Changeset 919 for vendor/current/source4

Timestamp:

Jun 9, 2016, 2:17:22 PM (9 years ago)

Author:

Silvan Scherrer

Message:

Samba Server: apply latest security patches to vendor

Location:

vendor/current/source4

Files:

• heimdal/cf/make-proto.pl (modified) (2 diffs)
• lib/ldb/wscript (modified) (1 diff)
• librpc/rpc/dcerpc.c (modified) (3 diffs)
• librpc/rpc/dcerpc_util.c (modified) (1 diff)
• rpc_server/dcesrv_auth.c (modified) (6 diffs)
• torture/basic/base.c (modified) (5 diffs)
• torture/ndr/dfsblob.c (modified) (1 diff)
• torture/ndr/drsblobs.c (modified) (2 diffs)
• torture/ndr/nbt.c (modified) (1 diff)
• torture/ndr/ndr.c (modified) (7 diffs)
• torture/ndr/ndr.h (modified) (2 diffs)
• torture/ndr/ntlmssp.c (modified) (1 diff)
• torture/raw/samba3misc.c (modified) (4 diffs)
• torture/rpc/rpc.c (modified) (1 diff)
• torture/rpc/samba3rpc.c (modified) (1 diff)
• torture/rpc/samr.c (modified) (4 diffs)

vendor/current/source4/heimdal/cf/make-proto.pl

@@ -2 +2 @@
 # $Id$
 
-##use Getopt::Std;
-require 'getopts.pl';
+use Getopt::Std;
+#require 'getopts.pl';
 
 my $comment = 0;
@@ -13 +13 @@
 my $private_func_re = "^_";
 
-Getopts('x:m:o:p:dqE:R:P:') || die "foo";
+getopts('x:m:o:p:dqE:R:P:') || die "foo";
 
 if($opt_d) {

vendor/current/source4/lib/ldb/wscript

@@ -136 +136 @@
                           vnum=VERSION,
                           private_library=private_library,
-                          manpages='man/ldb.3',
-                          abi_directory = 'ABI',
-                          abi_match = abi_match)
+                          manpages='man/ldb.3')
 
         # generate a include/ldb_version.h

vendor/current/source4/librpc/rpc/dcerpc.c

@@ -700 +700 @@
         default:
                 return NT_STATUS_INVALID_LEVEL;
+        }
+
+        if (pkt->auth_length == 0) {
+                return NT_STATUS_INVALID_NETWORK_RESPONSE;
+        }
+
+        if (c->security_state.generic_state == NULL) {
+                return NT_STATUS_INTERNAL_ERROR;
         }
 
@@ -1075 +1083 @@
 
         /* the bind_ack might contain a reply set of credentials */
-        if (conn->security_state.auth_info && pkt->u.bind_ack.auth_info.length) {
+        if (conn->security_state.auth_info && pkt->auth_length) {
                 NTSTATUS status;
                 uint32_t auth_length;
@@ -1848 +1856 @@
 
         /* the alter_resp might contain a reply set of credentials */
-        if (recv_pipe->conn->security_state.auth_info &&
-            pkt->u.alter_resp.auth_info.length) {
+        if (recv_pipe->conn->security_state.auth_info && pkt->auth_length) {
                 struct dcecli_connection *conn = recv_pipe->conn;
                 NTSTATUS status;

vendor/current/source4/librpc/rpc/dcerpc_util.c

@@ -594 +594 @@
         /* Perform an authenticated DCE-RPC bind
          */
-        if (!(conn->flags & (DCERPC_SIGN|DCERPC_SEAL))) {
+        if (!(conn->flags & (DCERPC_CONNECT|DCERPC_SEAL))) {
                 /*
                   we are doing an authenticated connection,
-                  but not using sign or seal. We must force
-                  the CONNECT dcerpc auth type as a NONE auth
-                  type doesn't allow authentication
-                  information to be passed.
+                  which needs to use [connect], [sign] or [seal].
+                  If nothing is specified, we default to [sign] now.
+                  This give roughly the same protection as
+                  ncacn_np with smb signing.
                 */
-                conn->flags |= DCERPC_CONNECT;
+                conn->flags |= DCERPC_SIGN;
         }
 

vendor/current/source4/rpc_server/dcesrv_auth.c

@@ -47 +47 @@
         uint32_t auth_length;
 
