svn commit: samba r4510 - in branches/SAMBA_4_0/source/torture/rpc: .

abartlet at samba.org abartlet at samba.org
Tue Jan 4 03:06:23 GMT 2005 

Author: abartlet
Date: 2005-01-04 03:06:23 +0000 (Tue, 04 Jan 2005)
New Revision: 4510

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=4510

Log:
Some more tests for RPC-NETLOGON, checking the idea that we could
combine the NTLM and LMv2 responses, for maximum compatability from a
client perspective, allowing access to servers that require NTLMv2, as
well as those that don't support it.

Currently, this is unfortunetly not possible against Win2k3 (and Samba
is being coded to match that behaviour at this point).

Andrew Bartlett

Modified:
   branches/SAMBA_4_0/source/torture/rpc/samlogon.c


Changeset:
Modified: branches/SAMBA_4_0/source/torture/rpc/samlogon.c
===================================================================
--- branches/SAMBA_4_0/source/torture/rpc/samlogon.c	2005-01-03 23:28:45 UTC (rev 4509)
+++ branches/SAMBA_4_0/source/torture/rpc/samlogon.c	2005-01-04 03:06:23 UTC (rev 4510)
@@ -626,6 +626,135 @@
 }
 
 /* 
+ * Test the NTLM and LMv2 responses
+ */
+
+static BOOL test_lmv2_ntlm_broken(struct samlogon_state *samlogon_state, enum ntlm_break break_which, char **error_string) 
+{
+	BOOL pass = True;
+	NTSTATUS nt_status;
+	DATA_BLOB ntlmv2_response = data_blob(NULL, 0);
+	DATA_BLOB lmv2_response = data_blob(NULL, 0);
+	DATA_BLOB lmv2_session_key = data_blob(NULL, 0);
+	DATA_BLOB ntlmv2_session_key = data_blob(NULL, 0);
+	DATA_BLOB names_blob = NTLMv2_generate_names_blob(samlogon_state->mem_ctx, lp_netbios_name(), lp_workgroup());
+
+	DATA_BLOB ntlm_response = data_blob_talloc(samlogon_state->mem_ctx, NULL, 24);
+	DATA_BLOB ntlm_session_key = data_blob_talloc(samlogon_state->mem_ctx, NULL, 16);
+
+	uint8_t lm_hash[16];
+	uint8_t lm_session_key[8];
+	uint8_t user_session_key[16];
+	uint8_t nt_hash[16];
+
+	SMBNTencrypt(samlogon_state->password, samlogon_state->chall.data, 
+		     ntlm_response.data);
+	E_md4hash(samlogon_state->password, nt_hash);
+	SMBsesskeygen_ntv1(nt_hash, 
+			   ntlm_session_key.data);
+	E_deshash(samlogon_state->password, lm_hash); 
+
+	ZERO_STRUCT(lm_session_key);
+	ZERO_STRUCT(user_session_key);
+	
+	/* TODO - test with various domain cases, and without domain */
+	if (!SMBNTLMv2encrypt(samlogon_state->account_name, samlogon_state->account_domain, 
+			      samlogon_state->password, &samlogon_state->chall,
+			      &names_blob,
+			      &lmv2_response, &ntlmv2_response, 
+			      &lmv2_session_key, &ntlmv2_session_key)) {
+		data_blob_free(&names_blob);
+		return False;
+	}
+	data_blob_free(&names_blob);
+
+	nt_status = check_samlogon(samlogon_state,
+				   break_which,
+				   &samlogon_state->chall,
+				   &lmv2_response,
+				   &ntlm_response,
+				   lm_session_key, 
+				   user_session_key,
+				   error_string);
+	
+	data_blob_free(&lmv2_response);
+	data_blob_free(&ntlmv2_response);
+
+
+	if (NT_STATUS_EQUAL(NT_STATUS_WRONG_PASSWORD, nt_status)) {
+		return ((break_which == BREAK_NT) || (break_which == BREAK_BOTH));
+	}
+
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		return False;
+	}
+
+	switch (break_which) {
+	case NO_NT:
+		if (memcmp(lmv2_session_key.data, user_session_key, 
+			   sizeof(user_session_key)) != 0) {
+			printf("USER (LMv2) Session Key does not match expectations!\n");
+			printf("user_session_key:\n");
+			dump_data(1, user_session_key, 16);
+			printf("expected:\n");
+			dump_data(1, lmv2_session_key.data, ntlmv2_session_key.length);
+			pass = False;
+		}
+		if (memcmp(lmv2_session_key.data, lm_session_key, 
+			   sizeof(lm_session_key)) != 0) {
+			printf("LM (LMv2) Session Key does not match expectations!\n");
+			printf("lm_session_key:\n");
+			dump_data(1, lm_session_key, 8);
+			printf("expected:\n");
+			dump_data(1, lmv2_session_key.data, 8);
+			pass = False;
+		}
+		break;
+	case BREAK_LM:
+		if (memcmp(ntlm_session_key.data, user_session_key, 
+			   sizeof(user_session_key)) != 0) {
+			printf("USER (NTLMv2) Session Key does not match expectations!\n");
+			printf("user_session_key:\n");
+			dump_data(1, user_session_key, 16);
+			printf("expected:\n");
+			dump_data(1, ntlm_session_key.data, ntlm_session_key.length);
+			pass = False;
+		}
+		if (memcmp(lm_hash, lm_session_key, 
+			   sizeof(lm_session_key)) != 0) {
+			printf("LM Session Key does not match expectations!\n");
+			printf("lm_session_key:\n");
+			dump_data(1, lm_session_key, 8);
+			printf("expected:\n");
+			dump_data(1, lm_hash, 8);
+			pass = False;
+		}
+		break;
+	default:
+		if (memcmp(ntlm_session_key.data, user_session_key, 
+			   sizeof(user_session_key)) != 0) {
+			printf("USER (NTLMv2) Session Key does not match expectations!\n");
+			printf("user_session_key:\n");
+			dump_data(1, user_session_key, 16);
+			printf("expected:\n");
+			dump_data(1, ntlm_session_key.data, ntlm_session_key.length);
+			pass = False;
+		}
+		if (memcmp(ntlm_session_key.data, lm_session_key, 
+			   sizeof(lm_session_key)) != 0) {
+			printf("LM (NTLMv2) Session Key does not match expectations!\n");
+			printf("lm_session_key:\n");
+			dump_data(1, lm_session_key, 8);
+			printf("expected:\n");
+			dump_data(1, ntlm_session_key.data, 8);
+			pass = False;
+		}
+	}
+
+        return pass;
+}
+
+/* 
  * Test the NTLMv2 and LMv2 responses
  */
 
