1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-10 01:18:15 +03:00

s4:torture/rpc: make use of netlogon_creds_{de,en}crypt_samr_Password

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit 172ce406d4)
This commit is contained in:
Stefan Metzmacher 2024-10-28 17:43:40 +01:00 committed by Jule Anger
parent 3768134cae
commit 5792c2ce9d
4 changed files with 67 additions and 7 deletions

View File

@ -533,6 +533,8 @@ static bool test_validate_trust(struct torture_context *tctx,
struct samr_Password *old_nt_hash;
char *dummy;
uint32_t trust_attributes = LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE;
enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NONE;
enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE;
status = dcerpc_parse_binding(tctx, binding, &b);
torture_assert_ntstatus_ok(tctx, status, "Bad binding string");
@ -608,8 +610,19 @@ static bool test_validate_trust(struct torture_context *tctx,
old_nt_hash = cli_credentials_get_old_nt_hash(credentials, tctx);
torture_assert(tctx, old_nt_hash != NULL, "cli_credentials_get_old_nt_hash()");
netlogon_creds_des_decrypt(creds, &new_owf_password);
netlogon_creds_des_decrypt(creds, &old_owf_password);
dcerpc_binding_handle_auth_info(p->binding_handle,
&auth_type,
&auth_level);
status = netlogon_creds_decrypt_samr_Password(creds,
&new_owf_password,
auth_type,
auth_level);
torture_assert_ntstatus_ok(tctx, status, "decrypt_samr_Password");
status = netlogon_creds_decrypt_samr_Password(creds,
&old_owf_password,
auth_type,
auth_level);
torture_assert_ntstatus_ok(tctx, status, "decrypt_samr_Password");
dump_data(1, new_owf_password.hash, 16);
dump_data(1, new_nt_hash->hash, 16);

View File

@ -932,6 +932,9 @@ static bool test_SetPassword(struct torture_context *tctx,
struct netr_Authenticator credential, return_authenticator;
struct samr_Password new_password;
struct dcerpc_binding_handle *b = p->binding_handle;
enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NONE;
enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE;
NTSTATUS status;
if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
return false;
@ -948,7 +951,12 @@ static bool test_SetPassword(struct torture_context *tctx,
password = generate_random_password(tctx, 8, 255);
E_md4hash(password, new_password.hash);
netlogon_creds_des_encrypt(creds, &new_password);
dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
status = netlogon_creds_encrypt_samr_Password(creds,
&new_password,
auth_type,
auth_level);
torture_assert_ntstatus_ok(tctx, status, "encrypt_samr_Password");
torture_comment(tctx, "Testing ServerPasswordSet on machine account\n");
torture_comment(tctx, "Changing machine account password to '%s'\n",
@ -1007,6 +1015,9 @@ static bool test_SetPassword_flags(struct torture_context *tctx,
struct samr_Password new_password;
struct dcerpc_pipe *p = NULL;
struct dcerpc_binding_handle *b = NULL;
enum dcerpc_AuthType auth_type;
enum dcerpc_AuthLevel auth_level;
NTSTATUS status;
if (!test_SetupCredentials2(p1, tctx, negotiate_flags,
machine_credentials,
@ -1031,7 +1042,12 @@ static bool test_SetPassword_flags(struct torture_context *tctx,
password = generate_random_password(tctx, 8, 255);
E_md4hash(password, new_password.hash);
netlogon_creds_des_encrypt(creds, &new_password);
dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
status = netlogon_creds_encrypt_samr_Password(creds,
&new_password,
auth_type,
auth_level);
torture_assert_ntstatus_ok(tctx, status, "encrypt_samr_Password");
torture_comment(tctx, "Testing ServerPasswordSet on machine account\n");
torture_comment(tctx, "Changing machine account password to '%s'\n",
@ -5038,6 +5054,9 @@ static bool test_netr_ServerGetTrustInfo_flags(struct torture_context *tctx,
struct dcerpc_binding_handle *b = NULL;
struct samr_Password nt_hash;
enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NONE;
enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE;
NTSTATUS status;
if (!test_SetupCredentials3(p1, tctx, negotiate_flags,
machine_credentials, &creds)) {
@ -5069,7 +5088,17 @@ static bool test_netr_ServerGetTrustInfo_flags(struct torture_context *tctx,
E_md4hash(cli_credentials_get_password(machine_credentials), nt_hash.hash);
netlogon_creds_des_decrypt(creds, &new_owf_password);
dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
status = netlogon_creds_decrypt_samr_Password(creds,
&new_owf_password,
auth_type,
auth_level);
torture_assert_ntstatus_ok(tctx, status, "decrypt_samr_Password");
status = netlogon_creds_decrypt_samr_Password(creds,
&old_owf_password,
auth_type,
auth_level);
torture_assert_ntstatus_ok(tctx, status, "decrypt_samr_Password");
dump_data(1, new_owf_password.hash, 16);
dump_data(1, nt_hash.hash, 16);

View File

@ -1305,6 +1305,8 @@ static bool schan(struct torture_context *tctx,
struct netlogon_creds_CredentialState *creds_state;
struct netr_Authenticator credential, return_authenticator;
struct samr_Password new_password;
enum dcerpc_AuthType auth_type;
enum dcerpc_AuthLevel auth_level;
s.in.server_name = talloc_asprintf(
mem_ctx, "\\\\%s", dcerpc_server_name(net_pipe));
@ -1319,7 +1321,14 @@ static bool schan(struct torture_context *tctx,
E_md4hash(password, new_password.hash);
creds_state = cli_credentials_get_netlogon_creds(wks_creds);
netlogon_creds_des_encrypt(creds_state, &new_password);
dcerpc_binding_handle_auth_info(net_handle,
&auth_type,
&auth_level);
status = netlogon_creds_encrypt_samr_Password(creds_state,
&new_password,
auth_type,
auth_level);
torture_assert_ntstatus_ok(tctx, status, "encrypt_samr_Password");
netlogon_creds_client_authenticator(creds_state, &credential);
status = dcerpc_netr_ServerPasswordSet_r(net_handle, mem_ctx, &s);

View File

@ -1286,6 +1286,8 @@ bool torture_rpc_schannel_bench1(struct torture_context *torture)
struct dcerpc_pipe *net_pipe;
struct netr_Authenticator credential, return_authenticator;
struct samr_Password new_password;
enum dcerpc_AuthType auth_type;
enum dcerpc_AuthLevel auth_level;
status = dcerpc_pipe_connect_b(s, &net_pipe, s->b,
&ndr_table_netlogon,
@ -1310,7 +1312,14 @@ bool torture_rpc_schannel_bench1(struct torture_context *torture)
creds_state = cli_credentials_get_netlogon_creds(
s->wks_creds1);
netlogon_creds_des_encrypt(creds_state, &new_password);
dcerpc_binding_handle_auth_info(net_pipe->binding_handle,
&auth_type,
&auth_level);
status = netlogon_creds_encrypt_samr_Password(creds_state,
&new_password,
auth_type,
auth_level);
torture_assert_ntstatus_ok(torture, status, "encrypt_samr_Password");
netlogon_creds_client_authenticator(creds_state, &credential);
torture_assert_ntstatus_ok(torture, dcerpc_netr_ServerPasswordSet_r(net_pipe->binding_handle, torture, &pwset),