This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
#include "librpc/gen_ndr/ndr_netlogon.h"
#include "librpc/gen_ndr/ndr_netlogon_c.h"
+#include "librpc/gen_ndr/ndr_samr_c.h"
#include "auth/auth.h"
#include "lib/crypto/crypto.h"
#include "lib/cmdline/popt_common.h"
#include "torture/rpc/rpc.h"
#include "auth/gensec/schannel_proto.h"
#include "libcli/auth/libcli_auth.h"
+#include "param/param.h"
#define TEST_MACHINE_NAME "samlogontest"
#define TEST_USER_NAME "samlogontestuser"
+#define TEST_USER_NAME_WRONG_WKS "samlogontest2"
+#define TEST_USER_NAME_WRONG_TIME "samlogontest3"
enum ntlm_break {
BREAK_BOTH,
}
switch (samlogon_state->function_level) {
- case DCERPC_NETR_LOGONSAMLOGON:
+ case NDR_NETR_LOGONSAMLOGON:
ZERO_STRUCT(samlogon_state->auth2);
creds_client_authenticator(samlogon_state->creds, &samlogon_state->auth);
break;
}
break;
- case DCERPC_NETR_LOGONSAMLOGONEX:
+ case NDR_NETR_LOGONSAMLOGONEX:
status = dcerpc_netr_LogonSamLogonEx(samlogon_state->p, samlogon_state->mem_ctx, r_ex);
if (!NT_STATUS_IS_OK(status)) {
if (error_string) {
break;
}
break;
- case DCERPC_NETR_LOGONSAMLOGONWITHFLAGS:
+ case NDR_NETR_LOGONSAMLOGONWITHFLAGS:
ZERO_STRUCT(samlogon_state->auth2);
creds_client_authenticator(samlogon_state->creds, &samlogon_state->auth);
DATA_BLOB lmv2_response = data_blob(NULL, 0);
DATA_BLOB lmv2_session_key = data_blob(NULL, 0);
DATA_BLOB ntlmv2_session_key = data_blob(NULL, 0);
- DATA_BLOB names_blob = NTLMv2_generate_names_blob(samlogon_state->mem_ctx, TEST_MACHINE_NAME, lp_workgroup());
+ DATA_BLOB names_blob = NTLMv2_generate_names_blob(samlogon_state->mem_ctx, TEST_MACHINE_NAME, lp_workgroup(global_loadparm));
uint8_t lm_session_key[8];
uint8_t user_session_key[16];
DATA_BLOB lmv2_response = data_blob(NULL, 0);
DATA_BLOB lmv2_session_key = data_blob(NULL, 0);
DATA_BLOB ntlmv2_session_key = data_blob(NULL, 0);
- DATA_BLOB names_blob = NTLMv2_generate_names_blob(samlogon_state->mem_ctx, lp_netbios_name(), lp_workgroup());
+ DATA_BLOB names_blob = NTLMv2_generate_names_blob(samlogon_state->mem_ctx, lp_netbios_name(global_loadparm), lp_workgroup(global_loadparm));
DATA_BLOB ntlm_response = data_blob_talloc(samlogon_state->mem_ctx, NULL, 24);
DATA_BLOB ntlm_session_key = data_blob_talloc(samlogon_state->mem_ctx, NULL, 16);
int validation_levels[] = {2,3,6};
int logon_levels[] = { 2, 6 };
int function_levels[] = {
- DCERPC_NETR_LOGONSAMLOGON,
- DCERPC_NETR_LOGONSAMLOGONEX,
- DCERPC_NETR_LOGONSAMLOGONWITHFLAGS };
+ NDR_NETR_LOGONSAMLOGON,
+ NDR_NETR_LOGONSAMLOGONEX,
+ NDR_NETR_LOGONSAMLOGONWITHFLAGS };
struct samlogon_state samlogon_state;
d_printf("testing netr_LogonSamLogon and netr_LogonSamLogonWithFlags\n");
struct cli_credentials *machine_credentials;
TALLOC_CTX *mem_ctx = talloc_init("torture_rpc_netlogon");
BOOL ret = True;
- struct test_join *join_ctx;
- struct test_join *user_ctx;
- char *user_password;
+ struct test_join *join_ctx = NULL;
+ struct test_join *user_ctx = NULL, *user_ctx_wrong_wks = NULL, *user_ctx_wrong_time = NULL;
+ char *user_password, *user_password_wrong_wks, *user_password_wrong_time;
const char *old_user_password;
char *test_machine_account;
- const char *binding = lp_parm_string(-1, "torture", "binding");
const char *userdomain;
+ struct samr_SetUserInfo s;
+ union samr_UserInfo u;
int i;
int ci;
return False;
}
- userdomain = lp_parm_string(-1, "torture", "userdomain");
- if (!userdomain) {
- userdomain = lp_workgroup();
