1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
Commit Graph

307 Commits

Author SHA1 Message Date
Stefan Metzmacher
172ce406d4 s4:torture/rpc: make use of netlogon_creds_{de,en}crypt_samr_Password
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:36 +00:00
Stefan Metzmacher
2d7a47a175 s4:torture/rpc: make use of netlogon_creds_encrypt_samr_CryptPassword()
This will make it easier to implement netr_ServerAuthenticateKerberos() later...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:36 +00:00
Stefan Metzmacher
8b972fea09 libcli/auth: also use netlogon_creds_CredentialState_extra_info for the client
In order to allow backports and cluster updates we simulate a
dom_sid, so that the old code is able to parse the blob.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:36 +00:00
Stefan Metzmacher
498fc88c15 s4:torture/rpc: let test_netlogon_capabilities() fail on legacy servers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:36 +00:00
Stefan Metzmacher
d174b6595a s4:torture/rpc/netlogon: adjust test_netlogon_capabilities query_level=2 to request_flags
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:36 +00:00
Stefan Metzmacher
382ece6606 s4:torture/rpc: make use of dcerpc_binding_handle_get_transport()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2024-09-26 15:22:46 +00:00
Stefan Metzmacher
7ed9867fa8 s4:torture/rpc: make use of dcerpc_binding_handle_get_binding() and dcerpc_binding_get_flags()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2024-09-26 15:22:45 +00:00
Noel Power
a27525e555 s4/torture: Test with level 4 with NETLOGON_CONTROL_SET_DBFLAG function
Change levels tested from 1 - 3 to 1 - 4 for NETLOGON_CONTROL_SET_DBFLAG

This change triggers a core dump in the server and so we add a knownfail
here. Following commit will fix (and remove known fail)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15465
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-06-04 08:33:32 +00:00
Noel Power
1297c7ca65 s4/torture: Prepare to handle Level 4 check with unknown func code
A future (next) commit will change the NETLOGON_CONTROL_SET_DBFLAG test
to use levels 1 - 4 (current test just tests 1 - 3). A side affect of
this test is that the following test will now test passing an unknown
function code against against Level 4 (previously level 3).

Unfortunately s4 and s3 netlogon server results differ when handling
a level 4 request with an unknown function code.
  s3 server returns WERR_NOT_SUPPORTED and
  s4 server returns WERR_INVALID_PARAMETER.

For level 3 both return WERR_NOT_SUPPORTED.

MS-NRPC doesn't seem to specifically indicate the required response in
this case.

this commit modifies the test to cater for either response (for either
level) A future commit could explore the test response combinations more
thorougly.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15465
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-06-04 08:33:32 +00:00
Joseph Sutton
378aa653a5 s4:torture: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-25 22:23:38 +00:00
Joseph Sutton
39a88a83f3 s4:torture: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-11 02:42:41 +00:00
Andreas Schneider
085cfe0c4a s4:torture:rpc: Fix code spelling
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-14 21:45:30 +00:00
Stefan Metzmacher
404ce08e90 s4:torture/rpc: let rpc.schannel also check netr_LogonGetCapabilities with different levels
The important change it that we expect DCERPC_NCA_S_FAULT_INVALID_TAG
for unsupported query_levels, we allow it to work with servers
with or without support for query_level=2.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15418

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-07-17 06:37:31 +00:00
Stefan Metzmacher
cfd55a22cd CVE-2022-38023 s4:torture: use NETLOGON_NEG_SUPPORTS_AES by default
For generic tests we should use the best available features.

And AES will be required by default soon.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-12-13 13:07:29 +00:00
Joseph Sutton
e38b75a50f CVE-2022-32743 s4:torture/rpc: Fix tests to match Windows
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14833

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2022-07-28 22:47:37 +00:00
Stefan Metzmacher
4a0a0d2fc9 s4:torture/rpc: test how CSDVersion="" wipes operatingSystemServicePack
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14936

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-01-11 21:13:37 +00:00
Andreas Schneider
a40bc1d0ee s4:torture: Migrate smbtorture to new cmdline option parser
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-06-16 00:34:38 +00:00
Gary Lockyer
6bf1b9885b CVE-2020-1472(ZeroLogon): torture: ServerSetPassword2 zero password
Ensure that a password of all zeros shorter than the maximum length is
rejected.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Oct 16 06:09:06 UTC 2020 on sn-devel-184
2020-10-16 06:09:05 +00:00
Gary Lockyer
61f216dc89 CVE-2020-1472(ZeroLogon): torture: ServerSetPassword2 max len password
Ensure that a maximum length password (512) is still accepted

