Context Navigation

← Previous Revision
Next Revision →
Blame
Revision Log

samlogon.c

Visit:

Last change on this file was 752, checked in by Silvan Scherrer, 13 years ago
Samba Server: updated trunk to 3.6.9 2nd part
File size: 65.5 KB

Line
1	/*
2	Unix SMB/CIFS implementation.
3
4	test suite for netlogon SamLogon operations
5
6	Copyright (C) Andrew Tridgell 2003
7	Copyright (C) Andrew Bartlett <abartlet@samba.org> 2003-2004
8	Copyright (C) Tim Potter 2003
9
10	This program is free software; you can redistribute it and/or modify
11	it under the terms of the GNU General Public License as published by
12	the Free Software Foundation; either version 3 of the License, or
13	(at your option) any later version.
14
15	This program is distributed in the hope that it will be useful,
16	but WITHOUT ANY WARRANTY; without even the implied warranty of
17	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18	GNU General Public License for more details.
19
20	You should have received a copy of the GNU General Public License
21	along with this program. If not, see <http://www.gnu.org/licenses/>.
22	*/
23
24	#include "includes.h"
25	#include "librpc/gen_ndr/ndr_netlogon.h"
26	#include "librpc/gen_ndr/ndr_netlogon_c.h"
27	#include "librpc/gen_ndr/ndr_samr_c.h"
28	#include "../lib/crypto/crypto.h"
29	#include "lib/cmdline/popt_common.h"
30	#include "torture/rpc/torture_rpc.h"
31	#include "auth/gensec/gensec.h"
32	#include "libcli/auth/libcli_auth.h"
33	#include "param/param.h"
34
35	#define TEST_MACHINE_NAME "samlogontest"
36	#define TEST_USER_NAME "samlogontestuser"
37	#define TEST_USER_NAME_WRONG_WKS "samlogontest2"
38	#define TEST_USER_NAME_WRONG_TIME "samlogontest3"
39
40	enum ntlm_break {
41	BREAK_BOTH,
42	BREAK_NONE,
43	BREAK_LM,
44	BREAK_NT,
45	NO_LM,
46	NO_NT
47	};
48
49	struct samlogon_state {
50	TALLOC_CTX *mem_ctx;
51	const char *comment;
52	const char *account_name;
53	const char *account_domain;
54	const char *netbios_name;
55	const char *password;
56	const char *workgroup;
57	struct dcerpc_pipe *p;
58	int function_level;
59	uint32_t parameter_control;
60	struct netr_LogonSamLogon r;
61	struct netr_LogonSamLogonEx r_ex;
62	struct netr_LogonSamLogonWithFlags r_flags;
63	struct netr_Authenticator auth, auth2;
64	struct netlogon_creds_CredentialState *creds;
65	NTSTATUS expected_error;
66	bool old_password; /* Allow an old password to be accepted or rejected without error, as well as session key bugs */
67	DATA_BLOB chall;
68	};
69
70	/*
71	Authenticate a user with a challenge/response, checking session key
72	and valid authentication types
73	*/
74	static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state,
75	enum ntlm_break break_which,
76	uint32_t parameter_control,
77	DATA_BLOB *chall,
78	DATA_BLOB *lm_response,
79	DATA_BLOB *nt_response,
80	uint8_t lm_key[8],
81	uint8_t user_session_key[16],
82	char **error_string)
83	{
84	NTSTATUS status;
85	struct netr_LogonSamLogon *r = &samlogon_state->r;
86	struct netr_LogonSamLogonEx *r_ex = &samlogon_state->r_ex;
87	struct netr_LogonSamLogonWithFlags *r_flags = &samlogon_state->r_flags;
88	struct netr_NetworkInfo ninfo;
89	struct netr_SamBaseInfo *base = NULL;
90	uint16_t validation_level = 0;
91
92	samlogon_state->r.in.logon->network = &ninfo;
93	samlogon_state->r_ex.in.logon->network = &ninfo;
94	samlogon_state->r_flags.in.logon->network = &ninfo;
95
96	ninfo.identity_info.domain_name.string = samlogon_state->account_domain;
97	ninfo.identity_info.parameter_control = parameter_control;
98	ninfo.identity_info.logon_id_low = 0;
99	ninfo.identity_info.logon_id_high = 0;
100	ninfo.identity_info.account_name.string = samlogon_state->account_name;
101	ninfo.identity_info.workstation.string = TEST_MACHINE_NAME;
102
103	memcpy(ninfo.challenge, chall->data, 8);
104
105	switch (break_which) {
106	case BREAK_NONE:
107	break;
108	case BREAK_LM:
109	if (lm_response && lm_response->data) {
110	lm_response->data[0]++;
111	}
112	break;
113	case BREAK_NT:
114	if (nt_response && nt_response->data) {
115	nt_response->data[0]++;
116	}
117	break;
118	case BREAK_BOTH:
119	if (lm_response && lm_response->data) {
120	lm_response->data[0]++;
121	}
122	if (nt_response && nt_response->data) {
123	nt_response->data[0]++;
124	}
125	break;
126	case NO_LM:
127	data_blob_free(lm_response);
128	break;
129	case NO_NT:
130	data_blob_free(nt_response);
131	break;
132	}
133
134	if (nt_response) {
135	ninfo.nt.data = nt_response->data;
136	ninfo.nt.length = nt_response->length;
137	} else {
138	ninfo.nt.data = NULL;
139	ninfo.nt.length = 0;
140	}
141
142	if (lm_response) {
143	ninfo.lm.data = lm_response->data;
144	ninfo.lm.length = lm_response->length;
145	} else {
146	ninfo.lm.data = NULL;
147	ninfo.lm.length = 0;
148	}
149
150	switch (samlogon_state->function_level) {
151	case NDR_NETR_LOGONSAMLOGON:
152	ZERO_STRUCT(samlogon_state->auth2);
153	netlogon_creds_client_authenticator(samlogon_state->creds, &samlogon_state->auth);
154
155	r->out.return_authenticator = NULL;
156	status = dcerpc_netr_LogonSamLogon_r(samlogon_state->p->binding_handle,
157	samlogon_state->mem_ctx, r);
158	if (!NT_STATUS_IS_OK(status)) {
159	if (error_string) {
160	*error_string = strdup(nt_errstr(status));
161	}
162	return status;
163	}
164	if (!r->out.return_authenticator \|\|
165	!netlogon_creds_client_check(samlogon_state->creds, &r->out.return_authenticator->cred)) {
166	d_printf("Credential chaining failed\n");
167	}
168	if (!NT_STATUS_IS_OK(r->out.result)) {
169	if (error_string) {
170	*error_string = strdup(nt_errstr(r->out.result));
171	}
172	return r->out.result;
173	}
174
175	validation_level = r->in.validation_level;
176
177	netlogon_creds_decrypt_samlogon(samlogon_state->creds, validation_level, r->out.validation);
178
179	switch (validation_level) {
180	case 2:
181	base = &r->out.validation->sam2->base;
182	break;
183	case 3:
184	base = &r->out.validation->sam3->base;
185	break;
186	case 6:
187	base = &r->out.validation->sam6->base;
188	break;
189	}
190	break;
191	case NDR_NETR_LOGONSAMLOGONEX:
192	status = dcerpc_netr_LogonSamLogonEx_r(samlogon_state->p->binding_handle,
193	samlogon_state->mem_ctx, r_ex);
194	if (!NT_STATUS_IS_OK(status)) {
195	if (error_string) {
196	*error_string = strdup(nt_errstr(status));
197	}
198	return status;
199	}
200	if (!NT_STATUS_IS_OK(r_ex->out.result)) {
201	if (error_string) {
202	*error_string = strdup(nt_errstr(r_ex->out.result));
203	}
204	return r_ex->out.result;
205	}
206
207	validation_level = r_ex->in.validation_level;
208
209	netlogon_creds_decrypt_samlogon(samlogon_state->creds, validation_level, r_ex->out.validation);
210
211	switch (validation_level) {
212	case 2:
213	base = &r_ex->out.validation->sam2->base;
214	break;
215	case 3:
216	base = &r_ex->out.validation->sam3->base;
217	break;
218	case 6:
219	base = &r_ex->out.validation->sam6->base;
220	break;
221	}
222	break;
223	case NDR_NETR_LOGONSAMLOGONWITHFLAGS:
224	ZERO_STRUCT(samlogon_state->auth2);
225	netlogon_creds_client_authenticator(samlogon_state->creds, &samlogon_state->auth);
226
227	r_flags->out.return_authenticator = NULL;
228	status = dcerpc_netr_LogonSamLogonWithFlags_r(samlogon_state->p->binding_handle,
229	samlogon_state->mem_ctx, r_flags);
230	if (!NT_STATUS_IS_OK(status)) {
231	if (error_string) {
232	*error_string = strdup(nt_errstr(status));
233	}
234	return status;
235	}
236	if (!r_flags->out.return_authenticator \|\|
237	!netlogon_creds_client_check(samlogon_state->creds, &r_flags->out.return_authenticator->cred)) {
238	d_printf("Credential chaining failed\n");
239	}
240	if (!NT_STATUS_IS_OK(r_flags->out.result)) {
241	if (error_string) {
242	*error_string = strdup(nt_errstr(r_flags->out.result));
243	}
244	return r_flags->out.result;
245	}
246
247	validation_level = r_flags->in.validation_level;
248
249	netlogon_creds_decrypt_samlogon(samlogon_state->creds, validation_level, r_flags->out.validation);
250
251	switch (validation_level) {
252	case 2:
253	base = &r_flags->out.validation->sam2->base;
