git.samba.org / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b57b600)
CVE-2020-1472(ZeroLogon): s4:torture/rpc: make use of netlogon_creds_random_challenge()
authorStefan Metzmacher <metze@samba.org>
Wed, 16 Sep 2020 14:07:30 +0000 (16:07 +0200)
committerStefan Metzmacher <metze@samba.org>
Fri, 18 Sep 2020 11:27:15 +0000 (13:27 +0200)
This will avoid getting flakey tests once our server starts to
reject weak challenges.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Signed-off-by: Stefan Metzmacher <metze@samba.org>
source4/torture/rpc/lsa.c patch | blob | history
source4/torture/rpc/netlogon.c patch | blob | history

diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c
index c342b4e67e669a308ca73b43373e746e841ef75b..908ea08019c5efde01190bf899665af4db8782d4 100644 (file)
--- a/source4/torture/rpc/lsa.c
+++ b/source4/torture/rpc/lsa.c
@@ -2872,7 +2872,7 @@ static bool check_pw_with_ServerAuthenticate3(struct dcerpc_pipe *p,
        r.in.credentials = &credentials1;
        r.out.return_credentials = &credentials2;
 
-       generate_random_buffer(credentials1.data, sizeof(credentials1.data));
+       netlogon_creds_random_challenge(&credentials1);
 
        torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b, tctx, &r),
                "ServerReqChallenge failed");
diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c
index 65188d2dc8569d17122b79b7629b8f540a075b9b..826793717e7415dd082fb06cb0234c9d31ace534 100644 (file)
--- a/source4/torture/rpc/netlogon.c
+++ b/source4/torture/rpc/netlogon.c
@@ -160,7 +160,7 @@ bool test_SetupCredentials(struct dcerpc_pipe *p, struct torture_context *tctx,
        r.in.credentials = &credentials1;
        r.out.return_credentials = &credentials2;
 
-       generate_random_buffer(credentials1.data, sizeof(credentials1.data));
+       netlogon_creds_random_challenge(&credentials1);
 
        torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b, tctx, &r),
                "ServerReqChallenge failed");
@@ -229,7 +229,7 @@ bool test_SetupCredentials2ex(struct dcerpc_pipe *p, struct torture_context *tct
        r.in.credentials = &credentials1;
        r.out.return_credentials = &credentials2;
 
-       generate_random_buffer(credentials1.data, sizeof(credentials1.data));
+       netlogon_creds_random_challenge(&credentials1);
 
        torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b, tctx, &r),
                "ServerReqChallenge failed");
@@ -324,7 +324,7 @@ bool test_SetupCredentials3(struct dcerpc_pipe *p, struct torture_context *tctx,
        r.in.credentials = &credentials1;
        r.out.return_credentials = &credentials2;
 
-       generate_random_buffer(credentials1.data, sizeof(credentials1.data));
+       netlogon_creds_random_challenge(&credentials1);
 
        torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b, tctx, &r),
                "ServerReqChallenge failed");
@@ -396,7 +396,7 @@ bool test_SetupCredentialsDowngrade(struct torture_context *tctx,
        r.in.credentials = &credentials1;
        r.out.return_credentials = &credentials2;
 
-       generate_random_buffer(credentials1.data, sizeof(credentials1.data));
+       netlogon_creds_random_challenge(&credentials1);
 
        torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b, tctx, &r),
                "ServerReqChallenge failed");
@@ -1283,7 +1283,7 @@ static bool test_ServerReqChallengeGlobal(struct torture_context *tctx,
        r.in.credentials = &credentials1;
        r.out.return_credentials = &credentials2;
 
-       generate_random_buffer(credentials1.data, sizeof(credentials1.data));
+       netlogon_creds_random_challenge(&credentials1);
 
        torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b1, tctx, &r),
                "ServerReqChallenge failed on b1");
@@ -1372,7 +1372,7 @@ static bool test_ServerReqChallengeReuseGlobal(struct torture_context *tctx,
        r.in.credentials = &credentials1;
        r.out.return_credentials = &credentials2;
 
-       generate_random_buffer(credentials1.data, sizeof(credentials1.data));
+       netlogon_creds_random_challenge(&credentials1);
 
        torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b1, tctx, &r),
                "ServerReqChallenge failed on b1");
@@ -1461,7 +1461,7 @@ static bool test_ServerReqChallengeReuseGlobal2(struct torture_context *tctx,
        r.in.credentials = &credentials1;
        r.out.return_credentials = &credentials2;
 
-       generate_random_buffer(credentials1.data, sizeof(credentials1.data));
+       netlogon_creds_random_challenge(&credentials1);
 
        torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b1, tctx, &r),
                "ServerReqChallenge failed on b1");
@@ -1551,7 +1551,7 @@ static bool test_ServerReqChallengeReuseGlobal3(struct torture_context *tctx,
        r.in.credentials = &credentials1;
        r.out.return_credentials = &credentials2;
 
-       generate_random_buffer(credentials1.data, sizeof(credentials1.data));
+       netlogon_creds_random_challenge(&credentials1);
 
        torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b1, tctx, &r),
                "ServerReqChallenge failed on b1");
@@ -1643,8 +1643,7 @@ static bool test_ServerReqChallengeReuseGlobal4(struct torture_context *tctx,
        r.in.credentials = &credentials1_random;
        r.out.return_credentials = &credentials_discard;
 
-       generate_random_buffer(credentials1_random.data,
-                              sizeof(credentials1_random.data));
+       netlogon_creds_random_challenge(&credentials1_random);
 
        torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b1, tctx, &r),
                "ServerReqChallenge failed on b1");
@@ -1656,7 +1655,7 @@ static bool test_ServerReqChallengeReuseGlobal4(struct torture_context *tctx,
        r.in.credentials = &credentials1;
        r.out.return_credentials = &credentials2;
 
-       generate_random_buffer(credentials1.data, sizeof(credentials1.data));
+       netlogon_creds_random_challenge(&credentials1);
 
        torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b1, tctx, &r),
                "ServerReqChallenge failed on b1");
@@ -1667,16 +1666,7 @@ static bool test_ServerReqChallengeReuseGlobal4(struct torture_context *tctx,
        r.in.credentials = &credentials1_random;
        r.out.return_credentials = &credentials_discard;
 
-       generate_random_buffer(credentials1_random.data,
-                              sizeof(credentials1_random.data));
-
-       r.in.server_name = NULL;
-       r.in.computer_name = "CHALTEST3";
-       r.in.credentials = &credentials1_random;
-       r.out.return_credentials = &credentials_discard;
-
-       generate_random_buffer(credentials1_random.data,
-                              sizeof(credentials1_random.data));
+       netlogon_creds_random_challenge(&credentials1_random);
 
        torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b1, tctx, &r),
                "ServerReqChallenge failed on b1");
@@ -1752,7 +1742,7 @@ static bool test_ServerReqChallengeReuse(struct torture_context *tctx,
        r.in.credentials = &credentials1;
        r.out.return_credentials = &credentials2;
 
-       generate_random_buffer(credentials1.data, sizeof(credentials1.data));
+       netlogon_creds_random_challenge(&credentials1);
 
        torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b, tctx, &r),
                "ServerReqChallenge");
Samba Shared Repository