2009-05-11 22:44:58 +02:00
/*
2003-11-15 06:00:21 +00:00
Unix SMB / CIFS implementation .
test suite for samr rpc operations
Copyright ( C ) Andrew Tridgell 2003
2003-12-03 03:10:10 +00:00
Copyright ( C ) Andrew Bartlett < abartlet @ samba . org > 2003
2010-01-11 21:18:51 +01:00
Copyright ( C ) Guenther Deschner 2008 - 2010
2009-05-11 22:44:58 +02:00
2003-11-15 06:00:21 +00:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-10 02:07:03 +00:00
the Free Software Foundation ; either version 3 of the License , or
2003-11-15 06:00:21 +00:00
( at your option ) any later version .
2009-05-11 22:44:58 +02:00
2003-11-15 06:00:21 +00:00
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
2009-05-11 22:44:58 +02:00
2003-11-15 06:00:21 +00:00
You should have received a copy of the GNU General Public License
2007-07-10 02:07:03 +00:00
along with this program . If not , see < http : //www.gnu.org/licenses/>.
2003-11-15 06:00:21 +00:00
*/
# include "includes.h"
2006-01-03 13:41:17 +00:00
# include "torture/torture.h"
2010-03-09 15:46:55 +01:00
# include <tevent.h>
2006-07-04 02:46:24 +00:00
# include "system/time.h"
2006-03-16 00:23:11 +00:00
# include "librpc/gen_ndr/lsa.h"
2008-12-08 13:10:56 +01:00
# include "librpc/gen_ndr/ndr_netlogon.h"
# include "librpc/gen_ndr/ndr_netlogon_c.h"
2006-03-14 23:35:30 +00:00
# include "librpc/gen_ndr/ndr_samr_c.h"
2009-05-18 19:37:13 +02:00
# include "librpc/gen_ndr/ndr_lsa_c.h"
2008-09-24 15:30:23 +02:00
# include "../lib/crypto/crypto.h"
2006-03-14 15:02:05 +00:00
# include "libcli/auth/libcli_auth.h"
2006-04-02 12:02:01 +00:00
# include "libcli/security/security.h"
2006-03-14 15:02:05 +00:00
# include "torture/rpc/rpc.h"
2009-01-06 21:52:54 +01:00
# include "param/param.h"
2010-01-12 11:48:23 +01:00
# include "auth/gensec/gensec.h"
# include "auth/gensec/gensec_proto.h"
# include "../libcli/auth/schannel.h"
2003-11-15 06:00:21 +00:00
2008-11-25 02:46:25 +01:00
# include <unistd.h>
2004-06-05 03:22:10 +00:00
# define TEST_ACCOUNT_NAME "samrtorturetest"
2008-12-08 13:10:56 +01:00
# define TEST_ACCOUNT_NAME_PWD "samrpwdlastset"
2003-12-19 03:59:27 +00:00
# define TEST_ALIASNAME "samrtorturetestalias"
2004-04-17 05:54:55 +00:00
# define TEST_GROUPNAME "samrtorturetestgroup"
2005-03-13 06:43:34 +00:00
# define TEST_MACHINENAME "samrtestmach$"
# define TEST_DOMAINNAME "samrtestdom$"
2003-11-19 03:20:32 +00:00
2006-07-07 02:03:04 +00:00
enum torture_samr_choice {
TORTURE_SAMR_PASSWORDS ,
2008-11-27 12:09:39 +01:00
TORTURE_SAMR_PASSWORDS_PWDLASTSET ,
2010-01-11 21:18:51 +01:00
TORTURE_SAMR_PASSWORDS_BADPWDCOUNT ,
2010-01-15 18:08:57 +01:00
TORTURE_SAMR_PASSWORDS_LOCKOUT ,
2006-07-07 02:03:04 +00:00
TORTURE_SAMR_USER_ATTRIBUTES ,
2009-05-18 19:37:13 +02:00
TORTURE_SAMR_USER_PRIVILEGES ,
2009-05-25 13:08:58 +02:00
TORTURE_SAMR_OTHER ,
TORTURE_SAMR_MANY_ACCOUNTS ,
TORTURE_SAMR_MANY_GROUPS ,
TORTURE_SAMR_MANY_ALIASES
2006-07-07 02:03:04 +00:00
} ;
2003-12-19 03:59:27 +00:00
2009-11-26 00:32:47 +01:00
struct torture_samr_context {
struct policy_handle handle ;
struct cli_credentials * machine_credentials ;
enum torture_samr_choice choice ;
uint32_t num_objects_large_dc ;
} ;
2009-05-11 23:13:26 +02:00
static bool test_QueryUserInfo ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
2003-11-20 03:09:19 +00:00
struct policy_handle * handle ) ;
2009-05-11 23:13:26 +02:00
static bool test_QueryUserInfo2 ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
2004-04-18 04:32:04 +00:00
struct policy_handle * handle ) ;
2009-05-11 23:13:26 +02:00
static bool test_QueryAliasInfo ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * handle ) ;
2003-12-19 03:59:27 +00:00
2009-05-11 23:13:26 +02:00
static bool test_ChangePassword ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
2009-05-11 22:44:58 +02:00
const char * acct_name ,
2006-07-07 02:03:04 +00:00
struct policy_handle * domain_handle , char * * password ) ;
2005-07-08 08:09:02 +00:00
static void init_lsa_String ( struct lsa_String * string , const char * s )
2003-11-19 03:20:32 +00:00
{
2004-11-13 13:45:41 +00:00
string - > string = s ;
2003-11-19 03:20:32 +00:00
}
2009-05-18 19:37:13 +02:00
static void init_lsa_StringLarge ( struct lsa_StringLarge * string , const char * s )
{
string - > string = s ;
}
2008-11-10 14:02:34 +01:00
static void init_lsa_BinaryString ( struct lsa_BinaryString * string , const char * s , uint32_t length )
{
string - > length = length ;
string - > size = length ;
string - > array = ( uint16_t * ) discard_const ( s ) ;
}
2008-10-31 16:09:29 +01:00
bool test_samr_handle_Close ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2004-11-13 13:45:41 +00:00
struct policy_handle * handle )
2003-11-15 20:47:59 +00:00
{
NTSTATUS status ;
struct samr_Close r ;
r . in . handle = handle ;
r . out . handle = handle ;
2008-10-31 16:09:29 +01:00
status = dcerpc_samr_Close ( p , tctx , & r ) ;
torture_assert_ntstatus_ok ( tctx , status , " Close " ) ;
2003-11-15 20:47:59 +00:00
2007-10-06 22:28:14 +00:00
return true ;
2003-11-15 20:47:59 +00:00
}
2007-12-03 15:53:17 +01:00
static bool test_Shutdown ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2004-04-23 05:40:18 +00:00
struct policy_handle * handle )
{
NTSTATUS status ;
struct samr_Shutdown r ;
2007-12-03 15:53:17 +01:00
if ( ! torture_setting_bool ( tctx , " dangerous " , false ) ) {
2008-10-31 16:09:29 +01:00
torture_skip ( tctx , " samr_Shutdown disabled - enable dangerous tests to use \n " ) ;
2007-10-06 22:28:14 +00:00
return true ;
2004-04-23 05:40:18 +00:00
}
2004-09-21 03:51:38 +00:00
r . in . connect_handle = handle ;
2004-04-23 05:40:18 +00:00
2008-10-31 16:09:29 +01:00
torture_comment ( tctx , " testing samr_Shutdown \n " ) ;
2004-04-23 05:40:18 +00:00
2007-12-03 15:53:17 +01:00
status = dcerpc_samr_Shutdown ( p , tctx , & r ) ;
2008-10-31 16:09:29 +01:00
torture_assert_ntstatus_ok ( tctx , status , " samr_Shutdown " ) ;
2004-04-23 05:40:18 +00:00
2007-10-06 22:28:14 +00:00
return true ;
2004-04-23 05:40:18 +00:00
}
2007-12-03 15:53:17 +01:00
static bool test_SetDsrmPassword ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2004-04-23 05:40:18 +00:00
struct policy_handle * handle )
{
NTSTATUS status ;
struct samr_SetDsrmPassword r ;
2005-07-08 08:09:02 +00:00
struct lsa_String string ;
2004-06-04 11:58:46 +00:00
struct samr_Password hash ;
2004-04-23 05:40:18 +00:00
2007-12-03 15:53:17 +01:00
if ( ! torture_setting_bool ( tctx , " dangerous " , false ) ) {
2008-10-31 16:09:29 +01:00
torture_skip ( tctx , " samr_SetDsrmPassword disabled - enable dangerous tests to use " ) ;
2004-04-23 05:40:18 +00:00
}
E_md4hash ( " TeSTDSRM123 " , hash . hash ) ;
2005-07-08 08:09:02 +00:00
init_lsa_String ( & string , " Administrator " ) ;
2004-04-23 05:40:18 +00:00
2004-11-13 13:45:41 +00:00
r . in . name = & string ;
2004-04-23 05:40:18 +00:00
r . in . unknown = 0 ;
r . in . hash = & hash ;
2008-10-31 16:09:29 +01:00
torture_comment ( tctx , " testing samr_SetDsrmPassword \n " ) ;
2004-04-23 05:40:18 +00:00
2007-12-03 15:53:17 +01:00
status = dcerpc_samr_SetDsrmPassword ( p , tctx , & r ) ;
2008-10-31 16:09:29 +01:00
torture_assert_ntstatus_equal ( tctx , status , NT_STATUS_NOT_SUPPORTED , " samr_SetDsrmPassword " ) ;
2004-04-23 05:40:18 +00:00
2007-10-06 22:28:14 +00:00
return true ;
2004-04-23 05:40:18 +00:00
}
2003-11-15 20:47:59 +00:00
2009-05-11 22:44:58 +02:00
static bool test_QuerySecurity ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
2003-11-18 05:20:54 +00:00
struct policy_handle * handle )
{
NTSTATUS status ;
struct samr_QuerySecurity r ;
2003-12-19 23:44:26 +00:00
struct samr_SetSecurity s ;
2008-10-27 22:57:51 +01:00
struct sec_desc_buf * sdbuf = NULL ;
2003-11-18 05:20:54 +00:00
r . in . handle = handle ;
r . in . sec_info = 7 ;
2008-10-27 22:57:51 +01:00
r . out . sdbuf = & sdbuf ;
2003-11-18 05:20:54 +00:00
2007-12-03 15:53:17 +01:00
status = dcerpc_samr_QuerySecurity ( p , tctx , & r ) ;
2008-10-31 16:09:29 +01:00
torture_assert_ntstatus_ok ( tctx , status , " QuerySecurity " ) ;
2003-11-18 05:20:54 +00:00
2008-10-27 22:57:51 +01:00
torture_assert ( tctx , sdbuf ! = NULL , " sdbuf is NULL " ) ;
2004-05-28 13:23:30 +00:00
2003-12-19 23:44:26 +00:00
s . in . handle = handle ;
s . in . sec_info = 7 ;
2008-10-27 22:57:51 +01:00
s . in . sdbuf = sdbuf ;
2003-12-19 23:44:26 +00:00
2007-12-03 15:53:17 +01:00
if ( torture_setting_bool ( tctx , " samba4 " , false ) ) {
2008-10-31 16:09:29 +01:00
torture_skip ( tctx , " skipping SetSecurity test against Samba4 \n " ) ;
2006-07-03 03:39:02 +00:00
}
2007-12-03 15:53:17 +01:00
status = dcerpc_samr_SetSecurity ( p , tctx , & s ) ;
2008-10-31 16:09:29 +01:00
torture_assert_ntstatus_ok ( tctx , status , " SetSecurity " ) ;
2003-12-19 23:44:26 +00:00
2007-12-03 15:53:17 +01:00
status = dcerpc_samr_QuerySecurity ( p , tctx , & r ) ;
2008-10-31 16:09:29 +01:00
torture_assert_ntstatus_ok ( tctx , status , " QuerySecurity " ) ;
2003-12-19 23:44:26 +00:00
2007-10-06 22:28:14 +00:00
return true ;
2003-11-18 05:20:54 +00:00
}
2003-11-20 07:20:59 +00:00
2009-05-11 22:44:58 +02:00
static bool test_SetUserInfo ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2005-03-13 06:43:34 +00:00
struct policy_handle * handle , uint32_t base_acct_flags ,
const char * base_account_name )
2003-11-20 07:20:59 +00:00
{
NTSTATUS status ;
2003-11-20 10:29:54 +00:00
struct samr_SetUserInfo s ;
2004-04-21 06:23:29 +00:00
struct samr_SetUserInfo2 s2 ;
2003-11-20 10:29:54 +00:00
struct samr_QueryUserInfo q ;
2003-11-20 10:53:08 +00:00
struct samr_QueryUserInfo q0 ;
2003-11-20 07:20:59 +00:00
union samr_UserInfo u ;
2008-11-10 14:42:27 +01:00
union samr_UserInfo * info ;
2007-10-06 22:28:14 +00:00
bool ret = true ;
2005-03-13 06:43:34 +00:00
const char * test_account_name ;
2003-11-20 07:20:59 +00:00
2004-10-20 02:08:36 +00:00
uint32_t user_extra_flags = 0 ;
2009-05-08 22:20:38 +02:00
if ( ! torture_setting_bool ( tctx , " samba3 " , false ) ) {
if ( base_acct_flags = = ACB_NORMAL ) {
/* When created, accounts are expired by default */
user_extra_flags = ACB_PW_EXPIRED ;
}
2004-10-20 02:08:36 +00:00
}
2004-09-21 03:51:38 +00:00
s . in . user_handle = handle ;
2003-11-20 10:29:54 +00:00
s . in . info = & u ;
2004-04-21 06:23:29 +00:00
2004-09-21 03:51:38 +00:00
s2 . in . user_handle = handle ;
2004-04-21 06:23:29 +00:00
s2 . in . info = & u ;
2004-09-21 03:51:38 +00:00
q . in . user_handle = handle ;
2008-11-10 14:42:27 +01:00
q . out . info = & info ;
2003-11-20 10:53:08 +00:00
q0 = q ;
2003-11-20 10:29:54 +00:00
# define TESTCALL(call, r) \
2007-12-03 15:53:17 +01:00
status = dcerpc_samr_ # # call ( p , tctx , & r ) ; \
2003-11-20 10:29:54 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) { \
2008-10-31 16:09:29 +01:00
torture_comment ( tctx , # call " level %u failed - %s (%s) \n " , \
2005-03-13 06:43:34 +00:00
r . in . level , nt_errstr ( status ) , __location__ ) ; \
2007-10-06 22:28:14 +00:00
ret = false ; \
2003-11-20 10:29:54 +00:00
break ; \
}
# define STRING_EQUAL(s1, s2, field) \
if ( ( s1 & & ! s2 ) | | ( s2 & & ! s1 ) | | strcmp ( s1 , s2 ) ) { \
2008-10-31 16:09:29 +01:00
torture_comment ( tctx , " Failed to set %s to '%s' (%s) \n " , \
2005-03-13 06:43:34 +00:00
# field, s2, __location__); \
2007-10-06 22:28:14 +00:00
ret = false ; \
2003-11-20 10:29:54 +00:00
break ; \
}
2008-11-10 14:02:34 +01:00
# define MEM_EQUAL(s1, s2, length, field) \
if ( ( s1 & & ! s2 ) | | ( s2 & & ! s1 ) | | memcmp ( s1 , s2 , length ) ) { \
torture_comment ( tctx , " Failed to set %s to '%s' (%s) \n " , \
# field, (const char *)s2, __location__); \
ret = false ; \
break ; \
}
2003-11-20 10:29:54 +00:00
# define INT_EQUAL(i1, i2, field) \
if ( i1 ! = i2 ) { \
2008-10-31 16:09:29 +01:00
torture_comment ( tctx , " Failed to set %s to 0x%llx - got 0x%llx (%s) \n " , \
2007-09-06 02:56:56 +00:00
# field, (unsigned long long)i2, (unsigned long long)i1, __location__); \
2007-10-06 22:28:14 +00:00
ret = false ; \
2003-11-20 10:29:54 +00:00
break ; \
}
2004-11-13 13:45:41 +00:00
# define TEST_USERINFO_STRING(lvl1, field1, lvl2, field2, value, fpval) do { \
2008-10-31 16:09:29 +01:00
torture_comment ( tctx , " field test %d/%s vs %d/%s \n " , lvl1 , # field1 , lvl2 , # field2 ) ; \
2003-11-20 10:29:54 +00:00
q . in . level = lvl1 ; \
TESTCALL ( QueryUserInfo , q ) \
s . in . level = lvl1 ; \
2004-04-21 06:23:29 +00:00
s2 . in . level = lvl1 ; \
2008-11-10 14:42:27 +01:00
u = * info ; \
2004-01-19 08:59:14 +00:00
if ( lvl1 = = 21 ) { \
2004-04-22 07:28:18 +00:00
ZERO_STRUCT ( u . info21 ) ; \
2004-01-19 08:59:14 +00:00
u . info21 . fields_present = fpval ; \
} \
2005-07-08 08:09:02 +00:00
init_lsa_String ( & u . info # # lvl1 . field1 , value ) ; \
2003-11-20 10:29:54 +00:00
TESTCALL ( SetUserInfo , s ) \
2004-04-21 06:23:29 +00:00
TESTCALL ( SetUserInfo2 , s2 ) \
2005-07-08 08:09:02 +00:00
init_lsa_String ( & u . info # # lvl1 . field1 , " " ) ; \
2003-11-20 10:29:54 +00:00
TESTCALL ( QueryUserInfo , q ) ; \
2008-11-10 14:42:27 +01:00
u = * info ; \
2004-11-13 13:45:41 +00:00
STRING_EQUAL ( u . info # # lvl1 . field1 . string , value , field1 ) ; \
2003-11-20 10:29:54 +00:00
q . in . level = lvl2 ; \
TESTCALL ( QueryUserInfo , q ) \
2008-11-10 14:42:27 +01:00
u = * info ; \
2004-11-13 13:45:41 +00:00
STRING_EQUAL ( u . info # # lvl2 . field2 . string , value , field2 ) ; \
2003-11-20 10:29:54 +00:00
} while ( 0 )
2008-11-10 14:02:34 +01:00
# define TEST_USERINFO_BINARYSTRING(lvl1, field1, lvl2, field2, value, fpval) do { \
torture_comment ( tctx , " field test %d/%s vs %d/%s \n " , lvl1 , # field1 , lvl2 , # field2 ) ; \
q . in . level = lvl1 ; \
TESTCALL ( QueryUserInfo , q ) \
s . in . level = lvl1 ; \
s2 . in . level = lvl1 ; \
2008-11-10 14:42:27 +01:00
u = * info ; \
2008-11-10 14:02:34 +01:00
if ( lvl1 = = 21 ) { \
ZERO_STRUCT ( u . info21 ) ; \
u . info21 . fields_present = fpval ; \
} \
init_lsa_BinaryString ( & u . info # # lvl1 . field1 , value , strlen ( value ) ) ; \
TESTCALL ( SetUserInfo , s ) \
TESTCALL ( SetUserInfo2 , s2 ) \
init_lsa_BinaryString ( & u . info # # lvl1 . field1 , " " , 1 ) ; \
TESTCALL ( QueryUserInfo , q ) ; \
2008-11-10 14:42:27 +01:00
u = * info ; \
2008-11-10 14:02:34 +01:00
MEM_EQUAL ( u . info # # lvl1 . field1 . array , value , strlen ( value ) , field1 ) ; \
q . in . level = lvl2 ; \
TESTCALL ( QueryUserInfo , q ) \
2008-11-10 14:42:27 +01:00
u = * info ; \
2008-11-10 14:02:34 +01:00
MEM_EQUAL ( u . info # # lvl2 . field2 . array , value , strlen ( value ) , field2 ) ; \
} while ( 0 )
2004-10-20 02:08:36 +00:00
# define TEST_USERINFO_INT_EXP(lvl1, field1, lvl2, field2, value, exp_value, fpval) do { \
2008-10-31 16:09:29 +01:00
torture_comment ( tctx , " field test %d/%s vs %d/%s \n " , lvl1 , # field1 , lvl2 , # field2 ) ; \
2003-11-20 10:29:54 +00:00
q . in . level = lvl1 ; \
TESTCALL ( QueryUserInfo , q ) \
s . in . level = lvl1 ; \
2004-04-21 06:23:29 +00:00
s2 . in . level = lvl1 ; \
2008-11-10 14:42:27 +01:00
u = * info ; \
2004-01-19 08:59:14 +00:00
if ( lvl1 = = 21 ) { \
2005-01-05 15:24:20 +00:00
uint8_t * bits = u . info21 . logon_hours . bits ; \
2004-04-22 07:28:18 +00:00
ZERO_STRUCT ( u . info21 ) ; \
2004-04-30 03:57:48 +00:00
if ( fpval = = SAMR_FIELD_LOGON_HOURS ) { \
2004-04-22 07:28:18 +00:00
u . info21 . logon_hours . units_per_week = 168 ; \
2005-01-05 15:24:20 +00:00
u . info21 . logon_hours . bits = bits ; \
2004-04-22 07:28:18 +00:00
} \
2004-01-19 08:59:14 +00:00
u . info21 . fields_present = fpval ; \
} \
2004-04-22 07:28:18 +00:00
u . info # # lvl1 . field1 = value ; \
2003-11-20 10:29:54 +00:00
TESTCALL ( SetUserInfo , s ) \
2004-04-21 06:23:29 +00:00
TESTCALL ( SetUserInfo2 , s2 ) \
2003-11-20 10:29:54 +00:00
u . info # # lvl1 . field1 = 0 ; \
TESTCALL ( QueryUserInfo , q ) ; \
2008-11-10 14:42:27 +01:00
u = * info ; \
2004-10-20 02:08:36 +00:00
INT_EQUAL ( u . info # # lvl1 . field1 , exp_value , field1 ) ; \
2003-11-20 10:29:54 +00:00
q . in . level = lvl2 ; \
TESTCALL ( QueryUserInfo , q ) \
2008-11-10 14:42:27 +01:00
u = * info ; \
2004-10-20 02:08:36 +00:00
INT_EQUAL ( u . info # # lvl2 . field2 , exp_value , field1 ) ; \
2003-11-20 10:29:54 +00:00
} while ( 0 )
2003-11-20 10:53:08 +00:00
2004-10-20 02:08:36 +00:00
# define TEST_USERINFO_INT(lvl1, field1, lvl2, field2, value, fpval) do { \
TEST_USERINFO_INT_EXP ( lvl1 , field1 , lvl2 , field2 , value , value , fpval ) ; \
} while ( 0 )
2003-11-20 10:53:08 +00:00
q0 . in . level = 12 ;
do { TESTCALL ( QueryUserInfo , q0 ) } while ( 0 ) ;
2003-11-20 07:20:59 +00:00
2009-06-24 00:24:03 +02:00
TEST_USERINFO_STRING ( 2 , comment , 1 , comment , " xx2-1 comment " , 0 ) ;
TEST_USERINFO_STRING ( 2 , comment , 21 , comment , " xx2-21 comment " , 0 ) ;
TEST_USERINFO_STRING ( 21 , comment , 21 , comment , " xx21-21 comment " ,
SAMR_FIELD_COMMENT ) ;
2004-01-19 08:59:14 +00:00
2007-12-03 15:53:17 +01:00
test_account_name = talloc_asprintf ( tctx , " %sxx7-1 " , base_account_name ) ;
2005-03-13 06:43:34 +00:00
TEST_USERINFO_STRING ( 7 , account_name , 1 , account_name , base_account_name , 0 ) ;
2007-12-03 15:53:17 +01:00
test_account_name = talloc_asprintf ( tctx , " %sxx7-3 " , base_account_name ) ;
2005-03-13 06:43:34 +00:00
TEST_USERINFO_STRING ( 7 , account_name , 3 , account_name , base_account_name , 0 ) ;
2007-12-03 15:53:17 +01:00
test_account_name = talloc_asprintf ( tctx , " %sxx7-5 " , base_account_name ) ;
2005-03-13 06:43:34 +00:00
TEST_USERINFO_STRING ( 7 , account_name , 5 , account_name , base_account_name , 0 ) ;
2007-12-03 15:53:17 +01:00
test_account_name = talloc_asprintf ( tctx , " %sxx7-6 " , base_account_name ) ;
2005-03-13 06:43:34 +00:00
TEST_USERINFO_STRING ( 7 , account_name , 6 , account_name , base_account_name , 0 ) ;
2007-12-03 15:53:17 +01:00
test_account_name = talloc_asprintf ( tctx , " %sxx7-7 " , base_account_name ) ;
2005-03-13 06:43:34 +00:00
TEST_USERINFO_STRING ( 7 , account_name , 7 , account_name , base_account_name , 0 ) ;
2007-12-03 15:53:17 +01:00
test_account_name = talloc_asprintf ( tctx , " %sxx7-21 " , base_account_name ) ;
2005-03-13 06:43:34 +00:00
TEST_USERINFO_STRING ( 7 , account_name , 21 , account_name , base_account_name , 0 ) ;
test_account_name = base_account_name ;
2009-05-11 22:44:58 +02:00
TEST_USERINFO_STRING ( 21 , account_name , 21 , account_name , base_account_name ,
2005-03-13 06:43:34 +00:00
SAMR_FIELD_ACCOUNT_NAME ) ;
2004-11-13 13:45:41 +00:00
TEST_USERINFO_STRING ( 6 , full_name , 1 , full_name , " xx6-1 full_name " , 0 ) ;
TEST_USERINFO_STRING ( 6 , full_name , 3 , full_name , " xx6-3 full_name " , 0 ) ;
TEST_USERINFO_STRING ( 6 , full_name , 5 , full_name , " xx6-5 full_name " , 0 ) ;
TEST_USERINFO_STRING ( 6 , full_name , 6 , full_name , " xx6-6 full_name " , 0 ) ;
TEST_USERINFO_STRING ( 6 , full_name , 8 , full_name , " xx6-8 full_name " , 0 ) ;
TEST_USERINFO_STRING ( 6 , full_name , 21 , full_name , " xx6-21 full_name " , 0 ) ;
TEST_USERINFO_STRING ( 8 , full_name , 21 , full_name , " xx8-21 full_name " , 0 ) ;
2009-05-11 22:44:58 +02:00
TEST_USERINFO_STRING ( 21 , full_name , 21 , full_name , " xx21-21 full_name " ,
2005-03-13 06:43:34 +00:00
SAMR_FIELD_FULL_NAME ) ;
2004-01-19 08:59:14 +00:00
2007-07-27 02:07:17 +00:00
TEST_USERINFO_STRING ( 6 , full_name , 1 , full_name , " " , 0 ) ;
TEST_USERINFO_STRING ( 6 , full_name , 3 , full_name , " " , 0 ) ;
TEST_USERINFO_STRING ( 6 , full_name , 5 , full_name , " " , 0 ) ;
TEST_USERINFO_STRING ( 6 , full_name , 6 , full_name , " " , 0 ) ;
TEST_USERINFO_STRING ( 6 , full_name , 8 , full_name , " " , 0 ) ;
TEST_USERINFO_STRING ( 6 , full_name , 21 , full_name , " " , 0 ) ;
TEST_USERINFO_STRING ( 8 , full_name , 21 , full_name , " " , 0 ) ;
2009-05-11 22:44:58 +02:00
TEST_USERINFO_STRING ( 21 , full_name , 21 , full_name , " " ,
2007-07-27 02:07:17 +00:00
SAMR_FIELD_FULL_NAME ) ;
2004-11-13 13:45:41 +00:00
TEST_USERINFO_STRING ( 11 , logon_script , 3 , logon_script , " xx11-3 logon_script " , 0 ) ;
TEST_USERINFO_STRING ( 11 , logon_script , 5 , logon_script , " xx11-5 logon_script " , 0 ) ;
TEST_USERINFO_STRING ( 11 , logon_script , 21 , logon_script , " xx11-21 logon_script " , 0 ) ;
2009-05-11 22:44:58 +02:00
TEST_USERINFO_STRING ( 21 , logon_script , 21 , logon_script , " xx21-21 logon_script " ,
2004-04-30 03:57:48 +00:00
SAMR_FIELD_LOGON_SCRIPT ) ;
2004-01-19 08:59:14 +00:00
2004-11-13 13:45:41 +00:00
TEST_USERINFO_STRING ( 12 , profile_path , 3 , profile_path , " xx12-3 profile_path " , 0 ) ;
TEST_USERINFO_STRING ( 12 , profile_path , 5 , profile_path , " xx12-5 profile_path " , 0 ) ;
TEST_USERINFO_STRING ( 12 , profile_path , 21 , profile_path , " xx12-21 profile_path " , 0 ) ;
2009-05-11 22:44:58 +02:00
TEST_USERINFO_STRING ( 21 , profile_path , 21 , profile_path , " xx21-21 profile_path " ,
2004-06-05 03:22:10 +00:00
SAMR_FIELD_PROFILE_PATH ) ;
2004-01-19 08:59:14 +00:00
2006-10-17 20:32:01 +00:00
TEST_USERINFO_STRING ( 10 , home_directory , 3 , home_directory , " xx10-3 home_directory " , 0 ) ;
TEST_USERINFO_STRING ( 10 , home_directory , 5 , home_directory , " xx10-5 home_directory " , 0 ) ;
TEST_USERINFO_STRING ( 10 , home_directory , 21 , home_directory , " xx10-21 home_directory " , 0 ) ;
TEST_USERINFO_STRING ( 21 , home_directory , 21 , home_directory , " xx21-21 home_directory " ,
SAMR_FIELD_HOME_DIRECTORY ) ;
TEST_USERINFO_STRING ( 21 , home_directory , 10 , home_directory , " xx21-10 home_directory " ,
SAMR_FIELD_HOME_DIRECTORY ) ;
2006-10-17 20:56:46 +00:00
TEST_USERINFO_STRING ( 10 , home_drive , 3 , home_drive , " xx10-3 home_drive " , 0 ) ;
TEST_USERINFO_STRING ( 10 , home_drive , 5 , home_drive , " xx10-5 home_drive " , 0 ) ;
TEST_USERINFO_STRING ( 10 , home_drive , 21 , home_drive , " xx10-21 home_drive " , 0 ) ;
TEST_USERINFO_STRING ( 21 , home_drive , 21 , home_drive , " xx21-21 home_drive " ,
SAMR_FIELD_HOME_DRIVE ) ;
TEST_USERINFO_STRING ( 21 , home_drive , 10 , home_drive , " xx21-10 home_drive " ,
SAMR_FIELD_HOME_DRIVE ) ;
2009-05-11 22:44:58 +02:00
2004-11-13 13:45:41 +00:00
TEST_USERINFO_STRING ( 13 , description , 1 , description , " xx13-1 description " , 0 ) ;
TEST_USERINFO_STRING ( 13 , description , 5 , description , " xx13-5 description " , 0 ) ;
TEST_USERINFO_STRING ( 13 , description , 21 , description , " xx13-21 description " , 0 ) ;
2009-05-11 22:44:58 +02:00
TEST_USERINFO_STRING ( 21 , description , 21 , description , " xx21-21 description " ,
2004-04-30 03:57:48 +00:00
SAMR_FIELD_DESCRIPTION ) ;
2004-01-19 08:59:14 +00:00
2004-11-13 13:45:41 +00:00
TEST_USERINFO_STRING ( 14 , workstations , 3 , workstations , " 14workstation3 " , 0 ) ;
TEST_USERINFO_STRING ( 14 , workstations , 5 , workstations , " 14workstation4 " , 0 ) ;
TEST_USERINFO_STRING ( 14 , workstations , 21 , workstations , " 14workstation21 " , 0 ) ;
2009-05-11 22:44:58 +02:00
TEST_USERINFO_STRING ( 21 , workstations , 21 , workstations , " 21workstation21 " ,
2005-03-18 04:25:10 +00:00
SAMR_FIELD_WORKSTATIONS ) ;
2009-05-11 22:44:58 +02:00
TEST_USERINFO_STRING ( 21 , workstations , 3 , workstations , " 21workstation3 " ,
2007-09-06 02:56:56 +00:00
SAMR_FIELD_WORKSTATIONS ) ;
2009-05-11 22:44:58 +02:00
TEST_USERINFO_STRING ( 21 , workstations , 5 , workstations , " 21workstation5 " ,
2007-09-06 02:56:56 +00:00
SAMR_FIELD_WORKSTATIONS ) ;
2009-05-11 22:44:58 +02:00
TEST_USERINFO_STRING ( 21 , workstations , 14 , workstations , " 21workstation14 " ,
2007-09-06 02:56:56 +00:00
SAMR_FIELD_WORKSTATIONS ) ;
2004-01-19 08:59:14 +00:00
2008-11-10 14:02:34 +01:00
TEST_USERINFO_BINARYSTRING ( 20 , parameters , 21 , parameters , " xx20-21 parameters " , 0 ) ;
TEST_USERINFO_BINARYSTRING ( 21 , parameters , 21 , parameters , " xx21-21 parameters " ,
2004-11-13 13:45:41 +00:00
SAMR_FIELD_PARAMETERS ) ;
2008-11-10 14:02:34 +01:00
TEST_USERINFO_BINARYSTRING ( 21 , parameters , 20 , parameters , " xx21-20 parameters " ,
2007-09-06 02:56:56 +00:00
SAMR_FIELD_PARAMETERS ) ;
2008-12-09 23:32:04 +01:00
/* also empty user parameters are allowed */
TEST_USERINFO_BINARYSTRING ( 20 , parameters , 21 , parameters , " " , 0 ) ;
TEST_USERINFO_BINARYSTRING ( 21 , parameters , 21 , parameters , " " ,
SAMR_FIELD_PARAMETERS ) ;
TEST_USERINFO_BINARYSTRING ( 21 , parameters , 20 , parameters , " " ,
SAMR_FIELD_PARAMETERS ) ;
2004-01-19 08:59:14 +00:00
2009-05-07 21:47:47 +02:00
/* Samba 3 cannot store country_code and copy_page atm. - gd */
if ( ! torture_setting_bool ( tctx , " samba3 " , false ) ) {
TEST_USERINFO_INT ( 2 , country_code , 2 , country_code , __LINE__ , 0 ) ;
TEST_USERINFO_INT ( 2 , country_code , 21 , country_code , __LINE__ , 0 ) ;
TEST_USERINFO_INT ( 21 , country_code , 21 , country_code , __LINE__ ,
SAMR_FIELD_COUNTRY_CODE ) ;
TEST_USERINFO_INT ( 21 , country_code , 2 , country_code , __LINE__ ,
SAMR_FIELD_COUNTRY_CODE ) ;
2004-04-30 03:57:48 +00:00
2009-05-07 21:47:47 +02:00
TEST_USERINFO_INT ( 2 , code_page , 21 , code_page , __LINE__ , 0 ) ;
TEST_USERINFO_INT ( 21 , code_page , 21 , code_page , __LINE__ ,
SAMR_FIELD_CODE_PAGE ) ;
TEST_USERINFO_INT ( 21 , code_page , 2 , code_page , __LINE__ ,
SAMR_FIELD_CODE_PAGE ) ;
}
2004-01-19 08:59:14 +00:00
2009-05-08 22:01:55 +02:00
if ( ! torture_setting_bool ( tctx , " samba3 " , false ) ) {
TEST_USERINFO_INT ( 17 , acct_expiry , 21 , acct_expiry , __LINE__ , 0 ) ;
TEST_USERINFO_INT ( 17 , acct_expiry , 5 , acct_expiry , __LINE__ , 0 ) ;
TEST_USERINFO_INT ( 21 , acct_expiry , 21 , acct_expiry , __LINE__ ,
SAMR_FIELD_ACCT_EXPIRY ) ;
TEST_USERINFO_INT ( 21 , acct_expiry , 5 , acct_expiry , __LINE__ ,
SAMR_FIELD_ACCT_EXPIRY ) ;
TEST_USERINFO_INT ( 21 , acct_expiry , 17 , acct_expiry , __LINE__ ,
SAMR_FIELD_ACCT_EXPIRY ) ;
} else {
/* Samba 3 can only store seconds / time_t in passdb - gd */
NTTIME nt ;
unix_to_nt_time ( & nt , time ( NULL ) + __LINE__ ) ;
TEST_USERINFO_INT ( 17 , acct_expiry , 21 , acct_expiry , nt , 0 ) ;
unix_to_nt_time ( & nt , time ( NULL ) + __LINE__ ) ;
TEST_USERINFO_INT ( 17 , acct_expiry , 5 , acct_expiry , nt , 0 ) ;
unix_to_nt_time ( & nt , time ( NULL ) + __LINE__ ) ;
TEST_USERINFO_INT ( 21 , acct_expiry , 21 , acct_expiry , nt , SAMR_FIELD_ACCT_EXPIRY ) ;
unix_to_nt_time ( & nt , time ( NULL ) + __LINE__ ) ;
TEST_USERINFO_INT ( 21 , acct_expiry , 5 , acct_expiry , nt , SAMR_FIELD_ACCT_EXPIRY ) ;
unix_to_nt_time ( & nt , time ( NULL ) + __LINE__ ) ;
TEST_USERINFO_INT ( 21 , acct_expiry , 17 , acct_expiry , nt , SAMR_FIELD_ACCT_EXPIRY ) ;
}
2007-09-04 02:22:04 +00:00
2005-01-05 15:24:20 +00:00
TEST_USERINFO_INT ( 4 , logon_hours . bits [ 3 ] , 3 , logon_hours . bits [ 3 ] , 1 , 0 ) ;
TEST_USERINFO_INT ( 4 , logon_hours . bits [ 3 ] , 5 , logon_hours . bits [ 3 ] , 2 , 0 ) ;
TEST_USERINFO_INT ( 4 , logon_hours . bits [ 3 ] , 21 , logon_hours . bits [ 3 ] , 3 , 0 ) ;
2009-05-11 22:44:58 +02:00
TEST_USERINFO_INT ( 21 , logon_hours . bits [ 3 ] , 21 , logon_hours . bits [ 3 ] , 4 ,
2004-04-30 03:57:48 +00:00
SAMR_FIELD_LOGON_HOURS ) ;
2003-11-20 10:53:08 +00:00
2009-05-11 22:44:58 +02:00
TEST_USERINFO_INT_EXP ( 16 , acct_flags , 5 , acct_flags ,
( base_acct_flags | ACB_DISABLED | ACB_HOMDIRREQ ) ,
( base_acct_flags | ACB_DISABLED | ACB_HOMDIRREQ | user_extra_flags ) ,
2006-03-22 22:27:06 +00:00
0 ) ;
2009-05-11 22:44:58 +02:00
TEST_USERINFO_INT_EXP ( 16 , acct_flags , 5 , acct_flags ,
( base_acct_flags | ACB_DISABLED ) ,
( base_acct_flags | ACB_DISABLED | user_extra_flags ) ,
2006-03-22 22:27:06 +00:00
0 ) ;
2009-05-11 22:44:58 +02:00
2006-03-07 03:24:29 +00:00
/* Setting PWNOEXP clears the magic ACB_PW_EXPIRED flag */
2009-05-11 22:44:58 +02:00
TEST_USERINFO_INT_EXP ( 16 , acct_flags , 5 , acct_flags ,
( base_acct_flags | ACB_DISABLED | ACB_PWNOEXP ) ,
( base_acct_flags | ACB_DISABLED | ACB_PWNOEXP ) ,
2006-03-22 22:27:06 +00:00
0 ) ;
2009-05-11 22:44:58 +02:00
TEST_USERINFO_INT_EXP ( 16 , acct_flags , 21 , acct_flags ,
( base_acct_flags | ACB_DISABLED | ACB_HOMDIRREQ ) ,
( base_acct_flags | ACB_DISABLED | ACB_HOMDIRREQ | user_extra_flags ) ,
2006-03-22 22:27:06 +00:00
0 ) ;
2004-10-20 02:08:36 +00:00
2006-07-03 03:39:02 +00:00
2004-10-20 02:08:36 +00:00
/* The 'autolock' flag doesn't stick - check this */
2009-05-11 22:44:58 +02:00
TEST_USERINFO_INT_EXP ( 16 , acct_flags , 21 , acct_flags ,
( base_acct_flags | ACB_DISABLED | ACB_AUTOLOCK ) ,
( base_acct_flags | ACB_DISABLED | user_extra_flags ) ,
2006-03-22 22:27:06 +00:00
0 ) ;
2006-07-03 03:39:02 +00:00
#if 0
/* Removing the 'disabled' flag doesn't stick - check this */
2009-05-11 22:44:58 +02:00
TEST_USERINFO_INT_EXP ( 16 , acct_flags , 21 , acct_flags ,
( base_acct_flags ) ,
( base_acct_flags | ACB_DISABLED | user_extra_flags ) ,
2006-07-03 03:39:02 +00:00
0 ) ;
# endif
2009-05-08 22:20:38 +02:00
/* Samba3 cannot store these atm */
if ( ! torture_setting_bool ( tctx , " samba3 " , false ) ) {
2006-03-22 22:27:06 +00:00
/* The 'store plaintext' flag does stick */
2009-05-11 22:44:58 +02:00
TEST_USERINFO_INT_EXP ( 16 , acct_flags , 21 , acct_flags ,
( base_acct_flags | ACB_DISABLED | ACB_ENC_TXT_PWD_ALLOWED ) ,
( base_acct_flags | ACB_DISABLED | ACB_ENC_TXT_PWD_ALLOWED | user_extra_flags ) ,
2006-03-22 22:27:06 +00:00
0 ) ;
/* The 'use DES' flag does stick */
2009-05-11 22:44:58 +02:00
TEST_USERINFO_INT_EXP ( 16 , acct_flags , 21 , acct_flags ,
( base_acct_flags | ACB_DISABLED | ACB_USE_DES_KEY_ONLY ) ,
( base_acct_flags | ACB_DISABLED | ACB_USE_DES_KEY_ONLY | user_extra_flags ) ,
2006-03-22 22:27:06 +00:00
0 ) ;
/* The 'don't require kerberos pre-authentication flag does stick */
2009-05-11 22:44:58 +02:00
TEST_USERINFO_INT_EXP ( 16 , acct_flags , 21 , acct_flags ,
( base_acct_flags | ACB_DISABLED | ACB_DONT_REQUIRE_PREAUTH ) ,
( base_acct_flags | ACB_DISABLED | ACB_DONT_REQUIRE_PREAUTH | user_extra_flags ) ,
2006-03-22 22:27:06 +00:00
0 ) ;
/* The 'no kerberos PAC required' flag sticks */
2009-05-11 22:44:58 +02:00
TEST_USERINFO_INT_EXP ( 16 , acct_flags , 21 , acct_flags ,
( base_acct_flags | ACB_DISABLED | ACB_NO_AUTH_DATA_REQD ) ,
( base_acct_flags | ACB_DISABLED | ACB_NO_AUTH_DATA_REQD | user_extra_flags ) ,
2006-03-22 22:27:06 +00:00
0 ) ;
2009-05-08 22:20:38 +02:00
}
2009-05-11 22:44:58 +02:00
TEST_USERINFO_INT_EXP ( 21 , acct_flags , 21 , acct_flags ,
( base_acct_flags | ACB_DISABLED ) ,
( base_acct_flags | ACB_DISABLED | user_extra_flags ) ,
2006-03-22 22:27:06 +00:00
SAMR_FIELD_ACCT_FLAGS ) ;
2004-10-20 02:08:36 +00:00
2003-12-19 03:59:27 +00:00
#if 0
/* these fail with win2003 - it appears you can't set the primary gid?