@@ -686,6 +815,21 @@
 	return test_lmv2_ntlmv2_broken(samlogon_state, BREAK_BOTH, error_string);
 }
 
+static BOOL test_lmv2_ntlm_both_broken(struct samlogon_state *samlogon_state, char **error_string) 
+{
+	return test_lmv2_ntlm_broken(samlogon_state, BREAK_BOTH, error_string);
+}
+
+static BOOL test_lmv2_ntlm_break_ntlm(struct samlogon_state *samlogon_state, char **error_string) 
+{
+	return test_lmv2_ntlm_broken(samlogon_state, BREAK_NT, error_string);
+}
+
+static BOOL test_lmv2_ntlm_break_lm(struct samlogon_state *samlogon_state, char **error_string) 
+{
+	return test_lmv2_ntlm_broken(samlogon_state, BREAK_LM, error_string);
+}
+
 /* 
  * Test the NTLM2 response (extra challenge in LM feild)
  *
@@ -885,6 +1029,9 @@
 	{test_ntlm_lm_broken, "NTLM and LM, LM broken", False},
 	{test_ntlm_ntlm_broken, "NTLM and LM, NTLM broken", False},
 	{test_ntlm2, "NTLM2 (NTLMv2 session security)", False},
+	{test_lmv2_ntlm_both_broken, "LMv2 and NTLM, both broken", False},
+	{test_lmv2_ntlm_break_ntlm, "LMv2 and NTLM, NTLM broken", False},
+	{test_lmv2_ntlm_break_lm, "LMv2 and NTLM, LMv2 broken", False},
 	{test_plaintext_none_broken, "Plaintext", True},
 	{test_plaintext_lm_broken, "Plaintext LM broken", True},
 	{test_plaintext_nt_broken, "Plaintext NT broken", True},

More information about the samba-cvs mailing list