mirror of
https://github.com/samba-team/samba.git
synced 2024-12-27 03:21:53 +03:00
r1150: - fixed interactive sam logon in the rpc server
- added a torture test for interactive login in smbtorture These changes allow winxp to perform an interactive login (a login on the winxp console) against a Samba4 DC. Our netlogon server code is still filling in many of the fields incorrectly, but it fills in enough that winxp can login.
This commit is contained in:
parent
60838a0f94
commit
db9ea488b0
@ -165,13 +165,13 @@ interface netlogon
|
||||
uint32 primary_gid;
|
||||
uint32 group_count;
|
||||
[size_is(group_count)] netr_GroupMembership *groupids;
|
||||
uint32 acct_flags;
|
||||
uint32 user_flags;
|
||||
netr_UserSessionKey key;
|
||||
netr_String logon_server;
|
||||
netr_String domain;
|
||||
dom_sid2 *domain_sid;
|
||||
netr_LMSessionKey LMSessKey;
|
||||
uint32 AccountControl;
|
||||
uint32 acct_flags;
|
||||
uint32 unknown[7];
|
||||
} netr_SamBaseInfo;
|
||||
|
||||
@ -908,17 +908,15 @@ interface netlogon
|
||||
netr_Blob blob;
|
||||
unistr *workstation_domain;
|
||||
unistr *workstation_site;
|
||||
unistr *foo2;
|
||||
unistr *p1;
|
||||
unistr *p2;
|
||||
unistr *p3;
|
||||
unistr *unknown1;
|
||||
unistr *unknown2;
|
||||
unistr *unknown3;
|
||||
unistr *unknown4;
|
||||
netr_BinaryString blob2;
|
||||
netr_String product;
|
||||
uint32 i1;
|
||||
unistr *p4;
|
||||
uint32 i2;
|
||||
uint32 pp;
|
||||
uint32 xx[4];
|
||||
uint32 unknown5;
|
||||
unistr *unknown6;
|
||||
uint32 unknown7[6];
|
||||
} netr_DomainQuery1;
|
||||
|
||||
typedef union {
|
||||
|
@ -586,7 +586,7 @@ static NTSTATUS netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce_call,
|
||||
|
||||
sam->account_name.string = talloc_strdup(mem_ctx, server_info->account_name);
|
||||
sam->full_name.string = talloc_strdup(mem_ctx, server_info->full_name);
|
||||
sam->logon_script.string = talloc_strdup(mem_ctx, server_info->account_name);
|
||||
sam->logon_script.string = talloc_strdup(mem_ctx, server_info->logon_script);
|
||||
sam->profile_path.string = talloc_strdup(mem_ctx, server_info->profile_path);
|
||||
sam->home_directory.string = talloc_strdup(mem_ctx, server_info->home_directory);
|
||||
sam->home_drive.string = talloc_strdup(mem_ctx, server_info->home_drive);
|
||||
@ -597,9 +597,8 @@ static NTSTATUS netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce_call,
|
||||
sam->primary_gid = server_info->primary_group_sid->sub_auths[server_info->primary_group_sid->num_auths-1];
|
||||
sam->group_count = 0;
|
||||
sam->groupids = NULL;
|
||||
|
||||
sam->acct_flags = server_info->acct_flags;
|
||||
|
||||
sam->user_flags = 0; /* TODO: w2k3 uses 0x120 - what is this? */
|
||||
sam->acct_flags = server_info->acct_flags;
|
||||
sam->logon_server.string = lp_netbios_name();
|
||||
|
||||
sam->domain.string = talloc_strdup(mem_ctx, server_info->domain);
|
||||
@ -607,8 +606,6 @@ static NTSTATUS netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce_call,
|
||||
sam->domain_sid = dom_sid_dup(mem_ctx, server_info->user_sid);
|
||||
sam->domain_sid->num_auths--;
|
||||
|
||||
sam->AccountControl = 0;
|
||||
|
||||
if (server_info->user_session_key.length == sizeof(sam->key.key)) {
|
||||
memcpy(sam->key.key, server_info->user_session_key.data, sizeof(sam->key.key));
|
||||
} else {
|
||||
@ -657,9 +654,9 @@ static NTSTATUS netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce_call,
|
||||
sam6 = talloc_p(mem_ctx, struct netr_SamInfo6);
|
||||
ZERO_STRUCTP(sam6);
|
||||
sam6->base = *sam;
|
||||
sam6->forest.string = sam->domain.string;
|
||||
sam6->forest.string = lp_realm();
|
||||
sam6->principle.string = talloc_asprintf(mem_ctx, "%s@%s",
|
||||
sam->account_name.string, sam->domain.string);
|
||||
sam->account_name.string, sam6->forest.string);
|
||||
r->out.validation.sam6 = sam6;
|
||||
break;
|
||||
|
||||
|
@ -284,7 +284,6 @@ struct samlogon_state {
|
||||
Authenticate a user with a challenge/response, checking session key
|
||||
and valid authentication types
|
||||
*/
|
||||
|
||||
static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state,
|
||||
enum ntlm_break break_which,
|
||||
DATA_BLOB *chall,
|
||||
@ -1522,6 +1521,65 @@ static BOOL test_DsrEnumerateDomainTrusts(struct dcerpc_pipe *p, TALLOC_CTX *mem
