void lpcfg_smbcli_session_options(struct loadparm_context *lp_ctx,
struct smbcli_session_options *options)
{
options->lanman_auth = lpcfg_client_lanman_auth(lp_ctx);
options->ntlmv2_auth = lpcfg_client_ntlmv2_auth(lp_ctx);
options->plaintext_auth = lpcfg_client_plaintext_auth(lp_ctx);
}
/*
try a netlogon SamLogon
*/
bool test_netlogon_ex_ops(struct dcerpc_pipe *p, struct torture_context *tctx,
struct cli_credentials *credentials,
struct netlogon_creds_CredentialState *creds)
{
NTSTATUS status;
struct netr_LogonSamLogonEx r;
struct netr_NetworkInfo ninfo;
union netr_LogonLevel logon;
union netr_Validation validation;
uint8_t authoritative = 0;
uint32_t _flags = 0;
DATA_BLOB names_blob, chal, lm_resp, nt_resp;
int i;
int flags = CLI_CRED_NTLM_AUTH;
struct dcerpc_binding_handle *b = p->binding_handle;
struct netr_UserSessionKey key;
struct netr_LMSessionKey LMSessKey;
uint32_t validation_levels[] = { 2, 3 };
struct netr_SamBaseInfo *base = NULL;
const char *crypto_alg = "";
bool can_do_validation_6 = true;
enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE;
if (lpcfg_client_lanman_auth(tctx->lp_ctx)) {
flags |= CLI_CRED_LANMAN_AUTH;
}
if (lpcfg_client_ntlmv2_auth(tctx->lp_ctx)) {
flags |= CLI_CRED_NTLMv2_AUTH;
}
cli_credentials_get_ntlm_username_domain(cmdline_credentials, tctx,
&ninfo.identity_info.account_name.string,
&ninfo.identity_info.domain_name.string);
generate_random_buffer(ninfo.challenge,
sizeof(ninfo.challenge));
chal = data_blob_const(ninfo.challenge,
sizeof(ninfo.challenge));
names_blob = NTLMv2_generate_names_blob(tctx, cli_credentials_get_workstation(credentials),
cli_credentials_get_domain(credentials));
status = cli_credentials_get_ntlm_response(cmdline_credentials, tctx,
&flags,
chal,
names_blob,
&lm_resp, &nt_resp,
NULL, NULL);
torture_assert_ntstatus_ok(tctx, status,
"cli_credentials_get_ntlm_response failed");
ninfo.lm.data = lm_resp.data;
ninfo.lm.length = lm_resp.length;
ninfo.nt.data = nt_resp.data;
ninfo.nt.length = nt_resp.length;
ninfo.identity_info.parameter_control = 0;
ninfo.identity_info.logon_id_low = 0;
ninfo.identity_info.logon_id_high = 0;
ninfo.identity_info.workstation.string = cli_credentials_get_workstation(credentials);
logon.network = &ninfo;
r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
r.in.computer_name = cli_credentials_get_workstation(credentials);
r.in.logon_level = NetlogonNetworkInformation;
r.in.logon= &logon;
r.in.flags = &_flags;
r.out.validation = &validation;
r.out.authoritative = &authoritative;
r.out.flags = &_flags;
/*
- retrieve level6
- save usrsession and lmsession key
- retrieve level 2
- calculate, compare
- retrieve level 3
- calculate, compare
*/
if (creds) {
if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
crypto_alg = "AES";
} else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
crypto_alg = "ARCFOUR";
}
}
dcerpc_binding_handle_auth_info(b, NULL, &auth_level);
if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
r.in.validation_level = 6;
torture_comment(tctx,
"Testing LogonSamLogonEx with name %s using %s and validation_level: %d\n",
ninfo.identity_info.account_name.string, crypto_alg,
r.in.validation_level);
torture_assert_ntstatus_ok(tctx,
dcerpc_netr_LogonSamLogonEx_r(b, tctx, &r),
"LogonSamLogonEx failed");
} else {
torture_comment(tctx,
"Skip auth_level[%u] Testing LogonSamLogonEx with name %s using %s and validation_level: %d\n",
auth_level, ninfo.identity_info.account_name.string, crypto_alg,
r.in.validation_level);
r.out.result = NT_STATUS_INVALID_INFO_CLASS;
}
if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_INVALID_INFO_CLASS)) {
