r610: - Merge the Samba3 'ntlm_auth --diagnostics' testsuite to Samba4.
authorAndrew Bartlett <abartlet@samba.org>
Sun, 9 May 2004 12:42:18 +0000 (12:42 +0000)
committerGerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 17:51:51 +0000 (12:51 -0500)
  - This required using NETLOGON_NEG_AUTH2_FLAGS for the
    SetupCredentials2 negotiation flags, which is what Samba3 does,
    because otherwise the server uses different crypto.
  - This tests the returned session keys, which we decrypt.

 - Update the Samba4 notion of a 'session key' to be a DATA_BLOB in
   most places.

 - Fix session key code to return NT_STATUS_NO_SESSION_KEY if none is
   available.

 - Remove a useless argument to SMBsesskeygen_ntv1

 - move netr_CredentialState from the .idl to the new credentials.h

Andrew Bartlett

17 files changed:
source/include/cli_context.h
source/include/includes.h
source/libcli/auth/credentials.c
source/libcli/auth/credentials.h [new file with mode: 0644]
source/libcli/auth/ntlm_check.c
source/libcli/auth/ntlmssp.c
source/libcli/raw/clisession.c
source/libcli/raw/clitransport.c
source/libcli/raw/smb_signing.c
source/libcli/util/smbdes.c
source/libcli/util/smbencrypt.c
source/librpc/idl/netlogon.idl
source/librpc/rpc/dcerpc.h
source/librpc/rpc/dcerpc_ntlm.c
source/librpc/rpc/dcerpc_schannel.c
source/librpc/rpc/dcerpc_util.c
source/torture/rpc/netlogon.c

index 0e817c3cb0704e48c5bd4b47850c0a882f669d73..9cd36d0c35466bcb1c685bc47735ed2a790b8770 100644 (file)
@@ -66,10 +66,6 @@ struct cli_negotiate {
        unsigned int writebraw_supported:1;
 
        const char *server_domain;
-
-       /* remember the session key for data encryption in various sub-protocols
-          such as LSA */
-       uint8 user_session_key[16];
 };
        
 /* this is the context for a SMB socket associated with the socket itself */
@@ -189,6 +185,8 @@ struct cli_session {
 
        /* default pid for this session */
        uint32 pid;
+
+       DATA_BLOB user_session_key;
 };
 
 /* 
index 622b68b1af08520b95312a5c8d0af10068ad8425..de06b4d8a532fc296954163e39736c97ca763d16 100644 (file)
@@ -709,6 +709,7 @@ extern int errno;
 #include "hmacmd5.h"
 
 #include "libcli/auth/ntlmssp.h"
+#include "libcli/auth/credentials.h"
 #include "libcli/auth/schannel.h"
 
 #include "auth/auth.h"
index acc083d57f769191c9907ea7df41220b83cbddf8..638bff7e8ba7c79c726e5dfd3cffffd79c4c80df 100644 (file)
@@ -27,7 +27,7 @@
 
   this call is made after the netr_ServerReqChallenge call
 */
-static void creds_init(struct netr_CredentialState *creds,
+static void creds_init(struct creds_CredentialState *creds,
                       const struct netr_Credential *client_challenge,
                       const struct netr_Credential *server_challenge,
                       const uint8 machine_password[16])
@@ -48,11 +48,11 @@ static void creds_init(struct netr_CredentialState *creds,
 
        SIVAL(time_cred.data, 0, IVAL(client_challenge->data, 0));
        SIVAL(time_cred.data, 4, IVAL(client_challenge->data, 4));
-       cred_hash2(creds->client.data, time_cred.data, creds->session_key);
+       cred_hash2(creds->client.data, time_cred.data, creds->session_key, 1);
 
        SIVAL(time_cred.data, 0, IVAL(server_challenge->data, 0));
        SIVAL(time_cred.data, 4, IVAL(server_challenge->data, 4));
-       cred_hash2(creds->server.data, time_cred.data, creds->session_key);
+       cred_hash2(creds->server.data, time_cred.data, creds->session_key, 1);
 
        creds->seed = creds->client;
 }
@@ -62,7 +62,7 @@ static void creds_init(struct netr_CredentialState *creds,
   step the credentials to the next element in the chain, updating the
   current client and server credentials and the seed
 */
-static void creds_step(struct netr_CredentialState *creds)
+static void creds_step(struct creds_CredentialState *creds)
 {
        struct netr_Credential time_cred;
 
@@ -76,7 +76,7 @@ static void creds_step(struct netr_CredentialState *creds)
 
        DEBUG(5,("\tseed+time   %08x:%08x\n", IVAL(time_cred.data, 0), IVAL(time_cred.data, 4)));
 
-       cred_hash2(creds->client.data, time_cred.data, creds->session_key);
+       cred_hash2(creds->client.data, time_cred.data, creds->session_key, 1);
 
        DEBUG(5,("\tCLIENT      %08x:%08x\n", 
                 IVAL(creds->client.data, 0), IVAL(creds->client.data, 4)));
@@ -87,7 +87,7 @@ static void creds_step(struct netr_CredentialState *creds)
        DEBUG(5,("\tseed+time+1 %08x:%08x\n", 
                 IVAL(time_cred.data, 0), IVAL(time_cred.data, 4)));
 
-       cred_hash2(creds->server.data, time_cred.data, creds->session_key);
+       cred_hash2(creds->server.data, time_cred.data, creds->session_key, 1);
 
        DEBUG(5,("\tSERVER      %08x:%08x\n", 
                 IVAL(creds->server.data, 0), IVAL(creds->server.data, 4)));
@@ -95,7 +95,30 @@ static void creds_step(struct netr_CredentialState *creds)
        creds->seed = time_cred;
 }
 
+/*
+  DES encrypt a 16 byte password buffer using the session key
+*/
+void creds_des_encrypt(struct creds_CredentialState *creds, struct netr_Password *pass)
+{
+       struct netr_Password tmp;
+       cred_hash3(tmp.data, pass->data, creds->session_key, 1);
+       *pass = tmp;
+}
+
+/*
+  ARCFOUR encrypt/decrypt a password buffer using the session key
+*/
+void creds_arcfour_crypt(struct creds_CredentialState *creds, char *data, size_t len)
+{
+       DATA_BLOB session_key = data_blob(NULL, 16);
+       
+       memcpy(&session_key.data[0], creds->session_key, 8);
+       memset(&session_key.data[8], '\0', 8);
+
+       SamOEMhashBlob(data, len, &session_key);
 
