1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

s4-smbtorture: add test_SetPassword_flags to RPC-NETLOGON-S3 testsuite.

Guenther
This commit is contained in:
Günther Deschner 2009-08-27 12:32:56 +02:00
parent 160c197b84
commit d368c73f95

View File

@ -341,6 +341,82 @@ static bool test_SetPassword(struct torture_context *tctx,
return true; return true;
} }
/*
try a change password for our machine account
*/
static bool test_SetPassword_flags(struct torture_context *tctx,
struct dcerpc_pipe *p,
struct cli_credentials *machine_credentials,
uint32_t negotiate_flags)
{
NTSTATUS status;
struct netr_ServerPasswordSet r;
const char *password;
struct netlogon_creds_CredentialState *creds;
struct netr_Authenticator credential, return_authenticator;
struct samr_Password new_password;
if (!test_SetupCredentials2(p, tctx, negotiate_flags,
machine_credentials,
cli_credentials_get_secure_channel_type(machine_credentials),
&creds)) {
return false;
}
r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
r.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
r.in.computer_name = TEST_MACHINE_NAME;
r.in.credential = &credential;
r.in.new_password = &new_password;
r.out.return_authenticator = &return_authenticator;
password = generate_random_str(tctx, 8);
E_md4hash(password, new_password.hash);
netlogon_creds_des_encrypt(creds, &new_password);
torture_comment(tctx, "Testing ServerPasswordSet on machine account\n");
torture_comment(tctx, "Changing machine account password to '%s'\n",
password);
netlogon_creds_client_authenticator(creds, &credential);
status = dcerpc_netr_ServerPasswordSet(p, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet");
if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
torture_comment(tctx, "Credential chaining failed\n");
}
/* by changing the machine password twice we test the
credentials chaining fully, and we verify that the server
allows the password to be set to the same value twice in a
row (match win2k3) */
torture_comment(tctx,
"Testing a second ServerPasswordSet on machine account\n");
torture_comment(tctx,
"Changing machine account password to '%s' (same as previous run)\n", password);
netlogon_creds_client_authenticator(creds, &credential);
status = dcerpc_netr_ServerPasswordSet(p, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet (2)");
if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
torture_comment(tctx, "Credential chaining failed\n");
}
cli_credentials_set_password(machine_credentials, password, CRED_SPECIFIED);
torture_assert(tctx,
test_SetupCredentials(p, tctx, machine_credentials, &creds),
"ServerPasswordSet failed to actually change the password");
return true;
}
/* /*
generate a random password for password change tests generate a random password for password change tests
*/ */
@ -2590,6 +2666,30 @@ static bool test_ManyGetDCName(struct torture_context *tctx,
return true; return true;
} }
static bool test_SetPassword_with_flags(struct torture_context *tctx,
struct dcerpc_pipe *p,
struct cli_credentials *machine_credentials)
{
uint32_t flags[] = { 0, NETLOGON_NEG_STRONG_KEYS };
struct netlogon_creds_CredentialState *creds;
int i;
if (!test_SetupCredentials2(p, tctx, 0,
machine_credentials,
cli_credentials_get_secure_channel_type(machine_credentials),
&creds)) {
torture_skip(tctx, "DC does not support negotiation of 64bit session keys");
}
for (i=0; i < ARRAY_SIZE(flags); i++) {
torture_assert(tctx,
test_SetPassword_flags(tctx, p, machine_credentials, flags[i]),
talloc_asprintf(tctx, "failed to test SetPassword negotiating with 0x%08x flags", flags[i]));
}
return true;
}
struct torture_suite *torture_rpc_netlogon(TALLOC_CTX *mem_ctx) struct torture_suite *torture_rpc_netlogon(TALLOC_CTX *mem_ctx)
{ {
struct torture_suite *suite = torture_suite_create(mem_ctx, "NETLOGON"); struct torture_suite *suite = torture_suite_create(mem_ctx, "NETLOGON");
@ -2645,6 +2745,7 @@ struct torture_suite *torture_rpc_netlogon_s3(TALLOC_CTX *mem_ctx)
torture_rpc_tcase_add_test_creds(tcase, "SamLogon", test_SamLogon); torture_rpc_tcase_add_test_creds(tcase, "SamLogon", test_SamLogon);
torture_rpc_tcase_add_test_creds(tcase, "SetPassword", test_SetPassword); torture_rpc_tcase_add_test_creds(tcase, "SetPassword", test_SetPassword);
torture_rpc_tcase_add_test_creds(tcase, "SetPassword_with_flags", test_SetPassword_with_flags);
torture_rpc_tcase_add_test(tcase, "LogonControl", test_LogonControl); torture_rpc_tcase_add_test(tcase, "LogonControl", test_LogonControl);
torture_rpc_tcase_add_test(tcase, "LogonControl2", test_LogonControl2); torture_rpc_tcase_add_test(tcase, "LogonControl2", test_LogonControl2);
torture_rpc_tcase_add_test(tcase, "LogonControl2Ex", test_LogonControl2Ex); torture_rpc_tcase_add_test(tcase, "LogonControl2Ex", test_LogonControl2Ex);