can_do_validation_6 = false;
} else {
torture_assert_ntstatus_ok(tctx, r.out.result,
"LogonSamLogonEx failed");
key = r.out.validation->sam6->base.key;
LMSessKey = r.out.validation->sam6->base.LMSessKey;
DEBUG(1,("unencrypted session keys from validation_level 6:\n"));
dump_data(1, r.out.validation->sam6->base.key.key, 16);
dump_data(1, r.out.validation->sam6->base.LMSessKey.key, 8);
}
for (i=0; i < ARRAY_SIZE(validation_levels); i++) {
r.in.validation_level = validation_levels[i];
torture_comment(tctx,
"Testing LogonSamLogonEx with name %s using %s and validation_level: %d\n",
ninfo.identity_info.account_name.string, crypto_alg,
r.in.validation_level);
torture_assert_ntstatus_ok(tctx,
dcerpc_netr_LogonSamLogonEx_r(b, tctx, &r),
"LogonSamLogonEx failed");
torture_assert_ntstatus_ok(tctx, r.out.result,
"LogonSamLogonEx failed");
if (creds == NULL) {
/* when this test is called without creds no point in
* testing the session keys */
continue;
}
switch (validation_levels[i]) {
case 2:
base = &r.out.validation->sam2->base;
break;
case 3:
base = &r.out.validation->sam3->base;
break;
default:
break;
}
DEBUG(1,("encrypted keys validation_level %d:\n",
validation_levels[i]));
dump_data(1, base->key.key, 16);
dump_data(1, base->LMSessKey.key, 8);
if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
netlogon_creds_aes_decrypt(creds, base->key.key, 16);
netlogon_creds_aes_decrypt(creds, base->LMSessKey.key, 8);
} else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
netlogon_creds_arcfour_crypt(creds, base->key.key, 16);
netlogon_creds_arcfour_crypt(creds, base->LMSessKey.key, 8);
}
DEBUG(1,("decryped keys validation_level %d\n",
validation_levels[i]));
dump_data(1, base->key.key, 16);
dump_data(1, base->LMSessKey.key, 8);
if (!can_do_validation_6) {
/* we cant compare against unencrypted keys */
continue;
}
torture_assert_mem_equal(tctx,
base->key.key,
key.key,
16,
"unexpected user session key\n");
torture_assert_mem_equal(tctx,
base->LMSessKey.key,
LMSessKey.key,
8,
"unexpected LM session key\n");
}
return true;
}
NTSTATUS encrypt_user_info(TALLOC_CTX *mem_ctx, struct auth4_context *auth_context,
enum auth_password_state to_state,
const struct auth_usersupplied_info *user_info_in,
const struct auth_usersupplied_info **user_info_encrypted)
{
NTSTATUS nt_status;
struct auth_usersupplied_info *user_info_temp;
switch (to_state) {
case AUTH_PASSWORD_RESPONSE:
switch (user_info_in->password_state) {
case AUTH_PASSWORD_PLAIN:
{
const struct auth_usersupplied_info *user_info_temp2;
nt_status = encrypt_user_info(mem_ctx, auth_context,
AUTH_PASSWORD_HASH,
user_info_in, &user_info_temp2);
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
user_info_in = user_info_temp2;
/* fall through */
}
case AUTH_PASSWORD_HASH:
{
uint8_t chal[8];
DATA_BLOB chall_blob;
user_info_temp = talloc_zero(mem_ctx, struct auth_usersupplied_info);
if (!user_info_temp) {
return NT_STATUS_NO_MEMORY;
}
if (!talloc_reference(user_info_temp, user_info_in)) {
return NT_STATUS_NO_MEMORY;
}
*user_info_temp = *user_info_in;
user_info_temp->mapped_state = to_state;
nt_status = auth_get_challenge(auth_context, chal);
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
chall_blob = data_blob_talloc(mem_ctx, chal, 8);
if (lpcfg_client_ntlmv2_auth(auth_context->lp_ctx)) {
DATA_BLOB names_blob = NTLMv2_generate_names_blob(mem_ctx, lpcfg_netbios_name(auth_context->lp_ctx), lpcfg_workgroup(auth_context->lp_ctx));
DATA_BLOB lmv2_response, ntlmv2_response, lmv2_session_key, ntlmv2_session_key;
if (!SMBNTLMv2encrypt_hash(user_info_temp,
user_info_in->client.account_name,
user_info_in->client.domain_name,