+       data_blob_free(&session_key);
+}
 
 /*****************************************************************
 The above functions are common to the client and server interface
@@ -106,7 +129,7 @@ next comes the client specific functions
   initialise the credentials chain and return the first client
   credentials
 */
-void creds_client_init(struct netr_CredentialState *creds,
+void creds_client_init(struct creds_CredentialState *creds,
                       const struct netr_Credential *client_challenge,
                       const struct netr_Credential *server_challenge,
                       const uint8 machine_password[16],
@@ -120,7 +143,7 @@ void creds_client_init(struct netr_CredentialState *creds,
 /*
   check that a credentials reply from a server is correct
 */
-BOOL creds_client_check(struct netr_CredentialState *creds,
+BOOL creds_client_check(struct creds_CredentialState *creds,
                        const struct netr_Credential *received_credentials)
 {
        if (memcmp(received_credentials->data, creds->server.data, 8) != 0) {
@@ -134,7 +157,7 @@ BOOL creds_client_check(struct netr_CredentialState *creds,
   produce the next authenticator in the sequence ready to send to 
   the server
 */
-void creds_client_authenticator(struct netr_CredentialState *creds,
+void creds_client_authenticator(struct creds_CredentialState *creds,
                                struct netr_Authenticator *next)
 {
        creds_step(creds);
@@ -144,12 +167,3 @@ void creds_client_authenticator(struct netr_CredentialState *creds,
 }
 
 
-/*
-  encrypt a 16 byte password buffer using the session key
-*/
-void creds_client_encrypt(struct netr_CredentialState *creds, struct netr_Password *pass)
-{
-       struct netr_Password tmp;
-       cred_hash3(tmp.data, pass->data, creds->session_key, 1);
-       *pass = tmp;
-}
diff --git a/source/libcli/auth/credentials.h b/source/libcli/auth/credentials.h
new file mode 100644 (file)
index 0000000..7a7a34c
--- /dev/null
@@ -0,0 +1,29 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   code to manipulate domain credentials
+
+   Copyright (C) Andrew Tridgell 2004
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+struct creds_CredentialState {
+       uint8 session_key[8];
+       uint32 sequence;
+       struct netr_Credential seed;
+       struct netr_Credential client;
+       struct netr_Credential server;
+};
index a7764f9e98639945a1af6a952cd56cd39e03c369..32a7507c1fbc0228b17918af0a8fa3aca8445df1 100644 (file)
@@ -59,7 +59,7 @@ static BOOL smb_pwd_check_ntlmv1(const DATA_BLOB *nt_response,
        SMBOWFencrypt(part_passwd, sec_blob->data, p24);
        if (user_sess_key != NULL) {
                *user_sess_key = data_blob(NULL, 16);
-               SMBsesskeygen_ntv1(part_passwd, NULL, user_sess_key->data);
+               SMBsesskeygen_ntv1(part_passwd, user_sess_key->data);
        }
        
        
@@ -195,7 +195,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
                if (memcmp(nt_interactive_pwd->data, nt_pw, 16) == 0) {
                        if (user_sess_key) {
                                *user_sess_key = data_blob(NULL, 16);
-                               SMBsesskeygen_ntv1(nt_pw, NULL, user_sess_key->data);
+                               SMBsesskeygen_ntv1(nt_pw, user_sess_key->data);
                        }
                        return NT_STATUS_OK;
                } else {
index 161a15023a1dda4691dba213e46505ea8448f480..9513d5a138afd1a3fd0174dd7aba5fb906022efc 100644 (file)
@@ -1093,7 +1093,7 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state,
 
                session_key = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 16);
 
-               SMBsesskeygen_ntv1(nt_hash, NULL, user_session_key);
+               SMBsesskeygen_ntv1(nt_hash, user_session_key);
                hmac_md5(user_session_key, session_nonce, sizeof(session_nonce), session_key.data);
                dump_data_pw("NTLM2 session key:\n", session_key.data, session_key.length);
 
@@ -1108,7 +1108,7 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state,
                                     nt_response.data);
                        E_md4hash(ntlmssp_state->password, nt_hash);
                        session_key = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 16);
-                       SMBsesskeygen_ntv1(nt_hash, NULL, session_key.data);
+                       SMBsesskeygen_ntv1(nt_hash, session_key.data);
                        dump_data_pw("NT session key:\n", session_key.data, session_key.length);
                }
 
index 1c0af77d11dddea5e79f0fc7860111b7c76ef95a..fe64565597a5582eb301911aba6f21f56aa666ec 100644 (file)
@@ -234,22 +234,34 @@ static DATA_BLOB nt_blob(const char *pass, DATA_BLOB challenge)
        return blob;
 }
 
+/*
+  store the user session key for a transport
+*/
+void cli_session_set_user_session_key(struct cli_session *session,
+                                  const DATA_BLOB *session_key)
+{
+       session->user_session_key = data_blob_talloc(session->mem_ctx, 
+                                                    session_key->data, 
+                                                    session_key->length);
+}
+
 /*
   setup signing for a NT1 style session setup
 */
-static void setup_nt1_signing(struct cli_transport *transport, const char *password)
+static void use_nt1_session_keys(struct cli_session *session, 
+                                const char *password, const DATA_BLOB  *nt_response)
 {
+       struct cli_transport *transport = session->transport; 
        uchar nt_hash[16];
-       uchar session_key[16];
-       DATA_BLOB nt_response;
+       DATA_BLOB session_key = data_blob(NULL, 16);
 
        E_md4hash(password, nt_hash);
-       SMBsesskeygen_ntv1(nt_hash, NULL, session_key);
-       nt_response = nt_blob(password, transport->negotiate.secblob);
+       SMBsesskeygen_ntv1(nt_hash, session_key.data);
 
-       cli_transport_set_session_key(transport, session_key);
+       cli_transport_simple_set_signing(transport, session_key, *nt_response);
 
-       cli_transport_simple_set_signing(transport, session_key, nt_response);
+       cli_session_set_user_session_key(session, &session_key);
+       data_blob_free(&session_key);
 }
 
 /****************************************************************************
@@ -332,7 +344,8 @@ static NTSTATUS smb_raw_session_setup_generic_nt1(struct cli_session *session,
                                                  session->transport->negotiate.secblob);
                s2.nt1.in.password2 = nt_blob(parms->generic.in.password, 
                                              session->transport->negotiate.secblob);
-               setup_nt1_signing(session->transport, parms->generic.in.password);
+               use_nt1_session_keys(session, parms->generic.in.password, &s2.nt1.in.password2);
+
        } else {
                s2.nt1.in.password1 = data_blob(parms->generic.in.password, 
                                                strlen(parms->generic.in.password));
index b8eef65c7f205866512e08e62eb7a44ceac7350d..72cad2e9251d1b207995926d74a4bdbb6641e6f0 100644 (file)
@@ -231,11 +231,3 @@ BOOL cli_transport_select(struct cli_transport *transport)
        return True;
 }
 