254	break;
255	case 3:
256	base = &r_flags->out.validation->sam3->base;
257	break;
258	case 6:
259	base = &r_flags->out.validation->sam6->base;
260	break;
261	}
262	break;
263	default:
264	/* can't happen */
265	return NT_STATUS_INVALID_PARAMETER;
266	}
267
268	if (!base) {
269	d_printf("No user info returned from 'successful' SamLogon*() call!\n");
270	return NT_STATUS_INVALID_PARAMETER;
271	}
272
273	if (user_session_key) {
274	memcpy(user_session_key, base->key.key, 16);
275	}
276	if (lm_key) {
277	memcpy(lm_key, base->LMSessKey.key, 8);
278	}
279
280	return status;
281	}
282
283
284	/*
285	* Test the normal 'LM and NTLM' combination
286	*/
287
288	static bool test_lm_ntlm_broken(struct samlogon_state samlogon_state, enum ntlm_break break_which, char *error_string)
289	{
290	bool pass = true;
291	bool lm_good;
292	NTSTATUS nt_status;
293	DATA_BLOB lm_response = data_blob_talloc(samlogon_state->mem_ctx, NULL, 24);
294	DATA_BLOB nt_response = data_blob_talloc(samlogon_state->mem_ctx, NULL, 24);
295	DATA_BLOB session_key = data_blob_talloc(samlogon_state->mem_ctx, NULL, 16);
296
297	uint8_t lm_key[8];
298	uint8_t user_session_key[16];
299	uint8_t lm_hash[16];
300	uint8_t nt_hash[16];
301
302	ZERO_STRUCT(lm_key);
303	ZERO_STRUCT(user_session_key);
304
305	lm_good = SMBencrypt(samlogon_state->password, samlogon_state->chall.data, lm_response.data);
306	if (!lm_good) {
307	ZERO_STRUCT(lm_hash);
308	} else {
309	E_deshash(samlogon_state->password, lm_hash);
310	}
311
312	SMBNTencrypt(samlogon_state->password, samlogon_state->chall.data, nt_response.data);
313
314	E_md4hash(samlogon_state->password, nt_hash);
315	SMBsesskeygen_ntv1(nt_hash, session_key.data);
316
317	nt_status = check_samlogon(samlogon_state,
318	break_which,
319	samlogon_state->parameter_control,
320	&samlogon_state->chall,
321	&lm_response,
322	&nt_response,
323	lm_key,
324	user_session_key,
325	error_string);
326
327	data_blob_free(&lm_response);
328
329	if (NT_STATUS_EQUAL(NT_STATUS_WRONG_PASSWORD, nt_status)) {
330	/* for 'long' passwords, the LM password is invalid */
331	if (break_which == NO_NT && !lm_good) {
332	return true;
333	}
334	/* for 'old' passwords, we allow the server to be OK or wrong password */
335	if (samlogon_state->old_password) {
336	return true;
337	}
338	return ((break_which == BREAK_NT) \|\| (break_which == BREAK_BOTH));
339	} else if (NT_STATUS_EQUAL(NT_STATUS_NOT_FOUND, nt_status) && strchr_m(samlogon_state->account_name, '@')) {
340	return ((break_which == BREAK_NT) \|\| (break_which == BREAK_BOTH) \|\| (break_which == NO_NT));
341	} else if (!NT_STATUS_EQUAL(samlogon_state->expected_error, nt_status)) {
342	SAFE_FREE(*error_string);
343	asprintf(error_string, "Expected error: %s, got %s", nt_errstr(samlogon_state->expected_error), nt_errstr(nt_status));
344	return false;
345	} else if (NT_STATUS_EQUAL(samlogon_state->expected_error, nt_status) && !NT_STATUS_IS_OK(nt_status)) {
346	return true;
347	} else if (!NT_STATUS_IS_OK(nt_status)) {
348	return false;
349	}
350
351	if (break_which == NO_NT && !lm_good) {
352	*error_string = strdup("LM password is 'long' (> 14 chars and therefore invalid) but login did not fail!");
353	return false;
354	}
355
356	if (memcmp(lm_hash, lm_key,
357	sizeof(lm_key)) != 0) {
358	d_printf("LM Key does not match expectations!\n");
359	d_printf("lm_key:\n");
360	dump_data(1, lm_key, 8);
361	d_printf("expected:\n");
362	dump_data(1, lm_hash, 8);
363	pass = false;
364	}
365
366	switch (break_which) {
367	case NO_NT:
368	{
369	uint8_t lm_key_expected[16];
370	memcpy(lm_key_expected, lm_hash, 8);
371	memset(lm_key_expected+8, '\0', 8);
372	if (memcmp(lm_key_expected, user_session_key,
373	16) != 0) {
374	*error_string = strdup("NT Session Key does not match expectations (should be first-8 LM hash)!\n");
375	d_printf("user_session_key:\n");
376	dump_data(1, user_session_key, sizeof(user_session_key));
377	d_printf("expected:\n");
378	dump_data(1, lm_key_expected, sizeof(lm_key_expected));
379	pass = false;
380	}
381	break;
382	}
383	default:
384	if (memcmp(session_key.data, user_session_key,
385	sizeof(user_session_key)) != 0) {
386	*error_string = strdup("NT Session Key does not match expectations!\n");
387	d_printf("user_session_key:\n");
388	dump_data(1, user_session_key, 16);
389	d_printf("expected:\n");
390	dump_data(1, session_key.data, session_key.length);
391	pass = false;
392	}
393	}
394	return pass;
395	}
396
397	/*
398	* Test LM authentication, no NT response supplied
399	*/
400
401	static bool test_lm(struct samlogon_state samlogon_state, char *error_string)
402	{
403
404	return test_lm_ntlm_broken(samlogon_state, NO_NT, error_string);
405	}
406
407	/*
408	* Test the NTLM response only, no LM.
409	*/
410
411	static bool test_ntlm(struct samlogon_state samlogon_state, char *error_string)
412	{
413	return test_lm_ntlm_broken(samlogon_state, NO_LM, error_string);
414	}
415
416	/*
417	* Test the NTLM response only, but in the LM field.
418	*/
419
420	static bool test_ntlm_in_lm(struct samlogon_state samlogon_state, char *error_string)
421	{
422	bool lm_good;
423	bool pass = true;
424	NTSTATUS nt_status;
425	DATA_BLOB nt_response = data_blob_talloc(samlogon_state->mem_ctx, NULL, 24);
426	DATA_BLOB session_key = data_blob_talloc(samlogon_state->mem_ctx, NULL, 16);
427
428	uint8_t lm_key[8];
429	uint8_t lm_hash[16];
430	uint8_t user_session_key[16];
431	uint8_t nt_hash[16];
432
433	ZERO_STRUCT(lm_key);
434	ZERO_STRUCT(user_session_key);
435
436	SMBNTencrypt(samlogon_state->password, samlogon_state->chall.data,
437	nt_response.data);
438	E_md4hash(samlogon_state->password, nt_hash);
439	SMBsesskeygen_ntv1(nt_hash,
440	session_key.data);
441
442	lm_good = E_deshash(samlogon_state->password, lm_hash);
443	if (!lm_good) {
444	ZERO_STRUCT(lm_hash);
445	}
446	nt_status = check_samlogon(samlogon_state,
447	BREAK_NONE,
448	samlogon_state->parameter_control,
449	&samlogon_state->chall,
450	&nt_response,
451	NULL,
452	lm_key,
453	user_session_key,
454	error_string);
455
456	if (NT_STATUS_EQUAL(NT_STATUS_WRONG_PASSWORD, nt_status)) {
457	/* for 'old' passwords, we allow the server to be OK or wrong password */
458	if (samlogon_state->old_password) {
459	return true;
460	}
461	return false;
462	} else if (!NT_STATUS_EQUAL(samlogon_state->expected_error, nt_status)) {
463	SAFE_FREE(*error_string);
464	asprintf(error_string, "Expected error: %s, got %s", nt_errstr(samlogon_state->expected_error), nt_errstr(nt_status));
465	return false;
466	} else if (NT_STATUS_EQUAL(samlogon_state->expected_error, nt_status) && !NT_STATUS_IS_OK(nt_status)) {
467	return true;
468	} else if (!NT_STATUS_IS_OK(nt_status)) {
469	return false;
470	}
471
472	if (lm_good) {
473	if (memcmp(lm_hash, lm_key,
474	sizeof(lm_key)) != 0) {
475	d_printf("LM Key does not match expectations!\n");
476	d_printf("lm_key:\n");
477	dump_data(1, lm_key, 8);
478	d_printf("expected:\n");
479	dump_data(1, lm_hash, 8);
480	pass = false;
481	}
482	#if 0
483	} else {
484	if (memcmp(session_key.data, lm_key,
485	sizeof(lm_key)) != 0) {
486	d_printf("LM Key does not match expectations (first 8 session key)!\n");
487	d_printf("lm_key:\n");
488	dump_data(1, lm_key, 8);
489	d_printf("expected:\n");
490	dump_data(1, session_key.data, 8);
491	pass = false;
492	}
493	#endif
494	}
495	if (lm_good && memcmp(lm_hash, user_session_key, 8) != 0) {
496	uint8_t lm_key_expected[16];
497	memcpy(lm_key_expected, lm_hash, 8);
498	memset(lm_key_expected+8, '\0', 8);
499	if (memcmp(lm_key_expected, user_session_key,
500	16) != 0) {
501	d_printf("NT Session Key does not match expectations (should be first-8 LM hash)!\n");
502	d_printf("user_session_key:\n");
503	dump_data(1, user_session_key, sizeof(user_session_key));
504	d_printf("expected:\n");
505	dump_data(1, lm_key_expected, sizeof(lm_key_expected));
506	pass = false;
507	}
508	}
509	return pass;
510	}
511
512	/*
513	* Test the NTLM response only, but in the both the NT and LM fields.
