[SCM] Samba Shared Repository - branch master updated

Andreas Schneider asn at samba.org
Thu Feb 4 11:40:03 UTC 2016


The branch, master has been updated
       via  8247d93 loadparm: Fix memory leak issue.
       via  8956577 libwbclient: Fix a few resource leak CIDs
       via  3d5873c libwbclient: Add "goto fail" test macros
       via  e073f3c s4-torture: flesh out ntlmssp_AUTHENTICATE_MESSAGE_check().
       via  68b9b18 s4-torture: add ndr pullpush validation for NTLMSSP CHALLENGE and AUTHENTICATE messages.
       via  fe1be37 s4-torture: flesh out ntlmssp_CHALLENGE_MESSAGE_check().
       via  4ac7a65 s4-torture: activate testing of CHALLENGE and AUTHENTICATE ntlmssp messages.
       via  68d043f s4-torture: fill in ntlmssp_NEGOTIATE_MESSAGE_check().
       via  30386c2 ntlmssp: when pulling messages it is important to clear memory first.
       via  ded0f3c ntlmssp: properly document version defines in IDL (from MS-NLMP).
       via  4be7451 ntlmssp: fix copy/paste typo in CHALLENGE_MESSAGE in IDL.
       via  feb4ee6 ntlmssp: add some missing defines from MS-NLMP to our IDL.
       via  109164e docs-xml: fix typo in smbspool_krb5_wrapper manpage.
      from  e269968 samba3.blackbox.smbclient.forceuser_validusers: Add new test for force user option.

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 8247d93701ed838190fe74044a63a56d63d37bf5
Author: Hemanth Thummala <hemanth.thummala at nutanix.com>
Date:   Tue Feb 2 10:33:20 2016 -0800

    loadparm: Fix memory leak issue.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=11708
    
    Signed-off-by: Hemanth Thummala <hemanth.thummala at nutanix.com>
    Reviewed-by: Alexander Bokovoy <ab at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    
    Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
    Autobuild-Date(master): Thu Feb  4 12:39:14 CET 2016 on sn-devel-144

commit 89565775a4972bc5546e6b4cf858bf07f7bb42d9
Author: Volker Lendecke <vl at samba.org>
Date:   Thu Jan 14 21:42:33 2016 +0100

    libwbclient: Fix a few resource leak CIDs
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 3d5873c848b6aa819b1a92da09e1e0f065156e2e
Author: Volker Lendecke <vl at samba.org>
Date:   Thu Jan 14 21:42:04 2016 +0100

    libwbclient: Add "goto fail" test macros
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit e073f3c0b622f49ffad7082b9b4fbc429c48d530
Author: Günther Deschner <gd at samba.org>
Date:   Tue Nov 17 18:35:29 2015 +0100

    s4-torture: flesh out ntlmssp_AUTHENTICATE_MESSAGE_check().
    
    Guenther
    
    Signed-off-by: Günther Deschner <gd at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 68b9b18e6cd346e2aa32418642b0746cee593be3
Author: Günther Deschner <gd at samba.org>
Date:   Tue Nov 17 18:32:28 2015 +0100

    s4-torture: add ndr pullpush validation for NTLMSSP CHALLENGE and AUTHENTICATE messages.
    
    Guenther
    
    Signed-off-by: Günther Deschner <gd at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit fe1be37c71a816458173082fa9213a3f279a0b79
Author: Günther Deschner <gd at samba.org>
Date:   Tue Nov 17 18:30:16 2015 +0100

    s4-torture: flesh out ntlmssp_CHALLENGE_MESSAGE_check().
    
    Guenther
    
    Signed-off-by: Günther Deschner <gd at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 4ac7a6572149ec5b43a91a303c2008e73e467a56
Author: Günther Deschner <gd at samba.org>
Date:   Tue Nov 17 18:29:16 2015 +0100

    s4-torture: activate testing of CHALLENGE and AUTHENTICATE ntlmssp messages.
    
    Guenther
    
    Signed-off-by: Günther Deschner <gd at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 68d043faa0aa9e5e0d289806e1aa2acba3f07af5
Author: Günther Deschner <gd at samba.org>
Date:   Tue Nov 17 18:27:29 2015 +0100

    s4-torture: fill in ntlmssp_NEGOTIATE_MESSAGE_check().
    
    Guenther
    
    Signed-off-by: Günther Deschner <gd at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 30386c23ae0a6afd2060e626c73df9a3691a71fb
Author: Günther Deschner <gd at samba.org>
Date:   Tue Nov 17 15:35:29 2015 +0100

    ntlmssp: when pulling messages it is important to clear memory first.
    
