mirror of
https://github.com/samba-team/samba.git
synced 2024-12-24 21:34:56 +03:00
r5668: Add tests to RPC-SAMLOGON to test for user@REALM style logins. These
need a NULL domain (or a "" domain, except this breaks NTLMv2, and I
need to look into it a bit more).
Add support to the Samba4 server for these logins. This will need
extension when we handle trusted domains as a DC, as it is a principal
name, not just another format for the username.
Andrew Bartlett
(This used to be commit de02c7c222
)
This commit is contained in:
parent
765832748b
commit
42031bc4be
@ -68,7 +68,9 @@ static NTSTATUS make_user_info(TALLOC_CTX *mem_ctx,
|
||||
NT_STATUS_HAVE_NO_MEMORY(user_info->account_name);
|
||||
|
||||
user_info->client.domain_name = talloc_strdup(user_info, c_domain_name);
|
||||
NT_STATUS_HAVE_NO_MEMORY(user_info->client.domain_name);
|
||||
if (c_domain_name && !user_info->client.domain_name) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
user_info->domain_name = talloc_strdup(user_info, domain_name);
|
||||
NT_STATUS_HAVE_NO_MEMORY(user_info->domain_name);
|
||||
@ -141,21 +143,38 @@ NTSTATUS make_user_info_map(TALLOC_CTX *mem_ctx,
|
||||
struct auth_usersupplied_info **user_info)
|
||||
{
|
||||
const char *domain;
|
||||
|
||||
const char *account_name;
|
||||
char *d;
|
||||
DEBUG(5,("make_user_info_map: Mapping user [%s]\\[%s] from workstation [%s]\n",
|
||||
c_domain_name, c_account_name, workstation_name));
|
||||
|
||||
account_name = c_account_name;
|
||||
|
||||
/* don't allow "" as a domain, fixes a Win9X bug
|
||||
where it doens't supply a domain for logon script
|
||||
'net use' commands. */
|
||||
if (*c_domain_name) {
|
||||
|
||||
/* Split user@realm names into user and realm components. This is TODO to fix with proper userprincipalname support */
|
||||
if (c_domain_name && *c_domain_name) {
|
||||
domain = c_domain_name;
|
||||
} else if (strchr_m(c_account_name, '@')) {
|
||||
account_name = talloc_strdup(mem_ctx, c_account_name);
|
||||
if (!account_name) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
d = strchr_m(account_name, '@');
|
||||
if (!d) {
|
||||
return NT_STATUS_INTERNAL_ERROR;
|
||||
}
|
||||
d[0] = '\0';
|
||||
d++;
|
||||
domain = d;
|
||||
} else {
|
||||
domain = lp_workgroup();
|
||||
}
|
||||
|
||||
return make_user_info(mem_ctx,
|
||||
c_account_name, c_account_name,
|
||||
c_account_name, account_name,
|
||||
c_domain_name, domain,
|
||||
workstation_name,
|
||||
lm_password, nt_password,
|
||||
|
@ -121,6 +121,14 @@ BOOL ntv2_owf_gen(const uint8_t owf[16],
|
||||
return False;
|
||||
}
|
||||
|
||||
if (!user_in) {
|
||||
user_in = "";
|
||||
}
|
||||
|
||||
if (!domain_in) {
|
||||
domain_in = "";
|
||||
}
|
||||
|
||||
user_in = strupper_talloc(mem_ctx, user_in);
|
||||
if (user_in == NULL) {
|
||||
talloc_free(mem_ctx);
|
||||
|
@ -1066,6 +1066,7 @@ static const struct ntlm_tests {
|
||||
*/
|
||||
static BOOL test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
|
||||
struct creds_CredentialState *creds,
|
||||
const char *account_domain, const char *account_name,
|
||||
int n_subtests)
|
||||
{
|
||||
int i, v, l, f;
|
||||
@ -1081,8 +1082,8 @@ static BOOL test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
|
||||
printf("testing netr_LogonSamLogon and netr_LogonSamLogonWithFlags\n");
|
||||
|
||||
samlogon_state.mem_ctx = mem_ctx;
|
||||
samlogon_state.account_name = lp_parm_string(-1, "torture", "username");
|
||||
samlogon_state.account_domain = lp_parm_string(-1, "torture", "userdomain");
|
||||
samlogon_state.account_name = account_name;
|
||||
samlogon_state.account_domain = account_domain;
|
||||
samlogon_state.password = lp_parm_string(-1, "torture", "password");
|
||||
samlogon_state.p = p;
|
||||
samlogon_state.creds = creds;
|
||||
@ -1121,7 +1122,9 @@ static BOOL test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
|
||||
samlogon_state.r_flags.in.validation_level = validation_levels[v];
|
||||
samlogon_state.r_flags.in.logon_level = logon_levels[l];
|
||||
if (!test_table[i].fn(&samlogon_state, &error_string)) {