user_info_in->password.hash.nt->hash,
&chall_blob,
NULL, /* server_timestamp */
&names_blob,
&lmv2_response, &ntlmv2_response,
&lmv2_session_key, &ntlmv2_session_key)) {
data_blob_free(&names_blob);
return NT_STATUS_NO_MEMORY;
}
data_blob_free(&names_blob);
user_info_temp->password.response.lanman = lmv2_response;
user_info_temp->password.response.nt = ntlmv2_response;
data_blob_free(&lmv2_session_key);
data_blob_free(&ntlmv2_session_key);
} else {
DATA_BLOB blob = data_blob_talloc(mem_ctx, NULL, 24);
SMBOWFencrypt(user_info_in->password.hash.nt->hash, chal, blob.data);
user_info_temp->password.response.nt = blob;
if (lpcfg_client_lanman_auth(auth_context->lp_ctx) && user_info_in->password.hash.lanman) {
DATA_BLOB lm_blob = data_blob_talloc(mem_ctx, NULL, 24);
SMBOWFencrypt(user_info_in->password.hash.lanman->hash, chal, blob.data);
user_info_temp->password.response.lanman = lm_blob;
} else {
/* if not sending the LM password, send the NT password twice */
user_info_temp->password.response.lanman = user_info_temp->password.response.nt;
}
}
user_info_in = user_info_temp;
/* fall through */
}
case AUTH_PASSWORD_RESPONSE:
*user_info_encrypted = user_info_in;
}
break;
case AUTH_PASSWORD_HASH:
{
switch (user_info_in->password_state) {
case AUTH_PASSWORD_PLAIN:
{
struct samr_Password lanman;
struct samr_Password nt;
user_info_temp = talloc_zero(mem_ctx, struct auth_usersupplied_info);
if (!user_info_temp) {
return NT_STATUS_NO_MEMORY;
}
if (!talloc_reference(user_info_temp, user_info_in)) {
return NT_STATUS_NO_MEMORY;
}
*user_info_temp = *user_info_in;
user_info_temp->mapped_state = to_state;
if (E_deshash(user_info_in->password.plaintext, lanman.hash)) {
user_info_temp->password.hash.lanman = talloc(user_info_temp,
struct samr_Password);
*user_info_temp->password.hash.lanman = lanman;
} else {
user_info_temp->password.hash.lanman = NULL;
}
E_md4hash(user_info_in->password.plaintext, nt.hash);
user_info_temp->password.hash.nt = talloc(user_info_temp,
struct samr_Password);
*user_info_temp->password.hash.nt = nt;
user_info_in = user_info_temp;
/* fall through */
}
case AUTH_PASSWORD_HASH:
*user_info_encrypted = user_info_in;
break;
default:
return NT_STATUS_INVALID_PARAMETER;
break;
}
break;
}
bool torture_samba3_badpath(struct torture_context *torture)
{
struct smbcli_state *cli_nt = NULL;
struct smbcli_state *cli_dos = NULL;
const char *fname = "test.txt";
const char *fname1 = "test1.txt";
const char *dirname = "testdir";
char *fpath;
char *fpath1;
int fnum;
NTSTATUS status;
bool ret = true;
TALLOC_CTX *mem_ctx;
bool nt_status_support;
bool client_ntlmv2_auth;
torture_assert(torture, mem_ctx = talloc_init("torture_samba3_badpath"), "talloc_init failed");
nt_status_support = lpcfg_nt_status_support(torture->lp_ctx);
client_ntlmv2_auth = lpcfg_client_ntlmv2_auth(torture->lp_ctx);
torture_assert_goto(torture, lpcfg_set_cmdline(torture->lp_ctx, "nt status support", "yes"), ret, fail, "Could not set 'nt status support = yes'\n");
torture_assert_goto(torture, lpcfg_set_cmdline(torture->lp_ctx, "client ntlmv2 auth", "yes"), ret, fail, "Could not set 'client ntlmv2 auth = yes'\n");
torture_assert_goto(torture, torture_open_connection(&cli_nt, torture, 0), ret, fail, "Could not open NTSTATUS connection\n");
torture_assert_goto(torture, lpcfg_set_cmdline(torture->lp_ctx, "nt status support", "no"), ret, fail, "Could not set 'nt status support = no'\n");
torture_assert_goto(torture, lpcfg_set_cmdline(torture->lp_ctx, "client ntlmv2 auth", "no"), ret, fail, "Could not set 'client ntlmv2 auth = no'\n");
torture_assert_goto(torture, torture_open_connection(&cli_dos, torture, 1), ret, fail, "Could not open DOS connection\n");
