The branch, master has been updated
via 2227696... s4-smbtorture: extend netr_LogonControl test in
RPC-NETLOGON.
via 8267564... s3-netlogon: Fix _netr_ServerPasswordSet2 cleartext blob
handling.
via c2966a0... s4-smbtorture: test wbcLookupUserSids in
WINBIND-WBCLIENT as well.
via 246597c... s4-smbtorture: test wbcGuidToString and friends as well
in WINBIND-WBCLIENT.
from aaca10b... s4:provision - fixed invalid creationTime format
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 22276961c398da5997402f09f7443d76f621d3ec
Author: Günther Deschner <[email protected]>
Date: Wed Oct 14 11:58:21 2009 +0200
s4-smbtorture: extend netr_LogonControl test in RPC-NETLOGON.
Guenther
commit 8267564e1c52b3d335bf892ab71963bfb0e6e7e8
Author: Günther Deschner <[email protected]>
Date: Fri Oct 16 12:09:55 2009 +0200
s3-netlogon: Fix _netr_ServerPasswordSet2 cleartext blob handling.
Following Andrew's advice, let's straight md4 the plaintext blob and avoid
trying to get a paintext string out of the input the client sends.
Guenther
commit c2966a0766998b732c190860879c001d6140863e
Author: Günther Deschner <[email protected]>
Date: Fri Oct 16 14:51:49 2009 +0200
s4-smbtorture: test wbcLookupUserSids in WINBIND-WBCLIENT as well.
Guenther
commit 246597cb0d8d62c702841dfbb3fa257fc2da70da
Author: Günther Deschner <[email protected]>
Date: Fri Oct 16 13:38:57 2009 +0200
s4-smbtorture: test wbcGuidToString and friends as well in WINBIND-WBCLIENT.
Guenther
-----------------------------------------------------------------------
Summary of changes:
nsswitch/libwbclient/tests/wbclient.c | 39 +++++++++++-
source3/rpc_server/srv_netlog_nt.c | 5 +-
source4/torture/rpc/netlogon.c | 112 ++++++++++++++++++++++++++++++++-
3 files changed, 151 insertions(+), 5 deletions(-)
Changeset truncated at 500 lines:
diff --git a/nsswitch/libwbclient/tests/wbclient.c
b/nsswitch/libwbclient/tests/wbclient.c
index 6606caf..5a55a43 100644
--- a/nsswitch/libwbclient/tests/wbclient.c
+++ b/nsswitch/libwbclient/tests/wbclient.c
@@ -96,6 +96,38 @@ static bool test_wbc_sidtypestring(struct torture_context
*tctx)
return true;
}
+static bool test_wbc_sidtostring(struct torture_context *tctx)
+{
+ struct wbcDomainSid sid;
+ const char *sid_string = "S-1-5-32";
+ char *sid_string2;
+
+ torture_assert_wbc_ok(tctx, wbcStringToSid(sid_string, &sid),
+ "wbcStringToSid failed");
+ torture_assert_wbc_ok(tctx, wbcSidToString(&sid, &sid_string2),
+ "wbcSidToString failed");
+ torture_assert_str_equal(tctx, sid_string, sid_string2,
+ "sid strings differ");
+
+ return true;
+}
+
+static bool test_wbc_guidtostring(struct torture_context *tctx)
+{
+ struct wbcGuid guid;
+ const char *guid_string = "f7cf07b4-1487-45c7-824d-8b18cc580811";
+ char *guid_string2;
+
+ torture_assert_wbc_ok(tctx, wbcStringToGuid(guid_string, &guid),
+ "wbcStringToGuid failed");
+ torture_assert_wbc_ok(tctx, wbcGuidToString(&guid, &guid_string2),
+ "wbcGuidToString failed");
+ torture_assert_str_equal(tctx, guid_string, guid_string2,
+ "guid strings differ");
+
+ return true;
+}
+
static bool test_wbc_domain_info(struct torture_context *tctx)
{
const char *domain_name = NULL;
@@ -137,10 +169,11 @@ static bool test_wbc_users(struct torture_context *tctx)
for (i=0; i < MIN(num_users,100); i++) {
- struct wbcDomainSid sid;