514	*/
515
516	static bool test_ntlm_in_both(struct samlogon_state samlogon_state, char *error_string)
517	{
518	bool pass = true;
519	bool lm_good;
520	NTSTATUS nt_status;
521	DATA_BLOB nt_response = data_blob_talloc(samlogon_state->mem_ctx, NULL, 24);
522	DATA_BLOB session_key = data_blob_talloc(samlogon_state->mem_ctx, NULL, 16);
523
524	uint8_t lm_key[8];
525	uint8_t lm_hash[16];
526	uint8_t user_session_key[16];
527	uint8_t nt_hash[16];
528
529	ZERO_STRUCT(lm_key);
530	ZERO_STRUCT(user_session_key);
531
532	SMBNTencrypt(samlogon_state->password, samlogon_state->chall.data,
533	nt_response.data);
534	E_md4hash(samlogon_state->password, nt_hash);
535	SMBsesskeygen_ntv1(nt_hash,
536	session_key.data);
537
538	lm_good = E_deshash(samlogon_state->password, lm_hash);
539	if (!lm_good) {
540	ZERO_STRUCT(lm_hash);
541	}
542
543	nt_status = check_samlogon(samlogon_state,
544	BREAK_NONE,
545	samlogon_state->parameter_control,
546	&samlogon_state->chall,
547	NULL,
548	&nt_response,
549	lm_key,
550	user_session_key,
551	error_string);
552
553	if (NT_STATUS_EQUAL(NT_STATUS_WRONG_PASSWORD, nt_status)) {
554	/* for 'old' passwords, we allow the server to be OK or wrong password */
555	if (samlogon_state->old_password) {
556	return true;
557	}
558	return false;
559	} else if (!NT_STATUS_EQUAL(samlogon_state->expected_error, nt_status)) {
560	SAFE_FREE(*error_string);
561	asprintf(error_string, "Expected error: %s, got %s", nt_errstr(samlogon_state->expected_error), nt_errstr(nt_status));
562	return false;
563	} else if (NT_STATUS_EQUAL(samlogon_state->expected_error, nt_status) && !NT_STATUS_IS_OK(nt_status)) {
564	return true;
565	} else if (!NT_STATUS_IS_OK(nt_status)) {
566	return false;
567	}
568
569	if (!NT_STATUS_IS_OK(nt_status)) {
570	return false;
571	}
572
573	if (memcmp(lm_hash, lm_key,
574	sizeof(lm_key)) != 0) {
575	d_printf("LM Key does not match expectations!\n");
576	d_printf("lm_key:\n");
577	dump_data(1, lm_key, 8);
578	d_printf("expected:\n");
579	dump_data(1, lm_hash, 8);
580	pass = false;
581	}
582	if (memcmp(session_key.data, user_session_key,
583	sizeof(user_session_key)) != 0) {
584	d_printf("NT Session Key does not match expectations!\n");
585	d_printf("user_session_key:\n");
586	dump_data(1, user_session_key, 16);
587	d_printf("expected:\n");
588	dump_data(1, session_key.data, session_key.length);
589	pass = false;
590	}
591
592
593	return pass;
594	}
595
596	/*
597	* Test the NTLMv2 and LMv2 responses
598	*/
599
600	enum ntlmv2_domain {
601	UPPER_DOMAIN,
602	NO_DOMAIN
603	};
604
605	static bool test_lmv2_ntlmv2_broken(struct samlogon_state *samlogon_state,
606	enum ntlm_break break_which,
607	enum ntlmv2_domain ntlmv2_domain,
608	char **error_string)
609	{
610	bool pass = true;
611	NTSTATUS nt_status;
612	DATA_BLOB ntlmv2_response = data_blob(NULL, 0);
613	DATA_BLOB lmv2_response = data_blob(NULL, 0);
614	DATA_BLOB lmv2_session_key = data_blob(NULL, 0);
615	DATA_BLOB ntlmv2_session_key = data_blob(NULL, 0);
616	DATA_BLOB names_blob = NTLMv2_generate_names_blob(samlogon_state->mem_ctx, TEST_MACHINE_NAME, samlogon_state->workgroup);
617
618	uint8_t lm_session_key[8];
619	uint8_t user_session_key[16];
620
621	ZERO_STRUCT(lm_session_key);
622	ZERO_STRUCT(user_session_key);
623
624	switch (ntlmv2_domain) {
625	case UPPER_DOMAIN:
626	if (!SMBNTLMv2encrypt(samlogon_state->mem_ctx,
627	samlogon_state->account_name, samlogon_state->account_domain,
628	samlogon_state->password, &samlogon_state->chall,
629	&names_blob,
630	&lmv2_response, &ntlmv2_response,
631	&lmv2_session_key, &ntlmv2_session_key)) {
632	data_blob_free(&names_blob);
633	return false;
634	}
635	break;
636	case NO_DOMAIN:
637	if (!SMBNTLMv2encrypt(samlogon_state->mem_ctx,
638	samlogon_state->account_name, "",
639	samlogon_state->password, &samlogon_state->chall,
640	&names_blob,
641	&lmv2_response, &ntlmv2_response,
642	&lmv2_session_key, &ntlmv2_session_key)) {
643	data_blob_free(&names_blob);
644	return false;
645	}
646	break;
647	}
648	data_blob_free(&names_blob);
649
650	nt_status = check_samlogon(samlogon_state,
651	break_which,
652	samlogon_state->parameter_control,
653	&samlogon_state->chall,
654	&lmv2_response,
655	&ntlmv2_response,
656	lm_session_key,
657	user_session_key,
658	error_string);
659
660	data_blob_free(&lmv2_response);
661	data_blob_free(&ntlmv2_response);
662
663
664	if (NT_STATUS_EQUAL(NT_STATUS_WRONG_PASSWORD, nt_status)) {
665	/* for 'old' passwords, we allow the server to be OK or wrong password */
666	if (samlogon_state->old_password) {
667	return true;
668	}
669	return break_which == BREAK_BOTH;
670	} else if (NT_STATUS_EQUAL(NT_STATUS_NOT_FOUND, nt_status) && strchr_m(samlogon_state->account_name, '@')) {
671	return ((break_which == BREAK_NT) \|\| (break_which == BREAK_BOTH) \|\| (break_which == NO_NT));
672	} else if (!NT_STATUS_EQUAL(samlogon_state->expected_error, nt_status)) {
673	SAFE_FREE(*error_string);
674	asprintf(error_string, "Expected error: %s, got %s", nt_errstr(samlogon_state->expected_error), nt_errstr(nt_status));
675	return false;
676	} else if (NT_STATUS_EQUAL(samlogon_state->expected_error, nt_status) && !NT_STATUS_IS_OK(nt_status)) {
677	return true;
678	} else if (!NT_STATUS_IS_OK(nt_status)) {
679	return false;
680	}
681
682
683	switch (break_which) {
684	case NO_NT:
685	if (memcmp(lmv2_session_key.data, user_session_key,
686	sizeof(user_session_key)) != 0) {
687	d_printf("USER (LMv2) Session Key does not match expectations!\n");
688	d_printf("user_session_key:\n");
689	dump_data(1, user_session_key, 16);
690	d_printf("expected:\n");
691	dump_data(1, lmv2_session_key.data, ntlmv2_session_key.length);
692	pass = false;
693	}
694	if (memcmp(lmv2_session_key.data, lm_session_key,
695	sizeof(lm_session_key)) != 0) {
696	d_printf("LM (LMv2) Session Key does not match expectations!\n");
697	d_printf("lm_session_key:\n");
698	dump_data(1, lm_session_key, 8);
699	d_printf("expected:\n");
700	dump_data(1, lmv2_session_key.data, 8);
701	pass = false;
702	}
703	break;
704	default:
705	if (memcmp(ntlmv2_session_key.data, user_session_key,
706	sizeof(user_session_key)) != 0) {
707	if (memcmp(lmv2_session_key.data, user_session_key,
708	sizeof(user_session_key)) == 0) {
709	d_printf("USER (NTLMv2) Session Key expected, got LMv2 sessesion key instead:\n");
710	d_printf("user_session_key:\n");
711	dump_data(1, user_session_key, 16);
712	d_printf("expected:\n");
713	dump_data(1, ntlmv2_session_key.data, ntlmv2_session_key.length);
714	pass = false;
715
716	} else {
717	d_printf("USER (NTLMv2) Session Key does not match expectations!\n");
718	d_printf("user_session_key:\n");
719	dump_data(1, user_session_key, 16);
720	d_printf("expected:\n");
721	dump_data(1, ntlmv2_session_key.data, ntlmv2_session_key.length);
722	pass = false;
723	}
724	}
725	if (memcmp(ntlmv2_session_key.data, lm_session_key,
726	sizeof(lm_session_key)) != 0) {
727	if (memcmp(lmv2_session_key.data, lm_session_key,
728	sizeof(lm_session_key)) == 0) {
729	d_printf("LM (NTLMv2) Session Key expected, got LMv2 sessesion key instead:\n");
730	d_printf("user_session_key:\n");
731	dump_data(1, lm_session_key, 8);
732	d_printf("expected:\n");
733	dump_data(1, ntlmv2_session_key.data, 8);
734	pass = false;
735	} else {
736	d_printf("LM (NTLMv2) Session Key does not match expectations!\n");
737	d_printf("lm_session_key:\n");
738	dump_data(1, lm_session_key, 8);
739	d_printf("expected:\n");
740	dump_data(1, ntlmv2_session_key.data, 8);
741	pass = false;
742	}
743	}
744	}
745
746	return pass;
747	}
748
749	/*
750	* Test the NTLM and LMv2 responses
751	*/
752
753	static bool test_lmv2_ntlm_broken(struct samlogon_state *samlogon_state,
754	enum ntlm_break break_which,
755	enum ntlmv2_domain ntlmv2_domain,
756	char **error_string)
757	{
758	bool pass = true;
759	NTSTATUS nt_status;
760	DATA_BLOB ntlmv2_response = data_blob(NULL, 0);
761	DATA_BLOB lmv2_response = data_blob(NULL, 0);
762	DATA_BLOB lmv2_session_key = data_blob(NULL, 0);
763	DATA_BLOB ntlmv2_session_key = data_blob(NULL, 0);
764	DATA_BLOB names_blob = NTLMv2_generate_names_blob(samlogon_state->mem_ctx, samlogon_state->netbios_name, samlogon_state->workgroup);
765
766	DATA_BLOB ntlm_response = data_blob_talloc(samlogon_state->mem_ctx, NULL, 24);
767	DATA_BLOB ntlm_session_key = data_blob_talloc(samlogon_state->mem_ctx, NULL, 16);
768
769	bool lm_good;
770	uint8_t lm_hash[16];
771	uint8_t lm_session_key[8];
772	uint8_t user_session_key[16];
773	uint8_t nt_hash[16];
774
775	SMBNTencrypt(samlogon_state->password, samlogon_state->chall.data,
776	ntlm_response.data);
777	E_md4hash(samlogon_state->password, nt_hash);
778	SMBsesskeygen_ntv1(nt_hash,
779	ntlm_session_key.data);
780
781	lm_good = E_deshash(samlogon_state->password, lm_hash);
782	if (!lm_good) {
783	ZERO_STRUCT(lm_hash);
784	}
785
786	ZERO_STRUCT(lm_session_key);
787	ZERO_STRUCT(user_session_key);
788
789	switch (ntlmv2_domain) {
790	case UPPER_DOMAIN:
791	/* TODO - test with various domain cases, and without domain */
792	if (!SMBNTLMv2encrypt(samlogon_state->mem_ctx,
793	samlogon_state->account_name, samlogon_state->account_domain,
794	samlogon_state->password, &samlogon_state->chall,
795	&names_blob,
796	&lmv2_response, &ntlmv2_response,