torture_assert_goto(torture, lpcfg_set_cmdline(torture->lp_ctx, "nt status support",
nt_status_support ? "yes":"no"),
ret, fail, "Could not set 'nt status support' back to where it was\n");
torture_assert_goto(torture, lpcfg_set_cmdline(torture->lp_ctx, "client ntlmv2 auth",
client_ntlmv2_auth ? "yes":"no"),
ret, fail, "Could not set 'client ntlmv2 auth' back to where it was\n");
torture_assert(torture, torture_setup_dir(cli_nt, dirname), "creating test directory");
status = smbcli_chkpath(cli_nt->tree, dirname);
CHECK_STATUS(torture, status, NT_STATUS_OK);
status = smbcli_chkpath(cli_nt->tree,
talloc_asprintf(mem_ctx, "%s\\bla", dirname));
CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
status = smbcli_chkpath(cli_dos->tree,
talloc_asprintf(mem_ctx, "%s\\bla", dirname));
CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRbadpath));
status = smbcli_chkpath(cli_nt->tree,
talloc_asprintf(mem_ctx, "%s\\bla\\blub",
dirname));
CHECK_STATUS(torture, status, NT_STATUS_OBJECT_PATH_NOT_FOUND);
status = smbcli_chkpath(cli_dos->tree,
talloc_asprintf(mem_ctx, "%s\\bla\\blub",
dirname));
CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRbadpath));
torture_assert_goto(torture, fpath = talloc_asprintf(mem_ctx, "%s\\%s", dirname, fname),
ret, fail, "Could not allocate fpath\n");
fnum = smbcli_open(cli_nt->tree, fpath, O_RDWR | O_CREAT, DENY_NONE);
if (fnum == -1) {
torture_result(torture, TORTURE_FAIL, "Could not create file %s: %s\n", fpath,
smbcli_errstr(cli_nt->tree));
goto fail;
}
smbcli_close(cli_nt->tree, fnum);
if (!(fpath1 = talloc_asprintf(mem_ctx, "%s\\%s", dirname, fname1))) {
goto fail;
}
fnum = smbcli_open(cli_nt->tree, fpath1, O_RDWR | O_CREAT, DENY_NONE);
if (fnum == -1) {
torture_result(torture, TORTURE_FAIL, "Could not create file %s: %s\n", fpath1,
smbcli_errstr(cli_nt->tree));
goto fail;
}
smbcli_close(cli_nt->tree, fnum);
/*
* Do a whole bunch of error code checks on chkpath
*/
status = smbcli_chkpath(cli_nt->tree, fpath);
CHECK_STATUS(torture, status, NT_STATUS_NOT_A_DIRECTORY);
status = smbcli_chkpath(cli_dos->tree, fpath);
CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRbadpath));
status = smbcli_chkpath(cli_nt->tree, "..");
CHECK_STATUS(torture, status, NT_STATUS_OBJECT_PATH_SYNTAX_BAD);
status = smbcli_chkpath(cli_dos->tree, "..");
CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRinvalidpath));
status = smbcli_chkpath(cli_nt->tree, ".");
CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_INVALID);
status = smbcli_chkpath(cli_dos->tree, ".");
CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRbadpath));
status = smbcli_chkpath(cli_nt->tree, "\t");
CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_INVALID);
status = smbcli_chkpath(cli_dos->tree, "\t");
CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRbadpath));
status = smbcli_chkpath(cli_nt->tree, "\t\\bla");
CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_INVALID);
status = smbcli_chkpath(cli_dos->tree, "\t\\bla");
CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRbadpath));
status = smbcli_chkpath(cli_nt->tree, "<");
CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_INVALID);
status = smbcli_chkpath(cli_dos->tree, "<");
CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRbadpath));
status = smbcli_chkpath(cli_nt->tree, "<\\bla");
CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_INVALID);
status = smbcli_chkpath(cli_dos->tree, "<\\bla");
CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRbadpath));
/*
* .... And the same gang against getatr. Note that the DOS error codes
* differ....
