[SCM] Samba Shared Repository - branch master updated
Stefan Metzmacher
metze at samba.org
Wed Feb 2 04:44:03 MST 2011
The branch, master has been updated
via eca7292 s4:torture/rpc/netlogon: add invalid level tests for netr_LogonControl2
via 1f9caef s4:torture/rpc/netlogon: improve comments in test_LogonControl2()
via 89dd048 s4:torture/rpc/netlogon: test invalid netr_LogonControl() level
via d3e4d90 s4:torture/rpc/netlogon: test invalid LogonSamLogon levels
via e980791 s4:torture/rpc/netlogon: test validation levels 2 and 3
via d63e750 netlogon.idl: remove pointless union arms of netr_DELTA_UNION
via 46348c3 netlogon.idl: use 'ms_union' as specified in [MS-NRPC]
via 64ea7bd netlogon.idl: add missing [default]; union arms
via 4507d2b s3:rpc_server/netlogon: add _netr_LogonSamLogon_check()
via a4d4217 s4:rpc_server/netlogon: add dcesrv_netr_LogonSamLogon_check()
via 578e87d s4:rpc_server/netlogon: set *r->out.authoritative = 1 even on INVALID_PARAMETER/INFO_CLASS
via 97727e1 s4:rpc_server/netlogon: return INVALID_INFO_CLASS for invalid netr_Validation levels
from c2207e9 replace: Try to fix broken sys/capabilites.h on Linux.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit eca7292aeca5de494a39fff67f719d8e9c34aaf6
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Feb 1 13:04:48 2011 +0100
s4:torture/rpc/netlogon: add invalid level tests for netr_LogonControl2
metze
Autobuild-User: Stefan Metzmacher <metze at samba.org>
Autobuild-Date: Wed Feb 2 12:43:32 CET 2011 on sn-devel-104
commit 1f9caef3622097965525fcbc5bf98e17228330e7
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Feb 1 13:03:49 2011 +0100
s4:torture/rpc/netlogon: improve comments in test_LogonControl2()
metze
commit 89dd048bdfb463c1e9a7393f5298dc0a8125f75f
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Feb 1 12:44:59 2011 +0100
s4:torture/rpc/netlogon: test invalid netr_LogonControl() level
metze
commit d3e4d90d41b0fdd64bd65a2f440942b478e23e20
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Feb 1 08:32:40 2011 +0100
s4:torture/rpc/netlogon: test invalid LogonSamLogon levels
This proves that the invalid parameter/info class checks
need to be done before the credential chain checks.
metze
commit e9807916af0b145cd85d01d90f6bab107a313812
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Feb 1 10:52:33 2011 +0100
s4:torture/rpc/netlogon: test validation levels 2 and 3
metze
commit d63e7506f0be5bac014a83df4faf33c3ea0de3ea
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Feb 1 12:42:45 2011 +0100
netlogon.idl: remove pointless union arms of netr_DELTA_UNION
These were just padding, which was needed as we didn't have
'ms_union' support.
metze
commit 46348c34b77a1efe558314a8d058ebd8e05b7eed
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Feb 1 08:33:41 2011 +0100
netlogon.idl: use 'ms_union' as specified in [MS-NRPC]
metze
commit 64ea7bd2c41186a877c0554968193b445de00680
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Feb 1 10:28:28 2011 +0100
netlogon.idl: add missing [default]; union arms
metze
commit 4507d2b9eb2ddabf8b101ed1c744981014298049
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Feb 1 14:47:05 2011 +0100
s3:rpc_server/netlogon: add _netr_LogonSamLogon_check()
We need to check for invalid parameters before we check for
access denied.
metze
commit a4d4217dfa03bda9ace25bb4f54be5e94c09abbf
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Feb 1 14:47:05 2011 +0100
s4:rpc_server/netlogon: add dcesrv_netr_LogonSamLogon_check()
We need to check for invalid parameters before we check for
access denied.