    Guenther
    
    Signed-off-by: Günther Deschner <gd at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit ded0f3c8b7b4132d250907022ba59e88b45a6ed0
Author: Günther Deschner <gd at samba.org>
Date:   Tue Nov 17 15:34:47 2015 +0100

    ntlmssp: properly document version defines in IDL (from MS-NLMP).
    
    Guenther
    
    Signed-off-by: Günther Deschner <gd at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 4be7451d9a7ed122c61a08bcf977bebeef4749dd
Author: Günther Deschner <gd at samba.org>
Date:   Tue Nov 17 16:42:08 2015 +0100

    ntlmssp: fix copy/paste typo in CHALLENGE_MESSAGE in IDL.
    
    Signed-off-by: Günther Deschner <gd at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit feb4ee62c5271b45877c1d3bc1d8b327439e5fd4
Author: Günther Deschner <gd at samba.org>
Date:   Mon Nov 16 16:31:27 2015 +0100

    ntlmssp: add some missing defines from MS-NLMP to our IDL.
    
    Guenther
    
    Signed-off-by: Günther Deschner <gd at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 109164ed63ee76c4088f5df7ffb66740cac629c1
Author: Günther Deschner <gd at samba.org>
Date:   Thu Feb 4 00:00:46 2016 +0100

    docs-xml: fix typo in smbspool_krb5_wrapper manpage.
    
    Guenther
    
    Signed-off-by: Günther Deschner <gd at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 auth/ntlmssp/ntlmssp_ndr.c                    |   1 +
 docs-xml/manpages/smbspool_krb5_wrapper.8.xml |   2 +-
 librpc/idl/ntlmssp.idl                        |  18 ++-
 nsswitch/libwbclient/tests/wbclient.c         |  36 ++++-
 source3/param/loadparm.c                      |   2 +-
 source4/torture/ndr/ntlmssp.c                 | 185 +++++++++++++++++++++++++-
 6 files changed, 224 insertions(+), 20 deletions(-)


Changeset truncated at 500 lines:

diff --git a/auth/ntlmssp/ntlmssp_ndr.c b/auth/ntlmssp/ntlmssp_ndr.c
index af24be9..c8b16cc 100644
--- a/auth/ntlmssp/ntlmssp_ndr.c
+++ b/auth/ntlmssp/ntlmssp_ndr.c
@@ -25,6 +25,7 @@
 #define NTLMSSP_PULL_MESSAGE(type, blob, mem_ctx, r) \
 do { \
 	enum ndr_err_code __ndr_err; \
+	ZERO_STRUCTP(r); /* in order to deal with unset neg flags */\
 	__ndr_err = ndr_pull_struct_blob(blob, mem_ctx, r, \
 			(ndr_pull_flags_fn_t)ndr_pull_ ##type); \
 	if (!NDR_ERR_CODE_IS_SUCCESS(__ndr_err)) { \
diff --git a/docs-xml/manpages/smbspool_krb5_wrapper.8.xml b/docs-xml/manpages/smbspool_krb5_wrapper.8.xml
index e302293..f9966e7 100644
--- a/docs-xml/manpages/smbspool_krb5_wrapper.8.xml
+++ b/docs-xml/manpages/smbspool_krb5_wrapper.8.xml
@@ -13,7 +13,7 @@
 
 <refnamediv>
 	<refname>smbspool_krb5_wrapper</refname>
-	<refpurpose>This is a CUPS printing backend which calls smbpsool</refpurpose>
+	<refpurpose>This is a CUPS printing backend which calls smbspool</refpurpose>
 </refnamediv>
 
 <refsynopsisdiv>
diff --git a/librpc/idl/ntlmssp.idl b/librpc/idl/ntlmssp.idl
index 4a9e7c2..df6773c 100644
--- a/librpc/idl/ntlmssp.idl
+++ b/librpc/idl/ntlmssp.idl
@@ -54,18 +54,21 @@ interface ntlmssp
 
