From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 15 Jul 2016 07:10:03 +0000 (+0200)
Subject: s4:torture/ndr: add validation checks for strange supplementalCredentials blobs
X-Git-Tag: tdb-1.3.10~300
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=c30dcaee4ccb8b83c907289788e84169ad2624e8;p=thirdparty%2Fsamba.git

s4:torture/ndr: add validation checks for strange supplementalCredentials blobs

From the mail to dochelp:

  I've also got cases (where I created an account with
  UF_NORMAL_ACCOUNT|UF_ACCOUNTDISABLE|UF_SMARTCARD_REQUIRED
  in the LDAP add) with the following strange blobs:

  One time:
  [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00

  and once:
  [0000] 00 00 00 00 00 00 00 00 00 00 00 00 53

  The original issue I reported was the following, a user was created
  with a password and then userAccountControl was changed to
  UF_NORMAL_ACCOUNT|UF_SMARTCARD_REQUIRED. In that case I'm getting:

  [0000] 00 00 00 00 62 00 00 00   00 00 00 00 20 00 20 00
  [0010] 20 00 20 00 20 00 20 00   20 00 20 00 20 00 20 00
  [0020] 20 00 20 00 20 00 20 00   20 00 20 00 20 00 20 00
  [0030] 20 00 20 00 20 00 20 00   20 00 20 00 20 00 20 00
  [0040] 20 00 20 00 20 00 20 00   20 00 20 00 20 00 20 00
  [0050] 20 00 20 00 20 00 20 00   20 00 20 00 20 00 20 00
  [0060] 20 00 20 00 20 00 20 00   20 00 20 00 50 00 30

As you see the last byte (unknown3) is always different on Windows,
but always 0x00 from Samba, so I used 0x00 in order to allow the
test to pass.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
---

diff --git a/source4/torture/ndr/drsblobs.c b/source4/torture/ndr/drsblobs.c
index b8934e1a415..712f857763b 100644
--- a/source4/torture/ndr/drsblobs.c
+++ b/source4/torture/ndr/drsblobs.c
@@ -180,6 +180,60 @@ static bool trust_domain_passwords_check_in(struct torture_context *tctx,
 	return true;
 }
 
+static const uint8_t supplementalCredentials_empty1[] = {
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+static bool supplementalCredentials_empty1_check(struct torture_context *tctx,
+					struct supplementalCredentialsBlob *r)
+{
+	torture_assert_int_equal(tctx, r->unknown1, 0, "unknown1");
+	torture_assert_int_equal(tctx, r->__ndr_size, 0, "__ndr_size");
+	torture_assert_int_equal(tctx, r->unknown2, 0, "unknown2");
+	torture_assert(tctx, r->sub.prefix == NULL, "prefix");
+	torture_assert_int_equal(tctx, r->sub.signature, 0, "signature");
+	torture_assert_int_equal(tctx, r->sub.num_packages, 0, "num_packages");
+	torture_assert_int_equal(tctx, r->unknown3, 0, "unknown3");
+
+	return true;
+}
+
+static const uint8_t supplementalCredentials_empty2[] = {
+	0x00, 0x00, 0x00, 0x00, 0x62, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x20, 0x00,
+	0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00,
+	0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00,
+	0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00,
+	0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00,
+	0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00,
+	0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00,
+	0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00,
+	0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00,
+	0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00,
+	0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00,
+	0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00,
+	0x20, 0x00, 0x20, 0x00, 0x50, 0x00, 0x00 /* was 0x30 */
+	/*
+	 * I've changed the last byte as Samba sets it to 0x00
+	 * and it's random on Windows.
+	 */
+};
+
+static bool supplementalCredentials_empty2_check(struct torture_context *tctx,
+					struct supplementalCredentialsBlob *r)
+{
+	torture_assert_int_equal(tctx, r->unknown1, 0, "unknown1");
+	torture_assert_int_equal(tctx, r->__ndr_size, 0x62, "__ndr_size");
+	torture_assert_int_equal(tctx, r->unknown2, 0, "unknown2");
+	torture_assert_str_equal(tctx, r->sub.prefix, SUPPLEMENTAL_CREDENTIALS_PREFIX, "prefix");
+	torture_assert_int_equal(tctx, r->sub.signature, SUPPLEMENTAL_CREDENTIALS_SIGNATURE, "signature");
+	torture_assert_int_equal(tctx, r->sub.num_packages, 0, "num_packages");
+	torture_assert_int_equal(tctx, r->unknown3, 0x00, "unknown3"); /* This is typically not initialized */
+
+	return true;
+}
+
 struct torture_suite *ndr_drsblobs_suite(TALLOC_CTX *ctx)
 {
 	struct torture_suite *suite = torture_suite_create(ctx, "drsblobs");
@@ -197,5 +251,15 @@ struct torture_suite *ndr_drsblobs_suite(TALLOC_CTX *ctx)
 					    base64_decode_data_blob_talloc(suite, trustAuthOutgoing),
 					    NULL);
 
+	torture_suite_add_ndr_pull_validate_test(suite, supplementalCredentialsBlob,
+					data_blob_const(supplementalCredentials_empty1,
+						sizeof(supplementalCredentials_empty1)),
+					supplementalCredentials_empty1_check);
+
+	torture_suite_add_ndr_pull_validate_test(suite, supplementalCredentialsBlob,
+					data_blob_const(supplementalCredentials_empty2,
+						sizeof(supplementalCredentials_empty2)),
+					supplementalCredentials_empty2_check);
+
 	return suite;
 }