-/*
-  store the user session key for a transport
-*/
-void cli_transport_set_session_key(struct cli_transport *transport,
-                                  const uint8 session_key[16])
-{
-       memcpy(transport->negotiate.user_session_key, session_key, 16);
-}
index 2ab61aa001ef7425448dbb5caba994257c5731b0..5f47a5e42a74195215e769a50db8148818030079 100644 (file)
@@ -220,7 +220,8 @@ static void cli_transport_simple_free_signing_context(struct cli_transport *tran
  SMB signing - Simple implementation - setup the MAC key.
 ************************************************************/
 BOOL cli_transport_simple_set_signing(struct cli_transport *transport,
-                                     const uchar user_transport_key[16], const DATA_BLOB response)
+                                     const DATA_BLOB user_session_key, 
+                                     const DATA_BLOB response)
 {
        struct smb_basic_signing_context *data;
 
@@ -235,10 +236,13 @@ BOOL cli_transport_simple_set_signing(struct cli_transport *transport,
        data = smb_xmalloc(sizeof(*data));
        transport->negotiate.sign_info.signing_context = data;
        
-       data->mac_key = data_blob(NULL, MIN(response.length + 16, 40));
+       data->mac_key = data_blob(NULL, response.length + user_session_key.length);
 
-       memcpy(&data->mac_key.data[0], user_transport_key, 16);
-       memcpy(&data->mac_key.data[16],response.data, MIN(response.length, 40 - 16));
+       memcpy(&data->mac_key.data[0], user_session_key.data, user_session_key.length);
+
+       if (response.length) {
+               memcpy(&data->mac_key.data[user_session_key.length],response.data, response.length);
+       }
 
        /* Initialise the sequence number */
        data->next_seq_num = 0;
index 80b938b460102a330a0948f634b4a8bb39ee1a3d..22bafcb449d2a0c7eab75ae9e5e64da85570a51c 100644 (file)
@@ -338,14 +338,14 @@ void cred_hash1(unsigned char *out, const unsigned char *in, const unsigned char
        smbhash(out, buf, key+9, 1);
 }
 
-void cred_hash2(unsigned char *out, const unsigned char *in, const unsigned char *key)
+void cred_hash2(unsigned char *out, const unsigned char *in, const unsigned char *key, int forw)
 {
        unsigned char buf[8];
        unsigned char key2[8];
        ZERO_STRUCT(key2);
-       smbhash(buf, in, key, 1);
+       smbhash(buf, in, key, forw);
        key2[0] = key[7];
-       smbhash(out, buf, key2, 1);
+       smbhash(out, buf, key2, forw);
 }
 
 void cred_hash3(unsigned char *out, unsigned char *in, const unsigned char *key, int forw)
@@ -401,12 +401,11 @@ void SamOEMhashBlob(unsigned char *data, int len, const DATA_BLOB *key)
 */
 void SamOEMhash(unsigned char *data, const unsigned char keystr[16], int len)
 {
-       DATA_BLOB key;
-
-       key.length = 16;
-       key.data = keystr;
+       DATA_BLOB key = data_blob(keystr, 16);
        
        SamOEMhashBlob(data, len, &key);
+
+       data_blob_free(&key);
 }
 
 
index cefd01bf1c90a3151a1713c20e27bffdaba77fb0..5468bdbebecdbb7c8655b1d2f3eb458b51a79e09 100644 (file)
@@ -255,8 +255,7 @@ void SMBsesskeygen_ntv2(const uchar kr[16],
 #endif
 }
 
-void SMBsesskeygen_ntv1(const uchar kr[16],
-                       const uchar * nt_resp, uint8 sess_key[16])
+void SMBsesskeygen_ntv1(const uchar kr[16], uint8 sess_key[16])
 {
        /* yes, this session key does not change - yes, this 
           is a problem - but it is 128 bits */
index 399bd6c543a2af696f2fc64d757c89cce1ee2631..24961aa362d932a9eeee607566824eff78711e11 100644 (file)
@@ -68,14 +68,6 @@ interface netlogon
                uint8 data[8];
        } netr_Credential;
 
-       typedef [flag(NDR_PAHEX)] struct {
-               uint8 session_key[8];
-               uint32 sequence;
-               netr_Credential seed;
-               netr_Credential client;
-               netr_Credential server;
-       } netr_CredentialState;
-
        typedef struct {
                [value(strlen_m(r->string)*2)] uint16 size;
                [value(r->size)]               uint16 length;
index c79d14bec06ac901abc775b4c2f33dc18353f844..5c7f01c6580fb5ac9f9d8c0545c2b9843c305bdd 100644 (file)
@@ -35,7 +35,7 @@ struct dcerpc_security {
                                 uchar *data, size_t length, DATA_BLOB *sig);
        NTSTATUS (*sign_packet)(struct dcerpc_security *, 
                                const uchar *data, size_t length, DATA_BLOB *sig);
-       NTSTATUS (*session_key)(struct dcerpc_security *, uint8 session_key[16]);
+       NTSTATUS (*session_key)(struct dcerpc_security *, DATA_BLOB *session_key);
        void (*security_end)(struct dcerpc_security *);
 };
 
index 194b1aa8654dee32bbc7885141f87cb314d29e59..fa4232c94af68f2ebdaf01e4402d799575fdd72a 100644 (file)
@@ -57,13 +57,13 @@ static NTSTATUS ntlm_sign_packet(struct dcerpc_security *dcerpc_security,
 }
 
 static NTSTATUS ntlm_session_key(struct dcerpc_security *dcerpc_security, 
-                                uint8 session_key[16])
+                                DATA_BLOB *session_key)
 {
        struct ntlmssp_state *ntlmssp_state = dcerpc_security->private;
-       if (!ntlmssp_state || ntlmssp_state->session_key.length < 16) {
-               return NT_STATUS_UNSUCCESSFUL;
+       if (!ntlmssp_state->session_key.data) {
+               return NT_STATUS_NO_USER_SESSION_KEY;
        }
-       memcpy(session_key, ntlmssp_state->session_key.data, 16);
+       *session_key = ntlmssp_state->session_key;
        return NT_STATUS_OK;
 }
 
index 504c8dfd6f6f1d05998cd3702a5156be4aa5de90..a88d3c1b3e908c601c4603706db7f17ba5fa2e7e 100644 (file)
@@ -57,7 +57,7 @@ static NTSTATUS schan_sign_packet(struct dcerpc_security *dcerpc_security,
 }
 
 static NTSTATUS schan_session_key(struct dcerpc_security *dcerpc_security, 
-                                 uint8 session_key[16])
+                                 DATA_BLOB *session_key)
 {
        return NT_STATUS_NOT_IMPLEMENTED;
 }
@@ -84,7 +84,7 @@ NTSTATUS dcerpc_schannel_key(struct dcerpc_pipe *p,
        struct netr_ServerReqChallenge r;
        struct netr_ServerAuthenticate2 a;
        uint8 mach_pwd[16];
-       struct netr_CredentialState creds;
+       struct creds_CredentialState creds;
        const char *workgroup, *workstation;
        uint32 negotiate_flags = 0;
 
index 0e045e00335e8bfce62a2a9cde66a69e0cfee386..dce325d7e18af50bc60b9844f6b197b1ff305501 100644 (file)
@@ -673,27 +673,21 @@ NTSTATUS dcerpc_secondary_smb(struct dcerpc_pipe *p, struct dcerpc_pipe **p2,
   only works for the ncacn_np transport
 */
 NTSTATUS dcerpc_fetch_session_key(struct dcerpc_pipe *p,
-                                 uint8 session_key[16])
+                                 DATA_BLOB *session_key)
 {
        struct cli_tree *tree;
 
