mirror of
https://github.com/samba-team/samba.git
synced 2025-01-20 14:03:59 +03:00
s4:torture/rpc: make use of netlogon_creds_encrypt_samlogon_logon()
This will make it easier to catch all places where we need to implement the logic for netr_ServerAuthenticateKerberos... BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This commit is contained in:
parent
e92d0509d6
commit
1666d1d74d
@ -406,6 +406,9 @@ static bool netlogon_validate_pac(struct torture_context *tctx,
|
|||||||
struct dcerpc_binding_handle *b = NULL;
|
struct dcerpc_binding_handle *b = NULL;
|
||||||
enum ndr_err_code ndr_err;
|
enum ndr_err_code ndr_err;
|
||||||
DATA_BLOB payload, pac_wrapped;
|
DATA_BLOB payload, pac_wrapped;
|
||||||
|
enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NONE;
|
||||||
|
enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE;
|
||||||
|
NTSTATUS status;
|
||||||
|
|
||||||
if (!test_SetupCredentials2(p1, tctx, negotiate_flags,
|
if (!test_SetupCredentials2(p1, tctx, negotiate_flags,
|
||||||
server_creds, secure_channel_type,
|
server_creds, secure_channel_type,
|
||||||
@ -437,11 +440,6 @@ static bool netlogon_validate_pac(struct torture_context *tctx,
|
|||||||
torture_assert(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), "ndr_push_struct_blob of PACValidate structure failed");
|
torture_assert(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), "ndr_push_struct_blob of PACValidate structure failed");
|
||||||
|
|
||||||
torture_assert(tctx, (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR), "not willing to even try a PACValidate without RC4 encryption");
|
torture_assert(tctx, (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR), "not willing to even try a PACValidate without RC4 encryption");
|
||||||
if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
|
|
||||||
netlogon_creds_aes_encrypt(creds, pac_wrapped.data, pac_wrapped.length);
|
|
||||||
} else {
|
|
||||||
netlogon_creds_arcfour_crypt(creds, pac_wrapped.data, pac_wrapped.length);
|
|
||||||
}
|
|
||||||
|
|
||||||
generic.length = pac_wrapped.length;
|
generic.length = pac_wrapped.length;
|
||||||
generic.data = pac_wrapped.data;
|
generic.data = pac_wrapped.data;
|
||||||
@ -471,6 +469,14 @@ static bool netlogon_validate_pac(struct torture_context *tctx,
|
|||||||
r.out.authoritative = &authoritative;
|
r.out.authoritative = &authoritative;
|
||||||
r.out.return_authenticator = &return_authenticator;
|
r.out.return_authenticator = &return_authenticator;
|
||||||
|
|
||||||
|
dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
|
||||||
|
status = netlogon_creds_encrypt_samlogon_logon(creds,
|
||||||
|
r.in.logon_level,
|
||||||
|
r.in.logon,
|
||||||
|
auth_type,
|
||||||
|
auth_level);
|
||||||
|
torture_assert_ntstatus_ok(tctx, status, "encrypt_samlogon_logon");
|
||||||
|
|
||||||
torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
|
torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
|
||||||
"LogonSamLogon failed");
|
"LogonSamLogon failed");
|
||||||
|
|
||||||
@ -546,11 +552,6 @@ static bool netlogon_validate_pac(struct torture_context *tctx,
|
|||||||
torture_assert(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), "ndr_push_struct_blob of PACValidate structure failed");
|
torture_assert(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), "ndr_push_struct_blob of PACValidate structure failed");
|
||||||
|
|
||||||
torture_assert(tctx, (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR), "not willing to even try a PACValidate without RC4 encryption");
|
torture_assert(tctx, (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR), "not willing to even try a PACValidate without RC4 encryption");
|
||||||
if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
|
|
||||||
netlogon_creds_aes_encrypt(creds, pac_wrapped.data, pac_wrapped.length);