 	/*
 	   NTLMSSP_WINDOWS_MAJOR_VERSION_5: Windows XP SP2 and Server 2003
-	   NTLMSSP_WINDOWS_MAJOR_VERSION_6: Windows Vista, Server 2008, 7 and Server 2008 R2
+	   NTLMSSP_WINDOWS_MAJOR_VERSION_6: Windows Vista, Server 2008, 7, Server 2008 R2, 8, Server 2012, 8.1, Server 2012 R2
+	   NTLMSSP_WINDOWS_MAJOR_VERSION_10: Windows 10, Windows Server 2016 Technical Preview
 	 */
 
 	typedef [enum8bit] enum {
 		NTLMSSP_WINDOWS_MAJOR_VERSION_5	= 0x05,
-		NTLMSSP_WINDOWS_MAJOR_VERSION_6	= 0x06
+		NTLMSSP_WINDOWS_MAJOR_VERSION_6	= 0x06,
+		NTLMSSP_WINDOWS_MAJOR_VERSION_10 = 0x0A
 	} ntlmssp_WindowsMajorVersion;
 
 	/*
-	   NTLMSSP_WINDOWS_MINOR_VERSION_0: Windows Vista, Server 2008, 7, Server 2008 R2
-	   NTLMSSP_WINDOWS_MINOR_VERSION_1: Windows XP SP2
-	   NTLMSSP_WINDOWS_MINOR_VERSION_2: Windows Server 2003
+	   NTLMSSP_WINDOWS_MINOR_VERSION_0: Windows Vista, 10, Server 2016 Technical Preview
+	   NTLMSSP_WINDOWS_MINOR_VERSION_1: Windows XP SP2, 7, Server 2008 R2
+	   NTLMSSP_WINDOWS_MINOR_VERSION_2: Windows Server 2003, 8, Server 2012
+	   NTLMSSP_WINDOWS_MINOR_VERSION_3: Windows 8.1, Server 2012 R2
 	 */
 
 	typedef [enum8bit] enum {
@@ -141,7 +144,8 @@ interface ntlmssp
 
 	typedef [bitmap32bit] bitmap {
 		NTLMSSP_AVFLAG_CONSTRAINTED_ACCOUNT		= 0x00000001,
-		NTLMSSP_AVFLAG_MIC_IN_AUTHENTICATE_MESSAGE	= 0x00000002
+		NTLMSSP_AVFLAG_MIC_IN_AUTHENTICATE_MESSAGE	= 0x00000002,
+		NTLMSSP_AVFLAG_TARGET_SPN_FROM_UNTRUSTED_SOURCE	= 0x00000004
 	} ntlmssp_AvFlags;
 
 	typedef [gensize,nodiscriminant,flag(NDR_NOALIGN)] union {
@@ -184,7 +188,7 @@ interface ntlmssp
 		uint8 ServerChallenge[8];
 		uint8 Reserved[8];
 		[value(ndr_size_AV_PAIR_LIST(TargetInfo, ndr->flags))] uint16 TargetInfoLen;
-		[value(TargetInfoLen)] uint16 TargetNameInfoMaxLen;
+		[value(TargetInfoLen)] uint16 TargetInfoMaxLen;
 		[relative] [subcontext(0),subcontext_size(TargetInfoLen)] AV_PAIR_LIST *TargetInfo;
 		[switch_is(NegotiateFlags & NTLMSSP_NEGOTIATE_VERSION)] ntlmssp_Version Version;
 	} CHALLENGE_MESSAGE;
diff --git a/nsswitch/libwbclient/tests/wbclient.c b/nsswitch/libwbclient/tests/wbclient.c
index 4d04ca9..0de6096 100644
--- a/nsswitch/libwbclient/tests/wbclient.c
+++ b/nsswitch/libwbclient/tests/wbclient.c
@@ -48,6 +48,27 @@
 #define torture_assert_wbc_ok(torture_ctx,expr,cmt,cmt_arg)			\
 	torture_assert_wbc_equal(torture_ctx,expr,WBC_ERR_SUCCESS,cmt,cmt_arg)
 
