r1140: added IDL and test code for validation level 6 in sam logon

(This used to be commit c854109843)

source4/librpc/idl/netlogon.idl

@@ -171,13 +171,7 @@ interface netlogon
 		dom_sid2 *domain_sid;
 		netr_LMSessionKey LMSessKey;
 		uint32 AccountControl;
-		uint32 unknown1;
+		uint32 unknown[7];
-		uint32 unknown2;
-		uint32 unknown3;
-		uint32 unknown4;
-		uint32 unknown5;
-		uint32 unknown6;
-		uint32 unknown7;
 	} netr_SamInfo2;
 
 	typedef struct {
@@ -211,17 +205,46 @@ interface netlogon
 		dom_sid2 *domain_sid;
 		netr_LMSessionKey LMSessKey;
 		uint32 AccountControl;
-		uint32 unknown1;
+		uint32 unknown[7];
-		uint32 unknown2;
-		uint32 unknown3;
-		uint32 unknown4;
-		uint32 unknown5;
-		uint32 unknown6;
-		uint32 unknown7;
 		uint32 sidcount;
 		[size_is(sidcount)] netr_SidAttr *sids;
 	} netr_SamInfo3;
 
+
+	typedef struct {
+		NTTIME last_logon;
+		NTTIME last_logoff;
+		NTTIME acct_expiry;
+		NTTIME last_password_change;
+		NTTIME allow_password_change;
+		NTTIME force_password_change;
+		netr_String account_name;
+		netr_String full_name;
+		netr_String logon_script;
+		netr_String profile_path;
+		netr_String home_directory;
+		netr_String home_drive;
+		uint16 logon_count;
+		uint16 bad_password_count;
+		uint32 rid;
+		uint32 primary_gid;
+		uint32 group_count;
+		[size_is(group_count)] netr_GroupMembership *groupids;
+		uint32 acct_flags;
+		netr_UserSessionKey key;
+		netr_String logon_server;
+		netr_String domain;
+		dom_sid2 *domain_sid;
+		netr_LMSessionKey LMSessKey;
+		uint32 AccountControl;
+		uint32 unknown1[9];
+		netr_String forest;
+		netr_String principle;
+		uint32 unknown4[18];
+		uint32 sidcount;
+		[size_is(sidcount)] netr_SidAttr *sids;
+	} netr_SamInfo6;
+
 	typedef struct {
 		uint32 pac_size;
 		[size_is(pac_size)] uint8 *pac;
@@ -239,10 +262,11 @@ interface netlogon
 	} netr_PacInfo;
 
 	typedef union {
-		[case(2)] netr_SamInfo2  *sam2;
+		[case(2)] netr_SamInfo2 *sam2;
 		[case(3)] netr_SamInfo3 *sam3;
 		[case(4)] netr_PacInfo  *pac;
-		[case(5)] netr_PacInfo  *pac2;
+		[case(5)] netr_PacInfo  *pac;
+		[case(6)] netr_SamInfo6 *sam6;
 	} netr_Validation;
 
 	NTSTATUS netr_LogonSamLogon(

source4/torture/rpc/netlogon.c

@@ -421,14 +421,22 @@ static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state,
 			
 			if (lm_key) {
 				memcpy(lm_key, r->out.validation.sam3->LMSessKey.key, 8);
+			}			
+		} else if (r->in.validation_level == 6) {
+			/* they aren't encrypted! */
+			if (user_session_key) {
+				memcpy(user_session_key, r->out.validation.sam6->key.key, 16);
+			}
+			if (lm_key) {
+				memcpy(lm_key, r->out.validation.sam6->LMSessKey.key, 8);
 			}
-			
 		}
 	}
 
 	return status;
 } 
 
+
 /* 
  * Test the normal 'LM and NTLM' combination
  */
@@ -888,7 +896,7 @@ static BOOL test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
 {
 	int i, j;
 	BOOL ret = True;
-
+	int validation_levels[] = {2,3,6};
 	struct samlogon_state samlogon_state;
 	
 	samlogon_state.mem_ctx = mem_ctx;
@@ -918,11 +926,12 @@ static BOOL test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
 	samlogon_state.r.in.credential = &samlogon_state.auth;
 	samlogon_state.r.in.return_authenticator = &samlogon_state.auth2;
 
-	for (i=2;i<=3;i++) {
+	for (i=0;i<ARRAY_SIZE(validation_levels);i++) {
-		samlogon_state.r.in.validation_level = i;
+		samlogon_state.r.in.validation_level = validation_levels[i];
 		for (j=0; test_table[j].fn; j++) {
 			char *error_string = NULL;
-			printf("Testing SamLogon with '%s' at validation level %d\n", test_table[j].name, i);
+			printf("Testing SamLogon with '%s' at validation level %d\n", 
+			       test_table[j].name, validation_levels[i]);
 	
 			if (!test_table[j].fn(&samlogon_state, &error_string)) {
 				if (test_table[j].expect_fail) {