- }
+ userdomain = torture_setting_string(torture, "userdomain", lp_workgroup(global_loadparm));
- user_ctx = torture_create_testuser(TEST_USER_NAME,
+ user_ctx = torture_create_testuser(torture,
+ TEST_USER_NAME,
userdomain,
ACB_NORMAL,
(const char **)&user_password);
if (!user_ctx) {
- d_printf("Failed to join as Workstation\n");
+ d_printf("Failed to create a test user\n");
return False;
}
TEST_USER_NAME, 16 /* > 14 */, &user_password,
NULL, 0, False);
- status = dcerpc_parse_binding(mem_ctx, binding, &b);
+ user_ctx_wrong_wks = torture_create_testuser(torture,
+ TEST_USER_NAME_WRONG_WKS,
+ userdomain,
+ ACB_NORMAL,
+ (const char **)&user_password_wrong_wks);
+ if (!user_ctx_wrong_wks) {
+ d_printf("Failed to create a test user (wrong workstation test)\n");
+ return False;
+ }
+
+ ZERO_STRUCT(u);
+ s.in.user_handle = torture_join_samr_user_policy(user_ctx_wrong_wks);
+ s.in.info = &u;
+ s.in.level = 21;
+
+ u.info21.fields_present = SAMR_FIELD_WORKSTATIONS;
+ u.info21.workstations.string = "not" TEST_MACHINE_NAME;
+
+ status = dcerpc_samr_SetUserInfo(torture_join_samr_pipe(user_ctx_wrong_wks), mem_ctx, &s);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("SetUserInfo (list of workstations) failed - %s\n", nt_errstr(status));
+ ret = False;
+ goto failed;
+ }
+
+ user_ctx_wrong_time
+ = torture_create_testuser(torture, TEST_USER_NAME_WRONG_TIME,
+ userdomain,
+ ACB_NORMAL,
+ (const char **)&user_password_wrong_time);
+ if (!user_ctx_wrong_time) {
+ d_printf("Failed to create a test user (wrong workstation test)\n");
+ return False;
+ }
+
+ ZERO_STRUCT(u);
+ s.in.user_handle = torture_join_samr_user_policy(user_ctx_wrong_time);
+ s.in.info = &u;
+ s.in.level = 21;
+
+ u.info21.fields_present = SAMR_FIELD_WORKSTATIONS | SAMR_FIELD_LOGON_HOURS;
+ u.info21.workstations.string = TEST_MACHINE_NAME;
+ u.info21.logon_hours.units_per_week = 168;
+ u.info21.logon_hours.bits = talloc_zero_array(mem_ctx, uint8_t, 168);
+
+ status = dcerpc_samr_SetUserInfo(torture_join_samr_pipe(user_ctx_wrong_time), mem_ctx, &s);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("SetUserInfo (logon times and list of workstations) failed - %s\n", nt_errstr(status));
+ ret = False;
+ goto failed;
+ }
+
+ status = torture_rpc_binding(torture, &b);
if (!NT_STATUS_IS_OK(status)) {
- d_printf("Bad binding string %s\n", binding);
ret = False;
goto failed;
}
b->flags |= DCERPC_SCHANNEL | DCERPC_SIGN | DCERPC_SCHANNEL_128;
status = dcerpc_pipe_connect_b(mem_ctx, &p, b,
- &dcerpc_table_netlogon,
+ &ndr_table_netlogon,
machine_credentials, NULL);
if (!NT_STATUS_IS_OK(status)) {
.username = talloc_asprintf(mem_ctx,
"%s@%s",
TEST_USER_NAME,
- lp_realm()),
+ lp_realm(global_loadparm)),
.password = user_password,
.network_login = True,
.expected_interactive_error = NT_STATUS_OK,
.expected_interactive_error = NT_STATUS_WRONG_PASSWORD,
.expected_network_error = NT_STATUS_OK,
.old_password = True
+ },
+ {
+ .comment = "test user (wong workstation): domain\\user",
+ .domain = userdomain,
+ .username = TEST_USER_NAME_WRONG_WKS,
+ .password = user_password_wrong_wks,
+ .network_login = True,
+ .expected_interactive_error = NT_STATUS_INVALID_WORKSTATION,
+ .expected_network_error = NT_STATUS_INVALID_WORKSTATION
}
};
torture_leave_domain(join_ctx);
torture_leave_domain(user_ctx);
+ torture_leave_domain(user_ctx_wrong_wks);
+ torture_leave_domain(user_ctx_wrong_time);
return ret;
}