From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 28 Feb 2022 00:24:31 +0000 (+1300)
Subject: torture: Allow Samba as an AD DC to use zeros for LM key
X-Git-Tag: tevent-0.12.0~394
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ef1dbcdc6cbf723bb98280c798484ea7de36eb96;p=thirdparty%2Fsamba.git

torture: Allow Samba as an AD DC to use zeros for LM key

This is simple, explainable and secure.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Mar 17 02:47:13 UTC 2022 on sn-devel-184
---

diff --git a/selftest/knownfail.d/lm-hash-support-gone b/selftest/knownfail.d/lm-hash-support-gone
index 9700bb65719..cced585c531 100644
--- a/selftest/knownfail.d/lm-hash-support-gone
+++ b/selftest/knownfail.d/lm-hash-support-gone
@@ -6,4 +6,3 @@
 # These fail as they expect no LM support (compared with the _lm test test does)
 ^samba.tests.ntlm_auth.samba.tests.ntlm_auth.NTLMAuthHelpersTests.test_diagnostics\(nt4_dc:local\)
 ^samba.tests.ntlm_auth.samba.tests.ntlm_auth.NTLMAuthHelpersTests.test_diagnostics\(nt4_member:local\)
-^samba4.rpc.samlogon on ncacn_np with .samlogon\(ad_dc_slowtests\)
diff --git a/source4/torture/rpc/samlogon.c b/source4/torture/rpc/samlogon.c
index 632c4efc2ec..00a87baee99 100644
--- a/source4/torture/rpc/samlogon.c
+++ b/source4/torture/rpc/samlogon.c
@@ -516,41 +516,60 @@ static bool test_ntlm_in_lm(struct samlogon_state *samlogon_state, char **error_
 		return false;
 	}
 
-	if (lm_good) {
-		if (memcmp(lm_hash, lm_key,
-			   sizeof(lm_key)) != 0) {
+	if (torture_setting_bool(samlogon_state->tctx, "samba4", false)) {
+		if (!all_zero(lm_key, sizeof(lm_key)) != 0) {
 			torture_comment(samlogon_state->tctx, "LM Key does not match expectations!\n");
 			torture_comment(samlogon_state->tctx, "lm_key:\n");
 			dump_data(1, lm_key, 8);
-			torture_comment(samlogon_state->tctx, "expected:\n");
-			dump_data(1, lm_hash, 8);
+			torture_comment(samlogon_state->tctx, "expected (all zeros):\n");
 			pass = false;
 		}
-#if 0
-	} else {
-		if (memcmp(session_key.data, lm_key,
-			   sizeof(lm_key)) != 0) {
-			torture_comment(samlogon_state->tctx, "LM Key does not match expectations (first 8 session key)!\n");
-			torture_comment(samlogon_state->tctx, "lm_key:\n");
-			dump_data(1, lm_key, 8);
-			torture_comment(samlogon_state->tctx, "expected:\n");
-			dump_data(1, session_key.data, 8);
-			pass = false;
-		}
-#endif
-	}
-	if (lm_good && memcmp(lm_hash, user_session_key, 8) != 0) {
-		uint8_t lm_key_expected[16];
-		memcpy(lm_key_expected, lm_hash, 8);
-		memset(lm_key_expected+8, '\0', 8);
-		if (memcmp(lm_key_expected, user_session_key,
-			   16) != 0) {
-			torture_comment(samlogon_state->tctx, "NT Session Key does not match expectations (should be first-8 LM hash)!\n");
+
+
+		if (!all_zero(user_session_key, sizeof(user_session_key)) != 0) {
+			torture_comment(samlogon_state->tctx, "NT Key does not match expectations!\n");
 			torture_comment(samlogon_state->tctx, "user_session_key:\n");
 			dump_data(1, user_session_key, sizeof(user_session_key));
-			torture_comment(samlogon_state->tctx, "expected:\n");
-			dump_data(1, lm_key_expected, sizeof(lm_key_expected));
+			torture_comment(samlogon_state->tctx, "expected (all zeros):\n");
+			pass = false;
+		}
+	} else {
+		if (lm_good) {
+			if (memcmp(lm_hash, lm_key,
+				   sizeof(lm_key)) != 0) {
+				torture_comment(samlogon_state->tctx, "LM Key does not match expectations!\n");
+				torture_comment(samlogon_state->tctx, "lm_key:\n");
+				dump_data(1, lm_key, 8);
+				torture_comment(samlogon_state->tctx, "expected:\n");
+				dump_data(1, lm_hash, 8);
+				pass = false;
+			}
+#if 0
+		} else {
+			if (memcmp(session_key.data, lm_key,
+				   sizeof(lm_key)) != 0) {
+				torture_comment(samlogon_state->tctx, "LM Key does not match expectations (first 8 session key)!\n");
+				torture_comment(samlogon_state->tctx, "lm_key:\n");
+				dump_data(1, lm_key, 8);
+				torture_comment(samlogon_state->tctx, "expected:\n");
+				dump_data(1, session_key.data, 8);
 			pass = false;
+			}
+#endif
+		}
+		if (lm_good && memcmp(lm_hash, user_session_key, 8) != 0) {
+			uint8_t lm_key_expected[16];
+			memcpy(lm_key_expected, lm_hash, 8);
+			memset(lm_key_expected+8, '\0', 8);
+			if (memcmp(lm_key_expected, user_session_key,
+				   16) != 0) {
+				torture_comment(samlogon_state->tctx, "NT Session Key does not match expectations (should be first-8 LM hash)!\n");
+				torture_comment(samlogon_state->tctx, "user_session_key:\n");
+				dump_data(1, user_session_key, sizeof(user_session_key));
+				torture_comment(samlogon_state->tctx, "expected:\n");
+				dump_data(1, lm_key_expected, sizeof(lm_key_expected));
+				pass = false;
+			}
 		}
 	}
         return pass;