the set succeeds , but the gid isn ' t changed . Very weird ! */
2003-11-20 10:53:08 +00:00
TEST_USERINFO_INT ( 9 , primary_gid , 1 , primary_gid , 513 ) ;
TEST_USERINFO_INT ( 9 , primary_gid , 3 , primary_gid , 513 ) ;
TEST_USERINFO_INT ( 9 , primary_gid , 5 , primary_gid , 513 ) ;
TEST_USERINFO_INT ( 9 , primary_gid , 21 , primary_gid , 513 ) ;
2003-12-19 03:59:27 +00:00
# endif
2005-03-18 04:25:10 +00:00
2003-12-19 03:59:27 +00:00
return ret ;
}
2004-04-22 06:19:48 +00:00
/*
generate a random password for password change tests
*/
2008-11-28 01:56:09 +01:00
static char * samr_rand_pass_silent ( TALLOC_CTX * mem_ctx , int min_len )
2004-04-22 06:19:48 +00:00
{
2010-02-24 15:12:17 +01:00
size_t len = MAX ( 8 , min_len ) ;
char * s = generate_random_password ( mem_ctx , len , len + 6 ) ;
2008-11-28 01:56:09 +01:00
return s ;
}
static char * samr_rand_pass ( TALLOC_CTX * mem_ctx , int min_len )
{
char * s = samr_rand_pass_silent ( mem_ctx , min_len ) ;
2004-04-22 06:19:48 +00:00
printf ( " Generated password '%s' \n " , s ) ;
2004-05-15 07:51:38 +00:00
return s ;
2008-11-28 01:56:09 +01:00
2004-04-22 06:19:48 +00:00
}
2008-10-17 13:00:24 +11:00
/*
generate a random password for password change tests
*/
static DATA_BLOB samr_very_rand_pass ( TALLOC_CTX * mem_ctx , int len )
{
int i ;
DATA_BLOB password = data_blob_talloc ( mem_ctx , NULL , len * 2 /* number of unicode chars */ ) ;
generate_random_buffer ( password . data , password . length ) ;
for ( i = 0 ; i < len ; i + + ) {
if ( ( ( uint16_t * ) password . data ) [ i ] = = 0 ) {
( ( uint16_t * ) password . data ) [ i ] = 1 ;
}
}
return password ;
}
2006-09-20 23:32:56 +00:00
/*
generate a random password for password change tests ( fixed length )
*/
static char * samr_rand_pass_fixed_len ( TALLOC_CTX * mem_ctx , int len )
{
2010-02-24 15:12:17 +01:00
char * s = generate_random_password ( mem_ctx , len , len ) ;
2006-09-20 23:32:56 +00:00
printf ( " Generated password '%s' \n " , s ) ;
return s ;
}
2008-10-31 15:24:24 +01:00
static bool test_SetUserPass ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2004-04-22 06:19:48 +00:00
struct policy_handle * handle , char * * password )
2004-04-21 05:01:31 +00:00
{
NTSTATUS status ;
struct samr_SetUserInfo s ;
union samr_UserInfo u ;
2007-10-06 22:28:14 +00:00
bool ret = true ;
2004-05-09 13:37:17 +00:00
DATA_BLOB session_key ;
2004-10-20 02:08:36 +00:00
char * newpass ;
struct samr_GetUserPwInfo pwp ;
2008-11-05 01:28:49 +01:00
struct samr_PwInfo info ;
2004-10-20 02:08:36 +00:00
int policy_min_pw_len = 0 ;
pwp . in . user_handle = handle ;
2008-11-05 01:28:49 +01:00
pwp . out . info = & info ;
2004-10-20 02:08:36 +00:00
2008-10-31 15:24:24 +01:00
status = dcerpc_samr_GetUserPwInfo ( p , tctx , & pwp ) ;
2004-10-20 02:08:36 +00:00
if ( NT_STATUS_IS_OK ( status ) ) {
2008-11-05 01:28:49 +01:00
policy_min_pw_len = pwp . out . info - > min_password_length ;
2004-10-20 02:08:36 +00:00
}
2008-10-31 15:24:24 +01:00
newpass = samr_rand_pass ( tctx , policy_min_pw_len ) ;
2004-04-21 05:01:31 +00:00
2004-09-21 03:51:38 +00:00
s . in . user_handle = handle ;
2004-04-21 05:01:31 +00:00
s . in . info = & u ;
s . in . level = 24 ;
2004-04-22 06:19:48 +00:00
encode_pw_buffer ( u . info24 . password . data , newpass , STR_UNICODE ) ;
2008-11-27 17:45:01 +01:00
u . info24 . password_expired = 0 ;
2004-04-21 05:01:31 +00:00
2004-05-09 13:37:17 +00:00
status = dcerpc_fetch_session_key ( p , & session_key ) ;
2004-04-21 05:01:31 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " SetUserInfo level %u - no session key - %s \n " ,
2004-04-21 05:01:31 +00:00
s . in . level , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
return false ;
2004-04-21 05:01:31 +00:00
}
2004-06-03 23:15:16 +00:00
arcfour_crypt_blob ( u . info24 . password . data , 516 , & session_key ) ;
2004-04-21 05:01:31 +00:00
2008-10-31 15:24:24 +01:00
torture_comment ( tctx , " Testing SetUserInfo level 24 (set password) \n " ) ;
2004-04-21 05:01:31 +00:00
2008-10-31 15:24:24 +01:00
status = dcerpc_samr_SetUserInfo ( p , tctx , & s ) ;
2004-04-21 05:01:31 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " SetUserInfo level %u failed - %s \n " ,
2004-04-21 05:01:31 +00:00
s . in . level , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2004-04-22 06:19:48 +00:00
} else {
* password = newpass ;
2004-04-21 05:01:31 +00:00
}
return ret ;
}
2004-04-28 13:15:49 +00:00
2008-10-31 15:24:24 +01:00
static bool test_SetUserPass_23 ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2005-02-10 05:09:35 +00:00
struct policy_handle * handle , uint32_t fields_present ,
2004-10-20 02:08:36 +00:00
char * * password )
2004-04-30 03:57:48 +00:00
{
NTSTATUS status ;
struct samr_SetUserInfo s ;
union samr_UserInfo u ;
2007-10-06 22:28:14 +00:00
bool ret = true ;
2004-05-09 13:37:17 +00:00
DATA_BLOB session_key ;
2004-10-20 02:08:36 +00:00
char * newpass ;
struct samr_GetUserPwInfo pwp ;
2008-11-05 01:28:49 +01:00
struct samr_PwInfo info ;
2004-10-20 02:08:36 +00:00
int policy_min_pw_len = 0 ;
pwp . in . user_handle = handle ;
2008-11-05 01:28:49 +01:00
pwp . out . info = & info ;
2004-10-20 02:08:36 +00:00
2008-10-31 15:24:24 +01:00
status = dcerpc_samr_GetUserPwInfo ( p , tctx , & pwp ) ;
2004-10-20 02:08:36 +00:00
if ( NT_STATUS_IS_OK ( status ) ) {
2008-11-05 01:28:49 +01:00
policy_min_pw_len = pwp . out . info - > min_password_length ;
2004-10-20 02:08:36 +00:00
}
2008-10-31 15:24:24 +01:00
newpass = samr_rand_pass ( tctx , policy_min_pw_len ) ;
2004-04-30 03:57:48 +00:00
2004-09-21 03:51:38 +00:00
s . in . user_handle = handle ;
2004-04-30 03:57:48 +00:00
s . in . info = & u ;
s . in . level = 23 ;
ZERO_STRUCT ( u ) ;
2004-10-20 02:08:36 +00:00
u . info23 . info . fields_present = fields_present ;
2004-04-30 03:57:48 +00:00
encode_pw_buffer ( u . info23 . password . data , newpass , STR_UNICODE ) ;
2004-05-09 13:37:17 +00:00
status = dcerpc_fetch_session_key ( p , & session_key ) ;
2004-04-30 03:57:48 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " SetUserInfo level %u - no session key - %s \n " ,
2004-04-30 03:57:48 +00:00
s . in . level , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
return false ;
2004-04-30 03:57:48 +00:00
}
2004-06-03 23:15:16 +00:00
arcfour_crypt_blob ( u . info23 . password . data , 516 , & session_key ) ;
2004-04-30 03:57:48 +00:00
2008-10-31 15:24:24 +01:00
torture_comment ( tctx , " Testing SetUserInfo level 23 (set password) \n " ) ;
2004-04-30 03:57:48 +00:00
2008-10-31 15:24:24 +01:00
status = dcerpc_samr_SetUserInfo ( p , tctx , & s ) ;
2004-04-30 03:57:48 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " SetUserInfo level %u failed - %s \n " ,
2004-04-30 03:57:48 +00:00
s . in . level , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2004-04-30 03:57:48 +00:00
} else {
* password = newpass ;
}
2007-03-05 09:54:37 +00:00
encode_pw_buffer ( u . info23 . password . data , newpass , STR_UNICODE ) ;
status = dcerpc_fetch_session_key ( p , & session_key ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " SetUserInfo level %u - no session key - %s \n " ,
2007-03-05 09:54:37 +00:00
s . in . level , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
return false ;
2007-03-05 09:54:37 +00:00
}
/* This should break the key nicely */
session_key . length - - ;
arcfour_crypt_blob ( u . info23 . password . data , 516 , & session_key ) ;
2008-10-31 15:24:24 +01:00
torture_comment ( tctx , " Testing SetUserInfo level 23 (set password) with wrong password \n " ) ;
2007-03-05 09:54:37 +00:00
2008-10-31 15:24:24 +01:00
status = dcerpc_samr_SetUserInfo ( p , tctx , & s ) ;
2007-03-05 09:54:37 +00:00
if ( ! NT_STATUS_EQUAL ( status , NT_STATUS_WRONG_PASSWORD ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " SetUserInfo level %u should have failed with WRONG_PASSWORD- %s \n " ,
2007-03-05 09:54:37 +00:00
s . in . level , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2007-03-05 09:54:37 +00:00
}
2004-04-30 03:57:48 +00:00
return ret ;
}
2008-10-31 15:24:24 +01:00
static bool test_SetUserPassEx ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2009-05-11 22:44:58 +02:00
struct policy_handle * handle , bool makeshort ,
2007-08-22 04:28:15 +00:00
char * * password )
2004-04-28 13:15:49 +00:00
{
NTSTATUS status ;
struct samr_SetUserInfo s ;
union samr_UserInfo u ;
2007-10-06 22:28:14 +00:00
bool ret = true ;
2004-05-09 13:37:17 +00:00
DATA_BLOB session_key ;
2008-10-31 15:24:24 +01:00
DATA_BLOB confounded_session_key = data_blob_talloc ( tctx , NULL , 16 ) ;
2004-05-25 17:50:17 +00:00
uint8_t confounder [ 16 ] ;
2004-10-20 02:08:36 +00:00
char * newpass ;
2004-04-28 13:15:49 +00:00
struct MD5Context ctx ;
2004-10-20 02:08:36 +00:00
struct samr_GetUserPwInfo pwp ;
2008-11-05 01:28:49 +01:00
struct samr_PwInfo info ;
2004-10-20 02:08:36 +00:00
int policy_min_pw_len = 0 ;
pwp . in . user_handle = handle ;
2008-11-05 01:28:49 +01:00
pwp . out . info = & info ;
2004-10-20 02:08:36 +00:00
2008-10-31 15:24:24 +01:00
status = dcerpc_samr_GetUserPwInfo ( p , tctx , & pwp ) ;
2004-10-20 02:08:36 +00:00
if ( NT_STATUS_IS_OK ( status ) ) {
2008-11-05 01:28:49 +01:00
policy_min_pw_len = pwp . out . info - > min_password_length ;
2004-10-20 02:08:36 +00:00
}
2007-08-22 04:28:15 +00:00
if ( makeshort & & policy_min_pw_len ) {
2008-10-31 15:24:24 +01:00
newpass = samr_rand_pass_fixed_len ( tctx , policy_min_pw_len - 1 ) ;
2007-08-22 04:28:15 +00:00
} else {
2008-10-31 15:24:24 +01:00
newpass = samr_rand_pass ( tctx , policy_min_pw_len ) ;
2007-08-22 04:28:15 +00:00
}
2004-04-28 13:15:49 +00:00
2004-09-21 03:51:38 +00:00
s . in . user_handle = handle ;
2004-04-28 13:15:49 +00:00
s . in . info = & u ;
s . in . level = 26 ;
encode_pw_buffer ( u . info26 . password . data , newpass , STR_UNICODE ) ;
2008-11-27 17:45:01 +01:00
u . info26 . password_expired = 0 ;
2004-04-28 13:15:49 +00:00
2004-05-09 13:37:17 +00:00
status = dcerpc_fetch_session_key ( p , & session_key ) ;
2004-04-28 13:15:49 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " SetUserInfo level %u - no session key - %s \n " ,
2004-04-28 13:15:49 +00:00
s . in . level , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
return false ;
2004-04-28 13:15:49 +00:00
}
2004-07-14 12:14:07 +00:00
generate_random_buffer ( ( uint8_t * ) confounder , 16 ) ;
2004-04-28 13:15:49 +00:00
MD5Init ( & ctx ) ;
MD5Update ( & ctx , confounder , 16 ) ;
2004-05-09 13:37:17 +00:00
MD5Update ( & ctx , session_key . data , session_key . length ) ;
MD5Final ( confounded_session_key . data , & ctx ) ;
2004-04-28 13:15:49 +00:00
2004-06-03 23:15:16 +00:00
arcfour_crypt_blob ( u . info26 . password . data , 516 , & confounded_session_key ) ;
2004-04-28 13:15:49 +00:00
memcpy ( & u . info26 . password . data [ 516 ] , confounder , 16 ) ;
2008-10-31 16:09:29 +01:00
torture_comment ( tctx , " Testing SetUserInfo level 26 (set password ex) \n " ) ;
2004-04-28 13:15:49 +00:00
2008-10-31 15:24:24 +01:00
status = dcerpc_samr_SetUserInfo ( p , tctx , & s ) ;
2004-04-28 13:15:49 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " SetUserInfo level %u failed - %s \n " ,
2004-04-28 13:15:49 +00:00
s . in . level , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2004-04-28 13:15:49 +00:00
} else {
* password = newpass ;
}
2007-03-05 09:54:37 +00:00
/* This should break the key nicely */
confounded_session_key . data [ 0 ] + + ;
arcfour_crypt_blob ( u . info26 . password . data , 516 , & confounded_session_key ) ;
memcpy ( & u . info26 . password . data [ 516 ] , confounder , 16 ) ;
2008-10-31 15:24:24 +01:00
torture_comment ( tctx , " Testing SetUserInfo level 26 (set password ex) with wrong session key \n " ) ;
2007-03-05 09:54:37 +00:00
2008-10-31 15:24:24 +01:00
status = dcerpc_samr_SetUserInfo ( p , tctx , & s ) ;
2007-03-05 09:54:37 +00:00
if ( ! NT_STATUS_EQUAL ( status , NT_STATUS_WRONG_PASSWORD ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " SetUserInfo level %u should have failed with WRONG_PASSWORD: %s \n " ,
2007-03-05 09:54:37 +00:00
s . in . level , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2007-03-05 09:54:37 +00:00
} else {
* password = newpass ;
}
2004-04-28 13:15:49 +00:00
return ret ;
}
2008-10-31 16:09:29 +01:00
static bool test_SetUserPass_25 ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2005-02-10 05:09:35 +00:00
struct policy_handle * handle , uint32_t fields_present ,
2004-10-20 02:08:36 +00:00
char * * password )
2004-04-30 03:57:48 +00:00
{
NTSTATUS status ;
struct samr_SetUserInfo s ;
union samr_UserInfo u ;
2007-10-06 22:28:14 +00:00
bool ret = true ;
2004-05-09 13:37:17 +00:00
DATA_BLOB session_key ;
2008-10-31 16:09:29 +01:00
DATA_BLOB confounded_session_key = data_blob_talloc ( tctx , NULL , 16 ) ;
2004-04-30 03:57:48 +00:00
struct MD5Context ctx ;
2004-10-20 02:08:36 +00:00
uint8_t confounder [ 16 ] ;
char * newpass ;
struct samr_GetUserPwInfo pwp ;
2008-11-05 01:28:49 +01:00
struct samr_PwInfo info ;
2004-10-20 02:08:36 +00:00
int policy_min_pw_len = 0 ;
pwp . in . user_handle = handle ;
2008-11-05 01:28:49 +01:00
pwp . out . info = & info ;
2004-10-20 02:08:36 +00:00
2008-10-31 16:09:29 +01:00
status = dcerpc_samr_GetUserPwInfo ( p , tctx , & pwp ) ;
2004-10-20 02:08:36 +00:00
if ( NT_STATUS_IS_OK ( status ) ) {
2008-11-05 01:28:49 +01:00
policy_min_pw_len = pwp . out . info - > min_password_length ;
2004-10-20 02:08:36 +00:00
}
2008-10-31 16:09:29 +01:00
newpass = samr_rand_pass ( tctx , policy_min_pw_len ) ;
2004-04-30 03:57:48 +00:00
2004-09-21 03:51:38 +00:00
s . in . user_handle = handle ;
2004-04-30 03:57:48 +00:00
s . in . info = & u ;
s . in . level = 25 ;
ZERO_STRUCT ( u ) ;
2004-10-20 02:08:36 +00:00
u . info25 . info . fields_present = fields_present ;
2004-04-30 03:57:48 +00:00
encode_pw_buffer ( u . info25 . password . data , newpass , STR_UNICODE ) ;
2004-05-09 13:37:17 +00:00
status = dcerpc_fetch_session_key ( p , & session_key ) ;
2004-04-30 03:57:48 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " SetUserInfo level %u - no session key - %s \n " ,
2004-04-30 03:57:48 +00:00
s . in . level , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
return false ;
2004-04-30 03:57:48 +00:00
}
2004-07-14 12:14:07 +00:00
generate_random_buffer ( ( uint8_t * ) confounder , 16 ) ;
2004-04-30 03:57:48 +00:00
MD5Init ( & ctx ) ;
MD5Update ( & ctx , confounder , 16 ) ;
2004-05-09 13:37:17 +00:00
MD5Update ( & ctx , session_key . data , session_key . length ) ;
MD5Final ( confounded_session_key . data , & ctx ) ;
2004-04-30 03:57:48 +00:00
2004-06-03 23:15:16 +00:00
arcfour_crypt_blob ( u . info25 . password . data , 516 , & confounded_session_key ) ;
2004-04-30 03:57:48 +00:00
memcpy ( & u . info25 . password . data [ 516 ] , confounder , 16 ) ;
2008-10-31 16:09:29 +01:00
torture_comment ( tctx , " Testing SetUserInfo level 25 (set password ex) \n " ) ;
2004-04-30 03:57:48 +00:00
2008-10-31 16:09:29 +01:00
status = dcerpc_samr_SetUserInfo ( p , tctx , & s ) ;
2004-04-30 03:57:48 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " SetUserInfo level %u failed - %s \n " ,
2004-04-30 03:57:48 +00:00
s . in . level , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2004-04-30 03:57:48 +00:00
} else {
* password = newpass ;
}
2007-03-05 09:54:37 +00:00
/* This should break the key nicely */
confounded_session_key . data [ 0 ] + + ;
arcfour_crypt_blob ( u . info25 . password . data , 516 , & confounded_session_key ) ;
memcpy ( & u . info25 . password . data [ 516 ] , confounder , 16 ) ;
2008-10-31 16:09:29 +01:00
torture_comment ( tctx , " Testing SetUserInfo level 25 (set password ex) with wrong session key \n " ) ;
2007-03-05 09:54:37 +00:00
2008-10-31 16:09:29 +01:00
status = dcerpc_samr_SetUserInfo ( p , tctx , & s ) ;
2007-03-05 09:54:37 +00:00
if ( ! NT_STATUS_EQUAL ( status , NT_STATUS_WRONG_PASSWORD ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " SetUserInfo level %u should have failed with WRONG_PASSWORD- %s \n " ,
2007-03-05 09:54:37 +00:00
s . in . level , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2007-03-05 09:54:37 +00:00
}
2004-04-30 03:57:48 +00:00
return ret ;
}
2008-12-05 15:19:22 +01:00
static bool test_SetUserPass_18 ( struct dcerpc_pipe * p , struct torture_context * tctx ,
struct policy_handle * handle , char * * password )
{
NTSTATUS status ;
struct samr_SetUserInfo s ;
union samr_UserInfo u ;
bool ret = true ;
DATA_BLOB session_key ;
char * newpass ;
struct samr_GetUserPwInfo pwp ;
struct samr_PwInfo info ;
int policy_min_pw_len = 0 ;
uint8_t lm_hash [ 16 ] , nt_hash [ 16 ] ;
pwp . in . user_handle = handle ;
pwp . out . info = & info ;
status = dcerpc_samr_GetUserPwInfo ( p , tctx , & pwp ) ;
if ( NT_STATUS_IS_OK ( status ) ) {
policy_min_pw_len = pwp . out . info - > min_password_length ;
}
newpass = samr_rand_pass ( tctx , policy_min_pw_len ) ;
s . in . user_handle = handle ;
s . in . info = & u ;
s . in . level = 18 ;
ZERO_STRUCT ( u ) ;
u . info18 . nt_pwd_active = true ;
u . info18 . lm_pwd_active = true ;
E_md4hash ( newpass , nt_hash ) ;
E_deshash ( newpass , lm_hash ) ;
status = dcerpc_fetch_session_key ( p , & session_key ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " SetUserInfo level %u - no session key - %s \n " ,
2008-12-05 15:19:22 +01:00
s . in . level , nt_errstr ( status ) ) ;
return false ;
}
{
DATA_BLOB in , out ;
in = data_blob_const ( nt_hash , 16 ) ;
out = data_blob_talloc_zero ( tctx , 16 ) ;
sess_crypt_blob ( & out , & in , & session_key , true ) ;
memcpy ( u . info18 . nt_pwd . hash , out . data , out . length ) ;
}
{
DATA_BLOB in , out ;
in = data_blob_const ( lm_hash , 16 ) ;
out = data_blob_talloc_zero ( tctx , 16 ) ;
sess_crypt_blob ( & out , & in , & session_key , true ) ;
memcpy ( u . info18 . lm_pwd . hash , out . data , out . length ) ;
}
torture_comment ( tctx , " Testing SetUserInfo level 18 (set password hash) \n " ) ;
status = dcerpc_samr_SetUserInfo ( p , tctx , & s ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " SetUserInfo level %u failed - %s \n " ,
2008-12-05 15:19:22 +01:00
s . in . level , nt_errstr ( status ) ) ;
ret = false ;
} else {
* password = newpass ;
}
return ret ;
}
2008-12-05 15:43:33 +01:00
static bool test_SetUserPass_21 ( struct dcerpc_pipe * p , struct torture_context * tctx ,
struct policy_handle * handle , uint32_t fields_present ,
char * * password )
{
NTSTATUS status ;
struct samr_SetUserInfo s ;
union samr_UserInfo u ;
bool ret = true ;
DATA_BLOB session_key ;
char * newpass ;
struct samr_GetUserPwInfo pwp ;
struct samr_PwInfo info ;
int policy_min_pw_len = 0 ;
uint8_t lm_hash [ 16 ] , nt_hash [ 16 ] ;
pwp . in . user_handle = handle ;
pwp . out . info = & info ;
status = dcerpc_samr_GetUserPwInfo ( p , tctx , & pwp ) ;
if ( NT_STATUS_IS_OK ( status ) ) {
policy_min_pw_len = pwp . out . info - > min_password_length ;
}
newpass = samr_rand_pass ( tctx , policy_min_pw_len ) ;
s . in . user_handle = handle ;
s . in . info = & u ;
s . in . level = 21 ;
E_md4hash ( newpass , nt_hash ) ;
E_deshash ( newpass , lm_hash ) ;
ZERO_STRUCT ( u ) ;
u . info21 . fields_present = fields_present ;
if ( fields_present & SAMR_FIELD_LM_PASSWORD_PRESENT ) {
u . info21 . lm_owf_password . length = 16 ;
u . info21 . lm_owf_password . size = 16 ;
u . info21 . lm_owf_password . array = ( uint16_t * ) lm_hash ;
u . info21 . lm_password_set = true ;
}
if ( fields_present & SAMR_FIELD_NT_PASSWORD_PRESENT ) {
u . info21 . nt_owf_password . length = 16 ;
u . info21 . nt_owf_password . size = 16 ;
u . info21 . nt_owf_password . array = ( uint16_t * ) nt_hash ;
u . info21 . nt_password_set = true ;
}
status = dcerpc_fetch_session_key ( p , & session_key ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " SetUserInfo level %u - no session key - %s \n " ,
2008-12-05 15:43:33 +01:00
s . in . level , nt_errstr ( status ) ) ;
return false ;
}
if ( fields_present & SAMR_FIELD_LM_PASSWORD_PRESENT ) {
DATA_BLOB in , out ;
in = data_blob_const ( u . info21 . lm_owf_password . array ,
u . info21 . lm_owf_password . length ) ;
out = data_blob_talloc_zero ( tctx , 16 ) ;
sess_crypt_blob ( & out , & in , & session_key , true ) ;
u . info21 . lm_owf_password . array = ( uint16_t * ) out . data ;
}
if ( fields_present & SAMR_FIELD_NT_PASSWORD_PRESENT ) {
DATA_BLOB in , out ;
in = data_blob_const ( u . info21 . nt_owf_password . array ,
u . info21 . nt_owf_password . length ) ;
out = data_blob_talloc_zero ( tctx , 16 ) ;
sess_crypt_blob ( & out , & in , & session_key , true ) ;
u . info21 . nt_owf_password . array = ( uint16_t * ) out . data ;
}
torture_comment ( tctx , " Testing SetUserInfo level 21 (set password hash) \n " ) ;
status = dcerpc_samr_SetUserInfo ( p , tctx , & s ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " SetUserInfo level %u failed - %s \n " ,
2008-12-05 15:43:33 +01:00
s . in . level , nt_errstr ( status ) ) ;
ret = false ;
} else {
* password = newpass ;
}
/* try invalid length */
if ( fields_present & SAMR_FIELD_NT_PASSWORD_PRESENT ) {
u . info21 . nt_owf_password . length + + ;
status = dcerpc_samr_SetUserInfo ( p , tctx , & s ) ;
if ( ! NT_STATUS_EQUAL ( status , NT_STATUS_INVALID_PARAMETER ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " SetUserInfo level %u should have failed with NT_STATUS_INVALID_PARAMETER - %s \n " ,
2008-12-05 15:43:33 +01:00
s . in . level , nt_errstr ( status ) ) ;
ret = false ;
}
}
if ( fields_present & SAMR_FIELD_LM_PASSWORD_PRESENT ) {
u . info21 . lm_owf_password . length + + ;
status = dcerpc_samr_SetUserInfo ( p , tctx , & s ) ;
if ( ! NT_STATUS_EQUAL ( status , NT_STATUS_INVALID_PARAMETER ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " SetUserInfo level %u should have failed with NT_STATUS_INVALID_PARAMETER - %s \n " ,
2008-12-05 15:43:33 +01:00
s . in . level , nt_errstr ( status ) ) ;
ret = false ;
}
}
return ret ;
}
2008-11-28 12:04:09 +01:00
static bool test_SetUserPass_level_ex ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * handle ,
uint16_t level ,
uint32_t fields_present ,
char * * password , uint8_t password_expired ,
2008-12-02 23:22:14 +01:00
bool use_setinfo2 ,
bool * matched_expected_error )
2008-11-28 12:04:09 +01:00
{
NTSTATUS status ;
2008-12-02 23:22:14 +01:00
NTSTATUS expected_error = NT_STATUS_OK ;
2008-11-28 12:04:09 +01:00
struct samr_SetUserInfo s ;
struct samr_SetUserInfo2 s2 ;
union samr_UserInfo u ;
bool ret = true ;
DATA_BLOB session_key ;
DATA_BLOB confounded_session_key = data_blob_talloc ( tctx , NULL , 16 ) ;
struct MD5Context ctx ;
uint8_t confounder [ 16 ] ;
char * newpass ;
struct samr_GetUserPwInfo pwp ;
struct samr_PwInfo info ;
int policy_min_pw_len = 0 ;
2008-11-28 22:01:18 +01:00
const char * comment = NULL ;
2008-12-05 16:07:06 +01:00
uint8_t lm_hash [ 16 ] , nt_hash [ 16 ] ;
2008-11-28 22:01:18 +01:00
2008-11-28 12:04:09 +01:00
pwp . in . user_handle = handle ;
pwp . out . info = & info ;
status = dcerpc_samr_GetUserPwInfo ( p , tctx , & pwp ) ;
if ( NT_STATUS_IS_OK ( status ) ) {
policy_min_pw_len = pwp . out . info - > min_password_length ;
}
newpass = samr_rand_pass_silent ( tctx , policy_min_pw_len ) ;
if ( use_setinfo2 ) {
s2 . in . user_handle = handle ;
s2 . in . info = & u ;
s2 . in . level = level ;
} else {
s . in . user_handle = handle ;
s . in . info = & u ;
s . in . level = level ;
}
2008-11-28 22:01:18 +01:00
if ( fields_present & SAMR_FIELD_COMMENT ) {
2008-12-23 23:22:57 +01:00
comment = talloc_asprintf ( tctx , " comment: %ld \n " , time ( NULL ) ) ;
2008-11-28 22:01:18 +01:00
}
2008-11-28 12:04:09 +01:00
ZERO_STRUCT ( u ) ;
switch ( level ) {
2008-12-05 16:07:06 +01:00
case 18 :
E_md4hash ( newpass , nt_hash ) ;
E_deshash ( newpass , lm_hash ) ;
u . info18 . nt_pwd_active = true ;
u . info18 . lm_pwd_active = true ;
u . info18 . password_expired = password_expired ;
memcpy ( u . info18 . lm_pwd . hash , lm_hash , 16 ) ;
memcpy ( u . info18 . nt_pwd . hash , nt_hash , 16 ) ;
break ;
2008-11-28 12:04:09 +01:00
case 21 :
2008-12-05 16:07:06 +01:00
E_md4hash ( newpass , nt_hash ) ;
E_deshash ( newpass , lm_hash ) ;
2008-11-28 12:04:09 +01:00
u . info21 . fields_present = fields_present ;
u . info21 . password_expired = password_expired ;
2008-11-28 22:01:18 +01:00
u . info21 . comment . string = comment ;
2008-11-28 12:04:09 +01:00
2008-12-05 16:07:06 +01:00
if ( fields_present & SAMR_FIELD_LM_PASSWORD_PRESENT ) {
u . info21 . lm_owf_password . length = 16 ;
u . info21 . lm_owf_password . size = 16 ;
u . info21 . lm_owf_password . array = ( uint16_t * ) lm_hash ;
u . info21 . lm_password_set = true ;
}
if ( fields_present & SAMR_FIELD_NT_PASSWORD_PRESENT ) {
u . info21 . nt_owf_password . length = 16 ;
u . info21 . nt_owf_password . size = 16 ;
u . info21 . nt_owf_password . array = ( uint16_t * ) nt_hash ;
u . info21 . nt_password_set = true ;
}
2008-11-28 12:04:09 +01:00
break ;
case 23 :
u . info23 . info . fields_present = fields_present ;
u . info23 . info . password_expired = password_expired ;
2008-11-28 22:01:18 +01:00
u . info23 . info . comment . string = comment ;
2008-11-28 12:04:09 +01:00
encode_pw_buffer ( u . info23 . password . data , newpass , STR_UNICODE ) ;
break ;
case 24 :
u . info24 . password_expired = password_expired ;
encode_pw_buffer ( u . info24 . password . data , newpass , STR_UNICODE ) ;
break ;
case 25 :
u . info25 . info . fields_present = fields_present ;
u . info25 . info . password_expired = password_expired ;
2008-11-28 22:01:18 +01:00
u . info25 . info . comment . string = comment ;
2008-11-28 12:04:09 +01:00
encode_pw_buffer ( u . info25 . password . data , newpass , STR_UNICODE ) ;
break ;
case 26 :
u . info26 . password_expired = password_expired ;
encode_pw_buffer ( u . info26 . password . data , newpass , STR_UNICODE ) ;
break ;
}
status = dcerpc_fetch_session_key ( p , & session_key ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " SetUserInfo level %u - no session key - %s \n " ,
2008-11-28 12:04:09 +01:00
s . in . level , nt_errstr ( status ) ) ;
return false ;
}
generate_random_buffer ( ( uint8_t * ) confounder , 16 ) ;
MD5Init ( & ctx ) ;
MD5Update ( & ctx , confounder , 16 ) ;
MD5Update ( & ctx , session_key . data , session_key . length ) ;
MD5Final ( confounded_session_key . data , & ctx ) ;
switch ( level ) {
2008-12-05 16:07:06 +01:00
case 18 :
{
DATA_BLOB in , out ;
in = data_blob_const ( u . info18 . nt_pwd . hash , 16 ) ;
out = data_blob_talloc_zero ( tctx , 16 ) ;
sess_crypt_blob ( & out , & in , & session_key , true ) ;
memcpy ( u . info18 . nt_pwd . hash , out . data , out . length ) ;
}
{
DATA_BLOB in , out ;
in = data_blob_const ( u . info18 . lm_pwd . hash , 16 ) ;
out = data_blob_talloc_zero ( tctx , 16 ) ;
sess_crypt_blob ( & out , & in , & session_key , true ) ;
memcpy ( u . info18 . lm_pwd . hash , out . data , out . length ) ;
}
break ;
case 21 :
if ( fields_present & SAMR_FIELD_LM_PASSWORD_PRESENT ) {
DATA_BLOB in , out ;
in = data_blob_const ( u . info21 . lm_owf_password . array ,
u . info21 . lm_owf_password . length ) ;
out = data_blob_talloc_zero ( tctx , 16 ) ;
sess_crypt_blob ( & out , & in , & session_key , true ) ;
u . info21 . lm_owf_password . array = ( uint16_t * ) out . data ;
}
if ( fields_present & SAMR_FIELD_NT_PASSWORD_PRESENT ) {
DATA_BLOB in , out ;
in = data_blob_const ( u . info21 . nt_owf_password . array ,
u . info21 . nt_owf_password . length ) ;
out = data_blob_talloc_zero ( tctx , 16 ) ;
sess_crypt_blob ( & out , & in , & session_key , true ) ;
u . info21 . nt_owf_password . array = ( uint16_t * ) out . data ;
}
break ;
2008-11-28 12:04:09 +01:00
case 23 :
arcfour_crypt_blob ( u . info23 . password . data , 516 , & session_key ) ;
break ;
case 24 :
arcfour_crypt_blob ( u . info24 . password . data , 516 , & session_key ) ;
break ;
case 25 :
arcfour_crypt_blob ( u . info25 . password . data , 516 , & confounded_session_key ) ;
memcpy ( & u . info25 . password . data [ 516 ] , confounder , 16 ) ;
break ;
case 26 :
arcfour_crypt_blob ( u . info26 . password . data , 516 , & confounded_session_key ) ;
memcpy ( & u . info26 . password . data [ 516 ] , confounder , 16 ) ;
break ;
}
if ( use_setinfo2 ) {
status = dcerpc_samr_SetUserInfo2 ( p , tctx , & s2 ) ;
} else {
status = dcerpc_samr_SetUserInfo ( p , tctx , & s ) ;
}
2008-12-02 23:22:14 +01:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
if ( fields_present = = 0 ) {
expected_error = NT_STATUS_INVALID_PARAMETER ;
}
if ( fields_present & SAMR_FIELD_LAST_PWD_CHANGE ) {
expected_error = NT_STATUS_ACCESS_DENIED ;
}
}
2008-11-28 22:01:18 +01:00
if ( ! NT_STATUS_IS_OK ( expected_error ) ) {
if ( use_setinfo2 ) {
torture_assert_ntstatus_equal ( tctx ,
s2 . out . result ,
expected_error , " SetUserInfo2 failed " ) ;
} else {
torture_assert_ntstatus_equal ( tctx ,
s . out . result ,
expected_error , " SetUserInfo failed " ) ;
}
2008-12-02 23:22:14 +01:00
* matched_expected_error = true ;
2008-11-28 12:04:09 +01:00
return true ;
}
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " SetUserInfo%s level %u failed - %s \n " ,
2008-11-28 12:04:09 +01:00
use_setinfo2 ? " 2 " : " " , level , nt_errstr ( status ) ) ;
ret = false ;
} else {
2008-12-05 16:07:06 +01:00
* password = newpass ;
2008-11-28 12:04:09 +01:00
}
return ret ;
}
2007-12-03 15:53:28 +01:00
static bool test_SetAliasInfo ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2003-12-19 03:59:27 +00:00
struct policy_handle * handle )
{
NTSTATUS status ;
struct samr_SetAliasInfo r ;
struct samr_QueryAliasInfo q ;
2008-11-10 14:09:06 +01:00
union samr_AliasInfo * info ;
2004-05-25 17:24:24 +00:00
uint16_t levels [ ] = { 2 , 3 } ;
2003-12-19 03:59:27 +00:00
int i ;
2007-10-06 22:28:14 +00:00
bool ret = true ;
2003-12-19 03:59:27 +00:00
/* Ignoring switch level 1, as that includes the number of members for the alias
* and setting this to a wrong value might have negative consequences
*/
for ( i = 0 ; i < ARRAY_SIZE ( levels ) ; i + + ) {
2008-10-31 16:09:29 +01:00
torture_comment ( tctx , " Testing SetAliasInfo level %u \n " , levels [ i ] ) ;
2003-12-19 03:59:27 +00:00
2004-09-21 03:51:38 +00:00
r . in . alias_handle = handle ;
2003-12-19 03:59:27 +00:00
r . in . level = levels [ i ] ;
2007-12-03 15:53:28 +01:00
r . in . info = talloc ( tctx , union samr_AliasInfo ) ;
2003-12-19 03:59:27 +00:00
switch ( r . in . level ) {
2005-11-10 03:01:21 +00:00
case ALIASINFONAME : init_lsa_String ( & r . in . info - > name , TEST_ALIASNAME ) ; break ;
case ALIASINFODESCRIPTION : init_lsa_String ( & r . in . info - > description ,
2003-12-19 03:59:27 +00:00
" Test Description, should test I18N as well " ) ; break ;
2009-06-29 23:42:58 +02:00
case ALIASINFOALL : torture_comment ( tctx , " ALIASINFOALL ignored \n " ) ; break ;
2003-12-19 03:59:27 +00:00
}
2007-12-03 15:53:28 +01:00
status = dcerpc_samr_SetAliasInfo ( p , tctx , & r ) ;
2003-12-19 03:59:27 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " SetAliasInfo level %u failed - %s \n " ,
2003-12-19 03:59:27 +00:00
levels [ i ] , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2003-12-19 03:59:27 +00:00
}
2004-09-21 03:51:38 +00:00
q . in . alias_handle = handle ;
2003-12-19 03:59:27 +00:00
q . in . level = levels [ i ] ;
2008-11-10 14:09:06 +01:00
q . out . info = & info ;
2003-12-19 03:59:27 +00:00
2007-12-03 15:53:28 +01:00
status = dcerpc_samr_QueryAliasInfo ( p , tctx , & q ) ;
2003-12-19 03:59:27 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " QueryAliasInfo level %u failed - %s \n " ,
2003-12-19 03:59:27 +00:00
levels [ i ] , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2003-12-19 03:59:27 +00:00
}
}
2003-11-20 10:53:08 +00:00
2003-11-20 07:20:59 +00:00
return ret ;
}
2007-12-03 15:53:28 +01:00
static bool test_GetGroupsForUser ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2003-12-19 03:59:27 +00:00
struct policy_handle * user_handle )
{
struct samr_GetGroupsForUser r ;
2008-11-05 10:58:35 +01:00
struct samr_RidWithAttributeArray * rids = NULL ;
2003-12-19 03:59:27 +00:00
NTSTATUS status ;
2008-10-31 15:24:24 +01:00
torture_comment ( tctx , " testing GetGroupsForUser \n " ) ;
2003-12-19 03:59:27 +00:00
2004-09-21 03:51:38 +00:00
r . in . user_handle = user_handle ;
2008-11-05 10:58:35 +01:00
r . out . rids = & rids ;
2003-12-19 03:59:27 +00:00
2007-12-03 15:53:28 +01:00
status = dcerpc_samr_GetGroupsForUser ( p , tctx , & r ) ;
2008-10-31 15:24:24 +01:00
torture_assert_ntstatus_ok ( tctx , status , " GetGroupsForUser " ) ;
2003-12-19 03:59:27 +00:00
2008-10-31 15:24:24 +01:00
return true ;
2003-12-19 03:59:27 +00:00
}
2004-04-21 06:23:29 +00:00
2007-12-03 15:53:28 +01:00
static bool test_GetDomPwInfo ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2005-07-08 08:09:02 +00:00
struct lsa_String * domain_name )
2004-04-21 06:23:29 +00:00
{
NTSTATUS status ;
struct samr_GetDomPwInfo r ;
2008-11-05 01:34:55 +01:00
struct samr_PwInfo info ;
2004-04-21 06:23:29 +00:00
2005-02-13 00:26:43 +00:00
r . in . domain_name = domain_name ;
2008-11-05 01:34:55 +01:00
r . out . info = & info ;
2008-10-31 15:24:24 +01:00
torture_comment ( tctx , " Testing GetDomPwInfo with name %s \n " , r . in . domain_name - > string ) ;
2004-05-26 07:33:05 +00:00
2007-12-03 15:53:28 +01:00
status = dcerpc_samr_GetDomPwInfo ( p , tctx , & r ) ;
2008-10-31 15:24:24 +01:00
torture_assert_ntstatus_ok ( tctx , status , " GetDomPwInfo " ) ;
2004-05-26 07:33:05 +00:00
2007-12-03 15:53:28 +01:00
r . in . domain_name - > string = talloc_asprintf ( tctx , " \\ \\ %s " , dcerpc_server_name ( p ) ) ;
2008-10-31 15:24:24 +01:00
torture_comment ( tctx , " Testing GetDomPwInfo with name %s \n " , r . in . domain_name - > string ) ;
2004-04-21 06:23:29 +00:00
2007-12-03 15:53:28 +01:00
status = dcerpc_samr_GetDomPwInfo ( p , tctx , & r ) ;
2008-10-31 15:24:24 +01:00
torture_assert_ntstatus_ok ( tctx , status , " GetDomPwInfo " ) ;
2004-04-21 06:23:29 +00:00
2005-02-13 00:26:43 +00:00
r . in . domain_name - > string = " \\ \\ __NONAME__ " ;
2008-10-31 15:24:24 +01:00
torture_comment ( tctx , " Testing GetDomPwInfo with name %s \n " , r . in . domain_name - > string ) ;
2004-05-26 07:33:05 +00:00
2007-12-03 15:53:28 +01:00
status = dcerpc_samr_GetDomPwInfo ( p , tctx , & r ) ;
2008-10-31 15:24:24 +01:00
torture_assert_ntstatus_ok ( tctx , status , " GetDomPwInfo " ) ;
2004-05-26 07:33:05 +00:00
2005-02-13 00:26:43 +00:00
r . in . domain_name - > string = " \\ \\ Builtin " ;
2008-10-31 15:24:24 +01:00
torture_comment ( tctx , " Testing GetDomPwInfo with name %s \n " , r . in . domain_name - > string ) ;
2004-05-26 07:33:05 +00:00
2007-12-03 15:53:28 +01:00
status = dcerpc_samr_GetDomPwInfo ( p , tctx , & r ) ;
2008-10-31 15:24:24 +01:00
torture_assert_ntstatus_ok ( tctx , status , " GetDomPwInfo " ) ;
2004-05-26 07:33:05 +00:00
2008-10-31 15:24:24 +01:00
return true ;
2004-04-21 06:23:29 +00:00
}
2007-12-03 15:53:28 +01:00
static bool test_GetUserPwInfo ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2003-11-21 13:14:17 +00:00
struct policy_handle * handle )
{
NTSTATUS status ;
struct samr_GetUserPwInfo r ;
2008-11-05 01:28:49 +01:00
struct samr_PwInfo info ;
2003-11-21 13:14:17 +00:00
2008-10-31 15:24:24 +01:00
torture_comment ( tctx , " Testing GetUserPwInfo \n " ) ;
2003-11-21 13:14:17 +00:00
2004-09-21 03:51:38 +00:00
r . in . user_handle = handle ;
2008-11-05 01:28:49 +01:00
r . out . info = & info ;
2003-11-21 13:14:17 +00:00
2007-12-03 15:53:28 +01:00
status = dcerpc_samr_GetUserPwInfo ( p , tctx , & r ) ;
2008-10-31 15:24:24 +01:00
torture_assert_ntstatus_ok ( tctx , status , " GetUserPwInfo " ) ;
2003-11-21 13:14:17 +00:00
2008-10-31 15:24:24 +01:00
return true ;
2003-11-21 13:14:17 +00:00
}
2007-12-03 15:53:28 +01:00
static NTSTATUS test_LookupName ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2004-04-18 04:06:15 +00:00
struct policy_handle * domain_handle , const char * name ,
2004-05-25 16:24:13 +00:00
uint32_t * rid )
2004-04-18 04:06:15 +00:00
{
NTSTATUS status ;
struct samr_LookupNames n ;
2005-07-08 08:09:02 +00:00
struct lsa_String sname [ 2 ] ;
2008-11-05 14:28:17 +01:00
struct samr_Ids rids , types ;
2004-04-18 04:06:15 +00:00
2005-07-08 08:09:02 +00:00
init_lsa_String ( & sname [ 0 ] , name ) ;
2004-04-18 04:06:15 +00:00
2004-09-21 03:51:38 +00:00
n . in . domain_handle = domain_handle ;
2004-04-18 04:06:15 +00:00
n . in . num_names = 1 ;
2004-05-07 23:57:35 +00:00
n . in . names = sname ;
2008-11-05 14:28:17 +01:00
n . out . rids = & rids ;
n . out . types = & types ;
2007-12-03 15:53:28 +01:00
status = dcerpc_samr_LookupNames ( p , tctx , & n ) ;
2004-04-18 04:06:15 +00:00
if ( NT_STATUS_IS_OK ( status ) ) {
2008-11-05 14:28:17 +01:00
* rid = n . out . rids - > ids [ 0 ] ;
2004-05-07 23:57:35 +00:00
} else {
return status ;
}
2005-07-08 08:09:02 +00:00
init_lsa_String ( & sname [ 1 ] , " xxNONAMExx " ) ;
2004-05-07 23:57:35 +00:00
n . in . num_names = 2 ;
2007-12-03 15:53:28 +01:00
status = dcerpc_samr_LookupNames ( p , tctx , & n ) ;
2004-05-07 23:57:35 +00:00
if ( ! NT_STATUS_EQUAL ( status , STATUS_SOME_UNMAPPED ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " LookupNames[2] failed - %s \n " , nt_errstr ( status ) ) ;
2007-06-06 12:51:45 +00:00
if ( NT_STATUS_IS_OK ( status ) ) {
return NT_STATUS_UNSUCCESSFUL ;
}
2004-05-07 23:57:35 +00:00
return status ;
}
n . in . num_names = 0 ;
2007-12-03 15:53:28 +01:00
status = dcerpc_samr_LookupNames ( p , tctx , & n ) ;
2004-05-07 23:57:35 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " LookupNames[0] failed - %s \n " , nt_errstr ( status ) ) ;
2007-06-06 12:51:45 +00:00
return status ;
}
init_lsa_String ( & sname [ 0 ] , " xxNONAMExx " ) ;
n . in . num_names = 1 ;
2007-12-03 15:53:28 +01:00
status = dcerpc_samr_LookupNames ( p , tctx , & n ) ;
2007-06-06 12:51:45 +00:00
if ( ! NT_STATUS_EQUAL ( status , NT_STATUS_NONE_MAPPED ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " LookupNames[1 bad name] failed - %s \n " , nt_errstr ( status ) ) ;
2007-06-06 12:51:45 +00:00
if ( NT_STATUS_IS_OK ( status ) ) {
return NT_STATUS_UNSUCCESSFUL ;
}
return status ;
}
init_lsa_String ( & sname [ 0 ] , " xxNONAMExx " ) ;
init_lsa_String ( & sname [ 1 ] , " xxNONAME2xx " ) ;
n . in . num_names = 2 ;
2007-12-03 15:53:28 +01:00
status = dcerpc_samr_LookupNames ( p , tctx , & n ) ;
2007-06-06 12:51:45 +00:00
if ( ! NT_STATUS_EQUAL ( status , NT_STATUS_NONE_MAPPED ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " LookupNames[2 bad names] failed - %s \n " , nt_errstr ( status ) ) ;
2007-06-06 12:51:45 +00:00
if ( NT_STATUS_IS_OK ( status ) ) {
return NT_STATUS_UNSUCCESSFUL ;
}
return status ;
2004-04-18 04:06:15 +00:00
}
2007-06-06 12:51:45 +00:00
return NT_STATUS_OK ;
2004-04-18 04:06:15 +00:00
}
2009-05-11 23:13:26 +02:00
static NTSTATUS test_OpenUser_byname ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
2004-04-18 04:06:15 +00:00
struct policy_handle * domain_handle ,
const char * name , struct policy_handle * user_handle )
{
NTSTATUS status ;
struct samr_OpenUser r ;
2004-05-25 16:24:13 +00:00
uint32_t rid ;
2004-04-18 04:06:15 +00:00
2009-05-11 23:13:26 +02:00
status = test_LookupName ( p , tctx , domain_handle , name , & rid ) ;
2004-04-18 04:06:15 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
2004-09-21 03:51:38 +00:00
r . in . domain_handle = domain_handle ;
2004-12-02 04:37:36 +00:00
r . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
2004-04-18 04:06:15 +00:00
r . in . rid = rid ;
2004-09-21 03:51:38 +00:00
r . out . user_handle = user_handle ;
2009-05-11 23:13:26 +02:00
status = dcerpc_samr_OpenUser ( p , tctx , & r ) ;