metze
commit 578e87dbf223c2ad529ef5de07630ed5c25a3ad6
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Feb 1 10:27:35 2011 +0100
s4:rpc_server/netlogon: set *r->out.authoritative = 1 even on INVALID_PARAMETER/INFO_CLASS
metze
commit 97727e106878fef1a260ab6310992fff36ea5294
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Feb 1 10:21:05 2011 +0100
s4:rpc_server/netlogon: return INVALID_INFO_CLASS for invalid netr_Validation levels
metze
-----------------------------------------------------------------------
Summary of changes:
librpc/idl/netlogon.idl | 25 ++---
source3/rpc_server/srv_netlog_nt.c | 101 +++++++++++++++---
source4/rpc_server/netlogon/dcerpc_netlogon.c | 100 +++++++++++++++--
source4/torture/rpc/netlogon.c | 147 ++++++++++++++++++++++--
4 files changed, 317 insertions(+), 56 deletions(-)
Changeset truncated at 500 lines:
diff --git a/librpc/idl/netlogon.idl b/librpc/idl/netlogon.idl
index ca974a6..813421e 100644
--- a/librpc/idl/netlogon.idl
+++ b/librpc/idl/netlogon.idl
@@ -16,6 +16,7 @@ cpp_quote("#define netr_SamDatabaseID8Bit netr_SamDatabaseID")
version(1.0),
endpoint("ncacn_np:[\\pipe\\netlogon]","ncacn_ip_tcp:","ncalrpc:"),
helper("../librpc/ndr/ndr_netlogon.h"),
+ ms_union,
pointer_default(unique)
]
@@ -179,6 +180,7 @@ interface netlogon
[case(NetlogonInteractiveTransitiveInformation)] netr_PasswordInfo *password;
[case(NetlogonNetworkTransitiveInformation)] netr_NetworkInfo *network;
[case(NetlogonServiceTransitiveInformation)] netr_PasswordInfo *password;
+ [default];
} netr_LogonLevel;
typedef [public,flag(NDR_PAHEX)] struct {
@@ -291,6 +293,7 @@ interface netlogon
[case(4)] netr_PacInfo *pac;
[case(NetlogonValidationGenericInfo2)] netr_GenericInfo2 *generic;
[case(NetlogonValidationSamInfo4)] netr_SamInfo6 *sam6;
+ [default];
} netr_Validation;
typedef [public, flag(NDR_PAHEX)] struct {
@@ -602,10 +605,6 @@ interface netlogon
} netr_DELTA_TRUSTED_DOMAIN;
typedef struct {
- uint16 unknown;
- } netr_DELTA_DELETE_TRUST;
-
- typedef struct {
uint32 privilege_entries;
uint32 privilege_control;
[size_is(privilege_entries)] uint32 *privilege_attrib;
@@ -625,14 +624,6 @@ interface netlogon
} netr_DELTA_ACCOUNT;
typedef struct {
- uint16 unknown;
- } netr_DELTA_DELETE_ACCOUNT;
-
- typedef struct {
- uint16 unknown;
- } netr_DELTA_DELETE_SECRET;
-
- typedef struct {
uint32 len;
uint32 maxlen;
[size_is(maxlen)][length_is(len)] uint8 *cipher_data;
@@ -694,15 +685,16 @@ interface netlogon
[case(NETR_DELTA_RENAME_ALIAS)] netr_DELTA_RENAME *rename_alias;
[case(NETR_DELTA_ALIAS_MEMBER)] netr_DELTA_ALIAS_MEMBER *alias_member;
[case(NETR_DELTA_POLICY)] netr_DELTA_POLICY *policy;
- [case(NETR_DELTA_TRUSTED_DOMAIN)] netr_DELTA_TRUSTED_DOMAIN *trusted_domain;
- [case(NETR_DELTA_DELETE_TRUST)] netr_DELTA_DELETE_TRUST delete_trust;
+ [case(NETR_DELTA_TRUSTED_DOMAIN)] netr_DELTA_TRUSTED_DOMAIN *trusted_domain;
+ [case(NETR_DELTA_DELETE_TRUST)] ; /* sid only */
[case(NETR_DELTA_ACCOUNT)] netr_DELTA_ACCOUNT *account;
- [case(NETR_DELTA_DELETE_ACCOUNT)] netr_DELTA_DELETE_ACCOUNT delete_account;
+ [case(NETR_DELTA_DELETE_ACCOUNT)] ; /* sid only */
[case(NETR_DELTA_SECRET)] netr_DELTA_SECRET *secret;
