9a9c3039d2f69841db88d5c18999fd8e70da8ffc
[samba.git] / source / torture / rpc / samlogon.c
1 /* 
2    Unix SMB/CIFS implementation.
3
4    test suite for netlogon SamLogon operations
5
6    Copyright (C) Andrew Tridgell 2003
7    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2003-2004
8    Copyright (C) Tim Potter      2003
9    
10    This program is free software; you can redistribute it and/or modify
11    it under the terms of the GNU General Public License as published by
12    the Free Software Foundation; either version 2 of the License, or
13    (at your option) any later version.
14    
15    This program is distributed in the hope that it will be useful,
16    but WITHOUT ANY WARRANTY; without even the implied warranty of
17    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
18    GNU General Public License for more details.
19    
20    You should have received a copy of the GNU General Public License
21    along with this program; if not, write to the Free Software
22    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23 */
24
25 #include "includes.h"
26 #include "librpc/gen_ndr/ndr_netlogon.h"
27 #include "auth/auth.h"
28 #include "lib/crypto/crypto.h"
29 #include "lib/cmdline/popt_common.h"
30
31 #define TEST_MACHINE_NAME "samlogontest"
32 #define TEST_USER_NAME "samlogontestuser"
33
34 enum ntlm_break {
35         BREAK_BOTH,
36         BREAK_NONE,
37         BREAK_LM,
38         BREAK_NT,
39         NO_LM,
40         NO_NT
41 };
42
43 struct samlogon_state {
44         TALLOC_CTX *mem_ctx;
45         const char *account_name;
46         const char *account_domain;
47         const char *password;
48         struct dcerpc_pipe *p;
49         int function_level;
50         struct netr_LogonSamLogon r;
51         struct netr_LogonSamLogonEx r_ex;
52         struct netr_LogonSamLogonWithFlags r_flags;
53         struct netr_Authenticator auth, auth2;
54         struct creds_CredentialState *creds;
55
56         DATA_BLOB chall;
57 };
58
59 /* 
60    Authenticate a user with a challenge/response, checking session key
61    and valid authentication types
62 */
63 static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state, 
64                                enum ntlm_break break_which,
65                                DATA_BLOB *chall, 
66                                DATA_BLOB *lm_response, 
67                                DATA_BLOB *nt_response, 
68                                uint8_t lm_key[8], 
69                                uint8_t user_session_key[16], 
70                                char **error_string)
71 {
72         NTSTATUS status;
73         struct netr_LogonSamLogon *r = &samlogon_state->r;
74         struct netr_LogonSamLogonEx *r_ex = &samlogon_state->r_ex;
75         struct netr_LogonSamLogonWithFlags *r_flags = &samlogon_state->r_flags;
76         struct netr_NetworkInfo ninfo;
77         struct netr_SamBaseInfo *base = NULL;
78         uint16_t validation_level = 0;
79         
80         samlogon_state->r.in.logon.network = &ninfo;
81         samlogon_state->r_ex.in.logon.network = &ninfo;
82         samlogon_state->r_flags.in.logon.network = &ninfo;
83         
84         ninfo.identity_info.domain_name.string = samlogon_state->account_domain;
85         ninfo.identity_info.parameter_control = 0;
86         ninfo.identity_info.logon_id_low = 0;
87         ninfo.identity_info.logon_id_high = 0;
88         ninfo.identity_info.account_name.string = samlogon_state->account_name;
89         ninfo.identity_info.workstation.string = TEST_MACHINE_NAME;
90                 
91         memcpy(ninfo.challenge, chall->data, 8);
92                 
93         switch (break_which) {
94         case BREAK_NONE:
95                 break;
96         case BREAK_LM:
97                 if (lm_response && lm_response->data) {
98                         lm_response->data[0]++;
99                 }
100                 break;
101         case BREAK_NT:
102                 if (nt_response && nt_response->data) {
103                         nt_response->data[0]++;
104                 }
105                 break;
106         case BREAK_BOTH:
107                 if (lm_response && lm_response->data) {
108                         lm_response->data[0]++;
109                 }
110                 if (nt_response && nt_response->data) {
111                         nt_response->data[0]++;
112                 }
113                 break;
114         case NO_LM:
115                 data_blob_free(lm_response);
116                 break;
117         case NO_NT:
118                 data_blob_free(nt_response);
119                 break;
120         }
121                 
122         if (nt_response) {
123                 ninfo.nt.data = nt_response->data;
124                 ninfo.nt.length = nt_response->length;
125         } else {
126                 ninfo.nt.data = NULL;
127                 ninfo.nt.length = 0;
128         }
129                 
130         if (lm_response) {
131                 ninfo.lm.data = lm_response->data;
132                 ninfo.lm.length = lm_response->length;
133         } else {
134                 ninfo.lm.data = NULL;
135                 ninfo.lm.length = 0;
136         }
137         
138         switch (samlogon_state->function_level) {
139         case DCERPC_NETR_LOGONSAMLOGON: 
140                 ZERO_STRUCT(samlogon_state->auth2);
141                 creds_client_authenticator(samlogon_state->creds, &samlogon_state->auth);
142
143                 r->out.return_authenticator = NULL;
144                 status = dcerpc_netr_LogonSamLogon(samlogon_state->p, samlogon_state->mem_ctx, r);
145                 if (!r->out.return_authenticator || 
146                     !creds_client_check(samlogon_state->creds, &r->out.return_authenticator->cred)) {
147                         printf("Credential chaining failed\n");
148                 }
149                 if (!NT_STATUS_IS_OK(status)) {
150                         if (error_string) {
151                                 *error_string = strdup(nt_errstr(status));
152                         }
153                 }
154
155                 validation_level = r->in.validation_level;
156                 switch (validation_level) {
157                 case 2:
158                         base = &r->out.validation.sam2->base;
159                         break;
160                 case 3:
161                         base = &r->out.validation.sam3->base;
162                         break;
163                 case 6:
164                         base = &r->out.validation.sam6->base;
165                         break;
166                 }
167                 break;
168         case DCERPC_NETR_LOGONSAMLOGONEX: 
169                 status = dcerpc_netr_LogonSamLogonEx(samlogon_state->p, samlogon_state->mem_ctx, r_ex);
170                 if (!NT_STATUS_IS_OK(status)) {
171                         if (error_string) {
172                                 *error_string = strdup(nt_errstr(status));
173                         }
174                 }
175
176                 validation_level = r_ex->in.validation_level;
177                 switch (validation_level) {
178                 case 2:
179                         base = &r_ex->out.validation.sam2->base;
180                         break;
181                 case 3:
182                         base = &r_ex->out.validation.sam3->base;
183                         break;
184                 case 6:
185                         base = &r_ex->out.validation.sam6->base;
186                         break;
187                 }
188                 break;
189         case DCERPC_NETR_LOGONSAMLOGONWITHFLAGS: 
190                 ZERO_STRUCT(samlogon_state->auth2);
191                 creds_client_authenticator(samlogon_state->creds, &samlogon_state->auth);
192
193                 r_flags->out.return_authenticator = NULL;
194                 status = dcerpc_netr_LogonSamLogonWithFlags(samlogon_state->p, samlogon_state->mem_ctx, r_flags);
195                 if (!r_flags->out.return_authenticator || 
196                     !creds_client_check(samlogon_state->creds, &r_flags->out.return_authenticator->cred)) {
197                         printf("Credential chaining failed\n");
198                 }