2004-04-18 04:06:15 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " OpenUser_byname(%s -> %d) failed - %s \n " , name , rid , nt_errstr ( status ) ) ;
2004-04-18 04:06:15 +00:00
}
return status ;
}
2004-07-15 05:13:08 +00:00
#if 0
2009-05-11 23:13:26 +02:00
static bool test_ChangePasswordNT3 ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
2004-07-15 05:13:08 +00:00
struct policy_handle * handle )
{
NTSTATUS status ;
struct samr_ChangePasswordUser r ;
2007-10-06 22:28:14 +00:00
bool ret = true ;
2004-07-15 05:13:08 +00:00
struct samr_Password hash1 , hash2 , hash3 , hash4 , hash5 , hash6 ;
struct policy_handle user_handle ;
char * oldpass = " test " ;
char * newpass = " test2 " ;
uint8_t old_nt_hash [ 16 ] , new_nt_hash [ 16 ] ;
uint8_t old_lm_hash [ 16 ] , new_lm_hash [ 16 ] ;
2009-05-11 23:13:26 +02:00
status = test_OpenUser_byname ( p , tctx , handle , " testuser " , & user_handle ) ;
2004-07-15 05:13:08 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2007-10-06 22:28:14 +00:00
return false ;
2004-07-15 05:13:08 +00:00
}
2009-06-29 23:42:58 +02:00
torture_comment ( tctx , " Testing ChangePasswordUser for user 'testuser' \n " ) ;
2004-07-15 05:13:08 +00:00
2009-06-29 23:42:58 +02:00
torture_comment ( tctx , " old password: %s \n " , oldpass ) ;
torture_comment ( tctx , " new password: %s \n " , newpass ) ;
2004-07-15 05:13:08 +00:00
E_md4hash ( oldpass , old_nt_hash ) ;
E_md4hash ( newpass , new_nt_hash ) ;
E_deshash ( oldpass , old_lm_hash ) ;
E_deshash ( newpass , new_lm_hash ) ;
E_old_pw_hash ( new_lm_hash , old_lm_hash , hash1 . hash ) ;
E_old_pw_hash ( old_lm_hash , new_lm_hash , hash2 . hash ) ;
E_old_pw_hash ( new_nt_hash , old_nt_hash , hash3 . hash ) ;
E_old_pw_hash ( old_nt_hash , new_nt_hash , hash4 . hash ) ;
E_old_pw_hash ( old_lm_hash , new_nt_hash , hash5 . hash ) ;
E_old_pw_hash ( old_nt_hash , new_lm_hash , hash6 . hash ) ;
r . in . handle = & user_handle ;
r . in . lm_present = 1 ;
r . in . old_lm_crypted = & hash1 ;
r . in . new_lm_crypted = & hash2 ;
r . in . nt_present = 1 ;
r . in . old_nt_crypted = & hash3 ;
r . in . new_nt_crypted = & hash4 ;
r . in . cross1_present = 1 ;
r . in . nt_cross = & hash5 ;
r . in . cross2_present = 1 ;
r . in . lm_cross = & hash6 ;
2009-05-11 23:13:26 +02:00
status = dcerpc_samr_ChangePasswordUser ( p , tctx , & r ) ;
2004-07-15 05:13:08 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " ChangePasswordUser failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2004-07-15 05:13:08 +00:00
}
2009-05-11 23:13:26 +02:00
if ( ! test_samr_handle_Close ( p , tctx , & user_handle ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2004-07-15 05:13:08 +00:00
}
return ret ;
}
# endif
2004-04-18 04:06:15 +00:00
2008-10-31 15:24:24 +01:00
static bool test_ChangePasswordUser ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2009-05-11 22:44:58 +02:00
const char * acct_name ,
2004-04-22 06:19:48 +00:00
struct policy_handle * handle , char * * password )
2004-04-18 04:06:15 +00:00
{
NTSTATUS status ;
struct samr_ChangePasswordUser r ;
2007-10-06 22:28:14 +00:00
bool ret = true ;
2004-06-04 11:58:46 +00:00
struct samr_Password hash1 , hash2 , hash3 , hash4 , hash5 , hash6 ;
2004-04-18 04:06:15 +00:00
struct policy_handle user_handle ;
2006-07-06 05:09:14 +00:00
char * oldpass ;
2004-05-25 17:50:17 +00:00
uint8_t old_nt_hash [ 16 ] , new_nt_hash [ 16 ] ;
uint8_t old_lm_hash [ 16 ] , new_lm_hash [ 16 ] ;
2007-10-06 22:28:14 +00:00
bool changed = true ;
2004-04-18 04:06:15 +00:00
2004-10-20 02:08:36 +00:00
char * newpass ;
struct samr_GetUserPwInfo pwp ;
2008-11-05 01:28:49 +01:00
struct samr_PwInfo info ;
2004-10-20 02:08:36 +00:00
int policy_min_pw_len = 0 ;
2008-10-31 15:24:24 +01:00
status = test_OpenUser_byname ( p , tctx , handle , acct_name , & user_handle ) ;
2004-04-18 04:06:15 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2007-10-06 22:28:14 +00:00
return false ;
2004-04-18 04:06:15 +00:00
}
2004-10-20 02:08:36 +00:00
pwp . in . user_handle = & user_handle ;
2008-11-05 01:28:49 +01:00
pwp . out . info = & info ;
2004-10-20 02:08:36 +00:00
2008-10-31 15:24:24 +01:00
status = dcerpc_samr_GetUserPwInfo ( p , tctx , & pwp ) ;
2004-10-20 02:08:36 +00:00
if ( NT_STATUS_IS_OK ( status ) ) {
2008-11-05 01:28:49 +01:00
policy_min_pw_len = pwp . out . info - > min_password_length ;
2004-10-20 02:08:36 +00:00
}
2008-10-31 15:24:24 +01:00
newpass = samr_rand_pass ( tctx , policy_min_pw_len ) ;
2004-04-18 04:06:15 +00:00
2008-10-31 16:09:29 +01:00
torture_comment ( tctx , " Testing ChangePasswordUser \n " ) ;
2004-04-18 04:06:15 +00:00
2009-05-11 22:44:58 +02:00
torture_assert ( tctx , * password ! = NULL ,
2008-10-31 16:09:29 +01:00
" Failing ChangePasswordUser as old password was NULL. Previous test failed? " ) ;
2006-07-06 05:09:14 +00:00
oldpass = * password ;
2004-04-22 06:19:48 +00:00
E_md4hash ( oldpass , old_nt_hash ) ;
E_md4hash ( newpass , new_nt_hash ) ;
E_deshash ( oldpass , old_lm_hash ) ;
E_deshash ( newpass , new_lm_hash ) ;
2004-04-26 03:07:46 +00:00
E_old_pw_hash ( new_lm_hash , old_lm_hash , hash1 . hash ) ;
E_old_pw_hash ( old_lm_hash , new_lm_hash , hash2 . hash ) ;
E_old_pw_hash ( new_nt_hash , old_nt_hash , hash3 . hash ) ;
E_old_pw_hash ( old_nt_hash , new_nt_hash , hash4 . hash ) ;
E_old_pw_hash ( old_lm_hash , new_nt_hash , hash5 . hash ) ;
E_old_pw_hash ( old_nt_hash , new_lm_hash , hash6 . hash ) ;
2004-04-18 04:06:15 +00:00
2007-03-06 05:30:25 +00:00
r . in . user_handle = & user_handle ;
r . in . lm_present = 1 ;
2007-08-22 04:28:15 +00:00
/* Break the LM hash */
hash1 . hash [ 0 ] + + ;
2007-03-06 05:30:25 +00:00
r . in . old_lm_crypted = & hash1 ;
r . in . new_lm_crypted = & hash2 ;
r . in . nt_present = 1 ;
r . in . old_nt_crypted = & hash3 ;
r . in . new_nt_crypted = & hash4 ;
r . in . cross1_present = 1 ;
r . in . nt_cross = & hash5 ;
2007-08-22 04:28:15 +00:00
r . in . cross2_present = 1 ;
r . in . lm_cross = & hash6 ;
2007-03-06 05:30:25 +00:00
2008-10-31 15:24:24 +01:00
status = dcerpc_samr_ChangePasswordUser ( p , tctx , & r ) ;
2008-10-31 16:09:29 +01:00
torture_assert_ntstatus_equal ( tctx , status , NT_STATUS_WRONG_PASSWORD ,
" ChangePasswordUser failed: expected NT_STATUS_WRONG_PASSWORD because we broke the LM hash " ) ;
2007-03-06 05:30:25 +00:00
2007-08-22 04:28:15 +00:00
/* Unbreak the LM hash */
hash1 . hash [ 0 ] - - ;
2007-03-06 05:30:25 +00:00
r . in . user_handle = & user_handle ;
r . in . lm_present = 1 ;
r . in . old_lm_crypted = & hash1 ;
r . in . new_lm_crypted = & hash2 ;
2007-08-22 04:28:15 +00:00
/* Break the NT hash */
hash3 . hash [ 0 ] - - ;
2007-03-06 05:30:25 +00:00
r . in . nt_present = 1 ;
r . in . old_nt_crypted = & hash3 ;
r . in . new_nt_crypted = & hash4 ;
2007-08-22 04:28:15 +00:00
r . in . cross1_present = 1 ;
r . in . nt_cross = & hash5 ;
2007-03-06 05:30:25 +00:00
r . in . cross2_present = 1 ;
r . in . lm_cross = & hash6 ;
2008-10-31 15:24:24 +01:00
status = dcerpc_samr_ChangePasswordUser ( p , tctx , & r ) ;
2009-05-11 22:44:58 +02:00
torture_assert_ntstatus_equal ( tctx , status , NT_STATUS_WRONG_PASSWORD ,
2008-10-31 16:09:29 +01:00
" expected NT_STATUS_WRONG_PASSWORD because we broke the NT hash " ) ;
2007-03-06 05:30:25 +00:00
2007-08-22 04:28:15 +00:00
/* Unbreak the NT hash */
hash3 . hash [ 0 ] - - ;
2007-03-06 22:22:25 +00:00
r . in . user_handle = & user_handle ;
r . in . lm_present = 1 ;
r . in . old_lm_crypted = & hash1 ;
r . in . new_lm_crypted = & hash2 ;
r . in . nt_present = 1 ;
r . in . old_nt_crypted = & hash3 ;
r . in . new_nt_crypted = & hash4 ;
r . in . cross1_present = 1 ;
r . in . nt_cross = & hash5 ;
r . in . cross2_present = 1 ;
2007-08-22 04:28:15 +00:00
/* Break the LM cross */
hash6 . hash [ 0 ] + + ;
2007-03-06 22:22:25 +00:00
r . in . lm_cross = & hash6 ;
2008-10-31 15:24:24 +01:00
status = dcerpc_samr_ChangePasswordUser ( p , tctx , & r ) ;
2007-03-06 22:22:25 +00:00
if ( ! NT_STATUS_EQUAL ( status , NT_STATUS_WRONG_PASSWORD ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " ChangePasswordUser failed: expected NT_STATUS_WRONG_PASSWORD because we broke the LM cross-hash, got %s \n " , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2007-03-06 22:22:25 +00:00
}
2007-08-22 04:28:15 +00:00
/* Unbreak the LM cross */
hash6 . hash [ 0 ] - - ;
2007-03-06 22:22:25 +00:00
r . in . user_handle = & user_handle ;
r . in . lm_present = 1 ;
r . in . old_lm_crypted = & hash1 ;
r . in . new_lm_crypted = & hash2 ;
r . in . nt_present = 1 ;
r . in . old_nt_crypted = & hash3 ;
r . in . new_nt_crypted = & hash4 ;
r . in . cross1_present = 1 ;
2007-08-22 04:28:15 +00:00
/* Break the NT cross */
hash5 . hash [ 0 ] + + ;
2007-03-06 22:22:25 +00:00
r . in . nt_cross = & hash5 ;
r . in . cross2_present = 1 ;
r . in . lm_cross = & hash6 ;
2008-10-31 15:24:24 +01:00
status = dcerpc_samr_ChangePasswordUser ( p , tctx , & r ) ;
2007-03-06 22:22:25 +00:00
if ( ! NT_STATUS_EQUAL ( status , NT_STATUS_WRONG_PASSWORD ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " ChangePasswordUser failed: expected NT_STATUS_WRONG_PASSWORD because we broke the NT cross-hash, got %s \n " , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2007-03-06 22:22:25 +00:00
}
2007-08-22 04:28:15 +00:00
/* Unbreak the NT cross */
hash5 . hash [ 0 ] - - ;
/* Reset the hashes to not broken values */
E_old_pw_hash ( new_lm_hash , old_lm_hash , hash1 . hash ) ;
E_old_pw_hash ( old_lm_hash , new_lm_hash , hash2 . hash ) ;
E_old_pw_hash ( new_nt_hash , old_nt_hash , hash3 . hash ) ;
E_old_pw_hash ( old_nt_hash , new_nt_hash , hash4 . hash ) ;
E_old_pw_hash ( old_lm_hash , new_nt_hash , hash5 . hash ) ;
E_old_pw_hash ( old_nt_hash , new_lm_hash , hash6 . hash ) ;
2007-03-06 22:22:25 +00:00
r . in . user_handle = & user_handle ;
r . in . lm_present = 1 ;
r . in . old_lm_crypted = & hash1 ;
r . in . new_lm_crypted = & hash2 ;
r . in . nt_present = 1 ;
r . in . old_nt_crypted = & hash3 ;
r . in . new_nt_crypted = & hash4 ;
r . in . cross1_present = 1 ;
r . in . nt_cross = & hash5 ;
2007-08-22 04:28:15 +00:00
r . in . cross2_present = 0 ;
r . in . lm_cross = NULL ;
2007-03-06 22:22:25 +00:00
2008-10-31 15:24:24 +01:00
status = dcerpc_samr_ChangePasswordUser ( p , tctx , & r ) ;
2007-08-22 04:28:15 +00:00
if ( NT_STATUS_IS_OK ( status ) ) {
2007-10-06 22:28:14 +00:00
changed = true ;
2007-08-22 04:28:15 +00:00
* password = newpass ;
} else if ( ! NT_STATUS_EQUAL ( NT_STATUS_PASSWORD_RESTRICTION , status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " ChangePasswordUser failed: expected NT_STATUS_OK, or at least NT_STATUS_PASSWORD_RESTRICTION, got %s \n " , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2007-03-06 22:22:25 +00:00
}
2007-08-22 04:28:15 +00:00
oldpass = newpass ;
2008-10-31 15:24:24 +01:00
newpass = samr_rand_pass ( tctx , policy_min_pw_len ) ;
2007-08-22 04:28:15 +00:00
E_md4hash ( oldpass , old_nt_hash ) ;
E_md4hash ( newpass , new_nt_hash ) ;
E_deshash ( oldpass , old_lm_hash ) ;
E_deshash ( newpass , new_lm_hash ) ;
/* Reset the hashes to not broken values */
E_old_pw_hash ( new_lm_hash , old_lm_hash , hash1 . hash ) ;
E_old_pw_hash ( old_lm_hash , new_lm_hash , hash2 . hash ) ;
E_old_pw_hash ( new_nt_hash , old_nt_hash , hash3 . hash ) ;
E_old_pw_hash ( old_nt_hash , new_nt_hash , hash4 . hash ) ;
E_old_pw_hash ( old_lm_hash , new_nt_hash , hash5 . hash ) ;
E_old_pw_hash ( old_nt_hash , new_lm_hash , hash6 . hash ) ;
2007-03-06 22:22:25 +00:00
r . in . user_handle = & user_handle ;
r . in . lm_present = 1 ;
r . in . old_lm_crypted = & hash1 ;
r . in . new_lm_crypted = & hash2 ;
r . in . nt_present = 1 ;
r . in . old_nt_crypted = & hash3 ;
r . in . new_nt_crypted = & hash4 ;
2007-08-22 04:28:15 +00:00
r . in . cross1_present = 0 ;
r . in . nt_cross = NULL ;
2007-03-06 22:22:25 +00:00
r . in . cross2_present = 1 ;
r . in . lm_cross = & hash6 ;
2008-10-31 15:24:24 +01:00
status = dcerpc_samr_ChangePasswordUser ( p , tctx , & r ) ;
2007-08-22 04:28:15 +00:00
if ( NT_STATUS_IS_OK ( status ) ) {
2007-10-06 22:28:14 +00:00
changed = true ;
2007-08-22 04:28:15 +00:00
* password = newpass ;
} else if ( ! NT_STATUS_EQUAL ( NT_STATUS_PASSWORD_RESTRICTION , status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " ChangePasswordUser failed: expected NT_STATUS_NT_CROSS_ENCRYPTION_REQUIRED, got %s \n " , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2007-03-06 22:22:25 +00:00
}
2007-08-22 04:28:15 +00:00
oldpass = newpass ;
2008-10-31 15:24:24 +01:00
newpass = samr_rand_pass ( tctx , policy_min_pw_len ) ;
2007-08-22 04:28:15 +00:00
E_md4hash ( oldpass , old_nt_hash ) ;
E_md4hash ( newpass , new_nt_hash ) ;
E_deshash ( oldpass , old_lm_hash ) ;
E_deshash ( newpass , new_lm_hash ) ;
2007-03-06 22:22:25 +00:00
/* Reset the hashes to not broken values */
E_old_pw_hash ( new_lm_hash , old_lm_hash , hash1 . hash ) ;
E_old_pw_hash ( old_lm_hash , new_lm_hash , hash2 . hash ) ;
E_old_pw_hash ( new_nt_hash , old_nt_hash , hash3 . hash ) ;
E_old_pw_hash ( old_nt_hash , new_nt_hash , hash4 . hash ) ;
E_old_pw_hash ( old_lm_hash , new_nt_hash , hash5 . hash ) ;
E_old_pw_hash ( old_nt_hash , new_lm_hash , hash6 . hash ) ;
2004-09-21 03:51:38 +00:00
r . in . user_handle = & user_handle ;
2004-04-26 03:07:46 +00:00
r . in . lm_present = 1 ;
r . in . old_lm_crypted = & hash1 ;
r . in . new_lm_crypted = & hash2 ;
r . in . nt_present = 1 ;
r . in . old_nt_crypted = & hash3 ;
r . in . new_nt_crypted = & hash4 ;
r . in . cross1_present = 1 ;
r . in . nt_cross = & hash5 ;
r . in . cross2_present = 1 ;
r . in . lm_cross = & hash6 ;
2004-04-18 04:06:15 +00:00
2008-10-31 15:24:24 +01:00
status = dcerpc_samr_ChangePasswordUser ( p , tctx , & r ) ;
2005-12-27 07:48:11 +00:00
if ( NT_STATUS_EQUAL ( status , NT_STATUS_PASSWORD_RESTRICTION ) ) {
2009-06-29 23:42:58 +02:00
torture_comment ( tctx , " ChangePasswordUser returned: %s perhaps min password age? (not fatal) \n " , nt_errstr ( status ) ) ;
2005-12-27 07:48:11 +00:00
} else if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " ChangePasswordUser failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2004-04-26 03:07:46 +00:00
} else {
2007-10-06 22:28:14 +00:00
changed = true ;
2004-04-26 03:07:46 +00:00
* password = newpass ;
2004-04-18 04:06:15 +00:00
}
2007-03-06 05:30:25 +00:00
r . in . user_handle = & user_handle ;
r . in . lm_present = 1 ;
r . in . old_lm_crypted = & hash1 ;
r . in . new_lm_crypted = & hash2 ;
r . in . nt_present = 1 ;
r . in . old_nt_crypted = & hash3 ;
r . in . new_nt_crypted = & hash4 ;
r . in . cross1_present = 1 ;
r . in . nt_cross = & hash5 ;
r . in . cross2_present = 1 ;
r . in . lm_cross = & hash6 ;
if ( changed ) {
2008-10-31 15:24:24 +01:00
status = dcerpc_samr_ChangePasswordUser ( p , tctx , & r ) ;
2007-08-22 04:28:15 +00:00
if ( NT_STATUS_EQUAL ( status , NT_STATUS_PASSWORD_RESTRICTION ) ) {
2009-06-29 23:42:58 +02:00
torture_comment ( tctx , " ChangePasswordUser returned: %s perhaps min password age? (not fatal) \n " , nt_errstr ( status ) ) ;
2007-08-22 04:28:15 +00:00
} else if ( ! NT_STATUS_EQUAL ( status , NT_STATUS_WRONG_PASSWORD ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " ChangePasswordUser failed: expected NT_STATUS_WRONG_PASSWORD because we already changed the password, got %s \n " , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2007-03-06 05:30:25 +00:00
}
}
2009-05-11 22:44:58 +02:00
2008-10-31 15:24:24 +01:00
if ( ! test_samr_handle_Close ( p , tctx , & user_handle ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2004-04-18 04:06:15 +00:00
}
return ret ;
}
2008-10-31 16:09:29 +01:00
static bool test_OemChangePasswordUser2 ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2006-07-07 02:03:04 +00:00
const char * acct_name ,
2004-04-22 06:19:48 +00:00
struct policy_handle * handle , char * * password )
2004-04-19 05:48:03 +00:00
{
NTSTATUS status ;
struct samr_OemChangePasswordUser2 r ;
2007-10-06 22:28:14 +00:00
bool ret = true ;
2004-06-04 11:58:46 +00:00
struct samr_Password lm_verifier ;
2004-04-21 05:01:31 +00:00
struct samr_CryptPassword lm_pass ;
2005-12-27 07:48:11 +00:00
struct lsa_AsciiString server , account , account_bad ;
2006-07-06 05:09:14 +00:00
char * oldpass ;
2004-10-20 02:08:36 +00:00
char * newpass ;
2004-05-25 17:50:17 +00:00
uint8_t old_lm_hash [ 16 ] , new_lm_hash [ 16 ] ;
2004-04-19 05:48:03 +00:00
2004-10-20 02:08:36 +00:00
struct samr_GetDomPwInfo dom_pw_info ;
2008-11-05 01:34:55 +01:00
struct samr_PwInfo info ;
2004-10-20 02:08:36 +00:00
int policy_min_pw_len = 0 ;
2005-07-08 08:09:02 +00:00
struct lsa_String domain_name ;
2006-07-06 05:09:14 +00:00
2004-11-13 13:45:41 +00:00
domain_name . string = " " ;
2005-02-13 00:26:43 +00:00
dom_pw_info . in . domain_name = & domain_name ;
2008-11-05 01:34:55 +01:00
dom_pw_info . out . info = & info ;
2004-10-20 02:08:36 +00:00
2008-10-31 16:09:29 +01:00
torture_comment ( tctx , " Testing OemChangePasswordUser2 \n " ) ;
2004-04-19 05:48:03 +00:00
2009-05-11 22:44:58 +02:00
torture_assert ( tctx , * password ! = NULL ,
2008-10-31 16:09:29 +01:00
" Failing OemChangePasswordUser2 as old password was NULL. Previous test failed? " ) ;
2006-07-06 05:09:14 +00:00
oldpass = * password ;
2008-10-31 16:09:29 +01:00
status = dcerpc_samr_GetDomPwInfo ( p , tctx , & dom_pw_info ) ;
2004-10-20 02:08:36 +00:00
if ( NT_STATUS_IS_OK ( status ) ) {
2008-11-05 01:34:55 +01:00
policy_min_pw_len = dom_pw_info . out . info - > min_password_length ;
2004-10-20 02:08:36 +00:00
}
2008-10-31 16:09:29 +01:00
newpass = samr_rand_pass ( tctx , policy_min_pw_len ) ;
2004-10-20 02:08:36 +00:00
2008-10-31 16:09:29 +01:00
server . string = talloc_asprintf ( tctx , " \\ \\ %s " , dcerpc_server_name ( p ) ) ;
2006-07-07 02:03:04 +00:00
account . string = acct_name ;
2004-04-19 05:48:03 +00:00
2004-04-21 05:01:31 +00:00
E_deshash ( oldpass , old_lm_hash ) ;
E_deshash ( newpass , new_lm_hash ) ;
2004-04-22 06:19:48 +00:00
encode_pw_buffer ( lm_pass . data , newpass , STR_ASCII ) ;
2004-06-03 23:15:16 +00:00
arcfour_crypt ( lm_pass . data , old_lm_hash , 516 ) ;
2004-04-21 05:01:31 +00:00
E_old_pw_hash ( new_lm_hash , old_lm_hash , lm_verifier . hash ) ;
2004-04-19 05:48:03 +00:00
r . in . server = & server ;
r . in . account = & account ;
2004-04-21 05:01:31 +00:00
r . in . password = & lm_pass ;
r . in . hash = & lm_verifier ;
2004-04-19 05:48:03 +00:00
2005-12-27 07:48:11 +00:00
/* Break the verification */
lm_verifier . hash [ 0 ] + + ;
2008-10-31 16:09:29 +01:00
status = dcerpc_samr_OemChangePasswordUser2 ( p , tctx , & r ) ;
2005-12-27 07:48:11 +00:00
if ( ! NT_STATUS_EQUAL ( status , NT_STATUS_PASSWORD_RESTRICTION )
& & ! NT_STATUS_EQUAL ( status , NT_STATUS_WRONG_PASSWORD ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " OemChangePasswordUser2 failed, should have returned WRONG_PASSWORD (or at least 'PASSWORD_RESTRICTON') for invalid password verifier - %s \n " ,
2005-12-27 07:48:11 +00:00
nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2005-12-27 07:48:11 +00:00
}
2007-03-06 05:30:25 +00:00
encode_pw_buffer ( lm_pass . data , newpass , STR_ASCII ) ;
/* Break the old password */
old_lm_hash [ 0 ] + + ;
arcfour_crypt ( lm_pass . data , old_lm_hash , 516 ) ;
/* unbreak it for the next operation */
old_lm_hash [ 0 ] - - ;
E_old_pw_hash ( new_lm_hash , old_lm_hash , lm_verifier . hash ) ;
r . in . server = & server ;
r . in . account = & account ;
r . in . password = & lm_pass ;
r . in . hash = & lm_verifier ;
2008-10-31 16:09:29 +01:00
status = dcerpc_samr_OemChangePasswordUser2 ( p , tctx , & r ) ;
2007-03-06 05:30:25 +00:00
if ( ! NT_STATUS_EQUAL ( status , NT_STATUS_PASSWORD_RESTRICTION )
& & ! NT_STATUS_EQUAL ( status , NT_STATUS_WRONG_PASSWORD ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " OemChangePasswordUser2 failed, should have returned WRONG_PASSWORD (or at least 'PASSWORD_RESTRICTON') for invalidly encrpted password - %s \n " ,
2007-03-06 05:30:25 +00:00
nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2007-03-06 05:30:25 +00:00
}
encode_pw_buffer ( lm_pass . data , newpass , STR_ASCII ) ;
arcfour_crypt ( lm_pass . data , old_lm_hash , 516 ) ;
r . in . server = & server ;
r . in . account = & account ;
r . in . password = & lm_pass ;
r . in . hash = NULL ;
2008-10-31 16:09:29 +01:00
status = dcerpc_samr_OemChangePasswordUser2 ( p , tctx , & r ) ;
2007-03-06 05:30:25 +00:00
if ( ! NT_STATUS_EQUAL ( status , NT_STATUS_PASSWORD_RESTRICTION )
2007-08-22 04:28:15 +00:00
& & ! NT_STATUS_EQUAL ( status , NT_STATUS_INVALID_PARAMETER ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " OemChangePasswordUser2 failed, should have returned INVALID_PARAMETER (or at least 'PASSWORD_RESTRICTON') for no supplied validation hash - %s \n " ,
2007-08-22 04:28:15 +00:00
nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2007-08-22 04:28:15 +00:00
}
/* This shouldn't be a valid name */
account_bad . string = TEST_ACCOUNT_NAME " XX " ;
r . in . account = & account_bad ;
2008-10-31 16:09:29 +01:00
status = dcerpc_samr_OemChangePasswordUser2 ( p , tctx , & r ) ;
2007-08-22 04:28:15 +00:00
if ( ! NT_STATUS_EQUAL ( status , NT_STATUS_INVALID_PARAMETER ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " OemChangePasswordUser2 failed, should have returned INVALID_PARAMETER for no supplied validation hash and invalid user - %s \n " ,
2007-03-06 05:30:25 +00:00
nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2007-03-06 05:30:25 +00:00
}
2005-12-27 07:48:11 +00:00
/* This shouldn't be a valid name */
account_bad . string = TEST_ACCOUNT_NAME " XX " ;
r . in . account = & account_bad ;
2007-08-22 04:28:15 +00:00
r . in . password = & lm_pass ;
r . in . hash = & lm_verifier ;
2005-12-27 07:48:11 +00:00
2008-10-31 16:09:29 +01:00
status = dcerpc_samr_OemChangePasswordUser2 ( p , tctx , & r ) ;
2005-12-27 07:48:11 +00:00
if ( ! NT_STATUS_EQUAL ( status , NT_STATUS_WRONG_PASSWORD ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " OemChangePasswordUser2 failed, should have returned WRONG_PASSWORD for invalid user - %s \n " ,
2005-12-27 07:48:11 +00:00
nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2005-12-27 07:48:11 +00:00
}
2007-08-22 04:28:15 +00:00
/* This shouldn't be a valid name */
account_bad . string = TEST_ACCOUNT_NAME " XX " ;
r . in . account = & account_bad ;
r . in . password = NULL ;
r . in . hash = & lm_verifier ;
2008-10-31 16:09:29 +01:00
status = dcerpc_samr_OemChangePasswordUser2 ( p , tctx , & r ) ;
2007-08-22 04:28:15 +00:00
if ( ! NT_STATUS_EQUAL ( status , NT_STATUS_INVALID_PARAMETER ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " OemChangePasswordUser2 failed, should have returned INVALID_PARAMETER for no supplied password and invalid user - %s \n " ,
2007-08-22 04:28:15 +00:00
nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2007-08-22 04:28:15 +00:00
}
2005-12-27 07:48:11 +00:00
E_deshash ( oldpass , old_lm_hash ) ;
E_deshash ( newpass , new_lm_hash ) ;
encode_pw_buffer ( lm_pass . data , newpass , STR_ASCII ) ;
arcfour_crypt ( lm_pass . data , old_lm_hash , 516 ) ;
E_old_pw_hash ( new_lm_hash , old_lm_hash , lm_verifier . hash ) ;
r . in . server = & server ;
r . in . account = & account ;
r . in . password = & lm_pass ;
r . in . hash = & lm_verifier ;
2008-10-31 16:09:29 +01:00
status = dcerpc_samr_OemChangePasswordUser2 ( p , tctx , & r ) ;
2005-12-27 07:48:11 +00:00
if ( NT_STATUS_EQUAL ( status , NT_STATUS_PASSWORD_RESTRICTION ) ) {
2009-06-29 23:42:58 +02:00
torture_comment ( tctx , " OemChangePasswordUser2 returned: %s perhaps min password age? (not fatal) \n " , nt_errstr ( status ) ) ;
2005-12-27 07:48:11 +00:00
} else if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " OemChangePasswordUser2 failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2004-04-22 06:19:48 +00:00
} else {
* password = newpass ;
2004-04-19 05:48:03 +00:00
}
return ret ;
}
2004-04-22 06:19:48 +00:00
2008-10-31 16:09:29 +01:00
static bool test_ChangePasswordUser2 ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2006-07-07 02:03:04 +00:00
const char * acct_name ,
2007-08-22 04:28:15 +00:00
char * * password ,
char * newpass , bool allow_password_restriction )
2004-04-19 05:48:03 +00:00
{
NTSTATUS status ;
struct samr_ChangePasswordUser2 r ;
2007-10-06 22:28:14 +00:00
bool ret = true ;
2005-07-08 08:09:02 +00:00
struct lsa_String server , account ;
2004-04-19 05:48:03 +00:00
struct samr_CryptPassword nt_pass , lm_pass ;
2004-06-04 11:58:46 +00:00
struct samr_Password nt_verifier , lm_verifier ;
2006-07-06 05:09:14 +00:00
char * oldpass ;
2004-05-25 17:50:17 +00:00
uint8_t old_nt_hash [ 16 ] , new_nt_hash [ 16 ] ;
uint8_t old_lm_hash [ 16 ] , new_lm_hash [ 16 ] ;
2004-04-19 05:48:03 +00:00
2004-10-20 02:08:36 +00:00
struct samr_GetDomPwInfo dom_pw_info ;
2008-11-05 01:34:55 +01:00
struct samr_PwInfo info ;
2004-10-20 02:08:36 +00:00
2005-07-08 08:09:02 +00:00
struct lsa_String domain_name ;
2006-07-06 05:09:14 +00:00
2004-11-13 13:45:41 +00:00
domain_name . string = " " ;
2005-02-13 00:26:43 +00:00
dom_pw_info . in . domain_name = & domain_name ;
2008-11-05 01:34:55 +01:00
dom_pw_info . out . info = & info ;
2004-10-20 02:08:36 +00:00
2008-10-31 16:09:29 +01:00
torture_comment ( tctx , " Testing ChangePasswordUser2 on %s \n " , acct_name ) ;
2004-04-19 05:48:03 +00:00
2009-05-11 22:44:58 +02:00
torture_assert ( tctx , * password ! = NULL ,
2008-11-04 19:37:55 +01:00
" Failing ChangePasswordUser2 as old password was NULL. Previous test failed? " ) ;
2006-07-06 05:09:14 +00:00
oldpass = * password ;
2007-08-22 04:28:15 +00:00
if ( ! newpass ) {
int policy_min_pw_len = 0 ;
2008-10-31 16:09:29 +01:00
status = dcerpc_samr_GetDomPwInfo ( p , tctx , & dom_pw_info ) ;
2007-08-22 04:28:15 +00:00
if ( NT_STATUS_IS_OK ( status ) ) {
2008-11-05 01:34:55 +01:00
policy_min_pw_len = dom_pw_info . out . info - > min_password_length ;
2007-08-22 04:28:15 +00:00
}
2004-10-20 02:08:36 +00:00
2008-10-31 16:09:29 +01:00
newpass = samr_rand_pass ( tctx , policy_min_pw_len ) ;
2009-05-11 22:44:58 +02:00
}
2004-10-20 02:08:36 +00:00
2008-10-31 16:09:29 +01:00
server . string = talloc_asprintf ( tctx , " \\ \\ %s " , dcerpc_server_name ( p ) ) ;
2006-07-07 02:03:04 +00:00
init_lsa_String ( & account , acct_name ) ;
2004-04-19 05:48:03 +00:00
2004-04-21 05:01:31 +00:00
E_md4hash ( oldpass , old_nt_hash ) ;
E_md4hash ( newpass , new_nt_hash ) ;
E_deshash ( oldpass , old_lm_hash ) ;
E_deshash ( newpass , new_lm_hash ) ;
2004-04-22 06:19:48 +00:00
encode_pw_buffer ( lm_pass . data , newpass , STR_ASCII | STR_TERMINATE ) ;
2004-06-03 23:15:16 +00:00
arcfour_crypt ( lm_pass . data , old_lm_hash , 516 ) ;
2004-11-26 05:58:03 +00:00
E_old_pw_hash ( new_nt_hash , old_lm_hash , lm_verifier . hash ) ;
2004-04-21 05:01:31 +00:00
encode_pw_buffer ( nt_pass . data , newpass , STR_UNICODE ) ;
2004-06-03 23:15:16 +00:00
arcfour_crypt ( nt_pass . data , old_nt_hash , 516 ) ;
2004-04-21 05:01:31 +00:00
E_old_pw_hash ( new_nt_hash , old_nt_hash , nt_verifier . hash ) ;
2004-04-19 05:48:03 +00:00
r . in . server = & server ;
r . in . account = & account ;
r . in . nt_password = & nt_pass ;
r . in . nt_verifier = & nt_verifier ;
r . in . lm_change = 1 ;
r . in . lm_password = & lm_pass ;
r . in . lm_verifier = & lm_verifier ;
2008-10-31 16:09:29 +01:00
status = dcerpc_samr_ChangePasswordUser2 ( p , tctx , & r ) ;
2007-08-22 04:28:15 +00:00
if ( allow_password_restriction & & NT_STATUS_EQUAL ( status , NT_STATUS_PASSWORD_RESTRICTION ) ) {
2009-06-29 23:42:58 +02:00
torture_comment ( tctx , " ChangePasswordUser2 returned: %s perhaps min password age? (not fatal) \n " , nt_errstr ( status ) ) ;
2005-12-27 07:48:11 +00:00
} else if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " ChangePasswordUser2 failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2004-04-22 06:19:48 +00:00
} else {
* password = newpass ;
}
return ret ;
}
2009-05-11 22:44:58 +02:00
bool test_ChangePasswordUser3 ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2005-10-04 01:02:06 +00:00
const char * account_string ,
int policy_min_pw_len ,
2006-09-20 23:32:56 +00:00
char * * password ,
const char * newpass ,
NTTIME last_password_change ,
2007-10-06 22:28:14 +00:00
bool handle_reject_reason )
2004-04-22 06:19:48 +00:00
{
NTSTATUS status ;
struct samr_ChangePasswordUser3 r ;
2007-10-06 22:28:14 +00:00
bool ret = true ;
2005-12-27 07:48:11 +00:00
struct lsa_String server , account , account_bad ;
2004-04-22 06:19:48 +00:00
struct samr_CryptPassword nt_pass , lm_pass ;
2004-06-04 11:58:46 +00:00
struct samr_Password nt_verifier , lm_verifier ;
2006-07-06 05:09:14 +00:00
char * oldpass ;
2004-05-25 17:50:17 +00:00
uint8_t old_nt_hash [ 16 ] , new_nt_hash [ 16 ] ;
uint8_t old_lm_hash [ 16 ] , new_lm_hash [ 16 ] ;
2006-09-20 23:32:56 +00:00
NTTIME t ;
2008-11-04 19:40:24 +01:00
struct samr_DomInfo1 * dominfo = NULL ;
2009-09-25 22:44:00 +02:00
struct userPwdChangeFailureInformation * reject = NULL ;
2004-04-22 06:19:48 +00:00
2008-10-31 16:09:29 +01:00
torture_comment ( tctx , " Testing ChangePasswordUser3 \n " ) ;
2004-04-22 06:19:48 +00:00
2006-09-20 23:32:56 +00:00
if ( newpass = = NULL ) {
2007-03-06 05:30:25 +00:00
do {
if ( policy_min_pw_len = = 0 ) {
2008-10-31 16:09:29 +01:00
newpass = samr_rand_pass ( tctx , policy_min_pw_len ) ;
2007-03-06 05:30:25 +00:00
} else {
2008-10-31 16:09:29 +01:00
newpass = samr_rand_pass_fixed_len ( tctx , policy_min_pw_len ) ;
2007-03-06 05:30:25 +00:00
}
2007-10-06 22:28:14 +00:00
} while ( check_password_quality ( newpass ) = = false ) ;
2006-09-20 23:32:56 +00:00
} else {
2008-10-31 16:09:29 +01:00
torture_comment ( tctx , " Using password '%s' \n " , newpass ) ;
2006-09-20 23:32:56 +00:00
}
2009-05-11 22:44:58 +02:00
torture_assert ( tctx , * password ! = NULL ,
2008-10-31 16:09:29 +01:00
" Failing ChangePasswordUser3 as old password was NULL. Previous test failed? " ) ;
2006-07-06 05:09:14 +00:00
oldpass = * password ;
2008-10-31 16:09:29 +01:00
server . string = talloc_asprintf ( tctx , " \\ \\ %s " , dcerpc_server_name ( p ) ) ;
2005-10-04 01:02:06 +00:00
init_lsa_String ( & account , account_string ) ;
2004-04-22 06:19:48 +00:00
E_md4hash ( oldpass , old_nt_hash ) ;
E_md4hash ( newpass , new_nt_hash ) ;
E_deshash ( oldpass , old_lm_hash ) ;
E_deshash ( newpass , new_lm_hash ) ;
encode_pw_buffer ( lm_pass . data , newpass , STR_UNICODE ) ;
2004-06-03 23:15:16 +00:00
arcfour_crypt ( lm_pass . data , old_nt_hash , 516 ) ;
2004-11-26 05:58:03 +00:00
E_old_pw_hash ( new_nt_hash , old_lm_hash , lm_verifier . hash ) ;
2004-04-22 06:19:48 +00:00
2005-12-27 07:48:11 +00:00
encode_pw_buffer ( nt_pass . data , newpass , STR_UNICODE ) ;
arcfour_crypt ( nt_pass . data , old_nt_hash , 516 ) ;
E_old_pw_hash ( new_nt_hash , old_nt_hash , nt_verifier . hash ) ;
2009-05-11 22:44:58 +02:00
2005-12-27 07:48:11 +00:00
/* Break the verification */
nt_verifier . hash [ 0 ] + + ;
r . in . server = & server ;
r . in . account = & account ;
r . in . nt_password = & nt_pass ;
r . in . nt_verifier = & nt_verifier ;
r . in . lm_change = 1 ;
r . in . lm_password = & lm_pass ;
r . in . lm_verifier = & lm_verifier ;
r . in . password3 = NULL ;
2008-11-04 19:40:24 +01:00
r . out . dominfo = & dominfo ;
r . out . reject = & reject ;
2005-12-27 07:48:11 +00:00
2008-10-31 16:09:29 +01:00
status = dcerpc_samr_ChangePasswordUser3 ( p , tctx , & r ) ;
2005-12-27 07:48:11 +00:00
if ( ! NT_STATUS_EQUAL ( status , NT_STATUS_PASSWORD_RESTRICTION ) & &
( ! NT_STATUS_EQUAL ( status , NT_STATUS_WRONG_PASSWORD ) ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " ChangePasswordUser3 failed, should have returned WRONG_PASSWORD (or at least 'PASSWORD_RESTRICTON') for invalid password verifier - %s \n " ,
2005-12-27 07:48:11 +00:00
nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2005-12-27 07:48:11 +00:00
}
2009-05-11 22:44:58 +02:00
2007-03-06 05:30:25 +00:00
encode_pw_buffer ( lm_pass . data , newpass , STR_UNICODE ) ;
arcfour_crypt ( lm_pass . data , old_nt_hash , 516 ) ;
E_old_pw_hash ( new_nt_hash , old_lm_hash , lm_verifier . hash ) ;
encode_pw_buffer ( nt_pass . data , newpass , STR_UNICODE ) ;
/* Break the NT hash */
old_nt_hash [ 0 ] + + ;
arcfour_crypt ( nt_pass . data , old_nt_hash , 516 ) ;
/* Unbreak it again */
old_nt_hash [ 0 ] - - ;
E_old_pw_hash ( new_nt_hash , old_nt_hash , nt_verifier . hash ) ;
2009-05-11 22:44:58 +02:00
2007-03-06 05:30:25 +00:00
r . in . server = & server ;
r . in . account = & account ;
r . in . nt_password = & nt_pass ;
r . in . nt_verifier = & nt_verifier ;
r . in . lm_change = 1 ;
r . in . lm_password = & lm_pass ;
r . in . lm_verifier = & lm_verifier ;
r . in . password3 = NULL ;
2008-11-04 19:40:24 +01:00
r . out . dominfo = & dominfo ;
r . out . reject = & reject ;
2007-03-06 05:30:25 +00:00
2008-10-31 16:09:29 +01:00
status = dcerpc_samr_ChangePasswordUser3 ( p , tctx , & r ) ;
2007-03-06 05:30:25 +00:00
if ( ! NT_STATUS_EQUAL ( status , NT_STATUS_PASSWORD_RESTRICTION ) & &
( ! NT_STATUS_EQUAL ( status , NT_STATUS_WRONG_PASSWORD ) ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " ChangePasswordUser3 failed, should have returned WRONG_PASSWORD (or at least 'PASSWORD_RESTRICTON') for invalidly encrpted password - %s \n " ,
2007-03-06 05:30:25 +00:00
nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2007-03-06 05:30:25 +00:00
}
2009-05-11 22:44:58 +02:00
2005-12-27 07:48:11 +00:00
/* This shouldn't be a valid name */
2008-10-31 16:09:29 +01:00
init_lsa_String ( & account_bad , talloc_asprintf ( tctx , " %sXX " , account_string ) ) ;
2005-12-27 07:48:11 +00:00
r . in . account = & account_bad ;
2008-10-31 16:09:29 +01:00
status = dcerpc_samr_ChangePasswordUser3 ( p , tctx , & r ) ;
2005-12-27 07:48:11 +00:00
if ( ! NT_STATUS_EQUAL ( status , NT_STATUS_WRONG_PASSWORD ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " ChangePasswordUser3 failed, should have returned WRONG_PASSWORD for invalid username - %s \n " ,
2005-12-27 07:48:11 +00:00
nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2005-12-27 07:48:11 +00:00
}
E_md4hash ( oldpass , old_nt_hash ) ;
E_md4hash ( newpass , new_nt_hash ) ;
E_deshash ( oldpass , old_lm_hash ) ;
E_deshash ( newpass , new_lm_hash ) ;
encode_pw_buffer ( lm_pass . data , newpass , STR_UNICODE ) ;
arcfour_crypt ( lm_pass . data , old_nt_hash , 516 ) ;
E_old_pw_hash ( new_nt_hash , old_lm_hash , lm_verifier . hash ) ;
2004-04-22 06:19:48 +00:00
encode_pw_buffer ( nt_pass . data , newpass , STR_UNICODE ) ;
2004-06-03 23:15:16 +00:00
arcfour_crypt ( nt_pass . data , old_nt_hash , 516 ) ;
2004-04-22 06:19:48 +00:00
E_old_pw_hash ( new_nt_hash , old_nt_hash , nt_verifier . hash ) ;
r . in . server = & server ;
r . in . account = & account ;
r . in . nt_password = & nt_pass ;
r . in . nt_verifier = & nt_verifier ;
r . in . lm_change = 1 ;
r . in . lm_password = & lm_pass ;
r . in . lm_verifier = & lm_verifier ;
r . in . password3 = NULL ;
2008-11-04 19:40:24 +01:00
r . out . dominfo = & dominfo ;
r . out . reject = & reject ;
2004-04-22 06:19:48 +00:00
2006-09-20 23:32:56 +00:00
unix_to_nt_time ( & t , time ( NULL ) ) ;
2008-10-31 16:09:29 +01:00
status = dcerpc_samr_ChangePasswordUser3 ( p , tctx , & r ) ;
2006-09-20 23:32:56 +00:00
2007-08-22 04:28:15 +00:00
if ( NT_STATUS_EQUAL ( status , NT_STATUS_PASSWORD_RESTRICTION )
2008-11-04 19:40:24 +01:00
& & dominfo
& & reject
2007-08-22 04:28:15 +00:00
& & handle_reject_reason
2008-11-04 19:40:24 +01:00
& & ( ! null_nttime ( last_password_change ) | | ! dominfo - > min_password_age ) ) {
if ( dominfo - > password_properties & DOMAIN_REFUSE_PASSWORD_CHANGE ) {
2006-09-20 23:32:56 +00:00
2009-09-25 22:44:00 +02:00
if ( reject & & ( reject - > extendedFailureReason ! = SAM_PWD_CHANGE_NO_ERROR ) ) {
torture_warning ( tctx , " expected SAM_PWD_CHANGE_NO_ERROR (%d), got %d \n " ,
SAM_PWD_CHANGE_NO_ERROR , reject - > extendedFailureReason ) ;
2007-10-06 22:28:14 +00:00
return false ;
2006-09-20 23:32:56 +00:00
}
2004-10-20 02:08:36 +00:00
}
2006-09-20 23:32:56 +00:00
/* We tested the order of precendence which is as follows:
2009-05-11 22:44:58 +02:00
* pwd min_age
2006-09-20 23:32:56 +00:00
* pwd length
* pwd complexity
* pwd history
Guenther */
2008-11-04 19:40:24 +01:00
if ( ( dominfo - > min_password_age > 0 ) & & ! null_nttime ( last_password_change ) & &
( last_password_change + dominfo - > min_password_age > t ) ) {
2006-09-20 23:32:56 +00:00
2009-09-25 22:44:00 +02:00
if ( reject - > extendedFailureReason ! = SAM_PWD_CHANGE_NO_ERROR ) {
torture_warning ( tctx , " expected SAM_PWD_CHANGE_NO_ERROR (%d), got %d \n " ,
SAM_PWD_CHANGE_NO_ERROR , reject - > extendedFailureReason ) ;
2007-10-06 22:28:14 +00:00
return false ;
2006-09-20 23:32:56 +00:00
}
2008-11-04 19:40:24 +01:00
} else if ( ( dominfo - > min_password_length > 0 ) & &
( strlen ( newpass ) < dominfo - > min_password_length ) ) {
2006-09-20 23:32:56 +00:00
2009-09-25 22:44:00 +02:00
if ( reject - > extendedFailureReason ! = SAM_PWD_CHANGE_PASSWORD_TOO_SHORT ) {
torture_warning ( tctx , " expected SAM_PWD_CHANGE_PASSWORD_TOO_SHORT (%d), got %d \n " ,
SAM_PWD_CHANGE_PASSWORD_TOO_SHORT , reject - > extendedFailureReason ) ;
2007-10-06 22:28:14 +00:00
return false ;
2006-09-20 23:32:56 +00:00
}
2008-11-04 19:40:24 +01:00
} else if ( ( dominfo - > password_history_length > 0 ) & &
2006-09-20 23:32:56 +00:00
strequal ( oldpass , newpass ) ) {
2009-09-25 22:44:00 +02:00
if ( reject - > extendedFailureReason ! = SAM_PWD_CHANGE_PWD_IN_HISTORY ) {
torture_warning ( tctx , " expected SAM_PWD_CHANGE_PWD_IN_HISTORY (%d), got %d \n " ,
SAM_PWD_CHANGE_PWD_IN_HISTORY , reject - > extendedFailureReason ) ;
2007-10-06 22:28:14 +00:00
return false ;
2006-09-20 23:32:56 +00:00
}
2008-11-04 19:40:24 +01:00
} else if ( dominfo - > password_properties & DOMAIN_PASSWORD_COMPLEX ) {
2007-03-06 05:30:25 +00:00
2009-09-25 22:44:00 +02:00
if ( reject - > extendedFailureReason ! = SAM_PWD_CHANGE_NOT_COMPLEX ) {
torture_warning ( tctx , " expected SAM_PWD_CHANGE_NOT_COMPLEX (%d), got %d \n " ,
SAM_PWD_CHANGE_NOT_COMPLEX , reject - > extendedFailureReason ) ;
2007-10-06 22:28:14 +00:00
return false ;
2007-03-06 05:30:25 +00:00
}
2004-10-20 02:08:36 +00:00
}
2006-09-20 23:32:56 +00:00
2009-09-25 22:44:00 +02:00
if ( reject - > extendedFailureReason = = SAM_PWD_CHANGE_PASSWORD_TOO_SHORT ) {
2006-09-20 23:32:56 +00:00
/* retry with adjusted size */
2009-05-11 22:44:58 +02:00
return test_ChangePasswordUser3 ( p , tctx , account_string ,
2008-11-04 19:40:24 +01:00
dominfo - > min_password_length ,
2009-05-11 22:44:58 +02:00
password , NULL , 0 , false ) ;
2006-09-20 23:32:56 +00:00
}
2007-08-22 04:28:15 +00:00
} else if ( NT_STATUS_EQUAL ( status , NT_STATUS_PASSWORD_RESTRICTION ) ) {
2009-09-25 22:44:00 +02:00
if ( reject & & reject - > extendedFailureReason ! = SAM_PWD_CHANGE_NO_ERROR ) {
torture_warning ( tctx , " expected SAM_PWD_CHANGE_NO_ERROR (%d), got %d \n " ,
SAM_PWD_CHANGE_NO_ERROR , reject - > extendedFailureReason ) ;
2007-10-06 22:28:14 +00:00
return false ;
2007-08-22 04:28:15 +00:00
}
/* Perhaps the server has a 'min password age' set? */
2009-05-11 22:44:58 +02:00
} else {
2008-10-31 16:09:29 +01:00
torture_assert_ntstatus_ok ( tctx , status , " ChangePasswordUser3 " ) ;
* password = talloc_strdup ( tctx , newpass ) ;
2004-04-19 05:48:03 +00:00
}
return ret ;
}
2008-10-31 16:09:29 +01:00
bool test_ChangePasswordRandomBytes ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2008-10-17 13:00:24 +11:00
const char * account_string ,
2009-05-11 22:44:58 +02:00
struct policy_handle * handle ,
2008-10-17 13:00:24 +11:00