-        if (pkt->u.bind.auth_info.length == 0) {
+        if (pkt->auth_length == 0) {
                 dce_conn->auth_state.auth_info = NULL;
                 return true;
@@ -109 +109 @@
         NTSTATUS status;
 
-        if (!call->conn->auth_state.gensec_security) {
+        if (call->pkt.auth_length == 0) {
                 return NT_STATUS_OK;
         }
@@ -156 +156 @@
         uint32_t auth_length;
 
-        /* We can't work without an existing gensec state, and an new blob to feed it */
-        if (!dce_conn->auth_state.auth_info ||
-            !dce_conn->auth_state.gensec_security ||
-            pkt->u.auth3.auth_info.length == 0) {
+        if (pkt->auth_length == 0) {
+                return false;
+        }
+
+        if (!dce_conn->auth_state.auth_info) {
+                return false;
+        }
+
+        /* We can't work without an existing gensec state */
+        if (!dce_conn->auth_state.gensec_security) {
                 return false;
         }
@@ -204 +210 @@
 
         /* on a pure interface change there is no auth blob */
-        if (pkt->u.alter.auth_info.length == 0) {
+        if (pkt->auth_length == 0) {
                 return true;
         }
@@ -239 +245 @@
         /* on a pure interface change there is no auth_info structure
            setup */
-        if (!call->conn->auth_state.auth_info ||
-            dce_conn->auth_state.auth_info->credentials.length == 0) {
+        if (call->pkt.auth_length == 0) {
                 return NT_STATUS_OK;
         }
@@ -313 +318 @@
 
         default:
+                return false;
+        }
+
+        if (pkt->auth_length == 0) {
+                DEBUG(1,("dcesrv_auth_request: unexpected auth_length of 0\n"));
                 return false;
         }

vendor/current/source4/torture/basic/base.c

@@ -1477 +1477 @@
 {
         bool nt_status_support;
+        bool client_ntlmv2_auth;
         struct smbcli_state *cli_nt = NULL, *cli_dos = NULL;
         bool result = false;
@@ -1486 +1487 @@
 
         nt_status_support = lpcfg_nt_status_support(tctx->lp_ctx);
+        client_ntlmv2_auth = lpcfg_client_ntlmv2_auth(tctx->lp_ctx);
 
         if (!lpcfg_set_cmdline(tctx->lp_ctx, "nt status support", "yes")) {
@@ -1491 +1493 @@
                 goto fail;
         }
+        if (!lpcfg_set_cmdline(tctx->lp_ctx, "client ntlmv2 auth", "yes")) {
+                torture_result(tctx, TORTURE_FAIL, "Could not set 'client ntlmv2 auth = yes'\n");
+                goto fail;
+        }
 
         if (!torture_open_connection(&cli_nt, tctx, 0)) {
@@ -1497 +1503 @@
 
         if (!lpcfg_set_cmdline(tctx->lp_ctx, "nt status support", "no")) {
-                torture_comment(tctx, "Could not set 'nt status support = yes'\n");
+                torture_result(tctx, TORTURE_FAIL, "Could not set 'nt status support = no'\n");
+                goto fail;
+        }
+        if (!lpcfg_set_cmdline(tctx->lp_ctx, "client ntlmv2 auth", "no")) {
+                torture_result(tctx, TORTURE_FAIL, "Could not set 'client ntlmv2 auth = no'\n");
                 goto fail;
         }
@@ -1507 +1517 @@
         if (!lpcfg_set_cmdline(tctx->lp_ctx, "nt status support",
                             nt_status_support ? "yes":"no")) {
-                torture_comment(tctx, "Could not reset 'nt status support = yes'");
+                torture_result(tctx, TORTURE_FAIL, "Could not reset 'nt status support'");
+                goto fail;
+        }
+        if (!lpcfg_set_cmdline(tctx->lp_ctx, "client ntlmv2 auth",
+                               client_ntlmv2_auth ? "yes":"no")) {
+                torture_result(tctx, TORTURE_FAIL, "Could not reset 'client ntlmv2 auth'");
                 goto fail;
         }

vendor/current/source4/torture/ndr/dfsblob.c

@@ -75 +75 @@
         struct torture_suite *suite = torture_suite_create(ctx, "dfsblob");
 