797	&lmv2_session_key, &ntlmv2_session_key)) {
798	data_blob_free(&names_blob);
799	return false;
800	}
801	break;
802	case NO_DOMAIN:
803	/* TODO - test with various domain cases, and without domain */
804	if (!SMBNTLMv2encrypt(samlogon_state->mem_ctx,
805	samlogon_state->account_name, "",
806	samlogon_state->password, &samlogon_state->chall,
807	&names_blob,
808	&lmv2_response, &ntlmv2_response,
809	&lmv2_session_key, &ntlmv2_session_key)) {
810	data_blob_free(&names_blob);
811	return false;
812	}
813	break;
814	}
815
816	data_blob_free(&names_blob);
817
818	nt_status = check_samlogon(samlogon_state,
819	break_which,
820	samlogon_state->parameter_control,
821	&samlogon_state->chall,
822	&lmv2_response,
823	&ntlm_response,
824	lm_session_key,
825	user_session_key,
826	error_string);
827
828	data_blob_free(&lmv2_response);
829	data_blob_free(&ntlmv2_response);
830
831
832	if (NT_STATUS_EQUAL(NT_STATUS_WRONG_PASSWORD, nt_status)) {
833	/* for 'old' passwords, we allow the server to be OK or wrong password */
834	if (samlogon_state->old_password) {
835	return true;
836	}
837	return ((break_which == BREAK_NT) \|\| (break_which == BREAK_BOTH));
838	} else if (NT_STATUS_EQUAL(NT_STATUS_NOT_FOUND, nt_status) && strchr_m(samlogon_state->account_name, '@')) {
839	return ((break_which == BREAK_NT) \|\| (break_which == BREAK_BOTH));
840	} else if (!NT_STATUS_EQUAL(samlogon_state->expected_error, nt_status)) {
841	SAFE_FREE(*error_string);
842	asprintf(error_string, "Expected error: %s, got %s", nt_errstr(samlogon_state->expected_error), nt_errstr(nt_status));
843	return false;
844	} else if (NT_STATUS_EQUAL(samlogon_state->expected_error, nt_status) && !NT_STATUS_IS_OK(nt_status)) {
845	return true;
846	} else if (!NT_STATUS_IS_OK(nt_status)) {
847	return false;
848	}
849
850	switch (break_which) {
851	case NO_NT:
852	if (memcmp(lmv2_session_key.data, user_session_key,
853	sizeof(user_session_key)) != 0) {
854	d_printf("USER (LMv2) Session Key does not match expectations!\n");
855	d_printf("user_session_key:\n");
856	dump_data(1, user_session_key, 16);
857	d_printf("expected:\n");
858	dump_data(1, lmv2_session_key.data, ntlmv2_session_key.length);
859	pass = false;
860	}
861	if (memcmp(lmv2_session_key.data, lm_session_key,
862	sizeof(lm_session_key)) != 0) {
863	d_printf("LM (LMv2) Session Key does not match expectations!\n");
864	d_printf("lm_session_key:\n");
865	dump_data(1, lm_session_key, 8);
866	d_printf("expected:\n");
867	dump_data(1, lmv2_session_key.data, 8);
868	pass = false;
869	}
870	break;
871	case BREAK_LM:
872	if (memcmp(ntlm_session_key.data, user_session_key,
873	sizeof(user_session_key)) != 0) {
874	d_printf("USER (NTLMv2) Session Key does not match expectations!\n");
875	d_printf("user_session_key:\n");
876	dump_data(1, user_session_key, 16);
877	d_printf("expected:\n");
878	dump_data(1, ntlm_session_key.data, ntlm_session_key.length);
879	pass = false;
880	}
881	if (lm_good) {
882	if (memcmp(lm_hash, lm_session_key,
883	sizeof(lm_session_key)) != 0) {
884	d_printf("LM Session Key does not match expectations!\n");
885	d_printf("lm_session_key:\n");
886	dump_data(1, lm_session_key, 8);
887	d_printf("expected:\n");
888	dump_data(1, lm_hash, 8);
889	pass = false;
890	}
891	} else {
892	static const uint8_t zeros[8];
893	if (memcmp(zeros, lm_session_key,
894	sizeof(lm_session_key)) != 0) {
895	d_printf("LM Session Key does not match expectations (zeros)!\n");
896	d_printf("lm_session_key:\n");
897	dump_data(1, lm_session_key, 8);
898	d_printf("expected:\n");
899	dump_data(1, zeros, 8);
900	pass = false;
901	}
902	}
903	break;
904	default:
905	if (memcmp(ntlm_session_key.data, user_session_key,
906	sizeof(user_session_key)) != 0) {
907	d_printf("USER (NTLMv2) Session Key does not match expectations!\n");
908	d_printf("user_session_key:\n");
909	dump_data(1, user_session_key, 16);
910	d_printf("expected:\n");
911	dump_data(1, ntlm_session_key.data, ntlm_session_key.length);
912	pass = false;
913	}
914	if (memcmp(ntlm_session_key.data, lm_session_key,
915	sizeof(lm_session_key)) != 0) {
916	d_printf("LM (NTLMv2) Session Key does not match expectations!\n");
917	d_printf("lm_session_key:\n");
918	dump_data(1, lm_session_key, 8);
919	d_printf("expected:\n");
920	dump_data(1, ntlm_session_key.data, 8);
921	pass = false;
922	}
923	}
924
925	return pass;
926	}
927
928	/*
929	* Test the NTLMv2 and LMv2 responses
930	*/
931
932	static bool test_lmv2_ntlmv2(struct samlogon_state samlogon_state, char *error_string)
933	{
934	return test_lmv2_ntlmv2_broken(samlogon_state, BREAK_NONE, UPPER_DOMAIN, error_string);
935	}
936
937	#if 0
938	static bool test_lmv2_ntlmv2_no_dom(struct samlogon_state samlogon_state, char *error_string)
939	{
940	return test_lmv2_ntlmv2_broken(samlogon_state, BREAK_NONE, NO_DOMAIN, error_string);
941	}
942	#endif
943
944	/*
945	* Test the LMv2 response only
946	*/
947
948	static bool test_lmv2(struct samlogon_state samlogon_state, char *error_string)
949	{
950	return test_lmv2_ntlmv2_broken(samlogon_state, NO_NT, UPPER_DOMAIN, error_string);
951	}
952
953	static bool test_lmv2_no_dom(struct samlogon_state samlogon_state, char *error_string)
954	{
955	return test_lmv2_ntlmv2_broken(samlogon_state, NO_NT, NO_DOMAIN, error_string);
956	}
957
958	/*
959	* Test the NTLMv2 response only
960	*/
961
962	static bool test_ntlmv2(struct samlogon_state samlogon_state, char *error_string)
963	{
964	return test_lmv2_ntlmv2_broken(samlogon_state, NO_LM, UPPER_DOMAIN, error_string);
965	}
966
967	static bool test_ntlmv2_no_dom(struct samlogon_state samlogon_state, char *error_string)
968	{
969	return test_lmv2_ntlmv2_broken(samlogon_state, NO_LM, NO_DOMAIN, error_string);
970	}
971
972	static bool test_lm_ntlm(struct samlogon_state samlogon_state, char *error_string)
973	{
974	return test_lm_ntlm_broken(samlogon_state, BREAK_NONE, error_string);
975	}
976
977	static bool test_ntlm_lm_broken(struct samlogon_state samlogon_state, char *error_string)
978	{
979	return test_lm_ntlm_broken(samlogon_state, BREAK_LM, error_string);
980	}
981
982	static bool test_ntlm_ntlm_broken(struct samlogon_state samlogon_state, char *error_string)
983	{
984	return test_lm_ntlm_broken(samlogon_state, BREAK_NT, error_string);
985	}
986
987	static bool test_lm_ntlm_both_broken(struct samlogon_state samlogon_state, char *error_string)
988	{
989	return test_lm_ntlm_broken(samlogon_state, BREAK_BOTH, error_string);
990	}
991	static bool test_ntlmv2_lmv2_broken(struct samlogon_state samlogon_state, char *error_string)
992	{
993	return test_lmv2_ntlmv2_broken(samlogon_state, BREAK_LM, UPPER_DOMAIN, error_string);
994	}
995
996	static bool test_ntlmv2_lmv2_broken_no_dom(struct samlogon_state samlogon_state, char *error_string)
997	{
998	return test_lmv2_ntlmv2_broken(samlogon_state, BREAK_LM, NO_DOMAIN, error_string);
999	}
1000
1001	static bool test_ntlmv2_ntlmv2_broken(struct samlogon_state samlogon_state, char *error_string)
1002	{
1003	return test_lmv2_ntlmv2_broken(samlogon_state, BREAK_NT, UPPER_DOMAIN, error_string);
1004	}
1005
1006	#if 0
1007	static bool test_ntlmv2_ntlmv2_broken_no_dom(struct samlogon_state samlogon_state, char *error_string)
1008	{
1009	return test_lmv2_ntlmv2_broken(samlogon_state, BREAK_NT, NO_DOMAIN, error_string);
1010	}
1011	#endif
1012
1013	static bool test_ntlmv2_both_broken(struct samlogon_state samlogon_state, char *error_string)
1014	{
1015	return test_lmv2_ntlmv2_broken(samlogon_state, BREAK_BOTH, UPPER_DOMAIN, error_string);
1016	}
1017
1018	static bool test_ntlmv2_both_broken_no_dom(struct samlogon_state samlogon_state, char *error_string)
1019	{
1020	return test_lmv2_ntlmv2_broken(samlogon_state, BREAK_BOTH, NO_DOMAIN, error_string);
1021	}
1022
1023	static bool test_lmv2_ntlm_both_broken(struct samlogon_state samlogon_state, char *error_string)
1024	{
1025	return test_lmv2_ntlm_broken(samlogon_state, BREAK_BOTH, UPPER_DOMAIN, error_string);
1026	}
1027
1028	static bool test_lmv2_ntlm_both_broken_no_dom(struct samlogon_state samlogon_state, char *error_string)
1029	{
1030	return test_lmv2_ntlm_broken(samlogon_state, BREAK_BOTH, NO_DOMAIN, error_string);
1031	}
1032
1033	static bool test_lmv2_ntlm_break_ntlm(struct samlogon_state samlogon_state, char *error_string)
1034	{
1035	return test_lmv2_ntlm_broken(samlogon_state, BREAK_NT, UPPER_DOMAIN, error_string);
1036	}
1037
1038	static bool test_lmv2_ntlm_break_ntlm_no_dom(struct samlogon_state samlogon_state, char *error_string)
1039	{
1040	return test_lmv2_ntlm_broken(samlogon_state, BREAK_NT, NO_DOMAIN, error_string);
1041	}
1042
1043	static bool test_lmv2_ntlm_break_lm(struct samlogon_state samlogon_state, char *error_string)
1044	{
1045	return test_lmv2_ntlm_broken(samlogon_state, BREAK_LM, UPPER_DOMAIN, error_string);
1046	}
1047
1048	static bool test_lmv2_ntlm_break_lm_no_dom(struct samlogon_state samlogon_state, char *error_string)
1049	{
1050	return test_lmv2_ntlm_broken(samlogon_state, BREAK_LM, NO_DOMAIN, error_string);
1051	}
1052
1053	/*
1054	* Test the NTLM2 response (extra challenge in LM feild)
1055	*
1056	* This test is the same as the 'break LM' test, but checks that the
1057	* server implements NTLM2 session security in the right place
1058	* (NETLOGON is the wrong place).