*/
status = smbcli_getatr(cli_nt->tree, fpath, NULL, NULL, NULL);
CHECK_STATUS(torture, status, NT_STATUS_OK);
status = smbcli_getatr(cli_dos->tree, fpath, NULL, NULL, NULL);
CHECK_STATUS(torture, status, NT_STATUS_OK);
status = smbcli_getatr(cli_nt->tree, "..", NULL, NULL, NULL);
CHECK_STATUS(torture, status, NT_STATUS_OBJECT_PATH_SYNTAX_BAD);
status = smbcli_getatr(cli_dos->tree, "..", NULL, NULL, NULL);
CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRinvalidpath));
status = smbcli_getatr(cli_nt->tree, ".", NULL, NULL, NULL);
CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_INVALID);
status = smbcli_getatr(cli_dos->tree, ".", NULL, NULL, NULL);
CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRinvalidname));
status = smbcli_getatr(cli_nt->tree, "\t", NULL, NULL, NULL);
CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_INVALID);
status = smbcli_getatr(cli_dos->tree, "\t", NULL, NULL, NULL);
CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRinvalidname));
status = smbcli_getatr(cli_nt->tree, "\t\\bla", NULL, NULL, NULL);
CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_INVALID);
status = smbcli_getatr(cli_dos->tree, "\t\\bla", NULL, NULL, NULL);
CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRinvalidname));
status = smbcli_getatr(cli_nt->tree, "<", NULL, NULL, NULL);
CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_INVALID);
status = smbcli_getatr(cli_dos->tree, "<", NULL, NULL, NULL);
CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRinvalidname));
status = smbcli_getatr(cli_nt->tree, "<\\bla", NULL, NULL, NULL);
CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_INVALID);
status = smbcli_getatr(cli_dos->tree, "<\\bla", NULL, NULL, NULL);
CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRinvalidname));
/* Try the same set with openX. */
status = raw_smbcli_open(cli_nt->tree, "..", O_RDONLY, DENY_NONE, NULL);
CHECK_STATUS(torture, status, NT_STATUS_OBJECT_PATH_SYNTAX_BAD);
status = raw_smbcli_open(cli_dos->tree, "..", O_RDONLY, DENY_NONE, NULL);
CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRinvalidpath));
status = raw_smbcli_open(cli_nt->tree, ".", O_RDONLY, DENY_NONE, NULL);
CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_INVALID);
status = raw_smbcli_open(cli_dos->tree, ".", O_RDONLY, DENY_NONE, NULL);
CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRinvalidname));
status = raw_smbcli_open(cli_nt->tree, "\t", O_RDONLY, DENY_NONE, NULL);
CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_INVALID);
status = raw_smbcli_open(cli_dos->tree, "\t", O_RDONLY, DENY_NONE, NULL);
CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRinvalidname));
status = raw_smbcli_open(cli_nt->tree, "\t\\bla", O_RDONLY, DENY_NONE, NULL);
CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_INVALID);
status = raw_smbcli_open(cli_dos->tree, "\t\\bla", O_RDONLY, DENY_NONE, NULL);
CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRinvalidname));
status = raw_smbcli_open(cli_nt->tree, "<", O_RDONLY, DENY_NONE, NULL);
CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_INVALID);
status = raw_smbcli_open(cli_dos->tree, "<", O_RDONLY, DENY_NONE, NULL);
CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRinvalidname));
status = raw_smbcli_open(cli_nt->tree, "<\\bla", O_RDONLY, DENY_NONE, NULL);
CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_INVALID);
status = raw_smbcli_open(cli_dos->tree, "<\\bla", O_RDONLY, DENY_NONE, NULL);
CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS, ERRinvalidname));
/* Let's test EEXIST error code mapping. */
status = raw_smbcli_open(cli_nt->tree, fpath, O_RDONLY | O_CREAT| O_EXCL, DENY_NONE, NULL);
CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_COLLISION);
status = raw_smbcli_open(cli_dos->tree, fpath, O_RDONLY | O_CREAT| O_EXCL, DENY_NONE, NULL);
CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS,ERRfilexists));
status = raw_smbcli_t2open(cli_nt->tree, fpath, O_RDONLY | O_CREAT| O_EXCL, DENY_NONE, NULL);
if (!NT_STATUS_EQUAL(status, NT_STATUS_EAS_NOT_SUPPORTED)
|| !torture_setting_bool(torture, "samba3", false)) {
/* Against samba3, treat EAS_NOT_SUPPORTED as acceptable */
CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_COLLISION);
}