-        torture_suite_add_ndr_pull_fn_test(suite, dfs_GetDFSReferral_in, dfs_get_ref_in, NDR_IN, NULL);
+        torture_suite_add_ndr_pull_test(suite, dfs_GetDFSReferral_in, dfs_get_ref_in, NULL);
 
-        torture_suite_add_ndr_pull_fn_test(suite, dfs_referral_resp, dfs_get_ref_out2, NDR_BUFFERS|NDR_SCALARS, NULL);
+        torture_suite_add_ndr_pull_test(suite, dfs_referral_resp, dfs_get_ref_out2, NULL);
 
-        torture_suite_add_ndr_pull_fn_test(suite, dfs_referral_resp, dfs_get_ref_out, NDR_BUFFERS|NDR_SCALARS,dfs_referral_out_check);
+        torture_suite_add_ndr_pull_test(suite, dfs_referral_resp, dfs_get_ref_out,dfs_referral_out_check);
 
         return suite;

vendor/current/source4/torture/ndr/drsblobs.c

@@ -116 +116 @@
 };
 
+/* these are taken from the trust objects of a w2k8r2 forest, with a
+ * trust relationship between the forest parent and a child domain
+ */
+static const char *trustAuthIncoming =
+"AQAAAAwAAAAcAQAASuQ+RXJdzAECAAAAAAEAAMOWL6UVfVKiJOUsGcT03H"
+"jHxr2ACsMMOV5ynM617Tp7idNC+c4egdqk4S9YEpvR2YvHmdZdymL6F7QKm8OkXazYZF2r/gZ/bI+"
+"jkWbsn4O8qyAc3OUKQRZwBbf+lxBW+vM4O3ZpUjz5BSKCcFQgM+MY91yVU8Nji3HNnvGnDquobFAZ"
+"hxjL+S1l5+QZgkfyfv5mQScGRbU1Lar1xg9G3JznUb7S6pvrBO2nwK8g+KZBfJy5UeULigDH4IWo/"
+"JmtaEGkKE2uiKIjdsEQd/uwnkouW26XzRc0ulfJnPFftGnT9KIcShPf7DLj/tstmQAAceRMFHJTY3"
+"PmxoowoK8HUyBK5D5Fcl3MAQIAAAAAAQAAw5YvpRV9UqIk5SwZxPTceMfGvYAKwww5XnKczrXtOnu"
+"J00L5zh6B2qThL1gSm9HZi8eZ1l3KYvoXtAqbw6RdrNhkXav+Bn9sj6ORZuyfg7yrIBzc5QpBFnAF"
+"t/6XEFb68zg7dmlSPPkFIoJwVCAz4xj3XJVTw2OLcc2e8acOq6hsUBmHGMv5LWXn5BmCR/J+/mZBJ"
+"wZFtTUtqvXGD0bcnOdRvtLqm+sE7afAryD4pkF8nLlR5QuKAMfghaj8ma1oQaQoTa6IoiN2wRB3+7"
+"CeSi5bbpfNFzS6V8mc8V+0adP0ohxKE9/sMuP+2y2ZAABx5EwUclNjc+bGijCgrwdTIA==";
+
+static const char *trustAuthOutgoing =
+"AQAAAAwAAAAcAQAASuQ+RXJdzAECAAAAAAEAAMOWL6UVfVKiJOUsGcT03H"
+"jHxr2ACsMMOV5ynM617Tp7idNC+c4egdqk4S9YEpvR2YvHmdZdymL6F7QKm8OkXazYZF2r/gZ/bI+"
+"jkWbsn4O8qyAc3OUKQRZwBbf+lxBW+vM4O3ZpUjz5BSKCcFQgM+MY91yVU8Nji3HNnvGnDquobFAZ"
+"hxjL+S1l5+QZgkfyfv5mQScGRbU1Lar1xg9G3JznUb7S6pvrBO2nwK8g+KZBfJy5UeULigDH4IWo/"
+"JmtaEGkKE2uiKIjdsEQd/uwnkouW26XzRc0ulfJnPFftGnT9KIcShPf7DLj/tstmQAAceRMFHJTY3"
+"PmxoowoK8HUyBK5D5Fcl3MAQIAAAAAAQAAw5YvpRV9UqIk5SwZxPTceMfGvYAKwww5XnKczrXtOnu"
+"J00L5zh6B2qThL1gSm9HZi8eZ1l3KYvoXtAqbw6RdrNhkXav+Bn9sj6ORZuyfg7yrIBzc5QpBFnAF"
+"t/6XEFb68zg7dmlSPPkFIoJwVCAz4xj3XJVTw2OLcc2e8acOq6hsUBmHGMv5LWXn5BmCR/J+/mZBJ"
+"wZFtTUtqvXGD0bcnOdRvtLqm+sE7afAryD4pkF8nLlR5QuKAMfghaj8ma1oQaQoTa6IoiN2wRB3+7"
+"CeSi5bbpfNFzS6V8mc8V+0adP0ohxKE9/sMuP+2y2ZAABx5EwUclNjc+bGijCgrwdTIA==";
+
+
 static bool trust_domain_passwords_check_in(struct torture_context *tctx,
                                             struct trustDomainPasswords *r)
@@ -155 +183 @@
         struct torture_suite *suite = torture_suite_create(ctx, "drsblobs");
 
