sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-25 17:57:42 +03:00
Code

s4:torture/rpc: make use of netlogon_creds_decrypt_samlogon_validation()

Browse Source 
This will make it easier to implement netr_ServerAuthenticateKerberos() later...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit a177d15c875030dfc6c11ead3ec3a3ec851261cb)
This commit is contained in:
Stefan Metzmacher 2024-10-28 16:57:53 +01:00 committed by Jule Anger
parent c9c23c1a96
commit 78ff2be859
1 changed files with 16 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
source4/torture/rpc/schannel.c
View File

@ -64,6 +64,7 @@ bool test_netlogon_ex_ops(struct dcerpc_pipe *p, struct torture_context *tctx,
struct netr_SamBaseInfo *base = NULL; struct netr_SamBaseInfo *base = NULL;
const char *crypto_alg = ""; const char *crypto_alg = "";
bool can_do_validation_6 = true; bool can_do_validation_6 = true;
enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NONE;
enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE; enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE;
if (lpcfg_client_lanman_auth(tctx->lp_ctx)) { if (lpcfg_client_lanman_auth(tctx->lp_ctx)) {
@ -137,7 +138,7 @@ bool test_netlogon_ex_ops(struct dcerpc_pipe *p, struct torture_context *tctx,
} }
} }
dcerpc_binding_handle_auth_info(b, NULL, &auth_level); dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) { if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
r.in.validation_level = 6; r.in.validation_level = 6;
@ -208,13 +209,12 @@ bool test_netlogon_ex_ops(struct dcerpc_pipe *p, struct torture_context *tctx,
dump_data(1, base->key.key, 16); dump_data(1, base->key.key, 16);
dump_data(1, base->LMSessKey.key, 8); dump_data(1, base->LMSessKey.key, 8);
if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { status = netlogon_creds_decrypt_samlogon_validation(creds,
netlogon_creds_aes_decrypt(creds, base->key.key, 16); r.in.validation_level,
netlogon_creds_aes_decrypt(creds, base->LMSessKey.key, 8); r.out.validation,
} else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) { auth_type,
netlogon_creds_arcfour_crypt(creds, base->key.key, 16); auth_level);
netlogon_creds_arcfour_crypt(creds, base->LMSessKey.key, 8); torture_assert_ntstatus_ok(tctx, status, "decrypt_samlogon_validation");
}
DEBUG(1,("decrypted keys validation_level %d\n", DEBUG(1,("decrypted keys validation_level %d\n",
validation_levels[i])); validation_levels[i]));
@ -277,6 +277,7 @@ static bool test_netlogon_ex_bug14932(struct dcerpc_pipe *p,
struct netr_SamBaseInfo *base = NULL; struct netr_SamBaseInfo *base = NULL;
const char *crypto_alg = ""; const char *crypto_alg = "";
bool can_do_validation_6 = true; bool can_do_validation_6 = true;
enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NONE;
enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE; enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE;
flags |= CLI_CRED_NTLMv2_AUTH; flags |= CLI_CRED_NTLMv2_AUTH;
@ -342,7 +343,7 @@ static bool test_netlogon_ex_bug14932(struct dcerpc_pipe *p,
} }
} }
dcerpc_binding_handle_auth_info(b, NULL, &auth_level); dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) { if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
r.in.validation_level = 6; r.in.validation_level = 6;
@ -413,13 +414,12 @@ static bool test_netlogon_ex_bug14932(struct dcerpc_pipe *p,
dump_data(1, base->key.key, 16); dump_data(1, base->key.key, 16);
dump_data(1, base->LMSessKey.key, 8); dump_data(1, base->LMSessKey.key, 8);
if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { status = netlogon_creds_decrypt_samlogon_validation(creds,
netlogon_creds_aes_decrypt(creds, base->key.key, 16); r.in.validation_level,
netlogon_creds_aes_decrypt(creds, base->LMSessKey.key, 8); r.out.validation,
} else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) { auth_type,
netlogon_creds_arcfour_crypt(creds, base->key.key, 16); auth_level);
netlogon_creds_arcfour_crypt(creds, base->LMSessKey.key, 8); torture_assert_ntstatus_ok(tctx, status, "decrypt_samlogon_validation");
}
DEBUG(1,("decrypted keys validation_level %d\n", DEBUG(1,("decrypted keys validation_level %d\n",
validation_levels[i])); validation_levels[i]));