utils: Add destroy_netlogon_creds_cli

This is a pure testing utility that will garble the netlogon_creds_cli session_key. This creates a similar effect to our schannel credentials as does a domain controller reboot. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13332 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (backported from commit bffae41842fe218959fe6f8b43df694feec1589c)
author: Volker Lendecke <vl@samba.org> 2018-02-28 07:59:08 +0000
committer: Karolin Seeger <kseeger@samba.org> 2018-05-07 09:57:25 +0200
commit: 91fd11d0b62039bcabc6a350f28020c79083d4f8 (patch)
tree: f7a9641948b832767e7cbf073f69681fd9e35e4c /source3
parent: d6ac5408f7c4d2fc0bb648a302bc012b725bec41 (diff)
download: samba-91fd11d0b62039bcabc6a350f28020c79083d4f8.tar.gz
2 files changed, 145 insertions, 0 deletions
diff --git a/source3/utils/destroy_netlogon_creds_cli.c b/source3/utils/destroy_netlogon_creds_cli.c
new file mode 100644
index 00000000000..c7726d25fdb
--- /dev/null
+++ b/source3/utils/destroy_netlogon_creds_cli.c
@@ -0,0 +1,136 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * Garble the netlogon_creds_cli key for testing purposes
+ * Copyright (C) Volker Lendecke 2018
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+#include "system/filesys.h"
+#include <talloc.h>
+#include <tevent.h>
+#include "messages.h"
+#include "lib/util/talloc_stack.h"
+#include "popt_common.h"
+#include "lib/param/loadparm.h"
+#include "lib/param/param.h"
+#include "libcli/auth/netlogon_creds_cli.h"
+#include "lib/dbwrap/dbwrap.h"
+#include "lib/dbwrap/dbwrap_open.h"
+
+int main(int argc, const char *argv[])
+{
+	TALLOC_CTX *mem_ctx = talloc_stackframe();
+	struct tevent_context *ev;
+	struct messaging_context *msg_ctx;
+	struct loadparm_context *lp_ctx;
+	struct db_context *global_db;
+	struct netlogon_creds_cli_context *ctx;
+	struct netlogon_creds_CredentialState *creds;
+	NTSTATUS status;
+	int ret = 1;
+
+	smb_init_locale();
+
+	if (!lp_load_global(get_dyn_CONFIGFILE())) {
+		fprintf(stderr, "error opening config file %s. Error was %s\n",
+			get_dyn_CONFIGFILE(), strerror(errno));
+		goto done;
+	}
+
+	if (argc != 4) {
+		fprintf(stderr, "usage: %s cli_computer domain dc\n", argv[0]);
+		goto done;
+	}
+
+	lp_ctx = loadparm_init_s3(mem_ctx, loadparm_s3_helpers());
+	if (lp_ctx == NULL) {
+		fprintf(stderr, "loadparm_init_s3 failed\n");
+		goto done;
+	}
+
+	ev = samba_tevent_context_init(mem_ctx);
+	if (ev == NULL) {
+		fprintf(stderr, "samba3_tevent_context_init failed\n");
+		goto done;
+	}
+	msg_ctx = messaging_init(mem_ctx, ev);
+	if (msg_ctx == NULL) {
+		fprintf(stderr, "messaging_init failed\n");
+		goto done;
+	}
+
+	global_db = db_open(
+		mem_ctx,
+		lpcfg_private_db_path(mem_ctx, lp_ctx, "netlogon_creds_cli"),
+		0, TDB_CLEAR_IF_FIRST|TDB_INCOMPATIBLE_HASH,
+		O_RDWR|O_CREAT, 0600, DBWRAP_LOCK_ORDER_2,
+		DBWRAP_FLAG_OPTIMIZE_READONLY_ACCESS);
+	if (global_db == NULL) {
+		fprintf(stderr, "db_open failed\n");
+		goto done;
+	}
+
+	status = netlogon_creds_cli_set_global_db(&global_db);
+	if (!NT_STATUS_IS_OK(status)) {
+		fprintf(stderr,
+			"netlogon_creds_cli_set_global_db failed: %s\n",
+			nt_errstr(status));
+		goto done;
+	}
+
+	status = netlogon_creds_cli_context_global(
+		lp_ctx,
+		msg_ctx,
+		talloc_asprintf(mem_ctx, "%s$", argv[1]),
+		SEC_CHAN_WKSTA,
+		argv[3],
+		argv[2],
+		mem_ctx,
+		&ctx);
+	if (!NT_STATUS_IS_OK(status)) {
+		fprintf(stderr,
+			"netlogon_creds_cli_context_global failed: %s\n",
+			nt_errstr(status));
+		goto done;
+	}
+
+	status = netlogon_creds_cli_lock(ctx,
+					 mem_ctx,
+					 &creds);
+	if (!NT_STATUS_IS_OK(status)) {
+		fprintf(stderr,
+			"netlogon_creds_cli_get failed: %s\n",
+			nt_errstr(status));
+		goto done;
+	}
+
+	creds->session_key[0]++;
+
+	status = netlogon_creds_cli_store(ctx, &creds);
+	if (!NT_STATUS_IS_OK(status)) {
+		fprintf(stderr,
+			"netlogon_creds_cli_store failed: %s\n",
+			nt_errstr(status));
+		goto done;
+	}
+
+	TALLOC_FREE(creds);
+
+	ret = 0;
+done:
+	TALLOC_FREE(mem_ctx);
+	return ret;
+}
diff --git a/source3/utils/wscript_build b/source3/utils/wscript_build
index 3c1f9a4773d..f2e118e1666 100644
--- a/source3/utils/wscript_build
+++ b/source3/utils/wscript_build
@@ -258,3 +258,12 @@ bld.SAMBA3_BINARY('mvxattr',
                  popt_samba3
                  ''',
                  enabled=bld.env.build_mvxattr)
+
+bld.SAMBA3_BINARY('destroy_netlogon_creds_cli',
+                  source='destroy_netlogon_creds_cli.c',
+                  deps = '''
+                      talloc
+                      popt_samba3
+                      NETLOGON_CREDS_CLI
+                  ''',
+                  install=False)
author	Volker Lendecke <vl@samba.org>	2018-02-28 07:59:08 +0000
committer	Karolin Seeger <kseeger@samba.org>	2018-05-07 09:57:25 +0200
commit	91fd11d0b62039bcabc6a350f28020c79083d4f8 (patch)
tree	f7a9641948b832767e7cbf073f69681fd9e35e4c /source3
parent	d6ac5408f7c4d2fc0bb648a302bc012b725bec41 (diff)
download	samba-91fd11d0b62039bcabc6a350f28020c79083d4f8.tar.gz