svn commit: samba r5668 - in branches/SAMBA_4_0/source: auth libcli/auth torture/rpc

abartlet at samba.org abartlet at samba.org
Sun Mar 6 08:24:35 GMT 2005


Author: abartlet
Date: 2005-03-06 08:24:34 +0000 (Sun, 06 Mar 2005)
New Revision: 5668

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=5668

Log:
Add tests to RPC-SAMLOGON to test for user at REALM style logins.  These
need a NULL domain (or a "" domain, except this breaks NTLMv2, and I
need to look into it a bit more).

Add support to the Samba4 server for these logins.  This will need
extension when we handle trusted domains as a DC, as it is a principal
name, not just another format for the username.

Andrew Bartlett

Modified:
   branches/SAMBA_4_0/source/auth/auth_util.c
   branches/SAMBA_4_0/source/libcli/auth/smbencrypt.c
   branches/SAMBA_4_0/source/torture/rpc/samlogon.c


Changeset:
Modified: branches/SAMBA_4_0/source/auth/auth_util.c
===================================================================
--- branches/SAMBA_4_0/source/auth/auth_util.c	2005-03-06 06:37:38 UTC (rev 5667)
+++ branches/SAMBA_4_0/source/auth/auth_util.c	2005-03-06 08:24:34 UTC (rev 5668)
@@ -68,7 +68,9 @@
 	NT_STATUS_HAVE_NO_MEMORY(user_info->account_name);
 
 	user_info->client.domain_name = talloc_strdup(user_info, c_domain_name);
-	NT_STATUS_HAVE_NO_MEMORY(user_info->client.domain_name);
+	if (c_domain_name && !user_info->client.domain_name) {
+		return NT_STATUS_NO_MEMORY;
+	}
 
 	user_info->domain_name = talloc_strdup(user_info, domain_name);
 	NT_STATUS_HAVE_NO_MEMORY(user_info->domain_name);
@@ -141,21 +143,38 @@
 			    struct auth_usersupplied_info **user_info)
 {
 	const char *domain;
-
+	const char *account_name;
+	char *d;
 	DEBUG(5,("make_user_info_map: Mapping user [%s]\\[%s] from workstation [%s]\n",
 		c_domain_name, c_account_name, workstation_name));
 
+	account_name = c_account_name;
+
 	/* don't allow "" as a domain, fixes a Win9X bug 
 	   where it doens't supply a domain for logon script
 	   'net use' commands.                                 */
-	if (*c_domain_name) {
+
+	/* Split user at realm names into user and realm components.  This is TODO to fix with proper userprincipalname support */
+	if (c_domain_name && *c_domain_name) {
 		domain = c_domain_name;
+	} else if (strchr_m(c_account_name, '@')) {
+		account_name = talloc_strdup(mem_ctx, c_account_name);
+		if (!account_name) {
+			return NT_STATUS_NO_MEMORY;
+		}
+		d = strchr_m(account_name, '@');
+		if (!d) {
+			return NT_STATUS_INTERNAL_ERROR;
+		}
+		d[0] = '\0';
+		d++;
+		domain = d;
 	} else {
 		domain = lp_workgroup();
 	}
 
 	return make_user_info(mem_ctx,
-			      c_account_name, c_account_name, 
+			      c_account_name, account_name, 
 			      c_domain_name, domain,
 			      workstation_name,
 			      lm_password, nt_password,

Modified: branches/SAMBA_4_0/source/libcli/auth/smbencrypt.c
===================================================================
--- branches/SAMBA_4_0/source/libcli/auth/smbencrypt.c	2005-03-06 06:37:38 UTC (rev 5667)
+++ branches/SAMBA_4_0/source/libcli/auth/smbencrypt.c	2005-03-06 08:24:34 UTC (rev 5668)
@@ -121,6 +121,14 @@
 		return False;
 	}
 
+	if (!user_in) {
+		user_in = "";
+	}
+
+	if (!domain_in) {
+		domain_in = "";
+	}
+
 	user_in = strupper_talloc(mem_ctx, user_in);
 	if (user_in == NULL) {
 		talloc_free(mem_ctx);

Modified: branches/SAMBA_4_0/source/torture/rpc/samlogon.c
===================================================================
--- branches/SAMBA_4_0/source/torture/rpc/samlogon.c	2005-03-06 06:37:38 UTC (rev 5667)
+++ branches/SAMBA_4_0/source/torture/rpc/samlogon.c	2005-03-06 08:24:34 UTC (rev 5668)
@@ -1066,6 +1066,7 @@
 */
 static BOOL test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, 
 			  struct creds_CredentialState *creds, 
+			  const char *account_domain, const char *account_name, 
 			  int n_subtests)
 {
 	int i, v, l, f;
@@ -1081,8 +1082,8 @@
 	printf("testing netr_LogonSamLogon and netr_LogonSamLogonWithFlags\n");
 	
 	samlogon_state.mem_ctx = mem_ctx;
-	samlogon_state.account_name = lp_parm_string(-1, "torture", "username");
-	samlogon_state.account_domain = lp_parm_string(-1, "torture", "userdomain");
+	samlogon_state.account_name = account_name;
+	samlogon_state.account_domain = account_domain;
 	samlogon_state.password = lp_parm_string(-1, "torture", "password");
 	samlogon_state.p = p;
 	samlogon_state.creds = creds;
@@ -1121,7 +1122,9 @@
 					samlogon_state.r_flags.in.validation_level = validation_levels[v];
 					samlogon_state.r_flags.in.logon_level = logon_levels[l];
 					if (!test_table[i].fn(&samlogon_state, &error_string)) {
-						printf("Testing '%s' at validation level %d, logon level %d, function %d: \n", 
+						printf("Testing [%s]\\[%s] '%s' at validation level %d, logon level %d, function %d: \n", 
+						       samlogon_state.account_domain,
+						       samlogon_state.account_name,
 						       test_table[i].name, validation_levels[v], 
 						       logon_levels[l], function_levels[f]);
 						