1059	*/
1060
1061	static bool test_ntlm2(struct samlogon_state samlogon_state, char *error_string)
1062	{
1063	bool pass = true;
1064	NTSTATUS nt_status;
1065	DATA_BLOB lm_response = data_blob_talloc(samlogon_state->mem_ctx, NULL, 24);
1066	DATA_BLOB nt_response = data_blob_talloc(samlogon_state->mem_ctx, NULL, 24);
1067
1068	bool lm_good;
1069	uint8_t lm_key[8];
1070	uint8_t nt_hash[16];
1071	uint8_t lm_hash[16];
1072	uint8_t nt_key[16];
1073	uint8_t user_session_key[16];
1074	uint8_t expected_user_session_key[16];
1075	uint8_t session_nonce_hash[16];
1076	uint8_t client_chall[8];
1077
1078	MD5_CTX md5_session_nonce_ctx;
1079	HMACMD5Context hmac_ctx;
1080
1081	ZERO_STRUCT(user_session_key);
1082	ZERO_STRUCT(lm_key);
1083	generate_random_buffer(client_chall, 8);
1084
1085	MD5Init(&md5_session_nonce_ctx);
1086	MD5Update(&md5_session_nonce_ctx, samlogon_state->chall.data, 8);
1087	MD5Update(&md5_session_nonce_ctx, client_chall, 8);
1088	MD5Final(session_nonce_hash, &md5_session_nonce_ctx);
1089
1090	E_md4hash(samlogon_state->password, (uint8_t *)nt_hash);
1091	lm_good = E_deshash(samlogon_state->password, (uint8_t *)lm_hash);
1092	SMBsesskeygen_ntv1((const uint8_t *)nt_hash,
1093	nt_key);
1094
1095	SMBNTencrypt(samlogon_state->password, samlogon_state->chall.data, nt_response.data);
1096
1097	memcpy(lm_response.data, session_nonce_hash, 8);
1098	memset(lm_response.data + 8, 0, 16);
1099
1100	hmac_md5_init_rfc2104(nt_key, 16, &hmac_ctx);
1101	hmac_md5_update(samlogon_state->chall.data, 8, &hmac_ctx);
1102	hmac_md5_update(client_chall, 8, &hmac_ctx);
1103	hmac_md5_final(expected_user_session_key, &hmac_ctx);
1104
1105	nt_status = check_samlogon(samlogon_state,
1106	BREAK_NONE,
1107	samlogon_state->parameter_control,
1108	&samlogon_state->chall,
1109	&lm_response,
1110	&nt_response,
1111	lm_key,
1112	user_session_key,
1113	error_string);
1114
1115	if (NT_STATUS_EQUAL(NT_STATUS_WRONG_PASSWORD, nt_status)) {
1116	/* for 'old' passwords, we allow the server to be OK or wrong password */
1117	if (samlogon_state->old_password) {
1118	return true;
1119	}
1120	return false;
1121	} else if (!NT_STATUS_EQUAL(samlogon_state->expected_error, nt_status)) {
1122	SAFE_FREE(*error_string);
1123	asprintf(error_string, "Expected error: %s, got %s", nt_errstr(samlogon_state->expected_error), nt_errstr(nt_status));
1124	return false;
1125	} else if (NT_STATUS_EQUAL(samlogon_state->expected_error, nt_status) && !NT_STATUS_IS_OK(nt_status)) {
1126	return true;
1127	} else if (!NT_STATUS_IS_OK(nt_status)) {
1128	return false;
1129	}
1130
1131	if (lm_good) {
1132	if (memcmp(lm_hash, lm_key,
1133	sizeof(lm_key)) != 0) {
1134	d_printf("LM Key does not match expectations!\n");
1135	d_printf("lm_key:\n");
1136	dump_data(1, lm_key, 8);
1137	d_printf("expected:\n");
1138	dump_data(1, lm_hash, 8);
1139	pass = false;
1140	}
1141	} else {
1142	static const uint8_t zeros[8];
1143	if (memcmp(zeros, lm_key,
1144	sizeof(lm_key)) != 0) {
1145	d_printf("LM Session Key does not match expectations (zeros)!\n");
1146	d_printf("lm_key:\n");
1147	dump_data(1, lm_key, 8);
1148	d_printf("expected:\n");
1149	dump_data(1, zeros, 8);
1150	pass = false;
1151	}
1152	}
1153	if (memcmp(nt_key, user_session_key, 16) != 0) {
1154	d_printf("NT Session Key does not match expectations (should be NT Key)!\n");
1155	d_printf("user_session_key:\n");
1156	dump_data(1, user_session_key, sizeof(user_session_key));
1157	d_printf("expected:\n");
1158	dump_data(1, nt_key, sizeof(nt_key));
1159	pass = false;
1160	}
1161	return pass;
1162	}
1163
1164	static bool test_plaintext(struct samlogon_state samlogon_state, enum ntlm_break break_which, char *error_string)
1165	{
1166	NTSTATUS nt_status;
1167	DATA_BLOB nt_response = data_blob(NULL, 0);
1168	DATA_BLOB lm_response = data_blob(NULL, 0);
1169	char *password;
1170	char *dospw;
1171	smb_ucs2_t *unicodepw;
1172
1173	uint8_t user_session_key[16];
1174	uint8_t lm_key[16];
1175	uint8_t lm_hash[16];
1176	static const uint8_t zeros[8];
1177	DATA_BLOB chall = data_blob_talloc(samlogon_state->mem_ctx, zeros, sizeof(zeros));
1178	bool lm_good = E_deshash(samlogon_state->password, lm_hash);
1179
1180	ZERO_STRUCT(user_session_key);
1181
1182	if (!push_ucs2_talloc(samlogon_state->mem_ctx,
1183	&unicodepw, samlogon_state->password, NULL)) {
1184	DEBUG(0, ("push_ucs2_allocate failed!\n"));
1185	exit(1);
1186	}
1187
1188	nt_response = data_blob_talloc(samlogon_state->mem_ctx, unicodepw, strlen_m(samlogon_state->password)*2);
1189
1190	password = strupper_talloc(samlogon_state->mem_ctx, samlogon_state->password);
1191
1192	if (!convert_string_talloc(samlogon_state->mem_ctx,
1193	CH_UNIX, CH_DOS,
1194	password, strlen(password)+1,
1195	(void**)&dospw, NULL, false)) {
1196	DEBUG(0, ("convert_string_talloc failed!\n"));
1197	exit(1);
1198	}
1199
1200	lm_response = data_blob_talloc(samlogon_state->mem_ctx, dospw, strlen(dospw));
1201
1202	nt_status = check_samlogon(samlogon_state,
1203	break_which,
1204	samlogon_state->parameter_control \| MSV1_0_CLEARTEXT_PASSWORD_ALLOWED,
1205	&chall,
1206	&lm_response,
1207	&nt_response,
1208	lm_key,
1209	user_session_key,
1210	error_string);
1211
1212	if (NT_STATUS_EQUAL(NT_STATUS_WRONG_PASSWORD, nt_status)) {
1213	/* for 'old' passwords, we allow the server to be OK or wrong password */
1214	if (samlogon_state->old_password) {
1215	return true;
1216	}
1217	/* for 'long' passwords, the LM password is invalid */
1218	if (break_which == NO_NT && !lm_good) {
1219	return true;
1220	}
1221	return ((break_which == BREAK_NT) \|\| (break_which == BREAK_BOTH));
1222	} else if (NT_STATUS_EQUAL(NT_STATUS_NOT_FOUND, nt_status) && strchr_m(samlogon_state->account_name, '@')) {
1223	return ((break_which == BREAK_NT) \|\| (break_which == BREAK_BOTH) \|\| (break_which == NO_NT));
1224	} else if (!NT_STATUS_EQUAL(samlogon_state->expected_error, nt_status)) {
1225	SAFE_FREE(*error_string);
1226	asprintf(error_string, "Expected error: %s, got %s", nt_errstr(samlogon_state->expected_error), nt_errstr(nt_status));
1227	return false;
1228	} else if (NT_STATUS_EQUAL(samlogon_state->expected_error, nt_status) && !NT_STATUS_IS_OK(nt_status)) {
1229	return true;
1230	} else if (!NT_STATUS_IS_OK(nt_status)) {
1231	return false;
1232	}
1233
1234	if (break_which == NO_NT && !lm_good) {
1235	*error_string = strdup("LM password is 'long' (> 14 chars and therefore invalid) but login did not fail!");
1236	return false;
1237	}
1238
1239	return true;
1240	}
1241
1242	static bool test_plaintext_none_broken(struct samlogon_state *samlogon_state,
1243	char **error_string) {
1244	return test_plaintext(samlogon_state, BREAK_NONE, error_string);
1245	}
1246
1247	static bool test_plaintext_lm_broken(struct samlogon_state *samlogon_state,
1248	char **error_string) {
1249	return test_plaintext(samlogon_state, BREAK_LM, error_string);
1250	}
1251
1252	static bool test_plaintext_nt_broken(struct samlogon_state *samlogon_state,
1253	char **error_string) {
1254	return test_plaintext(samlogon_state, BREAK_NT, error_string);
1255	}
1256
1257	static bool test_plaintext_nt_only(struct samlogon_state *samlogon_state,
1258	char **error_string) {
1259	return test_plaintext(samlogon_state, NO_LM, error_string);
1260	}
1261
1262	static bool test_plaintext_lm_only(struct samlogon_state *samlogon_state,
1263	char **error_string) {
1264	return test_plaintext(samlogon_state, NO_NT, error_string);
1265	}
1266
1267	/*
1268	Tests:
1269
1270	- LM only
1271	- NT and LM
1272	- NT
1273	- NT in LM field
1274	- NT in both fields
1275	- NTLMv2
1276	- NTLMv2 and LMv2
1277	- LMv2
1278	- plaintext tests (in challenge-response fields)
1279
1280	check we get the correct session key in each case
1281	check what values we get for the LM session key
1282
1283	*/
1284
1285	static const struct ntlm_tests {
1286	bool (fn)(struct samlogon_state , char **);
1287	const char *name;
1288	bool expect_fail;
1289	} test_table[] = {
1290	{test_lmv2_ntlmv2, "NTLMv2 and LMv2", false},
1291	#if 0
1292	{test_lmv2_ntlmv2_no_dom, "NTLMv2 and LMv2 (no domain)", false},
1293	#endif
1294	{test_lm, "LM", false},
1295	{test_lm_ntlm, "LM and NTLM", false},
1296	{test_lm_ntlm_both_broken, "LM and NTLM, both broken", false},
1297	{test_ntlm, "NTLM", false},
1298	{test_ntlm_in_lm, "NTLM in LM", false},
1299	{test_ntlm_in_both, "NTLM in both", false},
1300	{test_ntlmv2, "NTLMv2", false},
1301	{test_ntlmv2_no_dom, "NTLMv2 (no domain)", false},
1302	{test_lmv2, "LMv2", false},
1303	{test_lmv2_no_dom, "LMv2 (no domain)", false},
1304	{test_ntlmv2_lmv2_broken, "NTLMv2 and LMv2, LMv2 broken", false},
1305	{test_ntlmv2_lmv2_broken_no_dom, "NTLMv2 and LMv2, LMv2 broken (no domain)", false},
1306	{test_ntlmv2_ntlmv2_broken, "NTLMv2 and LMv2, NTLMv2 broken", false},