- [case(NETR_DELTA_DELETE_SECRET)] netr_DELTA_DELETE_SECRET delete_secret;
+ [case(NETR_DELTA_DELETE_SECRET)] ; /* name only */
[case(NETR_DELTA_DELETE_GROUP2)] netr_DELTA_DELETE_USER *delete_group;
[case(NETR_DELTA_DELETE_USER2)] netr_DELTA_DELETE_USER *delete_user;
[case(NETR_DELTA_MODIFY_COUNT)] udlong *modified_count;
+ [default];
} netr_DELTA_UNION;
typedef [switch_type(netr_DeltaEnum)] union {
@@ -728,6 +720,7 @@ interface netlogon
[case(NETR_DELTA_DELETE_GROUP2)] uint32 rid;
[case(NETR_DELTA_DELETE_USER2)] uint32 rid;
[case(NETR_DELTA_MODIFY_COUNT)] ;
+ [default];
} netr_DELTA_ID_UNION;
typedef struct {
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c
index ff0f72b..11fa946 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -1300,6 +1300,65 @@ NTSTATUS _netr_LogonSamLogoff(struct pipes_struct *p,
return status;
}
+static NTSTATUS _netr_LogonSamLogon_check(const struct netr_LogonSamLogonEx *r)
+{
+ switch (r->in.logon_level) {
+ case NetlogonInteractiveInformation:
+ case NetlogonServiceInformation:
+ case NetlogonInteractiveTransitiveInformation:
+ case NetlogonServiceTransitiveInformation:
+ if (r->in.logon->password == NULL) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ switch (r->in.validation_level) {
+ case NetlogonValidationSamInfo: /* 2 */
+ case NetlogonValidationSamInfo2: /* 3 */
+ case NetlogonValidationSamInfo4: /* 6 */
+ break;
+ default:
+ return NT_STATUS_INVALID_INFO_CLASS;
+ }
+
+ break;
+ case NetlogonNetworkInformation:
+ case NetlogonNetworkTransitiveInformation:
+ if (r->in.logon->network == NULL) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ switch (r->in.validation_level) {
+ case NetlogonValidationSamInfo: /* 2 */
+ case NetlogonValidationSamInfo2: /* 3 */
+ case NetlogonValidationSamInfo4: /* 6 */
+ break;
+ default:
+ return NT_STATUS_INVALID_INFO_CLASS;
+ }
+
+ break;
+
+ case NetlogonGenericInformation:
+ if (r->in.logon->generic == NULL) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ switch (r->in.validation_level) {
+ /* TODO: case NetlogonValidationGenericInfo: 4 */
+ case NetlogonValidationGenericInfo2: /* 5 */
+ break;
+ default:
+ return NT_STATUS_INVALID_INFO_CLASS;
+ }
+
+ break;
+ default:
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ return NT_STATUS_OK;
+}
+
/*************************************************************************
_netr_LogonSamLogon_base
*************************************************************************/
@@ -1556,16 +1615,7 @@ NTSTATUS _netr_LogonSamLogonWithFlags(struct pipes_struct *p,
struct netr_LogonSamLogonEx r2;
struct netr_Authenticator return_authenticator;
- become_root();
- status = netr_creds_server_step_check(p, p->mem_ctx,
- r->in.computer_name,
- r->in.credential,
- &return_authenticator,
- &creds);
- unbecome_root();
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
+ *r->out.authoritative = true;
r2.in.server_name = r->in.server_name;
r2.in.computer_name = r->in.computer_name;
@@ -1577,6 +1627,22 @@ NTSTATUS _netr_LogonSamLogonWithFlags(struct pipes_struct *p,
r2.out.authoritative = r->out.authoritative;
r2.out.flags = r->out.flags;