char * * password )
{
NTSTATUS status ;
struct samr_ChangePasswordUser3 r ;
struct samr_SetUserInfo s ;
union samr_UserInfo u ;
DATA_BLOB session_key ;
2008-10-31 16:09:29 +01:00
DATA_BLOB confounded_session_key = data_blob_talloc ( tctx , NULL , 16 ) ;
2008-10-17 13:00:24 +11:00
uint8_t confounder [ 16 ] ;
struct MD5Context ctx ;
bool ret = true ;
struct lsa_String server , account ;
struct samr_CryptPassword nt_pass ;
struct samr_Password nt_verifier ;
DATA_BLOB new_random_pass ;
char * newpass ;
char * oldpass ;
uint8_t old_nt_hash [ 16 ] , new_nt_hash [ 16 ] ;
NTTIME t ;
2008-11-04 19:40:24 +01:00
struct samr_DomInfo1 * dominfo = NULL ;
2009-09-25 22:44:00 +02:00
struct userPwdChangeFailureInformation * reject = NULL ;
2008-10-17 13:00:24 +11:00
2008-10-31 16:09:29 +01:00
new_random_pass = samr_very_rand_pass ( tctx , 128 ) ;
2008-10-17 13:00:24 +11:00
2009-05-11 22:44:58 +02:00
torture_assert ( tctx , * password ! = NULL ,
2008-10-31 16:09:29 +01:00
" Failing ChangePasswordUser3 as old password was NULL. Previous test failed? " ) ;
2008-10-17 13:00:24 +11:00
oldpass = * password ;
2008-10-31 16:09:29 +01:00
server . string = talloc_asprintf ( tctx , " \\ \\ %s " , dcerpc_server_name ( p ) ) ;
2008-10-17 13:00:24 +11:00
init_lsa_String ( & account , account_string ) ;
s . in . user_handle = handle ;
s . in . info = & u ;
s . in . level = 25 ;
ZERO_STRUCT ( u ) ;
2008-12-04 18:18:06 +01:00
u . info25 . info . fields_present = SAMR_FIELD_NT_PASSWORD_PRESENT ;
2008-10-17 13:00:24 +11:00
set_pw_in_buffer ( u . info25 . password . data , & new_random_pass ) ;
status = dcerpc_fetch_session_key ( p , & session_key ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " SetUserInfo level %u - no session key - %s \n " ,
2008-10-17 13:00:24 +11:00
s . in . level , nt_errstr ( status ) ) ;
return false ;
}
generate_random_buffer ( ( uint8_t * ) confounder , 16 ) ;
MD5Init ( & ctx ) ;
MD5Update ( & ctx , confounder , 16 ) ;
MD5Update ( & ctx , session_key . data , session_key . length ) ;
MD5Final ( confounded_session_key . data , & ctx ) ;
arcfour_crypt_blob ( u . info25 . password . data , 516 , & confounded_session_key ) ;
memcpy ( & u . info25 . password . data [ 516 ] , confounder , 16 ) ;
2008-10-31 16:09:29 +01:00
torture_comment ( tctx , " Testing SetUserInfo level 25 (set password ex) with a password made up of only random bytes \n " ) ;
2008-10-17 13:00:24 +11:00
2008-10-31 16:09:29 +01:00
status = dcerpc_samr_SetUserInfo ( p , tctx , & s ) ;
2008-10-17 13:00:24 +11:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " SetUserInfo level %u failed - %s \n " ,
2008-10-17 13:00:24 +11:00
s . in . level , nt_errstr ( status ) ) ;
ret = false ;
}
2008-10-31 16:09:29 +01:00
torture_comment ( tctx , " Testing ChangePasswordUser3 with a password made up of only random bytes \n " ) ;
2008-10-17 13:00:24 +11:00
mdfour ( old_nt_hash , new_random_pass . data , new_random_pass . length ) ;
2008-10-31 16:09:29 +01:00
new_random_pass = samr_very_rand_pass ( tctx , 128 ) ;
2008-10-17 13:00:24 +11:00
mdfour ( new_nt_hash , new_random_pass . data , new_random_pass . length ) ;
set_pw_in_buffer ( nt_pass . data , & new_random_pass ) ;
arcfour_crypt ( nt_pass . data , old_nt_hash , 516 ) ;
E_old_pw_hash ( new_nt_hash , old_nt_hash , nt_verifier . hash ) ;
r . in . server = & server ;
r . in . account = & account ;
r . in . nt_password = & nt_pass ;
r . in . nt_verifier = & nt_verifier ;
r . in . lm_change = 0 ;
r . in . lm_password = NULL ;
r . in . lm_verifier = NULL ;
r . in . password3 = NULL ;
2008-11-04 19:40:24 +01:00
r . out . dominfo = & dominfo ;
r . out . reject = & reject ;
2008-10-17 13:00:24 +11:00
unix_to_nt_time ( & t , time ( NULL ) ) ;
2008-10-31 16:09:29 +01:00
status = dcerpc_samr_ChangePasswordUser3 ( p , tctx , & r ) ;
2008-10-17 13:00:24 +11:00
if ( NT_STATUS_EQUAL ( status , NT_STATUS_PASSWORD_RESTRICTION ) ) {
2009-09-25 22:44:00 +02:00
if ( reject & & reject - > extendedFailureReason ! = SAM_PWD_CHANGE_NO_ERROR ) {
torture_warning ( tctx , " expected SAM_PWD_CHANGE_NO_ERROR (%d), got %d \n " ,
SAM_PWD_CHANGE_NO_ERROR , reject - > extendedFailureReason ) ;
2008-10-17 13:00:24 +11:00
return false ;
}
/* Perhaps the server has a 'min password age' set? */
} else if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " ChangePasswordUser3 failed - %s \n " , nt_errstr ( status ) ) ;
2008-10-17 13:00:24 +11:00
ret = false ;
}
2009-05-11 22:44:58 +02:00
2008-10-31 16:09:29 +01:00
newpass = samr_rand_pass ( tctx , 128 ) ;
2008-10-17 13:00:24 +11:00
mdfour ( old_nt_hash , new_random_pass . data , new_random_pass . length ) ;
E_md4hash ( newpass , new_nt_hash ) ;
encode_pw_buffer ( nt_pass . data , newpass , STR_UNICODE ) ;
arcfour_crypt ( nt_pass . data , old_nt_hash , 516 ) ;
E_old_pw_hash ( new_nt_hash , old_nt_hash , nt_verifier . hash ) ;
r . in . server = & server ;
r . in . account = & account ;
r . in . nt_password = & nt_pass ;
r . in . nt_verifier = & nt_verifier ;
r . in . lm_change = 0 ;
r . in . lm_password = NULL ;
r . in . lm_verifier = NULL ;
r . in . password3 = NULL ;
2008-11-04 19:40:24 +01:00
r . out . dominfo = & dominfo ;
r . out . reject = & reject ;
2008-10-17 13:00:24 +11:00
unix_to_nt_time ( & t , time ( NULL ) ) ;
2008-10-31 16:09:29 +01:00
status = dcerpc_samr_ChangePasswordUser3 ( p , tctx , & r ) ;
2008-10-17 13:00:24 +11:00
if ( NT_STATUS_EQUAL ( status , NT_STATUS_PASSWORD_RESTRICTION ) ) {
2009-09-25 22:44:00 +02:00
if ( reject & & reject - > extendedFailureReason ! = SAM_PWD_CHANGE_NO_ERROR ) {
torture_warning ( tctx , " expected SAM_PWD_CHANGE_NO_ERROR (%d), got %d \n " ,
SAM_PWD_CHANGE_NO_ERROR , reject - > extendedFailureReason ) ;
2008-10-17 13:00:24 +11:00
return false ;
}
/* Perhaps the server has a 'min password age' set? */
} else {
2008-10-31 16:09:29 +01:00
torture_assert_ntstatus_ok ( tctx , status , " ChangePasswordUser3 (on second random password) " ) ;
* password = talloc_strdup ( tctx , newpass ) ;
2008-10-17 13:00:24 +11:00
}
return ret ;
}
2004-04-19 05:48:03 +00:00
2008-10-31 16:09:29 +01:00
static bool test_GetMembersInAlias ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2003-12-19 03:59:27 +00:00
struct policy_handle * alias_handle )
{
struct samr_GetMembersInAlias r ;
struct lsa_SidArray sids ;
NTSTATUS status ;
2008-10-31 16:09:29 +01:00
torture_comment ( tctx , " Testing GetMembersInAlias \n " ) ;
2003-12-19 03:59:27 +00:00
2004-09-21 03:51:38 +00:00
r . in . alias_handle = alias_handle ;
2003-12-19 03:59:27 +00:00
r . out . sids = & sids ;
2008-10-31 16:09:29 +01:00
status = dcerpc_samr_GetMembersInAlias ( p , tctx , & r ) ;
torture_assert_ntstatus_ok ( tctx , status , " GetMembersInAlias " ) ;
2003-12-19 03:59:27 +00:00
2008-10-31 16:09:29 +01:00
return true ;
2003-12-19 03:59:27 +00:00
}
2008-10-31 16:09:29 +01:00
static bool test_AddMemberToAlias ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2003-12-19 03:59:27 +00:00
struct policy_handle * alias_handle ,
2003-12-19 04:13:39 +00:00
const struct dom_sid * domain_sid )
2003-12-19 03:59:27 +00:00
{
2004-04-23 04:21:22 +00:00
struct samr_AddAliasMember r ;
struct samr_DeleteAliasMember d ;
2003-12-19 03:59:27 +00:00
NTSTATUS status ;
2003-12-19 04:13:39 +00:00
struct dom_sid * sid ;
2003-12-19 03:59:27 +00:00
2008-10-31 16:09:29 +01:00
sid = dom_sid_add_rid ( tctx , domain_sid , 512 ) ;
2003-12-19 03:59:27 +00:00
2008-10-31 16:09:29 +01:00
torture_comment ( tctx , " testing AddAliasMember \n " ) ;
2004-09-21 03:51:38 +00:00
r . in . alias_handle = alias_handle ;
2003-12-19 04:13:39 +00:00
r . in . sid = sid ;
2003-12-19 03:59:27 +00:00
2008-10-31 16:09:29 +01:00
status = dcerpc_samr_AddAliasMember ( p , tctx , & r ) ;
torture_assert_ntstatus_ok ( tctx , status , " AddAliasMember " ) ;
2003-12-19 03:59:27 +00:00
2004-09-21 03:51:38 +00:00
d . in . alias_handle = alias_handle ;
2003-12-19 04:13:39 +00:00
d . in . sid = sid ;
2003-12-19 03:59:27 +00:00
2008-10-31 16:09:29 +01:00
status = dcerpc_samr_DeleteAliasMember ( p , tctx , & d ) ;
torture_assert_ntstatus_ok ( tctx , status , " DelAliasMember " ) ;
2003-12-19 03:59:27 +00:00
2008-10-31 16:09:29 +01:00
return true ;
2003-12-19 03:59:27 +00:00
}
2003-11-20 07:20:59 +00:00
2008-10-31 16:09:29 +01:00
static bool test_AddMultipleMembersToAlias ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2004-04-19 05:48:03 +00:00
struct policy_handle * alias_handle )
{
struct samr_AddMultipleMembersToAlias a ;
struct samr_RemoveMultipleMembersFromAlias r ;
NTSTATUS status ;
struct lsa_SidArray sids ;
2008-10-31 16:09:29 +01:00
torture_comment ( tctx , " testing AddMultipleMembersToAlias \n " ) ;
2004-09-21 03:51:38 +00:00
a . in . alias_handle = alias_handle ;
2004-04-19 05:48:03 +00:00
a . in . sids = & sids ;
sids . num_sids = 3 ;
2008-10-31 16:09:29 +01:00
sids . sids = talloc_array ( tctx , struct lsa_SidPtr , 3 ) ;
2004-04-19 05:48:03 +00:00
2008-10-31 16:09:29 +01:00
sids . sids [ 0 ] . sid = dom_sid_parse_talloc ( tctx , " S-1-5-32-1-2-3-1 " ) ;
sids . sids [ 1 ] . sid = dom_sid_parse_talloc ( tctx , " S-1-5-32-1-2-3-2 " ) ;
sids . sids [ 2 ] . sid = dom_sid_parse_talloc ( tctx , " S-1-5-32-1-2-3-3 " ) ;
2004-04-19 05:48:03 +00:00
2008-10-31 16:09:29 +01:00
status = dcerpc_samr_AddMultipleMembersToAlias ( p , tctx , & a ) ;
torture_assert_ntstatus_ok ( tctx , status , " AddMultipleMembersToAlias " ) ;
2004-04-19 05:48:03 +00:00
2008-10-31 16:09:29 +01:00
torture_comment ( tctx , " testing RemoveMultipleMembersFromAlias \n " ) ;
2004-09-21 03:51:38 +00:00
r . in . alias_handle = alias_handle ;
2004-04-19 05:48:03 +00:00
r . in . sids = & sids ;
2008-10-31 16:09:29 +01:00
status = dcerpc_samr_RemoveMultipleMembersFromAlias ( p , tctx , & r ) ;
torture_assert_ntstatus_ok ( tctx , status , " RemoveMultipleMembersFromAlias " ) ;
2004-04-19 05:48:03 +00:00
/* strange! removing twice doesn't give any error */
2008-10-31 16:09:29 +01:00
status = dcerpc_samr_RemoveMultipleMembersFromAlias ( p , tctx , & r ) ;
torture_assert_ntstatus_ok ( tctx , status , " RemoveMultipleMembersFromAlias " ) ;
2004-04-19 05:48:03 +00:00
/* but removing an alias that isn't there does */
2008-10-31 16:09:29 +01:00
sids . sids [ 2 ] . sid = dom_sid_parse_talloc ( tctx , " S-1-5-32-1-2-3-4 " ) ;
2004-04-19 05:48:03 +00:00
2008-10-31 16:09:29 +01:00
status = dcerpc_samr_RemoveMultipleMembersFromAlias ( p , tctx , & r ) ;
torture_assert_ntstatus_equal ( tctx , status , NT_STATUS_OBJECT_NAME_NOT_FOUND , " RemoveMultipleMembersFromAlias " ) ;
2004-04-19 05:48:03 +00:00
2008-10-31 16:09:29 +01:00
return true ;
2004-04-19 05:48:03 +00:00
}
2009-12-17 15:34:22 +01:00
static bool test_GetAliasMembership ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * domain_handle )
{
struct samr_GetAliasMembership r ;
struct lsa_SidArray sids ;
struct samr_Ids rids ;
NTSTATUS status ;
torture_comment ( tctx , " Testing GetAliasMembership \n " ) ;
2009-12-17 18:02:53 +01:00
if ( torture_setting_bool ( tctx , " samba4 " , false ) ) {
torture_skip ( tctx , " skipping GetAliasMembership against s4 " ) ;
}
2009-12-17 15:34:22 +01:00
r . in . domain_handle = domain_handle ;
r . in . sids = & sids ;
r . out . rids = & rids ;
sids . num_sids = 0 ;
sids . sids = talloc_zero_array ( tctx , struct lsa_SidPtr , sids . num_sids ) ;
status = dcerpc_samr_GetAliasMembership ( p , tctx , & r ) ;
torture_assert_ntstatus_ok ( tctx , status ,
" samr_GetAliasMembership failed " ) ;
torture_assert_int_equal ( tctx , sids . num_sids , rids . count ,
" protocol misbehaviour " ) ;
sids . num_sids = 1 ;
sids . sids = talloc_zero_array ( tctx , struct lsa_SidPtr , sids . num_sids ) ;
sids . sids [ 0 ] . sid = dom_sid_parse_talloc ( tctx , " S-1-5-32-1-2-3-1 " ) ;
status = dcerpc_samr_GetAliasMembership ( p , tctx , & r ) ;
torture_assert_ntstatus_ok ( tctx , status ,
" samr_GetAliasMembership failed " ) ;
#if 0
/* only true for w2k8 it seems
* win7 , xp , w2k3 will return a 0 length array pointer */
2010-01-11 12:40:01 +01:00
if ( rids . ids & & ( rids . count = = 0 ) ) {
torture_fail ( tctx , " samr_GetAliasMembership returned 0 count and a rids array " ) ;
}
2009-12-17 15:34:22 +01:00
# endif
2010-01-11 12:40:01 +01:00
if ( ! rids . ids & & rids . count ) {
torture_fail ( tctx , " samr_GetAliasMembership returned non-0 count but no rids " ) ;
}
2009-12-17 15:34:22 +01:00
return true ;
}
2008-10-31 16:09:29 +01:00
static bool test_TestPrivateFunctionsUser ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2004-04-18 04:06:15 +00:00
struct policy_handle * user_handle )
{
struct samr_TestPrivateFunctionsUser r ;
NTSTATUS status ;
2008-10-31 16:09:29 +01:00
torture_comment ( tctx , " Testing TestPrivateFunctionsUser \n " ) ;
2004-04-18 04:06:15 +00:00
2004-09-21 03:51:38 +00:00
r . in . user_handle = user_handle ;
2004-04-18 04:06:15 +00:00
2008-10-31 16:09:29 +01:00
status = dcerpc_samr_TestPrivateFunctionsUser ( p , tctx , & r ) ;
torture_assert_ntstatus_equal ( tctx , status , NT_STATUS_NOT_IMPLEMENTED , " TestPrivateFunctionsUser " ) ;
2004-04-18 04:06:15 +00:00
2008-10-31 16:09:29 +01:00
return true ;
2004-04-18 04:06:15 +00:00
}
2008-11-25 02:46:25 +01:00
static bool test_QueryUserInfo_pwdlastset ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * handle ,
bool use_info2 ,
NTTIME * pwdlastset )
{
NTSTATUS status ;
uint16_t levels [ ] = { /* 3, */ 5 , 21 } ;
int i ;
NTTIME pwdlastset3 = 0 ;
NTTIME pwdlastset5 = 0 ;
NTTIME pwdlastset21 = 0 ;
torture_comment ( tctx , " Testing QueryUserInfo%s level 5 and 21 call " ,
use_info2 ? " 2 " : " " ) ;
for ( i = 0 ; i < ARRAY_SIZE ( levels ) ; i + + ) {
struct samr_QueryUserInfo r ;
struct samr_QueryUserInfo2 r2 ;
union samr_UserInfo * info ;
if ( use_info2 ) {
r2 . in . user_handle = handle ;
r2 . in . level = levels [ i ] ;
r2 . out . info = & info ;
status = dcerpc_samr_QueryUserInfo2 ( p , tctx , & r2 ) ;
} else {
r . in . user_handle = handle ;
r . in . level = levels [ i ] ;
r . out . info = & info ;
status = dcerpc_samr_QueryUserInfo ( p , tctx , & r ) ;
}
if ( ! NT_STATUS_IS_OK ( status ) & &
! NT_STATUS_EQUAL ( status , NT_STATUS_INVALID_INFO_CLASS ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " QueryUserInfo%s level %u failed - %s \n " ,
2008-11-25 02:46:25 +01:00
use_info2 ? " 2 " : " " , levels [ i ] , nt_errstr ( status ) ) ;
return false ;
}
switch ( levels [ i ] ) {
case 3 :
pwdlastset3 = info - > info3 . last_password_change ;
break ;
case 5 :
pwdlastset5 = info - > info5 . last_password_change ;
break ;
case 21 :
pwdlastset21 = info - > info21 . last_password_change ;
break ;
default :
return false ;
}
}
/* torture_assert_int_equal(tctx, pwdlastset3, pwdlastset5,
" pwdlastset mixup " ) ; */
torture_assert_int_equal ( tctx , pwdlastset5 , pwdlastset21 ,
" pwdlastset mixup " ) ;
* pwdlastset = pwdlastset21 ;
torture_comment ( tctx , " (pwdlastset: %lld) \n " , * pwdlastset ) ;
return true ;
}
2009-05-28 10:42:28 +10:00
static bool test_SamLogon ( struct torture_context * tctx ,
2009-05-29 13:18:23 +02:00
struct dcerpc_pipe * p ,
2009-05-28 10:42:28 +10:00
struct cli_credentials * test_credentials ,
2010-01-12 11:48:23 +01:00
NTSTATUS expected_result ,
bool interactive )
2008-12-08 13:10:56 +01:00
{
NTSTATUS status ;
2009-05-28 10:42:28 +10:00
struct netr_LogonSamLogonEx r ;
2008-12-08 13:10:56 +01:00
union netr_LogonLevel logon ;
union netr_Validation validation ;
uint8_t authoritative ;
2010-01-12 11:48:23 +01:00
struct netr_IdentityInfo identity ;
2008-12-08 13:10:56 +01:00
struct netr_NetworkInfo ninfo ;
2010-01-12 11:48:23 +01:00
struct netr_PasswordInfo pinfo ;
2008-12-08 13:10:56 +01:00
DATA_BLOB names_blob , chal , lm_resp , nt_resp ;
int flags = CLI_CRED_NTLM_AUTH ;
2009-05-28 10:42:28 +10:00
uint32_t samlogon_flags = 0 ;
2010-01-12 11:48:23 +01:00
struct netlogon_creds_CredentialState * creds ;
struct netr_Authenticator a ;
torture_assert_ntstatus_ok ( tctx , dcerpc_schannel_creds ( p - > conn - > security_state . generic_state , tctx , & creds ) , " " ) ;
2008-12-08 13:10:56 +01:00
if ( lp_client_lanman_auth ( tctx - > lp_ctx ) ) {
flags | = CLI_CRED_LANMAN_AUTH ;
}
if ( lp_client_ntlmv2_auth ( tctx - > lp_ctx ) ) {
flags | = CLI_CRED_NTLMv2_AUTH ;
}
cli_credentials_get_ntlm_username_domain ( test_credentials , tctx ,
2010-01-12 11:48:23 +01:00
& identity . account_name . string ,
& identity . domain_name . string ) ;
2008-12-08 13:10:56 +01:00
2010-01-12 11:48:23 +01:00
identity . parameter_control =
MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT |
MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT ;
identity . logon_id_low = 0 ;
identity . logon_id_high = 0 ;
identity . workstation . string = cli_credentials_get_workstation ( test_credentials ) ;
2008-12-08 13:10:56 +01:00
2010-01-12 11:48:23 +01:00
if ( interactive ) {
netlogon_creds_client_authenticator ( creds , & a ) ;
2008-12-08 13:10:56 +01:00
2010-01-12 11:48:23 +01:00
if ( ! E_deshash ( cli_credentials_get_password ( test_credentials ) , pinfo . lmpassword . hash ) ) {
ZERO_STRUCT ( pinfo . lmpassword . hash ) ;
}
E_md4hash ( cli_credentials_get_password ( test_credentials ) , pinfo . ntpassword . hash ) ;
2008-12-08 13:10:56 +01:00
2010-01-12 11:48:23 +01:00
if ( creds - > negotiate_flags & NETLOGON_NEG_ARCFOUR ) {
netlogon_creds_arcfour_crypt ( creds , pinfo . lmpassword . hash , 16 ) ;
netlogon_creds_arcfour_crypt ( creds , pinfo . ntpassword . hash , 16 ) ;
} else {
netlogon_creds_des_encrypt ( creds , & pinfo . lmpassword ) ;
netlogon_creds_des_encrypt ( creds , & pinfo . ntpassword ) ;
}
2008-12-08 13:10:56 +01:00
2010-01-12 11:48:23 +01:00
pinfo . identity_info = identity ;
logon . password = & pinfo ;
2008-12-08 13:10:56 +01:00
2010-01-12 11:48:23 +01:00
r . in . logon_level = NetlogonInteractiveInformation ;
} else {
generate_random_buffer ( ninfo . challenge ,
sizeof ( ninfo . challenge ) ) ;
chal = data_blob_const ( ninfo . challenge ,
sizeof ( ninfo . challenge ) ) ;
names_blob = NTLMv2_generate_names_blob ( tctx , cli_credentials_get_workstation ( test_credentials ) ,
cli_credentials_get_domain ( test_credentials ) ) ;
status = cli_credentials_get_ntlm_response ( test_credentials , tctx ,
& flags ,
chal ,
names_blob ,
& lm_resp , & nt_resp ,
NULL , NULL ) ;
torture_assert_ntstatus_ok ( tctx , status , " cli_credentials_get_ntlm_response failed " ) ;
ninfo . lm . data = lm_resp . data ;
ninfo . lm . length = lm_resp . length ;
2008-12-08 13:10:56 +01:00
2010-01-12 11:48:23 +01:00
ninfo . nt . data = nt_resp . data ;
ninfo . nt . length = nt_resp . length ;
ninfo . identity_info = identity ;
logon . network = & ninfo ;
r . in . logon_level = NetlogonNetworkInformation ;
}
2008-12-08 13:10:56 +01:00
r . in . server_name = talloc_asprintf ( tctx , " \\ \\ %s " , dcerpc_server_name ( p ) ) ;
2009-05-28 10:42:28 +10:00
r . in . computer_name = cli_credentials_get_workstation ( test_credentials ) ;
2008-12-08 13:10:56 +01:00
r . in . logon = & logon ;
2009-05-28 10:42:28 +10:00
r . in . flags = & samlogon_flags ;
r . out . flags = & samlogon_flags ;
2008-12-08 13:10:56 +01:00
r . out . validation = & validation ;
r . out . authoritative = & authoritative ;
2010-01-12 11:48:23 +01:00
torture_comment ( tctx , " Testing LogonSamLogon with name %s \n " , identity . account_name . string ) ;
2008-12-08 13:10:56 +01:00
2009-05-28 10:42:28 +10:00
r . in . validation_level = 6 ;
2008-12-08 13:10:56 +01:00
2009-05-28 10:42:28 +10:00
status = dcerpc_netr_LogonSamLogonEx ( p , tctx , & r ) ;
2009-05-29 13:16:25 +02:00
if ( NT_STATUS_EQUAL ( status , NT_STATUS_INVALID_INFO_CLASS ) ) {
r . in . validation_level = 3 ;
status = dcerpc_netr_LogonSamLogonEx ( p , tctx , & r ) ;
}
2008-12-08 13:10:56 +01:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-05-28 10:42:28 +10:00
torture_assert_ntstatus_equal ( tctx , status , expected_result , " LogonSamLogonEx failed " ) ;
2008-12-08 13:10:56 +01:00
return true ;
} else {
2009-05-28 10:42:28 +10:00
torture_assert_ntstatus_ok ( tctx , status , " LogonSamLogonEx failed " ) ;
2008-12-08 13:10:56 +01:00
}
return true ;
}
static bool test_SamLogon_with_creds ( struct torture_context * tctx ,
struct dcerpc_pipe * p ,
struct cli_credentials * machine_creds ,
const char * acct_name ,
2010-03-05 08:49:25 +01:00
const char * password ,
2010-01-12 11:48:23 +01:00
NTSTATUS expected_samlogon_result ,
bool interactive )
2008-12-08 13:10:56 +01:00
{
bool ret = true ;
struct cli_credentials * test_credentials ;
test_credentials = cli_credentials_init ( tctx ) ;
cli_credentials_set_workstation ( test_credentials ,
2009-05-28 10:42:28 +10:00
cli_credentials_get_workstation ( machine_creds ) , CRED_SPECIFIED ) ;
2008-12-08 13:10:56 +01:00
cli_credentials_set_domain ( test_credentials ,
2009-05-28 10:42:28 +10:00
cli_credentials_get_domain ( machine_creds ) , CRED_SPECIFIED ) ;
2008-12-08 13:10:56 +01:00
cli_credentials_set_username ( test_credentials ,
acct_name , CRED_SPECIFIED ) ;
cli_credentials_set_password ( test_credentials ,
password , CRED_SPECIFIED ) ;
2010-01-12 11:48:23 +01:00
torture_comment ( tctx , " testing samlogon (%s) as %s password: %s \n " ,
interactive ? " interactive " : " network " , acct_name , password ) ;
2008-12-08 13:10:56 +01:00
2009-05-28 10:42:28 +10:00
if ( ! test_SamLogon ( tctx , p , test_credentials ,
2010-01-12 11:48:23 +01:00
expected_samlogon_result , interactive ) ) {
2008-12-08 13:10:56 +01:00
torture_warning ( tctx , " new password did not work \n " ) ;
ret = false ;
}
return ret ;
}
2008-11-25 02:46:25 +01:00
static bool test_SetPassword_level ( struct dcerpc_pipe * p ,
2008-12-08 13:10:56 +01:00
struct dcerpc_pipe * np ,
2008-11-25 02:46:25 +01:00
struct torture_context * tctx ,
struct policy_handle * handle ,
uint16_t level ,
uint32_t fields_present ,
uint8_t password_expired ,
2008-12-02 23:22:14 +01:00
bool * matched_expected_error ,
2008-11-25 02:46:25 +01:00
bool use_setinfo2 ,
2008-12-08 13:10:56 +01:00
const char * acct_name ,
2008-11-25 02:46:25 +01:00
char * * password ,
2008-12-08 13:10:56 +01:00
struct cli_credentials * machine_creds ,
2008-11-25 02:46:25 +01:00
bool use_queryinfo2 ,
2008-12-08 13:10:56 +01:00
NTTIME * pwdlastset ,
NTSTATUS expected_samlogon_result )
2008-11-25 02:46:25 +01:00
{
const char * fields = NULL ;
bool ret = true ;
switch ( level ) {
case 21 :
case 23 :
case 25 :
fields = talloc_asprintf ( tctx , " (fields_present: 0x%08x) " ,
fields_present ) ;
break ;
default :
break ;
}
torture_comment ( tctx , " Testing SetUserInfo%s level %d call "
" (password_expired: %d) %s \n " ,
use_setinfo2 ? " 2 " : " " , level , password_expired ,
fields ? fields : " " ) ;
2008-12-05 16:07:06 +01:00
if ( ! test_SetUserPass_level_ex ( p , tctx , handle , level ,
fields_present ,
password ,
password_expired ,
use_setinfo2 ,
matched_expected_error ) ) {
ret = false ;
2008-11-25 02:46:25 +01:00
}
if ( ! test_QueryUserInfo_pwdlastset ( p , tctx , handle ,
use_queryinfo2 ,
pwdlastset ) ) {
ret = false ;
}
2008-12-08 13:10:56 +01:00
if ( * matched_expected_error = = true ) {
return ret ;
}
if ( ! test_SamLogon_with_creds ( tctx , np ,
machine_creds ,
acct_name ,
* password ,
2010-01-12 11:48:23 +01:00
expected_samlogon_result ,
false ) ) {
2008-12-08 13:10:56 +01:00
ret = false ;
}
2008-11-25 02:46:25 +01:00
return ret ;
}
2010-01-15 00:25:06 +01:00
static bool setup_schannel_netlogon_pipe ( struct torture_context * tctx ,
struct cli_credentials * credentials ,
struct dcerpc_pipe * * p )
{
struct dcerpc_binding * b ;
torture_assert_ntstatus_ok ( tctx , torture_rpc_binding ( tctx , & b ) ,
" failed to get rpc binding " ) ;
/* We have to use schannel, otherwise the SamLogonEx fails
* with INTERNAL_ERROR */
b - > flags & = ~ DCERPC_AUTH_OPTIONS ;
b - > flags | = DCERPC_SCHANNEL | DCERPC_SIGN | DCERPC_SCHANNEL_128 ;
torture_assert_ntstatus_ok ( tctx ,
dcerpc_pipe_connect_b ( tctx , p , b , & ndr_table_netlogon ,
credentials , tctx - > ev , tctx - > lp_ctx ) ,
" failed to bind to netlogon " ) ;
return true ;
}
2008-11-25 02:46:25 +01:00
static bool test_SetPassword_pwdlastset ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
uint32_t acct_flags ,
2008-12-08 13:10:56 +01:00
const char * acct_name ,
2008-11-25 02:46:25 +01:00
struct policy_handle * handle ,
2008-12-08 13:10:56 +01:00
char * * password ,
struct cli_credentials * machine_credentials )
2008-11-25 02:46:25 +01:00
{
2008-12-09 23:32:04 +01:00
int s = 0 , q = 0 , f = 0 , l = 0 , z = 0 ;
2008-11-25 02:46:25 +01:00
bool ret = true ;
2009-05-28 10:42:28 +10:00
int delay = 50000 ;
2008-11-25 02:46:25 +01:00
bool set_levels [ ] = { false , true } ;
bool query_levels [ ] = { false , true } ;
2009-05-28 14:49:29 +10:00
uint32_t levels [ ] = { 18 , 21 , 26 , 23 , 24 , 25 } ; /* Second half only used when TEST_ALL_LEVELS defined */
2008-12-05 16:11:15 +01:00
uint32_t nonzeros [ ] = { 1 , 24 } ;
2008-12-02 23:22:14 +01:00
uint32_t fields_present [ ] = {
0 ,
SAMR_FIELD_EXPIRED_FLAG ,
SAMR_FIELD_LAST_PWD_CHANGE ,
SAMR_FIELD_EXPIRED_FLAG | SAMR_FIELD_LAST_PWD_CHANGE ,
SAMR_FIELD_COMMENT ,
SAMR_FIELD_NT_PASSWORD_PRESENT ,
SAMR_FIELD_NT_PASSWORD_PRESENT | SAMR_FIELD_LAST_PWD_CHANGE ,
SAMR_FIELD_NT_PASSWORD_PRESENT | SAMR_FIELD_LM_PASSWORD_PRESENT ,
SAMR_FIELD_NT_PASSWORD_PRESENT | SAMR_FIELD_LM_PASSWORD_PRESENT | SAMR_FIELD_LAST_PWD_CHANGE ,
SAMR_FIELD_NT_PASSWORD_PRESENT | SAMR_FIELD_EXPIRED_FLAG ,
SAMR_FIELD_NT_PASSWORD_PRESENT | SAMR_FIELD_LM_PASSWORD_PRESENT | SAMR_FIELD_EXPIRED_FLAG ,
SAMR_FIELD_NT_PASSWORD_PRESENT | SAMR_FIELD_LM_PASSWORD_PRESENT | SAMR_FIELD_LAST_PWD_CHANGE | SAMR_FIELD_EXPIRED_FLAG
} ;
2008-12-08 13:10:56 +01:00
struct dcerpc_pipe * np = NULL ;
2008-11-25 02:46:25 +01:00
if ( torture_setting_bool ( tctx , " samba3 " , false ) ) {
2009-06-03 17:39:50 +02:00
delay = 999999 ;
2009-06-29 23:42:58 +02:00
torture_comment ( tctx , " Samba3 has second granularity, setting delay to: %d \n " ,
2008-11-25 02:46:25 +01:00
delay ) ;
}
2010-01-15 00:25:06 +01:00
torture_assert ( tctx , setup_schannel_netlogon_pipe ( tctx , machine_credentials , & np ) , " " ) ;
2008-12-08 13:10:56 +01:00
2008-11-28 12:10:56 +01:00
/* set to 1 to enable testing for all possible opcode
( SetUserInfo , SetUserInfo2 , QueryUserInfo , QueryUserInfo2 )
combinations */
#if 0
2009-05-28 14:49:29 +10:00
# define TEST_ALL_LEVELS 1
2008-11-28 12:10:56 +01:00
# define TEST_SET_LEVELS 1
# define TEST_QUERY_LEVELS 1
# endif
2009-05-28 14:49:29 +10:00
# ifdef TEST_ALL_LEVELS
2008-12-05 16:11:15 +01:00
for ( l = 0 ; l < ARRAY_SIZE ( levels ) ; l + + ) {
2009-05-28 14:49:29 +10:00
# else
for ( l = 0 ; l < ( ARRAY_SIZE ( levels ) ) / 2 ; l + + ) {
# endif
2008-12-05 16:11:15 +01:00
for ( z = 0 ; z < ARRAY_SIZE ( nonzeros ) ; z + + ) {
2008-12-02 23:22:14 +01:00
for ( f = 0 ; f < ARRAY_SIZE ( fields_present ) ; f + + ) {
2008-11-28 12:10:56 +01:00
# ifdef TEST_SET_LEVELS
2008-11-25 02:46:25 +01:00
for ( s = 0 ; s < ARRAY_SIZE ( set_levels ) ; s + + ) {
2008-11-28 12:10:56 +01:00
# endif
# ifdef TEST_QUERY_LEVELS
2008-11-25 02:46:25 +01:00
for ( q = 0 ; q < ARRAY_SIZE ( query_levels ) ; q + + ) {
2008-11-28 12:10:56 +01:00
# endif
2008-11-25 02:46:25 +01:00
NTTIME pwdlastset_old = 0 ;
NTTIME pwdlastset_new = 0 ;
2008-12-02 23:22:14 +01:00
bool matched_expected_error = false ;
2008-12-08 13:10:56 +01:00
NTSTATUS expected_samlogon_result = NT_STATUS_ACCOUNT_DISABLED ;
2008-11-25 02:46:25 +01:00
torture_comment ( tctx , " ------------------------------ \n "
" Testing pwdLastSet attribute for flags: 0x%08x "
" (s: %d (l: %d), q: %d) \n " ,
2008-12-05 16:11:15 +01:00
acct_flags , s , levels [ l ] , q ) ;
2008-11-25 02:46:25 +01:00
2008-12-08 13:10:56 +01:00
switch ( levels [ l ] ) {
case 21 :
case 23 :
case 25 :
if ( ! ( ( fields_present [ f ] & SAMR_FIELD_NT_PASSWORD_PRESENT ) | |
( fields_present [ f ] & SAMR_FIELD_LM_PASSWORD_PRESENT ) ) ) {
expected_samlogon_result = NT_STATUS_WRONG_PASSWORD ;
}
break ;
}
2008-11-28 22:01:18 +01:00
/* set #1 */
/* set a password and force password change (pwdlastset 0) by
* setting the password expired flag to a non - 0 value */
2008-12-08 13:10:56 +01:00
if ( ! test_SetPassword_level ( p , np , tctx , handle ,
2008-12-05 16:11:15 +01:00
levels [ l ] ,
2008-12-02 23:22:14 +01:00
fields_present [ f ] ,
2008-12-05 16:11:15 +01:00
nonzeros [ z ] ,
2008-12-02 23:22:14 +01:00
& matched_expected_error ,
2008-11-25 02:46:25 +01:00
set_levels [ s ] ,
2008-12-08 13:10:56 +01:00
acct_name ,
2008-11-25 02:46:25 +01:00
password ,
2008-12-08 13:10:56 +01:00
machine_credentials ,
2008-11-25 02:46:25 +01:00
query_levels [ q ] ,
2008-12-08 13:10:56 +01:00
& pwdlastset_old ,
expected_samlogon_result ) ) {
2008-11-25 02:46:25 +01:00
ret = false ;
}
2008-12-02 23:22:14 +01:00
if ( matched_expected_error = = true ) {
2008-11-25 02:46:25 +01:00
/* skipping on expected failure */
continue ;
}
2008-11-28 22:01:18 +01:00
/* pwdlastset must be 0 afterwards, except for a level 21, 23 and 25
2008-11-25 02:46:25 +01:00
* set without the SAMR_FIELD_EXPIRED_FLAG */
2008-12-05 16:11:15 +01:00
switch ( levels [ l ] ) {
2008-11-28 22:01:18 +01:00
case 21 :
2008-11-25 02:46:25 +01:00
case 23 :
case 25 :
if ( ( pwdlastset_new ! = 0 ) & &
2008-12-02 23:22:14 +01:00
! ( fields_present [ f ] & SAMR_FIELD_EXPIRED_FLAG ) ) {
2008-11-25 02:46:25 +01:00
torture_comment ( tctx , " not considering a non-0 "
" pwdLastSet as a an error as the "
" SAMR_FIELD_EXPIRED_FLAG has not "
" been set \n " ) ;
break ;
}
default :
if ( pwdlastset_new ! = 0 ) {
torture_warning ( tctx , " pwdLastSet test failed: "
" expected pwdLastSet 0 but got %lld \n " ,
pwdlastset_old ) ;
ret = false ;
}
break ;
}
2008-12-05 16:11:15 +01:00
switch ( levels [ l ] ) {
2008-12-02 23:22:14 +01:00
case 21 :
case 23 :
case 25 :
if ( ( ( fields_present [ f ] & SAMR_FIELD_NT_PASSWORD_PRESENT ) | |
( fields_present [ f ] & SAMR_FIELD_LM_PASSWORD_PRESENT ) ) & &
( pwdlastset_old > 0 ) & & ( pwdlastset_new > 0 ) & &
( pwdlastset_old > = pwdlastset_new ) ) {
torture_warning ( tctx , " pwdlastset not increasing \n " ) ;
ret = false ;
}
break ;
default :
if ( ( pwdlastset_old > 0 ) & & ( pwdlastset_new > 0 ) & &
( pwdlastset_old > = pwdlastset_new ) ) {
torture_warning ( tctx , " pwdlastset not increasing \n " ) ;
ret = false ;
}
break ;
}
2008-11-25 02:46:25 +01:00
usleep ( delay ) ;
/* set #2 */
2008-11-28 22:01:18 +01:00
/* set a password, pwdlastset needs to get updated (increased
* value ) , password_expired value used here is 0 */
2008-12-08 13:10:56 +01:00
if ( ! test_SetPassword_level ( p , np , tctx , handle ,
2008-12-05 16:11:15 +01:00
levels [ l ] ,
2008-12-02 23:22:14 +01:00
fields_present [ f ] ,
2008-11-25 02:46:25 +01:00
0 ,
2008-12-02 23:22:14 +01:00
& matched_expected_error ,
2008-11-25 02:46:25 +01:00
set_levels [ s ] ,
2008-12-08 13:10:56 +01:00
acct_name ,
2008-11-25 02:46:25 +01:00
password ,
2008-12-08 13:10:56 +01:00
machine_credentials ,
2008-11-25 02:46:25 +01:00
query_levels [ q ] ,
2008-12-08 13:10:56 +01:00
& pwdlastset_new ,
expected_samlogon_result ) ) {
2008-11-25 02:46:25 +01:00
ret = false ;
}
2008-11-28 22:01:18 +01:00
/* when a password has been changed, pwdlastset must not be 0 afterwards
* and must be larger then the old value */
2008-11-25 02:46:25 +01:00
2008-12-05 16:11:15 +01:00
switch ( levels [ l ] ) {
2008-11-28 22:01:18 +01:00
case 21 :
case 23 :
case 25 :
/* SAMR_FIELD_EXPIRED_FLAG has not been set and no
* password has been changed , old and new pwdlastset
* need to be the same value */
2008-12-05 16:11:15 +01:00
if ( ! ( fields_present [ f ] & SAMR_FIELD_EXPIRED_FLAG ) & &
! ( ( fields_present [ f ] & SAMR_FIELD_NT_PASSWORD_PRESENT ) | |
( fields_present [ f ] & SAMR_FIELD_LM_PASSWORD_PRESENT ) ) )
2008-11-28 22:01:18 +01:00
{
torture_assert_int_equal ( tctx , pwdlastset_old ,
pwdlastset_new , " pwdlastset must be equal " ) ;
break ;
}
default :
if ( pwdlastset_old > = pwdlastset_new ) {
torture_warning ( tctx , " pwdLastSet test failed: "
" expected last pwdlastset (%lld) < new pwdlastset (%lld) \n " ,
pwdlastset_old , pwdlastset_new ) ;
ret = false ;
}
if ( pwdlastset_new = = 0 ) {
torture_warning ( tctx , " pwdLastSet test failed: "
" expected non-0 pwdlastset, got: %lld \n " ,
pwdlastset_new ) ;
ret = false ;
}
2008-11-25 02:46:25 +01:00
}
2008-11-28 22:01:18 +01:00
2008-12-05 16:11:15 +01:00
switch ( levels [ l ] ) {
2008-12-02 23:22:14 +01:00
case 21 :
case 23 :
case 25 :
if ( ( ( fields_present [ f ] & SAMR_FIELD_NT_PASSWORD_PRESENT ) | |
( fields_present [ f ] & SAMR_FIELD_LM_PASSWORD_PRESENT ) ) & &
( pwdlastset_old > 0 ) & & ( pwdlastset_new > 0 ) & &
( pwdlastset_old > = pwdlastset_new ) ) {
torture_warning ( tctx , " pwdlastset not increasing \n " ) ;
ret = false ;
}
break ;
default :
if ( ( pwdlastset_old > 0 ) & & ( pwdlastset_new > 0 ) & &
( pwdlastset_old > = pwdlastset_new ) ) {
torture_warning ( tctx , " pwdlastset not increasing \n " ) ;
ret = false ;
}
break ;
}
2008-11-25 02:46:25 +01:00
pwdlastset_old = pwdlastset_new ;
usleep ( delay ) ;
2008-12-02 23:22:14 +01:00
/* set #2b */
/* set a password, pwdlastset needs to get updated (increased
* value ) , password_expired value used here is 0 */
2008-12-08 13:10:56 +01:00
if ( ! test_SetPassword_level ( p , np , tctx , handle ,
2008-12-05 16:11:15 +01:00
levels [ l ] ,
2008-12-02 23:22:14 +01:00
fields_present [ f ] ,
0 ,
& matched_expected_error ,
set_levels [ s ] ,
2008-12-08 13:10:56 +01:00
acct_name ,
2008-12-02 23:22:14 +01:00
password ,
2008-12-08 13:10:56 +01:00
machine_credentials ,
2008-12-02 23:22:14 +01:00
query_levels [ q ] ,
2008-12-08 13:10:56 +01:00
& pwdlastset_new ,
expected_samlogon_result ) ) {
2008-12-02 23:22:14 +01:00
ret = false ;
}
/* when a password has been changed, pwdlastset must not be 0 afterwards
* and must be larger then the old value */
2008-12-05 16:11:15 +01:00
switch ( levels [ l ] ) {
2008-12-02 23:22:14 +01:00
case 21 :
case 23 :
case 25 :
/* if no password has been changed, old and new pwdlastset
* need to be the same value */
if ( ! ( ( fields_present [ f ] & SAMR_FIELD_NT_PASSWORD_PRESENT ) | |
( fields_present [ f ] & SAMR_FIELD_LM_PASSWORD_PRESENT ) ) )
{
torture_assert_int_equal ( tctx , pwdlastset_old ,
pwdlastset_new , " pwdlastset must be equal " ) ;
break ;
}
default :
if ( pwdlastset_old > = pwdlastset_new ) {
torture_warning ( tctx , " pwdLastSet test failed: "
" expected last pwdlastset (%lld) < new pwdlastset (%lld) \n " ,
pwdlastset_old , pwdlastset_new ) ;
ret = false ;
}
if ( pwdlastset_new = = 0 ) {
torture_warning ( tctx , " pwdLastSet test failed: "
" expected non-0 pwdlastset, got: %lld \n " ,
pwdlastset_new ) ;
ret = false ;
}
}
2008-11-25 02:46:25 +01:00
/* set #3 */
2008-11-28 22:01:18 +01:00
/* set a password and force password change (pwdlastset 0) by
* setting the password expired flag to a non - 0 value */
2008-12-08 13:10:56 +01:00
if ( ! test_SetPassword_level ( p , np , tctx , handle ,
2008-12-05 16:11:15 +01:00
levels [ l ] ,
2008-12-02 23:22:14 +01:00
fields_present [ f ] ,
2008-12-05 16:11:15 +01:00
nonzeros [ z ] ,
2008-12-02 23:22:14 +01:00
& matched_expected_error ,
2008-11-25 02:46:25 +01:00
set_levels [ s ] ,
2008-12-08 13:10:56 +01:00
acct_name ,
2008-11-25 02:46:25 +01:00
password ,
2008-12-08 13:10:56 +01:00
machine_credentials ,
2008-11-25 02:46:25 +01:00
query_levels [ q ] ,
2008-12-08 13:10:56 +01:00
& pwdlastset_new ,
expected_samlogon_result ) ) {
2008-11-25 02:46:25 +01:00
ret = false ;
}
2008-11-28 22:01:18 +01:00
/* pwdlastset must be 0 afterwards, except for a level 21, 23 and 25
2008-11-25 02:46:25 +01:00
* set without the SAMR_FIELD_EXPIRED_FLAG */
2008-12-05 16:11:15 +01:00
switch ( levels [ l ] ) {
2008-11-28 22:01:18 +01:00
case 21 :
2008-11-25 02:46:25 +01:00
case 23 :
case 25 :
if ( ( pwdlastset_new ! = 0 ) & &
2008-12-02 23:22:14 +01:00
! ( fields_present [ f ] & SAMR_FIELD_EXPIRED_FLAG ) ) {
2008-11-28 22:01:18 +01:00
torture_comment ( tctx , " not considering a non-0 "
" pwdLastSet as a an error as the "
" SAMR_FIELD_EXPIRED_FLAG has not "
" been set \n " ) ;
break ;
}
/* SAMR_FIELD_EXPIRED_FLAG has not been set and no
* password has been changed , old and new pwdlastset
* need to be the same value */
2008-12-05 16:11:15 +01:00
if ( ! ( fields_present [ f ] & SAMR_FIELD_EXPIRED_FLAG ) & &
! ( ( fields_present [ f ] & SAMR_FIELD_NT_PASSWORD_PRESENT ) | |
( fields_present [ f ] & SAMR_FIELD_LM_PASSWORD_PRESENT ) ) )
2008-11-28 22:01:18 +01:00
{
torture_assert_int_equal ( tctx , pwdlastset_old ,
pwdlastset_new , " pwdlastset must be equal " ) ;
2008-11-25 02:46:25 +01:00
break ;
}
default :
2008-11-28 22:01:18 +01:00
if ( pwdlastset_old = = pwdlastset_new ) {
torture_warning ( tctx , " pwdLastSet test failed: "
" expected last pwdlastset (%lld) != new pwdlastset (%lld) \n " ,
pwdlastset_old , pwdlastset_new ) ;
ret = false ;
}
2008-11-25 02:46:25 +01:00
if ( pwdlastset_new ! = 0 ) {
torture_warning ( tctx , " pwdLastSet test failed: "
" expected pwdLastSet 0, got %lld \n " ,
pwdlastset_old ) ;
ret = false ;
}
break ;
}
2008-12-02 23:22:14 +01:00
2008-12-05 16:11:15 +01:00
switch ( levels [ l ] ) {
2008-12-02 23:22:14 +01:00
case 21 :
case 23 :
case 25 :
if ( ( ( fields_present [ f ] & SAMR_FIELD_NT_PASSWORD_PRESENT ) | |
( fields_present [ f ] & SAMR_FIELD_LM_PASSWORD_PRESENT ) ) & &
( pwdlastset_old > 0 ) & & ( pwdlastset_new > 0 ) & &
( pwdlastset_old > = pwdlastset_new ) ) {
torture_warning ( tctx , " pwdlastset not increasing \n " ) ;
ret = false ;
}
break ;
default :
if ( ( pwdlastset_old > 0 ) & & ( pwdlastset_new > 0 ) & &
( pwdlastset_old > = pwdlastset_new ) ) {
torture_warning ( tctx , " pwdlastset not increasing \n " ) ;
ret = false ;
}
break ;
}
2008-12-05 16:11:15 +01:00
/* if the level we are testing does not have a fields_present
* field , skip all fields present tests by setting f to to
* arraysize */
switch ( levels [ l ] ) {
case 18 :
2008-12-02 23:22:14 +01:00
case 24 :
case 26 :
f = ARRAY_SIZE ( fields_present ) ;
break ;
}
2008-11-28 12:10:56 +01:00
# ifdef TEST_QUERY_LEVELS
2008-11-25 02:46:25 +01:00
}
2008-11-28 12:10:56 +01:00
# endif
# ifdef TEST_SET_LEVELS
2008-11-25 02:46:25 +01:00
}
2008-11-28 12:10:56 +01:00
# endif
2008-12-05 16:11:15 +01:00
} /* fields present */
} /* nonzeros */
} /* levels */
2008-11-25 02:46:25 +01:00
2008-11-28 12:10:56 +01:00
# undef TEST_SET_LEVELS
# undef TEST_QUERY_LEVELS
2009-10-20 16:34:42 +11:00
talloc_free ( np ) ;
2008-11-25 02:46:25 +01:00
return ret ;
}
2004-04-18 04:06:15 +00:00
2010-01-11 21:18:51 +01:00
static bool test_QueryUserInfo_badpwdcount ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * handle ,
uint32_t * badpwdcount )
{
union samr_UserInfo * info ;
struct samr_QueryUserInfo r ;
r . in . user_handle = handle ;
r . in . level = 3 ;
r . out . info = & info ;
torture_comment ( tctx , " Testing QueryUserInfo level %d " , r . in . level ) ;
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_QueryUserInfo ( p , tctx , & r ) ,
" failed to query userinfo " ) ;
* badpwdcount = info - > info3 . bad_password_count ;
torture_comment ( tctx , " (bad password count: %d) \n " , * badpwdcount ) ;
return true ;
}
2010-01-21 23:55:51 +01:00
static bool test_SetUserInfo_acct_flags ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * user_handle ,
uint32_t acct_flags )
2010-01-11 21:18:51 +01:00
{
struct samr_SetUserInfo r ;
union samr_UserInfo user_info ;
2010-01-21 23:55:51 +01:00
torture_comment ( tctx , " Testing SetUserInfo level 16 \n " ) ;
2010-01-11 21:18:51 +01:00
user_info . info16 . acct_flags = acct_flags ;
r . in . user_handle = user_handle ;
r . in . level = 16 ;
r . in . info = & user_info ;
