public void SamrValidatePassword_Reset_Success() { HRESULT hResult; IChecker PtfAssert = TestClassBase.BaseTestSite.Assert; ConnectAndOpenDomain( GetPdcDnsName(), _samrProtocolAdapter.PrimaryDomainDnsName, out _serverHandle, out _domainHandle); _SAM_VALIDATE_INPUT_ARG inputArg = new _SAM_VALIDATE_INPUT_ARG(); inputArg.ValidatePasswordResetInput = new _SAM_VALIDATE_PASSWORD_RESET_INPUT_ARG(); DateTime lockOutTime = DateTime.Now - TimeSpan.FromDays(5); DateTime lastSetTime = DateTime.Now - TimeSpan.FromDays(6); _FILETIME lockout = DtypUtility.ToFileTime(lockOutTime); _FILETIME lastset = DtypUtility.ToFileTime(lastSetTime); BaseTestSite.Log.Add(LogEntryKind.TestStep, string.Format("Create InputArg for SamValidatePasswordReset, LockoutTime:{0}, PasswordLastSet:{1}, PasswordMustChangeAtNextLogon: {2}, PasswordHistoryLength: {3}.", lockOutTime.ToString(), lastSetTime.ToString(), 1, 0)); inputArg.ValidatePasswordResetInput.InputPersistedFields.LockoutTime.QuadPart = (((long)lockout.dwHighDateTime) << 32) | lockout.dwLowDateTime; inputArg.ValidatePasswordResetInput.InputPersistedFields.PasswordLastSet.QuadPart = (((long)lastset.dwHighDateTime) << 32) | lastset.dwLowDateTime; inputArg.ValidatePasswordResetInput.ClearPassword = DtypUtility.ToRpcUnicodeString("drowssaP02!"); inputArg.ValidatePasswordResetInput.InputPersistedFields.BadPasswordCount = 1; inputArg.ValidatePasswordResetInput.PasswordMustChangeAtNextLogon = 1; inputArg.ValidatePasswordResetInput.InputPersistedFields.PasswordHistoryLength = 0; inputArg.ValidatePasswordResetInput.ClearLockout = 1; inputArg.ValidatePasswordResetInput.InputPersistedFields.PasswordHistory = new _SAM_VALIDATE_PASSWORD_HASH[] { }; inputArg.ValidatePasswordResetInput.HashedPassword = new _SAM_VALIDATE_PASSWORD_HASH() { Hash = new byte[] { 0xDE, 0xAD, 0xBE, 0xEF }, Length = 4 }; BaseTestSite.Log.Add(LogEntryKind.TestStep, string.Format("Invoke SamrValidatePassword.")); _SAM_VALIDATE_OUTPUT_ARG?outputArg; hResult = (HRESULT)SAMRProtocolAdapter.RpcAdapter.SamrValidatePassword( _domainHandle, _PASSWORD_POLICY_VALIDATION_TYPE.SamValidatePasswordReset, inputArg, out outputArg ); PtfAssert.AreEqual(HRESULT.STATUS_SUCCESS, hResult, "SamrValidatePassword returns success."); PtfAssert.AreEqual(_SAM_VALIDATE_VALIDATION_STATUS.SamValidateSuccess, outputArg.Value.ValidatePasswordResetOutput.ValidationStatus, "[MS-SAMR]3.1.5.13.7.3 ValidationStatus MUST be set to SamValidateSuccess."); PtfAssert.AreEqual(0, outputArg.Value.ValidatePasswordResetOutput.ChangedPersistedFields.PasswordLastSet.QuadPart, "[MS-SAMR]3.1.5.13.7.3 If PasswordMustChangeAtNextLogon is nonzero, PasswordLastSet MUST be set to 0."); PtfAssert.AreEqual(0, outputArg.Value.ValidatePasswordResetOutput.ChangedPersistedFields.LockoutTime.QuadPart, "[MS-SAMR]3.1.5.13.7.3 LockoutTime MUST be set to 0."); PtfAssert.AreEqual(0u, outputArg.Value.ValidatePasswordResetOutput.ChangedPersistedFields.BadPasswordCount, "[MS-SAMR]3.1.5.13.7.3 If ValidatePasswordResetInput.InputPersistedFields.BadPasswordCount is nonzero, BadPasswordCount MUST be set to 0."); }