+ status = _netr_LogonSamLogon_check(&r2);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ become_root();
+ status = netr_creds_server_step_check(p, p->mem_ctx,
+ r->in.computer_name,
+ r->in.credential,
+ &return_authenticator,
+ &creds);
+ unbecome_root();
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
status = _netr_LogonSamLogon_base(p, &r2, creds);
*r->out.return_authenticator = return_authenticator;
@@ -1624,10 +1690,9 @@ NTSTATUS _netr_LogonSamLogonEx(struct pipes_struct *p,
NTSTATUS status;
struct netlogon_creds_CredentialState *creds = NULL;
- become_root();
- status = schannel_get_creds_state(p->mem_ctx, lp_private_dir(),
- r->in.computer_name, &creds);
- unbecome_root();
+ *r->out.authoritative = true;
+
+ status = _netr_LogonSamLogon_check(r);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -1639,6 +1704,14 @@ NTSTATUS _netr_LogonSamLogonEx(struct pipes_struct *p,
return NT_STATUS_INVALID_PARAMETER;
}
+ become_root();
+ status = schannel_get_creds_state(p->mem_ctx, lp_private_dir(),
+ r->in.computer_name, &creds);
+ unbecome_root();
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
status = _netr_LogonSamLogon_base(p, r, creds);
TALLOC_FREE(creds);
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index ea4ea23..e060380 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -531,6 +531,65 @@ static WERROR dcesrv_netr_LogonUasLogoff(struct dcesrv_call_state *dce_call, TAL
}
+static NTSTATUS dcesrv_netr_LogonSamLogon_check(const struct netr_LogonSamLogonEx *r)
+{
+ switch (r->in.logon_level) {
+ case NetlogonInteractiveInformation:
+ case NetlogonServiceInformation:
+ case NetlogonInteractiveTransitiveInformation:
+ case NetlogonServiceTransitiveInformation:
+ if (r->in.logon->password == NULL) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ switch (r->in.validation_level) {
+ case NetlogonValidationSamInfo: /* 2 */
+ case NetlogonValidationSamInfo2: /* 3 */
+ case NetlogonValidationSamInfo4: /* 6 */
+ break;
+ default:
+ return NT_STATUS_INVALID_INFO_CLASS;
+ }
+
+ break;
+ case NetlogonNetworkInformation:
+ case NetlogonNetworkTransitiveInformation:
+ if (r->in.logon->network == NULL) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ switch (r->in.validation_level) {
+ case NetlogonValidationSamInfo: /* 2 */
+ case NetlogonValidationSamInfo2: /* 3 */
+ case NetlogonValidationSamInfo4: /* 6 */
+ break;
+ default:
+ return NT_STATUS_INVALID_INFO_CLASS;
+ }
+
+ break;
+
+ case NetlogonGenericInformation:
+ if (r->in.logon->generic == NULL) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ switch (r->in.validation_level) {
+ /* TODO: case NetlogonValidationGenericInfo: 4 */
+ case NetlogonValidationGenericInfo2: /* 5 */
+ break;
+ default:
+ return NT_STATUS_INVALID_INFO_CLASS;
+ }
+
+ break;
+ default:
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ return NT_STATUS_OK;
+}
+
/*
netr_LogonSamLogon_base
@@ -551,6 +610,8 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
struct netr_SamInfo3 *sam3;
struct netr_SamInfo6 *sam6;
+ *r->out.authoritative = 1;
+
user_info = talloc_zero(mem_ctx, struct auth_usersupplied_info);
NT_STATUS_HAVE_NO_MEMORY(user_info);