-        torture_suite_add_ndr_pull_fn_test(suite, ForestTrustInfo, forest_trust_info_data_out, NDR_IN, forest_trust_info_check_out);
-        torture_suite_add_ndr_pull_fn_test(suite, trustDomainPasswords, trust_domain_passwords_in, NDR_IN, trust_domain_passwords_check_in);
+        torture_suite_add_ndr_pull_test(suite, ForestTrustInfo, forest_trust_info_data_out, forest_trust_info_check_out);
+        torture_suite_add_ndr_pull_test(suite, trustDomainPasswords, trust_domain_passwords_in, trust_domain_passwords_check_in);
+
+#if 0
+        torture_suite_add_ndr_pullpush_test(suite,
+                                            trustAuthInOutBlob,
+                                            base64_decode_data_blob_talloc(suite, trustAuthIncoming),
+                                            NULL);
+
+        torture_suite_add_ndr_pullpush_test(suite,
+                                            trustAuthInOutBlob,
+                                            base64_decode_data_blob_talloc(suite, trustAuthOutgoing),
+                                            NULL);
+#endif
 
         return suite;

vendor/current/source4/torture/ndr/nbt.c

@@ -63 +63 @@
         struct torture_suite *suite = torture_suite_create(ctx, "nbt");
 
-        torture_suite_add_ndr_pull_fn_test(suite, nbt_netlogon_packet, netlogon_logon_request_req_data, NDR_IN, netlogon_logon_request_req_check);
+        torture_suite_add_ndr_pull_test(suite, nbt_netlogon_packet, netlogon_logon_request_req_data, netlogon_logon_request_req_check);
 
-        torture_suite_add_ndr_pull_fn_test(suite, nbt_netlogon_response2, netlogon_logon_request_resp_data, NDR_IN, netlogon_logon_request_resp_check);
+        torture_suite_add_ndr_pull_test(suite, nbt_netlogon_response2, netlogon_logon_request_resp_data, netlogon_logon_request_resp_check);
 
         return suite;

vendor/current/source4/torture/ndr/ndr.c

@@ -30 +30 @@
         size_t struct_size;
         ndr_pull_flags_fn_t pull_fn;
+        ndr_push_flags_fn_t push_fn;
         int ndr_flags;
+        int flags;
 };
 
