[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha3-1646-gf72dc52

Volker Lendecke vlendec at samba.org
Tue May 20 11:05:20 GMT 2008 

The branch, v4-0-test has been updated
       via  f72dc52ccc426c8057b91b4699dfeda7d9e9b864 (commit)
      from  e360be0b99b638afdfa789e217bf08f99d09be7a (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test


- Log -----------------------------------------------------------------
commit f72dc52ccc426c8057b91b4699dfeda7d9e9b864
Author: Volker Lendecke <vl at samba.org>
Date:   Tue May 20 12:59:04 2008 +0200

    Change wks password in rpc-bench-schannel1
    
    Prove that a workstation password change does not affect existing schannel
    connections

-----------------------------------------------------------------------

Summary of changes:
 source/torture/rpc/schannel.c |   64 +++++++++++++++++++++++++++++++++++++++++
 1 files changed, 64 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/torture/rpc/schannel.c b/source/torture/rpc/schannel.c
index f0279f0..a8f70b2 100644
--- a/source/torture/rpc/schannel.c
+++ b/source/torture/rpc/schannel.c
@@ -738,6 +738,70 @@ bool torture_rpc_schannel_bench1(struct torture_context *torture)
 	}
 	torture_assert_ntstatus_ok(torture, s->error, "Failed establish a connect");
 
+	/*
+	 * Change the workstation password after establishing the netlogon
+	 * schannel connections to prove that existing connections are not
+	 * affected by a wks pwchange.
+	 */
+
+	{
+		struct netr_ServerPasswordSet pwset;
+		char *password = generate_random_str(s->join_ctx1, 8);
+		struct creds_CredentialState *creds_state;
+		struct dcerpc_pipe *net_pipe;
+
+		status = dcerpc_pipe_connect_b(s, &net_pipe, s->b,
+					       &ndr_table_netlogon,
+					       s->wks_creds1,
+					       torture->ev, torture->lp_ctx);
+
+		torture_assert_ntstatus_ok(torture, status,
+					   "dcerpc_pipe_connect_b failed");
+
+		pwset.in.server_name = talloc_asprintf(
+			net_pipe, "\\\\%s", dcerpc_server_name(net_pipe));
+		pwset.in.computer_name =
+			cli_credentials_get_workstation(s->wks_creds1);
+		pwset.in.account_name = talloc_asprintf(
+			net_pipe, "%s$", pwset.in.computer_name);
+		pwset.in.secure_channel_type = SEC_CHAN_WKSTA;
+		E_md4hash(password, pwset.in.new_password.hash);
+
+		creds_state = cli_credentials_get_netlogon_creds(
+			s->wks_creds1);
+		creds_des_encrypt(creds_state, &pwset.in.new_password);
+		creds_client_authenticator(creds_state, &pwset.in.credential);
+
+		status = dcerpc_netr_ServerPasswordSet(net_pipe, torture, &pwset);
+		torture_assert_ntstatus_ok(torture, status,
+					   "ServerPasswordSet failed");
+
+		if (!creds_client_check(creds_state,
+					&pwset.out.return_authenticator.cred)) {
+			printf("Credential chaining failed\n");
+		}
+
+		cli_credentials_set_password(s->wks_creds1, password,
+					     CRED_SPECIFIED);
+
+		talloc_free(net_pipe);
+
+		/* Just as a test, connect with the new creds */
+
+		talloc_free(s->wks_creds1->netlogon_creds);
+		s->wks_creds1->netlogon_creds = NULL;
+
+		status = dcerpc_pipe_connect_b(s, &net_pipe, s->b,
+					       &ndr_table_netlogon,
+					       s->wks_creds1,
+					       torture->ev, torture->lp_ctx);
+
+		torture_assert_ntstatus_ok(torture, status,
+					   "dcerpc_pipe_connect_b failed");
+
+		talloc_free(net_pipe);
+	}
+
 	torture_comment(torture, "Start looping LogonSamLogonEx on %d connections for %d secs\n",
 			s->nprocs, s->timelimit);
 	for (i=0; i < s->nprocs; i++) {


-- 
Samba Shared Repository

More information about the samba-cvs mailing list