1307	#if 0
1308	{test_ntlmv2_ntlmv2_broken_no_dom, "NTLMv2 and LMv2, NTLMv2 broken (no domain)", false},
1309	#endif
1310	{test_ntlmv2_both_broken, "NTLMv2 and LMv2, both broken", false},
1311	{test_ntlmv2_both_broken_no_dom, "NTLMv2 and LMv2, both broken (no domain)", false},
1312	{test_ntlm_lm_broken, "NTLM and LM, LM broken", false},
1313	{test_ntlm_ntlm_broken, "NTLM and LM, NTLM broken", false},
1314	{test_ntlm2, "NTLM2 (NTLMv2 session security)", false},
1315	{test_lmv2_ntlm_both_broken, "LMv2 and NTLM, both broken", false},
1316	{test_lmv2_ntlm_both_broken_no_dom, "LMv2 and NTLM, both broken (no domain)", false},
1317	{test_lmv2_ntlm_break_ntlm, "LMv2 and NTLM, NTLM broken", false},
1318	{test_lmv2_ntlm_break_ntlm_no_dom, "LMv2 and NTLM, NTLM broken (no domain)", false},
1319	{test_lmv2_ntlm_break_lm, "LMv2 and NTLM, LMv2 broken", false},
1320	{test_lmv2_ntlm_break_lm_no_dom, "LMv2 and NTLM, LMv2 broken (no domain)", false},
1321	{test_plaintext_none_broken, "Plaintext", false},
1322	{test_plaintext_lm_broken, "Plaintext LM broken", false},
1323	{test_plaintext_nt_broken, "Plaintext NT broken", false},
1324	{test_plaintext_nt_only, "Plaintext NT only", false},
1325	{test_plaintext_lm_only, "Plaintext LM only", false},
1326	{NULL, NULL}
1327	};
1328
1329	/*
1330	try a netlogon SamLogon
1331	*/
1332	static bool test_SamLogon(struct dcerpc_pipe p, TALLOC_CTX mem_ctx,
1333	struct torture_context *tctx,
1334	struct netlogon_creds_CredentialState *creds,
1335	const char *comment,
1336	const char account_domain, const char account_name,
1337	const char *plain_pass, uint32_t parameter_control,
1338	NTSTATUS expected_error, bool old_password,
1339	int n_subtests)
1340	{
1341	TALLOC_CTX *fn_ctx = talloc_named(mem_ctx, 0, "test_SamLogon function-level context");
1342	int i, v, l, f;
1343	bool ret = true;
1344	int validation_levels[] = {2,3,6};
1345	int logon_levels[] = { 2, 6 };
1346	int function_levels[] = {
1347	NDR_NETR_LOGONSAMLOGON,
1348	NDR_NETR_LOGONSAMLOGONEX,
1349	NDR_NETR_LOGONSAMLOGONWITHFLAGS };
1350	struct samlogon_state samlogon_state;
1351
1352	union netr_LogonLevel logon;
1353	union netr_Validation validation;
1354	uint8_t authoritative = 0;
1355	uint32_t flags = 0;
1356
1357	ZERO_STRUCT(logon);
1358
1359	d_printf("Testing netr_LogonSamLogon and netr_LogonSamLogonWithFlags\n");
1360
1361	samlogon_state.comment = comment;
1362	samlogon_state.account_name = account_name;
1363	samlogon_state.account_domain = account_domain;
1364	samlogon_state.password = plain_pass;
1365	samlogon_state.workgroup = lpcfg_workgroup(tctx->lp_ctx);
1366	samlogon_state.netbios_name = lpcfg_netbios_name(tctx->lp_ctx);
1367	samlogon_state.p = p;
1368	samlogon_state.creds = creds;
1369	samlogon_state.expected_error = expected_error;
1370	samlogon_state.chall = data_blob_talloc(fn_ctx, NULL, 8);
1371	samlogon_state.parameter_control = parameter_control;
1372	samlogon_state.old_password = old_password;
1373
1374	generate_random_buffer(samlogon_state.chall.data, 8);
1375	samlogon_state.r_flags.in.server_name = talloc_asprintf(fn_ctx, "\\\\%s", dcerpc_server_name(p));
1376	samlogon_state.r_flags.in.computer_name = TEST_MACHINE_NAME;
1377	samlogon_state.r_flags.in.credential = &samlogon_state.auth;
1378	samlogon_state.r_flags.in.return_authenticator = &samlogon_state.auth2;
1379	samlogon_state.r_flags.in.flags = &flags;
1380	samlogon_state.r_flags.in.logon = &logon;
1381	samlogon_state.r_flags.out.validation = &validation;
1382	samlogon_state.r_flags.out.authoritative = &authoritative;
1383	samlogon_state.r_flags.out.flags = &flags;
1384
1385	samlogon_state.r_ex.in.server_name = talloc_asprintf(fn_ctx, "\\\\%s", dcerpc_server_name(p));
1386	samlogon_state.r_ex.in.computer_name = TEST_MACHINE_NAME;
1387	samlogon_state.r_ex.in.flags = &flags;
1388	samlogon_state.r_ex.in.logon = &logon;
1389	samlogon_state.r_ex.out.validation = &validation;
1390	samlogon_state.r_ex.out.authoritative = &authoritative;
1391	samlogon_state.r_ex.out.flags = &flags;
1392
1393	samlogon_state.r.in.server_name = talloc_asprintf(fn_ctx, "\\\\%s", dcerpc_server_name(p));
1394	samlogon_state.r.in.computer_name = TEST_MACHINE_NAME;
1395	samlogon_state.r.in.credential = &samlogon_state.auth;
1396	samlogon_state.r.in.return_authenticator = &samlogon_state.auth2;
1397	samlogon_state.r.in.logon = &logon;
1398	samlogon_state.r.out.validation = &validation;
1399	samlogon_state.r.out.authoritative = &authoritative;
1400
1401
1402	for (f=0;f<ARRAY_SIZE(function_levels);f++) {
1403	for (i=0; test_table[i].fn; i++) {
1404	if (n_subtests && (i > n_subtests)) {
1405	continue;
1406	}
1407	for (v=0;v<ARRAY_SIZE(validation_levels);v++) {
1408	for (l=0;l<ARRAY_SIZE(logon_levels);l++) {
1409	char *error_string = NULL;
1410	TALLOC_CTX *tmp_ctx = talloc_named(fn_ctx, 0, "test_SamLogon inner loop");
1411	samlogon_state.mem_ctx = tmp_ctx;
1412	samlogon_state.function_level = function_levels[f];
1413	samlogon_state.r.in.validation_level = validation_levels[v];
1414	samlogon_state.r.in.logon_level = logon_levels[l];
1415	samlogon_state.r_ex.in.validation_level = validation_levels[v];
1416	samlogon_state.r_ex.in.logon_level = logon_levels[l];
1417	samlogon_state.r_flags.in.validation_level = validation_levels[v];
1418	samlogon_state.r_flags.in.logon_level = logon_levels[l];
1419	if (!test_table[i].fn(&samlogon_state, &error_string)) {
1420	d_printf("Testing '%s' [%s]\\[%s] '%s' at validation level %d, logon level %d, function %d: \n",
1421	samlogon_state.comment,
1422	samlogon_state.account_domain,
1423	samlogon_state.account_name,
1424	test_table[i].name, validation_levels[v],
1425	logon_levels[l], function_levels[f]);
1426
1427	if (test_table[i].expect_fail) {
1428	d_printf(" failed (expected, test incomplete): %s\n", error_string);
1429	} else {
1430	d_printf(" failed: %s\n", error_string);
1431	ret = false;
1432	}
1433	SAFE_FREE(error_string);
1434	}
1435	talloc_free(tmp_ctx);
1436	}
1437	}
1438	}
1439	}
1440	talloc_free(fn_ctx);
1441	return ret;
1442	}
1443
1444	/*
1445	test an ADS style interactive domain logon
1446	*/
1447	bool test_InteractiveLogon(struct dcerpc_pipe p, TALLOC_CTX mem_ctx,
1448	struct netlogon_creds_CredentialState *creds,
1449	const char *comment,
1450	const char *workstation_name,
1451	const char account_domain, const char account_name,
1452	const char *plain_pass, uint32_t parameter_control,
1453	NTSTATUS expected_error)
1454	{
1455	NTSTATUS status;
1456	TALLOC_CTX *fn_ctx = talloc_named(mem_ctx, 0, "test_InteractiveLogon function-level context");
1457	struct netr_LogonSamLogonWithFlags r;
1458	struct netr_Authenticator a, ra;
1459	struct netr_PasswordInfo pinfo;
1460	uint32_t flags = 0;
1461
1462	union netr_LogonLevel logon;
1463	union netr_Validation validation;
1464	uint8_t authoritative = 0;
1465	struct dcerpc_binding_handle *b = p->binding_handle;
1466
1467	ZERO_STRUCT(a);
1468	ZERO_STRUCT(r);
1469	ZERO_STRUCT(ra);
1470
1471	ZERO_STRUCT(logon);
1472	ZERO_STRUCT(validation);
1473
1474	netlogon_creds_client_authenticator(creds, &a);
1475
1476	logon.password = &pinfo;
1477
1478	r.in.server_name = talloc_asprintf(fn_ctx, "\\\\%s", dcerpc_server_name(p));
1479	r.in.computer_name = TEST_MACHINE_NAME;
1480	r.in.credential = &a;
1481	r.in.return_authenticator = &ra;
1482	r.in.logon_level = 5;
1483	r.in.logon = &logon;
1484	r.in.validation_level = 6;
1485	r.in.flags = &flags;
1486	r.out.validation = &validation;
1487	r.out.authoritative = &authoritative;
1488	r.out.flags = &flags;
1489
1490	pinfo.identity_info.domain_name.string = account_domain;
1491	pinfo.identity_info.parameter_control = parameter_control;
1492	pinfo.identity_info.logon_id_low = 0;
1493	pinfo.identity_info.logon_id_high = 0;
1494	pinfo.identity_info.account_name.string = account_name;
1495	pinfo.identity_info.workstation.string = workstation_name;
1496
1497	if (!E_deshash(plain_pass, pinfo.lmpassword.hash)) {
1498	ZERO_STRUCT(pinfo.lmpassword.hash);
1499	}
1500	E_md4hash(plain_pass, pinfo.ntpassword.hash);
1501
1502	if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
1503	netlogon_creds_arcfour_crypt(creds, pinfo.lmpassword.hash, 16);
1504	netlogon_creds_arcfour_crypt(creds, pinfo.ntpassword.hash, 16);
1505	} else {
1506	netlogon_creds_des_encrypt(creds, &pinfo.lmpassword);
1507	netlogon_creds_des_encrypt(creds, &pinfo.ntpassword);
1508	}
1509
1510	d_printf("Testing netr_LogonSamLogonWithFlags '%s' (Interactive Logon)\n", comment);
1511
1512	status = dcerpc_netr_LogonSamLogonWithFlags_r(b, fn_ctx, &r);
1513	if (!NT_STATUS_IS_OK(status)) {
1514	d_printf("%s: netr_LogonSamLogonWithFlags - %s\n",
1515	__location__, nt_errstr(status));
1516	return false;
1517	}
1518	if (!r.out.return_authenticator
