BOOL secrets_store(const char *key, const void *data, size_t size)
|
|||||||
dbuf.dptr = memdup(data, size);
|
dbuf.dptr = memdup(data, size);
|
||||||
dbuf.dsize = size;
|
dbuf.dsize = size;
|
||||||
|
|
||||||
ret = tdb_store(tdb, kbuf, dbuf, TDB_REPLACE) == 0;
|
ret = tdb_store(tdb, kbuf, dbuf, TDB_REPLACE);
|
||||||
|
|
||||||
free(kbuf.dptr);
|
free(kbuf.dptr);
|
||||||
free(dbuf.dptr);
|
free(dbuf.dptr);
|
||||||
|
@ -21,14 +21,9 @@
|
|||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
|
|
||||||
/*
|
|
||||||
this makes the debug code display the right thing
|
|
||||||
*/
|
|
||||||
static void init_lsa_Name(struct lsa_Name *name, const char *s)
|
static void init_lsa_Name(struct lsa_Name *name, const char *s)
|
||||||
{
|
{
|
||||||
name->name = s;
|
name->name = s;
|
||||||
name->name_len = strlen_m(s)*2;
|
|
||||||
name->name_size = name->name_len;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static BOOL test_OpenPolicy(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
|
static BOOL test_OpenPolicy(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
|
||||||
|
@ -65,20 +65,14 @@ static BOOL test_LogonUasLogoff(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static BOOL test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
|
static BOOL test_SetupCredentials(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
|
||||||
|
struct netr_CredentialState *creds)
|
||||||
{
|
{
|
||||||
NTSTATUS status;
|
NTSTATUS status;
|
||||||
struct netr_ServerReqChallenge r;
|
struct netr_ServerReqChallenge r;
|
||||||
struct netr_ServerAuthenticate a;
|
struct netr_ServerAuthenticate a;
|
||||||
struct netr_LogonSamLogon l;
|
|
||||||
struct netr_LogonSamLogoff lo;
|
|
||||||
const char *plain_pass;
|
const char *plain_pass;
|
||||||
uint8 mach_pwd[16];
|
uint8 mach_pwd[16];
|
||||||
struct netr_Authenticator auth, auth2;
|
|
||||||
struct netr_NetworkInfo ninfo;
|
|
||||||
const char *username = lp_parm_string(-1, "torture", "username");
|
|
||||||
const char *password = lp_parm_string(-1, "torture", "password");
|
|
||||||
struct netr_CredentialState creds;
|
|
||||||
|
|
||||||
printf("Testing ServerReqChallenge\n");
|
printf("Testing ServerReqChallenge\n");
|
||||||
|
|
||||||
@ -100,7 +94,7 @@ static BOOL test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
|
|||||||
|
|
||||||
E_md4hash(plain_pass, mach_pwd);
|
E_md4hash(plain_pass, mach_pwd);
|
||||||
|
|
||||||
creds_init(&creds, &r.in.credentials, &r.out.credentials, mach_pwd,
|
creds_init(creds, &r.in.credentials, &r.out.credentials, mach_pwd,
|
||||||
&a.in.credentials);
|
&a.in.credentials);
|
||||||
|
|
||||||
a.in.server_name = NULL;
|
a.in.server_name = NULL;
|
||||||
@ -116,11 +110,31 @@ static BOOL test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
|
|||||||
return False;
|
return False;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!creds_check(&creds, &a.out.credentials)) {
|
if (!creds_check(creds, &a.out.credentials)) {
|
||||||
printf("Credential chaining failed\n");
|
printf("Credential chaining failed\n");
|
||||||
return False;
|
return False;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return True;
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
try a netlogon SamLogon
|
||||||
|
*/
|
||||||
|
static BOOL test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
|
||||||
|
{
|
||||||
|
NTSTATUS status;
|
||||||
|
struct netr_LogonSamLogon r;
|
||||||
|
struct netr_Authenticator auth, auth2;
|
||||||
|
struct netr_NetworkInfo ninfo;
|
||||||
|
const char *username = lp_parm_string(-1, "torture", "username");
|
||||||
|
const char *password = lp_parm_string(-1, "torture", "password");
|
||||||
|
struct netr_CredentialState creds;
|
||||||
|
|
||||||
|
if (!test_SetupCredentials(p, mem_ctx, &creds)) {
|
||||||
|
return False;
|
||||||
|
}
|
||||||
|
|
||||||
ninfo.logon_info.domain_name.string = lp_workgroup();
|
ninfo.logon_info.domain_name.string = lp_workgroup();
|
||||||
ninfo.logon_info.parameter_control = 0;
|
ninfo.logon_info.parameter_control = 0;
|
||||||
ninfo.logon_info.logon_id_low = 0;
|
ninfo.logon_info.logon_id_low = 0;
|
||||||
@ -140,23 +154,69 @@ static BOOL test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
|
|||||||
|
|
||||||
creds_authenticator(&creds, &auth);
|