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_SetUserInfo ( p , tctx , & r ) ,
2010-01-21 23:55:51 +01:00
" failed to set account flags " ) ;
return true ;
}
static bool test_reset_badpwdcount ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * user_handle ,
uint32_t acct_flags ,
char * * password )
{
torture_assert ( tctx , test_SetUserPass ( p , tctx , user_handle , password ) ,
" failed to set password " ) ;
torture_comment ( tctx , " Testing SetUserInfo level 16 (enable account) \n " ) ;
torture_assert ( tctx ,
test_SetUserInfo_acct_flags ( p , tctx , user_handle ,
acct_flags & ~ ACB_DISABLED ) ,
" failed to enable user " ) ;
2010-01-11 21:18:51 +01:00
torture_assert ( tctx , test_SetUserPass ( p , tctx , user_handle , password ) ,
" failed to set password " ) ;
return true ;
}
2010-01-22 00:21:29 +01:00
static bool test_SetDomainInfo ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * domain_handle ,
enum samr_DomainInfoClass level ,
union samr_DomainInfo * info )
{
struct samr_SetDomainInfo r ;
r . in . domain_handle = domain_handle ;
r . in . level = level ;
r . in . info = info ;
torture_assert_ntstatus_ok ( tctx ,
dcerpc_samr_SetDomainInfo ( p , tctx , & r ) ,
" failed to set domain info " ) ;
return true ;
}
2010-01-22 00:46:19 +01:00
static bool test_SetDomainInfo_ntstatus ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * domain_handle ,
enum samr_DomainInfoClass level ,
union samr_DomainInfo * info ,
NTSTATUS expected )
{
struct samr_SetDomainInfo r ;
r . in . domain_handle = domain_handle ;
r . in . level = level ;
r . in . info = info ;
torture_assert_ntstatus_equal ( tctx ,
dcerpc_samr_SetDomainInfo ( p , tctx , & r ) ,
expected ,
" " ) ;
return true ;
}
2010-01-22 00:47:42 +01:00
static bool test_QueryDomainInfo2_level ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * domain_handle ,
enum samr_DomainInfoClass level ,
union samr_DomainInfo * * q_info )
{
struct samr_QueryDomainInfo2 r ;
r . in . domain_handle = domain_handle ;
r . in . level = level ;
r . out . info = q_info ;
torture_assert_ntstatus_ok ( tctx ,
dcerpc_samr_QueryDomainInfo2 ( p , tctx , & r ) ,
" failed to query domain info " ) ;
return true ;
}
2010-01-22 00:21:29 +01:00
2010-01-11 21:18:51 +01:00
static bool test_Password_badpwdcount ( struct dcerpc_pipe * p ,
struct dcerpc_pipe * np ,
struct torture_context * tctx ,
uint32_t acct_flags ,
const char * acct_name ,
struct policy_handle * domain_handle ,
struct policy_handle * user_handle ,
char * * password ,
struct cli_credentials * machine_credentials ,
const char * comment ,
bool disable ,
bool interactive ,
NTSTATUS expected_success_status ,
struct samr_DomInfo1 * info1 ,
struct samr_DomInfo12 * info12 )
{
union samr_DomainInfo info ;
char * * passwords ;
int i ;
uint32_t badpwdcount , tmp ;
uint32_t password_history_length = 12 ;
uint32_t lockout_threshold = 15 ;
torture_comment ( tctx , " \n Testing bad pwd count with: %s \n " , comment ) ;
torture_assert ( tctx , password_history_length < lockout_threshold ,
" password history length needs to be smaller than account lockout threshold for this test " ) ;
/* set policies */
info . info1 = * info1 ;
info . info1 . password_history_length = password_history_length ;
2010-01-22 00:21:29 +01:00
torture_assert ( tctx ,
test_SetDomainInfo ( p , tctx , domain_handle ,
DomainPasswordInformation , & info ) ,
" failed to set password history length " ) ;
2010-01-11 21:18:51 +01:00
info . info12 = * info12 ;
info . info12 . lockout_threshold = lockout_threshold ;
2010-01-22 00:21:29 +01:00
torture_assert ( tctx ,
test_SetDomainInfo ( p , tctx , domain_handle ,
DomainLockoutInformation , & info ) ,
" failed to set lockout threshold " ) ;
2010-01-11 21:18:51 +01:00
/* reset bad pwd count */
torture_assert ( tctx ,
test_reset_badpwdcount ( p , tctx , user_handle , acct_flags , password ) , " " ) ;
/* enable or disable account */
2010-01-21 23:55:51 +01:00
if ( disable ) {
torture_assert ( tctx ,
test_SetUserInfo_acct_flags ( p , tctx , user_handle ,
acct_flags | ACB_DISABLED ) ,
" failed to disable user " ) ;
} else {
torture_assert ( tctx ,
test_SetUserInfo_acct_flags ( p , tctx , user_handle ,
acct_flags & ~ ACB_DISABLED ) ,
" failed to enable user " ) ;
2010-01-11 21:18:51 +01:00
}
/* setup password history */
passwords = talloc_array ( tctx , char * , password_history_length ) ;
for ( i = 0 ; i < password_history_length ; i + + ) {
torture_assert ( tctx , test_SetUserPass ( p , tctx , user_handle , password ) ,
" failed to set password " ) ;
passwords [ i ] = talloc_strdup ( tctx , * password ) ;
if ( ! test_SamLogon_with_creds ( tctx , np , machine_credentials ,
acct_name , passwords [ i ] ,
expected_success_status , interactive ) ) {
torture_fail ( tctx , " failed to auth with latest password " ) ;
}
torture_assert ( tctx ,
test_QueryUserInfo_badpwdcount ( p , tctx , user_handle , & badpwdcount ) , " " ) ;
torture_assert_int_equal ( tctx , badpwdcount , 0 , " expected badpwdcount to be 0 " ) ;
}
/* test with wrong password */
if ( ! test_SamLogon_with_creds ( tctx , np , machine_credentials ,
acct_name , " random_crap " ,
NT_STATUS_WRONG_PASSWORD , interactive ) ) {
torture_fail ( tctx , " succeeded to authenticate with wrong password " ) ;
}
torture_assert ( tctx ,
test_QueryUserInfo_badpwdcount ( p , tctx , user_handle , & badpwdcount ) , " " ) ;
torture_assert_int_equal ( tctx , badpwdcount , 1 , " expected badpwdcount to be 1 " ) ;
/* test with latest good password */
if ( ! test_SamLogon_with_creds ( tctx , np , machine_credentials , acct_name ,
passwords [ password_history_length - 1 ] ,
expected_success_status , interactive ) ) {
torture_fail ( tctx , " succeeded to authenticate with wrong password " ) ;
}
torture_assert ( tctx ,
test_QueryUserInfo_badpwdcount ( p , tctx , user_handle , & badpwdcount ) , " " ) ;
if ( disable ) {
torture_assert_int_equal ( tctx , badpwdcount , 1 , " expected badpwdcount to be 1 " ) ;
} else {
/* only enabled accounts get the bad pwd count reset upon
* successful logon */
torture_assert_int_equal ( tctx , badpwdcount , 0 , " expected badpwdcount to be 0 " ) ;
}
tmp = badpwdcount ;
/* test password history */
for ( i = 0 ; i < password_history_length ; i + + ) {
torture_comment ( tctx , " Testing bad password count behavior with "
" password #%d of #%d \n " , i , password_history_length ) ;
/* - network samlogon will succeed auth and not
* increase badpwdcount for 2 last entries
* - interactive samlogon only for the last one */
if ( i = = password_history_length - 1 | |
( i = = password_history_length - 2 & & ! interactive ) ) {
if ( ! test_SamLogon_with_creds ( tctx , np , machine_credentials ,
acct_name , passwords [ i ] ,
expected_success_status , interactive ) ) {
torture_fail ( tctx , talloc_asprintf ( tctx , " succeeded to authenticate with old password (#%d of #%d in history) " , i , password_history_length ) ) ;
}
torture_assert ( tctx ,
test_QueryUserInfo_badpwdcount ( p , tctx , user_handle , & badpwdcount ) , " " ) ;
if ( disable ) {
/* torture_comment(tctx, "expecting bad pwd count to *NOT INCREASE* for pwd history entry %d\n", i); */
torture_assert_int_equal ( tctx , badpwdcount , tmp , " unexpected badpwdcount " ) ;
} else {
/* torture_comment(tctx, "expecting bad pwd count to be 0 for pwd history entry %d\n", i); */
torture_assert_int_equal ( tctx , badpwdcount , 0 , " expected badpwdcount to be 0 " ) ;
}
tmp = badpwdcount ;
continue ;
}
if ( ! test_SamLogon_with_creds ( tctx , np , machine_credentials ,
acct_name , passwords [ i ] ,
NT_STATUS_WRONG_PASSWORD , interactive ) ) {
torture_fail ( tctx , talloc_asprintf ( tctx , " succeeded to authenticate with old password (#%d of #%d in history) " , i , password_history_length ) ) ;
}
torture_assert ( tctx ,
test_QueryUserInfo_badpwdcount ( p , tctx , user_handle , & badpwdcount ) , " " ) ;
/* - network samlogon will fail auth but not increase
* badpwdcount for 3 rd last entry
* - interactive samlogon for 3 rd and 2 nd last entry */
if ( i = = password_history_length - 3 | |
( i = = password_history_length - 2 & & interactive ) ) {
/* torture_comment(tctx, "expecting bad pwd count to *NOT INCREASE * by one for pwd history entry %d\n", i); */
torture_assert_int_equal ( tctx , badpwdcount , tmp , " unexpected badpwdcount " ) ;
} else {
/* torture_comment(tctx, "expecting bad pwd count to increase by one for pwd history entry %d\n", i); */
torture_assert_int_equal ( tctx , badpwdcount , tmp + 1 , " unexpected badpwdcount " ) ;
}
tmp = badpwdcount ;
}
return true ;
}
static bool test_Password_badpwdcount_wrap ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
uint32_t acct_flags ,
const char * acct_name ,
struct policy_handle * domain_handle ,
struct policy_handle * user_handle ,
char * * password ,
struct cli_credentials * machine_credentials )
{
union samr_DomainInfo * q_info , s_info ;
struct samr_DomInfo1 info1 , _info1 ;
struct samr_DomInfo12 info12 , _info12 ;
bool ret = true ;
struct dcerpc_pipe * np ;
int i ;
struct {
const char * comment ;
bool disabled ;
bool interactive ;
NTSTATUS expected_success_status ;
} creds [ ] = {
{
. comment = " network logon (disabled account) " ,
. disabled = true ,
. interactive = false ,
. expected_success_status = NT_STATUS_ACCOUNT_DISABLED
} ,
{
. comment = " network logon (enabled account) " ,
. disabled = false ,
. interactive = false ,
. expected_success_status = NT_STATUS_OK
} ,
{
. comment = " interactive logon (disabled account) " ,
. disabled = true ,
. interactive = true ,
. expected_success_status = NT_STATUS_ACCOUNT_DISABLED
} ,
{
. comment = " interactive logon (enabled account) " ,
. disabled = false ,
. interactive = true ,
. expected_success_status = NT_STATUS_OK
} ,
} ;
2010-01-15 00:25:06 +01:00
torture_assert ( tctx , setup_schannel_netlogon_pipe ( tctx , machine_credentials , & np ) , " " ) ;
2010-01-11 21:18:51 +01:00
/* backup old policies */
2010-01-22 00:47:42 +01:00
torture_assert ( tctx ,
test_QueryDomainInfo2_level ( p , tctx , domain_handle ,
DomainPasswordInformation , & q_info ) ,
" failed to query domain info level 1 " ) ;
2010-01-11 21:18:51 +01:00
2010-01-22 00:47:42 +01:00
info1 = q_info - > info1 ;
_info1 = info1 ;
2010-01-11 21:18:51 +01:00
2010-01-22 00:47:42 +01:00
torture_assert ( tctx ,
test_QueryDomainInfo2_level ( p , tctx , domain_handle ,
DomainLockoutInformation , & q_info ) ,
" failed to query domain info level 12 " ) ;
2010-01-11 21:18:51 +01:00
2010-01-22 00:47:42 +01:00
info12 = q_info - > info12 ;
2010-01-11 21:18:51 +01:00
_info12 = info12 ;
/* run tests */
for ( i = 0 ; i < ARRAY_SIZE ( creds ) ; i + + ) {
/* skip trust tests for now */
if ( acct_flags & ACB_WSTRUST | |
acct_flags & ACB_SVRTRUST | |
acct_flags & ACB_DOMTRUST ) {
continue ;
}
ret & = test_Password_badpwdcount ( p , np , tctx , acct_flags , acct_name ,
domain_handle , user_handle , password ,
machine_credentials ,
creds [ i ] . comment ,
creds [ i ] . disabled ,
creds [ i ] . interactive ,
creds [ i ] . expected_success_status ,
& _info1 , & _info12 ) ;
if ( ! ret ) {
torture_warning ( tctx , " TEST #%d (%s) failed \n " , i , creds [ i ] . comment ) ;
} else {
torture_comment ( tctx , " TEST #%d (%s) succeeded \n " , i , creds [ i ] . comment ) ;
}
}
/* restore policies */
s_info . info1 = info1 ;
2010-01-22 00:21:29 +01:00
torture_assert ( tctx ,
test_SetDomainInfo ( p , tctx , domain_handle ,
DomainPasswordInformation , & s_info ) ,
" failed to set password information " ) ;
2010-01-11 21:18:51 +01:00
s_info . info12 = info12 ;
2010-01-22 00:21:29 +01:00
torture_assert ( tctx ,
test_SetDomainInfo ( p , tctx , domain_handle ,
DomainLockoutInformation , & s_info ) ,
" failed to set lockout information " ) ;
2010-01-11 21:18:51 +01:00
return ret ;
}
2010-01-15 18:08:57 +01:00
static bool test_QueryUserInfo_acct_flags ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * handle ,
uint32_t * acct_flags )
{
union samr_UserInfo * info ;
struct samr_QueryUserInfo r ;
r . in . user_handle = handle ;
r . in . level = 16 ;
r . out . info = & info ;
torture_comment ( tctx , " Testing QueryUserInfo level %d " , r . in . level ) ;
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_QueryUserInfo ( p , tctx , & r ) ,
" failed to query userinfo " ) ;
* acct_flags = info - > info16 . acct_flags ;
torture_comment ( tctx , " (acct_flags: 0x%08x) \n " , * acct_flags ) ;
return true ;
}
static bool test_Password_lockout ( struct dcerpc_pipe * p ,
struct dcerpc_pipe * np ,
struct torture_context * tctx ,
uint32_t acct_flags ,
const char * acct_name ,
struct policy_handle * domain_handle ,
struct policy_handle * user_handle ,
char * * password ,
struct cli_credentials * machine_credentials ,
const char * comment ,
bool disable ,
bool interactive ,
NTSTATUS expected_success_status ,
struct samr_DomInfo1 * info1 ,
struct samr_DomInfo12 * info12 )
{
union samr_DomainInfo info ;
uint32_t badpwdcount ;
uint32_t password_history_length = 1 ;
uint64_t lockout_threshold = 1 ;
uint32_t lockout_seconds = 5 ;
uint64_t delta_time_factor = 10 * 1000 * 1000 ;
torture_comment ( tctx , " \n Testing account lockout: %s \n " , comment ) ;
/* set policies */
info . info1 = * info1 ;
torture_comment ( tctx , " setting password history lenght. \n " ) ;
info . info1 . password_history_length = password_history_length ;
2010-01-22 00:21:29 +01:00
torture_assert ( tctx ,
test_SetDomainInfo ( p , tctx , domain_handle ,
DomainPasswordInformation , & info ) ,
" failed to set password history length " ) ;
2010-01-15 18:08:57 +01:00
info . info12 = * info12 ;
info . info12 . lockout_threshold = lockout_threshold ;
/* set lockout duration < lockout window: should fail */
info . info12 . lockout_duration = ~ ( lockout_seconds * delta_time_factor ) ;
info . info12 . lockout_window = ~ ( ( lockout_seconds + 1 ) * delta_time_factor ) ;
2010-01-22 00:46:19 +01:00
torture_assert ( tctx ,
test_SetDomainInfo_ntstatus ( p , tctx , domain_handle ,
DomainLockoutInformation , & info ,
NT_STATUS_INVALID_PARAMETER ) ,
" setting lockout duration < lockout window gave unexpected result " ) ;
2010-01-15 18:08:57 +01:00
info . info12 . lockout_duration = 0 ;
info . info12 . lockout_window = 0 ;
2010-01-22 00:21:29 +01:00
torture_assert ( tctx ,
test_SetDomainInfo ( p , tctx , domain_handle ,
DomainLockoutInformation , & info ) ,
" failed to set lockout window and duration to 0 " ) ;
2010-01-15 18:08:57 +01:00
/* set lockout duration of 5 seconds */
info . info12 . lockout_duration = ~ ( lockout_seconds * delta_time_factor ) ;
info . info12 . lockout_window = ~ ( lockout_seconds * delta_time_factor ) ;
2010-01-22 00:21:29 +01:00
torture_assert ( tctx ,
test_SetDomainInfo ( p , tctx , domain_handle ,
DomainLockoutInformation , & info ) ,
" failed to set lockout window and duration to 5 seconds " ) ;
2010-01-15 18:08:57 +01:00
/* reset bad pwd count */
torture_assert ( tctx ,
test_reset_badpwdcount ( p , tctx , user_handle , acct_flags , password ) , " " ) ;
/* enable or disable account */
2010-01-21 23:55:51 +01:00
if ( disable ) {
torture_assert ( tctx ,
test_SetUserInfo_acct_flags ( p , tctx , user_handle ,
acct_flags | ACB_DISABLED ) ,
" failed to disable user " ) ;
} else {
torture_assert ( tctx ,
test_SetUserInfo_acct_flags ( p , tctx , user_handle ,
acct_flags & ~ ACB_DISABLED ) ,
" failed to enable user " ) ;
2010-01-15 18:08:57 +01:00
}
2010-01-21 23:55:51 +01:00
2010-01-15 18:08:57 +01:00
/* test logon with right password */
if ( ! test_SamLogon_with_creds ( tctx , np , machine_credentials ,
acct_name , * password ,
expected_success_status , interactive ) ) {
torture_fail ( tctx , " failed to auth with latest password " ) ;
}
torture_assert ( tctx ,
test_QueryUserInfo_badpwdcount ( p , tctx , user_handle , & badpwdcount ) , " " ) ;
torture_assert_int_equal ( tctx , badpwdcount , 0 , " expected badpwdcount to be 0 " ) ;
/* test with wrong password ==> lockout */
if ( ! test_SamLogon_with_creds ( tctx , np , machine_credentials ,
acct_name , " random_crap " ,
NT_STATUS_WRONG_PASSWORD , interactive ) ) {
torture_fail ( tctx , " succeeded to authenticate with wrong password " ) ;
}
torture_assert ( tctx ,
test_QueryUserInfo_badpwdcount ( p , tctx , user_handle , & badpwdcount ) , " " ) ;
torture_assert_int_equal ( tctx , badpwdcount , 1 , " expected badpwdcount to be 1 " ) ;
torture_assert ( tctx ,
test_QueryUserInfo_acct_flags ( p , tctx , user_handle , & acct_flags ) , " " ) ;
torture_assert_int_equal ( tctx , acct_flags & ACB_AUTOLOCK , 0 ,
" expected account to be locked " ) ;
/* test with good password */
if ( ! test_SamLogon_with_creds ( tctx , np , machine_credentials , acct_name ,
* password ,
NT_STATUS_ACCOUNT_LOCKED_OUT , interactive ) )
{
torture_fail ( tctx , " authenticate did not return NT_STATUS_ACCOUNT_LOCKED_OUT " ) ;
}
/* bad pwd count should not get updated */
torture_assert ( tctx ,
test_QueryUserInfo_badpwdcount ( p , tctx , user_handle , & badpwdcount ) , " " ) ;
torture_assert_int_equal ( tctx , badpwdcount , 1 , " expected badpwdcount to be 1 " ) ;
/* curiously, windows does _not_ set the autlock flag */
torture_assert ( tctx ,
test_QueryUserInfo_acct_flags ( p , tctx , user_handle , & acct_flags ) , " " ) ;
torture_assert_int_equal ( tctx , acct_flags & ACB_AUTOLOCK , 0 ,
" expected account to be locked " ) ;
/* with bad password */
if ( ! test_SamLogon_with_creds ( tctx , np , machine_credentials ,
acct_name , " random_crap2 " ,
NT_STATUS_ACCOUNT_LOCKED_OUT , interactive ) )
{
torture_fail ( tctx , " authenticate did not return NT_STATUS_ACCOUNT_LOCKED_OUT " ) ;
}
/* bad pwd count should not get updated */
torture_assert ( tctx ,
test_QueryUserInfo_badpwdcount ( p , tctx , user_handle , & badpwdcount ) , " " ) ;
torture_assert_int_equal ( tctx , badpwdcount , 1 , " expected badpwdcount to be 1 " ) ;
/* curiously, windows does _not_ set the autlock flag */
torture_assert ( tctx ,
test_QueryUserInfo_acct_flags ( p , tctx , user_handle , & acct_flags ) , " " ) ;
torture_assert_int_equal ( tctx , acct_flags & ACB_AUTOLOCK , 0 ,
" expected account to be locked " ) ;
/* let lockout duration expire ==> unlock */
torture_comment ( tctx , " let lockout duration expire... \n " ) ;
sleep ( lockout_seconds + 1 ) ;
if ( ! test_SamLogon_with_creds ( tctx , np , machine_credentials , acct_name ,
* password ,
expected_success_status , interactive ) )
{
torture_fail ( tctx , " failed to authenticate after lockout expired " ) ;
}
torture_assert ( tctx ,
test_QueryUserInfo_acct_flags ( p , tctx , user_handle , & acct_flags ) , " " ) ;
torture_assert_int_equal ( tctx , acct_flags & ACB_AUTOLOCK , 0 ,
" expected account not to be locked " ) ;
return true ;
}
static bool test_Password_lockout_wrap ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
uint32_t acct_flags ,
const char * acct_name ,
struct policy_handle * domain_handle ,
struct policy_handle * user_handle ,
char * * password ,
struct cli_credentials * machine_credentials )
{
union samr_DomainInfo * q_info , s_info ;
struct samr_DomInfo1 info1 , _info1 ;
struct samr_DomInfo12 info12 , _info12 ;
bool ret = true ;
struct dcerpc_pipe * np ;
int i ;
struct {
const char * comment ;
bool disabled ;
bool interactive ;
NTSTATUS expected_success_status ;
} creds [ ] = {
{
. comment = " network logon (disabled account) " ,
. disabled = true ,
. interactive = false ,
. expected_success_status = NT_STATUS_ACCOUNT_DISABLED
} ,
{
. comment = " network logon (enabled account) " ,
. disabled = false ,
. interactive = false ,
. expected_success_status = NT_STATUS_OK
} ,
{
. comment = " interactive logon (disabled account) " ,
. disabled = true ,
. interactive = true ,
. expected_success_status = NT_STATUS_ACCOUNT_DISABLED
} ,
{
. comment = " interactive logon (enabled account) " ,
. disabled = false ,
. interactive = true ,
. expected_success_status = NT_STATUS_OK
} ,
} ;
torture_assert ( tctx , setup_schannel_netlogon_pipe ( tctx , machine_credentials , & np ) , " " ) ;
/* backup old policies */
2010-01-22 00:47:42 +01:00
torture_assert ( tctx ,
test_QueryDomainInfo2_level ( p , tctx , domain_handle ,
DomainPasswordInformation , & q_info ) ,
" failed to query domain info level 1 " ) ;
2010-01-15 18:08:57 +01:00
2010-01-22 00:47:42 +01:00
info1 = q_info - > info1 ;
_info1 = info1 ;
2010-01-15 18:08:57 +01:00
2010-01-22 00:47:42 +01:00
torture_assert ( tctx ,
test_QueryDomainInfo2_level ( p , tctx , domain_handle ,
DomainLockoutInformation , & q_info ) ,
" failed to query domain info level 12 " ) ;
2010-01-15 18:08:57 +01:00
2010-01-22 00:47:42 +01:00
info12 = q_info - > info12 ;
2010-01-15 18:08:57 +01:00
_info12 = info12 ;
/* run tests */
for ( i = 0 ; i < ARRAY_SIZE ( creds ) ; i + + ) {
/* skip trust tests for now */
if ( acct_flags & ACB_WSTRUST | |
acct_flags & ACB_SVRTRUST | |
acct_flags & ACB_DOMTRUST ) {
continue ;
}
ret & = test_Password_lockout ( p , np , tctx , acct_flags , acct_name ,
domain_handle , user_handle , password ,
machine_credentials ,
creds [ i ] . comment ,
creds [ i ] . disabled ,
creds [ i ] . interactive ,
creds [ i ] . expected_success_status ,
& _info1 , & _info12 ) ;
if ( ! ret ) {
torture_warning ( tctx , " TEST #%d (%s) failed \n " , i , creds [ i ] . comment ) ;
} else {
torture_comment ( tctx , " TEST #%d (%s) succeeded \n " , i , creds [ i ] . comment ) ;
}
}
/* restore policies */
s_info . info1 = info1 ;
2010-01-22 00:21:29 +01:00
torture_assert ( tctx ,
test_SetDomainInfo ( p , tctx , domain_handle ,
DomainPasswordInformation , & s_info ) ,
" failed to set password information " ) ;
2010-01-15 18:08:57 +01:00
s_info . info12 = info12 ;
2010-01-22 00:21:29 +01:00
torture_assert ( tctx ,
test_SetDomainInfo ( p , tctx , domain_handle ,
DomainLockoutInformation , & s_info ) ,
" failed to set lockout information " ) ;
2010-01-15 18:08:57 +01:00
return ret ;
}
2009-05-18 19:37:13 +02:00
static bool test_DeleteUser_with_privs ( struct dcerpc_pipe * p ,
struct dcerpc_pipe * lp ,
struct torture_context * tctx ,
struct policy_handle * domain_handle ,
struct policy_handle * lsa_handle ,
struct policy_handle * user_handle ,
const struct dom_sid * domain_sid ,
uint32_t rid ,
struct cli_credentials * machine_credentials )
{
NTSTATUS status ;
bool ret = true ;
struct policy_handle lsa_acct_handle ;
struct dom_sid * user_sid ;
user_sid = dom_sid_add_rid ( tctx , domain_sid , rid ) ;
{
struct lsa_EnumAccountRights r ;
struct lsa_RightSet rights ;
2009-06-17 01:20:03 +02:00
torture_comment ( tctx , " Testing LSA EnumAccountRights \n " ) ;
2009-05-18 19:37:13 +02:00
r . in . handle = lsa_handle ;
r . in . sid = user_sid ;
r . out . rights = & rights ;
status = dcerpc_lsa_EnumAccountRights ( lp , tctx , & r ) ;
torture_assert_ntstatus_equal ( tctx , status , NT_STATUS_OBJECT_NAME_NOT_FOUND ,
" Expected enum rights for account to fail " ) ;
}
{
struct lsa_RightSet rights ;
struct lsa_StringLarge names [ 2 ] ;
struct lsa_AddAccountRights r ;
2009-06-17 01:20:03 +02:00
torture_comment ( tctx , " Testing LSA AddAccountRights \n " ) ;
2009-05-18 19:37:13 +02:00
init_lsa_StringLarge ( & names [ 0 ] , " SeMachineAccountPrivilege " ) ;
init_lsa_StringLarge ( & names [ 1 ] , NULL ) ;
rights . count = 1 ;
rights . names = names ;
r . in . handle = lsa_handle ;
r . in . sid = user_sid ;
r . in . rights = & rights ;
status = dcerpc_lsa_AddAccountRights ( lp , tctx , & r ) ;
torture_assert_ntstatus_ok ( tctx , status ,
" Failed to add privileges " ) ;
}
{
struct lsa_EnumAccounts r ;
uint32_t resume_handle = 0 ;
struct lsa_SidArray lsa_sid_array ;
int i ;
bool found_sid = false ;
2009-06-17 01:20:03 +02:00
torture_comment ( tctx , " Testing LSA EnumAccounts \n " ) ;
2009-05-18 19:37:13 +02:00
r . in . handle = lsa_handle ;
r . in . num_entries = 0x1000 ;
r . in . resume_handle = & resume_handle ;
r . out . sids = & lsa_sid_array ;
r . out . resume_handle = & resume_handle ;
status = dcerpc_lsa_EnumAccounts ( lp , tctx , & r ) ;
torture_assert_ntstatus_ok ( tctx , status ,
" Failed to enum accounts " ) ;
for ( i = 0 ; i < lsa_sid_array . num_sids ; i + + ) {
if ( dom_sid_equal ( user_sid , lsa_sid_array . sids [ i ] . sid ) ) {
found_sid = true ;
}
}
torture_assert ( tctx , found_sid ,
" failed to list privileged account " ) ;
}
{
struct lsa_EnumAccountRights r ;
struct lsa_RightSet user_rights ;
2009-06-17 01:20:03 +02:00
torture_comment ( tctx , " Testing LSA EnumAccountRights \n " ) ;
2009-05-18 19:37:13 +02:00
r . in . handle = lsa_handle ;
r . in . sid = user_sid ;
r . out . rights = & user_rights ;
status = dcerpc_lsa_EnumAccountRights ( lp , tctx , & r ) ;
torture_assert_ntstatus_ok ( tctx , status ,
" Failed to enum rights for account " ) ;
if ( user_rights . count < 1 ) {
torture_warning ( tctx , " failed to find newly added rights " ) ;
return false ;
}
}
{
struct lsa_OpenAccount r ;
2009-06-17 01:20:03 +02:00
torture_comment ( tctx , " Testing LSA OpenAccount \n " ) ;
2009-05-18 19:37:13 +02:00
r . in . handle = lsa_handle ;
r . in . sid = user_sid ;
r . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
r . out . acct_handle = & lsa_acct_handle ;
status = dcerpc_lsa_OpenAccount ( lp , tctx , & r ) ;
torture_assert_ntstatus_ok ( tctx , status ,
" Failed to open lsa account " ) ;
}
{
struct lsa_GetSystemAccessAccount r ;
uint32_t access_mask ;
2009-06-17 01:20:03 +02:00
torture_comment ( tctx , " Testing LSA GetSystemAccessAccount \n " ) ;
2009-05-18 19:37:13 +02:00
r . in . handle = & lsa_acct_handle ;
r . out . access_mask = & access_mask ;
status = dcerpc_lsa_GetSystemAccessAccount ( lp , tctx , & r ) ;
torture_assert_ntstatus_ok ( tctx , status ,
" Failed to get lsa system access account " ) ;
}
{
struct lsa_Close r ;
2009-06-17 01:20:03 +02:00
torture_comment ( tctx , " Testing LSA Close \n " ) ;
2009-05-18 19:37:13 +02:00
r . in . handle = & lsa_acct_handle ;
r . out . handle = & lsa_acct_handle ;
status = dcerpc_lsa_Close ( lp , tctx , & r ) ;
torture_assert_ntstatus_ok ( tctx , status ,
" Failed to close lsa " ) ;
}
{
struct samr_DeleteUser r ;
2009-06-17 01:20:03 +02:00
torture_comment ( tctx , " Testing SAMR DeleteUser \n " ) ;
2009-05-18 19:37:13 +02:00
r . in . user_handle = user_handle ;
r . out . user_handle = user_handle ;
status = dcerpc_samr_DeleteUser ( p , tctx , & r ) ;
torture_assert_ntstatus_ok ( tctx , status , " Delete User failed " ) ;
}
{
struct lsa_EnumAccounts r ;
uint32_t resume_handle = 0 ;
struct lsa_SidArray lsa_sid_array ;
int i ;
bool found_sid = false ;
2009-06-17 01:20:03 +02:00
torture_comment ( tctx , " Testing LSA EnumAccounts \n " ) ;
2009-05-18 19:37:13 +02:00
r . in . handle = lsa_handle ;
r . in . num_entries = 0x1000 ;
r . in . resume_handle = & resume_handle ;
r . out . sids = & lsa_sid_array ;
r . out . resume_handle = & resume_handle ;
status = dcerpc_lsa_EnumAccounts ( lp , tctx , & r ) ;
torture_assert_ntstatus_ok ( tctx , status ,
" Failed to enum accounts " ) ;
for ( i = 0 ; i < lsa_sid_array . num_sids ; i + + ) {
if ( dom_sid_equal ( user_sid , lsa_sid_array . sids [ i ] . sid ) ) {
found_sid = true ;
}
}
torture_assert ( tctx , found_sid ,
" failed to list privileged account " ) ;
}
{
struct lsa_EnumAccountRights r ;
struct lsa_RightSet user_rights ;
2009-06-17 01:20:03 +02:00
torture_comment ( tctx , " Testing LSA EnumAccountRights \n " ) ;
2009-05-18 19:37:13 +02:00
r . in . handle = lsa_handle ;
r . in . sid = user_sid ;
r . out . rights = & user_rights ;
status = dcerpc_lsa_EnumAccountRights ( lp , tctx , & r ) ;
torture_assert_ntstatus_ok ( tctx , status ,
" Failed to enum rights for account " ) ;
if ( user_rights . count < 1 ) {
torture_warning ( tctx , " failed to find newly added rights " ) ;
return false ;
}
}
{
struct lsa_OpenAccount r ;
2009-06-17 01:20:03 +02:00
torture_comment ( tctx , " Testing LSA OpenAccount \n " ) ;
2009-05-18 19:37:13 +02:00
r . in . handle = lsa_handle ;
r . in . sid = user_sid ;
r . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
r . out . acct_handle = & lsa_acct_handle ;
status = dcerpc_lsa_OpenAccount ( lp , tctx , & r ) ;
torture_assert_ntstatus_ok ( tctx , status ,
" Failed to open lsa account " ) ;
}
{
struct lsa_GetSystemAccessAccount r ;
uint32_t access_mask ;
2009-06-17 01:20:03 +02:00
torture_comment ( tctx , " Testing LSA GetSystemAccessAccount \n " ) ;
2009-05-18 19:37:13 +02:00
r . in . handle = & lsa_acct_handle ;
r . out . access_mask = & access_mask ;
status = dcerpc_lsa_GetSystemAccessAccount ( lp , tctx , & r ) ;
torture_assert_ntstatus_ok ( tctx , status ,
" Failed to get lsa system access account " ) ;
}
{
struct lsa_DeleteObject r ;
2009-06-17 01:20:03 +02:00
torture_comment ( tctx , " Testing LSA DeleteObject \n " ) ;
2009-05-18 19:37:13 +02:00
r . in . handle = & lsa_acct_handle ;
r . out . handle = & lsa_acct_handle ;
status = dcerpc_lsa_DeleteObject ( lp , tctx , & r ) ;
torture_assert_ntstatus_ok ( tctx , status ,
" Failed to delete object " ) ;
}
{
struct lsa_EnumAccounts r ;
uint32_t resume_handle = 0 ;
struct lsa_SidArray lsa_sid_array ;
int i ;
bool found_sid = false ;
2009-06-17 01:20:03 +02:00
torture_comment ( tctx , " Testing LSA EnumAccounts \n " ) ;
2009-05-18 19:37:13 +02:00
r . in . handle = lsa_handle ;
r . in . num_entries = 0x1000 ;
r . in . resume_handle = & resume_handle ;
r . out . sids = & lsa_sid_array ;
r . out . resume_handle = & resume_handle ;
status = dcerpc_lsa_EnumAccounts ( lp , tctx , & r ) ;
torture_assert_ntstatus_ok ( tctx , status ,
" Failed to enum accounts " ) ;
for ( i = 0 ; i < lsa_sid_array . num_sids ; i + + ) {
if ( dom_sid_equal ( user_sid , lsa_sid_array . sids [ i ] . sid ) ) {
found_sid = true ;
}
}
torture_assert ( tctx , ! found_sid ,
" should not have listed privileged account " ) ;
}
{
struct lsa_EnumAccountRights r ;
struct lsa_RightSet user_rights ;
2009-06-17 01:20:03 +02:00
torture_comment ( tctx , " Testing LSA EnumAccountRights \n " ) ;
2009-05-18 19:37:13 +02:00
r . in . handle = lsa_handle ;
r . in . sid = user_sid ;
r . out . rights = & user_rights ;
status = dcerpc_lsa_EnumAccountRights ( lp , tctx , & r ) ;
torture_assert_ntstatus_equal ( tctx , status , NT_STATUS_OBJECT_NAME_NOT_FOUND ,
" Failed to enum rights for account " ) ;
}
return ret ;
}
2009-05-11 22:44:58 +02:00
static bool test_user_ops ( struct dcerpc_pipe * p ,
2007-12-03 15:53:28 +01:00
struct torture_context * tctx ,
2009-05-11 22:44:58 +02:00
struct policy_handle * user_handle ,
struct policy_handle * domain_handle ,
2009-05-18 19:37:13 +02:00
const struct dom_sid * domain_sid ,
2009-05-11 22:44:58 +02:00
uint32_t base_acct_flags ,
2008-12-08 13:10:56 +01:00
const char * base_acct_name , enum torture_samr_choice which_ops ,
struct cli_credentials * machine_credentials )
2003-11-20 03:09:19 +00:00
{
2006-07-07 02:03:04 +00:00
char * password = NULL ;
2008-02-28 08:50:00 +11:00
struct samr_QueryUserInfo q ;
2008-11-10 14:42:27 +01:00
union samr_UserInfo * info ;
2008-02-28 08:50:00 +11:00
NTSTATUS status ;
2006-07-07 02:03:04 +00:00
2007-10-06 22:28:14 +00:00
bool ret = true ;
2006-07-07 02:03:04 +00:00
int i ;
2008-02-28 08:50:00 +11:00
uint32_t rid ;
2006-07-07 02:03:04 +00:00
const uint32_t password_fields [ ] = {
2008-12-04 18:18:06 +01:00
SAMR_FIELD_NT_PASSWORD_PRESENT ,
SAMR_FIELD_LM_PASSWORD_PRESENT ,
SAMR_FIELD_NT_PASSWORD_PRESENT | SAMR_FIELD_LM_PASSWORD_PRESENT ,
2006-07-07 02:03:04 +00:00
0
} ;
2009-05-11 22:44:58 +02:00
2008-02-28 08:50:00 +11:00
status = test_LookupName ( p , tctx , domain_handle , base_acct_name , & rid ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
ret = false ;
}
2006-07-07 02:03:04 +00:00
switch ( which_ops ) {
case TORTURE_SAMR_USER_ATTRIBUTES :
2007-12-03 15:53:28 +01:00
if ( ! test_QuerySecurity ( p , tctx , user_handle ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2006-07-07 02:03:04 +00:00
}
2003-11-20 03:09:19 +00:00
2007-12-03 15:53:28 +01:00
if ( ! test_QueryUserInfo ( p , tctx , user_handle ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2006-07-07 02:03:04 +00:00
}
2003-11-20 03:09:19 +00:00
2007-12-03 15:53:28 +01:00
if ( ! test_QueryUserInfo2 ( p , tctx , user_handle ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2006-07-07 02:03:04 +00:00
}
2003-11-20 03:09:19 +00:00
2007-12-03 15:53:28 +01:00
if ( ! test_SetUserInfo ( p , tctx , user_handle , base_acct_flags ,
2006-07-07 02:03:04 +00:00
base_acct_name ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2009-05-11 22:44:58 +02:00
}
2004-04-18 04:32:04 +00:00
2007-12-03 15:53:28 +01:00
if ( ! test_GetUserPwInfo ( p , tctx , user_handle ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2006-07-07 02:03:04 +00:00
}
2003-11-20 07:20:59 +00:00
2007-12-03 15:53:28 +01:00
if ( ! test_TestPrivateFunctionsUser ( p , tctx , user_handle ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2006-07-07 02:03:04 +00:00
}
2003-11-21 13:14:17 +00:00
2007-12-03 15:53:28 +01:00
if ( ! test_SetUserPass ( p , tctx , user_handle , & password ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2006-07-07 02:03:04 +00:00
}
break ;
case TORTURE_SAMR_PASSWORDS :
2007-08-22 04:28:15 +00:00
if ( base_acct_flags & ( ACB_WSTRUST | ACB_DOMTRUST | ACB_SVRTRUST ) ) {
char simple_pass [ 9 ] ;
2007-12-03 15:53:28 +01:00
char * v = generate_random_str ( tctx , 1 ) ;
2009-05-11 22:44:58 +02:00
2007-08-22 04:28:15 +00:00
ZERO_STRUCT ( simple_pass ) ;
memset ( simple_pass , * v , sizeof ( simple_pass ) - 1 ) ;
2009-06-29 23:42:58 +02:00
torture_comment ( tctx , " Testing machine account password policy rules \n " ) ;
2007-08-22 04:28:15 +00:00
/* Workstation trust accounts don't seem to need to honour password quality policy */
2007-12-03 15:53:28 +01:00
if ( ! test_SetUserPassEx ( p , tctx , user_handle , true , & password ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2007-08-22 04:28:15 +00:00
}
2007-12-03 15:53:28 +01:00
if ( ! test_ChangePasswordUser2 ( p , tctx , base_acct_name , & password , simple_pass , false ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2007-08-22 04:28:15 +00:00
}
/* reset again, to allow another 'user' password change */
2007-12-03 15:53:28 +01:00
if ( ! test_SetUserPassEx ( p , tctx , user_handle , true , & password ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2007-08-22 04:28:15 +00:00
}
/* Try a 'short' password */
2007-12-03 15:53:28 +01:00
if ( ! test_ChangePasswordUser2 ( p , tctx , base_acct_name , & password , samr_rand_pass ( tctx , 4 ) , false ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2007-08-22 04:28:15 +00:00
}
2008-10-17 13:00:24 +11:00
/* Try a compleatly random password */
if ( ! test_ChangePasswordRandomBytes ( p , tctx , base_acct_name , user_handle , & password ) ) {
ret = false ;
}
2007-08-22 04:28:15 +00:00
}
2008-11-25 02:46:25 +01:00
2006-07-07 02:03:04 +00:00
for ( i = 0 ; password_fields [ i ] ; i + + ) {
2007-12-03 15:53:28 +01:00
if ( ! test_SetUserPass_23 ( p , tctx , user_handle , password_fields [ i ] , & password ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2009-05-11 22:44:58 +02:00
}
2006-07-07 02:03:04 +00:00
/* check it was set right */
2007-12-03 15:53:28 +01:00
if ( ! test_ChangePasswordUser3 ( p , tctx , base_acct_name , 0 , & password , NULL , 0 , false ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2006-07-07 02:03:04 +00:00
}
2009-05-11 22:44:58 +02:00
}
2006-07-07 02:03:04 +00:00
for ( i = 0 ; password_fields [ i ] ; i + + ) {
2007-12-03 15:53:28 +01:00
if ( ! test_SetUserPass_25 ( p , tctx , user_handle , password_fields [ i ] , & password ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2009-05-11 22:44:58 +02:00
}
2006-07-07 02:03:04 +00:00
/* check it was set right */
2007-12-03 15:53:28 +01:00
if ( ! test_ChangePasswordUser3 ( p , tctx , base_acct_name , 0 , & password , NULL , 0 , false ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2006-07-07 02:03:04 +00:00
}
2009-05-11 22:44:58 +02:00
}
2006-07-07 02:03:04 +00:00
2007-12-03 15:53:28 +01:00
if ( ! test_SetUserPassEx ( p , tctx , user_handle , false , & password ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2009-05-11 22:44:58 +02:00
}
2004-04-18 04:06:15 +00:00
2007-12-03 15:53:28 +01:00
if ( ! test_ChangePassword ( p , tctx , base_acct_name , domain_handle , & password ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2009-05-11 22:44:58 +02:00
}
2007-08-22 04:28:15 +00:00
2008-12-05 15:19:22 +01:00
if ( torture_setting_bool ( tctx , " samba4 " , false ) ) {
2009-06-29 23:42:58 +02:00
torture_comment ( tctx , " skipping Set Password level 18 and 21 against Samba4 \n " ) ;
2008-12-05 15:19:22 +01:00
} else {
if ( ! test_SetUserPass_18 ( p , tctx , user_handle , & password ) ) {
ret = false ;
}
if ( ! test_ChangePasswordUser3 ( p , tctx , base_acct_name , 0 , & password , NULL , 0 , false ) ) {
ret = false ;
}
2008-12-05 15:43:33 +01:00
for ( i = 0 ; password_fields [ i ] ; i + + ) {
if ( password_fields [ i ] = = SAMR_FIELD_LM_PASSWORD_PRESENT ) {
/* we need to skip as that would break
* the ChangePasswordUser3 verify */
continue ;
}
if ( ! test_SetUserPass_21 ( p , tctx , user_handle , password_fields [ i ] , & password ) ) {
ret = false ;
}
/* check it was set right */
if ( ! test_ChangePasswordUser3 ( p , tctx , base_acct_name , 0 , & password , NULL , 0 , false ) ) {
ret = false ;
}
}
2008-12-05 15:19:22 +01:00
}
2008-02-28 08:50:00 +11:00
q . in . user_handle = user_handle ;
q . in . level = 5 ;
2008-11-10 14:42:27 +01:00
q . out . info = & info ;
2009-05-11 22:44:58 +02:00
2008-02-28 08:50:00 +11:00
status = dcerpc_samr_QueryUserInfo ( p , tctx , & q ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " QueryUserInfo level %u failed - %s \n " ,
2008-02-28 08:50:00 +11:00
q . in . level , nt_errstr ( status ) ) ;
ret = false ;
} else {
uint32_t expected_flags = ( base_acct_flags | ACB_PWNOTREQ | ACB_DISABLED ) ;
2008-11-10 14:42:27 +01:00
if ( ( info - > info5 . acct_flags ) ! = expected_flags ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " QuerUserInfo level 5 failed, it returned 0x%08x when we expected flags of 0x%08x \n " ,
2008-11-10 14:42:27 +01:00
info - > info5 . acct_flags ,
2008-02-28 08:50:00 +11:00
expected_flags ) ;
2009-05-08 00:30:11 +02:00
/* FIXME: GD */
if ( ! torture_setting_bool ( tctx , " samba3 " , false ) ) {
ret = false ;
}
2008-02-28 08:50:00 +11:00
}
2008-11-10 14:42:27 +01:00
if ( info - > info5 . rid ! = rid ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " QuerUserInfo level 5 failed, it returned %u when we expected rid of %u \n " ,
2008-11-10 14:42:27 +01:00
info - > info5 . rid , rid ) ;
2008-02-28 08:50:00 +11:00
}
}
2006-07-07 02:03:04 +00:00
break ;
2008-11-27 12:09:39 +01:00
case TORTURE_SAMR_PASSWORDS_PWDLASTSET :
/* test last password change timestamp behaviour */
if ( ! test_SetPassword_pwdlastset ( p , tctx , base_acct_flags ,
2008-12-08 13:10:56 +01:00
base_acct_name ,
user_handle , & password ,
machine_credentials ) ) {
2008-11-27 12:09:39 +01:00
ret = false ;
}
if ( ret = = true ) {
torture_comment ( tctx , " pwdLastSet test succeeded \n " ) ;
} else {
torture_warning ( tctx , " pwdLastSet test failed \n " ) ;
}
break ;
2010-01-11 21:18:51 +01:00
case TORTURE_SAMR_PASSWORDS_BADPWDCOUNT :
/* test bad pwd count change behaviour */
if ( ! test_Password_badpwdcount_wrap ( p , tctx , base_acct_flags ,
base_acct_name ,
domain_handle ,
user_handle , & password ,
machine_credentials ) ) {
ret = false ;
}
if ( ret = = true ) {
torture_comment ( tctx , " badPwdCount test succeeded \n " ) ;
} else {
torture_warning ( tctx , " badPwdCount test failed \n " ) ;
}
break ;
2010-01-15 18:08:57 +01:00