status = raw_smbcli_t2open(cli_dos->tree, fpath, O_RDONLY | O_CREAT| O_EXCL, DENY_NONE, NULL);
if (!NT_STATUS_EQUAL(status, NT_STATUS_DOS(ERRDOS,ERReasnotsupported))
|| !torture_setting_bool(torture, "samba3", false)) {
/* Against samba3, treat EAS_NOT_SUPPORTED as acceptable */
CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS,ERRfilexists));
}
status = raw_smbcli_ntcreate(cli_nt->tree, fpath, NULL);
CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_COLLISION);
status = raw_smbcli_ntcreate(cli_dos->tree, fpath, NULL);
CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS,ERRfilexists));
/* Try the rename test. */
{
union smb_rename io;
memset(&io, '\0', sizeof(io));
io.rename.in.pattern1 = fpath1;
io.rename.in.pattern2 = fpath;
/* Try with SMBmv rename. */
status = smb_raw_rename(cli_nt->tree, &io);
CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_COLLISION);
status = smb_raw_rename(cli_dos->tree, &io);
CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS,ERRrename));
/* Try with NT rename. */
io.generic.level = RAW_RENAME_NTRENAME;
io.ntrename.in.old_name = fpath1;
io.ntrename.in.new_name = fpath;
io.ntrename.in.attrib = 0;
io.ntrename.in.cluster_size = 0;
io.ntrename.in.flags = RENAME_FLAG_RENAME;
status = smb_raw_rename(cli_nt->tree, &io);
CHECK_STATUS(torture, status, NT_STATUS_OBJECT_NAME_COLLISION);
status = smb_raw_rename(cli_dos->tree, &io);
CHECK_STATUS(torture, status, NT_STATUS_DOS(ERRDOS,ERRrename));
}
goto done;
fail:
ret = false;
done:
if (cli_nt != NULL) {
smbcli_deltree(cli_nt->tree, dirname);
torture_close_connection(cli_nt);
}
if (cli_dos != NULL) {
torture_close_connection(cli_dos);
}
talloc_free(mem_ctx);
return ret;
}
NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_security)
{
struct gensec_ntlmssp_context *gensec_ntlmssp;
struct ntlmssp_state *ntlmssp_state;
NTSTATUS nt_status;
nt_status = gensec_ntlmssp_start(gensec_security);
NT_STATUS_NOT_OK_RETURN(nt_status);
gensec_ntlmssp =
talloc_get_type_abort(gensec_security->private_data,
struct gensec_ntlmssp_context);
ntlmssp_state = talloc_zero(gensec_ntlmssp,
struct ntlmssp_state);
if (!ntlmssp_state) {
return NT_STATUS_NO_MEMORY;
}
gensec_ntlmssp->ntlmssp_state = ntlmssp_state;
ntlmssp_state = gensec_ntlmssp->ntlmssp_state;
ntlmssp_state->role = NTLMSSP_CLIENT;
ntlmssp_state->client.netbios_domain = lpcfg_workgroup(gensec_security->settings->lp_ctx);
ntlmssp_state->client.netbios_name = cli_credentials_get_workstation(gensec_security->credentials);
ntlmssp_state->unicode = gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "unicode", true);
ntlmssp_state->use_nt_response = gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "send_nt_reponse", true);
ntlmssp_state->allow_lm_key = (lpcfg_client_lanman_auth(gensec_security->settings->lp_ctx)
&& (gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "allow_lm_key", false)
|| gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "lm_key", false)));
ntlmssp_state->use_ntlmv2 = lpcfg_client_ntlmv2_auth(gensec_security->settings->lp_ctx);
ntlmssp_state->expected_state = NTLMSSP_INITIAL;
ntlmssp_state->neg_flags =
NTLMSSP_NEGOTIATE_NTLM |
NTLMSSP_REQUEST_TARGET;
if (gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "128bit", true)) {
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_128;
}
if (gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "56bit", false)) {
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_56;
}
if (gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "lm_key", false)) {
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_LM_KEY;
}
if (gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "keyexchange", true)) {
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_KEY_EXCH;
}
if (gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "alwayssign", true)) {
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
}
if (gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "ntlm2", true)) {
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2;
} else {
/* apparently we can't do ntlmv2 if we don't do ntlm2 */
ntlmssp_state->use_ntlmv2 = false;
}
if (gensec_security->want_features & GENSEC_FEATURE_SESSION_KEY) {
/*
* We need to set this to allow a later SetPassword
* via the SAMR pipe to succeed. Strange.... We could
* also add NTLMSSP_NEGOTIATE_SEAL here. JRA.
