/*
try a netlogon SamLogon
*/
bool test_netlogon_ex_ops(struct dcerpc_pipe *p, struct torture_context *tctx,
struct cli_credentials *credentials,
struct netlogon_creds_CredentialState *creds)
{
NTSTATUS status;
struct netr_LogonSamLogonEx r;
struct netr_NetworkInfo ninfo;
union netr_LogonLevel logon;
union netr_Validation validation;
uint8_t authoritative = 0;
uint32_t _flags = 0;
DATA_BLOB names_blob, chal, lm_resp, nt_resp;
int i;
int flags = CLI_CRED_NTLM_AUTH;
struct dcerpc_binding_handle *b = p->binding_handle;
struct netr_UserSessionKey key;
struct netr_LMSessionKey LMSessKey;
uint32_t validation_levels[] = { 2, 3 };
struct netr_SamBaseInfo *base = NULL;
const char *crypto_alg = "";
bool can_do_validation_6 = true;
enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE;
if (lpcfg_client_lanman_auth(tctx->lp_ctx)) {
flags |= CLI_CRED_LANMAN_AUTH;
}
if (lpcfg_client_ntlmv2_auth(tctx->lp_ctx)) {
flags |= CLI_CRED_NTLMv2_AUTH;
}
cli_credentials_get_ntlm_username_domain(cmdline_credentials, tctx,
&ninfo.identity_info.account_name.string,
&ninfo.identity_info.domain_name.string);
generate_random_buffer(ninfo.challenge,
sizeof(ninfo.challenge));
chal = data_blob_const(ninfo.challenge,
sizeof(ninfo.challenge));
names_blob = NTLMv2_generate_names_blob(tctx, cli_credentials_get_workstation(credentials),
cli_credentials_get_domain(credentials));
status = cli_credentials_get_ntlm_response(cmdline_credentials, tctx,
&flags,
chal,
names_blob,
&lm_resp, &nt_resp,
NULL, NULL);
torture_assert_ntstatus_ok(tctx, status,
"cli_credentials_get_ntlm_response failed");
ninfo.lm.data = lm_resp.data;
ninfo.lm.length = lm_resp.length;
ninfo.nt.data = nt_resp.data;
ninfo.nt.length = nt_resp.length;
ninfo.identity_info.parameter_control = 0;
ninfo.identity_info.logon_id_low = 0;
ninfo.identity_info.logon_id_high = 0;
ninfo.identity_info.workstation.string = cli_credentials_get_workstation(credentials);
logon.network = &ninfo;
r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
r.in.computer_name = cli_credentials_get_workstation(credentials);
r.in.logon_level = NetlogonNetworkInformation;
r.in.logon= &logon;
r.in.flags = &_flags;
r.out.validation = &validation;
r.out.authoritative = &authoritative;
r.out.flags = &_flags;
/*
- retrieve level6
- save usrsession and lmsession key
- retrieve level 2
- calculate, compare
- retrieve level 3
- calculate, compare
*/
if (creds) {
if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
crypto_alg = "AES";
} else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
crypto_alg = "ARCFOUR";
}
}
dcerpc_binding_handle_auth_info(b, NULL, &auth_level);
if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
r.in.validation_level = 6;
torture_comment(tctx,
"Testing LogonSamLogonEx with name %s using %s and validation_level: %d\n",
ninfo.identity_info.account_name.string, crypto_alg,
r.in.validation_level);
torture_assert_ntstatus_ok(tctx,
dcerpc_netr_LogonSamLogonEx_r(b, tctx, &r),
"LogonSamLogonEx failed");
} else {
torture_comment(tctx,
"Skip auth_level[%u] Testing LogonSamLogonEx with name %s using %s and validation_level: %d\n",
auth_level, ninfo.identity_info.account_name.string, crypto_alg,
r.in.validation_level);
r.out.result = NT_STATUS_INVALID_INFO_CLASS;
}
if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_INVALID_INFO_CLASS)) {
can_do_validation_6 = false;
} else {
torture_assert_ntstatus_ok(tctx, r.out.result,
"LogonSamLogonEx failed");
key = r.out.validation->sam6->base.key;
LMSessKey = r.out.validation->sam6->base.LMSessKey;
DEBUG(1,("unencrypted session keys from validation_level 6:\n"));
dump_data(1, r.out.validation->sam6->base.key.key, 16);
dump_data(1, r.out.validation->sam6->base.LMSessKey.key, 8);
}
for (i=0; i < ARRAY_SIZE(validation_levels); i++) {
r.in.validation_level = validation_levels[i];
torture_comment(tctx,