+#define torture_assert_wbc_equal_goto_fail(torture_ctx, got, expected, cmt, cmt_arg)	\
+	do { wbcErr __got = got, __expected = expected; \
+	if (!WBC_ERROR_EQUAL(__got, __expected)) { \
+		torture_result(torture_ctx, TORTURE_FAIL, __location__": "#got" was %s, expected %s: " cmt, wbcErrorString(__got), wbcErrorString(__expected), cmt_arg); \
+		goto fail;						\
+	} \
+	} while (0)
+
+#define torture_assert_wbc_ok_goto_fail(torture_ctx,expr,cmt,cmt_arg)			\
+	torture_assert_wbc_equal(torture_ctx,expr,WBC_ERR_SUCCESS,cmt,cmt_arg)
+
+#define torture_assert_str_equal_goto_fail(torture_ctx,got,expected,cmt)\
+	do { const char *__got = (got), *__expected = (expected); \
+	if (strcmp(__got, __expected) != 0) { \
+		torture_result(torture_ctx, TORTURE_FAIL, \
+			__location__": "#got" was %s, expected %s: %s", \
+			__got, __expected, cmt); \
+		goto fail;;			 \
+	} \
+	} while(0)
+
 static bool test_wbc_ping(struct torture_context *tctx)
 {
 	torture_assert_wbc_ok(tctx, wbcPing(),
@@ -454,27 +475,30 @@ static bool test_wbc_lookup_rids(struct torture_context *tctx)
 {
 	struct wbcDomainSid builtin;
 	uint32_t rids[2] = { 544, 545 };
-	const char *domain_name, **names;
+	const char *domain_name = NULL;
+	const char **names = NULL;
 	enum wbcSidType *types;
-	wbcErr ret;
+	wbcErr ret = false;
 
 	wbcStringToSid("S-1-5-32", &builtin);
 
 	ret = wbcLookupRids(&builtin, 2, rids, &domain_name, &names,
 			    &types);
-	torture_assert_wbc_ok(tctx, ret, "%s", "wbcLookupRids for 544 and 545 failed");
+	torture_assert_wbc_ok_goto_fail(
+		tctx, ret, "%s", "wbcLookupRids for 544 and 545 failed");
 
 	torture_assert_str_equal(
 		tctx, names[0], "Administrators",
 		"S-1-5-32-544 not mapped to 'Administrators'");
-	torture_assert_str_equal(
+	torture_assert_str_equal_goto_fail(
 		tctx, names[1], "Users", "S-1-5-32-545 not mapped to 'Users'");
 
+	ret = true;
+fail:
 	wbcFreeMemory(discard_const_p(char ,domain_name));
 	wbcFreeMemory(names);
 	wbcFreeMemory(types);
-
-	return true;
+	return ret;
 }
 
 static bool test_wbc_get_sidaliases(struct torture_context *tctx)
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 31d9e2d..fb92230 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -1388,7 +1388,7 @@ static int add_a_service(const struct loadparm_service *pservice, const char *na
 		return (-1);
 	}
 	ServicePtrs = tsp;
-	ServicePtrs[iNumServices] = talloc_zero(NULL, struct loadparm_service);
+	ServicePtrs[iNumServices] = talloc_zero(ServicePtrs, struct loadparm_service);
 	if (!ServicePtrs[iNumServices]) {
 		DEBUG(0,("add_a_service: out of memory!\n"));
 		return (-1);
diff --git a/source4/torture/ndr/ntlmssp.c b/source4/torture/ndr/ntlmssp.c
index 36127ce..5b879c6 100644
--- a/source4/torture/ndr/ntlmssp.c
+++ b/source4/torture/ndr/ntlmssp.c
@@ -2,7 +2,7 @@
    Unix SMB/CIFS implementation.
    test suite for ntlmssp ndr operations
 
-   Copyright (C) Guenther Deschner 2010
+   Copyright (C) Guenther Deschner 2010,2015
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -33,10 +33,27 @@ static const uint8_t ntlmssp_NEGOTIATE_MESSAGE_data[] = {
 static bool ntlmssp_NEGOTIATE_MESSAGE_check(struct torture_context *tctx,
 					    struct NEGOTIATE_MESSAGE *r)
 {
+	torture_assert_str_equal(tctx, r->Signature, "NTLMSSP", "Signature");
+	torture_assert_int_equal(tctx, r->MessageType, NtLmNegotiate, "MessageType");
+	torture_assert_int_equal(tctx, r->NegotiateFlags, 0xe2088297, "NegotiateFlags");
+	torture_assert_int_equal(tctx, r->DomainNameLen, 0, "DomainNameLen");
+	torture_assert_int_equal(tctx, r->DomainNameMaxLen, 0, "DomainNameMaxLen");
+	torture_assert(tctx, r->DomainName == NULL, "DomainName");
+	torture_assert_int_equal(tctx, r->WorkstationLen, 0, "WorkstationLen");
+	torture_assert_int_equal(tctx, r->WorkstationMaxLen, 0, "WorkstationMaxLen");
+	torture_assert(tctx, r->Workstation == NULL, "Workstation");
+	torture_assert_int_equal(tctx, r->Version.version.ProductMajorVersion, NTLMSSP_WINDOWS_MAJOR_VERSION_6, "ProductMajorVersion");
+	torture_assert_int_equal(tctx, r->Version.version.ProductMinorVersion, NTLMSSP_WINDOWS_MINOR_VERSION_1, "ProductMinorVersion");
+	torture_assert_int_equal(tctx, r->Version.version.ProductBuild, 0x1db0, "ProductBuild");
+	torture_assert_int_equal(tctx, r->Version.version.Reserved[0], 0x00, "Reserved");
+	torture_assert_int_equal(tctx, r->Version.version.Reserved[1], 0x00, "Reserved");
+	torture_assert_int_equal(tctx, r->Version.version.Reserved[2], 0x00, "Reserved");
+	torture_assert_int_equal(tctx, r->Version.version.Reserved[3], 0x00, "Reserved");
+	torture_assert_int_equal(tctx, r->Version.version.NTLMRevisionCurrent, NTLMSSP_REVISION_W2K3, "NTLMRevisionCurrent");
+
 	return true;
 }
 