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-10-16 04:45:40 +00:00
Gary Lockyer
56297c7089 CVE-2020-1472(ZeroLogon): torture: ServerSetPassword2 all zero password
Check that an all zero password is rejected, Note this test user ARC4
encryption so that it passes the self encryption test.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-10-16 04:45:40 +00:00
Gary Lockyer
b2f4a55671 CVE-2020-1472(ZeroLogon): torture: ServerSetPassword2 confounder
Test that a confounder that encrypts to itself is rejected

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-10-16 04:45:40 +00:00
Gary Lockyer
e790f9d20a CVE-2020-1472(ZeroLogon): torture: ServerSetPassword2 all zero password
Check that a password buffer containing all zeros is rejected.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-10-16 04:45:40 +00:00
Gary Lockyer
f47e373415 CVE-2020-1472(ZeroLogon): torture: ServerSetPassword2 all zero enc req
Check that a request that encrypts to all zeros, is rejected if the length
encrypts to itself.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-10-16 04:45:40 +00:00
Gary Lockyer
07c316346a CVE-2020-1472(ZeroLogon): torture: Move existing tests
Move the existing ZeroLogon tests into the ZeroLogon testsuite.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-10-16 04:45:40 +00:00
Gary Lockyer
6f59a5fd84 CVE-2020-1472(ZeroLogon): Add zerologon test suite
Add a ZeroLogon test suite, to allow the ZeroLogon tests to be run against
the s3 and s4 netlogon servers.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-10-16 04:45:40 +00:00
Gary Lockyer
9945f3e354 CVE-2020-1472(ZeroLogon): s4 torture rpc: repeated bytes in client challenge
Ensure that client challenges with the first 5 bytes identical are
rejected.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Sep 18 14:13:17 UTC 2020 on sn-devel-184
2020-09-18 14:13:17 +00:00
Gary Lockyer
4b262b03e1 CVE-2020-1472(ZeroLogon): s4 torture rpc: Test empty machine acct pwd
Ensure that an empty machine account password can't be set by
netr_ServerPasswordSet2

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-09-18 12:48:39 +00:00
Stefan Metzmacher
355efadc6a CVE-2020-1472(ZeroLogon): s4:torture/rpc: make use of netlogon_creds_random_challenge()
This will avoid getting flakey tests once our server starts to
reject weak challenges.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-09-18 12:48:38 +00:00
David Disseldorp
9bbfdb1185 s4:torture/rpc: flip order of netlogon tests
The previous change to not run rpc tests in reverse order results in
the following failure:
  Testing netr_LogonGetDomainInfo
  UNEXPECTED(failure): samba4.rpc.netlogon with
                       seal,padcheck.netlogon.GetDomainInfo(ad_dc)
  REASON: Exception: ../../source4/torture/rpc/netlogon.c:320:
	      Expression `plain_pass != ((void *)0)' failed: plain_pass

Restore the dependent order of netlogon tests by reversing the
torture_rpc_tcase_add_test*() calls for the suite.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-09-11 03:43:40 +00:00
Matthew DeVore
232054c09b lib/util: remove extra safe_string.h file
lib/util/safe_string.h is similar to source3/include/safe_string.h, but
the former has fewer checks. It is missing bcopy, strcasecmp, and
strncasecmp.

Add the missing elements to lib/util/safe_string.h remove the other
safe_string.h which is in the source3-specific path. To accomodate
existing uses of str(n?)casecmp, add #undef lines to source files where
they are used.

Signed-off-by: Matthew DeVore <matvore@google.com>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Aug 28 02:18:40 UTC 2020 on sn-devel-184
2020-08-28 02:18:40 +00:00
Stefan Metzmacher
8f0751b8b7 netlogon.idl: fix the marshalling of netr_trust_extension_container for NDR64
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2019-09-20 01:14:43 +00:00
Noel Power
1c6db152bf s4/torture/rpc: cppcheck: Fix ctunullpointer error
Fixes

source4/torture/rpc/netlogon.c:307: error: ctunullpointer: Null pointer dereference: p <--[cppcheck]

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Gary Lockyer gary@catalyst.net.nz
2019-06-11 12:10:17 +00:00
Gary Lockyer
96e6adedcd librpc idl: netlogon netr_identity_info logon_id to 64 bit
Fold the two 32 bit values logon_id_high and logon_id_low into a single
64 bit logon_id in netr_identity_info.  This will be used to tie
together winbind and SamLogon requests in audit logging.

Summary of the of the Query and Response from Microsoft on it's usage.

[REG:119013019612095] [MS-NRPC]: NETLOGON_LOGON_IDENTITY_INFO: Does
the Reserved field have LogonId meaning?

Questions:
  In NetrLogonSamLogonEx does the Reserved field
  (of NETLOGON_LOGON_IDENTITY_INFO) have LogonId meaning?

  What is a valid LogonID, and does have any audit usage?

  Samba is sending a constant "deadbeef" in hex and would like to
  understand any usage of this field.