199                 if (!NT_STATUS_IS_OK(status)) {
200                         if (error_string) {
201                                 *error_string = strdup(nt_errstr(status));
202                         }
203                 }
204
205                 validation_level = r_flags->in.validation_level;
206                 switch (validation_level) {
207                 case 2:
208                         base = &r_flags->out.validation.sam2->base;
209                         break;
210                 case 3:
211                         base = &r_flags->out.validation.sam3->base;
212                         break;
213                 case 6:
214                         base = &r_flags->out.validation.sam6->base;
215                         break;
216                 }
217                 break;
218         }
219                 
220
221         if (!NT_STATUS_IS_OK(status)) {
222                 /* we cannot check the session key, if the logon failed... */
223                 return status;
224         }
225
226         if (!base) {
227                 printf("No user info returned from 'successful' SamLogon*() call!\n");
228                 return NT_STATUS_INVALID_PARAMETER;
229         }
230
231         /* find and decyrpt the session keys, return in parameters above */
232         if (validation_level == 6) {
233                 /* they aren't encrypted! */
234                 if (user_session_key) {
235                         memcpy(user_session_key, base->key.key, 16);
236                 }
237                 if (lm_key) {
238                         memcpy(lm_key, base->LMSessKey.key, 8);
239                 }
240         } else if (samlogon_state->creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
241                 static const char zeros[16];
242                         
243                 if (memcmp(base->key.key, zeros,  
244                            sizeof(base->key.key)) != 0) {
245                         creds_arcfour_crypt(samlogon_state->creds, 
246                                             base->key.key, 
247                                             sizeof(base->key.key));
248                 }
249                         
250                 if (user_session_key) {
251                         memcpy(user_session_key, base->key.key, 16);
252                 }
253                         
254                 if (memcmp(base->LMSessKey.key, zeros,  
255                            sizeof(base->LMSessKey.key)) != 0) {
256                         creds_arcfour_crypt(samlogon_state->creds, 
257                                             base->LMSessKey.key, 
258                                             sizeof(base->LMSessKey.key));
259                 }
260                         
261                 if (lm_key) {
262                         memcpy(lm_key, base->LMSessKey.key, 8);
263                 }
264         } else {
265                 static const char zeros[16];
266                         
267                 if (user_session_key) {
268                         memcpy(user_session_key, base->key.key, 16);
269                 }
270
271                 if (memcmp(base->LMSessKey.key, zeros,  
272                            sizeof(base->LMSessKey.key)) != 0) {
273                         creds_des_decrypt_LMKey(samlogon_state->creds, 
274                                                 &base->LMSessKey);
275                 }
276                         
277                 if (lm_key) {
278                         memcpy(lm_key, base->LMSessKey.key, 8);
279                 }
280         }
281         
282         return status;
283
284
285
286 /* 
287  * Test the normal 'LM and NTLM' combination
288  */
289
290 static BOOL test_lm_ntlm_broken(struct samlogon_state *samlogon_state, enum ntlm_break break_which, char **error_string) 
291 {
292         BOOL pass = True;
293         BOOL lm_good;
294         NTSTATUS nt_status;
295         DATA_BLOB lm_response = data_blob_talloc(samlogon_state->mem_ctx, NULL, 24);
296         DATA_BLOB nt_response = data_blob_talloc(samlogon_state->mem_ctx, NULL, 24);
297         DATA_BLOB session_key = data_blob_talloc(samlogon_state->mem_ctx, NULL, 16);
298
299         uint8_t lm_key[8];
300         uint8_t user_session_key[16];
301         uint8_t lm_hash[16];
302         uint8_t nt_hash[16];
303         
304         ZERO_STRUCT(lm_key);
305         ZERO_STRUCT(user_session_key);
306
307         lm_good = SMBencrypt(samlogon_state->password, samlogon_state->chall.data, lm_response.data);
308         if (!lm_good) {
309                 ZERO_STRUCT(lm_hash);
310         } else {
311                 E_deshash(samlogon_state->password, lm_hash); 
312         }
313                 
314         SMBNTencrypt(samlogon_state->password, samlogon_state->chall.data, nt_response.data);
315
316         E_md4hash(samlogon_state->password, nt_hash);
317         SMBsesskeygen_ntv1(nt_hash, session_key.data);
318
319         nt_status = check_samlogon(samlogon_state,
320                                    break_which,
321                                    &samlogon_state->chall,
322                                    &lm_response,
323                                    &nt_response,
324                                    lm_key, 
325                                    user_session_key,
326                                    error_string);
327         
328         data_blob_free(&lm_response);
329
330         if (NT_STATUS_EQUAL(NT_STATUS_WRONG_PASSWORD, nt_status)) {
331                 /* for 'long' passwords, the LM password is invalid */
332                 if (break_which == NO_NT && !lm_good) {
333                         return True;
334                 }
335                 return ((break_which == BREAK_NT) || (break_which == BREAK_BOTH));
336         }
337
338         if (!NT_STATUS_IS_OK(nt_status)) {
339                 return False;
340         }
341
342         if (break_which == NO_NT && !lm_good) {
343                 printf("LM password is 'long' (> 14 chars and therefore invalid) but login did not fail!");
344                 return False;
345         }
346
347         if (memcmp(lm_hash, lm_key, 
348                    sizeof(lm_key)) != 0) {
349                 printf("LM Key does not match expectations!\n");
350                 printf("lm_key:\n");
351                 dump_data(1, lm_key, 8);
352                 printf("expected:\n");
353                 dump_data(1, lm_hash, 8);
354                 pass = False;
355         }
356
357         switch (break_which) {
358         case NO_NT:
359         {
360                 uint8_t lm_key_expected[16];
361                 memcpy(lm_key_expected, lm_hash, 8);
362                 memset(lm_key_expected+8, '\0', 8);
363                 if (memcmp(lm_key_expected, user_session_key, 
364                            16) != 0) {
365                         printf("NT Session Key does not match expectations (should be first-8 LM hash)!\n");
366                         printf("user_session_key:\n");
367                         dump_data(1, user_session_key, sizeof(user_session_key));
368                         printf("expected:\n");
369                         dump_data(1, lm_key_expected, sizeof(lm_key_expected));
370                         pass = False;
371                 }
372                 break;
373         }
374         default:
375                 if (memcmp(session_key.data, user_session_key, 
376                            sizeof(user_session_key)) != 0) {
377                         printf("NT Session Key does not match expectations!\n");
378                         printf("user_session_key:\n");
379                         dump_data(1, user_session_key, 16);
380                         printf("expected:\n");
381                         dump_data(1, session_key.data, session_key.length);
382                         pass = False;
383                 }
384         }
385         return pass;
386 }
387
388 /* 
389  * Test LM authentication, no NT response supplied
390  */
391
392 static BOOL test_lm(struct samlogon_state *samlogon_state, char **error_string) 
393 {
394
395         return test_lm_ntlm_broken(samlogon_state, NO_NT, error_string);
396 }
397
398 /* 
399  * Test the NTLM response only, no LM.