/// <summary> /// Construct Kerberos PAC pass-through logon information /// </summary> /// <param name="parameterControl"> /// A set of bit flags that contain information pertaining to the logon validation processing. /// </param> /// <param name="domainName">domain name</param> /// <param name="userName">user name</param> /// <param name="serverName">NetBIOS name of server </param> /// <param name="kerbVerifyPacRequest">KERB_VERIFY_PAC_REQUEST packet</param> /// <returns>Kerberos PAC netlogon information structure </returns> public static _NETLOGON_LEVEL CreatePacLogonInfo( NrpcParameterControlFlags parameterControl, string domainName, string userName, string serverName, KERB_VERIFY_PAC_REQUEST kerbVerifyPacRequest) { _NETLOGON_LEVEL netLogonLevel = new _NETLOGON_LEVEL(); byte[] logonData = TypeMarshal.ToBytes <KERB_VERIFY_PAC_REQUEST>(kerbVerifyPacRequest); //Identity: A NETLOGON_LOGON_IDENTITY_INFO structure, as specified in section MS-NRPC 2.2.1.4.15, //that contains information about the logon identity. _NETLOGON_LOGON_IDENTITY_INFO identityInfo = NrpcUtility.CreateNetlogonIdentityInfo( parameterControl, domainName, userName, serverName); netLogonLevel.LogonGeneric = new _NETLOGON_GENERIC_INFO[1]; netLogonLevel.LogonGeneric[0].Identity = identityInfo; netLogonLevel.LogonGeneric[0].PackageName = DtypUtility.ToRpcUnicodeString(KERBEROS_PACKAGENAME); netLogonLevel.LogonGeneric[0].LogonData = logonData; netLogonLevel.LogonGeneric[0].DataLength = (uint)logonData.Length; return(netLogonLevel); }
/// <summary> /// Create DPSP logon information structure /// </summary> /// <param name="parameterControl"> /// A set of bit flags that contain information pertaining to the logon validation processing. /// </param> /// <param name="digestValidationReq">DIGEST_VALIDATION_REQ structure</param> /// <returns>Dpsp netlogon information structure</returns> public static _NETLOGON_LEVEL CreateDpspLogonInfo( NrpcParameterControlFlags parameterControl, DIGEST_VALIDATION_REQ digestValidationReq) { if (digestValidationReq.Payload == null) { throw new ArgumentException( "invalid digestValidationReq parameter: the payload field is null", "digestValidationReq"); } _NETLOGON_LEVEL netLogonLevel = new _NETLOGON_LEVEL(); DIGEST_VALIDATION_REQ_Payload payload = DIGEST_VALIDATION_REQ_Payload.Parse(digestValidationReq.Payload); byte[] logonData = TypeMarshal.ToBytes <DIGEST_VALIDATION_REQ>(digestValidationReq); //Identity: A NETLOGON_LOGON_IDENTITY_INFO structure, as specified in section MS-NRPC 2.2.1.4.15, //that contains information about the logon identity. _NETLOGON_LOGON_IDENTITY_INFO identityInfo = NrpcUtility.CreateNetlogonIdentityInfo( parameterControl, payload.Domain, payload.Username, payload.ServerName); netLogonLevel.LogonGeneric = new _NETLOGON_GENERIC_INFO[1]; netLogonLevel.LogonGeneric[0].Identity = identityInfo; netLogonLevel.LogonGeneric[0].PackageName = DtypUtility.ToRpcUnicodeString(DIGEST_PACKAGENAME); netLogonLevel.LogonGeneric[0].LogonData = logonData; netLogonLevel.LogonGeneric[0].DataLength = (uint)logonData.Length; return(netLogonLevel); }