case TORTURE_SAMR_PASSWORDS_LOCKOUT :
if ( ! test_Password_lockout_wrap ( p , tctx , base_acct_flags ,
base_acct_name ,
domain_handle ,
user_handle , & password ,
machine_credentials ) )
{
ret = false ;
}
if ( ret = = true ) {
torture_comment ( tctx , " lockout test succeeded \n " ) ;
} else {
torture_warning ( tctx , " lockout test failed \n " ) ;
}
break ;
2009-05-18 19:37:13 +02:00
case TORTURE_SAMR_USER_PRIVILEGES : {
struct dcerpc_pipe * lp ;
struct policy_handle * lsa_handle ;
status = torture_rpc_connection ( tctx , & lp , & ndr_table_lsarpc ) ;
torture_assert_ntstatus_ok ( tctx , status , " Failed to open LSA pipe " ) ;
2010-03-11 12:00:34 +01:00
if ( ! test_lsa_OpenPolicy2 ( lp - > binding_handle , tctx , & lsa_handle ) ) {
2009-05-18 19:37:13 +02:00
ret = false ;
}
if ( ! test_DeleteUser_with_privs ( p , lp , tctx ,
domain_handle , lsa_handle , user_handle ,
domain_sid , rid ,
machine_credentials ) ) {
ret = false ;
}
2010-03-11 12:00:34 +01:00
if ( ! test_lsa_Close ( lp - > binding_handle , tctx , lsa_handle ) ) {
2009-05-18 19:37:13 +02:00
ret = false ;
}
if ( ! ret ) {
torture_warning ( tctx , " privileged user delete test failed \n " ) ;
}
break ;
}
2006-07-07 02:03:04 +00:00
case TORTURE_SAMR_OTHER :
2010-03-05 08:50:08 +01:00
case TORTURE_SAMR_MANY_ACCOUNTS :
case TORTURE_SAMR_MANY_GROUPS :
case TORTURE_SAMR_MANY_ALIASES :
2006-07-07 07:38:36 +00:00
/* We just need the account to exist */
2006-07-07 02:03:04 +00:00
break ;
}
2003-11-20 03:09:19 +00:00
return ret ;
}
2007-12-03 15:53:17 +01:00
static bool test_alias_ops ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2003-12-19 04:13:39 +00:00
struct policy_handle * alias_handle ,
const struct dom_sid * domain_sid )
2003-12-19 03:59:27 +00:00
{
2007-10-06 22:28:14 +00:00
bool ret = true ;
2003-12-19 03:59:27 +00:00
2009-05-11 23:46:45 +02:00
if ( ! torture_setting_bool ( tctx , " samba3 " , false ) ) {
if ( ! test_QuerySecurity ( p , tctx , alias_handle ) ) {
ret = false ;
}
2003-12-19 03:59:27 +00:00
}
2007-12-03 15:53:17 +01:00
if ( ! test_QueryAliasInfo ( p , tctx , alias_handle ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2003-12-19 03:59:27 +00:00
}
2007-12-03 15:53:17 +01:00
if ( ! test_SetAliasInfo ( p , tctx , alias_handle ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2003-12-19 03:59:27 +00:00
}
2007-12-03 15:53:17 +01:00
if ( ! test_AddMemberToAlias ( p , tctx , alias_handle , domain_sid ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2003-12-19 03:59:27 +00:00
}
2009-06-07 00:39:32 +02:00
if ( torture_setting_bool ( tctx , " samba3 " , false ) | |
torture_setting_bool ( tctx , " samba4 " , false ) ) {
2009-06-29 23:42:58 +02:00
torture_comment ( tctx , " skipping MultipleMembers Alias tests against Samba \n " ) ;
2006-07-04 02:46:24 +00:00
return ret ;
}
2007-12-03 15:53:17 +01:00
if ( ! test_AddMultipleMembersToAlias ( p , tctx , alias_handle ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2004-04-19 05:48:03 +00:00
}
2003-12-19 03:59:27 +00:00
return ret ;
}
2003-11-15 20:47:59 +00:00
2004-04-17 06:40:50 +00:00
2008-10-31 16:09:29 +01:00
static bool test_DeleteUser ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2006-07-07 07:38:36 +00:00
struct policy_handle * user_handle )
{
struct samr_DeleteUser d ;
NTSTATUS status ;
2008-10-31 16:09:29 +01:00
torture_comment ( tctx , " Testing DeleteUser \n " ) ;
2006-07-07 07:38:36 +00:00
d . in . user_handle = user_handle ;
d . out . user_handle = user_handle ;
2008-10-31 16:09:29 +01:00
status = dcerpc_samr_DeleteUser ( p , tctx , & d ) ;
torture_assert_ntstatus_ok ( tctx , status , " DeleteUser " ) ;
2006-07-07 07:38:36 +00:00
2008-10-31 16:09:29 +01:00
return true ;
2006-07-07 07:38:36 +00:00
}
2009-05-11 23:13:26 +02:00
bool test_DeleteUser_byname ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
2004-04-27 06:36:39 +00:00
struct policy_handle * handle , const char * name )
2004-04-17 06:40:50 +00:00
{
NTSTATUS status ;
struct samr_DeleteUser d ;
2004-09-21 03:51:38 +00:00
struct policy_handle user_handle ;
2004-05-25 16:24:13 +00:00
uint32_t rid ;
2004-04-17 06:40:50 +00:00
2009-05-11 23:13:26 +02:00
status = test_LookupName ( p , tctx , handle , name , & rid ) ;
2003-11-20 07:20:59 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto failed ;
}
2009-05-11 23:13:26 +02:00
status = test_OpenUser_byname ( p , tctx , handle , name , & user_handle ) ;
2003-11-20 07:20:59 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto failed ;
}
2004-09-21 03:51:38 +00:00
d . in . user_handle = & user_handle ;
d . out . user_handle = & user_handle ;
2009-05-11 23:13:26 +02:00
status = dcerpc_samr_DeleteUser ( p , tctx , & d ) ;
2003-11-20 07:20:59 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto failed ;
}
2007-10-06 22:28:14 +00:00
return true ;
2003-11-20 07:20:59 +00:00
failed :
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " DeleteUser_byname(%s) failed - %s \n " , name , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
return false ;
2003-11-20 07:20:59 +00:00
}
2004-04-17 05:54:55 +00:00
2009-05-11 23:13:26 +02:00
static bool test_DeleteGroup_byname ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
2004-04-17 05:54:55 +00:00
struct policy_handle * handle , const char * name )
{
NTSTATUS status ;
struct samr_OpenGroup r ;
struct samr_DeleteDomainGroup d ;
struct policy_handle group_handle ;
2004-05-25 16:24:13 +00:00
uint32_t rid ;
2004-04-17 05:54:55 +00:00
2009-05-11 23:13:26 +02:00
status = test_LookupName ( p , tctx , handle , name , & rid ) ;
2004-04-17 05:54:55 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto failed ;
}
2004-09-21 03:51:38 +00:00
r . in . domain_handle = handle ;
2004-12-02 04:37:36 +00:00
r . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
2004-04-17 06:40:50 +00:00
r . in . rid = rid ;
2004-09-21 03:51:38 +00:00
r . out . group_handle = & group_handle ;
2009-05-11 23:13:26 +02:00
status = dcerpc_samr_OpenGroup ( p , tctx , & r ) ;
2004-04-17 05:54:55 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto failed ;
}
2004-09-21 03:51:38 +00:00
d . in . group_handle = & group_handle ;
d . out . group_handle = & group_handle ;
2009-05-11 23:13:26 +02:00
status = dcerpc_samr_DeleteDomainGroup ( p , tctx , & d ) ;
2004-04-17 05:54:55 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto failed ;
}
2007-10-06 22:28:14 +00:00
return true ;
2004-04-17 05:54:55 +00:00
failed :
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " DeleteGroup_byname(%s) failed - %s \n " , name , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
return false ;
2004-04-17 05:54:55 +00:00
}
2009-05-11 23:13:26 +02:00
static bool test_DeleteAlias_byname ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * domain_handle ,
const char * name )
2003-12-19 03:59:27 +00:00
{
NTSTATUS status ;
struct samr_OpenAlias r ;
struct samr_DeleteDomAlias d ;
struct policy_handle alias_handle ;
2004-05-25 16:24:13 +00:00
uint32_t rid ;
2003-12-19 03:59:27 +00:00
2009-06-29 23:42:58 +02:00
torture_comment ( tctx , " testing DeleteAlias_byname \n " ) ;
2003-12-19 03:59:27 +00:00
2009-05-11 23:13:26 +02:00
status = test_LookupName ( p , tctx , domain_handle , name , & rid ) ;
2003-12-19 03:59:27 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto failed ;
}
2004-09-21 03:51:38 +00:00
r . in . domain_handle = domain_handle ;
2004-12-02 04:37:36 +00:00
r . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
2004-04-17 06:40:50 +00:00
r . in . rid = rid ;
2004-09-21 03:51:38 +00:00
r . out . alias_handle = & alias_handle ;
2009-05-11 23:13:26 +02:00
status = dcerpc_samr_OpenAlias ( p , tctx , & r ) ;
2003-12-19 03:59:27 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto failed ;
}
2004-09-21 03:51:38 +00:00
d . in . alias_handle = & alias_handle ;
d . out . alias_handle = & alias_handle ;
2009-05-11 23:13:26 +02:00
status = dcerpc_samr_DeleteDomAlias ( p , tctx , & d ) ;
2003-12-19 03:59:27 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto failed ;
}
2007-10-06 22:28:14 +00:00
return true ;
2003-12-19 03:59:27 +00:00
failed :
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " DeleteAlias_byname(%s) failed - %s \n " , name , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
return false ;
2003-12-19 03:59:27 +00:00
}
2009-05-11 23:13:26 +02:00
static bool test_DeleteAlias ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * alias_handle )
2003-12-19 03:59:27 +00:00
{
struct samr_DeleteDomAlias d ;
NTSTATUS status ;
2007-10-06 22:28:14 +00:00
bool ret = true ;
2009-06-29 23:42:58 +02:00
torture_comment ( tctx , " Testing DeleteAlias \n " ) ;
2003-12-19 03:59:27 +00:00
2004-09-21 03:51:38 +00:00
d . in . alias_handle = alias_handle ;
d . out . alias_handle = alias_handle ;
2003-12-19 03:59:27 +00:00
2009-05-11 23:13:26 +02:00
status = dcerpc_samr_DeleteDomAlias ( p , tctx , & d ) ;
2003-12-19 03:59:27 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " DeleteAlias failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2003-12-19 03:59:27 +00:00
}
return ret ;
}
2007-12-03 15:53:17 +01:00
static bool test_CreateAlias ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2009-05-21 18:12:29 +02:00
struct policy_handle * domain_handle ,
const char * alias_name ,
2009-05-11 22:44:58 +02:00
struct policy_handle * alias_handle ,
2009-05-21 18:12:29 +02:00
const struct dom_sid * domain_sid ,
bool test_alias )
2003-12-19 03:59:27 +00:00
{
NTSTATUS status ;
struct samr_CreateDomAlias r ;
2005-07-08 08:09:02 +00:00
struct lsa_String name ;
2004-05-25 16:24:13 +00:00
uint32_t rid ;
2007-10-06 22:28:14 +00:00
bool ret = true ;
2003-12-19 03:59:27 +00:00
2009-05-21 18:12:29 +02:00
init_lsa_String ( & name , alias_name ) ;
2004-09-21 03:51:38 +00:00
r . in . domain_handle = domain_handle ;
2005-04-13 06:26:43 +00:00
r . in . alias_name = & name ;
2004-12-02 04:37:36 +00:00
r . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
2004-09-21 03:51:38 +00:00
r . out . alias_handle = alias_handle ;
2003-12-19 03:59:27 +00:00
r . out . rid = & rid ;
2009-06-29 23:42:58 +02:00
torture_comment ( tctx , " Testing CreateAlias (%s) \n " , r . in . alias_name - > string ) ;
2003-12-19 03:59:27 +00:00
2007-12-03 15:53:17 +01:00
status = dcerpc_samr_CreateDomAlias ( p , tctx , & r ) ;
2003-12-19 03:59:27 +00:00
2008-03-14 12:26:03 +11:00
if ( dom_sid_equal ( domain_sid , dom_sid_parse_talloc ( tctx , SID_BUILTIN ) ) ) {
if ( NT_STATUS_EQUAL ( status , NT_STATUS_ACCESS_DENIED ) ) {
2009-06-29 23:42:58 +02:00
torture_comment ( tctx , " Server correctly refused create of '%s' \n " , r . in . alias_name - > string ) ;
2008-03-14 12:26:03 +11:00
return true ;
} else {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " Server should have refused create of '%s', got %s instead \n " , r . in . alias_name - > string ,
2008-03-14 12:26:03 +11:00
nt_errstr ( status ) ) ;
return false ;
}
2003-12-19 03:59:27 +00:00
}
if ( NT_STATUS_EQUAL ( status , NT_STATUS_ALIAS_EXISTS ) ) {
2007-12-03 15:53:17 +01:00
if ( ! test_DeleteAlias_byname ( p , tctx , domain_handle , r . in . alias_name - > string ) ) {
2007-10-06 22:28:14 +00:00
return false ;
2003-12-19 03:59:27 +00:00
}
2007-12-03 15:53:17 +01:00
status = dcerpc_samr_CreateDomAlias ( p , tctx , & r ) ;
2003-12-19 03:59:27 +00:00
}
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " CreateAlias failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
return false ;
2003-12-19 03:59:27 +00:00
}
2009-05-21 18:12:29 +02:00
if ( ! test_alias ) {
return ret ;
}
2007-12-03 15:53:17 +01:00
if ( ! test_alias_ops ( p , tctx , alias_handle , domain_sid ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2003-12-19 03:59:27 +00:00
}
return ret ;
}
2003-11-20 07:20:59 +00:00
2009-05-11 23:13:26 +02:00
static bool test_ChangePassword ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
2006-07-07 02:03:04 +00:00
const char * acct_name ,
2004-04-22 06:19:48 +00:00
struct policy_handle * domain_handle , char * * password )
{
2007-10-06 22:28:14 +00:00
bool ret = true ;
2004-04-22 06:19:48 +00:00
if ( ! * password ) {
2007-10-06 22:28:14 +00:00
return false ;
2004-04-22 06:19:48 +00:00
}
2009-05-11 23:13:26 +02:00
if ( ! test_ChangePasswordUser ( p , tctx , acct_name , domain_handle , password ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2004-04-22 06:19:48 +00:00
}
2009-05-11 23:13:26 +02:00
if ( ! test_ChangePasswordUser2 ( p , tctx , acct_name , password , 0 , true ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2004-04-22 06:19:48 +00:00
}
2009-05-11 23:13:26 +02:00
if ( ! test_OemChangePasswordUser2 ( p , tctx , acct_name , domain_handle , password ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2004-04-22 06:19:48 +00:00
}
2006-09-20 23:32:56 +00:00
/* test what happens when setting the old password again */
2009-05-11 23:13:26 +02:00
if ( ! test_ChangePasswordUser3 ( p , tctx , acct_name , 0 , password , * password , 0 , true ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2006-09-20 23:32:56 +00:00
}
2006-09-20 23:59:17 +00:00
{
char simple_pass [ 9 ] ;
2009-05-11 23:13:26 +02:00
char * v = generate_random_str ( tctx , 1 ) ;
2006-09-20 23:59:17 +00:00
2006-09-21 22:55:00 +00:00
ZERO_STRUCT ( simple_pass ) ;
memset ( simple_pass , * v , sizeof ( simple_pass ) - 1 ) ;
2006-09-20 23:59:17 +00:00
/* test what happens when picking a simple password */
2009-05-11 23:13:26 +02:00
if ( ! test_ChangePasswordUser3 ( p , tctx , acct_name , 0 , password , simple_pass , 0 , true ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2006-09-20 23:59:17 +00:00
}
2006-09-20 23:32:56 +00:00
}
/* set samr_SetDomainInfo level 1 with min_length 5 */
{
struct samr_QueryDomainInfo r ;
2008-11-05 02:59:51 +01:00
union samr_DomainInfo * info = NULL ;
2006-09-20 23:32:56 +00:00
struct samr_SetDomainInfo s ;
uint16_t len_old , len ;
2007-03-06 05:30:25 +00:00
uint32_t pwd_prop_old ;
2007-08-22 04:28:15 +00:00
int64_t min_pwd_age_old ;
2006-09-20 23:32:56 +00:00
NTSTATUS status ;
2007-03-06 05:30:25 +00:00
len = 5 ;
2006-09-20 23:32:56 +00:00
r . in . domain_handle = domain_handle ;
r . in . level = 1 ;
2008-11-05 02:59:51 +01:00
r . out . info = & info ;
2006-09-20 23:32:56 +00:00
2009-06-29 23:42:58 +02:00
torture_comment ( tctx , " testing samr_QueryDomainInfo level 1 \n " ) ;
2009-05-11 23:13:26 +02:00
status = dcerpc_samr_QueryDomainInfo ( p , tctx , & r ) ;
2006-09-20 23:32:56 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2007-10-06 22:28:14 +00:00
return false ;
2006-09-20 23:32:56 +00:00
}
s . in . domain_handle = domain_handle ;
s . in . level = 1 ;
2008-11-05 02:59:51 +01:00
s . in . info = info ;
2006-09-20 23:32:56 +00:00
2007-03-06 05:30:25 +00:00
/* remember the old min length, so we can reset it */
2006-09-20 23:32:56 +00:00
len_old = s . in . info - > info1 . min_password_length ;
s . in . info - > info1 . min_password_length = len ;
2007-03-06 05:30:25 +00:00
pwd_prop_old = s . in . info - > info1 . password_properties ;
/* turn off password complexity checks for this test */
s . in . info - > info1 . password_properties & = ~ DOMAIN_PASSWORD_COMPLEX ;
2006-09-20 23:32:56 +00:00
2007-08-22 04:28:15 +00:00
min_pwd_age_old = s . in . info - > info1 . min_password_age ;
s . in . info - > info1 . min_password_age = 0 ;
2009-06-29 23:42:58 +02:00
torture_comment ( tctx , " testing samr_SetDomainInfo level 1 \n " ) ;
2009-05-11 23:13:26 +02:00
status = dcerpc_samr_SetDomainInfo ( p , tctx , & s ) ;
2006-09-20 23:32:56 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2007-10-06 22:28:14 +00:00
return false ;
2006-09-20 23:32:56 +00:00
}
2009-06-29 23:42:58 +02:00
torture_comment ( tctx , " calling test_ChangePasswordUser3 with too short password \n " ) ;
2006-09-20 23:32:56 +00:00
2009-05-11 23:13:26 +02:00
if ( ! test_ChangePasswordUser3 ( p , tctx , acct_name , len - 1 , password , NULL , 0 , true ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2006-09-20 23:32:56 +00:00
}
s . in . info - > info1 . min_password_length = len_old ;
2007-03-06 05:30:25 +00:00
s . in . info - > info1 . password_properties = pwd_prop_old ;
2007-08-22 04:28:15 +00:00
s . in . info - > info1 . min_password_age = min_pwd_age_old ;
2009-05-11 22:44:58 +02:00
2009-06-29 23:42:58 +02:00
torture_comment ( tctx , " testing samr_SetDomainInfo level 1 \n " ) ;
2009-05-11 23:13:26 +02:00
status = dcerpc_samr_SetDomainInfo ( p , tctx , & s ) ;
2006-09-20 23:32:56 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2007-10-06 22:28:14 +00:00
return false ;
2006-09-20 23:32:56 +00:00
}
}
{
NTSTATUS status ;
struct samr_OpenUser r ;
struct samr_QueryUserInfo q ;
2008-11-10 14:42:27 +01:00
union samr_UserInfo * info ;
2006-09-20 23:32:56 +00:00
struct samr_LookupNames n ;
struct policy_handle user_handle ;
2008-11-05 14:28:17 +01:00
struct samr_Ids rids , types ;
2006-09-20 23:32:56 +00:00
n . in . domain_handle = domain_handle ;
n . in . num_names = 1 ;
2009-05-11 23:13:26 +02:00
n . in . names = talloc_array ( tctx , struct lsa_String , 1 ) ;
2009-05-11 22:44:58 +02:00
n . in . names [ 0 ] . string = acct_name ;
2008-11-05 14:28:17 +01:00
n . out . rids = & rids ;
n . out . types = & types ;
2006-09-20 23:32:56 +00:00
2009-05-11 23:13:26 +02:00
status = dcerpc_samr_LookupNames ( p , tctx , & n ) ;
2006-09-20 23:32:56 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " LookupNames failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
return false ;
2006-09-20 23:32:56 +00:00
}
r . in . domain_handle = domain_handle ;
r . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
2008-11-05 14:28:17 +01:00
r . in . rid = n . out . rids - > ids [ 0 ] ;
2006-09-20 23:32:56 +00:00
r . out . user_handle = & user_handle ;
2009-05-11 23:13:26 +02:00
status = dcerpc_samr_OpenUser ( p , tctx , & r ) ;
2006-09-20 23:32:56 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " OpenUser(%u) failed - %s \n " , n . out . rids - > ids [ 0 ] , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
return false ;
2006-09-20 23:32:56 +00:00
}
q . in . user_handle = & user_handle ;
q . in . level = 5 ;
2008-11-10 14:42:27 +01:00
q . out . info = & info ;
2006-09-20 23:32:56 +00:00
2009-05-11 23:13:26 +02:00
status = dcerpc_samr_QueryUserInfo ( p , tctx , & q ) ;
2006-09-20 23:32:56 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " QueryUserInfo failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
return false ;
2006-09-20 23:32:56 +00:00
}
2009-06-29 23:42:58 +02:00
torture_comment ( tctx , " calling test_ChangePasswordUser3 with too early password change \n " ) ;
2006-09-20 23:32:56 +00:00
2009-05-11 23:13:26 +02:00
if ( ! test_ChangePasswordUser3 ( p , tctx , acct_name , 0 , password , NULL ,
2008-11-10 14:42:27 +01:00
info - > info5 . last_password_change , true ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2006-09-20 23:32:56 +00:00
}
}
2004-10-20 02:08:36 +00:00
/* we change passwords twice - this has the effect of verifying
they were changed correctly for the final call */
2009-05-11 23:13:26 +02:00
if ( ! test_ChangePasswordUser3 ( p , tctx , acct_name , 0 , password , NULL , 0 , true ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2004-10-20 02:08:36 +00:00
}
2009-05-11 23:13:26 +02:00
if ( ! test_ChangePasswordUser3 ( p , tctx , acct_name , 0 , password , NULL , 0 , true ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2004-04-22 06:19:48 +00:00
}
return ret ;
}
2007-12-03 15:53:28 +01:00
static bool test_CreateUser ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2009-05-11 22:44:58 +02:00
struct policy_handle * domain_handle ,
2009-05-21 18:12:29 +02:00
const char * user_name ,
2008-03-14 12:26:03 +11:00
struct policy_handle * user_handle_out ,
2009-05-11 22:44:58 +02:00
struct dom_sid * domain_sid ,
2008-12-08 13:10:56 +01:00
enum torture_samr_choice which_ops ,
2009-05-21 18:12:29 +02:00
struct cli_credentials * machine_credentials ,
bool test_user )
2003-11-18 10:21:05 +00:00
{
2006-07-07 02:03:04 +00:00
TALLOC_CTX * user_ctx ;
2003-11-18 10:21:05 +00:00
NTSTATUS status ;
struct samr_CreateUser r ;
2003-12-03 03:10:10 +00:00
struct samr_QueryUserInfo q ;
2008-11-10 14:42:27 +01:00
union samr_UserInfo * info ;
2006-07-07 02:03:04 +00:00
struct samr_DeleteUser d ;
2004-05-25 16:24:13 +00:00
uint32_t rid ;
2004-10-20 02:08:36 +00:00
2003-12-03 03:10:10 +00:00
/* This call creates a 'normal' account - check that it really does */
2004-05-25 16:24:13 +00:00
const uint32_t acct_flags = ACB_NORMAL ;
2005-07-08 08:09:02 +00:00
struct lsa_String name ;
2007-10-06 22:28:14 +00:00
bool ret = true ;
2003-11-18 10:21:05 +00:00
2006-07-07 02:03:04 +00:00
struct policy_handle user_handle ;
2007-12-03 15:53:28 +01:00
user_ctx = talloc_named ( tctx , 0 , " test_CreateUser2 per-user context " ) ;
2009-05-21 18:12:29 +02:00
init_lsa_String ( & name , user_name ) ;
2003-11-18 10:21:05 +00:00
2004-09-21 03:51:38 +00:00
r . in . domain_handle = domain_handle ;
2004-06-05 03:22:10 +00:00
r . in . account_name = & name ;
2004-12-02 04:37:36 +00:00
r . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
2006-07-07 02:03:04 +00:00
r . out . user_handle = & user_handle ;
2003-11-18 10:21:05 +00:00
r . out . rid = & rid ;
2009-06-29 23:42:58 +02:00
torture_comment ( tctx , " Testing CreateUser(%s) \n " , r . in . account_name - > string ) ;
2003-11-18 10:21:05 +00:00
2005-03-22 08:00:45 +00:00
status = dcerpc_samr_CreateUser ( p , user_ctx , & r ) ;
2003-11-20 01:02:09 +00:00
2008-03-14 12:26:03 +11:00
if ( dom_sid_equal ( domain_sid , dom_sid_parse_talloc ( tctx , SID_BUILTIN ) ) ) {
2008-10-17 13:00:24 +11:00
if ( NT_STATUS_EQUAL ( status , NT_STATUS_ACCESS_DENIED ) | | NT_STATUS_EQUAL ( status , NT_STATUS_INVALID_PARAMETER ) ) {
2009-06-29 23:42:58 +02:00
torture_comment ( tctx , " Server correctly refused create of '%s' \n " , r . in . account_name - > string ) ;
2008-03-14 12:26:03 +11:00
return true ;
} else {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " Server should have refused create of '%s', got %s instead \n " , r . in . account_name - > string ,
2008-03-14 12:26:03 +11:00
nt_errstr ( status ) ) ;
return false ;
}
2003-11-20 01:02:09 +00:00
}
2003-11-20 07:20:59 +00:00
if ( NT_STATUS_EQUAL ( status , NT_STATUS_USER_EXISTS ) ) {
2005-03-22 08:00:45 +00:00
if ( ! test_DeleteUser_byname ( p , user_ctx , domain_handle , r . in . account_name - > string ) ) {
talloc_free ( user_ctx ) ;
2007-10-06 22:28:14 +00:00
return false ;
2003-11-20 07:20:59 +00:00
}
2005-03-22 08:00:45 +00:00
status = dcerpc_samr_CreateUser ( p , user_ctx , & r ) ;
2003-11-20 07:20:59 +00:00
}
2009-05-21 18:12:29 +02:00
2003-11-20 07:20:59 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2005-03-22 08:00:45 +00:00
talloc_free ( user_ctx ) ;
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " CreateUser failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
return false ;
2009-05-21 18:12:29 +02:00
}
if ( ! test_user ) {
if ( user_handle_out ) {
* user_handle_out = user_handle ;
}
return ret ;
}
{
2006-07-07 02:03:04 +00:00
q . in . user_handle = & user_handle ;
q . in . level = 16 ;
2008-11-10 14:42:27 +01:00
q . out . info = & info ;
2009-05-11 22:44:58 +02:00
2006-07-07 02:03:04 +00:00
status = dcerpc_samr_QueryUserInfo ( p , user_ctx , & q ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " QueryUserInfo level %u failed - %s \n " ,
2006-07-07 02:03:04 +00:00
q . in . level , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2006-07-07 02:03:04 +00:00
} else {
2008-11-10 14:42:27 +01:00
if ( ( info - > info16 . acct_flags & acct_flags ) ! = acct_flags ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " QuerUserInfo level 16 failed, it returned 0x%08x when we expected flags of 0x%08x \n " ,
2008-11-10 14:42:27 +01:00
info - > info16 . acct_flags ,
2006-07-07 02:03:04 +00:00
acct_flags ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2006-07-07 02:03:04 +00:00
}
2003-12-03 03:10:10 +00:00
}
2009-05-11 22:44:58 +02:00
if ( ! test_user_ops ( p , tctx , & user_handle , domain_handle ,
2009-05-18 19:37:13 +02:00
domain_sid , acct_flags , name . string , which_ops ,
2008-12-08 13:10:56 +01:00
machine_credentials ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2004-10-20 02:08:36 +00:00
}
2009-05-11 22:44:58 +02:00
2006-07-07 07:38:36 +00:00
if ( user_handle_out ) {
* user_handle_out = user_handle ;
} else {
2009-06-29 23:42:58 +02:00
torture_comment ( tctx , " Testing DeleteUser (createuser test) \n " ) ;
2009-05-11 22:44:58 +02:00
2006-07-07 07:38:36 +00:00
d . in . user_handle = & user_handle ;
d . out . user_handle = & user_handle ;
2009-05-11 22:44:58 +02:00
2006-07-07 07:38:36 +00:00
status = dcerpc_samr_DeleteUser ( p , user_ctx , & d ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " DeleteUser failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2006-07-07 07:38:36 +00:00
}
2004-10-20 02:08:36 +00:00
}
2009-05-11 22:44:58 +02:00
2006-07-07 02:03:04 +00:00
}
2004-04-22 06:19:48 +00:00
2005-03-22 08:00:45 +00:00
talloc_free ( user_ctx ) ;
2009-05-11 22:44:58 +02:00
2003-12-19 03:59:27 +00:00
return ret ;
}
2007-12-03 15:53:28 +01:00
static bool test_CreateUser2 ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2008-03-14 12:26:03 +11:00
struct policy_handle * domain_handle ,
struct dom_sid * domain_sid ,
2008-12-08 13:10:56 +01:00
enum torture_samr_choice which_ops ,
struct cli_credentials * machine_credentials )
2003-12-03 03:10:10 +00:00
{
NTSTATUS status ;
struct samr_CreateUser2 r ;
struct samr_QueryUserInfo q ;
2008-11-10 14:42:27 +01:00
union samr_UserInfo * info ;
2003-12-03 03:10:10 +00:00
struct samr_DeleteUser d ;
2004-09-21 03:51:38 +00:00
struct policy_handle user_handle ;
2004-05-25 16:24:13 +00:00
uint32_t rid ;
2005-07-08 08:09:02 +00:00
struct lsa_String name ;
2007-10-06 22:28:14 +00:00
bool ret = true ;
2003-12-03 03:10:10 +00:00
int i ;
struct {
2004-05-25 16:24:13 +00:00
uint32_t acct_flags ;
2003-12-03 03:10:10 +00:00
const char * account_name ;
NTSTATUS nt_status ;
} account_types [ ] = {
2004-06-05 03:22:10 +00:00
{ ACB_NORMAL , TEST_ACCOUNT_NAME , NT_STATUS_OK } ,
{ ACB_NORMAL | ACB_DISABLED , TEST_ACCOUNT_NAME , NT_STATUS_INVALID_PARAMETER } ,
{ ACB_NORMAL | ACB_PWNOEXP , TEST_ACCOUNT_NAME , NT_STATUS_INVALID_PARAMETER } ,
2003-12-03 03:10:10 +00:00
{ ACB_WSTRUST , TEST_MACHINENAME , NT_STATUS_OK } ,
{ ACB_WSTRUST | ACB_DISABLED , TEST_MACHINENAME , NT_STATUS_INVALID_PARAMETER } ,
{ ACB_WSTRUST | ACB_PWNOEXP , TEST_MACHINENAME , NT_STATUS_INVALID_PARAMETER } ,
{ ACB_SVRTRUST , TEST_MACHINENAME , NT_STATUS_OK } ,
{ ACB_SVRTRUST | ACB_DISABLED , TEST_MACHINENAME , NT_STATUS_INVALID_PARAMETER } ,
{ ACB_SVRTRUST | ACB_PWNOEXP , TEST_MACHINENAME , NT_STATUS_INVALID_PARAMETER } ,
2009-05-29 17:12:06 +10:00
{ ACB_DOMTRUST , TEST_DOMAINNAME , NT_STATUS_ACCESS_DENIED } ,
2003-12-03 03:10:10 +00:00
{ ACB_DOMTRUST | ACB_DISABLED , TEST_DOMAINNAME , NT_STATUS_INVALID_PARAMETER } ,
{ ACB_DOMTRUST | ACB_PWNOEXP , TEST_DOMAINNAME , NT_STATUS_INVALID_PARAMETER } ,
2004-06-05 03:22:10 +00:00
{ 0 , TEST_ACCOUNT_NAME , NT_STATUS_INVALID_PARAMETER } ,
{ ACB_DISABLED , TEST_ACCOUNT_NAME , NT_STATUS_INVALID_PARAMETER } ,
2003-12-03 03:10:10 +00:00
{ 0 , NULL , NT_STATUS_INVALID_PARAMETER }
} ;
for ( i = 0 ; account_types [ i ] . account_name ; i + + ) {
2005-03-22 08:00:45 +00:00
TALLOC_CTX * user_ctx ;
2004-05-25 16:24:13 +00:00
uint32_t acct_flags = account_types [ i ] . acct_flags ;
uint32_t access_granted ;
2007-12-03 15:53:28 +01:00
user_ctx = talloc_named ( tctx , 0 , " test_CreateUser2 per-user context " ) ;
2005-07-08 08:09:02 +00:00
init_lsa_String ( & name , account_types [ i ] . account_name ) ;
2003-12-03 03:10:10 +00:00
2006-07-07 02:03:04 +00:00
r . in . domain_handle = domain_handle ;
2004-06-05 03:22:10 +00:00
r . in . account_name = & name ;
2003-12-03 03:10:10 +00:00
r . in . acct_flags = acct_flags ;
2004-12-02 04:37:36 +00:00
r . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
2004-09-21 03:51:38 +00:00
r . out . user_handle = & user_handle ;
2003-12-03 03:10:10 +00:00
r . out . access_granted = & access_granted ;
r . out . rid = & rid ;
2009-05-11 22:44:58 +02:00
2009-06-29 23:42:58 +02:00
torture_comment ( tctx , " Testing CreateUser2(%s, 0x%x) \n " , r . in . account_name - > string , acct_flags ) ;
2009-05-11 22:44:58 +02:00
2005-03-22 08:00:45 +00:00
status = dcerpc_samr_CreateUser2 ( p , user_ctx , & r ) ;
2009-05-11 22:44:58 +02:00
2008-03-14 12:26:03 +11:00
if ( dom_sid_equal ( domain_sid , dom_sid_parse_talloc ( tctx , SID_BUILTIN ) ) ) {
2008-10-17 13:00:24 +11:00
if ( NT_STATUS_EQUAL ( status , NT_STATUS_ACCESS_DENIED ) | | NT_STATUS_EQUAL ( status , NT_STATUS_INVALID_PARAMETER ) ) {
2009-06-29 23:42:58 +02:00
torture_comment ( tctx , " Server correctly refused create of '%s' \n " , r . in . account_name - > string ) ;
2008-03-14 12:26:03 +11:00
continue ;
} else {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " Server should have refused create of '%s', got %s instead \n " , r . in . account_name - > string ,
2008-03-14 12:26:03 +11:00
nt_errstr ( status ) ) ;
ret = false ;
continue ;
}
}
2003-12-03 03:10:10 +00:00
2008-03-14 12:26:03 +11:00
if ( NT_STATUS_EQUAL ( status , NT_STATUS_USER_EXISTS ) ) {
2006-07-07 02:03:04 +00:00
if ( ! test_DeleteUser_byname ( p , user_ctx , domain_handle , r . in . account_name - > string ) ) {
2005-03-22 08:00:45 +00:00
talloc_free ( user_ctx ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2005-03-22 08:00:45 +00:00
continue ;
2003-12-03 03:10:10 +00:00
}
2005-03-22 08:00:45 +00:00
status = dcerpc_samr_CreateUser2 ( p , user_ctx , & r ) ;
2003-12-03 03:10:10 +00:00
}
if ( ! NT_STATUS_EQUAL ( status , account_types [ i ] . nt_status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " CreateUser2 failed gave incorrect error return - %s (should be %s) \n " ,
2003-12-03 03:10:10 +00:00
nt_errstr ( status ) , nt_errstr ( account_types [ i ] . nt_status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2003-12-03 03:10:10 +00:00
}
2009-05-11 22:44:58 +02:00
2003-12-03 03:10:10 +00:00
if ( NT_STATUS_IS_OK ( status ) ) {
2004-09-21 03:51:38 +00:00
q . in . user_handle = & user_handle ;
2007-07-30 10:30:34 +00:00
q . in . level = 5 ;
2008-11-10 14:42:27 +01:00
q . out . info = & info ;
2009-05-11 22:44:58 +02:00
2005-03-22 08:00:45 +00:00
status = dcerpc_samr_QueryUserInfo ( p , user_ctx , & q ) ;
2003-12-03 03:10:10 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " QueryUserInfo level %u failed - %s \n " ,
2003-12-03 03:10:10 +00:00
q . in . level , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2003-12-03 03:10:10 +00:00
} else {
2008-02-28 08:50:00 +11:00
uint32_t expected_flags = ( acct_flags | ACB_PWNOTREQ | ACB_DISABLED ) ;
if ( acct_flags = = ACB_NORMAL ) {
expected_flags | = ACB_PW_EXPIRED ;
}
2008-11-10 14:42:27 +01:00
if ( ( info - > info5 . acct_flags ) ! = expected_flags ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " QuerUserInfo level 5 failed, it returned 0x%08x when we expected flags of 0x%08x \n " ,
2008-11-10 14:42:27 +01:00
info - > info5 . acct_flags ,
2008-02-28 08:50:00 +11:00
expected_flags ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2009-05-11 22:44:58 +02:00
}
2007-07-30 10:30:34 +00:00
switch ( acct_flags ) {
case ACB_SVRTRUST :
2008-11-10 14:42:27 +01:00
if ( info - > info5 . primary_gid ! = DOMAIN_RID_DCS ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " QuerUserInfo level 5: DC should have had Primary Group %d, got %d \n " ,
2008-11-10 14:42:27 +01:00
DOMAIN_RID_DCS , info - > info5 . primary_gid ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2007-07-30 10:30:34 +00:00
}
break ;
case ACB_WSTRUST :
2008-11-10 14:42:27 +01:00
if ( info - > info5 . primary_gid ! = DOMAIN_RID_DOMAIN_MEMBERS ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " QuerUserInfo level 5: Domain Member should have had Primary Group %d, got %d \n " ,
2008-11-10 14:42:27 +01:00
DOMAIN_RID_DOMAIN_MEMBERS , info - > info5 . primary_gid ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2007-07-30 10:30:34 +00:00
}
break ;
case ACB_NORMAL :
2008-11-10 14:42:27 +01:00
if ( info - > info5 . primary_gid ! = DOMAIN_RID_USERS ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " QuerUserInfo level 5: Users should have had Primary Group %d, got %d \n " ,
2008-11-10 14:42:27 +01:00
DOMAIN_RID_USERS , info - > info5 . primary_gid ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2007-07-30 10:30:34 +00:00
}
break ;
2003-12-03 03:10:10 +00:00
}
}
2009-05-11 22:44:58 +02:00
if ( ! test_user_ops ( p , tctx , & user_handle , domain_handle ,
2009-05-18 19:37:13 +02:00
domain_sid , acct_flags , name . string , which_ops ,
2008-12-08 13:10:56 +01:00
machine_credentials ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2003-12-03 03:10:10 +00:00
}
2009-05-18 19:37:13 +02:00
if ( ! policy_handle_empty ( & user_handle ) ) {
2009-06-29 23:42:58 +02:00
torture_comment ( tctx , " Testing DeleteUser (createuser2 test) \n " ) ;
2009-05-11 22:44:58 +02:00
2009-05-18 19:37:13 +02:00
d . in . user_handle = & user_handle ;
d . out . user_handle = & user_handle ;
2009-05-11 22:44:58 +02:00
2009-05-18 19:37:13 +02:00
status = dcerpc_samr_DeleteUser ( p , user_ctx , & d ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " DeleteUser failed - %s \n " , nt_errstr ( status ) ) ;
2009-05-18 19:37:13 +02:00
ret = false ;
}
2003-12-03 03:10:10 +00:00
}
}
2005-03-22 08:00:45 +00:00
talloc_free ( user_ctx ) ;
2003-12-03 03:10:10 +00:00
}
return ret ;
}
2009-05-11 23:13:26 +02:00
static bool test_QueryAliasInfo ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
2003-11-15 12:38:06 +00:00
struct policy_handle * handle )
{
NTSTATUS status ;
struct samr_QueryAliasInfo r ;
2008-11-10 14:09:06 +01:00
union samr_AliasInfo * info ;
2004-05-25 17:24:24 +00:00
uint16_t levels [ ] = { 1 , 2 , 3 } ;
2003-11-15 12:38:06 +00:00
int i ;
2007-10-06 22:28:14 +00:00
bool ret = true ;
2003-11-15 12:38:06 +00:00
for ( i = 0 ; i < ARRAY_SIZE ( levels ) ; i + + ) {
2009-06-29 23:42:58 +02:00
torture_comment ( tctx , " Testing QueryAliasInfo level %u \n " , levels [ i ] ) ;
2003-11-15 12:38:06 +00:00
2004-09-21 03:51:38 +00:00
r . in . alias_handle = handle ;
2003-11-15 12:38:06 +00:00
r . in . level = levels [ i ] ;
2008-11-10 14:09:06 +01:00
r . out . info = & info ;
2003-11-15 12:38:06 +00:00
2009-05-11 23:13:26 +02:00
status = dcerpc_samr_QueryAliasInfo ( p , tctx , & r ) ;
2003-11-15 12:38:06 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " QueryAliasInfo level %u failed - %s \n " ,
2003-11-15 12:38:06 +00:00
levels [ i ] , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2003-11-15 12:38:06 +00:00
}
}
return ret ;
}
2009-05-11 23:13:26 +02:00
static bool test_QueryGroupInfo ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
2003-11-15 12:14:22 +00:00
struct policy_handle * handle )
2004-04-22 07:28:18 +00:00
{
NTSTATUS status ;
struct samr_QueryGroupInfo r ;
2008-11-10 14:15:33 +01:00
union samr_GroupInfo * info ;
2004-10-07 03:47:38 +00:00
uint16_t levels [ ] = { 1 , 2 , 3 , 4 , 5 } ;
2004-04-22 07:28:18 +00:00
int i ;
2007-10-06 22:28:14 +00:00
bool ret = true ;
2004-04-22 07:28:18 +00:00
for ( i = 0 ; i < ARRAY_SIZE ( levels ) ; i + + ) {
2009-06-29 23:42:58 +02:00
torture_comment ( tctx , " Testing QueryGroupInfo level %u \n " , levels [ i ] ) ;
2004-04-22 07:28:18 +00:00
2004-09-21 03:51:38 +00:00
r . in . group_handle = handle ;
2004-04-22 07:28:18 +00:00
r . in . level = levels [ i ] ;
2008-11-10 14:15:33 +01:00
r . out . info = & info ;
2004-04-22 07:28:18 +00:00
2009-05-11 23:13:26 +02:00
status = dcerpc_samr_QueryGroupInfo ( p , tctx , & r ) ;
2004-04-22 07:28:18 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " QueryGroupInfo level %u failed - %s \n " ,
2004-04-22 07:28:18 +00:00
levels [ i ] , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2004-04-22 07:28:18 +00:00
}
}
return ret ;
}
2009-05-11 23:13:26 +02:00
static bool test_QueryGroupMember ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
2004-10-07 03:47:38 +00:00
struct policy_handle * handle )
{
NTSTATUS status ;
struct samr_QueryGroupMember r ;
2008-11-05 02:00:12 +01:00
struct samr_RidTypeArray * rids = NULL ;
2007-10-06 22:28:14 +00:00
bool ret = true ;
2004-10-07 03:47:38 +00:00
2009-06-29 23:42:58 +02:00
torture_comment ( tctx , " Testing QueryGroupMember \n " ) ;
2004-10-07 03:47:38 +00:00
r . in . group_handle = handle ;
2008-11-05 02:00:12 +01:00
r . out . rids = & rids ;
2004-10-07 03:47:38 +00:00
2009-05-11 23:13:26 +02:00
status = dcerpc_samr_QueryGroupMember ( p , tctx , & r ) ;
2004-10-07 03:47:38 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " QueryGroupInfo failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2004-10-07 03:47:38 +00:00
}
return ret ;
}
2004-04-22 07:28:18 +00:00
2009-05-11 23:13:26 +02:00
static bool test_SetGroupInfo ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
2004-04-22 07:28:18 +00:00
struct policy_handle * handle )
2003-11-15 12:14:22 +00:00
{
NTSTATUS status ;
struct samr_QueryGroupInfo r ;
2008-11-10 14:15:33 +01:00
union samr_GroupInfo * info ;
2004-04-17 06:19:51 +00:00
struct samr_SetGroupInfo s ;
2004-05-25 17:24:24 +00:00
uint16_t levels [ ] = { 1 , 2 , 3 , 4 } ;
uint16_t set_ok [ ] = { 0 , 1 , 1 , 1 } ;
2003-11-15 12:14:22 +00:00
int i ;
2007-10-06 22:28:14 +00:00
bool ret = true ;
2003-11-15 12:14:22 +00:00
for ( i = 0 ; i < ARRAY_SIZE ( levels ) ; i + + ) {
2009-06-29 23:42:58 +02:00
torture_comment ( tctx , " Testing QueryGroupInfo level %u \n " , levels [ i ] ) ;
2003-11-15 12:14:22 +00:00
2004-09-21 03:51:38 +00:00
r . in . group_handle = handle ;
2003-11-15 12:14:22 +00:00
r . in . level = levels [ i ] ;
2008-11-10 14:15:33 +01:00
r . out . info = & info ;
2003-11-15 12:14:22 +00:00
2009-05-11 23:13:26 +02:00
status = dcerpc_samr_QueryGroupInfo ( p , tctx , & r ) ;
2003-11-15 12:14:22 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " QueryGroupInfo level %u failed - %s \n " ,
2003-11-15 12:14:22 +00:00
levels [ i ] , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2003-11-15 12:14:22 +00:00
}
2004-04-17 06:19:51 +00:00
2009-06-29 23:42:58 +02:00
torture_comment ( tctx , " Testing SetGroupInfo level %u \n " , levels [ i ] ) ;
2004-04-17 06:19:51 +00:00
2004-09-21 03:51:38 +00:00
s . in . group_handle = handle ;
2004-04-17 06:19:51 +00:00
s . in . level = levels [ i ] ;
2008-11-10 14:15:33 +01:00
s . in . info = * r . out . info ;
2004-04-17 06:19:51 +00:00
2004-08-04 06:01:10 +00:00
#if 0
2009-05-11 22:44:58 +02:00
/* disabled this, as it changes the name only from the point of view of samr,
2004-08-04 06:01:10 +00:00
but leaves the name from the point of view of w2k3 internals ( and ldap ) . This means
the name is still reserved , so creating the old name fails , but deleting by the old name
also fails */
2004-05-09 15:39:12 +00:00
if ( s . in . level = = 2 ) {
2005-07-08 08:09:02 +00:00
init_lsa_String ( & s . in . info - > string , " NewName " ) ;
2004-05-09 15:39:12 +00:00
}
2004-08-04 06:01:10 +00:00
# endif
2004-05-09 15:39:12 +00:00
2004-04-22 07:28:18 +00:00
if ( s . in . level = = 4 ) {
2005-07-08 08:09:02 +00:00
init_lsa_String ( & s . in . info - > description , " test description " ) ;
2004-04-22 07:28:18 +00:00
}
2009-05-11 23:13:26 +02:00
status = dcerpc_samr_SetGroupInfo ( p , tctx , & s ) ;
2004-04-17 06:19:51 +00:00
if ( set_ok [ i ] ) {
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " SetGroupInfo level %u failed - %s \n " ,
2004-04-17 06:19:51 +00:00