-#if 0
 static const uint8_t ntlmssp_CHALLENGE_MESSAGE_data[] = {
 	0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x02, 0x00, 0x00, 0x00,
 	0x0a, 0x00, 0x0a, 0x00, 0x38, 0x00, 0x00, 0x00, 0x95, 0x82, 0x89, 0xe2,
@@ -59,6 +76,49 @@ static const uint8_t ntlmssp_CHALLENGE_MESSAGE_data[] = {
 static bool ntlmssp_CHALLENGE_MESSAGE_check(struct torture_context *tctx,
 					    struct CHALLENGE_MESSAGE *r)
 {
+	uint8_t chal[8] = { 0xed, 0xc8, 0x2b, 0x7d, 0x2e, 0xd7, 0xd0, 0xd9 };
+	uint8_t data[8] = { 0 };
+
+	torture_assert_str_equal(tctx, r->Signature, "NTLMSSP", "Signature");
+	torture_assert_int_equal(tctx, r->MessageType, NtLmChallenge, "MessageType");
+	torture_assert_int_equal(tctx, r->TargetNameLen, 10, "TargetNameLen");
+	torture_assert_int_equal(tctx, r->TargetNameMaxLen, 10, "TargetNameMaxLen");
+	torture_assert_str_equal(tctx, r->TargetName, "SAMBA", "TargetName");
+	torture_assert_int_equal(tctx, r->NegotiateFlags, 0xe2898295, "NegotiateFlags");
+	torture_assert_mem_equal(tctx, r->ServerChallenge, chal, 8, "ServerChallenge");
+	torture_assert_mem_equal(tctx, r->Reserved, data, 8, "Reserved");
+	torture_assert_int_equal(tctx, r->TargetInfoLen, 120, "TargetInfoLen");
+	torture_assert_int_equal(tctx, r->TargetInfoMaxLen, 120, "TargetInfoMaxLen");
+	torture_assert_int_equal(tctx, r->TargetInfo->count, 5, "TargetInfo->count");
+
+	torture_assert_int_equal(tctx, r->TargetInfo->pair[0].AvId, MsvAvNbDomainName, "AvId");
+	torture_assert_int_equal(tctx, r->TargetInfo->pair[0].AvLen, 10, "AvLen");
+	torture_assert_str_equal(tctx, r->TargetInfo->pair[0].Value.AvNbDomainName, "SAMBA", "AvNbDomainName");
+
+	torture_assert_int_equal(tctx, r->TargetInfo->pair[1].AvId, MsvAvNbComputerName, "AvId");
+	torture_assert_int_equal(tctx, r->TargetInfo->pair[1].AvLen, 16, "AvLen");
+	torture_assert_str_equal(tctx, r->TargetInfo->pair[1].Value.AvNbComputerName, "MTHELENA", "AvNbComputerName");
+
+	torture_assert_int_equal(tctx, r->TargetInfo->pair[2].AvId, MsvAvDnsDomainName, "AvId");
+	torture_assert_int_equal(tctx, r->TargetInfo->pair[2].AvLen, 28, "AvLen");
+	torture_assert_str_equal(tctx, r->TargetInfo->pair[2].Value.AvDnsDomainName, "ber.redhat.com", "AvDnsDomainName");
+
+	torture_assert_int_equal(tctx, r->TargetInfo->pair[3].AvId, MsvAvDnsComputerName, "AvId");
+	torture_assert_int_equal(tctx, r->TargetInfo->pair[3].AvLen, 46, "AvLen");
+	torture_assert_str_equal(tctx, r->TargetInfo->pair[3].Value.AvDnsComputerName, "mthelena.ber.redhat.com", "AvDnsComputerName");
+
+	torture_assert_int_equal(tctx, r->TargetInfo->pair[4].AvId, MsvAvEOL, "AvId");
+	torture_assert_int_equal(tctx, r->TargetInfo->pair[4].AvLen, 0, "AvLen");
+
+	torture_assert_int_equal(tctx, r->Version.version.ProductMajorVersion, NTLMSSP_WINDOWS_MAJOR_VERSION_6, "ProductMajorVersion");
+	torture_assert_int_equal(tctx, r->Version.version.ProductMinorVersion, NTLMSSP_WINDOWS_MINOR_VERSION_1, "ProductMinorVersion");
+	torture_assert_int_equal(tctx, r->Version.version.ProductBuild, 0, "ProductBuild");
+	torture_assert_int_equal(tctx, r->Version.version.Reserved[0], 0x00, "Reserved");
+	torture_assert_int_equal(tctx, r->Version.version.Reserved[1], 0x00, "Reserved");
+	torture_assert_int_equal(tctx, r->Version.version.Reserved[2], 0x00, "Reserved");
+	torture_assert_int_equal(tctx, r->Version.version.Reserved[3], 0x00, "Reserved");
+	torture_assert_int_equal(tctx, r->Version.version.NTLMRevisionCurrent, NTLMSSP_REVISION_W2K3, "NTLMRevisionCurrent");
+
 	return true;
 }
 