@@ -674,6 +735,7 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
}
nt_status = auth_check_password(auth_context, mem_ctx, user_info, &server_info);
+ /* TODO: set *r->out.authoritative = 0 on specific errors */
NT_STATUS_NOT_OK_RETURN(nt_status);
switch (r->in.validation_level) {
@@ -727,7 +789,7 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
break;
default:
- break;
+ return NT_STATUS_INVALID_INFO_CLASS;
}
/* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
@@ -756,8 +818,6 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
}
}
- *r->out.authoritative = 1;
-
/* TODO: Describe and deal with these flags */
*r->out.flags = 0;
@@ -770,6 +830,13 @@ static NTSTATUS dcesrv_netr_LogonSamLogonEx(struct dcesrv_call_state *dce_call,
NTSTATUS nt_status;
struct netlogon_creds_CredentialState *creds;
+ *r->out.authoritative = 1;
+
+ nt_status = dcesrv_netr_LogonSamLogon_check(r);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ return nt_status;
+ }
+
nt_status = schannel_get_creds_state(mem_ctx,
lpcfg_private_dir(dce_call->conn->dce_ctx->lp_ctx),
r->in.computer_name, &creds);
@@ -797,16 +864,6 @@ static NTSTATUS dcesrv_netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce
struct netr_Authenticator *return_authenticator;
- return_authenticator = talloc(mem_ctx, struct netr_Authenticator);
- NT_STATUS_HAVE_NO_MEMORY(return_authenticator);
-
- nt_status = dcesrv_netr_creds_server_step_check(dce_call,
- mem_ctx,
- r->in.computer_name,
- r->in.credential, return_authenticator,
- &creds);
- NT_STATUS_NOT_OK_RETURN(nt_status);
-
ZERO_STRUCT(r2);
r2.in.server_name = r->in.server_name;
@@ -819,6 +876,23 @@ static NTSTATUS dcesrv_netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce
r2.out.authoritative = r->out.authoritative;
r2.out.flags = r->out.flags;
+ *r->out.authoritative = 1;
+
+ nt_status = dcesrv_netr_LogonSamLogon_check(&r2);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ return nt_status;
+ }
+
+ return_authenticator = talloc(mem_ctx, struct netr_Authenticator);
+ NT_STATUS_HAVE_NO_MEMORY(return_authenticator);
+
+ nt_status = dcesrv_netr_creds_server_step_check(dce_call,
+ mem_ctx,
+ r->in.computer_name,
+ r->in.credential, return_authenticator,
+ &creds);
+ NT_STATUS_NOT_OK_RETURN(nt_status);
+
nt_status = dcesrv_netr_LogonSamLogon_base(dce_call, mem_ctx, &r2, creds);
r->out.return_authenticator = return_authenticator;
diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c
index c9fda65..14052e7 100644
--- a/source4/torture/rpc/netlogon.c
+++ b/source4/torture/rpc/netlogon.c
@@ -690,6 +690,7 @@ static bool test_netlogon_ops_args(struct dcerpc_pipe *p, struct torture_context
NTSTATUS status;
struct netr_LogonSamLogon r;
struct netr_Authenticator auth, auth2;
+ static const struct netr_Authenticator auth_zero;
union netr_LogonLevel logon;
union netr_Validation validation;
uint8_t authoritative;
@@ -754,7 +755,7 @@ static bool test_netlogon_ops_args(struct dcerpc_pipe *p, struct torture_context
d_printf("Testing LogonSamLogon with name %s\n", ninfo.identity_info.account_name.string);
- for (i=2;i<3;i++) {
+ for (i=2;i<=3;i++) {
ZERO_STRUCT(auth2);
