#include "librpc/gen_ndr/ndr_netlogon.h"
#include "auth/auth.h"
#include "lib/crypto/crypto.h"
+#include "lib/cmdline/popt_common.h"
#define TEST_MACHINE_NAME "samlogontest"
#define TEST_USER_NAME "samlogontestuser"
const char *plain_pass,
int n_subtests)
{
+ TALLOC_CTX *fn_ctx = talloc_named(mem_ctx, 0, "test_SamLogon function-level context");
int i, v, l, f;
BOOL ret = True;
int validation_levels[] = {2,3,6};
printf("testing netr_LogonSamLogon and netr_LogonSamLogonWithFlags\n");
- samlogon_state.mem_ctx = mem_ctx;
samlogon_state.account_name = account_name;
samlogon_state.account_domain = account_domain;
samlogon_state.password = plain_pass;
samlogon_state.p = p;
samlogon_state.creds = creds;
- samlogon_state.chall = data_blob_talloc(mem_ctx, NULL, 8);
+ samlogon_state.chall = data_blob_talloc(fn_ctx, NULL, 8);
generate_random_buffer(samlogon_state.chall.data, 8);
- samlogon_state.r_flags.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
+ samlogon_state.r_flags.in.server_name = talloc_asprintf(fn_ctx, "\\\\%s", dcerpc_server_name(p));
samlogon_state.r_flags.in.workstation = TEST_MACHINE_NAME;
samlogon_state.r_flags.in.credential = &samlogon_state.auth;
samlogon_state.r_flags.in.return_authenticator = &samlogon_state.auth2;
samlogon_state.r_flags.in.flags = 0;
- samlogon_state.r_ex.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
+ samlogon_state.r_ex.in.server_name = talloc_asprintf(fn_ctx, "\\\\%s", dcerpc_server_name(p));
samlogon_state.r_ex.in.workstation = TEST_MACHINE_NAME;
samlogon_state.r_ex.in.flags = 0;
- samlogon_state.r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
+ samlogon_state.r.in.server_name = talloc_asprintf(fn_ctx, "\\\\%s", dcerpc_server_name(p));
samlogon_state.r.in.workstation = TEST_MACHINE_NAME;
samlogon_state.r.in.credential = &samlogon_state.auth;
samlogon_state.r.in.return_authenticator = &samlogon_state.auth2;
for (v=0;v<ARRAY_SIZE(validation_levels);v++) {
for (l=0;l<ARRAY_SIZE(logon_levels);l++) {
char *error_string = NULL;
+ TALLOC_CTX *tmp_ctx = talloc_named(fn_ctx, 0, "test_SamLogon inner loop");
+ samlogon_state.mem_ctx = tmp_ctx;
samlogon_state.function_level = function_levels[f];
samlogon_state.r.in.validation_level = validation_levels[v];
samlogon_state.r.in.logon_level = logon_levels[l];
}
SAFE_FREE(error_string);
}
+ talloc_free(tmp_ctx);
}
}
}
}
-
+ talloc_free(fn_ctx);
return ret;
}
const char *plain_pass)
{
NTSTATUS status;
+ TALLOC_CTX *fn_ctx = talloc_named(mem_ctx, 0, "test_InteractiveLogon function-level context");
struct netr_LogonSamLogonWithFlags r;
struct netr_Authenticator a, ra;
struct netr_PasswordInfo pinfo;
creds_client_authenticator(creds, &a);
- r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
+ r.in.server_name = talloc_asprintf(fn_ctx, "\\\\%s", dcerpc_server_name(p));
r.in.workstation = TEST_MACHINE_NAME;
r.in.credential = &a;
r.in.return_authenticator = &ra;
printf("Testing netr_LogonSamLogonWithFlags (Interactive Logon)\n");
- status = dcerpc_netr_LogonSamLogonWithFlags(p, mem_ctx, &r);
+ status = dcerpc_netr_LogonSamLogonWithFlags(p, fn_ctx, &r);