-       memset(session_key, 0, 16);
-
+       if (p->security_state) {
+               return p->security_state->session_key(p->security_state, session_key);
+       }
+       
        tree = dcerpc_smb_tree(p);
        if (tree) {
-               memcpy(session_key, 
-                      tree->session->transport->negotiate.user_session_key,
-                      16);
-       }
-
-       if (p->security_state) {
-               NTSTATUS status;
-
-               status = p->security_state->session_key(p->security_state, session_key);
-               if (!NT_STATUS_IS_OK(status)) {
-                       return status;
+               if (tree->session->user_session_key.data) {
+                       *session_key = tree->session->user_session_key;
+                       return NT_STATUS_OK;
                }
        }
-       
-       return NT_STATUS_OK;
+
+       return NT_STATUS_NO_USER_SESSION_KEY;
 }
index e06613a3d9287f1afa5e6092865322e0e27d596f..b49ba1ef5591d0e83f09e009b96269993b9dd12b 100644 (file)
@@ -4,6 +4,8 @@
    test suite for netlogon rpc operations
 
    Copyright (C) Andrew Tridgell 2003
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2003-2004
+   Copyright (C) Tim Potter      2003
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
 
 #define TEST_MACHINE_NAME "torturetest"
 
+/* for the timebeing, use the same neg flags as Samba3. */
+/* The 7 here seems to be required to get Win2k not to downgrade us
+   to NT4.  Actually, anything other than 1ff would seem to do... */
+#define NETLOGON_NEG_AUTH2_FLAGS 0x000701ff
+
+#define NETLOGON_NEG_SCHANNEL    0x40000000
+
+
 static struct {
        struct dcerpc_pipe *p;
        const char *machine_password;
@@ -48,7 +58,7 @@ static BOOL join_domain_bdc(TALLOC_CTX *mem_ctx)
        uint32 access_granted;
        uint32 rid;
        BOOL ret = True;
-       uint8 session_key[16];
+       DATA_BLOB session_key;
        struct samr_Name name;
 
        printf("Connecting to SAMR\n");
@@ -129,14 +139,14 @@ again:
        encode_pw_buffer(u.info24.password.data, join.machine_password, STR_UNICODE);
        u.info24.pw_len = strlen(join.machine_password);
 
-       status = dcerpc_fetch_session_key(join.p, session_key);
+       status = dcerpc_fetch_session_key(join.p, &session_key);
        if (!NT_STATUS_IS_OK(status)) {
                printf("SetUserInfo level %u - no session key - %s\n",
                       s.in.level, nt_errstr(status));
                return False;
        }
 
-       SamOEMhash(u.info24.password.data, session_key, 516);
+       SamOEMhashBlob(u.info24.password.data, 516, &session_key);
 
        status = dcerpc_samr_SetUserInfo(join.p, mem_ctx, &s);
        if (!NT_STATUS_IS_OK(status)) {
@@ -224,7 +234,7 @@ static BOOL test_LogonUasLogoff(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
 }
 
 static BOOL test_SetupCredentials(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
-                                 struct netr_CredentialState *creds)
+                                 struct creds_CredentialState *creds)
 {
        NTSTATUS status;
        struct netr_ServerReqChallenge r;
@@ -277,14 +287,14 @@ static BOOL test_SetupCredentials(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
 }
 
 static BOOL test_SetupCredentials2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
-                                  struct netr_CredentialState *creds)
+                                  uint32 negotiate_flags,
+                                  struct creds_CredentialState *creds)
 {
        NTSTATUS status;
        struct netr_ServerReqChallenge r;
        struct netr_ServerAuthenticate2 a;
        const char *plain_pass;
        uint8 mach_pwd[16];
-       uint32 negotiate_flags = 0;
 
        printf("Testing ServerReqChallenge\n");
 
@@ -334,63 +344,655 @@ static BOOL test_SetupCredentials2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
        return True;
 }
 
-/*
-  try a netlogon SamLogon
-*/
-static BOOL test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
-{
-       NTSTATUS status;
+enum ntlm_break {
+       BREAK_NONE,
+       BREAK_LM,
+       BREAK_NT,
+       NO_LM,
+       NO_NT
+};
+
+struct samlogon_state {
+       TALLOC_CTX *mem_ctx;
+       const char *username;
+       const char *password;
+       struct dcerpc_pipe *p;
        struct netr_LogonSamLogon r;
        struct netr_Authenticator auth, auth2;
-       struct netr_NetworkInfo ninfo;
-       const char *username = lp_parm_string(-1, "torture", "username");
-       const char *password = lp_parm_string(-1, "torture", "password");
-       struct netr_CredentialState creds;
-       int i;
-       BOOL ret = True;
+       struct creds_CredentialState creds;
+       DATA_BLOB chall;
+};
 
-       if (!test_SetupCredentials2(p, mem_ctx, &creds)) {
-               return False;
-       }
+/* 
+   Authenticate a user with a challenge/response, checking session key
+   and valid authentication types
+*/
 
+static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state, 
+                              enum ntlm_break break_which,
+                              DATA_BLOB *chall, 
+                              DATA_BLOB *lm_response, 
+                              DATA_BLOB *nt_response, 
+                              uint8 lm_key[8], 
+                              uint8 user_session_key[16], 
+                              char **error_string)
+{
+       NTSTATUS status;
+       struct netr_LogonSamLogon *r = &samlogon_state->r;
+
+       struct netr_NetworkInfo ninfo;
+       samlogon_state->r.in.logon_level = 2;
+       samlogon_state->r.in.logon.network = &ninfo;
+       
        ninfo.logon_info.domain_name.string = lp_workgroup();
        ninfo.logon_info.parameter_control = 0;
        ninfo.logon_info.logon_id_low = 0;
        ninfo.logon_info.logon_id_high = 0;
-       ninfo.logon_info.username.string = username;
+       ninfo.logon_info.username.string = samlogon_state->username;
        ninfo.logon_info.workstation.string = TEST_MACHINE_NAME;
-       generate_random_buffer(ninfo.challenge, 
-                              sizeof(ninfo.challenge), False);
-       ninfo.nt.length = 24;
-       ninfo.nt.data = talloc(mem_ctx, 24);
-       SMBNTencrypt(password, ninfo.challenge, ninfo.nt.data);
-       ninfo.lm.length = 24;
-       ninfo.lm.data = talloc(mem_ctx, 24);
-       SMBencrypt(password, ninfo.challenge, ninfo.lm.data);
 