|
|
||||||
} else {
|
|
||||||
netlogon_creds_arcfour_crypt(creds, pac_wrapped.data, pac_wrapped.length);
|
|
||||||
}
|
|
||||||
|
|
||||||
generic.length = pac_wrapped.length;
|
generic.length = pac_wrapped.length;
|
||||||
generic.data = pac_wrapped.data;
|
generic.data = pac_wrapped.data;
|
||||||
@ -567,6 +568,14 @@ static bool netlogon_validate_pac(struct torture_context *tctx,
|
|||||||
r.in.computer_name = cli_credentials_get_workstation(server_creds);
|
r.in.computer_name = cli_credentials_get_workstation(server_creds);
|
||||||
r.in.validation_level = NetlogonValidationGenericInfo2;
|
r.in.validation_level = NetlogonValidationGenericInfo2;
|
||||||
|
|
||||||
|
dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
|
||||||
|
status = netlogon_creds_encrypt_samlogon_logon(creds,
|
||||||
|
r.in.logon_level,
|
||||||
|
r.in.logon,
|
||||||
|
auth_type,
|
||||||
|
auth_level);
|
||||||
|
torture_assert_ntstatus_ok(tctx, status, "encrypt_samlogon_logon");
|
||||||
|
|
||||||
torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
|
torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
|
||||||
"LogonSamLogon failed");
|
"LogonSamLogon failed");
|
||||||
|
|
||||||
@ -598,11 +607,6 @@ static bool netlogon_validate_pac(struct torture_context *tctx,
|
|||||||
torture_assert(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), "ndr_push_struct_blob of PACValidate structure failed");
|
torture_assert(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), "ndr_push_struct_blob of PACValidate structure failed");
|
||||||
|
|
||||||
torture_assert(tctx, (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR), "not willing to even try a PACValidate without RC4 encryption");
|
torture_assert(tctx, (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR), "not willing to even try a PACValidate without RC4 encryption");
|
||||||
if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
|
|
||||||
netlogon_creds_aes_encrypt(creds, pac_wrapped.data, pac_wrapped.length);
|
|
||||||
} else {
|
|
||||||
netlogon_creds_arcfour_crypt(creds, pac_wrapped.data, pac_wrapped.length);
|
|
||||||
}
|
|
||||||
|
|
||||||
generic.length = pac_wrapped.length;
|
generic.length = pac_wrapped.length;
|
||||||
generic.data = pac_wrapped.data;
|
generic.data = pac_wrapped.data;
|
||||||
@ -619,6 +623,14 @@ static bool netlogon_validate_pac(struct torture_context *tctx,
|
|||||||
r.in.computer_name = cli_credentials_get_workstation(server_creds);
|
r.in.computer_name = cli_credentials_get_workstation(server_creds);
|
||||||
r.in.validation_level = NetlogonValidationGenericInfo2;
|
r.in.validation_level = NetlogonValidationGenericInfo2;
|
||||||
|
|
||||||
|
dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
|
||||||
|
status = netlogon_creds_encrypt_samlogon_logon(creds,
|
||||||
|
r.in.logon_level,
|
||||||
|
r.in.logon,
|
||||||
|
auth_type,
|
||||||
|
auth_level);
|
||||||
|
torture_assert_ntstatus_ok(tctx, status, "encrypt_samlogon_logon");
|
||||||
|
|
||||||
torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
|
torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
|
||||||
"LogonSamLogon failed");
|
"LogonSamLogon failed");
|
||||||
|
|
||||||
|
@ -1551,6 +1551,10 @@ bool test_InteractiveLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
|
|||||||
union netr_Validation validation;
|
union netr_Validation validation;
|
||||||
uint8_t authoritative = 1;
|
uint8_t authoritative = 1;
|
||||||
struct dcerpc_binding_handle *b = p->binding_handle;
|
struct dcerpc_binding_handle *b = p->binding_handle;
|
||||||
|
enum dcerpc_AuthType auth_type;
|
||||||
|
enum dcerpc_AuthLevel auth_level;
|
||||||
|
|
||||||
|
dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
|
||||||
|
|
||||||
ZERO_STRUCT(a);
|
ZERO_STRUCT(a);
|
||||||
ZERO_STRUCT(r);
|
ZERO_STRUCT(r);