-static bool wrap_ndr_pull_test(struct torture_context *tctx,
-                               struct torture_tcase *tcase,
-                               struct torture_test *test)
+static bool wrap_ndr_pullpush_test(struct torture_context *tctx,
+                                   struct torture_tcase *tcase,
+                                   struct torture_test *test)
 {
         bool (*check_fn) (struct torture_context *ctx, void *data) = test->fn;
         const struct ndr_pull_test_data *data = (const struct ndr_pull_test_data *)test->data;
-        void *ds = talloc_zero_size(tctx, data->struct_size);
         struct ndr_pull *ndr = ndr_pull_init_blob(&(data->data), tctx);
+        void *ds = talloc_zero_size(ndr, data->struct_size);
+        bool ret;
+        uint32_t highest_ofs;
+
+        ndr->flags |= data->flags;
 
         ndr->flags |= LIBNDR_FLAG_REF_ALLOC;
@@ -47 +53 @@
                                    "pulling");
 
-        torture_assert(tctx, ndr->offset == ndr->data_size,
+        if (ndr->offset > ndr->relative_highest_offset) {
+                highest_ofs = ndr->offset;
+        } else {
+                highest_ofs = ndr->relative_highest_offset;
+        }
+
+        torture_assert(tctx, highest_ofs == ndr->data_size,
                                    talloc_asprintf(tctx,
-                                           "%d unread bytes", ndr->data_size - ndr->offset));
-
-        if (check_fn != NULL)
-                return check_fn(tctx, ds);
-        else
-                return true;
-}
-
-_PUBLIC_ struct torture_test *_torture_suite_add_ndr_pull_test(
-                                        struct torture_suite *suite,
-                                        const char *name, ndr_pull_flags_fn_t pull_fn,
-                                        DATA_BLOB db,
-                                        size_t struct_size,
-                                        int ndr_flags,
-                                        bool (*check_fn) (struct torture_context *ctx, void *data))
+                                           "%d unread bytes", ndr->data_size - highest_ofs));
+
+        if (check_fn != NULL) {
+                ret = check_fn(tctx, ds);
+        } else {
+                ret = true;
+        }
+
+        if (data->push_fn != NULL) {
+                DATA_BLOB outblob;
+                torture_assert_ndr_success(tctx, ndr_push_struct_blob(&outblob, ndr, ds, data->push_fn), "pushing");
+                torture_assert_data_blob_equal(tctx, outblob, data->data, "ndr push compare");
+        }
+
+        talloc_free(ndr);
+        return ret;
+}
+
+_PUBLIC_ struct torture_test *_torture_suite_add_ndr_pullpush_test(
+        struct torture_suite *suite,
+        const char *name,
+        ndr_pull_flags_fn_t pull_fn,
+        ndr_push_flags_fn_t push_fn,
+        DATA_BLOB db,
+        size_t struct_size,
+        int ndr_flags,
+        int flags,
+        bool (*check_fn) (struct torture_context *ctx, void *data))
 {
         struct torture_test *test;
@@ -75 +100 @@
         test->name = talloc_strdup(test, name);
         test->description = NULL;
-        test->run = wrap_ndr_pull_test;
+        test->run = wrap_ndr_pullpush_test;
+
         data = talloc(test, struct ndr_pull_test_data);
         data->data = db;
         data->ndr_flags = ndr_flags;
+        data->flags = flags;
         data->struct_size = struct_size;
         data->pull_fn = pull_fn;
+        data->push_fn = push_fn;
+
         test->data = data;
         test->fn = check_fn;
@@ -89 +118 @@
         return test;
 }
+
 
 static bool wrap_ndr_inout_pull_test(struct torture_context *tctx,
@@ -98 +128 @@
         void *ds = talloc_zero_size(tctx, data->struct_size);
         struct ndr_pull *ndr;
+        uint32_t highest_ofs;
 
         /* handle NDR_IN context */
@@ -110 +141 @@
                 "ndr pull of context failed");
 