-       r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
-       r.in.workstation = TEST_MACHINE_NAME;
-       r.in.credential = &auth;
-       r.in.authenticator = &auth2;
-       r.in.logon_level = 2;
-       r.in.logon.network = &ninfo;
+       memcpy(ninfo.challenge, chall->data, 8);
+       
+       switch (break_which) {
+       case BREAK_NONE:
+               break;
+       case BREAK_LM:
+               if (lm_response && lm_response->data) {
+                       lm_response->data[0]++;
+               }
+               break;
+       case BREAK_NT:
+               if (nt_response && nt_response->data) {
+                       nt_response->data[0]++;
+               }
+               break;
+       case NO_LM:
+               data_blob_free(lm_response);
+               break;
+       case NO_NT:
+               data_blob_free(nt_response);
+               break;
+       }
+       
+       if (nt_response) {
+               ninfo.nt.data = nt_response->data;
+               ninfo.nt.length = nt_response->length;
+       } else {
+               ninfo.nt.data = NULL;
+               ninfo.nt.length = 0;
+       }
 
-       for (i=2;i<=3;i++) {
-               ZERO_STRUCT(auth2);
-               creds_client_authenticator(&creds, &auth);
+       if (lm_response) {
+               ninfo.lm.data = lm_response->data;
+               ninfo.lm.length = lm_response->length;
+       } else {
+               ninfo.lm.data = NULL;
+               ninfo.lm.length = 0;
+       }
+
+       ZERO_STRUCT(samlogon_state->auth2);
+       creds_client_authenticator(&samlogon_state->creds, &samlogon_state->auth);
+       
+       status = dcerpc_netr_LogonSamLogon(samlogon_state->p, samlogon_state->mem_ctx, r);
+       if (!NT_STATUS_IS_OK(status)) {
+               if (error_string) {
+                       *error_string = strdup(nt_errstr(status));
+               }
+       }
+       
+       if (!creds_client_check(&samlogon_state->creds, &r->out.authenticator->cred)) {
+               printf("Credential chaining failed\n");
+       }
 
-               r.in.validation_level = i;
+       if (!NT_STATUS_IS_OK(status)) {
+               /* we cannot check the session key, if the logon failed... */
+               return status;
+       }
+       
+       /* find and decyrpt the session keys, return in parameters above */
+       if (r->in.validation_level == 2) {
+               static const char zeros[16];
+
+               if (memcmp(r->out.validation.sam->LMSessKey.key, zeros,  sizeof(r->out.validation.sam->LMSessKey.key)) != 0) {
+                       creds_arcfour_crypt(&samlogon_state->creds, 
+                                           r->out.validation.sam->LMSessKey.key, 
+                                           sizeof(r->out.validation.sam->LMSessKey.key));
+               }
+                       
+               if (lm_key) {
+                       memcpy(lm_key, r->out.validation.sam->LMSessKey.key, 8);
+               }
 
-               printf("Testing SamLogon with validation level %d\n", i);
+               if (memcmp(r->out.validation.sam->key.key, zeros,  sizeof(r->out.validation.sam->key.key)) != 0) {
+                       creds_arcfour_crypt(&samlogon_state->creds, 
+                                           r->out.validation.sam->key.key, 
+                                           sizeof(r->out.validation.sam->key.key));
+               }
 
-               status = dcerpc_netr_LogonSamLogon(p, mem_ctx, &r);
-               if (!NT_STATUS_IS_OK(status)) {
-                       printf("LogonSamLogon - %s\n", nt_errstr(status));
-                       ret = False;
+               if (user_session_key) {
+                       memcpy(user_session_key, r->out.validation.sam->key.key, 16);
+               }
+
+       } else if (r->in.validation_level == 3) {
+               static const char zeros[16];
+               if (memcmp(r->out.validation.sam2->LMSessKey.key, zeros,  sizeof(r->out.validation.sam2->LMSessKey.key)) != 0) {
+                       creds_arcfour_crypt(&samlogon_state->creds, 
+                                           r->out.validation.sam2->LMSessKey.key, 
+                                           sizeof(r->out.validation.sam2->LMSessKey.key));
                }
 