@@ -1145,7 +1148,8 @@
   test an ADS style interactive domain logon
 */
 static BOOL test_InteractiveLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
-				  struct creds_CredentialState *creds)
+				  struct creds_CredentialState *creds, 
+				  const char *account_domain, const char *account_name)
 {
 	NTSTATUS status;
 	struct netr_LogonSamLogonWithFlags r;
@@ -1168,11 +1172,11 @@
 	r.in.validation_level = 6;
 	r.in.flags = 0;
 
-	pinfo.identity_info.domain_name.string = lp_parm_string(-1, "torture", "userdomain");
+	pinfo.identity_info.domain_name.string = account_domain;
 	pinfo.identity_info.parameter_control = 0;
 	pinfo.identity_info.logon_id_low = 0;
 	pinfo.identity_info.logon_id_high = 0;
-	pinfo.identity_info.account_name.string = lp_parm_string(-1, "torture", "username");
+	pinfo.identity_info.account_name.string = account_name;
 	pinfo.identity_info.workstation.string = TEST_MACHINE_NAME;
 
 	plain_pass = lp_parm_string(-1, "torture", "password");
@@ -1271,14 +1275,57 @@
 		goto failed;
 	}
 
-	if (!test_InteractiveLogon(p, mem_ctx, creds)) {
+	if (!test_InteractiveLogon(p, mem_ctx, creds,
+			   lp_parm_string(-1, "torture", "userdomain"),
+			   lp_parm_string(-1, "torture", "username"))) {
 		ret = False;
 	}
 
-	if (!test_SamLogon(p, mem_ctx, creds, 0)) {
+	if (!test_SamLogon(p, mem_ctx, creds, 
+			   lp_parm_string(-1, "torture", "userdomain"),
+			   lp_parm_string(-1, "torture", "username"), 
+			   0)) {
 		ret = False;
 	}
 
+	if (!test_InteractiveLogon(p, mem_ctx, creds, 
+				   NULL,
+				   talloc_asprintf(mem_ctx, 
+						   "%s@%s", 
+						   lp_parm_string(-1, "torture", "username"), 
+						   lp_parm_string(-1, "torture", "userdomain")))) {
+		ret = False;
+	}
+
+	if (!test_InteractiveLogon(p, mem_ctx, creds, 
+				   NULL,
+				   talloc_asprintf(mem_ctx, 
+						   "%s@%s", 
+						   lp_parm_string(-1, "torture", "username"), 
+						   lp_realm()))) {
+		ret = False;
+	}
+
+	if (!test_SamLogon(p, mem_ctx, creds, 
+			   NULL, 
+			   talloc_asprintf(mem_ctx, 
+					   "%s@%s", 
+					   lp_parm_string(-1, "torture", "username"), 
+					   lp_realm()),
+			   0)) {
+		ret = False;
+	}
+
+	if (!test_SamLogon(p, mem_ctx, creds, 
+			   NULL, 
+			   talloc_asprintf(mem_ctx, 
+					   "%s@%s", 
+					   lp_parm_string(-1, "torture", "username"), 
+					   lp_realm()),
+			   0)) {
+		ret = False;
+	}
+
 	for (i=0; i < ARRAY_SIZE(credential_flags); i++) {
 		
 		if (!test_SetupCredentials2(p, mem_ctx, credential_flags[i],
@@ -1287,13 +1334,33 @@
 			return False;
 		}
 		
-		if (!test_InteractiveLogon(p, mem_ctx, creds)) {
+		if (!test_InteractiveLogon(p, mem_ctx, creds,
+					   NULL, 
+					   talloc_asprintf(mem_ctx, 
+							   "%s@%s", 
+							   lp_parm_string(-1, "torture", "username"), 
+							   lp_parm_string(-1, "torture", "userdomain")))) {
 			ret = False;
 		}
 		
-		if (!test_SamLogon(p, mem_ctx, creds, 1)) {
+		if (!test_InteractiveLogon(p, mem_ctx, creds,
+					   NULL, 
+					   talloc_asprintf(mem_ctx, 
+							   "%s@%s", 
+							   lp_parm_string(-1, "torture", "username"), 
+							   lp_realm()))) {
 			ret = False;
 		}
+		
+		if (!test_SamLogon(p, mem_ctx, creds, 
+				   NULL, 
+				   talloc_asprintf(mem_ctx, 
+						   "%s@%s", 
+						   lp_parm_string(-1, "torture", "username"), 
+						   lp_realm()),
+				   1)) {
+			ret = False;
+		}
 	}
 
 failed:



More information about the samba-cvs mailing list