-        torture_assert(tctx, ndr->offset == ndr->data_size,
-                talloc_asprintf(tctx, "%d unread bytes", ndr->data_size - ndr->offset));
+        if (ndr->offset > ndr->relative_highest_offset) {
+                highest_ofs = ndr->offset;
+        } else {
+                highest_ofs = ndr->relative_highest_offset;
+        }
+
+        torture_assert(tctx, highest_ofs == ndr->data_size,
+                talloc_asprintf(tctx, "%d unread bytes", ndr->data_size - highest_ofs));
 
         talloc_free(ndr);
@@ -126 +163 @@
                 "ndr pull failed");
 
-        torture_assert(tctx, ndr->offset == ndr->data_size,
-                talloc_asprintf(tctx, "%d unread bytes", ndr->data_size - ndr->offset));
+        if (ndr->offset > ndr->relative_highest_offset) {
+                highest_ofs = ndr->offset;
+        } else {
+                highest_ofs = ndr->relative_highest_offset;
+        }
+
+        torture_assert(tctx, highest_ofs == ndr->data_size,
+                talloc_asprintf(tctx, "%d unread bytes", ndr->data_size - highest_ofs));
 
         talloc_free(ndr);

vendor/current/source4/torture/ndr/ndr.h

@@ -25 +25 @@
 #include "libcli/security/security.h"
 
-_PUBLIC_ struct torture_test *_torture_suite_add_ndr_pull_test(
+_PUBLIC_ struct torture_test *_torture_suite_add_ndr_pullpush_test(
                                         struct torture_suite *suite,
-                                        const char *name, ndr_pull_flags_fn_t fn,
+                                        const char *name,
+                                        ndr_pull_flags_fn_t pull_fn,
+                                        ndr_push_flags_fn_t push_fn,
                                         DATA_BLOB db,
                                         size_t struct_size,
                                         int ndr_flags,
+                                        int flags,
                                         bool (*check_fn) (struct torture_context *, void *data));
 
@@ -42 +45 @@
 
 #define torture_suite_add_ndr_pull_test(suite,name,data,check_fn) \
-                _torture_suite_add_ndr_pull_test(suite, #name, \
-                         (ndr_pull_flags_fn_t)ndr_pull_ ## name, data_blob_talloc(suite, data, sizeof(data)), \
-                         sizeof(struct name), NDR_SCALARS|NDR_BUFFERS, (bool (*) (struct torture_context *, void *)) check_fn);
+                _torture_suite_add_ndr_pullpush_test(suite, #name, \
+                         (ndr_pull_flags_fn_t)ndr_pull_ ## name, NULL, data_blob_const(data, sizeof(data)), \
+                         sizeof(struct name), NDR_SCALARS|NDR_BUFFERS, 0, (bool (*) (struct torture_context *, void *)) check_fn);
 
 #define torture_suite_add_ndr_pull_fn_test(suite,name,data,flags,check_fn) \
-                _torture_suite_add_ndr_pull_test(suite, #name "_" #flags, \
-                         (ndr_pull_flags_fn_t)ndr_pull_ ## name, data_blob_talloc(suite, data, sizeof(data)), \
-                         sizeof(struct name), flags, (bool (*) (struct torture_context *, void *)) check_fn);
+                _torture_suite_add_ndr_pullpush_test(suite, #name "_" #flags, \
+                         (ndr_pull_flags_fn_t)ndr_pull_ ## name, NULL, data_blob_const(data, sizeof(data)), \
+                         sizeof(struct name), flags, 0, (bool (*) (struct torture_context *, void *)) check_fn);
+
+#define torture_suite_add_ndr_pull_fn_test_flags(suite,name,data,flags,flags2,check_fn) \
+                _torture_suite_add_ndr_pullpush_test(suite, #name "_" #flags "_" #flags2, \
+                         (ndr_pull_flags_fn_t)ndr_pull_ ## name, NULL, data_blob_const(data, sizeof(data)), \
+                         sizeof(struct name), flags, flags2, (bool (*) (struct torture_context *, void *)) check_fn);
+
+#define torture_suite_add_ndr_pullpush_test(suite,name,data_blob,check_fn) \
+                _torture_suite_add_ndr_pullpush_test(suite, #name, \
+                         (ndr_pull_flags_fn_t)ndr_pull_ ## name, \
+                         (ndr_push_flags_fn_t)ndr_push_ ## name, \
+                         data_blob, \
+                         sizeof(struct name), NDR_SCALARS|NDR_BUFFERS, 0, (bool (*) (struct torture_context *, void *)) check_fn);
 