@@ -106,18 +166,133 @@ static const uint8_t ntlmssp_AUTHENTICATE_MESSAGE_data[] = {
 static bool ntlmssp_AUTHENTICATE_MESSAGE_check(struct torture_context *tctx,
 					       struct AUTHENTICATE_MESSAGE *r)
 {
+	uint8_t lm_challenge_response[24] = { 0 };
+	struct NTLMv2_RESPONSE v2;
+	struct AV_PAIR_LIST AvPairs;
+	uint8_t Response[16] = {
+		0x38, 0xcf, 0xfb, 0x39, 0x5a, 0xb3, 0x4c, 0x58,
+		0x86, 0x35, 0xa3, 0xe7, 0x1e, 0x00, 0x98, 0x43
+	};
+	uint8_t ChallengeFromClient[8] = {
+		0x3c, 0x21, 0x0a, 0xe9, 0xde, 0x61, 0xc0, 0x7e
+	};
+	uint8_t MachineId[32] = {
+		0x0a, 0xfd, 0x3b, 0x2c, 0xad, 0x43, 0x46, 0x8b,
+		0x49, 0x01, 0x6c, 0xa5, 0xf3, 0xbc, 0xd2, 0x13,
+		0xbb, 0x70, 0xe2, 0x65, 0x96, 0xba, 0x0d, 0x8d,
+		0x5d, 0x31, 0xe6, 0x47, 0x94, 0x61, 0xed, 0x28
+	};
+	uint8_t EncryptedRandomSessionKey[16] = {
+		0xA4, 0x23, 0xD4, 0x5C, 0x16, 0x52, 0x8D, 0x56,
+		0x34, 0x2D, 0x1C, 0xFF, 0x86, 0x17, 0xC9, 0x4F
+	};
+
+	torture_assert_str_equal(tctx, r->Signature, "NTLMSSP", "Signature");
+	torture_assert_int_equal(tctx, r->MessageType, NtLmAuthenticate, "MessageType");
+	torture_assert_int_equal(tctx, r->LmChallengeResponseLen, 24, "LmChallengeResponseLen");
+	torture_assert_int_equal(tctx, r->LmChallengeResponseMaxLen, 24, "LmChallengeResponseMaxLen");
+	torture_assert_mem_equal(tctx, r->LmChallengeResponse->v1.Response, lm_challenge_response, 24, "LmChallengeResponse");
+
+	torture_assert_int_equal(tctx, r->NtChallengeResponseLen, 270, "NtChallengeResponseLen");
+	torture_assert_int_equal(tctx, r->NtChallengeResponseMaxLen, 270, "NtChallengeResponseMaxLen");
+
+	v2 = r->NtChallengeResponse->v2;
+
+	torture_assert_mem_equal(tctx, v2.Response, Response, 16, "v2.Response");
+	torture_assert_int_equal(tctx, v2.Challenge.RespType, 1, "RespType");
+	torture_assert_int_equal(tctx, v2.Challenge.HiRespType, 1, "HiRespType");
+	torture_assert_int_equal(tctx, v2.Challenge.Reserved1, 0, "Reserved1");
+	torture_assert_int_equal(tctx, v2.Challenge.Reserved2, 0, "Reserved2");
+	/* 	TimeStamp                : Tue Sep 14 17:06:53 2010 CEST */
+	torture_assert_mem_equal(tctx, v2.Challenge.ChallengeFromClient, ChallengeFromClient, 8, "v2.Challenge.ChallengeFromClient");
+	torture_assert_int_equal(tctx, v2.Challenge.Reserved3, 0, "Reserved3");
+
+	AvPairs = v2.Challenge.AvPairs;
+
+	torture_assert_int_equal(tctx, AvPairs.count, 8, "AvPairs.count");
+
+	torture_assert_int_equal(tctx, AvPairs.pair[0].AvId, MsvAvNbDomainName, "AvId");
+	torture_assert_int_equal(tctx, AvPairs.pair[0].AvLen, 10, "AvLen");
+	torture_assert_str_equal(tctx, AvPairs.pair[0].Value.AvNbDomainName, "SAMBA", "Value.AvNbDomainName");
+
+	torture_assert_int_equal(tctx, AvPairs.pair[1].AvId, MsvAvNbComputerName, "AvId");
+	torture_assert_int_equal(tctx, AvPairs.pair[1].AvLen, 16, "AvLen");
+	torture_assert_str_equal(tctx, AvPairs.pair[1].Value.AvNbComputerName, "MTHELENA", "Value.AvNbComputerName");
+
+	torture_assert_int_equal(tctx, AvPairs.pair[2].AvId, MsvAvDnsDomainName, "AvId");
+	torture_assert_int_equal(tctx, AvPairs.pair[2].AvLen, 28, "AvLen");
+	torture_assert_str_equal(tctx, AvPairs.pair[2].Value.AvDnsDomainName, "ber.redhat.com", "Value.AvDnsDomainName");
+
+	torture_assert_int_equal(tctx, AvPairs.pair[3].AvId, MsvAvDnsComputerName, "AvId");
+	torture_assert_int_equal(tctx, AvPairs.pair[3].AvLen, 46, "AvLen");
+	torture_assert_str_equal(tctx, AvPairs.pair[3].Value.AvDnsComputerName, "mthelena.ber.redhat.com", "Value.AvDnsComputerName");