|
||||||
@ -1586,13 +1590,15 @@ bool test_InteractiveLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
|
|||||||
}
|
}
|
||||||
E_md4hash(plain_pass, pinfo.ntpassword.hash);
|
E_md4hash(plain_pass, pinfo.ntpassword.hash);
|
||||||
|
|
||||||
if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
|
status = netlogon_creds_encrypt_samlogon_logon(creds,
|
||||||
netlogon_creds_arcfour_crypt(creds, pinfo.lmpassword.hash, 16);
|
r.in.logon_level,
|
||||||
netlogon_creds_arcfour_crypt(creds, pinfo.ntpassword.hash, 16);
|
r.in.logon,
|
||||||
} else {
|
auth_type,
|
||||||
netlogon_creds_des_encrypt(creds, &pinfo.lmpassword);
|
auth_level);
|
||||||
netlogon_creds_des_encrypt(creds, &pinfo.ntpassword);
|
torture_assert_ntstatus_ok_goto(tctx,
|
||||||
}
|
status,
|
||||||
|
ret, failed,
|
||||||
|
"netlogon_creds_encrypt_samlogon_logon");
|
||||||
|
|
||||||
torture_comment(tctx, "Testing netr_LogonSamLogonWithFlags '%s' (Interactive Logon)\n", comment);
|
torture_comment(tctx, "Testing netr_LogonSamLogonWithFlags '%s' (Interactive Logon)\n", comment);
|
||||||
|
|
||||||
|
@ -3607,6 +3607,8 @@ static bool test_SamLogon(struct torture_context *tctx,
|
|||||||
struct netlogon_creds_CredentialState *creds;
|
struct netlogon_creds_CredentialState *creds;
|
||||||
struct netr_Authenticator a;
|
struct netr_Authenticator a;
|
||||||
struct dcerpc_binding_handle *b = p->binding_handle;
|
struct dcerpc_binding_handle *b = p->binding_handle;
|
||||||
|
enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NONE;
|
||||||
|
enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE;
|
||||||
|
|
||||||
torture_assert(tctx, (creds = cli_credentials_get_netlogon_creds(machine_credentials)), "");
|
torture_assert(tctx, (creds = cli_credentials_get_netlogon_creds(machine_credentials)), "");
|
||||||
|
|
||||||
@ -3636,17 +3638,6 @@ static bool test_SamLogon(struct torture_context *tctx,
|
|||||||
}
|
}
|
||||||
E_md4hash(cli_credentials_get_password(test_credentials), pinfo.ntpassword.hash);
|
E_md4hash(cli_credentials_get_password(test_credentials), pinfo.ntpassword.hash);
|
||||||
|
|
||||||
if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
|
|
||||||
netlogon_creds_aes_encrypt(creds, pinfo.lmpassword.hash, 16);
|
|
||||||
netlogon_creds_aes_encrypt(creds, pinfo.ntpassword.hash, 16);
|
|
||||||
} else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
|
|
||||||
netlogon_creds_arcfour_crypt(creds, pinfo.lmpassword.hash, 16);
|
|
||||||
netlogon_creds_arcfour_crypt(creds, pinfo.ntpassword.hash, 16);
|
|
||||||
} else {
|
|
||||||
netlogon_creds_des_encrypt(creds, &pinfo.lmpassword);
|
|
||||||
netlogon_creds_des_encrypt(creds, &pinfo.ntpassword);
|
|
||||||
}
|
|
||||||
|
|
||||||
pinfo.identity_info = identity;
|
pinfo.identity_info = identity;
|
||||||
logon.password = &pinfo;
|
logon.password = &pinfo;
|
||||||
|
|
||||||
@ -3693,6 +3684,14 @@ static bool test_SamLogon(struct torture_context *tctx,
|
|||||||
|
|
||||||
r.in.validation_level = 6;
|
r.in.validation_level = 6;
|
||||||
|
|
||||||
|
dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
|
||||||
|
status = netlogon_creds_encrypt_samlogon_logon(creds,
|
||||||
|
r.in.logon_level,
|
||||||
|
r.in.logon,
|
||||||
|
auth_type,
|
||||||
|
auth_level);
|
||||||
|
torture_assert_ntstatus_ok(tctx, status, "encrypt_samlogon_logon");
|
||||||
|
|
||||||
torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogonEx_r(b, tctx, &r),
|
torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogonEx_r(b, tctx, &r),
|
||||||
"netr_LogonSamLogonEx failed");
|
"netr_LogonSamLogonEx failed");
|
||||||
if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_INVALID_INFO_CLASS)) {
|
if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_INVALID_INFO_CLASS)) {
|
||||||
|
Loading…
x
Reference in New Issue
Block a user