Response:
  The NRPC spec is accurate in defining the field as Reserved, and without
  protocol significance. In the header file in our source code, it is
  defined as LogonId and commented as such, but it’s effectively not used.
  This is probably why the API structure has that field name. It may have
  been intended as such but it’s not used.

Samba will send a random value in this field.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-02-20 06:03:09 +01:00
Stefan Metzmacher
d5dd8fdc64 s4:torture/rpc/netlogon: verify the trusted domains output of LogonGetDomainInfo()
This makes sure we don't treat trusted domains in the same way we treat
our primary domain.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11517

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-09-04 02:31:26 +02:00
Stefan Metzmacher
dffc182c69 s4:torture/rpc/netlogon: assert that cli_credentials_get_{workstation,password} don't return NULL
This is better that generating a segfault while dereferencing a NULL
pointer later.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11517

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-09-04 02:31:26 +02:00
Andrew Bartlett
1bd627b1fc smbtorture: Add more tests around NETLOGON challenge reuse
The existing tests did not actually demonstrate what they
thought they did until the credential values were refreshed.

The new test showed this, because Samba fails it (windows passes)
due to the way we keep the last challenge on the connection.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-06-27 16:57:42 +02:00
Jeremy Allison
b2de5a81bf s4: popt: Global replace of cmdline_credentials -> popt_get_cmdline_credentials().
Add one use of popt_set_cmdline_credentials().
Fix 80 column limits when cmdline_credentials changes
to popt_get_cmdline_credentials().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-05-11 20:30:13 +02:00
Volker Lendecke
98bcdca632 torture-netlogon: Use "all_zero" where appropriate
... Saves a few bytes of footprint

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Jan  3 19:56:17 CET 2017 on sn-devel-144
2017-01-03 19:56:17 +01:00
Andrew Bartlett
cf536e36fb torture: Add ServerReqChallengeReuseGlobal2 to rpc.netlogon
This test ensures that when the per-pipe challenge is used, the tdb cache
is wiped as well

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Dec 14 15:56:37 CET 2016 on sn-devel-144
2016-12-14 15:56:37 +01:00
Andrew Bartlett
5434bde87b torture: Add ServerReqChallengeReuse to rpc.netlogon
This test covers credentials reuse on the same process.

We test with direct re-use, and for the case where the challenge
is reset to zeros.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2016-12-14 11:55:18 +01:00
Andrew Bartlett
568d250bfb torture: Add new test ServerReqChallengeReuseGlobal to rpc.netlogon
This tests ensures we can not re-use the entries in global challenge table.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2016-12-14 11:55:18 +01:00
Andrew Bartlett
ecb1f569d7 torture: Add credentials downgrade and challenge reuse test to rpc.netlogon
This test confirms that the challenge set up is available
after the ServerAuthenticate has failed at the NT_STATUS_DOWNGRADE_DETECTED
check.

This is needed for NetApp ONTAP member servers.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11291

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2016-12-14 11:55:18 +01:00
Andrew Bartlett
bf7342bdf4 torture: Remove access to LSARPC via \\pipe\netlogon in rpc.netlogon for ManyGetDCName test
This exploited the fact that we had \\pipe\lsass in both netlogon.idl and lsarpc.idl

To do this, we reset the binding to a new endpoint and reset the association group.

We add a new test specifically for this "feature" that we can knownfail if we
break it to add other new functionality.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-12-01 05:54:22 +01:00
Günther Deschner
5eb28d55a7 werror: replace WERR_UNKNOWN_LEVEL with WERR_INVALID_LEVEL in source4/torture/rpc/
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-09-28 00:04:35 +02:00
Stefan Metzmacher
bbaba64329 CVE-2016-2110: auth/credentials: pass server_timestamp to cli_credentials_get_ntlm_response()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:23 +02:00
Stefan Metzmacher
50581689d9 s4:torture/rpc: correctly use torture_skip() for test_ManyGetDCName() without NCACN_NP
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-03-17 17:17:16 +01:00
Stefan Metzmacher
1a7d8b8602 s4:torture/netlogon: add/use test_SetupCredentialsPipe() helper function
This create a schannel connection to netlogon, this makes the tests
more realistic.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-03-17 17:17:16 +01:00
Stefan Metzmacher
87bf1a6edd s4:torture/rpc: use dcerpc_secondary_auth_connection with anon creds
This is the same as calling dcerpc_secondary_connection/dcerpc_bind_auth_none.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2015-07-07 14:05:28 +02:00
Stefan Metzmacher
1e782d9695 s4:torture/rpc: sync test_LogonControl2Ex with test_LogonControl2
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2015-03-27 01:26:15 +01:00
Stefan Metzmacher
30cb12e7d2 s4:torture/rpc: let rpc.netlogon.admin pass against windows 2012r2
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2015-03-27 01:26:15 +01:00