diff options
author | Stefan Metzmacher <metze@samba.org> | 2020-09-16 16:07:30 +0200 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2020-09-18 12:58:23 +0200 |
commit | 0b45e084a450fe5e44904c0e4b9e2517f26c5336 (patch) | |
tree | 6e304f9e165abc5d77e1964fa61678f79f23bfca /source4/torture/rpc/netlogon.c | |
parent | e3e816443470860a93793117b26328d2ebaa36a6 (diff) | |
download | samba-0b45e084a450fe5e44904c0e4b9e2517f26c5336.tar.gz |
CVE-2020-1472(ZeroLogon): s4:torture/rpc: make use of netlogon_creds_random_challenge()
This will avoid getting flakey tests once our server starts to
reject weak challenges.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'source4/torture/rpc/netlogon.c')
-rw-r--r-- | source4/torture/rpc/netlogon.c | 34 |
1 files changed, 12 insertions, 22 deletions
diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c index 026d86d50e4..e11014922f8 100644 --- a/source4/torture/rpc/netlogon.c +++ b/source4/torture/rpc/netlogon.c @@ -160,7 +160,7 @@ bool test_SetupCredentials(struct dcerpc_pipe *p, struct torture_context *tctx, r.in.credentials = &credentials1; r.out.return_credentials = &credentials2; - generate_random_buffer(credentials1.data, sizeof(credentials1.data)); + netlogon_creds_random_challenge(&credentials1); torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b, tctx, &r), "ServerReqChallenge failed"); @@ -229,7 +229,7 @@ bool test_SetupCredentials2ex(struct dcerpc_pipe *p, struct torture_context *tct r.in.credentials = &credentials1; r.out.return_credentials = &credentials2; - generate_random_buffer(credentials1.data, sizeof(credentials1.data)); + netlogon_creds_random_challenge(&credentials1); torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b, tctx, &r), "ServerReqChallenge failed"); @@ -318,7 +318,7 @@ bool test_SetupCredentials3(struct dcerpc_pipe *p, struct torture_context *tctx, r.in.credentials = &credentials1; r.out.return_credentials = &credentials2; - generate_random_buffer(credentials1.data, sizeof(credentials1.data)); + netlogon_creds_random_challenge(&credentials1); torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b, tctx, &r), "ServerReqChallenge failed"); @@ -390,7 +390,7 @@ bool test_SetupCredentialsDowngrade(struct torture_context *tctx, r.in.credentials = &credentials1; r.out.return_credentials = &credentials2; - generate_random_buffer(credentials1.data, sizeof(credentials1.data)); + netlogon_creds_random_challenge(&credentials1); torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b, tctx, &r), "ServerReqChallenge failed"); @@ -1278,7 +1278,7 @@ static bool test_ServerReqChallengeGlobal(struct torture_context *tctx, r.in.credentials = &credentials1; r.out.return_credentials = &credentials2; - generate_random_buffer(credentials1.data, sizeof(credentials1.data)); + netlogon_creds_random_challenge(&credentials1); torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b1, tctx, &r), "ServerReqChallenge failed on b1"); @@ -1367,7 +1367,7 @@ static bool test_ServerReqChallengeReuseGlobal(struct torture_context *tctx, r.in.credentials = &credentials1; r.out.return_credentials = &credentials2; - generate_random_buffer(credentials1.data, sizeof(credentials1.data)); + netlogon_creds_random_challenge(&credentials1); torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b1, tctx, &r), "ServerReqChallenge failed on b1"); @@ -1456,7 +1456,7 @@ static bool test_ServerReqChallengeReuseGlobal2(struct torture_context *tctx, r.in.credentials = &credentials1; r.out.return_credentials = &credentials2; - generate_random_buffer(credentials1.data, sizeof(credentials1.data)); + netlogon_creds_random_challenge(&credentials1); torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b1, tctx, &r), "ServerReqChallenge failed on b1"); @@ -1546,7 +1546,7 @@ static bool test_ServerReqChallengeReuseGlobal3(struct torture_context *tctx, r.in.credentials = &credentials1; r.out.return_credentials = &credentials2; - generate_random_buffer(credentials1.data, sizeof(credentials1.data)); + netlogon_creds_random_challenge(&credentials1); torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b1, tctx, &r), "ServerReqChallenge failed on b1"); @@ -1638,8 +1638,7 @@ static bool test_ServerReqChallengeReuseGlobal4(struct torture_context *tctx, r.in.credentials = &credentials1_random; r.out.return_credentials = &credentials_discard; - generate_random_buffer(credentials1_random.data, - sizeof(credentials1_random.data)); + netlogon_creds_random_challenge(&credentials1_random); torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b1, tctx, &r), "ServerReqChallenge failed on b1"); @@ -1651,7 +1650,7 @@ static bool test_ServerReqChallengeReuseGlobal4(struct torture_context *tctx, r.in.credentials = &credentials1; r.out.return_credentials = &credentials2; - generate_random_buffer(credentials1.data, sizeof(credentials1.data)); + netlogon_creds_random_challenge(&credentials1); torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b1, tctx, &r), "ServerReqChallenge failed on b1"); @@ -1662,16 +1661,7 @@ static bool test_ServerReqChallengeReuseGlobal4(struct torture_context *tctx, r.in.credentials = &credentials1_random; r.out.return_credentials = &credentials_discard; - generate_random_buffer(credentials1_random.data, - sizeof(credentials1_random.data)); - - r.in.server_name = NULL; - r.in.computer_name = "CHALTEST3"; - r.in.credentials = &credentials1_random; - r.out.return_credentials = &credentials_discard; - - generate_random_buffer(credentials1_random.data, - sizeof(credentials1_random.data)); + netlogon_creds_random_challenge(&credentials1_random); torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b1, tctx, &r), "ServerReqChallenge failed on b1"); @@ -1747,7 +1737,7 @@ static bool test_ServerReqChallengeReuse(struct torture_context *tctx, r.in.credentials = &credentials1; r.out.return_credentials = &credentials2; - generate_random_buffer(credentials1.data, sizeof(credentials1.data)); + netlogon_creds_random_challenge(&credentials1); torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b, tctx, &r), "ServerReqChallenge"); |