r . in . level , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2004-04-17 06:19:51 +00:00
continue ;
}
} else {
if ( ! NT_STATUS_EQUAL ( NT_STATUS_INVALID_INFO_CLASS , status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " SetGroupInfo level %u gave %s - should have been NT_STATUS_INVALID_INFO_CLASS \n " ,
2004-04-17 06:19:51 +00:00
r . in . level , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2004-04-17 06:19:51 +00:00
continue ;
}
}
2003-11-15 12:14:22 +00:00
}
return ret ;
}
2009-05-11 23:13:26 +02:00
static bool test_QueryUserInfo ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
2003-11-15 10:03:12 +00:00
struct policy_handle * handle )
{
NTSTATUS status ;
struct samr_QueryUserInfo r ;
2008-11-10 14:42:27 +01:00
union samr_UserInfo * info ;
2004-05-25 17:24:24 +00:00
uint16_t levels [ ] = { 1 , 2 , 3 , 4 , 5 , 6 , 7 , 8 , 9 , 10 ,
2003-11-15 11:34:01 +00:00
11 , 12 , 13 , 14 , 16 , 17 , 20 , 21 } ;
2003-11-15 10:58:29 +00:00
int i ;
2007-10-06 22:28:14 +00:00
bool ret = true ;
2003-11-15 10:03:12 +00:00
2003-11-15 10:58:29 +00:00
for ( i = 0 ; i < ARRAY_SIZE ( levels ) ; i + + ) {
2009-06-29 23:42:58 +02:00
torture_comment ( tctx , " Testing QueryUserInfo level %u \n " , levels [ i ] ) ;
2003-11-15 10:03:12 +00:00
2004-09-21 03:51:38 +00:00
r . in . user_handle = handle ;
2003-11-15 10:58:29 +00:00
r . in . level = levels [ i ] ;
2008-11-10 14:42:27 +01:00
r . out . info = & info ;
2003-11-15 10:03:12 +00:00
2009-05-11 23:13:26 +02:00
status = dcerpc_samr_QueryUserInfo ( p , tctx , & r ) ;
2003-11-15 10:58:29 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " QueryUserInfo level %u failed - %s \n " ,
2003-11-15 10:58:29 +00:00
levels [ i ] , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2003-11-15 10:58:29 +00:00
}
}
2003-11-15 10:03:12 +00:00
2003-11-15 10:58:29 +00:00
return ret ;
2003-11-15 10:03:12 +00:00
}
2009-05-11 23:13:26 +02:00
static bool test_QueryUserInfo2 ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
2004-04-18 04:32:04 +00:00
struct policy_handle * handle )
{
NTSTATUS status ;
struct samr_QueryUserInfo2 r ;
2008-11-10 14:42:27 +01:00
union samr_UserInfo * info ;
2004-05-25 17:24:24 +00:00
uint16_t levels [ ] = { 1 , 2 , 3 , 4 , 5 , 6 , 7 , 8 , 9 , 10 ,
2004-04-18 04:32:04 +00:00
11 , 12 , 13 , 14 , 16 , 17 , 20 , 21 } ;
int i ;
2007-10-06 22:28:14 +00:00
bool ret = true ;
2004-04-18 04:32:04 +00:00
for ( i = 0 ; i < ARRAY_SIZE ( levels ) ; i + + ) {
2009-06-29 23:42:58 +02:00
torture_comment ( tctx , " Testing QueryUserInfo2 level %u \n " , levels [ i ] ) ;
2004-04-18 04:32:04 +00:00
2004-09-21 03:51:38 +00:00
r . in . user_handle = handle ;
2004-04-18 04:32:04 +00:00
r . in . level = levels [ i ] ;
2008-11-10 14:42:27 +01:00
r . out . info = & info ;
2004-04-18 04:32:04 +00:00
2009-05-11 23:13:26 +02:00
status = dcerpc_samr_QueryUserInfo2 ( p , tctx , & r ) ;
2004-04-18 04:32:04 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " QueryUserInfo2 level %u failed - %s \n " ,
2004-04-18 04:32:04 +00:00
levels [ i ] , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2004-04-18 04:32:04 +00:00
}
}
return ret ;
}
2009-05-11 23:13:26 +02:00
static bool test_OpenUser ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
2004-05-25 16:24:13 +00:00
struct policy_handle * handle , uint32_t rid )
2003-11-15 10:03:12 +00:00
{
NTSTATUS status ;
struct samr_OpenUser r ;
2004-09-21 03:51:38 +00:00
struct policy_handle user_handle ;
2007-10-06 22:28:14 +00:00
bool ret = true ;
2003-11-15 10:03:12 +00:00
2009-06-29 23:42:58 +02:00
torture_comment ( tctx , " Testing OpenUser(%u) \n " , rid ) ;
2003-11-15 10:03:12 +00:00
2004-09-21 03:51:38 +00:00
r . in . domain_handle = handle ;
2004-12-02 04:37:36 +00:00
r . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
2003-11-15 10:03:12 +00:00
r . in . rid = rid ;
2004-09-21 03:51:38 +00:00
r . out . user_handle = & user_handle ;
2003-11-15 10:03:12 +00:00
2009-05-11 23:13:26 +02:00
status = dcerpc_samr_OpenUser ( p , tctx , & r ) ;
2003-11-15 10:03:12 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " OpenUser(%u) failed - %s \n " , rid , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
return false ;
2003-11-15 10:03:12 +00:00
}
2009-05-11 23:13:26 +02:00
if ( ! test_QuerySecurity ( p , tctx , & user_handle ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2003-11-18 05:20:54 +00:00
}
2009-05-11 23:13:26 +02:00
if ( ! test_QueryUserInfo ( p , tctx , & user_handle ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2003-11-15 12:14:22 +00:00
}
2009-05-11 23:13:26 +02:00
if ( ! test_QueryUserInfo2 ( p , tctx , & user_handle ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2004-04-18 04:32:04 +00:00
}
2009-05-11 23:13:26 +02:00
if ( ! test_GetUserPwInfo ( p , tctx , & user_handle ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2003-11-21 13:14:17 +00:00
}
2009-05-11 23:13:26 +02:00
if ( ! test_GetGroupsForUser ( p , tctx , & user_handle ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2003-12-19 03:59:27 +00:00
}
2009-05-11 23:13:26 +02:00
if ( ! test_samr_handle_Close ( p , tctx , & user_handle ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2003-11-15 20:47:59 +00:00
}
2003-11-15 12:14:22 +00:00
return ret ;
}
2009-05-11 23:13:26 +02:00
static bool test_OpenGroup ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
2004-05-25 16:24:13 +00:00
struct policy_handle * handle , uint32_t rid )
2003-11-15 12:14:22 +00:00
{
NTSTATUS status ;
struct samr_OpenGroup r ;
2004-09-21 03:51:38 +00:00
struct policy_handle group_handle ;
2007-10-06 22:28:14 +00:00
bool ret = true ;
2003-11-15 12:14:22 +00:00
2009-06-29 23:42:58 +02:00
torture_comment ( tctx , " Testing OpenGroup(%u) \n " , rid ) ;
2003-11-15 12:14:22 +00:00
2004-09-21 03:51:38 +00:00
r . in . domain_handle = handle ;
2004-12-02 04:37:36 +00:00
r . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
2003-11-15 12:14:22 +00:00
r . in . rid = rid ;
2004-09-21 03:51:38 +00:00
r . out . group_handle = & group_handle ;
2003-11-15 12:14:22 +00:00
2009-05-11 23:13:26 +02:00
status = dcerpc_samr_OpenGroup ( p , tctx , & r ) ;
2003-11-15 12:14:22 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " OpenGroup(%u) failed - %s \n " , rid , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
return false ;
2003-11-15 10:03:12 +00:00
}
2003-11-15 12:14:22 +00:00
2009-05-11 23:46:45 +02:00
if ( ! torture_setting_bool ( tctx , " samba3 " , false ) ) {
if ( ! test_QuerySecurity ( p , tctx , & group_handle ) ) {
ret = false ;
}
2003-11-18 05:20:54 +00:00
}
2009-05-11 23:13:26 +02:00
if ( ! test_QueryGroupInfo ( p , tctx , & group_handle ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2003-11-15 12:14:22 +00:00
}
2009-05-11 23:13:26 +02:00
if ( ! test_QueryGroupMember ( p , tctx , & group_handle ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2004-10-07 03:47:38 +00:00
}
2009-05-11 23:13:26 +02:00
if ( ! test_samr_handle_Close ( p , tctx , & group_handle ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2003-11-15 20:47:59 +00:00
}
2003-11-15 12:14:22 +00:00
return ret ;
2003-11-15 10:03:12 +00:00
}
2008-10-31 16:09:29 +01:00
static bool test_OpenAlias ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2004-05-25 16:24:13 +00:00
struct policy_handle * handle , uint32_t rid )
2003-11-15 12:38:06 +00:00
{
NTSTATUS status ;
struct samr_OpenAlias r ;
2004-09-21 03:51:38 +00:00
struct policy_handle alias_handle ;
2007-10-06 22:28:14 +00:00
bool ret = true ;
2003-11-15 12:38:06 +00:00
2008-10-31 16:09:29 +01:00
torture_comment ( tctx , " Testing OpenAlias(%u) \n " , rid ) ;
2003-11-15 12:38:06 +00:00
2004-09-21 03:51:38 +00:00
r . in . domain_handle = handle ;
2004-12-02 04:37:36 +00:00
r . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
2003-11-15 12:38:06 +00:00
r . in . rid = rid ;
2004-09-21 03:51:38 +00:00
r . out . alias_handle = & alias_handle ;
2003-11-15 12:38:06 +00:00
2008-10-31 16:09:29 +01:00
status = dcerpc_samr_OpenAlias ( p , tctx , & r ) ;
2003-11-15 12:38:06 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " OpenAlias(%u) failed - %s \n " , rid , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
return false ;
2003-11-15 12:38:06 +00:00
}
2009-05-11 23:46:45 +02:00
if ( ! torture_setting_bool ( tctx , " samba3 " , false ) ) {
if ( ! test_QuerySecurity ( p , tctx , & alias_handle ) ) {
ret = false ;
}
2003-11-18 05:20:54 +00:00
}
2008-10-31 16:09:29 +01:00
if ( ! test_QueryAliasInfo ( p , tctx , & alias_handle ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2003-11-15 12:38:06 +00:00
}
2008-10-31 16:09:29 +01:00
if ( ! test_GetMembersInAlias ( p , tctx , & alias_handle ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2003-12-19 03:59:27 +00:00
}
2008-10-31 16:09:29 +01:00
if ( ! test_samr_handle_Close ( p , tctx , & alias_handle ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2003-11-15 20:47:59 +00:00
}
2003-11-15 12:38:06 +00:00
return ret ;
}
2008-10-31 16:09:29 +01:00
static bool check_mask ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2009-05-11 22:44:58 +02:00
struct policy_handle * handle , uint32_t rid ,
2007-07-26 07:27:46 +00:00
uint32_t acct_flag_mask )
2003-11-15 09:39:48 +00:00
{
NTSTATUS status ;
2007-07-26 07:27:46 +00:00
struct samr_OpenUser r ;
struct samr_QueryUserInfo q ;
2008-11-10 14:42:27 +01:00
union samr_UserInfo * info ;
2007-07-26 07:27:46 +00:00
struct policy_handle user_handle ;
2007-10-06 22:28:14 +00:00
bool ret = true ;
2003-11-15 09:39:48 +00:00
2008-10-31 16:09:29 +01:00
torture_comment ( tctx , " Testing OpenUser(%u) \n " , rid ) ;
2003-11-15 09:39:48 +00:00
2004-09-21 03:51:38 +00:00
r . in . domain_handle = handle ;
2007-07-26 07:27:46 +00:00
r . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
r . in . rid = rid ;
r . out . user_handle = & user_handle ;
2003-11-15 09:39:48 +00:00
2008-10-31 16:09:29 +01:00
status = dcerpc_samr_OpenUser ( p , tctx , & r ) ;
2003-11-15 09:39:48 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " OpenUser(%u) failed - %s \n " , rid , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
return false ;
2003-11-15 09:39:48 +00:00
}
2007-07-26 07:27:46 +00:00
q . in . user_handle = & user_handle ;
q . in . level = 16 ;
2008-11-10 14:42:27 +01:00
q . out . info = & info ;
2009-05-11 22:44:58 +02:00
2008-10-31 16:09:29 +01:00
status = dcerpc_samr_QueryUserInfo ( p , tctx , & q ) ;
2007-07-26 07:27:46 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " QueryUserInfo level 16 failed - %s \n " ,
2007-07-26 07:27:46 +00:00
nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2007-07-26 07:27:46 +00:00
} else {
2008-11-10 14:42:27 +01:00
if ( ( acct_flag_mask & info - > info16 . acct_flags ) = = 0 ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " Server failed to filter for 0x%x, allowed 0x%x (%d) on EnumDomainUsers \n " ,
2008-11-10 14:42:27 +01:00
acct_flag_mask , info - > info16 . acct_flags , rid ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2007-07-26 07:27:46 +00:00
}
2003-11-15 10:03:12 +00:00
}
2009-05-11 22:44:58 +02:00
2008-10-31 16:09:29 +01:00
if ( ! test_samr_handle_Close ( p , tctx , & user_handle ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2003-11-20 03:09:19 +00:00
}
2007-07-26 07:27:46 +00:00
return ret ;
}
2009-05-22 19:04:25 +02:00
static bool test_EnumDomainUsers_all ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * handle )
2007-07-26 07:27:46 +00:00
{
NTSTATUS status = STATUS_MORE_ENTRIES ;
struct samr_EnumDomainUsers r ;
uint32_t mask , resume_handle = 0 ;
int i , mask_idx ;
2007-10-06 22:28:14 +00:00
bool ret = true ;
2007-07-26 07:27:46 +00:00
struct samr_LookupNames n ;
struct samr_LookupRids lr ;
2008-11-05 02:12:38 +01:00
struct lsa_Strings names ;
2008-11-05 14:28:17 +01:00
struct samr_Ids rids , types ;
2008-11-07 11:25:01 +01:00
struct samr_SamArray * sam = NULL ;
uint32_t num_entries = 0 ;
2008-11-05 02:12:38 +01:00
2009-05-11 22:44:58 +02:00
uint32_t masks [ ] = { ACB_NORMAL , ACB_DOMTRUST , ACB_WSTRUST ,
ACB_DISABLED , ACB_NORMAL | ACB_DISABLED ,
ACB_SVRTRUST | ACB_DOMTRUST | ACB_WSTRUST ,
2007-07-26 07:27:46 +00:00
ACB_PWNOEXP , 0 } ;
2009-06-29 23:42:58 +02:00
torture_comment ( tctx , " Testing EnumDomainUsers \n " ) ;
2007-07-26 07:27:46 +00:00
for ( mask_idx = 0 ; mask_idx < ARRAY_SIZE ( masks ) ; mask_idx + + ) {
r . in . domain_handle = handle ;
r . in . resume_handle = & resume_handle ;
r . in . acct_flags = mask = masks [ mask_idx ] ;
r . in . max_size = ( uint32_t ) - 1 ;
r . out . resume_handle = & resume_handle ;
2008-11-07 11:25:01 +01:00
r . out . num_entries = & num_entries ;
r . out . sam = & sam ;
2007-07-26 07:27:46 +00:00
2008-10-31 16:09:29 +01:00
status = dcerpc_samr_EnumDomainUsers ( p , tctx , & r ) ;
2009-05-11 22:44:58 +02:00
if ( ! NT_STATUS_EQUAL ( status , STATUS_MORE_ENTRIES ) & &
2007-07-26 07:27:46 +00:00
! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " EnumDomainUsers failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
return false ;
2007-07-26 07:27:46 +00:00
}
2009-05-11 22:44:58 +02:00
2008-11-07 11:25:01 +01:00
torture_assert ( tctx , sam , " EnumDomainUsers failed: r.out.sam unexpectedly NULL " ) ;
2007-07-26 07:27:46 +00:00
2008-11-07 11:25:01 +01:00
if ( sam - > count = = 0 ) {
2007-07-26 07:27:46 +00:00
continue ;
}
2008-11-07 11:25:01 +01:00
for ( i = 0 ; i < sam - > count ; i + + ) {
2007-07-26 07:27:46 +00:00
if ( mask ) {
2008-11-07 11:25:01 +01:00
if ( ! check_mask ( p , tctx , handle , sam - > entries [ i ] . idx , mask ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2007-07-26 07:27:46 +00:00
}
2008-11-07 11:25:01 +01:00
} else if ( ! test_OpenUser ( p , tctx , handle , sam - > entries [ i ] . idx ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2007-07-26 07:27:46 +00:00
}
2003-11-15 10:03:12 +00:00
}
}
2009-06-29 23:42:58 +02:00
torture_comment ( tctx , " Testing LookupNames \n " ) ;
2004-09-21 03:51:38 +00:00
n . in . domain_handle = handle ;
2008-11-07 11:25:01 +01:00
n . in . num_names = sam - > count ;
n . in . names = talloc_array ( tctx , struct lsa_String , sam - > count ) ;
2008-11-05 14:28:17 +01:00
n . out . rids = & rids ;
n . out . types = & types ;
2008-11-07 11:25:01 +01:00
for ( i = 0 ; i < sam - > count ; i + + ) {
n . in . names [ i ] . string = sam - > entries [ i ] . name . string ;
2003-11-20 03:09:19 +00:00
}
2008-10-31 16:09:29 +01:00
status = dcerpc_samr_LookupNames ( p , tctx , & n ) ;
2003-11-20 03:09:19 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " LookupNames failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2003-11-20 03:18:07 +00:00
}
2009-06-29 23:42:58 +02:00
torture_comment ( tctx , " Testing LookupRids \n " ) ;
2004-09-21 03:51:38 +00:00
lr . in . domain_handle = handle ;
2008-11-07 11:25:01 +01:00
lr . in . num_rids = sam - > count ;
lr . in . rids = talloc_array ( tctx , uint32_t , sam - > count ) ;
2008-11-05 02:12:38 +01:00
lr . out . names = & names ;
lr . out . types = & types ;
2008-11-07 11:25:01 +01:00
for ( i = 0 ; i < sam - > count ; i + + ) {
lr . in . rids [ i ] = sam - > entries [ i ] . idx ;
2003-11-20 03:18:07 +00:00
}
2008-10-31 16:09:29 +01:00
status = dcerpc_samr_LookupRids ( p , tctx , & lr ) ;
torture_assert_ntstatus_ok ( tctx , status , " LookupRids " ) ;
2003-11-20 03:09:19 +00:00
2009-05-11 22:44:58 +02:00
return ret ;
2003-11-15 09:39:48 +00:00
}
2004-08-30 13:05:03 +00:00
/*
try blasting the server with a bunch of sync requests
*/
2009-05-11 22:44:58 +02:00
static bool test_EnumDomainUsers_async ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2004-08-30 13:05:03 +00:00
struct policy_handle * handle )
{
NTSTATUS status ;
struct samr_EnumDomainUsers r ;
uint32_t resume_handle = 0 ;
int i ;
# define ASYNC_COUNT 100
2010-03-09 15:46:55 +01:00
struct tevent_req * req [ ASYNC_COUNT ] ;
2004-08-30 13:05:03 +00:00
2007-12-03 15:53:17 +01:00
if ( ! torture_setting_bool ( tctx , " dangerous " , false ) ) {
2008-10-31 16:09:29 +01:00
torture_skip ( tctx , " samr async test disabled - enable dangerous tests to use \n " ) ;
2004-09-10 03:38:16 +00:00
}
2008-10-31 16:09:29 +01:00
torture_comment ( tctx , " Testing EnumDomainUsers_async \n " ) ;
2004-08-30 13:05:03 +00:00
2004-09-21 03:51:38 +00:00
r . in . domain_handle = handle ;
2004-08-30 13:05:03 +00:00
r . in . resume_handle = & resume_handle ;
r . in . acct_flags = 0 ;
r . in . max_size = ( uint32_t ) - 1 ;
r . out . resume_handle = & resume_handle ;
for ( i = 0 ; i < ASYNC_COUNT ; i + + ) {
2010-03-09 15:46:55 +01:00
req [ i ] = dcerpc_samr_EnumDomainUsers_r_send ( tctx , tctx - > ev , p - > binding_handle , & r ) ;
2004-08-30 13:05:03 +00:00
}
for ( i = 0 ; i < ASYNC_COUNT ; i + + ) {
2010-03-09 15:46:55 +01:00
tevent_req_poll ( req [ i ] , tctx - > ev ) ;
status = dcerpc_samr_EnumDomainUsers_r_recv ( req [ i ] , tctx ) ;
2004-08-30 13:05:03 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " EnumDomainUsers[%d] failed - %s \n " ,
2004-08-30 13:05:03 +00:00
i , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
return false ;
2004-08-30 13:05:03 +00:00
}
}
2009-05-11 22:44:58 +02:00
2008-10-31 16:09:29 +01:00
torture_comment ( tctx , " %d async requests OK \n " , i ) ;
2004-08-30 13:05:03 +00:00
2007-10-06 22:28:14 +00:00
return true ;
2004-08-30 13:05:03 +00:00
}
2009-05-22 19:04:25 +02:00
static bool test_EnumDomainGroups_all ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * handle )
2003-11-15 09:39:48 +00:00
{
NTSTATUS status ;
struct samr_EnumDomainGroups r ;
2004-05-25 16:24:13 +00:00
uint32_t resume_handle = 0 ;
2008-11-07 14:51:21 +01:00
struct samr_SamArray * sam = NULL ;
uint32_t num_entries = 0 ;
2003-11-15 12:14:22 +00:00
int i ;
2007-10-06 22:28:14 +00:00
bool ret = true ;
2010-03-03 12:01:40 +01:00
bool universal_group_found = false ;
2003-11-15 09:39:48 +00:00
2009-06-29 23:42:58 +02:00
torture_comment ( tctx , " Testing EnumDomainGroups \n " ) ;
2003-11-15 09:39:48 +00:00
2004-09-21 03:51:38 +00:00
r . in . domain_handle = handle ;
2003-11-15 09:39:48 +00:00
r . in . resume_handle = & resume_handle ;
2004-05-25 16:24:13 +00:00
r . in . max_size = ( uint32_t ) - 1 ;
2003-11-15 09:39:48 +00:00
r . out . resume_handle = & resume_handle ;
2008-11-07 14:51:21 +01:00
r . out . num_entries = & num_entries ;
r . out . sam = & sam ;
2003-11-15 09:39:48 +00:00
2009-05-11 23:13:26 +02:00
status = dcerpc_samr_EnumDomainGroups ( p , tctx , & r ) ;
2003-11-15 09:39:48 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " EnumDomainGroups failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
return false ;
2003-11-15 09:39:48 +00:00
}
2009-05-11 22:44:58 +02:00
2008-11-07 14:51:21 +01:00
if ( ! sam ) {
2007-10-06 22:28:14 +00:00
return false ;
2003-11-15 12:14:22 +00:00
}
2008-11-07 14:51:21 +01:00
for ( i = 0 ; i < sam - > count ; i + + ) {
2009-05-11 23:13:26 +02:00
if ( ! test_OpenGroup ( p , tctx , handle , sam - > entries [ i ] . idx ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2003-11-15 12:14:22 +00:00
}
2010-03-03 12:01:40 +01:00
if ( ( ret = = true ) & & ( strcasecmp ( sam - > entries [ i ] . name . string ,
" Enterprise Admins " ) = = 0 ) ) {
universal_group_found = true ;
}
}
/* when we are running this on s4 we should get back at least the
* " Enterprise Admins " universal group . If we don ' t get a group entry
* at all we probably are performing the test on the builtin domain .
* So ignore this case . */
if ( torture_setting_bool ( tctx , " samba4 " , false ) ) {
if ( ( sam - > count > 0 ) & & ( ! universal_group_found ) ) {
ret = false ;
}
2003-11-15 12:14:22 +00:00
}
return ret ;
2003-11-15 09:39:48 +00:00
}
2009-05-22 19:04:25 +02:00
static bool test_EnumDomainAliases_all ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * handle )
2003-11-15 10:03:12 +00:00
{
NTSTATUS status ;
struct samr_EnumDomainAliases r ;
2004-05-25 16:24:13 +00:00
uint32_t resume_handle = 0 ;
2008-11-05 13:37:49 +01:00
struct samr_SamArray * sam = NULL ;
uint32_t num_entries = 0 ;
2003-11-15 12:38:06 +00:00
int i ;
2007-10-06 22:28:14 +00:00
bool ret = true ;
2003-11-15 10:03:12 +00:00
2009-06-29 23:42:58 +02:00
torture_comment ( tctx , " Testing EnumDomainAliases \n " ) ;
2003-11-15 10:03:12 +00:00
2004-09-21 03:51:38 +00:00
r . in . domain_handle = handle ;
2003-11-15 10:03:12 +00:00
r . in . resume_handle = & resume_handle ;
2008-11-05 13:37:49 +01:00
r . in . max_size = ( uint32_t ) - 1 ;
r . out . sam = & sam ;
r . out . num_entries = & num_entries ;
2003-11-15 10:03:12 +00:00
r . out . resume_handle = & resume_handle ;
2009-05-11 23:13:26 +02:00
status = dcerpc_samr_EnumDomainAliases ( p , tctx , & r ) ;
2003-11-15 10:03:12 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " EnumDomainAliases failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
return false ;
2003-11-15 10:03:12 +00:00
}
2009-05-11 22:44:58 +02:00
2008-11-05 13:37:49 +01:00
if ( ! sam ) {
2007-10-06 22:28:14 +00:00
return false ;
2003-11-15 12:38:06 +00:00
}
2008-11-05 13:37:49 +01:00
for ( i = 0 ; i < sam - > count ; i + + ) {
2009-05-11 23:13:26 +02:00
if ( ! test_OpenAlias ( p , tctx , handle , sam - > entries [ i ] . idx ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2003-11-15 12:38:06 +00:00
}
}
2009-05-11 22:44:58 +02:00
return ret ;
2003-11-15 10:03:12 +00:00
}
2009-05-11 23:13:26 +02:00
static bool test_GetDisplayEnumerationIndex ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
2004-04-18 04:06:15 +00:00
struct policy_handle * handle )
{
NTSTATUS status ;
struct samr_GetDisplayEnumerationIndex r ;
2007-10-06 22:28:14 +00:00
bool ret = true ;
2004-05-25 17:24:24 +00:00
uint16_t levels [ ] = { 1 , 2 , 3 , 4 , 5 } ;
uint16_t ok_lvl [ ] = { 1 , 1 , 1 , 0 , 0 } ;
2008-11-04 19:46:24 +01:00
struct lsa_String name ;
uint32_t idx = 0 ;
2004-04-18 04:06:15 +00:00
int i ;
for ( i = 0 ; i < ARRAY_SIZE ( levels ) ; i + + ) {
2009-06-29 23:42:58 +02:00
torture_comment ( tctx , " Testing GetDisplayEnumerationIndex level %u \n " , levels [ i ] ) ;
2004-04-18 04:06:15 +00:00
2008-11-04 19:46:24 +01:00
init_lsa_String ( & name , TEST_ACCOUNT_NAME ) ;
2004-09-21 03:51:38 +00:00
r . in . domain_handle = handle ;
2004-04-18 04:06:15 +00:00
r . in . level = levels [ i ] ;
2008-11-04 19:46:24 +01:00
r . in . name = & name ;
r . out . idx = & idx ;
2004-04-18 04:06:15 +00:00
2009-05-11 23:13:26 +02:00
status = dcerpc_samr_GetDisplayEnumerationIndex ( p , tctx , & r ) ;
2004-04-22 07:28:18 +00:00
2009-05-11 22:44:58 +02:00
if ( ok_lvl [ i ] & &
2004-04-22 07:28:18 +00:00
! NT_STATUS_IS_OK ( status ) & &
! NT_STATUS_EQUAL ( NT_STATUS_NO_MORE_ENTRIES , status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " GetDisplayEnumerationIndex level %u failed - %s \n " ,
2004-04-18 04:06:15 +00:00
levels [ i ] , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2004-04-18 04:06:15 +00:00
}
2004-04-18 04:32:04 +00:00
2008-11-04 19:46:24 +01:00
init_lsa_String ( & name , " zzzzzzzz " ) ;
2004-04-18 04:32:04 +00:00
2009-05-11 23:13:26 +02:00
status = dcerpc_samr_GetDisplayEnumerationIndex ( p , tctx , & r ) ;
2009-05-11 22:44:58 +02:00
2004-04-22 07:28:18 +00:00
if ( ok_lvl [ i ] & & ! NT_STATUS_EQUAL ( NT_STATUS_NO_MORE_ENTRIES , status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " GetDisplayEnumerationIndex level %u failed - %s \n " ,
2004-04-18 04:32:04 +00:00
levels [ i ] , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2004-04-18 04:32:04 +00:00
}
}
2009-05-11 22:44:58 +02:00
return ret ;
2004-04-18 04:32:04 +00:00
}
2009-05-11 23:13:26 +02:00
static bool test_GetDisplayEnumerationIndex2 ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
2004-04-18 04:32:04 +00:00
struct policy_handle * handle )
{
NTSTATUS status ;
struct samr_GetDisplayEnumerationIndex2 r ;
2007-10-06 22:28:14 +00:00
bool ret = true ;
2004-05-25 17:24:24 +00:00
uint16_t levels [ ] = { 1 , 2 , 3 , 4 , 5 } ;
uint16_t ok_lvl [ ] = { 1 , 1 , 1 , 0 , 0 } ;
2008-11-04 19:46:43 +01:00
struct lsa_String name ;
uint32_t idx = 0 ;
2004-04-18 04:32:04 +00:00
int i ;
for ( i = 0 ; i < ARRAY_SIZE ( levels ) ; i + + ) {
2009-06-29 23:42:58 +02:00
torture_comment ( tctx , " Testing GetDisplayEnumerationIndex2 level %u \n " , levels [ i ] ) ;
2004-04-18 04:32:04 +00:00
2008-11-04 19:46:43 +01:00
init_lsa_String ( & name , TEST_ACCOUNT_NAME ) ;
2004-09-21 03:51:38 +00:00
r . in . domain_handle = handle ;
2004-04-18 04:32:04 +00:00
r . in . level = levels [ i ] ;
2008-11-04 19:46:43 +01:00
r . in . name = & name ;
r . out . idx = & idx ;
2004-04-18 04:32:04 +00:00
2009-05-11 23:13:26 +02:00
status = dcerpc_samr_GetDisplayEnumerationIndex2 ( p , tctx , & r ) ;
2009-05-11 22:44:58 +02:00
if ( ok_lvl [ i ] & &
! NT_STATUS_IS_OK ( status ) & &
2004-04-22 07:28:18 +00:00
! NT_STATUS_EQUAL ( NT_STATUS_NO_MORE_ENTRIES , status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " GetDisplayEnumerationIndex2 level %u failed - %s \n " ,
2004-04-18 04:32:04 +00:00
levels [ i ] , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2004-04-18 04:32:04 +00:00
}
2008-11-04 19:46:43 +01:00
init_lsa_String ( & name , " zzzzzzzz " ) ;
2004-04-18 04:32:04 +00:00
2009-05-11 23:13:26 +02:00
status = dcerpc_samr_GetDisplayEnumerationIndex2 ( p , tctx , & r ) ;
2004-04-22 07:28:18 +00:00
if ( ok_lvl [ i ] & & ! NT_STATUS_EQUAL ( NT_STATUS_NO_MORE_ENTRIES , status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " GetDisplayEnumerationIndex2 level %u failed - %s \n " ,
2004-04-18 04:32:04 +00:00
levels [ i ] , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2004-04-18 04:32:04 +00:00
}
2004-04-18 04:06:15 +00:00
}
2009-05-11 22:44:58 +02:00
return ret ;
2004-04-18 04:06:15 +00:00
}
2007-07-26 03:50:24 +00:00
# define STRING_EQUAL_QUERY(s1, s2, user) \
if ( s1 . string = = NULL & & s2 . string ! = NULL & & s2 . string [ 0 ] = = ' \0 ' ) { \
/* odd, but valid */ \
} else if ( ( s1 . string & & ! s2 . string ) | | ( s2 . string & & ! s1 . string ) | | strcmp ( s1 . string , s2 . string ) ) { \
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " %s mismatch for %s: %s != %s (%s) \n " , \
2007-07-26 03:50:24 +00:00
# s1, user.string, s1.string, s2.string, __location__); \
2007-10-06 22:28:14 +00:00
ret = false ; \
2007-07-26 03:50:24 +00:00
}
# define INT_EQUAL_QUERY(s1, s2, user) \
if ( s1 ! = s2 ) { \
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " %s mismatch for %s: 0x%llx != 0x%llx (%s) \n " , \
2007-09-06 02:56:56 +00:00
# s1, user.string, (unsigned long long)s1, (unsigned long long)s2, __location__); \
2007-10-06 22:28:14 +00:00
ret = false ; \
2007-07-26 03:50:24 +00:00
}
2009-05-11 23:13:26 +02:00
static bool test_each_DisplayInfo_user ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
2007-07-26 03:50:24 +00:00
struct samr_QueryDisplayInfo * querydisplayinfo ,
2009-05-11 22:44:58 +02:00
bool * seen_testuser )
2007-07-26 03:50:24 +00:00
{
struct samr_OpenUser r ;
struct samr_QueryUserInfo q ;
2008-11-10 14:42:27 +01:00
union samr_UserInfo * info ;
2007-07-26 03:50:24 +00:00
struct policy_handle user_handle ;
2007-10-06 22:28:14 +00:00
int i , ret = true ;
2007-07-26 03:50:24 +00:00
NTSTATUS status ;
r . in . domain_handle = querydisplayinfo - > in . domain_handle ;
r . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
for ( i = 0 ; ; i + + ) {
switch ( querydisplayinfo - > in . level ) {
case 1 :
2008-11-05 12:32:24 +01:00
if ( i > = querydisplayinfo - > out . info - > info1 . count ) {
2007-07-26 03:50:24 +00:00
return ret ;
}
2008-11-05 12:32:24 +01:00
r . in . rid = querydisplayinfo - > out . info - > info1 . entries [ i ] . rid ;
2007-07-26 03:50:24 +00:00
break ;
case 2 :
2008-11-05 12:32:24 +01:00
if ( i > = querydisplayinfo - > out . info - > info2 . count ) {
2007-07-26 03:50:24 +00:00
return ret ;
}
2008-11-05 12:32:24 +01:00
r . in . rid = querydisplayinfo - > out . info - > info2 . entries [ i ] . rid ;
2007-07-26 03:50:24 +00:00
break ;
case 3 :
/* Groups */
case 4 :
case 5 :
/* Not interested in validating just the account name */
return true ;
}
2009-05-11 22:44:58 +02:00
2007-07-26 03:50:24 +00:00
r . out . user_handle = & user_handle ;
2009-05-11 22:44:58 +02:00
2007-07-26 03:50:24 +00:00
switch ( querydisplayinfo - > in . level ) {
case 1 :
case 2 :
2009-05-11 23:13:26 +02:00
status = dcerpc_samr_OpenUser ( p , tctx , & r ) ;
2007-07-26 03:50:24 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " OpenUser(%u) failed - %s \n " , r . in . rid , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
return false ;
2007-07-26 03:50:24 +00:00
}
}
2009-05-11 22:44:58 +02:00
2007-07-26 03:50:24 +00:00
q . in . user_handle = & user_handle ;
q . in . level = 21 ;
2008-11-10 14:42:27 +01:00
q . out . info = & info ;
2009-05-11 23:13:26 +02:00
status = dcerpc_samr_QueryUserInfo ( p , tctx , & q ) ;
2007-07-26 03:50:24 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " QueryUserInfo(%u) failed - %s \n " , r . in . rid , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
return false ;
2007-07-26 03:50:24 +00:00
}
2009-05-11 22:44:58 +02:00
2007-07-26 03:50:24 +00:00
switch ( querydisplayinfo - > in . level ) {
case 1 :
2008-11-10 14:42:27 +01:00
if ( seen_testuser & & strcmp ( info - > info21 . account_name . string , TEST_ACCOUNT_NAME ) = = 0 ) {
2007-07-26 03:50:24 +00:00
* seen_testuser = true ;
}
2008-11-05 12:32:24 +01:00
STRING_EQUAL_QUERY ( querydisplayinfo - > out . info - > info1 . entries [ i ] . full_name ,
2008-11-10 14:42:27 +01:00
info - > info21 . full_name , info - > info21 . account_name ) ;
2008-11-05 12:32:24 +01:00
STRING_EQUAL_QUERY ( querydisplayinfo - > out . info - > info1 . entries [ i ] . account_name ,
2008-11-10 14:42:27 +01:00
info - > info21 . account_name , info - > info21 . account_name ) ;
2008-11-05 12:32:24 +01:00
STRING_EQUAL_QUERY ( querydisplayinfo - > out . info - > info1 . entries [ i ] . description ,
2008-11-10 14:42:27 +01:00
info - > info21 . description , info - > info21 . account_name ) ;
2008-11-05 12:32:24 +01:00
INT_EQUAL_QUERY ( querydisplayinfo - > out . info - > info1 . entries [ i ] . rid ,
2008-11-10 14:42:27 +01:00
info - > info21 . rid , info - > info21 . account_name ) ;
2008-11-05 12:32:24 +01:00
INT_EQUAL_QUERY ( querydisplayinfo - > out . info - > info1 . entries [ i ] . acct_flags ,
2008-11-10 14:42:27 +01:00
info - > info21 . acct_flags , info - > info21 . account_name ) ;
2009-05-11 22:44:58 +02:00
2007-07-26 03:50:24 +00:00
break ;
case 2 :
2008-11-05 12:32:24 +01:00
STRING_EQUAL_QUERY ( querydisplayinfo - > out . info - > info2 . entries [ i ] . account_name ,
2008-11-10 14:42:27 +01:00
info - > info21 . account_name , info - > info21 . account_name ) ;
2008-11-05 12:32:24 +01:00
STRING_EQUAL_QUERY ( querydisplayinfo - > out . info - > info2 . entries [ i ] . description ,
2008-11-10 14:42:27 +01:00
info - > info21 . description , info - > info21 . account_name ) ;
2008-11-05 12:32:24 +01:00
INT_EQUAL_QUERY ( querydisplayinfo - > out . info - > info2 . entries [ i ] . rid ,
2008-11-10 14:42:27 +01:00
info - > info21 . rid , info - > info21 . account_name ) ;
2008-11-05 12:32:24 +01:00
INT_EQUAL_QUERY ( ( querydisplayinfo - > out . info - > info2 . entries [ i ] . acct_flags & ~ ACB_NORMAL ) ,
2008-11-10 14:42:27 +01:00
info - > info21 . acct_flags , info - > info21 . account_name ) ;
2009-05-11 22:44:58 +02:00
2008-11-05 12:32:24 +01:00
if ( ! ( querydisplayinfo - > out . info - > info2 . entries [ i ] . acct_flags & ACB_NORMAL ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " Missing ACB_NORMAL in querydisplayinfo->out.info.info2.entries[i].acct_flags on %s \n " ,
2008-11-10 14:42:27 +01:00
info - > info21 . account_name . string ) ;
2007-07-26 03:50:24 +00:00
}
2008-11-10 14:42:27 +01:00
if ( ! ( info - > info21 . acct_flags & ( ACB_WSTRUST | ACB_SVRTRUST ) ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " Found non-trust account %s in trust account listing: 0x%x 0x%x \n " ,
2008-11-10 14:42:27 +01:00
info - > info21 . account_name . string ,
2008-11-05 12:32:24 +01:00
querydisplayinfo - > out . info - > info2 . entries [ i ] . acct_flags ,
2008-11-10 14:42:27 +01:00
info - > info21 . acct_flags ) ;
2007-10-06 22:28:14 +00:00
return false ;
2007-07-26 03:50:24 +00:00
}
2009-05-11 22:44:58 +02:00
2007-07-26 03:50:24 +00:00
break ;
}
2009-05-11 22:44:58 +02:00
2009-05-11 23:13:26 +02:00
if ( ! test_samr_handle_Close ( p , tctx , & user_handle ) ) {
2007-10-06 22:28:14 +00:00
return false ;
2007-07-26 03:50:24 +00:00
}
}
return ret ;
}
2009-05-11 23:13:26 +02:00
static bool test_QueryDisplayInfo ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
2003-11-20 12:10:41 +00:00
struct policy_handle * handle )
{
NTSTATUS status ;
struct samr_QueryDisplayInfo r ;
2007-07-26 03:50:24 +00:00
struct samr_QueryDomainInfo dom_info ;
2008-11-05 02:59:51 +01:00
union samr_DomainInfo * info = NULL ;
2007-10-06 22:28:14 +00:00
bool ret = true ;
2004-05-25 17:24:24 +00:00
uint16_t levels [ ] = { 1 , 2 , 3 , 4 , 5 } ;
2003-11-21 02:19:47 +00:00
int i ;
2007-07-26 03:50:24 +00:00
bool seen_testuser = false ;
2008-11-05 12:32:24 +01:00
uint32_t total_size ;
uint32_t returned_size ;
union samr_DispInfo disp_info ;
2003-11-20 12:10:41 +00:00
2003-11-21 02:19:47 +00:00
for ( i = 0 ; i < ARRAY_SIZE ( levels ) ; i + + ) {
2009-06-29 23:42:58 +02:00
torture_comment ( tctx , " Testing QueryDisplayInfo level %u \n " , levels [ i ] ) ;
2003-11-20 12:10:41 +00:00
2003-11-21 02:19:47 +00:00
r . in . start_idx = 0 ;
2007-07-26 03:50:24 +00:00
status = STATUS_MORE_ENTRIES ;
while ( NT_STATUS_EQUAL ( status , STATUS_MORE_ENTRIES ) ) {
r . in . domain_handle = handle ;
r . in . level = levels [ i ] ;
r . in . max_entries = 2 ;
r . in . buf_size = ( uint32_t ) - 1 ;
2008-11-05 12:32:24 +01:00
r . out . total_size = & total_size ;
r . out . returned_size = & returned_size ;
r . out . info = & disp_info ;
2009-05-11 22:44:58 +02:00
2009-05-11 23:13:26 +02:00
status = dcerpc_samr_QueryDisplayInfo ( p , tctx , & r ) ;
2007-07-26 03:50:24 +00:00
if ( ! NT_STATUS_EQUAL ( status , STATUS_MORE_ENTRIES ) & & ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " QueryDisplayInfo level %u failed - %s \n " ,
2007-07-26 03:50:24 +00:00
levels [ i ] , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2007-07-26 03:50:24 +00:00
}
switch ( r . in . level ) {
case 1 :
2009-05-11 23:13:26 +02:00
if ( ! test_each_DisplayInfo_user ( p , tctx , & r , & seen_testuser ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2007-07-26 03:50:24 +00:00
}
2008-11-05 12:32:24 +01:00
r . in . start_idx + = r . out . info - > info1 . count ;
2007-07-26 03:50:24 +00:00
break ;
case 2 :
2009-05-11 23:13:26 +02:00
if ( ! test_each_DisplayInfo_user ( p , tctx , & r , NULL ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2007-07-26 03:50:24 +00:00
}
2008-11-05 12:32:24 +01:00
r . in . start_idx + = r . out . info - > info2 . count ;
2007-07-26 03:50:24 +00:00
break ;
case 3 :
2008-11-05 12:32:24 +01:00
r . in . start_idx + = r . out . info - > info3 . count ;
2007-07-26 03:50:24 +00:00
break ;
case 4 :
2008-11-05 12:32:24 +01:00
r . in . start_idx + = r . out . info - > info4 . count ;
2007-07-26 03:50:24 +00:00
break ;
case 5 :
2008-11-05 12:32:24 +01:00
r . in . start_idx + = r . out . info - > info5 . count ;
2007-07-26 03:50:24 +00:00
break ;
}
}
dom_info . in . domain_handle = handle ;
dom_info . in . level = 2 ;
2008-11-05 02:59:51 +01:00
dom_info . out . info = & info ;
2007-07-26 03:50:24 +00:00
/* Check number of users returned is correct */
2009-05-11 23:13:26 +02:00
status = dcerpc_samr_QueryDomainInfo ( p , tctx , & dom_info ) ;
2003-11-21 02:19:47 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " QueryDomainInfo level %u failed - %s \n " ,
2007-07-26 03:50:24 +00:00
r . in . level , nt_errstr ( status ) ) ;
2010-03-03 17:41:43 +01:00
ret = false ;
break ;
2003-11-21 02:19:47 +00:00
}
2007-07-26 03:50:24 +00:00
switch ( r . in . level ) {
case 1 :
case 4 :
2008-11-05 02:59:51 +01:00
if ( info - > general . num_users < r . in . start_idx ) {
2010-03-03 17:41:43 +01:00
/* On AD deployments this numbers don't match
* since QueryDisplayInfo returns universal and
* global groups , QueryDomainInfo only global
* ones . */
if ( torture_setting_bool ( tctx , " samba3 " , false ) ) {
torture_warning ( tctx , " QueryDomainInfo indicates that QueryDisplayInfo returned more users (%d/%d) than the domain %s is said to contain! \n " ,
r . in . start_idx , info - > general . num_groups ,
info - > general . domain_name . string ) ;
ret = false ;
}
2007-07-26 03:50:24 +00:00
}
if ( ! seen_testuser ) {
2007-07-30 10:43:50 +00:00
struct policy_handle user_handle ;
2009-05-11 23:13:26 +02:00
if ( NT_STATUS_IS_OK ( test_OpenUser_byname ( p , tctx , handle , TEST_ACCOUNT_NAME , & user_handle ) ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " Didn't find test user " TEST_ACCOUNT_NAME " in enumeration of %s \n " ,
2008-11-05 02:59:51 +01:00
info - > general . domain_name . string ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2009-05-11 23:13:26 +02:00
test_samr_handle_Close ( p , tctx , & user_handle ) ;
2007-07-30 10:43:50 +00:00
}
2007-07-26 03:50:24 +00:00
}
break ;
case 3 :
case 5 :
2008-11-05 02:59:51 +01:00
if ( info - > general . num_groups ! = r . in . start_idx ) {
2010-03-03 17:41:43 +01:00
/* On AD deployments this numbers don't match
* since QueryDisplayInfo returns universal and
* global groups , QueryDomainInfo only global
* ones . */
if ( torture_setting_bool ( tctx , " samba3 " , false ) ) {
torture_warning ( tctx , " QueryDomainInfo indicates that QueryDisplayInfo didn't return all (%d/%d) the groups in %s \n " ,
r . in . start_idx , info - > general . num_groups ,
info - > general . domain_name . string ) ;
ret = false ;
}
2007-07-26 03:50:24 +00:00
}
2009-05-11 22:44:58 +02:00
2007-07-26 03:50:24 +00:00
break ;
}
2003-11-20 12:10:41 +00:00
}
2009-05-11 22:44:58 +02:00
return ret ;
2003-11-20 12:10:41 +00:00
}
2009-05-11 23:13:26 +02:00
static bool test_QueryDisplayInfo2 ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * handle )
2004-04-18 04:32:04 +00:00
{
NTSTATUS status ;
struct samr_QueryDisplayInfo2 r ;
2007-10-06 22:28:14 +00:00
bool ret = true ;
2004-05-25 17:24:24 +00:00
uint16_t levels [ ] = { 1 , 2 , 3 , 4 , 5 } ;
2004-04-18 04:32:04 +00:00
int i ;
2008-11-05 11:17:22 +01:00
uint32_t total_size ;
uint32_t returned_size ;
union samr_DispInfo info ;
2004-04-18 04:32:04 +00:00
for ( i = 0 ; i < ARRAY_SIZE ( levels ) ; i + + ) {
2009-06-29 23:42:58 +02:00
torture_comment ( tctx , " Testing QueryDisplayInfo2 level %u \n " , levels [ i ] ) ;
2004-04-18 04:32:04 +00:00
2004-09-21 03:51:38 +00:00
r . in . domain_handle = handle ;
2004-04-18 04:32:04 +00:00
r . in . level = levels [ i ] ;
r . in . start_idx = 0 ;
r . in . max_entries = 1000 ;
2004-05-25 16:24:13 +00:00
r . in . buf_size = ( uint32_t ) - 1 ;
2008-11-05 11:17:22 +01:00
r . out . total_size = & total_size ;
r . out . returned_size = & returned_size ;
r . out . info = & info ;
2004-04-18 04:32:04 +00:00
2009-05-11 23:13:26 +02:00
status = dcerpc_samr_QueryDisplayInfo2 ( p , tctx , & r ) ;
2004-04-18 04:32:04 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " QueryDisplayInfo2 level %u failed - %s \n " ,
2004-04-18 04:32:04 +00:00
levels [ i ] , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2004-04-18 04:32:04 +00:00
}
}
2009-05-11 22:44:58 +02:00
return ret ;
2004-04-18 04:32:04 +00:00
}
2008-10-31 16:09:29 +01:00
static bool test_QueryDisplayInfo3 ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2004-04-19 05:48:03 +00:00
struct policy_handle * handle )