400  */
401
402 static BOOL test_ntlm(struct samlogon_state *samlogon_state, char **error_string) 
403 {
404         return test_lm_ntlm_broken(samlogon_state, NO_LM, error_string);
405 }
406
407 /* 
408  * Test the NTLM response only, but in the LM field.
409  */
410
411 static BOOL test_ntlm_in_lm(struct samlogon_state *samlogon_state, char **error_string) 
412 {
413         BOOL pass = True;
414         NTSTATUS nt_status;
415         DATA_BLOB nt_response = data_blob_talloc(samlogon_state->mem_ctx, NULL, 24);
416
417         uint8_t lm_key[8];
418         uint8_t lm_hash[16];
419         uint8_t user_session_key[16];
420         
421         ZERO_STRUCT(user_session_key);
422
423         SMBNTencrypt(samlogon_state->password, samlogon_state->chall.data, nt_response.data);
424
425         E_deshash(samlogon_state->password, lm_hash); 
426
427         nt_status = check_samlogon(samlogon_state,
428                                    BREAK_NONE,
429                                    &samlogon_state->chall,
430                                    &nt_response,
431                                    NULL,
432                                    lm_key, 
433                                    user_session_key,
434                                    error_string);
435         
436         if (!NT_STATUS_IS_OK(nt_status)) {
437                 return False;
438         }
439
440         if (memcmp(lm_hash, lm_key, 
441                    sizeof(lm_key)) != 0) {
442                 printf("LM Key does not match expectations!\n");
443                 printf("lm_key:\n");
444                 dump_data(1, lm_key, 8);
445                 printf("expected:\n");
446                 dump_data(1, lm_hash, 8);
447                 pass = False;
448         }
449         if (memcmp(lm_hash, user_session_key, 8) != 0) {
450                 uint8_t lm_key_expected[16];
451                 memcpy(lm_key_expected, lm_hash, 8);
452                 memset(lm_key_expected+8, '\0', 8);
453                 if (memcmp(lm_key_expected, user_session_key, 
454                            16) != 0) {
455                         printf("NT Session Key does not match expectations (should be first-8 LM hash)!\n");
456                         printf("user_session_key:\n");
457                         dump_data(1, user_session_key, sizeof(user_session_key));
458                         printf("expected:\n");
459                         dump_data(1, lm_key_expected, sizeof(lm_key_expected));
460                         pass = False;
461                 }
462         }
463         return pass;
464 }
465
466 /* 
467  * Test the NTLM response only, but in the both the NT and LM fields.
468  */
469
470 static BOOL test_ntlm_in_both(struct samlogon_state *samlogon_state, char **error_string) 
471 {
472         BOOL pass = True;
473         BOOL lm_good;
474         NTSTATUS nt_status;
475         DATA_BLOB nt_response = data_blob_talloc(samlogon_state->mem_ctx, NULL, 24);
476         DATA_BLOB session_key = data_blob_talloc(samlogon_state->mem_ctx, NULL, 16);
477
478         uint8_t lm_key[8];
479         uint8_t lm_hash[16];
480         uint8_t user_session_key[16];
481         uint8_t nt_hash[16];
482         
483         ZERO_STRUCT(lm_key);
484         ZERO_STRUCT(user_session_key);
485
486         SMBNTencrypt(samlogon_state->password, samlogon_state->chall.data, 
487                      nt_response.data);
488         E_md4hash(samlogon_state->password, nt_hash);
489         SMBsesskeygen_ntv1(nt_hash, 
490                            session_key.data);
491
492         lm_good = E_deshash(samlogon_state->password, lm_hash); 
493         if (!lm_good) {
494                 ZERO_STRUCT(lm_hash);
495         }
496
497         nt_status = check_samlogon(samlogon_state,
498                                    BREAK_NONE,
499                                    &samlogon_state->chall,
500                                    NULL, 
501                                    &nt_response,
502                                    lm_key, 
503                                    user_session_key,
504                                    error_string);
505         
506         if (!NT_STATUS_IS_OK(nt_status)) {
507                 return False;
508         }
509
510         if (memcmp(lm_hash, lm_key, 
511                    sizeof(lm_key)) != 0) {
512                 printf("LM Key does not match expectations!\n");
513                 printf("lm_key:\n");
514                 dump_data(1, lm_key, 8);
515                 printf("expected:\n");
516                 dump_data(1, lm_hash, 8);
517                 pass = False;
518         }
519         if (memcmp(session_key.data, user_session_key, 
520                    sizeof(user_session_key)) != 0) {
521                 printf("NT Session Key does not match expectations!\n");
522                 printf("user_session_key:\n");
523                 dump_data(1, user_session_key, 16);
524                 printf("expected:\n");
525                 dump_data(1, session_key.data, session_key.length);
526                 pass = False;
527         }
528
529
530         return pass;
531 }
532
533 /* 
534  * Test the NTLMv2 and LMv2 responses
535  */
536
537 static BOOL test_lmv2_ntlmv2_broken(struct samlogon_state *samlogon_state, enum ntlm_break break_which, char **error_string) 
538 {
539         BOOL pass = True;
540         NTSTATUS nt_status;
541         DATA_BLOB ntlmv2_response = data_blob(NULL, 0);
542         DATA_BLOB lmv2_response = data_blob(NULL, 0);
543         DATA_BLOB lmv2_session_key = data_blob(NULL, 0);
544         DATA_BLOB ntlmv2_session_key = data_blob(NULL, 0);
545         DATA_BLOB names_blob = NTLMv2_generate_names_blob(samlogon_state->mem_ctx, lp_netbios_name(), lp_workgroup());
546
547         uint8_t lm_session_key[8];
548         uint8_t user_session_key[16];
549
550         ZERO_STRUCT(lm_session_key);
551         ZERO_STRUCT(user_session_key);
552         
553         /* TODO - test with various domain cases, and without domain */
554         if (!SMBNTLMv2encrypt(samlogon_state->account_name, samlogon_state->account_domain, 
555                               samlogon_state->password, &samlogon_state->chall,
556                               &names_blob,
557                               &lmv2_response, &ntlmv2_response, 
558                               &lmv2_session_key, &ntlmv2_session_key)) {
559                 data_blob_free(&names_blob);
560                 return False;
561         }
562         data_blob_free(&names_blob);
563
564         nt_status = check_samlogon(samlogon_state,
565                                    break_which,
566                                    &samlogon_state->chall,
567                                    &lmv2_response,
568                                    &ntlmv2_response,
569                                    lm_session_key, 
570                                    user_session_key,
571                                    error_string);
572         
573         data_blob_free(&lmv2_response);
574         data_blob_free(&ntlmv2_response);
575
576
577         if (NT_STATUS_EQUAL(nt_status, NT_STATUS_WRONG_PASSWORD)) {
578                 return break_which == BREAK_BOTH;
579         }
580
581         if (!NT_STATUS_IS_OK(nt_status)) {
582                 return False;
583         }
584
585         switch (break_which) {
586         case NO_NT:
587                 if (memcmp(lmv2_session_key.data, user_session_key,
588                            sizeof(user_session_key)) != 0) {
589                         printf("USER (LMv2) Session Key does not match expectations!\n");
590                         printf("user_session_key:\n");