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
test an ADS style interactive domain login
|
||||
*/
|
||||
static BOOL test_InteractiveLogin(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
|
||||
struct creds_CredentialState *creds)
|
||||
{
|
||||
NTSTATUS status;
|
||||
struct netr_LogonSamLogonWithFlags r;
|
||||
struct netr_Authenticator a, ra;
|
||||
struct netr_PasswordInfo pinfo;
|
||||
const char *plain_pass;
|
||||
|
||||
ZERO_STRUCT(r);
|
||||
ZERO_STRUCT(ra);
|
||||
|
||||
creds_client_authenticator(creds, &a);
|
||||
|
||||
r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
|
||||
r.in.workstation = TEST_MACHINE_NAME;
|
||||
r.in.credential = &a;
|
||||
r.in.return_authenticator = &ra;
|
||||
r.in.logon_level = 5;
|
||||
r.in.logon.password = &pinfo;
|
||||
r.in.validation_level = 6;
|
||||
r.in.flags = 0;
|
||||
|
||||
pinfo.identity_info.domain_name.string = lp_workgroup();
|
||||
pinfo.identity_info.parameter_control = 0;
|
||||
pinfo.identity_info.logon_id_low = 0;
|
||||
pinfo.identity_info.logon_id_high = 0;
|
||||
pinfo.identity_info.account_name.string = lp_parm_string(-1, "torture", "username");
|
||||
pinfo.identity_info.workstation.string = TEST_MACHINE_NAME;
|
||||
|
||||
plain_pass = lp_parm_string(-1, "torture", "password");
|
||||
|
||||
E_deshash(plain_pass, pinfo.lmpassword.hash);
|
||||
E_md4hash(plain_pass, pinfo.ntpassword.hash);
|
||||
|
||||
creds_arcfour_crypt(creds, pinfo.lmpassword.hash, 16);
|
||||
creds_arcfour_crypt(creds, pinfo.ntpassword.hash, 16);
|
||||
|
||||
printf("Testing netr_LogonSamLogonWithFlags\n");
|
||||
|
||||
status = dcerpc_netr_LogonSamLogonWithFlags(p, mem_ctx, &r);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
printf("netr_LogonSamLogonWithFlags - %s\n", nt_errstr(status));
|
||||
exit(1);
|
||||
return False;
|
||||
}
|
||||
|
||||
if (!creds_client_check(creds, &r.out.return_authenticator->cred)) {
|
||||
printf("Credential chaining failed\n");
|
||||
return False;
|
||||
}
|
||||
|
||||
return True;
|
||||
}
|
||||
|
||||
|
||||
static BOOL test_GetDomainInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
|
||||
{
|
||||
NTSTATUS status;
|
||||
@ -1531,7 +1589,7 @@ static BOOL test_GetDomainInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
|
||||
uint32_t i1;
|
||||
struct creds_CredentialState creds;
|
||||
|
||||
if (!test_SetupCredentials(p, mem_ctx, &creds)) {
|
||||
if (!test_SetupCredentials3(p, mem_ctx, NETLOGON_NEG_AUTH2_ADS_FLAGS, &creds)) {
|
||||
return False;
|
||||
}
|
||||
|
||||
@ -1555,29 +1613,30 @@ static BOOL test_GetDomainInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
|
||||
/* this should really be the fully qualified name */
|
||||
q1.workstation_domain = TEST_MACHINE_NAME;
|
||||
q1.workstation_site = "Default-First-Site-Name";
|
||||
q1.foo2 = "foo";
|
||||
q1.blob2.length = 0;
|
||||
q1.blob2.size = 0;
|
||||
q1.blob2.data = NULL;
|
||||
q1.product.string = "product string";
|
||||
q1.p4 = NULL;
|
||||
q1.pp = 0x00000000;
|
||||
|
||||
printf("Testing netr_LogonGetDomainInfo\n");
|
||||
|
||||
status = dcerpc_netr_LogonGetDomainInfo(p, mem_ctx, &r);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
printf("netr_LogonGetDomainInfo - %s\n", nt_errstr(status));
|
||||
return False;
|
||||
}
|
||||
|
||||
if (!creds_client_check(&creds, &a.cred)) {
|
||||
printf("Credential chaining failed\n");
|
||||
return False;
|
||||
}
|
||||
|
||||
printf("fault code 0x%x status=%s\n", p->last_fault_code, nt_errstr(status));
|
||||
test_InteractiveLogin(p, mem_ctx, &creds);
|
||||
|
||||
return True;
|
||||
}
|
||||
|
||||
|
||||
|
||||
BOOL torture_rpc_netlogon(int dummy)
|
||||
{
|
||||
NTSTATUS status;
|
||||
@ -1603,10 +1662,6 @@ BOOL torture_rpc_netlogon(int dummy)
|
||||
return False;
|
||||
}
|
||||
|
||||
if (!test_GetDomainInfo(p, mem_ctx)) {
|
||||
ret = False;
|
||||
}
|
||||
|
||||
if (!test_LogonUasLogon(p, mem_ctx)) {
|
||||
ret = False;
|
||||
}
|
||||
@ -1623,6 +1678,10 @@ BOOL torture_rpc_netlogon(int dummy)
|
||||
ret = False;
|
||||
}
|
||||
|
||||
if (!test_GetDomainInfo(p, mem_ctx)) {
|
||||
ret = False;
|
||||
}
|
||||
|
||||
if (!test_DatabaseSync(p, mem_ctx)) {
|
||||
ret = False;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user