public void SamrUnicodeChangePasswordUser2_SUCCESS() { IChecker PtfAssert = TestClassBase.BaseTestSite.Assert; string oldPassword = "******"; string newPassword = "******"; CreateTempUser createTempUser = new CreateTempUser( _samrProtocolAdapter, testUserName, oldPassword, AdtsUserAccountControl.ADS_UF_NORMAL_ACCOUNT); BaseTestSite.Log.Add(LogEntryKind.TestStep, string.Format("Create test user, username:{0} password:{1}.", testUserName, oldPassword)); Common.UpdatesStorage.GetInstance().PushUpdate(createTempUser); BaseTestSite.Log.Add(LogEntryKind.TestStep, string.Format("Set user must change password to user:{0}.", testUserName)); Common.Utilities.UserMustChangePassword( _samrProtocolAdapter.pdcFqdn, _samrProtocolAdapter.ADDSPortNum, _samrProtocolAdapter.primaryDomainUserContainerDN, testUserName); Site.Log.Add(LogEntryKind.TestStep, "Initialize: Create Samr Bind to the server."); _samrProtocolAdapter.SamrBind( GetPdcDnsName(), _samrProtocolAdapter.primaryDomainFqdn, _samrProtocolAdapter.DomainAdministratorName, _samrProtocolAdapter.DomainUserPassword, false, true); SamrCryptography samrCryptography = new SamrCryptography(oldPassword, newPassword); BaseTestSite.Log.Add(LogEntryKind.TestStep, string.Format("SamrUnicodeChangePasswordUser2, OldPassword:{0}, NewPassword:{1}.", oldPassword, newPassword)); HRESULT hResult = (HRESULT)SAMRProtocolAdapter.RpcAdapter.SamrUnicodeChangePasswordUser2( SAMRProtocolAdapter.RpcAdapter.Handle, DtypUtility.ToRpcUnicodeString(_samrProtocolAdapter.pdcNetBIOSName), DtypUtility.ToRpcUnicodeString(testUserName), samrCryptography.GetNewPasswordEncryptedWithOldNt(), samrCryptography.GetOldNtEncryptedWithNewNt(), 0x01, samrCryptography.GetNewPasswordEncryptedWithOldLm(PasswordType.Unicode), samrCryptography.GetOldLmOwfPasswordEncryptedWithNewNt()); PtfAssert.AreEqual(HRESULT.STATUS_SUCCESS, hResult, "SamrOemChangePasSamrUnicodeChangePasswordUser2swordUser2 returns success."); }
/// <summary> /// Creates an S4uDelegationInfo instance using the specified s4U2proxyTarget and /// s4UTransitedServices. /// </summary> /// <param name="s4U2proxyTarget">the name of the principal to whom the application /// can be constraint delegated.</param> /// <param name="s4UTransitedServices">The list of all services that configured to /// be delegated.</param> /// <returns>The created S4uDelegationInfo instance.</returns> public static S4uDelegationInfo CreateS4uInfoBuffer( string s4U2proxyTarget, params string[] s4UTransitedServices) { S4uDelegationInfo s4uInfo = new S4uDelegationInfo(); s4uInfo.NativeS4uDelegationInfo.S4U2proxyTarget = DtypUtility.ToRpcUnicodeString(s4U2proxyTarget); s4uInfo.NativeS4uDelegationInfo.TransitedListSize = (uint)s4UTransitedServices.Length; _RPC_UNICODE_STRING[] transitedServiceArray = new _RPC_UNICODE_STRING[s4UTransitedServices.Length]; for (int i = 0; i < transitedServiceArray.Length; i++) { transitedServiceArray[i] = DtypUtility.ToRpcUnicodeString(s4UTransitedServices[i]); } s4uInfo.NativeS4uDelegationInfo.S4UTransitedServices = transitedServiceArray; return(s4uInfo); }
public void SamrLookupDomainInSamServer_NonDC() { HRESULT hResult; IChecker PtfAssert = TestClassBase.BaseTestSite.Assert; Site.Log.Add(LogEntryKind.TestStep, string.Format("SamrBind, Server:{0}, Domain:{1}, User:{2}, Password{3}.", _samrProtocolAdapter.domainMemberFqdn, _samrProtocolAdapter.domainMemberNetBIOSName, _samrProtocolAdapter.DMAdminName, _samrProtocolAdapter.DMAdminPassword)); _samrProtocolAdapter.SamrBind( _samrProtocolAdapter.domainMemberFqdn, _samrProtocolAdapter.domainMemberNetBIOSName, _samrProtocolAdapter.DMAdminName, _samrProtocolAdapter.DMAdminPassword, false, false); Site.Log.Add(LogEntryKind.TestStep, string.Format("SamrConnect5, Server:{0}, Desired Access: SAM_SERVER_LOOKUP_DOMAIN.", _samrProtocolAdapter.domainMemberFqdn)); hResult = (HRESULT)_samrProtocolAdapter.SamrConnect5( _samrProtocolAdapter.domainMemberFqdn, (uint)SERVER_ACCESS_MASK.SAM_SERVER_LOOKUP_DOMAIN, out _serverHandle); PtfAssert.AreEqual(HRESULT.STATUS_SUCCESS, hResult, "SamrConnect5 must return STATUS_SUCCESS."); Site.Log.Add(LogEntryKind.TestStep, string.Format("SamrLookupDomainInSamServer, Name: {0}.", _samrProtocolAdapter.domainMemberNetBIOSName)); _RPC_SID?domainID; hResult = (HRESULT)SAMRProtocolAdapter.RpcAdapter.SamrLookupDomainInSamServer( _serverHandle, DtypUtility.ToRpcUnicodeString("Builtin"), out domainID); PtfAssert.AreEqual(HRESULT.STATUS_SUCCESS, hResult, "SamrLookupDomainInSamServer must return STATUS_SUCCESS."); PtfAssert.IsNotNull(domainID, "DomainId is not null."); string domainSid = DtypUtility.ToSddlString(domainID.Value); PtfAssert.AreEqual( "S-1-5-32", domainSid, "The objectSid of the builtin domain must be returend."); }
public void SamrGetDomainPasswordInformation_SUCCESS() { IChecker PtfAssert = TestClassBase.BaseTestSite.Assert; Site.Log.Add(LogEntryKind.TestStep, "Initialize: Create Samr Bind to the server."); _samrProtocolAdapter.SamrBind( GetPdcDnsName(), _samrProtocolAdapter.primaryDomainFqdn, _samrProtocolAdapter.DomainAdministratorName, _samrProtocolAdapter.DomainUserPassword, false, true); _USER_DOMAIN_PASSWORD_INFORMATION passwordInformation; BaseTestSite.Log.Add(LogEntryKind.TestStep, string.Format("Invoke SamrGetUserDomainPasswordInformation.")); HRESULT hResult = (HRESULT)SAMRProtocolAdapter.RpcAdapter.SamrGetDomainPasswordInformation( SAMRProtocolAdapter.RpcAdapter.Handle, DtypUtility.ToRpcUnicodeString(""), out passwordInformation); PtfAssert.AreEqual(HRESULT.STATUS_SUCCESS, hResult, "SamrGetUserDomainPasswordInformation returns success."); var attributes = Microsoft.Protocols.TestSuites.ActiveDirectory.Common.Utilities.GetAttributesFromEntry( _samrProtocolAdapter.primaryDomainDN, new string[] { "minPwdLength", "pwdProperties" }, GetPdcDnsName(), _samrProtocolAdapter.ADDSPortNum); PtfAssert.AreEqual( (int)attributes["minPwdLength"], passwordInformation.MinPasswordLength, "[MS-SAMR] 3.1.5.13.3 The output parameter PasswordInformation.MinPasswordLength MUST be set to the minPwdLength attribute value on the account domain object."); PtfAssert.AreEqual( (uint)(int)attributes["pwdProperties"], passwordInformation.PasswordProperties, "[MS-SAMR] 3.1.5.13.3 The output parameter PasswordInformation.PasswordProperties MUST be set to the pwdProperties attribute value on the account domain object."); }