1519	\|\| !netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
1520	d_printf("Credential chaining failed\n");
1521	talloc_free(fn_ctx);
1522	return false;
1523	}
1524
1525	talloc_free(fn_ctx);
1526
1527	if (!NT_STATUS_EQUAL(expected_error, r.out.result)) {
1528	d_printf("[%s]\\[%s] netr_LogonSamLogonWithFlags - expected %s got %s\n",
1529	account_domain, account_name, nt_errstr(expected_error), nt_errstr(r.out.result));
1530	return false;
1531	}
1532
1533	return true;
1534	}
1535
1536	/* This sets and resets the "minPwdAge" (in order to allow immediate user
1537	* password changes). The behaviour is controlled by the "set" boolean. */
1538	static bool handle_minPwdAge(struct torture_context *torture,
1539	TALLOC_CTX *mem_ctx, bool set)
1540	{
1541	struct dcerpc_pipe *p;
1542	struct policy_handle connect_handle, domain_handle;
1543	struct samr_Connect c_r;
1544	struct samr_LookupDomain ld_r;
1545	struct samr_OpenDomain od_r;
1546	struct samr_QueryDomainInfo qdi_r;
1547	struct samr_SetDomainInfo sdi_r;
1548	struct samr_Close cl_r;
1549	struct lsa_String domName;
1550	struct dom_sid *domSid = NULL;
1551	union samr_DomainInfo *domInfo = NULL;
1552	static int64_t old_minPwdAge = 0;
1553	NTSTATUS status;
1554
1555	status = torture_rpc_connection(torture, &p, &ndr_table_samr);
1556	if (!NT_STATUS_IS_OK(status)) {
1557	return false;
1558	}
1559
1560	c_r.in.system_name = 0;
1561	c_r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
1562	c_r.out.connect_handle = &connect_handle;
1563
1564	torture_assert_ntstatus_ok(torture,
1565	dcerpc_samr_Connect_r(p->binding_handle, mem_ctx, &c_r),
1566	"Connect failed");
1567	torture_assert_ntstatus_ok(torture, c_r.out.result, "Connect failed");
1568
1569	ld_r.in.connect_handle = &connect_handle;
1570	ld_r.in.domain_name = &domName;
1571	ld_r.in.domain_name->string = lpcfg_workgroup(torture->lp_ctx);
1572	ld_r.out.sid = &domSid;
1573
1574	torture_assert_ntstatus_ok(torture,
1575	dcerpc_samr_LookupDomain_r(p->binding_handle, mem_ctx, &ld_r),
1576	"LookupDomain failed");
1577	torture_assert_ntstatus_ok(torture, ld_r.out.result,
1578	"LookupDomain failed");
1579
1580	od_r.in.connect_handle = &connect_handle;
1581	od_r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
1582	od_r.in.sid = *ld_r.out.sid;
1583	od_r.out.domain_handle = &domain_handle;
1584
1585	torture_assert_ntstatus_ok(torture,
1586	dcerpc_samr_OpenDomain_r(p->binding_handle, mem_ctx, &od_r),
1587	"OpenDomain failed");
1588	torture_assert_ntstatus_ok(torture, od_r.out.result,
1589	"OpenDomain failed");
1590
1591	qdi_r.in.domain_handle = &domain_handle;
1592	qdi_r.in.level = DomainPasswordInformation;
1593	qdi_r.out.info = &domInfo;
1594
1595	torture_assert_ntstatus_ok(torture,
1596	dcerpc_samr_QueryDomainInfo_r(p->binding_handle, mem_ctx, &qdi_r),
1597	"QueryDomainInfo failed");
1598	torture_assert_ntstatus_ok(torture, qdi_r.out.result,
1599	"QueryDomainInfo failed");
1600
1601	if (set) {
1602	old_minPwdAge = domInfo->info1.min_password_age;
1603	domInfo->info1.min_password_age = 0;
1604	} else {
1605	domInfo->info1.min_password_age = old_minPwdAge;
1606	}
1607
1608	sdi_r.in.domain_handle = &domain_handle;
1609	sdi_r.in.level = DomainPasswordInformation;
1610	sdi_r.in.info = domInfo;
1611
1612	torture_assert_ntstatus_ok(torture,
1613	dcerpc_samr_SetDomainInfo_r(p->binding_handle, mem_ctx, &sdi_r),
1614	"SetDomainInfo failed");
1615	torture_assert_ntstatus_ok(torture, sdi_r.out.result,
1616	"SetDomainInfo failed");
1617
1618	cl_r.in.handle = &connect_handle;
1619	cl_r.out.handle = &connect_handle;
1620
1621	torture_assert_ntstatus_ok(torture,
1622	dcerpc_samr_Close_r(p->binding_handle, mem_ctx, &cl_r),
1623	"Close failed");
1624	torture_assert_ntstatus_ok(torture, cl_r.out.result, "Close failed");
1625
1626	return true;
1627	}
1628
1629	bool torture_rpc_samlogon(struct torture_context *torture)
1630	{
1631	NTSTATUS status;
1632	struct dcerpc_pipe *p;
1633	struct dcerpc_binding *b;
1634	struct cli_credentials *machine_credentials;
1635	TALLOC_CTX *mem_ctx = talloc_init("torture_rpc_netlogon");
1636	bool ret = true;
1637	struct test_join *join_ctx = NULL;
1638	struct test_join user_ctx = NULL, user_ctx_wrong_wks = NULL, *user_ctx_wrong_time = NULL;
1639	char user_password, user_password_wrong_wks, *user_password_wrong_time;
1640	const char *old_user_password;
1641	char *test_machine_account;
1642	const char *userdomain;
1643	struct samr_SetUserInfo s;
1644	union samr_UserInfo u;
1645	int i;
1646	int ci;
1647
1648	unsigned int credential_flags[] = {
1649	NETLOGON_NEG_AUTH2_FLAGS,
1650	NETLOGON_NEG_ARCFOUR,
1651	NETLOGON_NEG_ARCFOUR \| NETLOGON_NEG_128BIT,
1652	NETLOGON_NEG_AUTH2_ADS_FLAGS,
1653	0 /* yes, this is a valid flag, causes the use of DES */
1654	};
1655
1656	struct netlogon_creds_CredentialState *creds;
1657	struct dcerpc_pipe *tmp_p = NULL;
1658
1659	torture_assert(torture, handle_minPwdAge(torture, mem_ctx, true),
1660	"handle_minPwdAge error!");
1661
1662	test_machine_account = talloc_asprintf(mem_ctx, "%s$", TEST_MACHINE_NAME);
1663	/* We only need to join as a workstation here, and in future,
1664	* if we wish to test against trusted domains, we must be a
1665	* workstation here */
1666	join_ctx = torture_join_domain(torture, TEST_MACHINE_NAME, ACB_WSTRUST,
1667	&machine_credentials);
1668	if (!join_ctx) {
1669	d_printf("Failed to join as Workstation\n");
1670	return false;
1671	}
1672
1673	userdomain = torture_setting_string(torture, "userdomain", lpcfg_workgroup(torture->lp_ctx));
1674
1675	user_ctx = torture_create_testuser(torture,
1676	TEST_USER_NAME,
1677	userdomain,
1678	ACB_NORMAL,
1679	(const char **)&user_password);
1680	if (!user_ctx) {
1681	d_printf("Failed to create a test user\n");
1682	return false;
1683	}
1684
1685	old_user_password = user_password;
1686
1687	tmp_p = torture_join_samr_pipe(user_ctx);
1688	test_ChangePasswordUser3(tmp_p, torture,
1689	TEST_USER_NAME, 16 /* > 14 */, &user_password,
1690	NULL, 0, false);
1691
1692	user_ctx_wrong_wks = torture_create_testuser(torture,
1693	TEST_USER_NAME_WRONG_WKS,
1694	userdomain,
1695	ACB_NORMAL,
1696	(const char **)&user_password_wrong_wks);
1697	if (!user_ctx_wrong_wks) {
1698	d_printf("Failed to create a test user (wrong workstation test)\n");
1699	return false;
1700	}
1701
1702	ZERO_STRUCT(u);
1703	s.in.user_handle = torture_join_samr_user_policy(user_ctx_wrong_wks);
1704	s.in.info = &u;
1705	s.in.level = 21;
1706
1707	u.info21.fields_present = SAMR_FIELD_WORKSTATIONS;
1708	u.info21.workstations.string = "not" TEST_MACHINE_NAME;
1709
1710	tmp_p = torture_join_samr_pipe(user_ctx_wrong_wks);
1711	status = dcerpc_samr_SetUserInfo_r(tmp_p->binding_handle, mem_ctx, &s);
1712	if (!NT_STATUS_IS_OK(status)) {
1713	printf("SetUserInfo (list of workstations) failed - %s\n", nt_errstr(status));
1714	ret = false;
1715	goto failed;
1716	}
1717	if (!NT_STATUS_IS_OK(s.out.result)) {
1718	printf("SetUserInfo (list of workstations) failed - %s\n", nt_errstr(s.out.result));
1719	ret = false;
1720	goto failed;
1721	}
1722
1723	user_ctx_wrong_time
1724	= torture_create_testuser(torture, TEST_USER_NAME_WRONG_TIME,
1725	userdomain,
1726	ACB_NORMAL,
1727	(const char **)&user_password_wrong_time);
1728	if (!user_ctx_wrong_time) {
1729	d_printf("Failed to create a test user (wrong workstation test)\n");
1730	return false;
1731	}
1732
1733	ZERO_STRUCT(u);
1734	s.in.user_handle = torture_join_samr_user_policy(user_ctx_wrong_time);
1735	s.in.info = &u;
1736	s.in.level = 21;
1737
1738	u.info21.fields_present = SAMR_FIELD_WORKSTATIONS \| SAMR_FIELD_LOGON_HOURS;
1739	u.info21.workstations.string = TEST_MACHINE_NAME;
1740	u.info21.logon_hours.units_per_week = 168;
1741	u.info21.logon_hours.bits = talloc_zero_array(mem_ctx, uint8_t, 168);
1742
1743	tmp_p = torture_join_samr_pipe(user_ctx_wrong_time);
1744	status = dcerpc_samr_SetUserInfo_r(tmp_p->binding_handle, mem_ctx, &s);
1745	if (!NT_STATUS_IS_OK(status)) {
1746	printf("SetUserInfo (logon times and list of workstations) failed - %s\n", nt_errstr(status));
1747	ret = false;
1748	goto failed;
1749	}
1750	if (!NT_STATUS_IS_OK(s.out.result)) {
1751	printf("SetUserInfo (list of workstations) failed - %s\n", nt_errstr(s.out.result));
1752	ret = false;
1753	goto failed;
1754	}
1755
1756	status = torture_rpc_binding(torture, &b);
1757	if (!NT_STATUS_IS_OK(status)) {
1758	ret = false;
1759	goto failed;
1760	}
1761
1762	/* We have to use schannel, otherwise the SamLogonEx fails
1763	* with INTERNAL_ERROR */
1764
1765	b->flags &= ~DCERPC_AUTH_OPTIONS;
1766	b->flags \|= DCERPC_SCHANNEL \| DCERPC_SIGN \| DCERPC_SCHANNEL_128;
1767
1768	status = dcerpc_pipe_connect_b(mem_ctx, &p, b,
1769	&ndr_table_netlogon,
1770	machine_credentials, torture->ev, torture->lp_ctx);
1771
1772	if (!NT_STATUS_IS_OK(status)) {