591                         dump_data(1, user_session_key, 16);
592                         printf("expected:\n");
593                         dump_data(1, lmv2_session_key.data, ntlmv2_session_key.length);
594                         pass = False;
595                 }
596                 if (memcmp(lmv2_session_key.data, lm_session_key, 
597                            sizeof(lm_session_key)) != 0) {
598                         printf("LM (LMv2) Session Key does not match expectations!\n");
599                         printf("lm_session_key:\n");
600                         dump_data(1, lm_session_key, 8);
601                         printf("expected:\n");
602                         dump_data(1, lmv2_session_key.data, 8);
603                         pass = False;
604                 }
605                 break;
606         default:
607                 if (memcmp(ntlmv2_session_key.data, user_session_key, 
608                            sizeof(user_session_key)) != 0) {
609                         if (memcmp(lmv2_session_key.data, user_session_key,
610                                    sizeof(user_session_key)) == 0) {
611                                 printf("USER (NTLMv2) Session Key expected, got LMv2 sessesion key instead:\n");
612                                 printf("user_session_key:\n");
613                                 dump_data(1, user_session_key, 16);
614                                 printf("expected:\n");
615                                 dump_data(1, ntlmv2_session_key.data, ntlmv2_session_key.length);
616                                 pass = False;
617                                 
618                         } else {
619                                 printf("USER (NTLMv2) Session Key does not match expectations!\n");
620                                 printf("user_session_key:\n");
621                                 dump_data(1, user_session_key, 16);
622                                 printf("expected:\n");
623                                 dump_data(1, ntlmv2_session_key.data, ntlmv2_session_key.length);
624                                 pass = False;
625                         }
626                 }
627                 if (memcmp(ntlmv2_session_key.data, lm_session_key, 
628                            sizeof(lm_session_key)) != 0) {
629                         if (memcmp(lmv2_session_key.data, lm_session_key,
630                                    sizeof(lm_session_key)) == 0) {
631                                 printf("LM (NTLMv2) Session Key expected, got LMv2 sessesion key instead:\n");
632                                 printf("user_session_key:\n");
633                                 dump_data(1, lm_session_key, 8);
634                                 printf("expected:\n");
635                                 dump_data(1, ntlmv2_session_key.data, 8);
636                                 pass = False;
637                         } else {
638                                 printf("LM (NTLMv2) Session Key does not match expectations!\n");
639                                 printf("lm_session_key:\n");
640                                 dump_data(1, lm_session_key, 8);
641                                 printf("expected:\n");
642                                 dump_data(1, ntlmv2_session_key.data, 8);
643                                 pass = False;
644                         }
645                 }
646         }
647
648         return pass;
649 }
650
651 /* 
652  * Test the NTLM and LMv2 responses
653  */
654
655 static BOOL test_lmv2_ntlm_broken(struct samlogon_state *samlogon_state, enum ntlm_break break_which, char **error_string) 
656 {
657         BOOL pass = True;
658         NTSTATUS nt_status;
659         DATA_BLOB ntlmv2_response = data_blob(NULL, 0);
660         DATA_BLOB lmv2_response = data_blob(NULL, 0);
661         DATA_BLOB lmv2_session_key = data_blob(NULL, 0);
662         DATA_BLOB ntlmv2_session_key = data_blob(NULL, 0);
663         DATA_BLOB names_blob = NTLMv2_generate_names_blob(samlogon_state->mem_ctx, lp_netbios_name(), lp_workgroup());
664
665         DATA_BLOB ntlm_response = data_blob_talloc(samlogon_state->mem_ctx, NULL, 24);
666         DATA_BLOB ntlm_session_key = data_blob_talloc(samlogon_state->mem_ctx, NULL, 16);
667
668         uint8_t lm_hash[16];
669         uint8_t lm_session_key[8];
670         uint8_t user_session_key[16];
671         uint8_t nt_hash[16];
672
673         SMBNTencrypt(samlogon_state->password, samlogon_state->chall.data, 
674                      ntlm_response.data);
675         E_md4hash(samlogon_state->password, nt_hash);
676         SMBsesskeygen_ntv1(nt_hash, 
677                            ntlm_session_key.data);
678         E_deshash(samlogon_state->password, lm_hash); 
679
680         ZERO_STRUCT(lm_session_key);
681         ZERO_STRUCT(user_session_key);
682         
683         /* TODO - test with various domain cases, and without domain */
684         if (!SMBNTLMv2encrypt(samlogon_state->account_name, samlogon_state->account_domain, 
685                               samlogon_state->password, &samlogon_state->chall,
686                               &names_blob,
687                               &lmv2_response, &ntlmv2_response, 
688                               &lmv2_session_key, &ntlmv2_session_key)) {
689                 data_blob_free(&names_blob);
690                 return False;
691         }
692         data_blob_free(&names_blob);
693
694         nt_status = check_samlogon(samlogon_state,
695                                    break_which,
696                                    &samlogon_state->chall,
697                                    &lmv2_response,
698                                    &ntlm_response,
699                                    lm_session_key, 
700                                    user_session_key,
701                                    error_string);
702         
703         data_blob_free(&lmv2_response);
704         data_blob_free(&ntlmv2_response);
705
706
707         if (NT_STATUS_EQUAL(NT_STATUS_WRONG_PASSWORD, nt_status)) {
708                 return ((break_which == BREAK_NT) || (break_which == BREAK_BOTH));
709         }
710
711         if (!NT_STATUS_IS_OK(nt_status)) {
712                 return False;
713         }
714
715         switch (break_which) {
716         case NO_NT:
717                 if (memcmp(lmv2_session_key.data, user_session_key, 
718                            sizeof(user_session_key)) != 0) {
719                         printf("USER (LMv2) Session Key does not match expectations!\n");
720                         printf("user_session_key:\n");
721                         dump_data(1, user_session_key, 16);
722                         printf("expected:\n");
723                         dump_data(1, lmv2_session_key.data, ntlmv2_session_key.length);
724                         pass = False;
725                 }
726                 if (memcmp(lmv2_session_key.data, lm_session_key, 
727                            sizeof(lm_session_key)) != 0) {
728                         printf("LM (LMv2) Session Key does not match expectations!\n");
729                         printf("lm_session_key:\n");
730                         dump_data(1, lm_session_key, 8);
731                         printf("expected:\n");
732                         dump_data(1, lmv2_session_key.data, 8);
733                         pass = False;
734                 }
735                 break;
736         case BREAK_LM:
737                 if (memcmp(ntlm_session_key.data, user_session_key, 
738                            sizeof(user_session_key)) != 0) {
739                         printf("USER (NTLMv2) Session Key does not match expectations!\n");
740                         printf("user_session_key:\n");