-               if (!creds_client_check(&creds, &r.out.authenticator->cred)) {
-                       printf("Credential chaining failed\n");
+               if (lm_key) {
+                       memcpy(lm_key, r->out.validation.sam2->LMSessKey.key, 8);
+               }
+
+               if (memcmp(r->out.validation.sam2->key.key, zeros,  sizeof(r->out.validation.sam2->key.key)) != 0) {
+                       creds_arcfour_crypt(&samlogon_state->creds, 
+                                           r->out.validation.sam2->key.key, 
+                                           sizeof(r->out.validation.sam2->key.key));
+               }
+
+               if (user_session_key) {
+                       memcpy(user_session_key, r->out.validation.sam2->key.key, 16);
+               }
+       }
+
+       return status;
+} 
+
+/* 
+ * Test the normal 'LM and NTLM' combination
+ */
+
+static BOOL test_lm_ntlm_broken(struct samlogon_state *samlogon_state, enum ntlm_break break_which, char **error_string) 
+{
+       BOOL pass = True;
+       NTSTATUS nt_status;
+       DATA_BLOB lm_response = data_blob_talloc(samlogon_state->mem_ctx, NULL, 24);
+       DATA_BLOB nt_response = data_blob_talloc(samlogon_state->mem_ctx, NULL, 24);
+       DATA_BLOB session_key = data_blob_talloc(samlogon_state->mem_ctx, NULL, 16);
+
+       uchar lm_key[8];
+       uchar user_session_key[16];
+       uchar lm_hash[16];
+       uchar nt_hash[16];
+       
+       ZERO_STRUCT(lm_key);
+       ZERO_STRUCT(user_session_key);
+
+       SMBencrypt(samlogon_state->password, samlogon_state->chall.data, lm_response.data);
+       E_deshash(samlogon_state->password, lm_hash); 
+
+       SMBNTencrypt(samlogon_state->password, samlogon_state->chall.data, nt_response.data);
+
+       E_md4hash(samlogon_state->password, nt_hash);
+       SMBsesskeygen_ntv1(nt_hash, session_key.data);
+
+       nt_status = check_samlogon(samlogon_state,
+                                  break_which,
+                                  &samlogon_state->chall,
+                                  &lm_response,
+                                  &nt_response,
+                                  lm_key, 
+                                  user_session_key,
+                                  error_string);
+       
+       data_blob_free(&lm_response);
+
+       if (!NT_STATUS_IS_OK(nt_status)) {
+               return break_which == BREAK_NT;
+       }
+
+       if (memcmp(lm_hash, lm_key, 
+                  sizeof(lm_key)) != 0) {
+               printf("LM Key does not match expectations!\n");
+               printf("lm_key:\n");
+               dump_data(1, (const char *)lm_key, 8);
+               printf("expected:\n");
+               dump_data(1, (const char *)lm_hash, 8);
+               pass = False;
+       }
+
+       if (break_which == NO_NT) {
+               char lm_key_expected[16];
+               memcpy(lm_key_expected, lm_hash, 8);
+               memset(lm_key_expected+8, '\0', 8);
+               if (memcmp(lm_key_expected, user_session_key, 
+                          16) != 0) {
+                       printf("NT Session Key does not match expectations (should be first-8 LM hash)!\n");
+                       printf("user_session_key:\n");
+                       dump_data(1, (const char *)user_session_key, sizeof(user_session_key));
+                       printf("expected:\n");
+                       dump_data(1, (const char *)lm_key_expected, sizeof(lm_key_expected));
+                       pass = False;
+               }
+       } else {                
+               if (memcmp(session_key.data, user_session_key, 
+                          sizeof(user_session_key)) != 0) {
+                       printf("NT Session Key does not match expectations!\n");
+                       printf("user_session_key:\n");
+                       dump_data(1, (const char *)user_session_key, 16);
+                       printf("expected:\n");
+                       dump_data(1, (const char *)session_key.data, session_key.length);
+                       pass = False;
+               }
+       }
+        return pass;
+}
+
+/* 
+ * Test LM authentication, no NT response supplied
+ */
+
+static BOOL test_lm(struct samlogon_state *samlogon_state, char **error_string) 
+{
+
+       return test_lm_ntlm_broken(samlogon_state, NO_NT, error_string);
+}
+
+/* 
+ * Test the NTLM response only, no LM.
+ */
+
+static BOOL test_ntlm(struct samlogon_state *samlogon_state, char **error_string) 
+{
+       return test_lm_ntlm_broken(samlogon_state, NO_LM, error_string);
+}
+
+/* 
+ * Test the NTLM response only, but in the LM field.
+ */
+
+static BOOL test_ntlm_in_lm(struct samlogon_state *samlogon_state, char **error_string) 
+{
+       BOOL pass = True;
+       NTSTATUS nt_status;
+       DATA_BLOB nt_response = data_blob_talloc(samlogon_state->mem_ctx, NULL, 24);
+
+       uchar lm_key[8];
+       uchar lm_hash[16];
+       uchar user_session_key[16];
+       
+       ZERO_STRUCT(user_session_key);
+
+       SMBNTencrypt(samlogon_state->password, samlogon_state->chall.data, nt_response.data);
+
+       E_deshash(samlogon_state->password, lm_hash); 
+
+       nt_status = check_samlogon(samlogon_state,
+                                  BREAK_NONE,
+                                  &samlogon_state->chall,
+                                  &nt_response,
+                                  NULL,
+                                  lm_key, 
+                                  user_session_key,
+                                  error_string);
+       
+       if (!NT_STATUS_IS_OK(nt_status)) {
+               return False;
+       }
+
+       if (memcmp(lm_hash, lm_key, 
+                  sizeof(lm_key)) != 0) {
+               printf("LM Key does not match expectations!\n");
+               printf("lm_key:\n");
+               dump_data(1, (const char *)lm_key, 8);
+               printf("expected:\n");
+               dump_data(1, (const char *)lm_hash, 8);
+               pass = False;
+       }
+       if (memcmp(lm_hash, user_session_key, 8) != 0) {
+               char lm_key_expected[16];
+               memcpy(lm_key_expected, lm_hash, 8);
+               memset(lm_key_expected+8, '\0', 8);
+               if (memcmp(lm_key_expected, user_session_key, 
+                          16) != 0) {
+                       printf("NT Session Key does not match expectations (should be first-8 LM hash)!\n");
+                       printf("user_session_key:\n");
+                       dump_data(1, (const char *)user_session_key, sizeof(user_session_key));
+                       printf("expected:\n");
+                       dump_data(1, (const char *)lm_key_expected, sizeof(lm_key_expected));
+                       pass = False;
+               }
+       }
+        return pass;
+}
+
+/* 
+ * Test the NTLM response only, but in the both the NT and LM fields.
+ */
+
+static BOOL test_ntlm_in_both(struct samlogon_state *samlogon_state, char **error_string) 
+{
+       BOOL pass = True;
+       NTSTATUS nt_status;
+       DATA_BLOB nt_response = data_blob_talloc(samlogon_state->mem_ctx, NULL, 24);
+       DATA_BLOB session_key = data_blob_talloc(samlogon_state->mem_ctx, NULL, 16);
+
+       char lm_key[8];
+       char lm_hash[16];
+       char user_session_key[16];
+       char nt_hash[16];
+       
+       ZERO_STRUCT(lm_key);
+       ZERO_STRUCT(user_session_key);
+
+       SMBNTencrypt(samlogon_state->password, samlogon_state->chall.data, 
+                    nt_response.data);
+       E_md4hash(samlogon_state->password, (unsigned char *)nt_hash);
+       SMBsesskeygen_ntv1((const unsigned char *)nt_hash, 
+                          session_key.data);
+
+       E_deshash(samlogon_state->password, (unsigned char *)lm_hash); 
+
+       nt_status = check_samlogon(samlogon_state,
+                                  BREAK_NONE,
+                                  &samlogon_state->chall,
+                                  NULL, 
+                                  &nt_response,
+                                  lm_key, 
+                                  user_session_key,
+                                  error_string);
+       
+       if (!NT_STATUS_IS_OK(nt_status)) {
+               return False;
+       }
+
+       if (memcmp(lm_hash, lm_key, 
+                  sizeof(lm_key)) != 0) {
+               printf("LM Key does not match expectations!\n");
+               printf("lm_key:\n");
+               dump_data(1, lm_key, 8);
+               printf("expected:\n");
+               dump_data(1, lm_hash, 8);
+               pass = False;
+       }
+       if (memcmp(session_key.data, user_session_key, 
+                  sizeof(user_session_key)) != 0) {
+               printf("NT Session Key does not match expectations!\n");
+               printf("user_session_key:\n");
+               dump_data(1, user_session_key, 16);
+               printf("expected:\n");
+               dump_data(1, (const char *)session_key.data, session_key.length);
+               pass = False;
+       }
+
+
+        return pass;
+}
+
+/* 
+ * Test the NTLMv2 and LMv2 responses
+ */
+
+static BOOL test_lmv2_ntlmv2_broken(struct samlogon_state *samlogon_state, enum ntlm_break break_which, char **error_string) 
+{
+       BOOL pass = True;
+       NTSTATUS nt_status;
+       DATA_BLOB ntlmv2_response = data_blob(NULL, 0);
+       DATA_BLOB lmv2_response = data_blob(NULL, 0);
+       DATA_BLOB ntlmv2_session_key = data_blob(NULL, 0);
+       DATA_BLOB names_blob = NTLMv2_generate_names_blob(lp_netbios_name(), lp_workgroup());
+
+       uchar user_session_key[16];
+
+       ZERO_STRUCT(user_session_key);