netlogon_creds_client_authenticator(creds, &auth);
@@ -767,11 +768,75 @@ static bool test_netlogon_ops_args(struct dcerpc_pipe *p, struct torture_context
torture_assert(tctx, netlogon_creds_client_check(creds,
&r.out.return_authenticator->cred),
"Credential chaining failed");
+ torture_assert_int_equal(tctx, *r.out.authoritative, 1,
+ "LogonSamLogon invalid *r.out.authoritative");
+ }
+
+ /* this makes sure we get the unmarshalling right for invalid levels */
+ for (i=52;i<53;i++) {
+ ZERO_STRUCT(auth2);
+ /* the authenticator should be ignored by the server */
+ generate_random_buffer(&auth, sizeof(auth));
+
+ r.in.validation_level = i;
+
+ torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
+ "LogonSamLogon failed");
+ torture_assert_ntstatus_equal(tctx, r.out.result,
+ NT_STATUS_INVALID_INFO_CLASS,
+ "LogonSamLogon failed");
+
+ torture_assert_int_equal(tctx, *r.out.authoritative, 1,
+ "LogonSamLogon invalid *r.out.authoritative");
+ torture_assert(tctx,
+ memcmp(&auth2, &auth_zero, sizeof(auth2)) == 0,
+ "Return authenticator non zero");
+ }
+
+ for (i=2;i<=3;i++) {
+ ZERO_STRUCT(auth2);
+ netlogon_creds_client_authenticator(creds, &auth);
+
+ r.in.validation_level = i;
+
+ torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
+ "LogonSamLogon failed");
+ torture_assert_ntstatus_ok(tctx, r.out.result, "LogonSamLogon failed");
+
+ torture_assert(tctx, netlogon_creds_client_check(creds,
+ &r.out.return_authenticator->cred),
+ "Credential chaining failed");
+ torture_assert_int_equal(tctx, *r.out.authoritative, 1,
+ "LogonSamLogon invalid *r.out.authoritative");
+ }
+
+ r.in.logon_level = 52;
+
+ for (i=2;i<=3;i++) {
+ ZERO_STRUCT(auth2);
+ /* the authenticator should be ignored by the server */
+ generate_random_buffer(&auth, sizeof(auth));
+
+ r.in.validation_level = i;
+
+ torture_comment(tctx, "Testing SamLogon with validation level %d and a NULL credential\n", i);
+
+ torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
+ "LogonSamLogon failed");
+ torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_INVALID_PARAMETER,
+ "LogonSamLogon expected INVALID_PARAMETER");
+
+ torture_assert(tctx,
+ memcmp(&auth2, &auth_zero, sizeof(auth2)) == 0,
+ "Return authenticator non zero");
+ torture_assert_int_equal(tctx, *r.out.authoritative, 1,
+ "LogonSamLogon invalid *r.out.authoritative");
}
r.in.credential = NULL;
for (i=2;i<=3;i++) {
+ ZERO_STRUCT(auth2);
r.in.validation_level = i;
@@ -782,6 +847,31 @@ static bool test_netlogon_ops_args(struct dcerpc_pipe *p, struct torture_context
torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_INVALID_PARAMETER,
"LogonSamLogon expected INVALID_PARAMETER");
+ torture_assert(tctx,
+ memcmp(&auth2, &auth_zero, sizeof(auth2)) == 0,
+ "Return authenticator non zero");
+ torture_assert_int_equal(tctx, *r.out.authoritative, 1,
+ "LogonSamLogon invalid *r.out.authoritative");
+ }
+
+ r.in.logon_level = 2;
+ r.in.credential = &auth;
+
+ for (i=2;i<=3;i++) {
+ ZERO_STRUCT(auth2);
+ netlogon_creds_client_authenticator(creds, &auth);
+
+ r.in.validation_level = i;
+
--
Samba Shared Repository
More information about the samba-cvs
mailing list