mirror of
https://github.com/samba-team/samba.git
synced 2025-01-10 01:18:15 +03:00
s4:torture/rpc: make use of netlogon_creds_{de,en}crypt_samr_Password
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit 172ce406d4
)
This commit is contained in:
parent
3768134cae
commit
5792c2ce9d
@ -533,6 +533,8 @@ static bool test_validate_trust(struct torture_context *tctx,
|
||||
struct samr_Password *old_nt_hash;
|
||||
char *dummy;
|
||||
uint32_t trust_attributes = LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE;
|
||||
enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NONE;
|
||||
enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE;
|
||||
|
||||
status = dcerpc_parse_binding(tctx, binding, &b);
|
||||
torture_assert_ntstatus_ok(tctx, status, "Bad binding string");
|
||||
@ -608,8 +610,19 @@ static bool test_validate_trust(struct torture_context *tctx,
|
||||
old_nt_hash = cli_credentials_get_old_nt_hash(credentials, tctx);
|
||||
torture_assert(tctx, old_nt_hash != NULL, "cli_credentials_get_old_nt_hash()");
|
||||
|
||||
netlogon_creds_des_decrypt(creds, &new_owf_password);
|
||||
netlogon_creds_des_decrypt(creds, &old_owf_password);
|
||||
dcerpc_binding_handle_auth_info(p->binding_handle,
|
||||
&auth_type,
|
||||
&auth_level);
|
||||
status = netlogon_creds_decrypt_samr_Password(creds,
|
||||
&new_owf_password,
|
||||
auth_type,
|
||||
auth_level);
|
||||
torture_assert_ntstatus_ok(tctx, status, "decrypt_samr_Password");
|
||||
status = netlogon_creds_decrypt_samr_Password(creds,
|
||||
&old_owf_password,
|
||||
auth_type,
|
||||
auth_level);
|
||||
torture_assert_ntstatus_ok(tctx, status, "decrypt_samr_Password");
|
||||
|
||||
dump_data(1, new_owf_password.hash, 16);
|
||||
dump_data(1, new_nt_hash->hash, 16);
|
||||
|
@ -932,6 +932,9 @@ static bool test_SetPassword(struct torture_context *tctx,
|
||||
struct netr_Authenticator credential, return_authenticator;
|
||||
struct samr_Password new_password;
|
||||
struct dcerpc_binding_handle *b = p->binding_handle;
|
||||
enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NONE;
|
||||
enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE;
|
||||
NTSTATUS status;
|
||||
|
||||
if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
|
||||
return false;
|
||||
@ -948,7 +951,12 @@ static bool test_SetPassword(struct torture_context *tctx,
|
||||
password = generate_random_password(tctx, 8, 255);
|
||||
E_md4hash(password, new_password.hash);
|
||||
|
||||
netlogon_creds_des_encrypt(creds, &new_password);
|
||||
dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
|
||||
status = netlogon_creds_encrypt_samr_Password(creds,
|
||||
&new_password,
|
||||
auth_type,
|
||||
auth_level);
|
||||
torture_assert_ntstatus_ok(tctx, status, "encrypt_samr_Password");
|
||||
|
||||
torture_comment(tctx, "Testing ServerPasswordSet on machine account\n");
|
||||
torture_comment(tctx, "Changing machine account password to '%s'\n",
|
||||
@ -1007,6 +1015,9 @@ static bool test_SetPassword_flags(struct torture_context *tctx,
|
||||
struct samr_Password new_password;
|
||||
struct dcerpc_pipe *p = NULL;
|
||||
struct dcerpc_binding_handle *b = NULL;
|
||||
enum dcerpc_AuthType auth_type;
|
||||
enum dcerpc_AuthLevel auth_level;
|
||||
NTSTATUS status;
|
||||
|
||||
if (!test_SetupCredentials2(p1, tctx, negotiate_flags,
|
||||
machine_credentials,
|
||||
@ -1031,7 +1042,12 @@ static bool test_SetPassword_flags(struct torture_context *tctx,
|
||||
password = generate_random_password(tctx, 8, 255);
|
||||
E_md4hash(password, new_password.hash);
|
||||
|
||||
netlogon_creds_des_encrypt(creds, &new_password);
|
||||
dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
|
||||
status = netlogon_creds_encrypt_samr_Password(creds,
|
||||
&new_password,
|
||||
auth_type,
|
||||
auth_level);
|
||||