+       
+       if (!SMBNTLMv2encrypt(samlogon_state->username, lp_workgroup(), samlogon_state->password, &samlogon_state->chall,
+                             &names_blob,
+                             &lmv2_response, &ntlmv2_response, 
+                             &ntlmv2_session_key)) {
+               data_blob_free(&names_blob);
+               return False;
+       }
+       data_blob_free(&names_blob);
+
+       nt_status = check_samlogon(samlogon_state,
+                                  break_which,
+                                  &samlogon_state->chall,
+                                  &lmv2_response,
+                                  &ntlmv2_response,
+                                  NULL, 
+                                  user_session_key,
+                                  error_string);
+       
+       data_blob_free(&lmv2_response);
+       data_blob_free(&ntlmv2_response);
+
+       if (!NT_STATUS_IS_OK(nt_status)) {
+               return break_which == BREAK_NT;
+       }
+
+       if (break_which != NO_NT && break_which != BREAK_NT && memcmp(ntlmv2_session_key.data, user_session_key, 
+                  sizeof(user_session_key)) != 0) {
+               printf("USER (NTLMv2) Session Key does not match expectations!\n");
+               printf("user_session_key:\n");
+               dump_data(1, (const char *)user_session_key, 16);
+               printf("expected:\n");
+               dump_data(1, (const char *)ntlmv2_session_key.data, ntlmv2_session_key.length);
+               pass = False;
+       }
+        return pass;
+}
+
+/* 
+ * Test the NTLMv2 and LMv2 responses
+ */
+
+static BOOL test_lmv2_ntlmv2(struct samlogon_state *samlogon_state, char **error_string) 
+{
+       return test_lmv2_ntlmv2_broken(samlogon_state, BREAK_NONE, error_string);
+}
+
+/* 
+ * Test the LMv2 response only
+ */
+
+static BOOL test_lmv2(struct samlogon_state *samlogon_state, char **error_string) 
+{
+       return test_lmv2_ntlmv2_broken(samlogon_state, NO_NT, error_string);
+}
+
+/* 
+ * Test the NTLMv2 response only
+ */
+
+static BOOL test_ntlmv2(struct samlogon_state *samlogon_state, char **error_string) 
+{
+       return test_lmv2_ntlmv2_broken(samlogon_state, NO_LM, error_string);
+}
+
+static BOOL test_lm_ntlm(struct samlogon_state *samlogon_state, char **error_string) 
+{
+       return test_lm_ntlm_broken(samlogon_state, BREAK_NONE, error_string);
+}
+
+static BOOL test_ntlm_lm_broken(struct samlogon_state *samlogon_state, char **error_string) 
+{
+       return test_lm_ntlm_broken(samlogon_state, BREAK_LM, error_string);
+}
+
+static BOOL test_ntlm_ntlm_broken(struct samlogon_state *samlogon_state, char **error_string) 
+{
+       return test_lm_ntlm_broken(samlogon_state, BREAK_NT, error_string);
+}
+
+static BOOL test_ntlmv2_lmv2_broken(struct samlogon_state *samlogon_state, char **error_string) 
+{
+       return test_lmv2_ntlmv2_broken(samlogon_state, BREAK_LM, error_string);
+}
+
+static BOOL test_ntlmv2_ntlmv2_broken(struct samlogon_state *samlogon_state, char **error_string) 
+{
+       return test_lmv2_ntlmv2_broken(samlogon_state, BREAK_NT, error_string);
+}
+
+static BOOL test_plaintext(struct samlogon_state *samlogon_state, enum ntlm_break break_which, char **error_string)
+{
+       NTSTATUS nt_status;
+       DATA_BLOB nt_response = data_blob(NULL, 0);
+       DATA_BLOB lm_response = data_blob(NULL, 0);
+       char *password;
+       char *dospw;
+       smb_ucs2_t *unicodepw;
+
+       uchar user_session_key[16];
+       uchar lm_key[16];
+       static const uchar zeros[8];
+       DATA_BLOB chall = data_blob_talloc(samlogon_state->mem_ctx, zeros, sizeof(zeros));
+
+       ZERO_STRUCT(user_session_key);
+       
+       if ((push_ucs2_talloc(samlogon_state->mem_ctx, (smb_ucs2_t **)&unicodepw, 
+                             samlogon_state->password)) == -1) {
+               DEBUG(0, ("push_ucs2_allocate failed!\n"));
+               exit(1);
+       }
+
+       nt_response = data_blob_talloc(samlogon_state->mem_ctx, unicodepw, 
+                                      strlen_w(((void *)unicodepw))*sizeof(smb_ucs2_t));
+
+       password = strdup_upper(samlogon_state->password);
+
+       if ((convert_string_talloc(samlogon_state->mem_ctx, CH_UNIX, 
+                                  CH_DOS, password,
+                                  strlen(password)+1, 
+                                  (const void**)&dospw)) == -1) {
+               DEBUG(0, ("push_ascii_allocate failed!\n"));
+               exit(1);
+       }
+
+       SAFE_FREE(password);
+
+       lm_response = data_blob_talloc(samlogon_state->mem_ctx, dospw, strlen(dospw));
+
+       nt_status = check_samlogon(samlogon_state,
+                                  break_which,
+                                  &chall,
+                                  &lm_response,
+                                  &nt_response,
+                                  lm_key, 
+                                  user_session_key,
+                                  error_string);
+       
+       if (!NT_STATUS_IS_OK(nt_status)) {
+               return break_which == BREAK_NT;
+       }
+
+       return True;
+}
+
+static BOOL test_plaintext_none_broken(struct samlogon_state *samlogon_state, 
+                                      char **error_string) {
+       return test_plaintext(samlogon_state, BREAK_NONE, error_string);
+}
+
+static BOOL test_plaintext_lm_broken(struct samlogon_state *samlogon_state, 
+                                    char **error_string) {
+       return test_plaintext(samlogon_state, BREAK_LM, error_string);
+}
+
+static BOOL test_plaintext_nt_broken(struct samlogon_state *samlogon_state, 
+                                    char **error_string) {
+       return test_plaintext(samlogon_state, BREAK_NT, error_string);
+}
+
+static BOOL test_plaintext_nt_only(struct samlogon_state *samlogon_state, 
+                                  char **error_string) {
+       return test_plaintext(samlogon_state, NO_LM, error_string);
+}
+
+static BOOL test_plaintext_lm_only(struct samlogon_state *samlogon_state, 
+                                  char **error_string) {
+       return test_plaintext(samlogon_state, NO_NT, error_string);
+}
+
+/* 
+   Tests:
+   
+   - LM only
+   - NT and LM            
+   - NT
+   - NT in LM field
+   - NT in both fields
+   - NTLMv2
+   - NTLMv2 and LMv2
+   - LMv2
+   - plaintext tests (in challenge-response feilds)
+  
+   check we get the correct session key in each case
+   check what values we get for the LM session key
+   
+*/
+
+static const struct ntlm_tests {
+       BOOL (*fn)(struct samlogon_state *, char **);
+       const char *name;
+       BOOL expect_fail;
+} test_table[] = {
+       {test_lm, "LM", False},
+       {test_lm_ntlm, "LM and NTLM", False},
+       {test_ntlm, "NTLM", False},
+       {test_ntlm_in_lm, "NTLM in LM", False},
+       {test_ntlm_in_both, "NTLM in both", False},
+       {test_ntlmv2, "NTLMv2", False},
+       {test_lmv2_ntlmv2, "NTLMv2 and LMv2", False},
+       {test_lmv2, "LMv2", False},
+       {test_ntlmv2_lmv2_broken, "NTLMv2 and LMv2, LMv2 broken", False},
+       {test_ntlmv2_ntlmv2_broken, "NTLMv2 and LMv2, NTLMv2 broken", False},
+       {test_ntlm_lm_broken, "NTLM and LM, LM broken", False},
+       {test_ntlm_ntlm_broken, "NTLM and LM, NTLM broken", False},
+       {test_plaintext_none_broken, "Plaintext", True},
+       {test_plaintext_lm_broken, "Plaintext LM broken", True},
+       {test_plaintext_nt_broken, "Plaintext NT broken", True},
+       {test_plaintext_nt_only, "Plaintext NT only", True},
+       {test_plaintext_lm_only, "Plaintext LM only", True},
+       {NULL, NULL}
+};
+
+/*
+  try a netlogon SamLogon
+*/
+static BOOL test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
+{
+       int i, j;
+       BOOL ret = True;
+
+       struct samlogon_state samlogon_state;
+       
+       samlogon_state.mem_ctx = mem_ctx;
+       samlogon_state.username = lp_parm_string(-1, "torture", "username");
+       samlogon_state.password = lp_parm_string(-1, "torture", "password");
+       samlogon_state.p = p;
+
+       samlogon_state.chall = data_blob_talloc(mem_ctx, NULL, 8);
+
+       generate_random_buffer(samlogon_state.chall.data, 
+                              8, False);
+
+       if (!test_SetupCredentials2(p, mem_ctx, NETLOGON_NEG_AUTH2_FLAGS, &samlogon_state.creds)) {
+               return False;
+       }
+
+       samlogon_state.r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
+       samlogon_state.r.in.workstation = TEST_MACHINE_NAME;
+       samlogon_state.r.in.credential = &samlogon_state.auth;
+       samlogon_state.r.in.authenticator = &samlogon_state.auth2;
+
+       for (i=2;i<=3;i++) {
+               samlogon_state.r.in.validation_level = i;
+               for (j=0; test_table[j].fn; j++) {
+                       char *error_string = NULL;
+                       printf("Testing SamLogon with '%s' at validation level %d\n", test_table[j].name, i);
+       
+                       if (!test_table[j].fn(&samlogon_state, &error_string)) {
+                               if (test_table[j].expect_fail) {
+                                       printf("Test %s failed (expected, test incomplete): %s\n", test_table[j].name, error_string);
+                               } else {
+                                       printf("Test %s failed: %s\n", test_table[j].name, error_string);
+                                       ret = False;
+                               }
+                               SAFE_FREE(error_string);
+                       }
                }
        }
 