+
+	torture_assert_int_equal(tctx, AvPairs.pair[4].AvId, MsAvRestrictions, "AvId");
+	torture_assert_int_equal(tctx, AvPairs.pair[4].AvLen, 48, "AvLen");
+	torture_assert_int_equal(tctx, AvPairs.pair[4].Value.AvRestrictions.Size, 48, "Value.AvRestrictions.Size");
+	torture_assert_int_equal(tctx, AvPairs.pair[4].Value.AvRestrictions.Z4, 0, "Value.AvRestrictions.Z4");
+	torture_assert_int_equal(tctx, AvPairs.pair[4].Value.AvRestrictions.IntegrityLevel, 0, "Value.AvRestrictions.IntegrityLevel");
+	torture_assert_int_equal(tctx, AvPairs.pair[4].Value.AvRestrictions.SubjectIntegrityLevel, 0x00003000, "Value.AvRestrictions.SubjectIntegrityLevel");
+	torture_assert_mem_equal(tctx, AvPairs.pair[4].Value.AvRestrictions.MachineId, MachineId, 32, "Value.AvRestrictions.MachineId");
+
+	torture_assert_int_equal(tctx, AvPairs.pair[5].AvId, MsvChannelBindings, "AvId");
+	torture_assert_int_equal(tctx, AvPairs.pair[5].AvLen, 16, "AvLen");
+	torture_assert_mem_equal(tctx, AvPairs.pair[5].Value.ChannelBindings, lm_challenge_response, 16, "Value.ChannelBindings");
+
+	torture_assert_int_equal(tctx, AvPairs.pair[6].AvId, MsvAvTargetName, "AvId");
+	torture_assert_int_equal(tctx, AvPairs.pair[6].AvLen, 26, "AvLen");
+	torture_assert_str_equal(tctx, AvPairs.pair[6].Value.AvTargetName, "cifs/mthelena", "Value.AvTargetName");
+
+	torture_assert_int_equal(tctx, AvPairs.pair[7].AvId, MsvAvEOL, "AvId");
+	torture_assert_int_equal(tctx, AvPairs.pair[7].AvLen, 0, "AvLen");
+
+	torture_assert_int_equal(tctx, r->DomainNameLen, 14, "DomainNameLen");
+	torture_assert_int_equal(tctx, r->DomainNameMaxLen, 14, "DomainNameMaxLen");
+	torture_assert_str_equal(tctx, r->DomainName, "W2K8DOM", "DomainName");
+
+	torture_assert_int_equal(tctx, r->UserNameLen, 26, "UserNameLen");
+	torture_assert_int_equal(tctx, r->UserNameMaxLen, 26, "UserNameMaxLen");
+	torture_assert_str_equal(tctx, r->UserName, "Administrator", "UserName");
+
+	torture_assert_int_equal(tctx, r->WorkstationLen, 12, "WorkstationLen");
+	torture_assert_int_equal(tctx, r->WorkstationMaxLen, 12, "WorkstationMaxLen");
+	torture_assert_str_equal(tctx, r->Workstation, "W2K8R2", "Workstation");
+
+	torture_assert_int_equal(tctx, r->EncryptedRandomSessionKeyLen, 16, "EncryptedRandomSessionKeyLen");
+	torture_assert_int_equal(tctx, r->EncryptedRandomSessionKeyMaxLen, 16, "EncryptedRandomSessionKeyMaxLen");
+	torture_assert_mem_equal(tctx, r->EncryptedRandomSessionKey->data, EncryptedRandomSessionKey, 16, "EncryptedRandomSessionKeyMaxLen");
+
+	torture_assert_int_equal(tctx, r->NegotiateFlags, 0xe2888215, "NegotiateFlags");
+
+	torture_assert_int_equal(tctx, r->Version.version.ProductMajorVersion, NTLMSSP_WINDOWS_MAJOR_VERSION_6, "ProductMajorVersion");
+	torture_assert_int_equal(tctx, r->Version.version.ProductMinorVersion, NTLMSSP_WINDOWS_MINOR_VERSION_1, "ProductMinorVersion");
+	torture_assert_int_equal(tctx, r->Version.version.ProductBuild, 0x1db0, "ProductBuild");
+	torture_assert_int_equal(tctx, r->Version.version.Reserved[0], 0x00, "Reserved");
+	torture_assert_int_equal(tctx, r->Version.version.Reserved[1], 0x00, "Reserved");
+	torture_assert_int_equal(tctx, r->Version.version.Reserved[2], 0x00, "Reserved");
+	torture_assert_int_equal(tctx, r->Version.version.Reserved[3], 0x00, "Reserved");
+	torture_assert_int_equal(tctx, r->Version.version.NTLMRevisionCurrent, NTLMSSP_REVISION_W2K3, "NTLMRevisionCurrent");
+
 	return true;
 }
-#endif
 