*
* Without this, Windows will not create the master key
* that it thinks is only used for NTLMSSP signing and
* sealing. (It is actually pulled out and used directly)
*/
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
}
if (gensec_security->want_features & GENSEC_FEATURE_SIGN) {
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
}
if (gensec_security->want_features & GENSEC_FEATURE_SEAL) {
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
}
return NT_STATUS_OK;
}
/*
try a netlogon SamLogon
*/
bool test_netlogon_ex_ops(struct dcerpc_pipe *p, struct torture_context *tctx,
struct cli_credentials *credentials,
struct netlogon_creds_CredentialState *creds)
{
NTSTATUS status;
struct netr_LogonSamLogonEx r;
struct netr_NetworkInfo ninfo;
union netr_LogonLevel logon;
union netr_Validation validation;
uint8_t authoritative = 0;
uint32_t _flags = 0;
DATA_BLOB names_blob, chal, lm_resp, nt_resp;
int i;
int flags = CLI_CRED_NTLM_AUTH;
struct dcerpc_binding_handle *b = p->binding_handle;
if (lpcfg_client_lanman_auth(tctx->lp_ctx)) {
flags |= CLI_CRED_LANMAN_AUTH;
}
if (lpcfg_client_ntlmv2_auth(tctx->lp_ctx)) {
flags |= CLI_CRED_NTLMv2_AUTH;
}
cli_credentials_get_ntlm_username_domain(cmdline_credentials, tctx,
&ninfo.identity_info.account_name.string,
&ninfo.identity_info.domain_name.string);
generate_random_buffer(ninfo.challenge,
sizeof(ninfo.challenge));
chal = data_blob_const(ninfo.challenge,
sizeof(ninfo.challenge));
names_blob = NTLMv2_generate_names_blob(tctx, cli_credentials_get_workstation(credentials),
cli_credentials_get_domain(credentials));
status = cli_credentials_get_ntlm_response(cmdline_credentials, tctx,
&flags,
chal,
names_blob,
&lm_resp, &nt_resp,
NULL, NULL);
torture_assert_ntstatus_ok(tctx, status,
"cli_credentials_get_ntlm_response failed");
ninfo.lm.data = lm_resp.data;
ninfo.lm.length = lm_resp.length;
ninfo.nt.data = nt_resp.data;
ninfo.nt.length = nt_resp.length;
ninfo.identity_info.parameter_control = 0;
ninfo.identity_info.logon_id_low = 0;
ninfo.identity_info.logon_id_high = 0;
ninfo.identity_info.workstation.string = cli_credentials_get_workstation(credentials);
logon.network = &ninfo;
r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
r.in.computer_name = cli_credentials_get_workstation(credentials);
r.in.logon_level = 2;
r.in.logon= &logon;
r.in.flags = &_flags;
r.out.validation = &validation;
r.out.authoritative = &authoritative;
r.out.flags = &_flags;
torture_comment(tctx,
"Testing LogonSamLogonEx with name %s\n",
ninfo.identity_info.account_name.string);
for (i=2;i<3;i++) {
r.in.validation_level = i;
torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogonEx_r(b, tctx, &r),
"LogonSamLogon failed");
torture_assert_ntstatus_ok(tctx, r.out.result, "LogonSamLogon failed");
}
return true;
}