@@ -406,7 +1008,7 @@ static BOOL test_SetPassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
        NTSTATUS status;
        struct netr_ServerPasswordSet r;
        const char *password;
-       struct netr_CredentialState creds;
+       struct creds_CredentialState creds;
 
        if (!test_SetupCredentials(p, mem_ctx, &creds)) {
                return False;
@@ -420,7 +1022,7 @@ static BOOL test_SetPassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
        password = generate_random_str(8);
        E_md4hash(password, r.in.new_password.data);
 
-       creds_client_encrypt(&creds, &r.in.new_password);
+       creds_des_encrypt(&creds, &r.in.new_password);
 
        printf("Testing ServerPasswordSet on machine account\n");
 
@@ -468,7 +1070,7 @@ static BOOL test_DatabaseSync(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
 {
        NTSTATUS status;
        struct netr_DatabaseSync r;
-       struct netr_CredentialState creds;
+       struct creds_CredentialState creds;
        const uint32 database_ids[] = {0, 1, 2}; 
        int i;
        BOOL ret = True;
@@ -530,7 +1132,7 @@ static BOOL test_DatabaseDeltas(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
 {
        NTSTATUS status;
        struct netr_DatabaseDeltas r;
-       struct netr_CredentialState creds;
+       struct creds_CredentialState creds;
        const uint32 database_ids[] = {0, 1, 2}; 
        int i;
        BOOL ret = True;
@@ -587,7 +1189,7 @@ static BOOL test_AccountDeltas(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
 {
        NTSTATUS status;
        struct netr_AccountDeltas r;
-       struct netr_CredentialState creds;
+       struct creds_CredentialState creds;
        BOOL ret = True;
 
        if (!test_SetupCredentials(p, mem_ctx, &creds)) {
@@ -622,7 +1224,7 @@ static BOOL test_AccountSync(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
 {
        NTSTATUS status;
        struct netr_AccountSync r;
-       struct netr_CredentialState creds;
+       struct creds_CredentialState creds;
        BOOL ret = True;
 
        if (!test_SetupCredentials(p, mem_ctx, &creds)) {
@@ -816,12 +1418,12 @@ static BOOL test_DatabaseSync2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
 {
        NTSTATUS status;
        struct netr_DatabaseSync2 r;
-       struct netr_CredentialState creds;
+       struct creds_CredentialState creds;
        const uint32 database_ids[] = {0, 1, 2}; 
        int i;
        BOOL ret = True;
 
-       if (!test_SetupCredentials2(p, mem_ctx, &creds)) {
+       if (!test_SetupCredentials2(p, mem_ctx, NETLOGON_NEG_AUTH2_FLAGS, &creds)) {
                return False;
        }