1773	d_printf("RPC pipe connect as domain member failed: %s\n", nt_errstr(status));
1774	ret = false;
1775	goto failed;
1776	}
1777
1778	status = dcerpc_schannel_creds(p->conn->security_state.generic_state, mem_ctx, &creds);
1779	if (!NT_STATUS_IS_OK(status)) {
1780	ret = false;
1781	goto failed;
1782	}
1783
1784	{
1785
1786	struct {
1787	const char *comment;
1788	const char *domain;
1789	const char *username;
1790	const char *password;
1791	bool network_login;
1792	NTSTATUS expected_interactive_error;
1793	NTSTATUS expected_network_error;
1794	uint32_t parameter_control;
1795	bool old_password; /* Allow an old password to be accepted or rejected without error, as well as session key bugs */
1796	} usercreds[] = {
1797	{
1798	.comment = "domain\\user",
1799	.domain = cli_credentials_get_domain(cmdline_credentials),
1800	.username = cli_credentials_get_username(cmdline_credentials),
1801	.password = cli_credentials_get_password(cmdline_credentials),
1802	.network_login = true,
1803	.expected_interactive_error = NT_STATUS_OK,
1804	.expected_network_error = NT_STATUS_OK
1805	},
1806	{
1807	.comment = "realm\\user",
1808	.domain = cli_credentials_get_realm(cmdline_credentials),
1809	.username = cli_credentials_get_username(cmdline_credentials),
1810	.password = cli_credentials_get_password(cmdline_credentials),
1811	.network_login = true,
1812	.expected_interactive_error = NT_STATUS_OK,
1813	.expected_network_error = NT_STATUS_OK
1814	},
1815	{
1816	.comment = "user@domain",
1817	.domain = NULL,
1818	.username = talloc_asprintf(mem_ctx,
1819	"%s@%s",
1820	cli_credentials_get_username(cmdline_credentials),
1821	cli_credentials_get_domain(cmdline_credentials)
1822	),
1823	.password = cli_credentials_get_password(cmdline_credentials),
1824	.network_login = false, /* works for some things, but not NTLMv2. Odd */
1825	.expected_interactive_error = NT_STATUS_OK,
1826	.expected_network_error = NT_STATUS_OK
1827	},
1828	{
1829	.comment = "user@realm",
1830	.domain = NULL,
1831	.username = talloc_asprintf(mem_ctx,
1832	"%s@%s",
1833	cli_credentials_get_username(cmdline_credentials),
1834	cli_credentials_get_realm(cmdline_credentials)
1835	),
1836	.password = cli_credentials_get_password(cmdline_credentials),
1837	.network_login = true,
1838	.expected_interactive_error = NT_STATUS_OK,
1839	.expected_network_error = NT_STATUS_OK
1840	},
1841	{
1842	.comment = "machine domain\\user",
1843	.domain = cli_credentials_get_domain(machine_credentials),
1844	.username = cli_credentials_get_username(machine_credentials),
1845	.password = cli_credentials_get_password(machine_credentials),
1846	.network_login = true,
1847	.expected_interactive_error = NT_STATUS_NO_SUCH_USER,
1848	.parameter_control = MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT
1849	},
1850	{
1851	.comment = "machine domain\\user",
1852	.domain = cli_credentials_get_domain(machine_credentials),
1853	.username = cli_credentials_get_username(machine_credentials),
1854	.password = cli_credentials_get_password(machine_credentials),
1855	.network_login = true,
1856	.expected_interactive_error = NT_STATUS_NO_SUCH_USER,
1857	.expected_network_error = NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT
1858	},
1859	{
1860	.comment = "machine realm\\user",
1861	.domain = cli_credentials_get_realm(machine_credentials),
1862	.username = cli_credentials_get_username(machine_credentials),
1863	.password = cli_credentials_get_password(machine_credentials),
1864	.network_login = true,
1865	.expected_interactive_error = NT_STATUS_NO_SUCH_USER,
1866	.parameter_control = MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT
1867	},
1868	{
1869	.comment = "machine user@domain",
1870	.domain = NULL,
1871	.username = talloc_asprintf(mem_ctx,
1872	"%s@%s",
1873	cli_credentials_get_username(machine_credentials),
1874	cli_credentials_get_domain(machine_credentials)
1875	),
1876	.password = cli_credentials_get_password(machine_credentials),
1877	.network_login = false, /* works for some things, but not NTLMv2. Odd */
1878	.expected_interactive_error = NT_STATUS_NO_SUCH_USER,
1879	.parameter_control = MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT
1880	},
1881	{
1882	.comment = "machine user@realm",
1883	.domain = NULL,
1884	.username = talloc_asprintf(mem_ctx,
1885	"%s@%s",
1886	cli_credentials_get_username(machine_credentials),
1887	cli_credentials_get_realm(machine_credentials)
1888	),
1889	.password = cli_credentials_get_password(machine_credentials),
1890	.network_login = true,
1891	.expected_interactive_error = NT_STATUS_NO_SUCH_USER,
1892	.parameter_control = MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT
1893	},
1894	{
1895	.comment = "test user (long pw): domain\\user",
1896	.domain = userdomain,
1897	.username = TEST_USER_NAME,
1898	.password = user_password,
1899	.network_login = true,
1900	.expected_interactive_error = NT_STATUS_OK,
1901	.expected_network_error = NT_STATUS_OK
1902	},
1903	{
1904	.comment = "test user (long pw): user@realm",
1905	.domain = NULL,
1906	.username = talloc_asprintf(mem_ctx,
1907	"%s@%s",
1908	TEST_USER_NAME,
1909	lpcfg_realm(torture->lp_ctx)),
1910	.password = user_password,
1911	.network_login = true,
1912	.expected_interactive_error = NT_STATUS_OK,
1913	.expected_network_error = NT_STATUS_OK
1914	},
1915	{
1916	.comment = "test user (long pw): user@domain",
1917	.domain = NULL,
1918	.username = talloc_asprintf(mem_ctx,
1919	"%s@%s",
1920	TEST_USER_NAME,
1921	userdomain),
1922	.password = user_password,
1923	.network_login = false, /* works for some things, but not NTLMv2. Odd */
1924	.expected_interactive_error = NT_STATUS_OK,
1925	.expected_network_error = NT_STATUS_OK
1926	},
1927	/* Oddball, can we use the old password ? */
1928	{
1929	.comment = "test user: user\\domain OLD PASSWORD",
1930	.domain = userdomain,
1931	.username = TEST_USER_NAME,
1932	.password = old_user_password,
1933	.network_login = true,
1934	.expected_interactive_error = NT_STATUS_WRONG_PASSWORD,
1935	.expected_network_error = NT_STATUS_OK,
1936	.old_password = true
1937	},
1938	{
1939	.comment = "test user (wong workstation): domain\\user",
1940	.domain = userdomain,
1941	.username = TEST_USER_NAME_WRONG_WKS,
1942	.password = user_password_wrong_wks,
1943	.network_login = true,
1944	.expected_interactive_error = NT_STATUS_INVALID_WORKSTATION,
1945	.expected_network_error = NT_STATUS_INVALID_WORKSTATION
1946	}
1947	};
1948
1949	/* Try all the tests for different username forms */
1950	for (ci = 0; ci < ARRAY_SIZE(usercreds); ci++) {
1951
1952	if (!test_InteractiveLogon(p, mem_ctx, creds,
1953	usercreds[ci].comment,
1954	TEST_MACHINE_NAME,
1955	usercreds[ci].domain,
1956	usercreds[ci].username,
1957	usercreds[ci].password,
1958	usercreds[ci].parameter_control,
1959	usercreds[ci].expected_interactive_error)) {
1960	ret = false;
1961	}
1962
1963	if (usercreds[ci].network_login) {
1964	if (!test_SamLogon(p, mem_ctx, torture, creds,
1965	usercreds[ci].comment,
1966	usercreds[ci].domain,
1967	usercreds[ci].username,
1968	usercreds[ci].password,
1969	usercreds[ci].parameter_control,
1970	usercreds[ci].expected_network_error,
1971	usercreds[ci].old_password,
1972	0)) {
1973	ret = false;
1974	}
1975	}
1976	}
1977
1978	/* Using the first username form, try the different
1979	* credentials flag setups, on only one of the tests (checks
1980	* session key encryption) */
1981
1982	for (i=0; i < ARRAY_SIZE(credential_flags); i++) {
1983	/* TODO: Somehow we lost setting up the different credential flags here! */
1984
1985	if (!test_InteractiveLogon(p, mem_ctx, creds,
1986	usercreds[0].comment,
1987	TEST_MACHINE_NAME,
1988	usercreds[0].domain,
1989	usercreds[0].username,
1990	usercreds[0].password,
1991	usercreds[0].parameter_control,
1992	usercreds[0].expected_interactive_error)) {
1993	ret = false;
1994	}
1995
1996	if (usercreds[0].network_login) {
1997	if (!test_SamLogon(p, mem_ctx, torture, creds,
1998	usercreds[0].comment,
1999	usercreds[0].domain,
2000	usercreds[0].username,
2001	usercreds[0].password,
2002	usercreds[0].parameter_control,
2003	usercreds[0].expected_network_error,
2004	usercreds[0].old_password,
2005	1)) {
2006	ret = false;
2007	}
2008	}
2009	}
2010
2011	}
2012	failed:
2013	torture_assert(torture, handle_minPwdAge(torture, mem_ctx, false),
2014	"handle_minPwdAge error!");
2015
2016	talloc_free(mem_ctx);
2017
2018	torture_leave_domain(torture, join_ctx);
2019	torture_leave_domain(torture, user_ctx);
2020	torture_leave_domain(torture, user_ctx_wrong_wks);
2021	torture_leave_domain(torture, user_ctx_wrong_time);
2022	return ret;
2023	}

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: trunk/server/source4/torture/rpc/samlogon.c

Download in other formats: