public void SamrValidatePassword_Reset_Success()
        {
            HRESULT  hResult;
            IChecker PtfAssert = TestClassBase.BaseTestSite.Assert;

            ConnectAndOpenDomain(
                GetPdcDnsName(),
                _samrProtocolAdapter.PrimaryDomainDnsName,
                out _serverHandle,
                out _domainHandle);

            _SAM_VALIDATE_INPUT_ARG inputArg = new _SAM_VALIDATE_INPUT_ARG();

            inputArg.ValidatePasswordResetInput = new _SAM_VALIDATE_PASSWORD_RESET_INPUT_ARG();

            DateTime  lockOutTime = DateTime.Now - TimeSpan.FromDays(5);
            DateTime  lastSetTime = DateTime.Now - TimeSpan.FromDays(6);
            _FILETIME lockout     = DtypUtility.ToFileTime(lockOutTime);
            _FILETIME lastset     = DtypUtility.ToFileTime(lastSetTime);

            BaseTestSite.Log.Add(LogEntryKind.TestStep,
                                 string.Format("Create InputArg for SamValidatePasswordReset, LockoutTime:{0}, PasswordLastSet:{1}, PasswordMustChangeAtNextLogon: {2}, PasswordHistoryLength: {3}.",
                                               lockOutTime.ToString(),
                                               lastSetTime.ToString(),
                                               1,
                                               0));
            inputArg.ValidatePasswordResetInput.InputPersistedFields.LockoutTime.QuadPart     = (((long)lockout.dwHighDateTime) << 32) | lockout.dwLowDateTime;
            inputArg.ValidatePasswordResetInput.InputPersistedFields.PasswordLastSet.QuadPart = (((long)lastset.dwHighDateTime) << 32) | lastset.dwLowDateTime;
            inputArg.ValidatePasswordResetInput.ClearPassword = DtypUtility.ToRpcUnicodeString("drowssaP02!");
            inputArg.ValidatePasswordResetInput.InputPersistedFields.BadPasswordCount      = 1;
            inputArg.ValidatePasswordResetInput.PasswordMustChangeAtNextLogon              = 1;
            inputArg.ValidatePasswordResetInput.InputPersistedFields.PasswordHistoryLength = 0;
            inputArg.ValidatePasswordResetInput.ClearLockout = 1;
            inputArg.ValidatePasswordResetInput.InputPersistedFields.PasswordHistory = new _SAM_VALIDATE_PASSWORD_HASH[] { };
            inputArg.ValidatePasswordResetInput.HashedPassword = new _SAM_VALIDATE_PASSWORD_HASH()
            {
                Hash   = new byte[] { 0xDE, 0xAD, 0xBE, 0xEF },
                Length = 4
            };

            BaseTestSite.Log.Add(LogEntryKind.TestStep, string.Format("Invoke SamrValidatePassword."));

            _SAM_VALIDATE_OUTPUT_ARG?outputArg;

            hResult = (HRESULT)SAMRProtocolAdapter.RpcAdapter.SamrValidatePassword(
                _domainHandle,
                _PASSWORD_POLICY_VALIDATION_TYPE.SamValidatePasswordReset,
                inputArg,
                out outputArg
                );
            PtfAssert.AreEqual(HRESULT.STATUS_SUCCESS, hResult, "SamrValidatePassword returns success.");
            PtfAssert.AreEqual(_SAM_VALIDATE_VALIDATION_STATUS.SamValidateSuccess, outputArg.Value.ValidatePasswordResetOutput.ValidationStatus,
                               "[MS-SAMR]3.1.5.13.7.3 ValidationStatus MUST be set to SamValidateSuccess.");
            PtfAssert.AreEqual(0, outputArg.Value.ValidatePasswordResetOutput.ChangedPersistedFields.PasswordLastSet.QuadPart,
                               "[MS-SAMR]3.1.5.13.7.3 If PasswordMustChangeAtNextLogon is nonzero, PasswordLastSet MUST be set to 0.");
            PtfAssert.AreEqual(0, outputArg.Value.ValidatePasswordResetOutput.ChangedPersistedFields.LockoutTime.QuadPart,
                               "[MS-SAMR]3.1.5.13.7.3 LockoutTime MUST be set to 0.");
            PtfAssert.AreEqual(0u, outputArg.Value.ValidatePasswordResetOutput.ChangedPersistedFields.BadPasswordCount,
                               "[MS-SAMR]3.1.5.13.7.3 If ValidatePasswordResetInput.InputPersistedFields.BadPasswordCount is nonzero, BadPasswordCount MUST be set to 0.");
        }
예제 #2
0
        /// <summary>
        ///  Construct Kerberos PAC pass-through logon information
        /// </summary>
        /// <param name="parameterControl">
        /// A set of bit flags that contain information pertaining to the logon validation processing.
        /// </param>
        /// <param name="domainName">domain name</param>
        /// <param name="userName">user name</param>
        /// <param name="serverName">NetBIOS name of server </param>
        /// <param name="kerbVerifyPacRequest">KERB_VERIFY_PAC_REQUEST packet</param>
        /// <returns>Kerberos PAC netlogon information structure </returns>
        public static _NETLOGON_LEVEL CreatePacLogonInfo(
            NrpcParameterControlFlags parameterControl,
            string domainName,
            string userName,
            string serverName,
            KERB_VERIFY_PAC_REQUEST kerbVerifyPacRequest)
        {
            _NETLOGON_LEVEL netLogonLevel = new _NETLOGON_LEVEL();

            byte[] logonData = TypeMarshal.ToBytes <KERB_VERIFY_PAC_REQUEST>(kerbVerifyPacRequest);

            //Identity: A NETLOGON_LOGON_IDENTITY_INFO structure, as specified in section MS-NRPC 2.2.1.4.15,
            //that contains information about the logon identity.
            _NETLOGON_LOGON_IDENTITY_INFO identityInfo = NrpcUtility.CreateNetlogonIdentityInfo(
                parameterControl,
                domainName,
                userName,
                serverName);

            netLogonLevel.LogonGeneric                = new _NETLOGON_GENERIC_INFO[1];
            netLogonLevel.LogonGeneric[0].Identity    = identityInfo;
            netLogonLevel.LogonGeneric[0].PackageName = DtypUtility.ToRpcUnicodeString(KERBEROS_PACKAGENAME);
            netLogonLevel.LogonGeneric[0].LogonData   = logonData;
            netLogonLevel.LogonGeneric[0].DataLength  = (uint)logonData.Length;

            return(netLogonLevel);
        }
예제 #3
0
        /// <summary>
        /// Create DPSP logon information structure
        /// </summary>
        /// <param name="parameterControl">
        /// A set of bit flags that contain information pertaining to the logon validation processing.
        /// </param>
        /// <param name="digestValidationReq">DIGEST_VALIDATION_REQ structure</param>
        /// <returns>Dpsp netlogon information structure</returns>
        public static _NETLOGON_LEVEL CreateDpspLogonInfo(
            NrpcParameterControlFlags parameterControl,
            DIGEST_VALIDATION_REQ digestValidationReq)
        {
            if (digestValidationReq.Payload == null)
            {
                throw new ArgumentException(
                          "invalid digestValidationReq parameter: the payload field is null",
                          "digestValidationReq");
            }

            _NETLOGON_LEVEL netLogonLevel = new _NETLOGON_LEVEL();

            DIGEST_VALIDATION_REQ_Payload payload =
                DIGEST_VALIDATION_REQ_Payload.Parse(digestValidationReq.Payload);

            byte[] logonData = TypeMarshal.ToBytes <DIGEST_VALIDATION_REQ>(digestValidationReq);

            //Identity: A NETLOGON_LOGON_IDENTITY_INFO structure, as specified in section MS-NRPC 2.2.1.4.15,
            //that contains information about the logon identity.
            _NETLOGON_LOGON_IDENTITY_INFO identityInfo = NrpcUtility.CreateNetlogonIdentityInfo(
                parameterControl,
                payload.Domain,
                payload.Username,
                payload.ServerName);

            netLogonLevel.LogonGeneric                = new _NETLOGON_GENERIC_INFO[1];
            netLogonLevel.LogonGeneric[0].Identity    = identityInfo;
            netLogonLevel.LogonGeneric[0].PackageName = DtypUtility.ToRpcUnicodeString(DIGEST_PACKAGENAME);
            netLogonLevel.LogonGeneric[0].LogonData   = logonData;
            netLogonLevel.LogonGeneric[0].DataLength  = (uint)logonData.Length;

            return(netLogonLevel);
        }
예제 #4
0
        public void SamrUnicodeChangePasswordUser2_SUCCESS()
        {
            IChecker PtfAssert   = TestClassBase.BaseTestSite.Assert;
            string   oldPassword = "******";
            string   newPassword = "******";


            CreateTempUser createTempUser = new CreateTempUser(
                _samrProtocolAdapter,
                testUserName,
                oldPassword,
                AdtsUserAccountControl.ADS_UF_NORMAL_ACCOUNT);

            BaseTestSite.Log.Add(LogEntryKind.TestStep,
                                 string.Format("Create test user, username:{0} password:{1}.", testUserName, oldPassword));
            Common.UpdatesStorage.GetInstance().PushUpdate(createTempUser);

            BaseTestSite.Log.Add(LogEntryKind.TestStep,
                                 string.Format("Set user must change password to user:{0}.", testUserName));
            Common.Utilities.UserMustChangePassword(
                _samrProtocolAdapter.pdcFqdn,
                _samrProtocolAdapter.ADDSPortNum,
                _samrProtocolAdapter.primaryDomainUserContainerDN,
                testUserName);

            Site.Log.Add(LogEntryKind.TestStep, "Initialize: Create Samr Bind to the server.");
            _samrProtocolAdapter.SamrBind(
                GetPdcDnsName(),
                _samrProtocolAdapter.primaryDomainFqdn,
                _samrProtocolAdapter.DomainAdministratorName,
                _samrProtocolAdapter.DomainUserPassword,
                false,
                true);

            SamrCryptography samrCryptography = new SamrCryptography(oldPassword, newPassword);

            BaseTestSite.Log.Add(LogEntryKind.TestStep,
                                 string.Format("SamrUnicodeChangePasswordUser2, OldPassword:{0}, NewPassword:{1}.", oldPassword, newPassword));
            HRESULT hResult = (HRESULT)SAMRProtocolAdapter.RpcAdapter.SamrUnicodeChangePasswordUser2(
                SAMRProtocolAdapter.RpcAdapter.Handle,
                DtypUtility.ToRpcUnicodeString(_samrProtocolAdapter.pdcNetBIOSName),
                DtypUtility.ToRpcUnicodeString(testUserName),
                samrCryptography.GetNewPasswordEncryptedWithOldNt(),
                samrCryptography.GetOldNtEncryptedWithNewNt(),
                0x01,
                samrCryptography.GetNewPasswordEncryptedWithOldLm(PasswordType.Unicode),
                samrCryptography.GetOldLmOwfPasswordEncryptedWithNewNt());

            PtfAssert.AreEqual(HRESULT.STATUS_SUCCESS, hResult, "SamrOemChangePasSamrUnicodeChangePasswordUser2swordUser2 returns success.");
        }
        /// <summary>
        /// Creates an S4uDelegationInfo instance using the specified s4U2proxyTarget and
        /// s4UTransitedServices.
        /// </summary>
        /// <param name="s4U2proxyTarget">the name of the principal to whom the application
        /// can be constraint delegated.</param>
        /// <param name="s4UTransitedServices">The list of all services that configured to
        /// be delegated.</param>
        /// <returns>The created S4uDelegationInfo instance.</returns>
        public static S4uDelegationInfo CreateS4uInfoBuffer(
            string s4U2proxyTarget,
            params string[] s4UTransitedServices)
        {
            S4uDelegationInfo s4uInfo = new S4uDelegationInfo();

            s4uInfo.NativeS4uDelegationInfo.S4U2proxyTarget   = DtypUtility.ToRpcUnicodeString(s4U2proxyTarget);
            s4uInfo.NativeS4uDelegationInfo.TransitedListSize = (uint)s4UTransitedServices.Length;

            _RPC_UNICODE_STRING[] transitedServiceArray = new _RPC_UNICODE_STRING[s4UTransitedServices.Length];
            for (int i = 0; i < transitedServiceArray.Length; i++)
            {
                transitedServiceArray[i] = DtypUtility.ToRpcUnicodeString(s4UTransitedServices[i]);
            }
            s4uInfo.NativeS4uDelegationInfo.S4UTransitedServices = transitedServiceArray;

            return(s4uInfo);
        }
예제 #6
0
        public void SamrLookupDomainInSamServer_NonDC()
        {
            HRESULT  hResult;
            IChecker PtfAssert = TestClassBase.BaseTestSite.Assert;

            Site.Log.Add(LogEntryKind.TestStep,
                         string.Format("SamrBind, Server:{0}, Domain:{1}, User:{2}, Password{3}.",
                                       _samrProtocolAdapter.domainMemberFqdn,
                                       _samrProtocolAdapter.domainMemberNetBIOSName,
                                       _samrProtocolAdapter.DMAdminName,
                                       _samrProtocolAdapter.DMAdminPassword));
            _samrProtocolAdapter.SamrBind(
                _samrProtocolAdapter.domainMemberFqdn,
                _samrProtocolAdapter.domainMemberNetBIOSName,
                _samrProtocolAdapter.DMAdminName,
                _samrProtocolAdapter.DMAdminPassword,
                false,
                false);
            Site.Log.Add(LogEntryKind.TestStep,
                         string.Format("SamrConnect5, Server:{0}, Desired Access: SAM_SERVER_LOOKUP_DOMAIN.", _samrProtocolAdapter.domainMemberFqdn));
            hResult = (HRESULT)_samrProtocolAdapter.SamrConnect5(
                _samrProtocolAdapter.domainMemberFqdn,
                (uint)SERVER_ACCESS_MASK.SAM_SERVER_LOOKUP_DOMAIN,
                out _serverHandle);
            PtfAssert.AreEqual(HRESULT.STATUS_SUCCESS, hResult, "SamrConnect5 must return STATUS_SUCCESS.");

            Site.Log.Add(LogEntryKind.TestStep,
                         string.Format("SamrLookupDomainInSamServer, Name: {0}.", _samrProtocolAdapter.domainMemberNetBIOSName));
            _RPC_SID?domainID;

            hResult = (HRESULT)SAMRProtocolAdapter.RpcAdapter.SamrLookupDomainInSamServer(
                _serverHandle,
                DtypUtility.ToRpcUnicodeString("Builtin"),
                out domainID);
            PtfAssert.AreEqual(HRESULT.STATUS_SUCCESS, hResult, "SamrLookupDomainInSamServer must return STATUS_SUCCESS.");
            PtfAssert.IsNotNull(domainID, "DomainId is not null.");
            string domainSid = DtypUtility.ToSddlString(domainID.Value);

            PtfAssert.AreEqual(
                "S-1-5-32",
                domainSid,
                "The objectSid of the builtin domain must be returend.");
        }
        public void SamrGetDomainPasswordInformation_SUCCESS()
        {
            IChecker PtfAssert = TestClassBase.BaseTestSite.Assert;

            Site.Log.Add(LogEntryKind.TestStep, "Initialize: Create Samr Bind to the server.");
            _samrProtocolAdapter.SamrBind(
                GetPdcDnsName(),
                _samrProtocolAdapter.primaryDomainFqdn,
                _samrProtocolAdapter.DomainAdministratorName,
                _samrProtocolAdapter.DomainUserPassword,
                false,
                true);

            _USER_DOMAIN_PASSWORD_INFORMATION passwordInformation;

            BaseTestSite.Log.Add(LogEntryKind.TestStep,
                                 string.Format("Invoke SamrGetUserDomainPasswordInformation."));
            HRESULT hResult = (HRESULT)SAMRProtocolAdapter.RpcAdapter.SamrGetDomainPasswordInformation(
                SAMRProtocolAdapter.RpcAdapter.Handle,
                DtypUtility.ToRpcUnicodeString(""),
                out passwordInformation);

            PtfAssert.AreEqual(HRESULT.STATUS_SUCCESS, hResult, "SamrGetUserDomainPasswordInformation returns success.");

            var attributes = Microsoft.Protocols.TestSuites.ActiveDirectory.Common.Utilities.GetAttributesFromEntry(
                _samrProtocolAdapter.primaryDomainDN,
                new string[] { "minPwdLength", "pwdProperties" },
                GetPdcDnsName(),
                _samrProtocolAdapter.ADDSPortNum);

            PtfAssert.AreEqual(
                (int)attributes["minPwdLength"],
                passwordInformation.MinPasswordLength,
                "[MS-SAMR] 3.1.5.13.3 The output parameter PasswordInformation.MinPasswordLength MUST be set to the minPwdLength attribute value on the account domain object.");

            PtfAssert.AreEqual(
                (uint)(int)attributes["pwdProperties"],
                passwordInformation.PasswordProperties,
                "[MS-SAMR] 3.1.5.13.3 The output parameter PasswordInformation.PasswordProperties MUST be set to the pwdProperties attribute value on the account domain object.");
        }