if (!r.out.return_authenticator || !creds_client_check(creds, &r.out.return_authenticator->cred)) {
printf("Credential chaining failed\n");
+ talloc_free(fn_ctx);
return False;
}
+ talloc_free(fn_ctx);
+
if (!NT_STATUS_IS_OK(status)) {
- printf("netr_LogonSamLogonWithFlags - %s\n", nt_errstr(status));
+ printf("[%s]\\[%s] netr_LogonSamLogonWithFlags - %s\n", account_name, account_domain, nt_errstr(status));
return False;
}
NTSTATUS status;
struct dcerpc_pipe *p;
struct dcerpc_binding *b;
+ struct cli_credentials *credentials;
TALLOC_CTX *mem_ctx = talloc_init("torture_rpc_netlogon");
BOOL ret = True;
struct test_join *join_ctx;
BOOL network_login;
} usercreds[] = {
{
- lp_parm_string(-1, "torture", "userdomain"),
- lp_parm_string(-1, "torture", "username"),
- lp_parm_string(-1, "torture", "password"),
+ cli_credentials_get_domain(cmdline_credentials),
+ cli_credentials_get_username(cmdline_credentials),
+ cli_credentials_get_password(cmdline_credentials),
+ True
+ },
+ {
+ cli_credentials_get_realm(cmdline_credentials),
+ cli_credentials_get_username(cmdline_credentials),
+ cli_credentials_get_password(cmdline_credentials),
True
},
{
NULL,
talloc_asprintf(mem_ctx,
"%s@%s",
- lp_parm_string(-1, "torture", "username"),
- lp_parm_string(-1, "torture", "userdomain")),
- lp_parm_string(-1, "torture", "password"),
+ cli_credentials_get_username(cmdline_credentials),
+ cli_credentials_get_domain(cmdline_credentials)
+ ),
+ cli_credentials_get_password(cmdline_credentials),
False
},
{
NULL,
talloc_asprintf(mem_ctx,
"%s@%s",
- lp_parm_string(-1, "torture", "username"),
- lp_realm()),
- lp_parm_string(-1, "torture", "password"),
+ cli_credentials_get_username(cmdline_credentials),
+ cli_credentials_get_realm(cmdline_credentials)
+ ),
+ cli_credentials_get_password(cmdline_credentials),
True
},
#if 0
#endif
};
+ credentials = cli_credentials_init(mem_ctx);
+
test_machine_account = talloc_asprintf(mem_ctx, "%s$", TEST_MACHINE_NAME);
/* We only need to join as a workstation here, and in future,
* if we wish to test against trusted domains, we must be a
* with INTERNAL_ERROR */
b->flags &= ~DCERPC_AUTH_OPTIONS;
- b->flags |= DCERPC_SCHANNEL_WORKSTATION | DCERPC_SIGN | DCERPC_SCHANNEL_128;
+ b->flags |= DCERPC_SCHANNEL | DCERPC_SIGN | DCERPC_SCHANNEL_128;
- status = dcerpc_pipe_connect_b(&p, b,
+ cli_credentials_set_workstation(credentials, TEST_MACHINE_NAME, CRED_SPECIFIED);
+ cli_credentials_set_domain(credentials, lp_workgroup(), CRED_SPECIFIED);
+ cli_credentials_set_username(credentials, test_machine_account, CRED_SPECIFIED);
+ cli_credentials_set_password(credentials, machine_password, CRED_SPECIFIED);
+ cli_credentials_set_secure_channel_type(credentials,
+ SEC_CHAN_WKSTA);
+
+ status = dcerpc_pipe_connect_b(mem_ctx, &p, b,
DCERPC_NETLOGON_UUID,
DCERPC_NETLOGON_VERSION,
- TEST_MACHINE_NAME,
- lp_workgroup(),
- test_machine_account,
- machine_password);
+ credentials);
if (!NT_STATUS_IS_OK(status)) {
+ printf("RPC pipe connect as domain member failed: %s\n", nt_errstr(status));
ret = False;
goto failed;
}
failed:
talloc_free(mem_ctx);
- torture_rpc_close(p);
-
torture_leave_domain(join_ctx);
#if 0
torture_leave_domain(user_ctx);