741                         dump_data(1, user_session_key, 16);
742                         printf("expected:\n");
743                         dump_data(1, ntlm_session_key.data, ntlm_session_key.length);
744                         pass = False;
745                 }
746                 if (memcmp(lm_hash, lm_session_key, 
747                            sizeof(lm_session_key)) != 0) {
748                         printf("LM Session Key does not match expectations!\n");
749                         printf("lm_session_key:\n");
750                         dump_data(1, lm_session_key, 8);
751                         printf("expected:\n");
752                         dump_data(1, lm_hash, 8);
753                         pass = False;
754                 }
755                 break;
756         default:
757                 if (memcmp(ntlm_session_key.data, user_session_key, 
758                            sizeof(user_session_key)) != 0) {
759                         printf("USER (NTLMv2) Session Key does not match expectations!\n");
760                         printf("user_session_key:\n");
761                         dump_data(1, user_session_key, 16);
762                         printf("expected:\n");
763                         dump_data(1, ntlm_session_key.data, ntlm_session_key.length);
764                         pass = False;
765                 }
766                 if (memcmp(ntlm_session_key.data, lm_session_key, 
767                            sizeof(lm_session_key)) != 0) {
768                         printf("LM (NTLMv2) Session Key does not match expectations!\n");
769                         printf("lm_session_key:\n");
770                         dump_data(1, lm_session_key, 8);
771                         printf("expected:\n");
772                         dump_data(1, ntlm_session_key.data, 8);
773                         pass = False;
774                 }
775         }
776
777         return pass;
778 }
779
780 /* 
781  * Test the NTLMv2 and LMv2 responses
782  */
783
784 static BOOL test_lmv2_ntlmv2(struct samlogon_state *samlogon_state, char **error_string) 
785 {
786         return test_lmv2_ntlmv2_broken(samlogon_state, BREAK_NONE, error_string);
787 }
788
789 /* 
790  * Test the LMv2 response only
791  */
792
793 static BOOL test_lmv2(struct samlogon_state *samlogon_state, char **error_string) 
794 {
795         return test_lmv2_ntlmv2_broken(samlogon_state, NO_NT, error_string);
796 }
797
798 /* 
799  * Test the NTLMv2 response only
800  */
801
802 static BOOL test_ntlmv2(struct samlogon_state *samlogon_state, char **error_string) 
803 {
804         return test_lmv2_ntlmv2_broken(samlogon_state, NO_LM, error_string);
805 }
806
807 static BOOL test_lm_ntlm(struct samlogon_state *samlogon_state, char **error_string) 
808 {
809         return test_lm_ntlm_broken(samlogon_state, BREAK_NONE, error_string);
810 }
811
812 static BOOL test_ntlm_lm_broken(struct samlogon_state *samlogon_state, char **error_string) 
813 {
814         return test_lm_ntlm_broken(samlogon_state, BREAK_LM, error_string);
815 }
816
817 static BOOL test_ntlm_ntlm_broken(struct samlogon_state *samlogon_state, char **error_string) 
818 {
819         return test_lm_ntlm_broken(samlogon_state, BREAK_NT, error_string);
820 }
821
822 static BOOL test_lm_ntlm_both_broken(struct samlogon_state *samlogon_state, char **error_string) 
823 {
824         return test_lm_ntlm_broken(samlogon_state, BREAK_BOTH, error_string);
825 }
826 static BOOL test_ntlmv2_lmv2_broken(struct samlogon_state *samlogon_state, char **error_string) 
827 {
828         return test_lmv2_ntlmv2_broken(samlogon_state, BREAK_LM, error_string);
829 }
830
831 static BOOL test_ntlmv2_ntlmv2_broken(struct samlogon_state *samlogon_state, char **error_string) 
832 {
833         return test_lmv2_ntlmv2_broken(samlogon_state, BREAK_NT, error_string);
834 }
835
836 static BOOL test_ntlmv2_both_broken(struct samlogon_state *samlogon_state, char **error_string) 
837 {
838         return test_lmv2_ntlmv2_broken(samlogon_state, BREAK_BOTH, error_string);
839 }
840
841 static BOOL test_lmv2_ntlm_both_broken(struct samlogon_state *samlogon_state, char **error_string) 
842 {
843         return test_lmv2_ntlm_broken(samlogon_state, BREAK_BOTH, error_string);
844 }
845
846 static BOOL test_lmv2_ntlm_break_ntlm(struct samlogon_state *samlogon_state, char **error_string) 
847 {
848         return test_lmv2_ntlm_broken(samlogon_state, BREAK_NT, error_string);
849 }
850
851 static BOOL test_lmv2_ntlm_break_lm(struct samlogon_state *samlogon_state, char **error_string) 
852 {
853         return test_lmv2_ntlm_broken(samlogon_state, BREAK_LM, error_string);
854 }
855
856 /* 
857  * Test the NTLM2 response (extra challenge in LM feild)
858  *
859  * This test is the same as the 'break LM' test, but checks that the
860  * server implements NTLM2 session security in the right place
861  * (NETLOGON is the wrong place).
862  */
863
864 static BOOL test_ntlm2(struct samlogon_state *samlogon_state, char **error_string) 
865 {
866         BOOL pass = True;
867         NTSTATUS nt_status;
868         DATA_BLOB lm_response = data_blob_talloc(samlogon_state->mem_ctx, NULL, 24);
869         DATA_BLOB nt_response = data_blob_talloc(samlogon_state->mem_ctx, NULL, 24);
870
871         uint8_t lm_key[8];
872         uint8_t nt_hash[16];
873         uint8_t lm_hash[16];
874         uint8_t nt_key[16];
875         uint8_t user_session_key[16];
876         uint8_t expected_user_session_key[16];
877         uint8_t session_nonce_hash[16];
878         uint8_t client_chall[8];
879         
880         struct MD5Context md5_session_nonce_ctx;
881         HMACMD5Context hmac_ctx;
882                         
883         ZERO_STRUCT(user_session_key);
884         ZERO_STRUCT(lm_key);
885         generate_random_buffer(client_chall, 8);
886         
887         MD5Init(&md5_session_nonce_ctx);
888         MD5Update(&md5_session_nonce_ctx, samlogon_state->chall.data, 8);
889         MD5Update(&md5_session_nonce_ctx, client_chall, 8);
890         MD5Final(session_nonce_hash, &md5_session_nonce_ctx);
891         
892         E_md4hash(samlogon_state->password, (uint8_t *)nt_hash);
893         E_deshash(samlogon_state->password, (uint8_t *)lm_hash);
894         SMBsesskeygen_ntv1((const uint8_t *)nt_hash, 
895                            nt_key);
896
897         SMBNTencrypt(samlogon_state->password, samlogon_state->chall.data, nt_response.data);
898
899         memcpy(lm_response.data, session_nonce_hash, 8);
900         memset(lm_response.data + 8, 0, 16);
901
902         hmac_md5_init_rfc2104(nt_key, 16, &hmac_ctx);
903         hmac_md5_update(samlogon_state->chall.data, 8, &hmac_ctx);
904         hmac_md5_update(client_chall, 8, &hmac_ctx);
905         hmac_md5_final(expected_user_session_key, &hmac_ctx);
906
907         nt_status = check_samlogon(samlogon_state,
908                                    BREAK_NONE,
909                                    &samlogon_state->chall,
910                                    &lm_response,
911                                    &nt_response,
912                                    lm_key, 
913                                    user_session_key,
914                                    error_string);
915         
916         if (!NT_STATUS_IS_OK(nt_status)) {
917                 return False;
918         }
919
920         if (memcmp(lm_hash, lm_key, 
921                    sizeof(lm_key)) != 0) {
922                 printf("LM Key does not match expectations!\n");
923                 printf("lm_key:\n");
924                 dump_data(1, lm_key, 8);
925                 printf("expected:\n");
926                 dump_data(1, lm_hash, 8);