creds_authenticator(&creds, &auth);
|
||||||
|
|
||||||
l.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
|
r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
|
||||||
l.in.workstation = lp_netbios_name();
|
r.in.workstation = lp_netbios_name();
|
||||||
l.in.credential = &auth;
|
r.in.credential = &auth;
|
||||||
l.in.authenticator = &auth2;
|
r.in.authenticator = &auth2;
|
||||||
l.in.logon_level = 2;
|
r.in.logon_level = 2;
|
||||||
l.in.logon.network = &ninfo;
|
r.in.logon.network = &ninfo;
|
||||||
l.in.validation_level = 2;
|
r.in.validation_level = 2;
|
||||||
|
|
||||||
printf("Testing SamLogon\n");
|
printf("Testing SamLogon\n");
|
||||||
|
|
||||||
status = dcerpc_netr_LogonSamLogon(p, mem_ctx, &l);
|
status = dcerpc_netr_LogonSamLogon(p, mem_ctx, &r);
|
||||||
if (!NT_STATUS_IS_OK(status)) {
|
if (!NT_STATUS_IS_OK(status)) {
|
||||||
printf("LogonSamLogon - %s\n", nt_errstr(status));
|
printf("LogonSamLogon - %s\n", nt_errstr(status));
|
||||||
return False;
|
return False;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!creds_check(&creds, &l.out.authenticator->cred)) {
|
if (!creds_check(&creds, &r.out.authenticator->cred)) {
|
||||||
|
printf("Credential chaining failed\n");
|
||||||
|
}
|
||||||
|
|
||||||
|
return True;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/*
|
||||||
|
try a change password for our machine account
|
||||||
|
*/
|
||||||
|
static BOOL test_SetPassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
|
||||||
|
{
|
||||||
|
NTSTATUS status;
|
||||||
|
struct netr_ServerPasswordSet r;
|
||||||
|
const char *password;
|
||||||
|
struct netr_CredentialState creds;
|
||||||
|
|
||||||
|
if (!test_SetupCredentials(p, mem_ctx, &creds)) {
|
||||||
|
return False;
|
||||||
|
}
|
||||||
|
|
||||||
|
creds_authenticator(&creds, &r.in.credential);
|
||||||
|
|
||||||
|
r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
|
||||||
|
r.in.username = talloc_asprintf(mem_ctx, "%s$", lp_netbios_name());
|
||||||
|
r.in.secure_challenge_type = 2;
|
||||||
|
r.in.computer_name = lp_netbios_name();
|
||||||
|
|
||||||
|
password = generate_random_str(8);
|
||||||
|
E_md4hash(password, r.in.new_password.data);
|
||||||
|
|
||||||
|
creds_encrypt(&creds, &r.in.new_password);
|
||||||
|
|
||||||
|
printf("Testing ServerPasswordSet on machine account\n");
|
||||||
|
|
||||||
|
status = dcerpc_netr_ServerPasswordSet(p, mem_ctx, &r);
|
||||||
|
if (!NT_STATUS_IS_OK(status)) {
|
||||||
|
printf("ServerPasswordSet - %s\n", nt_errstr(status));
|
||||||
|
return False;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!secrets_store_machine_password(password)) {
|
||||||
|
printf("Failed to save machine password\n");
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!creds_check(&creds, &r.out.return_authenticator.cred)) {
|
||||||
printf("Credential chaining failed\n");
|
printf("Credential chaining failed\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -191,6 +251,10 @@ BOOL torture_rpc_netlogon(int dummy)
|
|||||||
ret = False;
|
ret = False;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!test_SetPassword(p, mem_ctx)) {
|
||||||
|
ret = False;
|
||||||
|
}
|
||||||
|
|
||||||
if (!test_SamLogon(p, mem_ctx)) {
|
if (!test_SamLogon(p, mem_ctx)) {
|
||||||
ret = False;
|
ret = False;
|
||||||
}
|
}
|
||||||
|
@ -26,18 +26,9 @@
|
|||||||
static BOOL test_QueryUserInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
|
static BOOL test_QueryUserInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
|
||||||
struct policy_handle *handle);
|
struct policy_handle *handle);
|
||||||
|
|
||||||
/*
|
|
||||||
this makes the debug code display the right thing
|
|
||||||
*/
|
|
||||||
static void init_samr_Name(struct samr_Name *name, const char *s)
|
static void init_samr_Name(struct samr_Name *name, const char *s)
|
||||||
{
|
{
|
||||||
name->name_len = strlen_m(s)*2;
|
name->name = s;
|
||||||
name->name_size = name->name_len;
|
|
||||||
if (name->name_len == 0) {
|
|
||||||
name->name = NULL;
|
|
||||||
} else {
|
|
||||||
name->name = s;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static BOOL test_Close(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
|
static BOOL test_Close(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
|
||||||
|
Loading…
Reference in New Issue
Block a user