|
||||
printf("Testing '%s' at validation level %d, logon level %d, function %d: \n",
|
||||
printf("Testing [%s]\\[%s] '%s' at validation level %d, logon level %d, function %d: \n",
|
||||
samlogon_state.account_domain,
|
||||
samlogon_state.account_name,
|
||||
test_table[i].name, validation_levels[v],
|
||||
logon_levels[l], function_levels[f]);
|
||||
|
||||
@ -1145,7 +1148,8 @@ static BOOL test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
|
||||
test an ADS style interactive domain logon
|
||||
*/
|
||||
static BOOL test_InteractiveLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
|
||||
struct creds_CredentialState *creds)
|
||||
struct creds_CredentialState *creds,
|
||||
const char *account_domain, const char *account_name)
|
||||
{
|
||||
NTSTATUS status;
|
||||
struct netr_LogonSamLogonWithFlags r;
|
||||
@ -1168,11 +1172,11 @@ static BOOL test_InteractiveLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
|
||||
r.in.validation_level = 6;
|
||||
r.in.flags = 0;
|
||||
|
||||
pinfo.identity_info.domain_name.string = lp_parm_string(-1, "torture", "userdomain");
|
||||
pinfo.identity_info.domain_name.string = account_domain;
|
||||
pinfo.identity_info.parameter_control = 0;
|
||||
pinfo.identity_info.logon_id_low = 0;
|
||||
pinfo.identity_info.logon_id_high = 0;
|
||||
pinfo.identity_info.account_name.string = lp_parm_string(-1, "torture", "username");
|
||||
pinfo.identity_info.account_name.string = account_name;
|
||||
pinfo.identity_info.workstation.string = TEST_MACHINE_NAME;
|
||||
|
||||
plain_pass = lp_parm_string(-1, "torture", "password");
|
||||
@ -1271,11 +1275,54 @@ BOOL torture_rpc_samlogon(void)
|
||||
goto failed;
|
||||
}
|
||||
|
||||
if (!test_InteractiveLogon(p, mem_ctx, creds)) {
|
||||
if (!test_InteractiveLogon(p, mem_ctx, creds,
|
||||
lp_parm_string(-1, "torture", "userdomain"),
|
||||
lp_parm_string(-1, "torture", "username"))) {
|
||||
ret = False;
|
||||
}
|
||||
|
||||
if (!test_SamLogon(p, mem_ctx, creds, 0)) {
|
||||
if (!test_SamLogon(p, mem_ctx, creds,
|
||||
lp_parm_string(-1, "torture", "userdomain"),
|
||||
lp_parm_string(-1, "torture", "username"),
|
||||
0)) {
|
||||
ret = False;
|
||||
}
|
||||
|
||||
if (!test_InteractiveLogon(p, mem_ctx, creds,
|
||||
NULL,
|
||||
talloc_asprintf(mem_ctx,
|
||||
"%s@%s",
|
||||
lp_parm_string(-1, "torture", "username"),
|
||||
lp_parm_string(-1, "torture", "userdomain")))) {
|
||||
ret = False;
|
||||
}
|
||||
|
||||
if (!test_InteractiveLogon(p, mem_ctx, creds,
|
||||
NULL,
|
||||
talloc_asprintf(mem_ctx,
|
||||
"%s@%s",
|
||||
lp_parm_string(-1, "torture", "username"),
|
||||
lp_realm()))) {
|
||||
ret = False;
|
||||
}
|
||||
|
||||
if (!test_SamLogon(p, mem_ctx, creds,
|
||||
NULL,
|
||||
talloc_asprintf(mem_ctx,
|
||||
"%s@%s",
|
||||
lp_parm_string(-1, "torture", "username"),
|
||||
lp_realm()),
|
||||
0)) {
|
||||
ret = False;
|
||||
}
|
||||
|
||||
if (!test_SamLogon(p, mem_ctx, creds,
|
||||
NULL,
|
||||
talloc_asprintf(mem_ctx,
|
||||
"%s@%s",
|
||||
lp_parm_string(-1, "torture", "username"),
|
||||
lp_realm()),
|
||||
0)) {
|
||||
ret = False;
|
||||
}
|
||||
|
||||
@ -1287,11 +1334,31 @@ BOOL torture_rpc_samlogon(void)
|
||||
return False;
|
||||
}
|
||||
|
||||
if (!test_InteractiveLogon(p, mem_ctx, creds)) {
|
||||
if (!test_InteractiveLogon(p, mem_ctx, creds,
|
||||
NULL,
|
||||
talloc_asprintf(mem_ctx,
|
||||
"%s@%s",
|
||||
lp_parm_string(-1, "torture", "username"),
|
||||
lp_parm_string(-1, "torture", "userdomain")))) {
|
||||
ret = False;
|
||||
}
|
||||
|
||||
if (!test_SamLogon(p, mem_ctx, creds, 1)) {
|
||||
if (!test_InteractiveLogon(p, mem_ctx, creds,
|
||||
NULL,
|
||||
talloc_asprintf(mem_ctx,
|
||||
"%s@%s",
|
||||
lp_parm_string(-1, "torture", "username"),
|
||||
lp_realm()))) {
|
||||
ret = False;
|
||||
}
|
||||
|
||||
if (!test_SamLogon(p, mem_ctx, creds,
|
||||
NULL,
|
||||
talloc_asprintf(mem_ctx,
|
||||
"%s@%s",
|
||||
lp_parm_string(-1, "torture", "username"),
|
||||
lp_realm()),
|
||||
1)) {
|
||||
ret = False;
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user