+ struct wbcDomainSid sid, *sids;
enum wbcSidType name_type;
char *domain;
char *name;
+ uint32_t num_sids;
torture_assert_wbc_ok(tctx, wbcLookupName(domain_name,
users[i], &sid, &name_type),
"wbcLookupName failed");
@@ -152,6 +185,8 @@ static bool test_wbc_users(struct torture_context *tctx)
"wbcLookupSid expected WBC_SID_NAME_USER");
torture_assert(tctx, name,
"wbcLookupSid returned no name");
+ torture_assert_wbc_ok(tctx, wbcLookupUserSids(&sid, true,
&num_sids, &sids),
+ "wbcLookupUserSids failed");
}
return true;
@@ -243,6 +278,8 @@ struct torture_suite *torture_wbclient(void)
torture_suite_add_simple_test(suite, "wbcLibraryDetails",
test_wbc_library_details);
torture_suite_add_simple_test(suite, "wbcInterfaceDetails",
test_wbc_interface_details);
torture_suite_add_simple_test(suite, "wbcSidTypeString",
test_wbc_sidtypestring);
+ torture_suite_add_simple_test(suite, "wbcSidToString",
test_wbc_sidtostring);
+ torture_suite_add_simple_test(suite, "wbcGuidToString",
test_wbc_guidtostring);
torture_suite_add_simple_test(suite, "wbcDomainInfo",
test_wbc_domain_info);
torture_suite_add_simple_test(suite, "wbcListUsers", test_wbc_users);
torture_suite_add_simple_test(suite, "wbcListGroups", test_wbc_groups);
diff --git a/source3/rpc_server/srv_netlog_nt.c
b/source3/rpc_server/srv_netlog_nt.c
index 4b83279..491754f 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -827,6 +827,7 @@ NTSTATUS _netr_ServerPasswordSet2(pipes_struct *p,
struct samu *sampass;
DATA_BLOB plaintext;
struct samr_CryptPassword password_buf;
+ struct samr_Password nt_hash;
become_root();
status = netr_creds_server_step_check(p, p->mem_ctx,
@@ -852,6 +853,8 @@ NTSTATUS _netr_ServerPasswordSet2(pipes_struct *p,
return NT_STATUS_WRONG_PASSWORD;
}
+ mdfour(nt_hash.hash, plaintext.data, plaintext.length);
+
status = netr_find_machine_account(p->mem_ctx,
creds->account_name,
&sampass);
@@ -861,8 +864,8 @@ NTSTATUS _netr_ServerPasswordSet2(pipes_struct *p,
status = netr_set_machine_account_password(sampass,
sampass,
- &plaintext,
NULL,
+ &nt_hash,
NULL);
TALLOC_FREE(sampass);
return status;
diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c
index 6a753ed..f57c47b 100644
--- a/source4/torture/rpc/netlogon.c
+++ b/source4/torture/rpc/netlogon.c
@@ -1567,6 +1567,49 @@ static bool test_GetDcName(struct torture_context *tctx,
return true;
}
+static const char *function_code_str(TALLOC_CTX *mem_ctx,
+ enum netr_LogonControlCode function_code)
+{
+ switch (function_code) {
+ case NETLOGON_CONTROL_QUERY:
+ return "NETLOGON_CONTROL_QUERY";
+ case NETLOGON_CONTROL_REPLICATE:
+ return "NETLOGON_CONTROL_REPLICATE";
+ case NETLOGON_CONTROL_SYNCHRONIZE:
+ return "NETLOGON_CONTROL_SYNCHRONIZE";
+ case NETLOGON_CONTROL_PDC_REPLICATE:
+ return "NETLOGON_CONTROL_PDC_REPLICATE";
+ case NETLOGON_CONTROL_REDISCOVER:
+ return "NETLOGON_CONTROL_REDISCOVER";
+ case NETLOGON_CONTROL_TC_QUERY:
+ return "NETLOGON_CONTROL_TC_QUERY";
+ case NETLOGON_CONTROL_TRANSPORT_NOTIFY:
+ return "NETLOGON_CONTROL_TRANSPORT_NOTIFY";
+ case NETLOGON_CONTROL_FIND_USER:
+ return "NETLOGON_CONTROL_FIND_USER";
+ case NETLOGON_CONTROL_CHANGE_PASSWORD:
+ return "NETLOGON_CONTROL_CHANGE_PASSWORD";
+ case NETLOGON_CONTROL_TC_VERIFY:
+ return "NETLOGON_CONTROL_TC_VERIFY";
+ case NETLOGON_CONTROL_FORCE_DNS_REG:
+ return "NETLOGON_CONTROL_FORCE_DNS_REG";
+ case NETLOGON_CONTROL_QUERY_DNS_REG:
+ return "NETLOGON_CONTROL_QUERY_DNS_REG";
+ case NETLOGON_CONTROL_BACKUP_CHANGE_LOG:
+ return "NETLOGON_CONTROL_BACKUP_CHANGE_LOG";
+ case NETLOGON_CONTROL_TRUNCATE_LOG:
+ return "NETLOGON_CONTROL_TRUNCATE_LOG";
+ case NETLOGON_CONTROL_SET_DBFLAG:
+ return "NETLOGON_CONTROL_SET_DBFLAG";
+ case NETLOGON_CONTROL_BREAKPOINT:
+ return "NETLOGON_CONTROL_BREAKPOINT";
+ default:
+ return talloc_asprintf(mem_ctx, "unknown function code: %d",
+ function_code);
+ }
+}
+
+
/*
try a netlogon LogonControl
*/
@@ -1576,19 +1619,82 @@ static bool test_LogonControl(struct torture_context
*tctx,
NTSTATUS status;
struct netr_LogonControl r;
union netr_CONTROL_QUERY_INFORMATION query;
- int i;
+ int i,f;
+ uint32_t function_codes[] = {
+ NETLOGON_CONTROL_QUERY,
+ NETLOGON_CONTROL_REPLICATE,
+ NETLOGON_CONTROL_SYNCHRONIZE,
+ NETLOGON_CONTROL_PDC_REPLICATE,
+ NETLOGON_CONTROL_REDISCOVER,
+ NETLOGON_CONTROL_TC_QUERY,
+ NETLOGON_CONTROL_TRANSPORT_NOTIFY,
+ NETLOGON_CONTROL_FIND_USER,
+ NETLOGON_CONTROL_CHANGE_PASSWORD,
+ NETLOGON_CONTROL_TC_VERIFY,
+ NETLOGON_CONTROL_FORCE_DNS_REG,
+ NETLOGON_CONTROL_QUERY_DNS_REG,
+ NETLOGON_CONTROL_BACKUP_CHANGE_LOG,
+ NETLOGON_CONTROL_TRUNCATE_LOG,
+ NETLOGON_CONTROL_SET_DBFLAG,
+ NETLOGON_CONTROL_BREAKPOINT
+ };
r.in.logon_server = talloc_asprintf(tctx, "\\\\%s",
dcerpc_server_name(p));
r.in.function_code = 1;
r.out.query = &query;
- for (i=1;i<4;i++) {
+ for (f=0;f<ARRAY_SIZE(function_codes); f++) {
+ for (i=1;i<5;i++) {
+
+ r.in.function_code = function_codes[f];
r.in.level = i;
- torture_comment(tctx, "Testing LogonControl level %d\n", i);
+ torture_comment(tctx, "Testing LogonControl function code %s
(%d) level %d\n",
+ function_code_str(tctx, r.in.function_code),
r.in.function_code, r.in.level);
status = dcerpc_netr_LogonControl(p, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "LogonControl");
+
+ switch (r.in.level) {
+ case 1:
+ switch (r.in.function_code) {
+ case NETLOGON_CONTROL_REPLICATE:
+ case NETLOGON_CONTROL_SYNCHRONIZE:
+ case NETLOGON_CONTROL_PDC_REPLICATE:
+ case NETLOGON_CONTROL_BACKUP_CHANGE_LOG:
+ case NETLOGON_CONTROL_TRUNCATE_LOG:
+ case NETLOGON_CONTROL_BREAKPOINT:
+ torture_assert_werr_equal(tctx, r.out.result,
WERR_ACCESS_DENIED,
+ "LogonControl returned unexpected error
code");
+ break;
+ case NETLOGON_CONTROL_REDISCOVER:
+ case NETLOGON_CONTROL_TC_QUERY:
+ case NETLOGON_CONTROL_TRANSPORT_NOTIFY:
+ case NETLOGON_CONTROL_FIND_USER:
+ case NETLOGON_CONTROL_CHANGE_PASSWORD:
+ case NETLOGON_CONTROL_TC_VERIFY:
+ case NETLOGON_CONTROL_FORCE_DNS_REG:
+ case NETLOGON_CONTROL_QUERY_DNS_REG:
+ case NETLOGON_CONTROL_SET_DBFLAG:
+ torture_assert_werr_equal(tctx, r.out.result,
WERR_NOT_SUPPORTED,
+ "LogonControl returned unexpected error
code");
+ break;
+ default:
+ torture_assert_werr_ok(tctx, r.out.result,
+ "LogonControl returned unexpected
result");
+ break;
+ }
+ break;
+ case 2:
+ torture_assert_werr_equal(tctx, r.out.result,
WERR_NOT_SUPPORTED,
+ "LogonControl returned unexpected error code");
+ break;
+ default:
+ torture_assert_werr_equal(tctx, r.out.result,
WERR_UNKNOWN_LEVEL,
+ "LogonControl returned unexpected error code");
+ break;
+ }
+ }
}
return true;
--
Samba Shared Repository