torture_assert_ntstatus_ok(tctx, status, "encrypt_samr_Password");
|
||||
|
||||
torture_comment(tctx, "Testing ServerPasswordSet on machine account\n");
|
||||
torture_comment(tctx, "Changing machine account password to '%s'\n",
|
||||
@ -5038,6 +5054,9 @@ static bool test_netr_ServerGetTrustInfo_flags(struct torture_context *tctx,
|
||||
struct dcerpc_binding_handle *b = NULL;
|
||||
|
||||
struct samr_Password nt_hash;
|
||||
enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NONE;
|
||||
enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE;
|
||||
NTSTATUS status;
|
||||
|
||||
if (!test_SetupCredentials3(p1, tctx, negotiate_flags,
|
||||
machine_credentials, &creds)) {
|
||||
@ -5069,7 +5088,17 @@ static bool test_netr_ServerGetTrustInfo_flags(struct torture_context *tctx,
|
||||
|
||||
E_md4hash(cli_credentials_get_password(machine_credentials), nt_hash.hash);
|
||||
|
||||
netlogon_creds_des_decrypt(creds, &new_owf_password);
|
||||
dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
|
||||
status = netlogon_creds_decrypt_samr_Password(creds,
|
||||
&new_owf_password,
|
||||
auth_type,
|
||||
auth_level);
|
||||
torture_assert_ntstatus_ok(tctx, status, "decrypt_samr_Password");
|
||||
status = netlogon_creds_decrypt_samr_Password(creds,
|
||||
&old_owf_password,
|
||||
auth_type,
|
||||
auth_level);
|
||||
torture_assert_ntstatus_ok(tctx, status, "decrypt_samr_Password");
|
||||
|
||||
dump_data(1, new_owf_password.hash, 16);
|
||||
dump_data(1, nt_hash.hash, 16);
|
||||
|
@ -1305,6 +1305,8 @@ static bool schan(struct torture_context *tctx,
|
||||
struct netlogon_creds_CredentialState *creds_state;
|
||||
struct netr_Authenticator credential, return_authenticator;
|
||||
struct samr_Password new_password;
|
||||
enum dcerpc_AuthType auth_type;
|
||||
enum dcerpc_AuthLevel auth_level;
|
||||
|
||||
s.in.server_name = talloc_asprintf(
|
||||
mem_ctx, "\\\\%s", dcerpc_server_name(net_pipe));
|
||||
@ -1319,7 +1321,14 @@ static bool schan(struct torture_context *tctx,
|
||||
E_md4hash(password, new_password.hash);
|
||||
|
||||
creds_state = cli_credentials_get_netlogon_creds(wks_creds);
|
||||
netlogon_creds_des_encrypt(creds_state, &new_password);
|
||||
dcerpc_binding_handle_auth_info(net_handle,
|
||||
&auth_type,
|
||||
&auth_level);
|
||||
status = netlogon_creds_encrypt_samr_Password(creds_state,
|
||||
&new_password,
|
||||
auth_type,
|
||||
auth_level);
|
||||
torture_assert_ntstatus_ok(tctx, status, "encrypt_samr_Password");
|
||||
netlogon_creds_client_authenticator(creds_state, &credential);
|
||||
|
||||
status = dcerpc_netr_ServerPasswordSet_r(net_handle, mem_ctx, &s);
|
||||
|
@ -1286,6 +1286,8 @@ bool torture_rpc_schannel_bench1(struct torture_context *torture)
|
||||
struct dcerpc_pipe *net_pipe;
|
||||
struct netr_Authenticator credential, return_authenticator;
|
||||
struct samr_Password new_password;
|
||||
enum dcerpc_AuthType auth_type;
|
||||
enum dcerpc_AuthLevel auth_level;
|
||||
|
||||
status = dcerpc_pipe_connect_b(s, &net_pipe, s->b,
|
||||
&ndr_table_netlogon,
|
||||
@ -1310,7 +1312,14 @@ bool torture_rpc_schannel_bench1(struct torture_context *torture)
|
||||
|
||||
creds_state = cli_credentials_get_netlogon_creds(
|
||||
s->wks_creds1);
|
||||
netlogon_creds_des_encrypt(creds_state, &new_password);
|
||||
dcerpc_binding_handle_auth_info(net_pipe->binding_handle,
|
||||
&auth_type,
|
||||
&auth_level);
|
||||
status = netlogon_creds_encrypt_samr_Password(creds_state,
|
||||
&new_password,
|
||||
auth_type,
|
||||
auth_level);
|
||||
torture_assert_ntstatus_ok(torture, status, "encrypt_samr_Password");
|
||||
netlogon_creds_client_authenticator(creds_state, &credential);
|
||||
|
||||
torture_assert_ntstatus_ok(torture, dcerpc_netr_ServerPasswordSet_r(net_pipe->binding_handle, torture, &pwset),
|
||||
|
Loading…
Reference in New Issue
Block a user