927                 pass = False;
928         }
929         if (memcmp(nt_key, user_session_key, 16) != 0) {
930                 printf("NT Session Key does not match expectations (should be first-8 LM hash)!\n");
931                 printf("user_session_key:\n");
932                 dump_data(1, user_session_key, sizeof(user_session_key));
933                 printf("expected:\n");
934                 dump_data(1, nt_key, sizeof(nt_key));
935                 pass = False;
936         }
937         return pass;
938 }
939
940 static BOOL test_plaintext(struct samlogon_state *samlogon_state, enum ntlm_break break_which, char **error_string)
941 {
942         NTSTATUS nt_status;
943         DATA_BLOB nt_response = data_blob(NULL, 0);
944         DATA_BLOB lm_response = data_blob(NULL, 0);
945         char *password;
946         char *dospw;
947         void *unicodepw;
948
949         uint8_t user_session_key[16];
950         uint8_t lm_key[16];
951         static const uint8_t zeros[8];
952         DATA_BLOB chall = data_blob_talloc(samlogon_state->mem_ctx, zeros, sizeof(zeros));
953
954         ZERO_STRUCT(user_session_key);
955         
956         if ((push_ucs2_talloc(samlogon_state->mem_ctx, &unicodepw, 
957                               samlogon_state->password)) == -1) {
958                 DEBUG(0, ("push_ucs2_allocate failed!\n"));
959                 exit(1);
960         }
961
962         nt_response = data_blob_talloc(samlogon_state->mem_ctx, unicodepw, strlen_m(samlogon_state->password)*2);
963
964         password = strupper_talloc(samlogon_state->mem_ctx, samlogon_state->password);
965
966         if ((convert_string_talloc(samlogon_state->mem_ctx, CH_UNIX, 
967                                    CH_DOS, password,
968                                    strlen(password)+1, 
969                                    (void**)&dospw)) == -1) {
970                 DEBUG(0, ("convert_string_talloc failed!\n"));
971                 exit(1);
972         }
973
974         lm_response = data_blob_talloc(samlogon_state->mem_ctx, dospw, strlen(dospw));
975
976         nt_status = check_samlogon(samlogon_state,
977                                    break_which,
978                                    &chall,
979                                    &lm_response,
980                                    &nt_response,
981                                    lm_key, 
982                                    user_session_key,
983                                    error_string);
984         
985         if (!NT_STATUS_IS_OK(nt_status)) {
986                 return break_which == BREAK_NT;
987         }
988
989         return True;
990 }
991
992 static BOOL test_plaintext_none_broken(struct samlogon_state *samlogon_state, 
993                                        char **error_string) {
994         return test_plaintext(samlogon_state, BREAK_NONE, error_string);
995 }
996
997 static BOOL test_plaintext_lm_broken(struct samlogon_state *samlogon_state, 
998                                      char **error_string) {
999         return test_plaintext(samlogon_state, BREAK_LM, error_string);
1000 }
1001
1002 static BOOL test_plaintext_nt_broken(struct samlogon_state *samlogon_state, 
1003                                      char **error_string) {
1004         return test_plaintext(samlogon_state, BREAK_NT, error_string);
1005 }
1006
1007 static BOOL test_plaintext_nt_only(struct samlogon_state *samlogon_state, 
1008                                    char **error_string) {
1009         return test_plaintext(samlogon_state, NO_LM, error_string);
1010 }
1011
1012 static BOOL test_plaintext_lm_only(struct samlogon_state *samlogon_state, 
1013                                    char **error_string) {
1014         return test_plaintext(samlogon_state, NO_NT, error_string);
1015 }
1016
1017 /* 
1018    Tests:
1019    
1020    - LM only
1021    - NT and LM             
1022    - NT
1023    - NT in LM field
1024    - NT in both fields
1025    - NTLMv2
1026    - NTLMv2 and LMv2
1027    - LMv2
1028    - plaintext tests (in challenge-response fields)
1029   
1030    check we get the correct session key in each case
1031    check what values we get for the LM session key
1032    
1033 */
1034
1035 static const struct ntlm_tests {
1036         BOOL (*fn)(struct samlogon_state *, char **);
1037         const char *name;
1038         BOOL expect_fail;
1039 } test_table[] = {
1040         {test_lmv2_ntlmv2, "NTLMv2 and LMv2", False},
1041         {test_lm, "LM", False},
1042         {test_lm_ntlm, "LM and NTLM", False},
1043         {test_lm_ntlm_both_broken, "LM and NTLM, both broken", False},
1044         {test_ntlm, "NTLM", False},
1045         {test_ntlm_in_lm, "NTLM in LM", False},
1046         {test_ntlm_in_both, "NTLM in both", False},
1047         {test_ntlmv2, "NTLMv2", False},
1048         {test_lmv2, "LMv2", False},
1049         {test_ntlmv2_lmv2_broken, "NTLMv2 and LMv2, LMv2 broken", False},
1050         {test_ntlmv2_ntlmv2_broken, "NTLMv2 and LMv2, NTLMv2 broken", False},
1051         {test_ntlmv2_both_broken, "NTLMv2 and LMv2, both broken", False},
1052         {test_ntlm_lm_broken, "NTLM and LM, LM broken", False},
1053         {test_ntlm_ntlm_broken, "NTLM and LM, NTLM broken", False},
1054         {test_ntlm2, "NTLM2 (NTLMv2 session security)", False},
1055         {test_lmv2_ntlm_both_broken, "LMv2 and NTLM, both broken", False},
1056         {test_lmv2_ntlm_break_ntlm, "LMv2 and NTLM, NTLM broken", False},
1057         {test_lmv2_ntlm_break_lm, "LMv2 and NTLM, LMv2 broken", False},
1058         {test_plaintext_none_broken, "Plaintext", True},
1059         {test_plaintext_lm_broken, "Plaintext LM broken", True},
1060         {test_plaintext_nt_broken, "Plaintext NT broken", True},
1061         {test_plaintext_nt_only, "Plaintext NT only", True},
1062         {test_plaintext_lm_only, "Plaintext LM only", True},
1063         {NULL, NULL}
1064 };
1065
1066 /*
1067   try a netlogon SamLogon
1068 */
1069 static BOOL test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, 
1070                           struct creds_CredentialState *creds, 
1071                           const char *account_domain, const char *account_name, 
1072                           const char *plain_pass,
1073                           int n_subtests)
1074 {
1075         TALLOC_CTX *fn_ctx = talloc_named(mem_ctx, 0, "test_SamLogon function-level context");
1076         int i, v, l, f;
1077         BOOL ret = True;
1078         int validation_levels[] = {2,3,6};
1079         int logon_levels[] = { 2, 6 };
1080         int function_levels[] = { 
1081                 DCERPC_NETR_LOGONSAMLOGON,
1082                 DCERPC_NETR_LOGONSAMLOGONEX,
1083                 DCERPC_NETR_LOGONSAMLOGONWITHFLAGS };
1084         struct samlogon_state samlogon_state;
1085         
1086         printf("testing netr_LogonSamLogon and netr_LogonSamLogonWithFlags\n");
1087         
1088         samlogon_state.account_name = account_name;
1089         samlogon_state.account_domain = account_domain;
1090         samlogon_state.password = plain_pass;
1091         samlogon_state.p = p;
1092         samlogon_state.creds = creds;
1093
1094         samlogon_state.chall = data_blob_talloc(fn_ctx, NULL, 8);
1095
1096         generate_random_buffer(samlogon_state.chall.data, 8);
1097         samlogon_state.r_flags.in.server_name = talloc_asprintf(fn_ctx, "\\\\%s", dcerpc_server_name(p));
1098         samlogon_state.r_flags.in.workstation = TEST_MACHINE_NAME;
1099         samlogon_state.r_flags.in.credential = &samlogon_state.auth;
1100         samlogon_state.r_flags.in.return_authenticator = &samlogon_state.auth2;
1101         samlogon_state.r_flags.in.flags = 0;
1102