 #define torture_suite_add_ndr_pull_io_test(suite,name,data_in,data_out,check_fn_out) \
                 _torture_suite_add_ndr_pull_inout_test(suite, #name "_INOUT", \
                          (ndr_pull_flags_fn_t)ndr_pull_ ## name, \
-                         data_blob_talloc(suite, data_in, sizeof(data_in)), \
-                         data_blob_talloc(suite, data_out, sizeof(data_out)), \
+                         data_blob_const(data_in, sizeof(data_in)), \
+                         data_blob_const(data_out, sizeof(data_out)), \
                          sizeof(struct name), \
                          (bool (*) (struct torture_context *, void *)) check_fn_out);

vendor/current/source4/torture/ndr/ntlmssp.c

@@ -112 +112 @@
         struct torture_suite *suite = torture_suite_create(ctx, "ntlmssp");
 
-        torture_suite_add_ndr_pull_fn_test(suite, NEGOTIATE_MESSAGE, ntlmssp_NEGOTIATE_MESSAGE_data, NDR_IN, ntlmssp_NEGOTIATE_MESSAGE_check);
-        /* torture_suite_add_ndr_pull_fn_test(suite, CHALLENGE_MESSAGE, ntlmssp_CHALLENGE_MESSAGE_data, NDR_IN, ntlmssp_CHALLENGE_MESSAGE_check);
-        torture_suite_add_ndr_pull_fn_test(suite, AUTHENTICATE_MESSAGE, ntlmssp_AUTHENTICATE_MESSAGE_data, NDR_IN, ntlmssp_AUTHENTICATE_MESSAGE_check); */
-
+        torture_suite_add_ndr_pull_test(suite, NEGOTIATE_MESSAGE, ntlmssp_NEGOTIATE_MESSAGE_data, ntlmssp_NEGOTIATE_MESSAGE_check);
+#if 0
+        torture_suite_add_ndr_pull_test(suite, CHALLENGE_MESSAGE, ntlmssp_CHALLENGE_MESSAGE_data, ntlmssp_CHALLENGE_MESSAGE_check);
+        torture_suite_add_ndr_pull_test(suite, AUTHENTICATE_MESSAGE, ntlmssp_AUTHENTICATE_MESSAGE_data, ntlmssp_AUTHENTICATE_MESSAGE_check);
+#endif
         return suite;
 }

vendor/current/source4/torture/raw/samba3misc.c

@@ -341 +341 @@
         TALLOC_CTX *mem_ctx;
         bool nt_status_support;
+        bool client_ntlmv2_auth;
 
         if (!(mem_ctx = talloc_init("torture_samba3_badpath"))) {
@@ -348 +349 @@
 
         nt_status_support = lpcfg_nt_status_support(torture->lp_ctx);
-
-        if (!lpcfg_set_cmdline(torture->lp_ctx, "nt status support", "yes")) {
-                printf("Could not set 'nt status support = yes'\n");
-                goto fail;
-        }
+        client_ntlmv2_auth = lpcfg_client_ntlmv2_auth(torture->lp_ctx);
+
+        torture_assert_goto(torture, lpcfg_set_cmdline(torture->lp_ctx, "nt status support", "yes"), ret, fail, "Could not set 'nt status support = yes'\n");
+        torture_assert_goto(torture, lpcfg_set_cmdline(torture->lp_ctx, "client ntlmv2 auth", "yes"), ret, fail, "Could not set 'client ntlmv2 auth = yes'\n");
 