 struct torture_suite *ndr_ntlmssp_suite(TALLOC_CTX *ctx)
 {
 	struct torture_suite *suite = torture_suite_create(ctx, "ntlmssp");
 
 	torture_suite_add_ndr_pull_test(suite, NEGOTIATE_MESSAGE, ntlmssp_NEGOTIATE_MESSAGE_data, ntlmssp_NEGOTIATE_MESSAGE_check);
-#if 0
 	torture_suite_add_ndr_pull_test(suite, CHALLENGE_MESSAGE, ntlmssp_CHALLENGE_MESSAGE_data, ntlmssp_CHALLENGE_MESSAGE_check);
 	torture_suite_add_ndr_pull_test(suite, AUTHENTICATE_MESSAGE, ntlmssp_AUTHENTICATE_MESSAGE_data, ntlmssp_AUTHENTICATE_MESSAGE_check);
-#endif
+
+	torture_suite_add_ndr_pullpush_test(suite,
+					    NEGOTIATE_MESSAGE,
+					    data_blob_const(ntlmssp_NEGOTIATE_MESSAGE_data, sizeof(ntlmssp_NEGOTIATE_MESSAGE_data)),
+					    ntlmssp_NEGOTIATE_MESSAGE_check);
+
+	torture_suite_add_ndr_pullpush_test(suite,
+					    CHALLENGE_MESSAGE,
+					    data_blob_const(ntlmssp_CHALLENGE_MESSAGE_data, sizeof(ntlmssp_CHALLENGE_MESSAGE_data)),
+					    ntlmssp_CHALLENGE_MESSAGE_check);
+
 	return suite;
 }


-- 
Samba Shared Repository



More information about the samba-cvs mailing list