"Testing LogonSamLogonEx with name %s using %s and validation_level: %d\n",
ninfo.identity_info.account_name.string, crypto_alg,
r.in.validation_level);
torture_assert_ntstatus_ok(tctx,
dcerpc_netr_LogonSamLogonEx_r(b, tctx, &r),
"LogonSamLogonEx failed");
torture_assert_ntstatus_ok(tctx, r.out.result,
"LogonSamLogonEx failed");
if (creds == NULL) {
/* when this test is called without creds no point in
* testing the session keys */
continue;
}
switch (validation_levels[i]) {
case 2:
base = &r.out.validation->sam2->base;
break;
case 3:
base = &r.out.validation->sam3->base;
break;
default:
break;
}
DEBUG(1,("encrypted keys validation_level %d:\n",
validation_levels[i]));
dump_data(1, base->key.key, 16);
dump_data(1, base->LMSessKey.key, 8);
if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
netlogon_creds_aes_decrypt(creds, base->key.key, 16);
netlogon_creds_aes_decrypt(creds, base->LMSessKey.key, 8);
} else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
netlogon_creds_arcfour_crypt(creds, base->key.key, 16);
netlogon_creds_arcfour_crypt(creds, base->LMSessKey.key, 8);
}
DEBUG(1,("decryped keys validation_level %d\n",
validation_levels[i]));
dump_data(1, base->key.key, 16);
dump_data(1, base->LMSessKey.key, 8);
if (!can_do_validation_6) {
/* we cant compare against unencrypted keys */
continue;
}
torture_assert_mem_equal(tctx,
base->key.key,
key.key,
16,
"unexpected user session key\n");
torture_assert_mem_equal(tctx,
base->LMSessKey.key,
LMSessKey.key,
8,
"unexpected LM session key\n");
}
return true;
}
/*
try a netlogon SamLogon
*/
bool test_netlogon_ex_ops(struct dcerpc_pipe *p, struct torture_context *tctx,
struct cli_credentials *credentials,
struct netlogon_creds_CredentialState *creds)
{
NTSTATUS status;
struct netr_LogonSamLogonEx r;
struct netr_NetworkInfo ninfo;
union netr_LogonLevel logon;
union netr_Validation validation;
uint8_t authoritative = 0;
uint32_t _flags = 0;
DATA_BLOB names_blob, chal, lm_resp, nt_resp;
int i;
int flags = CLI_CRED_NTLM_AUTH;
struct dcerpc_binding_handle *b = p->binding_handle;
if (lpcfg_client_lanman_auth(tctx->lp_ctx)) {
flags |= CLI_CRED_LANMAN_AUTH;
}
if (lpcfg_client_ntlmv2_auth(tctx->lp_ctx)) {
flags |= CLI_CRED_NTLMv2_AUTH;
}
cli_credentials_get_ntlm_username_domain(cmdline_credentials, tctx,
&ninfo.identity_info.account_name.string,
&ninfo.identity_info.domain_name.string);
generate_random_buffer(ninfo.challenge,
sizeof(ninfo.challenge));
chal = data_blob_const(ninfo.challenge,
sizeof(ninfo.challenge));
names_blob = NTLMv2_generate_names_blob(tctx, cli_credentials_get_workstation(credentials),
cli_credentials_get_domain(credentials));
status = cli_credentials_get_ntlm_response(cmdline_credentials, tctx,
&flags,
chal,
names_blob,
&lm_resp, &nt_resp,
NULL, NULL);
torture_assert_ntstatus_ok(tctx, status,
"cli_credentials_get_ntlm_response failed");
ninfo.lm.data = lm_resp.data;
ninfo.lm.length = lm_resp.length;
ninfo.nt.data = nt_resp.data;
ninfo.nt.length = nt_resp.length;
ninfo.identity_info.parameter_control = 0;
ninfo.identity_info.logon_id_low = 0;
ninfo.identity_info.logon_id_high = 0;
ninfo.identity_info.workstation.string = cli_credentials_get_workstation(credentials);
logon.network = &ninfo;
r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
r.in.computer_name = cli_credentials_get_workstation(credentials);
r.in.logon_level = 2;
r.in.logon= &logon;
r.in.flags = &_flags;
r.out.validation = &validation;
r.out.authoritative = &authoritative;
r.out.flags = &_flags;
torture_comment(tctx,
"Testing LogonSamLogonEx with name %s\n",
ninfo.identity_info.account_name.string);
for (i=2;i<3;i++) {
r.in.validation_level = i;
torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogonEx_r(b, tctx, &r),
"LogonSamLogon failed");
torture_assert_ntstatus_ok(tctx, r.out.result, "LogonSamLogon failed");
}
return true;
}