         if (!torture_open_connection(&cli_nt, torture, 0)) {
@@ -358 +358 @@
         }
 
-        if (!lpcfg_set_cmdline(torture->lp_ctx, "nt status support", "no")) {
-                printf("Could not set 'nt status support = yes'\n");
-                goto fail;
-        }
+        torture_assert_goto(torture, lpcfg_set_cmdline(torture->lp_ctx, "nt status support", "no"), ret, fail, "Could not set 'nt status support = no'\n");
+        torture_assert_goto(torture, lpcfg_set_cmdline(torture->lp_ctx, "client ntlmv2 auth", "no"), ret, fail, "Could not set 'client ntlmv2 auth = no'\n");
 
         if (!torture_open_connection(&cli_dos, torture, 1)) {
@@ -374 +372 @@
 
         smbcli_deltree(cli_nt->tree, dirname);
+        torture_assert_goto(torture, lpcfg_set_cmdline(torture->lp_ctx, "nt status support",
+                                                       nt_status_support ? "yes":"no"),
+                            ret, fail, "Could not set 'nt status support' back to where it was\n");
+        torture_assert_goto(torture, lpcfg_set_cmdline(torture->lp_ctx, "client ntlmv2 auth",
+                                                       client_ntlmv2_auth ? "yes":"no"),
+                            ret, fail, "Could not set 'client ntlmv2 auth' back to where it was\n");
 
         status = smbcli_mkdir(cli_nt->tree, dirname);

vendor/current/source4/torture/rpc/rpc.c

@@ -502 +502 @@
         torture_suite_add_suite(suite, torture_rpc_samr_passwords_badpwdcount(suite));
         torture_suite_add_suite(suite, torture_rpc_samr_passwords_lockout(suite));
+        torture_suite_add_suite(suite, torture_rpc_samr_passwords_validate(suite));
         torture_suite_add_suite(suite, torture_rpc_samr_user_privileges(suite));
         torture_suite_add_suite(suite, torture_rpc_samr_large_dc(suite));

vendor/current/source4/torture/rpc/samba3rpc.c

@@ -1123 +1123 @@
                 names_blob = NTLMv2_generate_names_blob(
                         mem_ctx,
-                        cli_credentials_get_workstation(user_creds),
-                        cli_credentials_get_domain(user_creds));
+                        cli_credentials_get_workstation(wks_creds),
+                        cli_credentials_get_domain(wks_creds));
                 status = cli_credentials_get_ntlm_response(
                         user_creds, mem_ctx, &flags, chal, names_blob,

vendor/current/source4/torture/rpc/samr.c

@@ -7939 +7939 @@
 
 
-static bool test_samr_ValidatePassword(struct dcerpc_pipe *p,
-                                       struct torture_context *tctx)
+static bool test_samr_ValidatePassword(struct torture_context *tctx,
+                                       struct dcerpc_pipe *p)
 {
         struct samr_ValidatePassword r;
@@ -7952 +7952 @@
         torture_comment(tctx, "Testing samr_ValidatePassword\n");
 
+        if (p->conn->transport.transport != NCACN_IP_TCP) {
+                torture_comment(tctx, "samr_ValidatePassword only should succeed over NCACN_IP_TCP!\n");
+        }
+
         ZERO_STRUCT(r);
         r.in.level = NetValidatePasswordReset;
@@ -8075 +8079 @@
         ret &= test_samr_handle_Close(b, torture, &ctx->handle);
 
-        ret &= test_samr_ValidatePassword(p, torture);
-
         return ret;
 }
@@ -8371 +8373 @@
 }
 
-
+struct torture_suite *torture_rpc_samr_passwords_validate(TALLOC_CTX *mem_ctx)
+{
+        struct torture_suite *suite = torture_suite_create(mem_ctx, "samr.passwords.validate");
+        struct torture_rpc_tcase *tcase;
+
+        tcase = torture_suite_add_rpc_iface_tcase(suite, "samr",
+                                                  &ndr_table_samr);
+        torture_rpc_tcase_add_test(tcase, "validate",
+                                   test_samr_ValidatePassword);
+
+        return suite;
+}