1103         samlogon_state.r_ex.in.server_name = talloc_asprintf(fn_ctx, "\\\\%s", dcerpc_server_name(p));
1104         samlogon_state.r_ex.in.workstation = TEST_MACHINE_NAME;
1105         samlogon_state.r_ex.in.flags = 0;
1106
1107         samlogon_state.r.in.server_name = talloc_asprintf(fn_ctx, "\\\\%s", dcerpc_server_name(p));
1108         samlogon_state.r.in.workstation = TEST_MACHINE_NAME;
1109         samlogon_state.r.in.credential = &samlogon_state.auth;
1110         samlogon_state.r.in.return_authenticator = &samlogon_state.auth2;
1111
1112         for (f=0;f<ARRAY_SIZE(function_levels);f++) {
1113                 for (i=0; test_table[i].fn; i++) {
1114                         if (n_subtests && (i > n_subtests)) {
1115                                 continue;
1116                         }
1117                         for (v=0;v<ARRAY_SIZE(validation_levels);v++) {
1118                                 for (l=0;l<ARRAY_SIZE(logon_levels);l++) {
1119                                         char *error_string = NULL;
1120                                         TALLOC_CTX *tmp_ctx = talloc_named(fn_ctx, 0, "test_SamLogon inner loop");
1121                                         samlogon_state.mem_ctx = tmp_ctx;
1122                                         samlogon_state.function_level = function_levels[f];
1123                                         samlogon_state.r.in.validation_level = validation_levels[v];
1124                                         samlogon_state.r.in.logon_level = logon_levels[l];
1125                                         samlogon_state.r_ex.in.validation_level = validation_levels[v];
1126                                         samlogon_state.r_ex.in.logon_level = logon_levels[l];
1127                                         samlogon_state.r_flags.in.validation_level = validation_levels[v];
1128                                         samlogon_state.r_flags.in.logon_level = logon_levels[l];
1129                                         if (!test_table[i].fn(&samlogon_state, &error_string)) {
1130                                                 printf("Testing [%s]\\[%s] '%s' at validation level %d, logon level %d, function %d: \n", 
1131                                                        samlogon_state.account_domain,
1132                                                        samlogon_state.account_name,
1133                                                        test_table[i].name, validation_levels[v], 
1134                                                        logon_levels[l], function_levels[f]);
1135                                                 
1136                                                 if (test_table[i].expect_fail) {
1137                                                         printf(" failed (expected, test incomplete): %s\n", error_string);
1138                                                 } else {
1139                                                         printf(" failed: %s\n", error_string);
1140                                                         ret = False;
1141                                                 }
1142                                                 SAFE_FREE(error_string);
1143                                         }
1144                                         talloc_free(tmp_ctx);
1145                                 }
1146                         }
1147                 }
1148         }
1149         talloc_free(fn_ctx);
1150         return ret;
1151 }
1152
1153 /*
1154   test an ADS style interactive domain logon
1155 */
1156 static BOOL test_InteractiveLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1157                                   struct creds_CredentialState *creds, 
1158                                   const char *account_domain, const char *account_name,
1159                                   const char *plain_pass)
1160 {
1161         NTSTATUS status;
1162         TALLOC_CTX *fn_ctx = talloc_named(mem_ctx, 0, "test_InteractiveLogon function-level context");
1163         struct netr_LogonSamLogonWithFlags r;
1164         struct netr_Authenticator a, ra;
1165         struct netr_PasswordInfo pinfo;
1166
1167         ZERO_STRUCT(a);
1168         ZERO_STRUCT(r);
1169         ZERO_STRUCT(ra);
1170
1171         creds_client_authenticator(creds, &a);
1172
1173         r.in.server_name = talloc_asprintf(fn_ctx, "\\\\%s", dcerpc_server_name(p));
1174         r.in.workstation = TEST_MACHINE_NAME;
1175         r.in.credential = &a;
1176         r.in.return_authenticator = &ra;
1177         r.in.logon_level = 5;
1178         r.in.logon.password = &pinfo;
1179         r.in.validation_level = 6;
1180         r.in.flags = 0;
1181
1182         pinfo.identity_info.domain_name.string = account_domain;
1183         pinfo.identity_info.parameter_control = 0;
1184         pinfo.identity_info.logon_id_low = 0;
1185         pinfo.identity_info.logon_id_high = 0;
1186         pinfo.identity_info.account_name.string = account_name;
1187         pinfo.identity_info.workstation.string = TEST_MACHINE_NAME;
1188
1189         E_deshash(plain_pass, pinfo.lmpassword.hash);
1190         E_md4hash(plain_pass, pinfo.ntpassword.hash);
1191
1192         if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
1193                 creds_arcfour_crypt(creds, pinfo.lmpassword.hash, 16);
1194                 creds_arcfour_crypt(creds, pinfo.ntpassword.hash, 16);
1195         } else {
1196                 creds_des_encrypt(creds, &pinfo.lmpassword);
1197                 creds_des_encrypt(creds, &pinfo.ntpassword);
1198         }
1199
1200         printf("Testing netr_LogonSamLogonWithFlags (Interactive Logon)\n");
1201
1202         status = dcerpc_netr_LogonSamLogonWithFlags(p, fn_ctx, &r);
1203         if (!r.out.return_authenticator || !creds_client_check(creds, &r.out.return_authenticator->cred)) {
1204                 printf("Credential chaining failed\n");
1205                 talloc_free(fn_ctx);
1206                 return False;
1207         }
1208
1209         talloc_free(fn_ctx);
1210
1211         if (!NT_STATUS_IS_OK(status)) {
1212                 printf("[%s]\\[%s] netr_LogonSamLogonWithFlags - %s\n", account_name, account_domain, nt_errstr(status));
1213                 return False;
1214         }
1215
1216         return True;
1217 }
1218
1219
1220
1221 BOOL torture_rpc_samlogon(void)
1222 {
1223         NTSTATUS status;
1224         struct dcerpc_pipe *p;
1225         struct dcerpc_binding *b;
1226         struct cli_credentials *credentials;
1227         TALLOC_CTX *mem_ctx = talloc_init("torture_rpc_netlogon");
1228         BOOL ret = True;
1229         struct test_join *join_ctx;
1230 #if 0
1231         struct test_join *user_ctx;
1232         const char *user_password;
1233 #endif
1234         char *test_machine_account;
1235         const char *machine_password;
1236         const char *binding = lp_parm_string(-1, "torture", "binding");
1237         int i;
1238         int ci;
1239
1240         unsigned int credential_flags[] = {
1241                 NETLOGON_NEG_AUTH2_FLAGS,
1242                 NETLOGON_NEG_ARCFOUR,
1243                 NETLOGON_NEG_ARCFOUR | NETLOGON_NEG_128BIT,
1244                 NETLOGON_NEG_AUTH2_ADS_FLAGS, 
1245                 0 /* yes, this is a valid flag, causes the use of DES */ 
1246         };
1247
1248         struct creds_CredentialState *creds;
1249
1250         struct {
1251                 const char *domain;
1252                 const char *username;
1253                 const char *password;
1254                 BOOL network_login;
1255         } usercreds[] = {
1256                 {
1257                         cli_credentials_get_domain(cmdline_credentials),
1258                         cli_credentials_get_username(cmdline_credentials),
1259                         cli_credentials_get_password(cmdline_credentials),
1260                         True
1261                 },
1262                 {
1263                         NULL,
1264                         talloc_asprintf(mem_ctx, 
1265                                         "%s@%s", 
1266                                         cli_credentials_get_username(cmdline_credentials),
1267                                         cli_credentials_get_domain(cmdline_credentials)
1268                                 ),
1269                         cli_credentials_get_password(cmdline_credentials),
1270                         False
1271                 },
1272                 {
1273                         NULL,
1274                         talloc_asprintf(mem_ctx, 
1275                                         "%s@%s", 
1276                                         cli_credentials_get_username(cmdline_credentials),
1277                                         cli_credentials_get_realm(cmdline_credentials)
1278                                 ),
1279                         cli_credentials_get_password(cmdline_credentials),
1280                         True
1281                 },
1282 #if 0
1283                 {       
1284                         lp_parm_string(-1, "torture", "userdomain"),
1285                         TEST_USER_NAME,
1286                         NULL,
1287                         True
1288                 },
1289                 {
1290                         NULL,
1291                         talloc_asprintf(mem_ctx, 
1292                                         "%s@%s", 
1293                                         TEST_USER_NAME,
1294                                         lp_realm()),
1295                         NULL,
1296                         True
1297                 },
1298                 {
1299                         NULL,
1300                         talloc_asprintf(mem_ctx, 
1301                                         "%s@%s", 
1302                                         TEST_USER_NAME,
1303                                         lp_parm_string(-1, "torture", "userdomain")),
1304                         NULL,
1305                         False
1306                 }
1307 #endif
1308         };
1309                 
1310         credentials = cli_credentials_init(mem_ctx);
1311
1312         test_machine_account = talloc_asprintf(mem_ctx, "%s$", TEST_MACHINE_NAME);
1313         /* We only need to join as a workstation here, and in future,
1314          * if we wish to test against trusted domains, we must be a
1315          * workstation here */
1316         join_ctx = torture_create_testuser(test_machine_account, lp_workgroup(), ACB_WSTRUST, 
1317                                            &machine_password);
1318         if (!join_ctx) {
1319                 printf("Failed to join as Workstation\n");
1320                 return False;
1321         }
1322 #if 0
1323         user_ctx = torture_create_testuser(TEST_USER_NAME,
1324                                            lp_parm_string(-1, "torture", "userdomain"),
1325                                            ACB_NORMAL, 
1326                                            &user_password);
1327         if (!user_ctx) {
1328                 printf("Failed to join as Workstation\n");
1329                 return False;
1330         }
1331
1332         usercreds[3].password = user_password;
1333         usercreds[4].password = user_password;
1334         usercreds[5].password = user_password;
1335 #endif
1336
1337         status = dcerpc_parse_binding(mem_ctx, binding, &b);
1338         if (!NT_STATUS_IS_OK(status)) {
1339                 printf("Bad binding string %s\n", binding);
1340                 ret = False;
1341                 goto failed;
1342         }
1343
1344         /* We have to use schannel, otherwise the SamLogonEx fails
1345          * with INTERNAL_ERROR */
1346
1347         b->flags &= ~DCERPC_AUTH_OPTIONS;
1348         b->flags |= DCERPC_SCHANNEL | DCERPC_SIGN | DCERPC_SCHANNEL_128;
1349
1350         cli_credentials_set_workstation(credentials, TEST_MACHINE_NAME, CRED_SPECIFIED);
1351         cli_credentials_set_domain(credentials, lp_workgroup(), CRED_SPECIFIED);
1352         cli_credentials_set_username(credentials, test_machine_account, CRED_SPECIFIED);
1353         cli_credentials_set_password(credentials, machine_password, CRED_SPECIFIED);
1354         cli_credentials_set_secure_channel_type(credentials,
1355                                                 SEC_CHAN_WKSTA);
1356
1357         status = dcerpc_pipe_connect_b(mem_ctx, &p, b, 
1358                                        DCERPC_NETLOGON_UUID,
1359                                        DCERPC_NETLOGON_VERSION,
1360                                        credentials);
1361
1362         if (!NT_STATUS_IS_OK(status)) {
1363                 printf("RPC pipe connect as domain member failed: %s\n", nt_errstr(status));
1364                 ret = False;
1365                 goto failed;
1366         }
1367
1368         status = dcerpc_schannel_creds(p->conn->security_state.generic_state, mem_ctx, &creds);
1369         if (!NT_STATUS_IS_OK(status)) {
1370                 ret = False;
1371                 goto failed;
1372         }
1373
1374         for (ci = 0; ci < ARRAY_SIZE(usercreds); ci++) {
1375                 
1376                 if (!test_InteractiveLogon(p, mem_ctx, creds,
1377                                            usercreds[ci].domain,
1378                                            usercreds[ci].username,
1379                                            usercreds[ci].password)) {
1380                         ret = False;
1381                 }
1382                 
1383                 if (usercreds[ci].network_login) {
1384                         if (!test_SamLogon(p, mem_ctx, creds, 
1385                                            usercreds[ci].domain,
1386                                            usercreds[ci].username,
1387                                            usercreds[ci].password,
1388                                            0)) {
1389                                 ret = False;
1390                         }
1391                 }
1392         }
1393
1394         for (i=0; i < ARRAY_SIZE(credential_flags); i++) {
1395                 
1396                 for (ci = 0; ci < ARRAY_SIZE(usercreds); ci++) {
1397                         
1398                         if (!test_InteractiveLogon(p, mem_ctx, creds,
1399                                                    usercreds[ci].domain,
1400                                                    usercreds[ci].username,
1401                                                    usercreds[ci].password)) {
1402                                 ret = False;
1403                         }
1404                         
1405                         if (usercreds[ci].network_login) {
1406                                 if (!test_SamLogon(p, mem_ctx, creds, 
1407                                                    usercreds[ci].domain,
1408                                                    usercreds[ci].username,
1409                                                    usercreds[ci].password,
1410                                                    1)) {
1411                                         ret = False;
1412                                 }
1413                         }
1414                 }
1415         }
1416
1417 failed:
1418         talloc_free(mem_ctx);
1419
1420         torture_leave_domain(join_ctx);
1421 #if 0
1422         torture_leave_domain(user_ctx);
1423 #endif
1424         return ret;
1425 }