{
NTSTATUS status ;
struct samr_QueryDisplayInfo3 r ;
2007-10-06 22:28:14 +00:00
bool ret = true ;
2004-05-25 17:24:24 +00:00
uint16_t levels [ ] = { 1 , 2 , 3 , 4 , 5 } ;
2004-04-19 05:48:03 +00:00
int i ;
2008-11-05 11:15:08 +01:00
uint32_t total_size ;
uint32_t returned_size ;
union samr_DispInfo info ;
2004-04-19 05:48:03 +00:00
for ( i = 0 ; i < ARRAY_SIZE ( levels ) ; i + + ) {
2008-10-31 16:09:29 +01:00
torture_comment ( tctx , " Testing QueryDisplayInfo3 level %u \n " , levels [ i ] ) ;
2004-04-19 05:48:03 +00:00
2004-09-21 03:51:38 +00:00
r . in . domain_handle = handle ;
2004-04-19 05:48:03 +00:00
r . in . level = levels [ i ] ;
r . in . start_idx = 0 ;
r . in . max_entries = 1000 ;
2004-05-25 16:24:13 +00:00
r . in . buf_size = ( uint32_t ) - 1 ;
2008-11-05 11:15:08 +01:00
r . out . total_size = & total_size ;
r . out . returned_size = & returned_size ;
r . out . info = & info ;
2004-04-19 05:48:03 +00:00
2008-10-31 16:09:29 +01:00
status = dcerpc_samr_QueryDisplayInfo3 ( p , tctx , & r ) ;
2004-04-19 05:48:03 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " QueryDisplayInfo3 level %u failed - %s \n " ,
2004-04-19 05:48:03 +00:00
levels [ i ] , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2004-04-19 05:48:03 +00:00
}
}
2009-05-11 22:44:58 +02:00
return ret ;
2004-04-19 05:48:03 +00:00
}
2005-06-12 11:03:15 +00:00
2009-05-11 23:13:26 +02:00
static bool test_QueryDisplayInfo_continue ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
2005-06-12 11:03:15 +00:00
struct policy_handle * handle )
{
NTSTATUS status ;
struct samr_QueryDisplayInfo r ;
2007-10-06 22:28:14 +00:00
bool ret = true ;
2008-11-05 12:32:24 +01:00
uint32_t total_size ;
uint32_t returned_size ;
union samr_DispInfo info ;
2005-06-12 11:03:15 +00:00
2009-06-29 23:42:58 +02:00
torture_comment ( tctx , " Testing QueryDisplayInfo continuation \n " ) ;
2005-06-12 11:03:15 +00:00
r . in . domain_handle = handle ;
r . in . level = 1 ;
r . in . start_idx = 0 ;
r . in . max_entries = 1 ;
r . in . buf_size = ( uint32_t ) - 1 ;
2008-11-05 12:32:24 +01:00
r . out . total_size = & total_size ;
r . out . returned_size = & returned_size ;
r . out . info = & info ;
2005-06-12 11:03:15 +00:00
do {
2009-05-11 23:13:26 +02:00
status = dcerpc_samr_QueryDisplayInfo ( p , tctx , & r ) ;
2008-11-05 12:32:24 +01:00
if ( NT_STATUS_IS_OK ( status ) & & * r . out . returned_size ! = 0 ) {
if ( r . out . info - > info1 . entries [ 0 ] . idx ! = r . in . start_idx + 1 ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " expected idx %d but got %d \n " ,
2005-06-12 11:03:15 +00:00
r . in . start_idx + 1 ,
2008-11-05 12:32:24 +01:00
r . out . info - > info1 . entries [ 0 ] . idx ) ;
2005-06-12 11:03:15 +00:00
break ;
}
}
if ( ! NT_STATUS_EQUAL ( status , STATUS_MORE_ENTRIES ) & &
! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " QueryDisplayInfo level %u failed - %s \n " ,
2005-06-12 11:03:15 +00:00
r . in . level , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2005-06-12 11:03:15 +00:00
break ;
}
r . in . start_idx + + ;
2005-06-13 09:11:21 +00:00
} while ( ( NT_STATUS_EQUAL ( status , STATUS_MORE_ENTRIES ) | |
NT_STATUS_IS_OK ( status ) ) & &
2008-11-05 12:32:24 +01:00
* r . out . returned_size ! = 0 ) ;
2009-05-11 22:44:58 +02:00
return ret ;
2005-06-12 11:03:15 +00:00
}
2008-10-31 16:09:29 +01:00
static bool test_QueryDomainInfo ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2003-11-15 08:06:39 +00:00
struct policy_handle * handle )
{
NTSTATUS status ;
struct samr_QueryDomainInfo r ;
2008-11-05 02:59:51 +01:00
union samr_DomainInfo * info = NULL ;
2004-04-17 05:25:49 +00:00
struct samr_SetDomainInfo s ;
2004-05-25 17:24:24 +00:00
uint16_t levels [ ] = { 1 , 2 , 3 , 4 , 5 , 6 , 7 , 8 , 9 , 11 , 12 , 13 } ;
uint16_t set_ok [ ] = { 1 , 0 , 1 , 1 , 0 , 1 , 1 , 0 , 1 , 0 , 1 , 0 } ;
2003-11-15 09:18:02 +00:00
int i ;
2007-10-06 22:28:14 +00:00
bool ret = true ;
2009-05-11 22:44:58 +02:00
const char * domain_comment = talloc_asprintf ( tctx ,
" Tortured by Samba4 RPC-SAMR: %s " ,
2008-10-31 16:09:29 +01:00
timestring ( tctx , time ( NULL ) ) ) ;
2006-07-04 02:46:24 +00:00
s . in . domain_handle = handle ;
s . in . level = 4 ;
2008-10-31 16:09:29 +01:00
s . in . info = talloc ( tctx , union samr_DomainInfo ) ;
2009-05-11 22:44:58 +02:00
2008-07-21 13:42:07 +10:00
s . in . info - > oem . oem_information . string = domain_comment ;
2008-10-31 16:09:29 +01:00
status = dcerpc_samr_SetDomainInfo ( p , tctx , & s ) ;
2006-07-04 02:46:24 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " SetDomainInfo level %u (set comment) failed - %s \n " ,
2009-05-08 09:56:40 +02:00
s . in . level , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
return false ;
2006-07-04 02:46:24 +00:00
}
2003-11-15 08:06:39 +00:00
2003-11-15 09:18:02 +00:00
for ( i = 0 ; i < ARRAY_SIZE ( levels ) ; i + + ) {
2008-10-31 16:09:29 +01:00
torture_comment ( tctx , " Testing QueryDomainInfo level %u \n " , levels [ i ] ) ;
2003-11-15 08:06:39 +00:00
2004-09-21 03:51:38 +00:00
r . in . domain_handle = handle ;
2003-11-15 09:18:02 +00:00
r . in . level = levels [ i ] ;
2008-11-05 02:59:51 +01:00
r . out . info = & info ;
2003-11-15 08:06:39 +00:00
2008-10-31 16:09:29 +01:00
status = dcerpc_samr_QueryDomainInfo ( p , tctx , & r ) ;
2003-11-15 09:18:02 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " QueryDomainInfo level %u failed - %s \n " ,
2003-11-15 09:18:02 +00:00
r . in . level , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2003-11-15 09:18:02 +00:00
continue ;
}
2004-04-17 05:25:49 +00:00
2006-07-04 02:46:24 +00:00
switch ( levels [ i ] ) {
case 2 :
2008-11-05 02:59:51 +01:00
if ( strcmp ( info - > general . oem_information . string , domain_comment ) ! = 0 ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " QueryDomainInfo level %u returned different oem_information (comment) (%s, expected %s) \n " ,
2008-11-05 02:59:51 +01:00
levels [ i ] , info - > general . oem_information . string , domain_comment ) ;
2009-06-07 02:27:50 +02:00
if ( ! torture_setting_bool ( tctx , " samba3 " , false ) ) {
ret = false ;
}
2006-07-04 02:46:24 +00:00
}
2008-11-05 02:59:51 +01:00
if ( ! info - > general . primary . string ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " QueryDomainInfo level %u returned no PDC name \n " ,
2006-12-13 11:19:51 +00:00
levels [ i ] ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2008-11-05 02:59:51 +01:00
} else if ( info - > general . role = = SAMR_ROLE_DOMAIN_PDC ) {
if ( dcerpc_server_name ( p ) & & strcasecmp_m ( dcerpc_server_name ( p ) , info - > general . primary . string ) ! = 0 ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " QueryDomainInfo level %u returned different PDC name (%s) compared to server name (%s), despite claiming to be the PDC \n " ,
2008-11-05 02:59:51 +01:00
levels [ i ] , info - > general . primary . string , dcerpc_server_name ( p ) ) ;
2006-12-13 11:19:51 +00:00
}
}
2006-07-04 02:46:24 +00:00
break ;
case 4 :
2008-11-05 02:59:51 +01:00
if ( strcmp ( info - > oem . oem_information . string , domain_comment ) ! = 0 ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " QueryDomainInfo level %u returned different oem_information (comment) (%s, expected %s) \n " ,
2008-11-05 02:59:51 +01:00
levels [ i ] , info - > oem . oem_information . string , domain_comment ) ;
2009-06-07 02:27:50 +02:00
if ( ! torture_setting_bool ( tctx , " samba3 " , false ) ) {
ret = false ;
}
2006-07-04 02:46:24 +00:00
}
break ;
2006-12-13 11:19:51 +00:00
case 6 :
2008-11-05 02:59:51 +01:00
if ( ! info - > info6 . primary . string ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " QueryDomainInfo level %u returned no PDC name \n " ,
2006-12-13 11:19:51 +00:00
levels [ i ] ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2006-12-13 11:19:51 +00:00
}
break ;
2006-07-04 02:46:24 +00:00
case 11 :
2008-11-05 02:59:51 +01:00
if ( strcmp ( info - > general2 . general . oem_information . string , domain_comment ) ! = 0 ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " QueryDomainInfo level %u returned different comment (%s, expected %s) \n " ,
2008-11-05 02:59:51 +01:00
levels [ i ] , info - > general2 . general . oem_information . string , domain_comment ) ;
2009-06-07 02:27:50 +02:00
if ( ! torture_setting_bool ( tctx , " samba3 " , false ) ) {
ret = false ;
}
2006-07-04 02:46:24 +00:00
}
break ;
}
2008-10-31 16:09:29 +01:00
torture_comment ( tctx , " Testing SetDomainInfo level %u \n " , levels [ i ] ) ;
2004-04-17 05:25:49 +00:00
2004-09-21 03:51:38 +00:00
s . in . domain_handle = handle ;
2004-04-17 05:25:49 +00:00
s . in . level = levels [ i ] ;
2008-11-05 02:59:51 +01:00
s . in . info = info ;
2004-04-17 05:25:49 +00:00
2008-10-31 16:09:29 +01:00
status = dcerpc_samr_SetDomainInfo ( p , tctx , & s ) ;
2004-04-17 05:25:49 +00:00
if ( set_ok [ i ] ) {
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " SetDomainInfo level %u failed - %s \n " ,
2004-04-17 05:25:49 +00:00
r . in . level , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2004-04-17 05:25:49 +00:00
continue ;
}
} else {
if ( ! NT_STATUS_EQUAL ( NT_STATUS_INVALID_INFO_CLASS , status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " SetDomainInfo level %u gave %s - should have been NT_STATUS_INVALID_INFO_CLASS \n " ,
2004-04-17 05:25:49 +00:00
r . in . level , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2004-04-17 05:25:49 +00:00
continue ;
}
}
2004-04-26 02:04:48 +00:00
2008-10-31 16:09:29 +01:00
status = dcerpc_samr_QueryDomainInfo ( p , tctx , & r ) ;
2004-04-26 02:04:48 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " QueryDomainInfo level %u failed - %s \n " ,
2004-04-26 02:04:48 +00:00
r . in . level , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2004-04-26 02:04:48 +00:00
continue ;
}
2003-11-15 09:18:02 +00:00
}
2003-11-15 08:06:39 +00:00
2009-05-11 22:44:58 +02:00
return ret ;
2003-11-15 08:06:39 +00:00
}
2004-04-18 04:32:04 +00:00
2008-10-31 16:09:29 +01:00
static bool test_QueryDomainInfo2 ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2004-04-18 04:32:04 +00:00
struct policy_handle * handle )
{
NTSTATUS status ;
struct samr_QueryDomainInfo2 r ;
2008-11-05 03:02:37 +01:00
union samr_DomainInfo * info = NULL ;
2004-05-25 17:24:24 +00:00
uint16_t levels [ ] = { 1 , 2 , 3 , 4 , 5 , 6 , 7 , 8 , 9 , 11 , 12 , 13 } ;
2004-04-18 04:32:04 +00:00
int i ;
2007-10-06 22:28:14 +00:00
bool ret = true ;
2004-04-18 04:32:04 +00:00
for ( i = 0 ; i < ARRAY_SIZE ( levels ) ; i + + ) {
2009-06-29 23:42:58 +02:00
torture_comment ( tctx , " Testing QueryDomainInfo2 level %u \n " , levels [ i ] ) ;
2004-04-18 04:32:04 +00:00
2004-09-21 03:51:38 +00:00
r . in . domain_handle = handle ;
2004-04-18 04:32:04 +00:00
r . in . level = levels [ i ] ;
2008-11-05 03:02:37 +01:00
r . out . info = & info ;
2004-04-18 04:32:04 +00:00
2008-10-31 16:09:29 +01:00
status = dcerpc_samr_QueryDomainInfo2 ( p , tctx , & r ) ;
2004-04-18 04:32:04 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " QueryDomainInfo2 level %u failed - %s \n " ,
2004-04-18 04:32:04 +00:00
r . in . level , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2004-04-18 04:32:04 +00:00
continue ;
}
}
2009-05-11 22:44:58 +02:00
return true ;
2004-04-18 04:32:04 +00:00
}
2004-04-15 13:17:36 +00:00
/* Test whether querydispinfo level 5 and enumdomgroups return the same
set of group names . */
2008-10-31 15:24:24 +01:00
static bool test_GroupList ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2004-04-15 13:17:36 +00:00
struct policy_handle * handle )
{
struct samr_EnumDomainGroups q1 ;
struct samr_QueryDisplayInfo q2 ;
NTSTATUS status ;
2004-05-25 16:24:13 +00:00
uint32_t resume_handle = 0 ;
2008-11-07 14:51:21 +01:00
struct samr_SamArray * sam = NULL ;
uint32_t num_entries = 0 ;
2004-04-15 13:17:36 +00:00
int i ;
2007-10-06 22:28:14 +00:00
bool ret = true ;
2008-11-05 12:32:24 +01:00
uint32_t total_size ;
uint32_t returned_size ;
union samr_DispInfo info ;
2004-04-15 13:17:36 +00:00
int num_names = 0 ;
const char * * names = NULL ;
2008-10-31 15:24:24 +01:00
torture_comment ( tctx , " Testing coherency of querydispinfo vs enumdomgroups \n " ) ;
2004-04-15 13:17:36 +00:00
2004-09-21 03:51:38 +00:00
q1 . in . domain_handle = handle ;
2004-04-15 13:17:36 +00:00
q1 . in . resume_handle = & resume_handle ;
q1 . in . max_size = 5 ;
q1 . out . resume_handle = & resume_handle ;
2008-11-07 14:51:21 +01:00
q1 . out . num_entries = & num_entries ;
q1 . out . sam = & sam ;
2004-04-15 13:17:36 +00:00
status = STATUS_MORE_ENTRIES ;
while ( NT_STATUS_EQUAL ( status , STATUS_MORE_ENTRIES ) ) {
2008-10-31 15:24:24 +01:00
status = dcerpc_samr_EnumDomainGroups ( p , tctx , & q1 ) ;
2004-04-15 13:17:36 +00:00
if ( ! NT_STATUS_IS_OK ( status ) & &
! NT_STATUS_EQUAL ( status , STATUS_MORE_ENTRIES ) )
break ;
2008-11-07 14:51:21 +01:00
for ( i = 0 ; i < * q1 . out . num_entries ; i + + ) {
2008-10-31 15:24:24 +01:00
add_string_to_array ( tctx ,
2008-11-07 14:51:21 +01:00
sam - > entries [ i ] . name . string ,
2004-04-15 13:17:36 +00:00
& names , & num_names ) ;
}
}
2008-10-31 15:24:24 +01:00
torture_assert_ntstatus_ok ( tctx , status , " EnumDomainGroups " ) ;
2009-05-11 22:44:58 +02:00
2008-11-07 14:51:21 +01:00
torture_assert ( tctx , sam , " EnumDomainGroups failed to return sam " ) ;
2004-04-15 13:17:36 +00:00
2004-09-21 03:51:38 +00:00
q2 . in . domain_handle = handle ;
2004-04-15 13:17:36 +00:00
q2 . in . level = 5 ;
q2 . in . start_idx = 0 ;
q2 . in . max_entries = 5 ;
2004-05-25 16:24:13 +00:00
q2 . in . buf_size = ( uint32_t ) - 1 ;
2008-11-05 12:32:24 +01:00
q2 . out . total_size = & total_size ;
q2 . out . returned_size = & returned_size ;
q2 . out . info = & info ;
2004-04-15 13:17:36 +00:00
status = STATUS_MORE_ENTRIES ;
while ( NT_STATUS_EQUAL ( status , STATUS_MORE_ENTRIES ) ) {
2008-10-31 15:24:24 +01:00
status = dcerpc_samr_QueryDisplayInfo ( p , tctx , & q2 ) ;
2004-04-15 13:17:36 +00:00
if ( ! NT_STATUS_IS_OK ( status ) & &
! NT_STATUS_EQUAL ( status , STATUS_MORE_ENTRIES ) )
break ;
2008-11-05 12:32:24 +01:00
for ( i = 0 ; i < q2 . out . info - > info5 . count ; i + + ) {
2004-04-15 13:17:36 +00:00
int j ;
2008-11-05 12:32:24 +01:00
const char * name = q2 . out . info - > info5 . entries [ i ] . account_name . string ;
2007-10-06 22:28:14 +00:00
bool found = false ;
2004-04-15 13:17:36 +00:00
for ( j = 0 ; j < num_names ; j + + ) {
if ( names [ j ] = = NULL )
continue ;
if ( strequal ( names [ j ] , name ) ) {
names [ j ] = NULL ;
2007-10-06 22:28:14 +00:00
found = true ;
2004-04-15 13:17:36 +00:00
break ;
}
}
if ( ! found ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " QueryDisplayInfo gave name [%s] that EnumDomainGroups did not \n " ,
2004-04-15 13:17:36 +00:00
name ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2004-04-15 13:17:36 +00:00
}
}
2008-11-05 12:32:24 +01:00
q2 . in . start_idx + = q2 . out . info - > info5 . count ;
2004-04-15 13:17:36 +00:00
}
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " QueryDisplayInfo level 5 failed - %s \n " ,
2004-04-15 13:17:36 +00:00
nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2004-04-15 13:17:36 +00:00
}
for ( i = 0 ; i < num_names ; i + + ) {
if ( names [ i ] ! = NULL ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " EnumDomainGroups gave name [%s] that QueryDisplayInfo did not \n " ,
2004-04-15 13:17:36 +00:00
names [ i ] ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2004-04-15 13:17:36 +00:00
}
}
return ret ;
}
2008-10-31 15:24:24 +01:00
static bool test_DeleteDomainGroup ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2004-04-17 05:54:55 +00:00
struct policy_handle * group_handle )
{
struct samr_DeleteDomainGroup d ;
NTSTATUS status ;
2008-10-31 16:09:29 +01:00
torture_comment ( tctx , " Testing DeleteDomainGroup \n " ) ;
2004-04-17 05:54:55 +00:00
2004-09-21 03:51:38 +00:00
d . in . group_handle = group_handle ;
d . out . group_handle = group_handle ;
2004-04-17 05:54:55 +00:00
2008-10-31 15:24:24 +01:00
status = dcerpc_samr_DeleteDomainGroup ( p , tctx , & d ) ;
torture_assert_ntstatus_ok ( tctx , status , " DeleteDomainGroup " ) ;
2004-04-17 05:54:55 +00:00
2008-10-31 16:09:29 +01:00
return true ;
2004-04-17 05:54:55 +00:00
}
2008-10-31 15:24:24 +01:00
static bool test_TestPrivateFunctionsDomain ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2004-04-18 04:06:15 +00:00
struct policy_handle * domain_handle )
{
struct samr_TestPrivateFunctionsDomain r ;
NTSTATUS status ;
2007-10-06 22:28:14 +00:00
bool ret = true ;
2004-04-18 04:06:15 +00:00
2008-10-31 16:09:29 +01:00
torture_comment ( tctx , " Testing TestPrivateFunctionsDomain \n " ) ;
2004-04-18 04:06:15 +00:00
2004-09-21 03:51:38 +00:00
r . in . domain_handle = domain_handle ;
2004-04-18 04:06:15 +00:00
2008-10-31 15:24:24 +01:00
status = dcerpc_samr_TestPrivateFunctionsDomain ( p , tctx , & r ) ;
2009-05-11 23:46:11 +02:00
torture_assert_ntstatus_equal ( tctx , status , NT_STATUS_NOT_IMPLEMENTED , " TestPrivateFunctionsDomain " ) ;
2004-04-18 04:06:15 +00:00
return ret ;
}
2008-10-31 16:09:29 +01:00
static bool test_RidToSid ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2005-12-26 23:06:09 +00:00
struct dom_sid * domain_sid ,
2004-04-21 05:01:31 +00:00
struct policy_handle * domain_handle )
{
struct samr_RidToSid r ;
NTSTATUS status ;
2007-10-06 22:28:14 +00:00
bool ret = true ;
2008-10-28 00:03:28 +01:00
struct dom_sid * calc_sid , * out_sid ;
2005-12-26 23:06:09 +00:00
int rids [ ] = { 0 , 42 , 512 , 10200 } ;
int i ;
2004-04-21 05:01:31 +00:00
2005-12-26 23:06:09 +00:00
for ( i = 0 ; i < ARRAY_SIZE ( rids ) ; i + + ) {
2008-10-31 16:09:29 +01:00
torture_comment ( tctx , " Testing RidToSid \n " ) ;
2009-05-11 22:44:58 +02:00
2008-10-31 16:09:29 +01:00
calc_sid = dom_sid_dup ( tctx , domain_sid ) ;
2005-12-26 23:06:09 +00:00
r . in . domain_handle = domain_handle ;
r . in . rid = rids [ i ] ;
2008-10-28 00:03:28 +01:00
r . out . sid = & out_sid ;
2009-05-11 22:44:58 +02:00
2008-10-31 16:09:29 +01:00
status = dcerpc_samr_RidToSid ( p , tctx , & r ) ;
2005-12-26 23:06:09 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " RidToSid for %d failed - %s \n " , rids [ i ] , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2005-12-26 23:06:09 +00:00
} else {
calc_sid = dom_sid_add_rid ( calc_sid , calc_sid , rids [ i ] ) ;
2004-04-21 05:01:31 +00:00
2008-10-28 00:03:28 +01:00
if ( ! dom_sid_equal ( calc_sid , out_sid ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " RidToSid for %d failed - got %s, expected %s \n " , rids [ i ] ,
2008-10-28 00:03:28 +01:00
dom_sid_string ( tctx , out_sid ) ,
2008-10-31 16:09:29 +01:00
dom_sid_string ( tctx , calc_sid ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2005-12-26 23:06:09 +00:00
}
}
2004-04-21 05:01:31 +00:00
}
return ret ;
}
2008-10-31 16:09:29 +01:00
static bool test_GetBootKeyInformation ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2004-04-21 06:23:29 +00:00
struct policy_handle * domain_handle )
{
2008-10-31 15:24:24 +01:00
struct samr_GetBootKeyInformation r ;
2004-04-21 06:23:29 +00:00
NTSTATUS status ;
2007-10-06 22:28:14 +00:00
bool ret = true ;
2008-11-05 01:39:39 +01:00
uint32_t unknown = 0 ;
2004-04-21 06:23:29 +00:00
2008-10-31 16:09:29 +01:00
torture_comment ( tctx , " Testing GetBootKeyInformation \n " ) ;
2004-04-21 06:23:29 +00:00
2004-09-21 03:51:38 +00:00
r . in . domain_handle = domain_handle ;
2008-11-05 01:39:39 +01:00
r . out . unknown = & unknown ;
2004-04-21 06:23:29 +00:00
2008-10-31 16:09:29 +01:00
status = dcerpc_samr_GetBootKeyInformation ( p , tctx , & r ) ;
2004-04-21 06:23:29 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2004-04-30 03:57:48 +00:00
/* w2k3 seems to fail this sometimes and pass it sometimes */
2008-10-31 16:09:29 +01:00
torture_comment ( tctx , " GetBootKeyInformation (ignored) - %s \n " , nt_errstr ( status ) ) ;
2004-04-21 06:23:29 +00:00
}
return ret ;
}
2009-05-11 22:44:58 +02:00
static bool test_AddGroupMember ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2004-04-17 06:40:50 +00:00
struct policy_handle * domain_handle ,
struct policy_handle * group_handle )
{
NTSTATUS status ;
struct samr_AddGroupMember r ;
2004-04-17 06:49:26 +00:00
struct samr_DeleteGroupMember d ;
2004-04-23 04:21:22 +00:00
struct samr_QueryGroupMember q ;
2008-11-05 02:00:12 +01:00
struct samr_RidTypeArray * rids = NULL ;
2004-04-23 04:21:22 +00:00
struct samr_SetMemberAttributesOfGroup s ;
2004-05-25 16:24:13 +00:00
uint32_t rid ;
2009-06-24 00:27:33 +02:00
bool found_member = false ;
int i ;
2004-04-17 06:40:50 +00:00
2007-12-03 15:53:17 +01:00
status = test_LookupName ( p , tctx , domain_handle , TEST_ACCOUNT_NAME , & rid ) ;
2008-10-31 15:24:24 +01:00
torture_assert_ntstatus_ok ( tctx , status , " test_AddGroupMember looking up name " TEST_ACCOUNT_NAME ) ;
2004-04-17 06:40:50 +00:00
2004-09-21 03:51:38 +00:00
r . in . group_handle = group_handle ;
2004-04-17 06:40:50 +00:00
r . in . rid = rid ;
r . in . flags = 0 ; /* ??? */
2009-06-24 00:27:33 +02:00
torture_comment ( tctx , " Testing AddGroupMember, QueryGroupMember and DeleteGroupMember \n " ) ;
2004-04-17 06:49:26 +00:00
2004-09-21 03:51:38 +00:00
d . in . group_handle = group_handle ;
2004-04-17 06:49:26 +00:00
d . in . rid = rid ;
2007-12-03 15:53:17 +01:00
status = dcerpc_samr_DeleteGroupMember ( p , tctx , & d ) ;
2008-10-31 15:24:24 +01:00
torture_assert_ntstatus_equal ( tctx , NT_STATUS_MEMBER_NOT_IN_GROUP , status , " DeleteGroupMember " ) ;
2004-04-17 06:40:50 +00:00
2007-12-03 15:53:17 +01:00
status = dcerpc_samr_AddGroupMember ( p , tctx , & r ) ;
2008-10-31 15:24:24 +01:00
torture_assert_ntstatus_ok ( tctx , status , " AddGroupMember " ) ;
2004-04-17 06:40:50 +00:00
2007-12-03 15:53:17 +01:00
status = dcerpc_samr_AddGroupMember ( p , tctx , & r ) ;
2008-10-31 15:24:24 +01:00
torture_assert_ntstatus_equal ( tctx , NT_STATUS_MEMBER_IN_GROUP , status , " AddGroupMember " ) ;
2004-04-17 06:40:50 +00:00
2009-05-12 00:19:56 +02:00
if ( torture_setting_bool ( tctx , " samba4 " , false ) | |
torture_setting_bool ( tctx , " samba3 " , false ) ) {
2009-06-07 02:27:50 +02:00
torture_comment ( tctx , " skipping SetMemberAttributesOfGroup test against Samba \n " ) ;
2006-07-04 02:46:24 +00:00
} else {
/* this one is quite strange. I am using random inputs in the
hope of triggering an error that might give us a clue */
2004-04-23 04:21:22 +00:00
2006-07-04 02:46:24 +00:00
s . in . group_handle = group_handle ;
s . in . unknown1 = random ( ) ;
s . in . unknown2 = random ( ) ;
2007-12-03 15:53:17 +01:00
status = dcerpc_samr_SetMemberAttributesOfGroup ( p , tctx , & s ) ;
2008-10-31 16:09:29 +01:00
torture_assert_ntstatus_ok ( tctx , status , " SetMemberAttributesOfGroup " ) ;
2004-04-23 04:21:22 +00:00
}
2004-09-21 03:51:38 +00:00
q . in . group_handle = group_handle ;
2008-11-05 02:00:12 +01:00
q . out . rids = & rids ;
2004-04-23 04:21:22 +00:00
2007-12-03 15:53:17 +01:00
status = dcerpc_samr_QueryGroupMember ( p , tctx , & q ) ;
2008-10-31 15:24:24 +01:00
torture_assert_ntstatus_ok ( tctx , status , " QueryGroupMember " ) ;
2009-06-24 00:27:33 +02:00
torture_assert ( tctx , rids , " QueryGroupMember did not fill in rids structure " ) ;
for ( i = 0 ; i < rids - > count ; i + + ) {
if ( rids - > rids [ i ] = = rid ) {
found_member = true ;
}
}
torture_assert ( tctx , found_member , " QueryGroupMember did not list newly added member " ) ;
2004-04-18 04:06:15 +00:00
2007-12-03 15:53:17 +01:00
status = dcerpc_samr_DeleteGroupMember ( p , tctx , & d ) ;
2008-10-31 15:24:24 +01:00
torture_assert_ntstatus_ok ( tctx , status , " DeleteGroupMember " ) ;
2004-04-17 06:49:26 +00:00
2009-06-24 00:27:33 +02:00
rids = NULL ;
found_member = false ;
status = dcerpc_samr_QueryGroupMember ( p , tctx , & q ) ;
torture_assert_ntstatus_ok ( tctx , status , " QueryGroupMember " ) ;
torture_assert ( tctx , rids , " QueryGroupMember did not fill in rids structure " ) ;
for ( i = 0 ; i < rids - > count ; i + + ) {
if ( rids - > rids [ i ] = = rid ) {
found_member = true ;
}
}
torture_assert ( tctx , ! found_member , " QueryGroupMember does still list removed member " ) ;
2007-12-03 15:53:17 +01:00
status = dcerpc_samr_AddGroupMember ( p , tctx , & r ) ;
2008-10-31 15:24:24 +01:00
torture_assert_ntstatus_ok ( tctx , status , " AddGroupMember " ) ;
2004-04-17 06:49:26 +00:00
2008-10-31 16:09:29 +01:00
return true ;
2004-04-17 06:40:50 +00:00
}
2004-04-17 05:54:55 +00:00
2009-05-11 22:44:58 +02:00
static bool test_CreateDomainGroup ( struct dcerpc_pipe * p ,
2009-05-21 18:12:29 +02:00
struct torture_context * tctx ,
2009-05-11 22:44:58 +02:00
struct policy_handle * domain_handle ,
2009-05-21 18:12:29 +02:00
const char * group_name ,
2008-03-14 12:26:03 +11:00
struct policy_handle * group_handle ,
2009-05-21 18:12:29 +02:00
struct dom_sid * domain_sid ,
bool test_group )
2004-04-17 05:54:55 +00:00
{
NTSTATUS status ;
struct samr_CreateDomainGroup r ;
2004-05-25 16:24:13 +00:00
uint32_t rid ;
2005-07-08 08:09:02 +00:00
struct lsa_String name ;
2007-10-06 22:28:14 +00:00
bool ret = true ;
2004-04-17 05:54:55 +00:00
2009-05-21 18:12:29 +02:00
init_lsa_String ( & name , group_name ) ;
2004-04-17 05:54:55 +00:00
2004-09-21 03:51:38 +00:00
r . in . domain_handle = domain_handle ;
2004-04-17 05:54:55 +00:00
r . in . name = & name ;
2004-12-02 04:37:36 +00:00
r . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
2004-04-17 05:54:55 +00:00
r . out . group_handle = group_handle ;
r . out . rid = & rid ;
2009-06-29 23:42:58 +02:00
torture_comment ( tctx , " Testing CreateDomainGroup(%s) \n " , r . in . name - > string ) ;
2004-04-17 05:54:55 +00:00
2008-10-31 15:24:24 +01:00
status = dcerpc_samr_CreateDomainGroup ( p , tctx , & r ) ;
2004-04-17 05:54:55 +00:00
2008-10-31 15:24:24 +01:00
if ( dom_sid_equal ( domain_sid , dom_sid_parse_talloc ( tctx , SID_BUILTIN ) ) ) {
2008-03-14 12:26:03 +11:00
if ( NT_STATUS_EQUAL ( status , NT_STATUS_ACCESS_DENIED ) ) {
2008-10-31 15:24:24 +01:00
torture_comment ( tctx , " Server correctly refused create of '%s' \n " , r . in . name - > string ) ;
2008-03-14 12:26:03 +11:00
return true ;
} else {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " Server should have refused create of '%s', got %s instead \n " , r . in . name - > string ,
2008-03-14 12:26:03 +11:00
nt_errstr ( status ) ) ;
return false ;
}
2004-04-17 05:54:55 +00:00
}
2006-07-07 07:38:36 +00:00
if ( NT_STATUS_EQUAL ( status , NT_STATUS_GROUP_EXISTS ) ) {
2008-10-31 15:24:24 +01:00
if ( ! test_DeleteGroup_byname ( p , tctx , domain_handle , r . in . name - > string ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " CreateDomainGroup failed: Could not delete domain group %s - %s \n " , r . in . name - > string ,
2006-07-07 07:38:36 +00:00
nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
return false ;
2006-07-07 07:38:36 +00:00
}
2008-10-31 15:24:24 +01:00
status = dcerpc_samr_CreateDomainGroup ( p , tctx , & r ) ;
2006-07-07 07:38:36 +00:00
}
if ( NT_STATUS_EQUAL ( status , NT_STATUS_USER_EXISTS ) ) {
2008-10-31 15:24:24 +01:00
if ( ! test_DeleteUser_byname ( p , tctx , domain_handle , r . in . name - > string ) ) {
2009-05-11 22:44:58 +02:00
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " CreateDomainGroup failed: Could not delete user %s - %s \n " , r . in . name - > string ,
2006-07-07 07:38:36 +00:00
nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
return false ;
2004-04-17 05:54:55 +00:00
}
2008-10-31 15:24:24 +01:00
status = dcerpc_samr_CreateDomainGroup ( p , tctx , & r ) ;
2004-04-17 05:54:55 +00:00
}
2008-10-31 15:24:24 +01:00
torture_assert_ntstatus_ok ( tctx , status , " CreateDomainGroup " ) ;
2004-04-17 05:54:55 +00:00
2009-05-21 18:12:29 +02:00
if ( ! test_group ) {
return ret ;
}
2008-10-31 15:24:24 +01:00
if ( ! test_AddGroupMember ( p , tctx , domain_handle , group_handle ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " CreateDomainGroup failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2004-04-17 06:40:50 +00:00
}
2008-10-31 15:24:24 +01:00
if ( ! test_SetGroupInfo ( p , tctx , group_handle ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2004-04-22 07:28:18 +00:00
}
2004-04-17 05:54:55 +00:00
return ret ;
}
2004-04-15 13:17:36 +00:00
2004-04-18 04:06:15 +00:00
/*
its not totally clear what this does . It seems to accept any sid you like .
*/
2009-05-11 22:44:58 +02:00
static bool test_RemoveMemberFromForeignDomain ( struct dcerpc_pipe * p ,
2008-10-31 15:24:24 +01:00
struct torture_context * tctx ,
2004-04-18 04:06:15 +00:00
struct policy_handle * domain_handle )
{
NTSTATUS status ;
struct samr_RemoveMemberFromForeignDomain r ;
2004-09-21 03:51:38 +00:00
r . in . domain_handle = domain_handle ;
2008-10-31 15:24:24 +01:00
r . in . sid = dom_sid_parse_talloc ( tctx , " S-1-5-32-12-34-56-78 " ) ;
2004-04-18 04:06:15 +00:00
2008-10-31 15:24:24 +01:00
status = dcerpc_samr_RemoveMemberFromForeignDomain ( p , tctx , & r ) ;
torture_assert_ntstatus_ok ( tctx , status , " RemoveMemberFromForeignDomain " ) ;
2004-04-18 04:06:15 +00:00
2007-10-06 22:28:14 +00:00
return true ;
2004-04-18 04:06:15 +00:00
}
2009-05-25 13:08:58 +02:00
static bool test_EnumDomainUsers ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * domain_handle ,
uint32_t * total_num_entries_p )
{
NTSTATUS status ;
struct samr_EnumDomainUsers r ;
uint32_t resume_handle = 0 ;
uint32_t num_entries = 0 ;
uint32_t total_num_entries = 0 ;
struct samr_SamArray * sam ;
r . in . domain_handle = domain_handle ;
2009-06-04 18:12:59 +10:00
r . in . acct_flags = 0 ;
2009-05-25 13:08:58 +02:00
r . in . max_size = ( uint32_t ) - 1 ;
r . in . resume_handle = & resume_handle ;
2004-04-18 04:06:15 +00:00
2009-05-25 13:08:58 +02:00
r . out . sam = & sam ;
r . out . num_entries = & num_entries ;
r . out . resume_handle = & resume_handle ;
2009-06-29 23:42:58 +02:00
torture_comment ( tctx , " Testing EnumDomainUsers \n " ) ;
2009-05-25 13:08:58 +02:00
do {
status = dcerpc_samr_EnumDomainUsers ( p , tctx , & r ) ;
if ( NT_STATUS_IS_ERR ( status ) ) {
torture_assert_ntstatus_ok ( tctx , status ,
" failed to enumerate users " ) ;
}
total_num_entries + = num_entries ;
} while ( NT_STATUS_EQUAL ( status , STATUS_MORE_ENTRIES ) ) ;
if ( total_num_entries_p ) {
* total_num_entries_p = total_num_entries ;
}
return true ;
}
static bool test_EnumDomainGroups ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * domain_handle ,
uint32_t * total_num_entries_p )
{
NTSTATUS status ;
struct samr_EnumDomainGroups r ;
uint32_t resume_handle = 0 ;
uint32_t num_entries = 0 ;
uint32_t total_num_entries = 0 ;
struct samr_SamArray * sam ;
r . in . domain_handle = domain_handle ;
r . in . max_size = ( uint32_t ) - 1 ;
r . in . resume_handle = & resume_handle ;
r . out . sam = & sam ;
r . out . num_entries = & num_entries ;
r . out . resume_handle = & resume_handle ;
2009-06-29 23:42:58 +02:00
torture_comment ( tctx , " Testing EnumDomainGroups \n " ) ;
2009-05-25 13:08:58 +02:00
do {
status = dcerpc_samr_EnumDomainGroups ( p , tctx , & r ) ;
if ( NT_STATUS_IS_ERR ( status ) ) {
torture_assert_ntstatus_ok ( tctx , status ,
" failed to enumerate groups " ) ;
}
total_num_entries + = num_entries ;
} while ( NT_STATUS_EQUAL ( status , STATUS_MORE_ENTRIES ) ) ;
if ( total_num_entries_p ) {
* total_num_entries_p = total_num_entries ;
}
return true ;
}
static bool test_EnumDomainAliases ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * domain_handle ,
uint32_t * total_num_entries_p )
{
NTSTATUS status ;
struct samr_EnumDomainAliases r ;
uint32_t resume_handle = 0 ;
uint32_t num_entries = 0 ;
uint32_t total_num_entries = 0 ;
struct samr_SamArray * sam ;
r . in . domain_handle = domain_handle ;
r . in . max_size = ( uint32_t ) - 1 ;
r . in . resume_handle = & resume_handle ;
r . out . sam = & sam ;
r . out . num_entries = & num_entries ;
r . out . resume_handle = & resume_handle ;
2009-06-29 23:42:58 +02:00
torture_comment ( tctx , " Testing EnumDomainAliases \n " ) ;
2009-05-25 13:08:58 +02:00
do {
status = dcerpc_samr_EnumDomainAliases ( p , tctx , & r ) ;
if ( NT_STATUS_IS_ERR ( status ) ) {
torture_assert_ntstatus_ok ( tctx , status ,
" failed to enumerate aliases " ) ;
}
total_num_entries + = num_entries ;
} while ( NT_STATUS_EQUAL ( status , STATUS_MORE_ENTRIES ) ) ;
if ( total_num_entries_p ) {
* total_num_entries_p = total_num_entries ;
}
return true ;
}
2009-06-08 10:24:48 +02:00
static bool test_QueryDisplayInfo_level ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * handle ,
uint16_t level ,
uint32_t * total_num_entries_p )
{
NTSTATUS status ;
struct samr_QueryDisplayInfo r ;
uint32_t total_num_entries = 0 ;
r . in . domain_handle = handle ;
r . in . level = level ;
r . in . start_idx = 0 ;
r . in . max_entries = ( uint32_t ) - 1 ;
r . in . buf_size = ( uint32_t ) - 1 ;
2009-06-29 23:42:58 +02:00
torture_comment ( tctx , " Testing QueryDisplayInfo \n " ) ;
2009-06-08 10:24:48 +02:00
do {
uint32_t total_size ;
uint32_t returned_size ;
union samr_DispInfo info ;
r . out . total_size = & total_size ;
r . out . returned_size = & returned_size ;
r . out . info = & info ;
status = dcerpc_samr_QueryDisplayInfo ( p , tctx , & r ) ;
if ( NT_STATUS_IS_ERR ( status ) ) {
torture_assert_ntstatus_ok ( tctx , status ,
" failed to query displayinfo " ) ;
}
if ( * r . out . returned_size = = 0 ) {
break ;
}
switch ( r . in . level ) {
case 1 :
total_num_entries + = info . info1 . count ;
r . in . start_idx + = info . info1 . entries [ info . info1 . count - 1 ] . idx + 1 ;
break ;
case 2 :
total_num_entries + = info . info2 . count ;
r . in . start_idx + = info . info2 . entries [ info . info2 . count - 1 ] . idx + 1 ;
break ;
case 3 :
total_num_entries + = info . info3 . count ;
r . in . start_idx + = info . info3 . entries [ info . info3 . count - 1 ] . idx + 1 ;
break ;
case 4 :
total_num_entries + = info . info4 . count ;
r . in . start_idx + = info . info4 . entries [ info . info4 . count - 1 ] . idx + 1 ;
break ;
case 5 :
total_num_entries + = info . info5 . count ;
r . in . start_idx + = info . info5 . entries [ info . info5 . count - 1 ] . idx + 1 ;
break ;
default :
return false ;
}
} while ( NT_STATUS_EQUAL ( status , STATUS_MORE_ENTRIES ) ) ;
if ( total_num_entries_p ) {
* total_num_entries_p = total_num_entries ;
}
return true ;
}
2009-05-25 13:08:58 +02:00
static bool test_ManyObjects ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * domain_handle ,
struct dom_sid * domain_sid ,
2009-11-26 00:32:47 +01:00
struct torture_samr_context * ctx )
2009-05-25 13:08:58 +02:00
{
2009-11-26 00:32:47 +01:00
uint32_t num_total = ctx - > num_objects_large_dc ;
2009-05-25 13:08:58 +02:00
uint32_t num_enum = 0 ;
uint32_t num_disp = 0 ;
uint32_t num_created = 0 ;
uint32_t num_anounced = 0 ;
bool ret = true ;
NTSTATUS status ;
uint32_t i ;
2009-05-29 08:35:41 +10:00
struct policy_handle * handles = talloc_zero_array ( tctx , struct policy_handle , num_total ) ;
2009-05-29 13:18:23 +02:00
2009-05-25 13:08:58 +02:00
/* query */
{
struct samr_QueryDomainInfo2 r ;
union samr_DomainInfo * info ;
r . in . domain_handle = domain_handle ;
r . in . level = 2 ;
r . out . info = & info ;
status = dcerpc_samr_QueryDomainInfo2 ( p , tctx , & r ) ;
torture_assert_ntstatus_ok ( tctx , status ,
" failed to query domain info " ) ;
2009-11-26 00:32:47 +01:00
switch ( ctx - > choice ) {
2009-05-25 13:08:58 +02:00
case TORTURE_SAMR_MANY_ACCOUNTS :
num_anounced = info - > general . num_users ;
break ;
case TORTURE_SAMR_MANY_GROUPS :
num_anounced = info - > general . num_groups ;
break ;
case TORTURE_SAMR_MANY_ALIASES :
num_anounced = info - > general . num_aliases ;
break ;
default :
return false ;
}
}
/* create */
for ( i = 0 ; i < num_total ; i + + ) {
const char * name = NULL ;
2009-11-26 00:32:47 +01:00
switch ( ctx - > choice ) {
2009-05-25 13:08:58 +02:00
case TORTURE_SAMR_MANY_ACCOUNTS :
name = talloc_asprintf ( tctx , " %s%04d " , TEST_ACCOUNT_NAME , i ) ;
2009-05-29 08:35:41 +10:00
ret & = test_CreateUser ( p , tctx , domain_handle , name , & handles [ i ] , domain_sid , 0 , NULL , false ) ;
2009-05-25 13:08:58 +02:00
break ;
case TORTURE_SAMR_MANY_GROUPS :
name = talloc_asprintf ( tctx , " %s%04d " , TEST_GROUPNAME , i ) ;
2009-05-29 08:35:41 +10:00
ret & = test_CreateDomainGroup ( p , tctx , domain_handle , name , & handles [ i ] , domain_sid , false ) ;
2009-05-25 13:08:58 +02:00
break ;
case TORTURE_SAMR_MANY_ALIASES :
name = talloc_asprintf ( tctx , " %s%04d " , TEST_ALIASNAME , i ) ;
2009-05-29 08:35:41 +10:00
ret & = test_CreateAlias ( p , tctx , domain_handle , name , & handles [ i ] , domain_sid , false ) ;
2009-05-25 13:08:58 +02:00
break ;
default :
return false ;
}
2009-05-29 08:35:41 +10:00
if ( ! policy_handle_empty ( & handles [ i ] ) ) {
2009-05-25 13:08:58 +02:00
num_created + + ;
}
}
/* enum */
2009-11-26 00:32:47 +01:00
switch ( ctx - > choice ) {
2009-05-25 13:08:58 +02:00
case TORTURE_SAMR_MANY_ACCOUNTS :
ret & = test_EnumDomainUsers ( p , tctx , domain_handle , & num_enum ) ;
break ;
case TORTURE_SAMR_MANY_GROUPS :
ret & = test_EnumDomainGroups ( p , tctx , domain_handle , & num_enum ) ;
break ;
case TORTURE_SAMR_MANY_ALIASES :
ret & = test_EnumDomainAliases ( p , tctx , domain_handle , & num_enum ) ;
break ;
default :
return false ;
}
2009-06-08 10:24:48 +02:00
/* dispinfo */
2009-05-25 13:08:58 +02:00
2009-11-26 00:32:47 +01:00
switch ( ctx - > choice ) {
2009-05-25 13:08:58 +02:00
case TORTURE_SAMR_MANY_ACCOUNTS :
2009-06-08 10:24:48 +02:00
ret & = test_QueryDisplayInfo_level ( p , tctx , domain_handle , 1 , & num_disp ) ;
2009-05-25 13:08:58 +02:00
break ;
case TORTURE_SAMR_MANY_GROUPS :
2009-06-08 10:24:48 +02:00
ret & = test_QueryDisplayInfo_level ( p , tctx , domain_handle , 3 , & num_disp ) ;
2009-05-25 13:08:58 +02:00
break ;
case TORTURE_SAMR_MANY_ALIASES :
2009-06-08 10:24:48 +02:00
/* no aliases in dispinfo */
2009-05-25 13:08:58 +02:00
break ;
default :
return false ;
}
2009-06-08 22:41:23 +02:00
/* close or delete */
2009-05-29 08:35:41 +10:00
for ( i = 0 ; i < num_total ; i + + ) {
if ( policy_handle_empty ( & handles [ i ] ) ) {
continue ;
}
2009-06-08 22:41:23 +02:00
if ( torture_setting_bool ( tctx , " samba3 " , false ) ) {
ret & = test_samr_handle_Close ( p , tctx , & handles [ i ] ) ;
} else {
2009-11-26 00:32:47 +01:00
switch ( ctx - > choice ) {
2009-06-08 22:41:23 +02:00
case TORTURE_SAMR_MANY_ACCOUNTS :
ret & = test_DeleteUser ( p , tctx , & handles [ i ] ) ;
break ;
case TORTURE_SAMR_MANY_GROUPS :
ret & = test_DeleteDomainGroup ( p , tctx , & handles [ i ] ) ;
break ;
case TORTURE_SAMR_MANY_ALIASES :
ret & = test_DeleteAlias ( p , tctx , & handles [ i ] ) ;
break ;
default :
return false ;
}
2009-05-29 08:35:41 +10:00
}
}
talloc_free ( handles ) ;
2009-11-26 00:32:47 +01:00
if ( ctx - > choice = = TORTURE_SAMR_MANY_ACCOUNTS & & num_enum ! = num_anounced + num_created ) {
2009-06-04 21:14:25 +02:00
torture_comment ( tctx ,
" unexpected number of results (%u) returned in enum call, expected %u \n " ,
num_enum , num_anounced + num_created ) ;
2009-06-08 10:24:48 +02:00
torture_comment ( tctx ,
" unexpected number of results (%u) returned in dispinfo, call, expected %u \n " ,
num_disp , num_anounced + num_created ) ;
2009-06-04 18:12:59 +10:00
}
2009-05-25 13:08:58 +02:00
return ret ;
}
2004-04-18 04:06:15 +00:00
2008-10-31 16:09:29 +01:00
static bool test_Connect ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2004-09-27 05:15:14 +00:00
struct policy_handle * handle ) ;
2004-04-18 04:06:15 +00:00
2009-05-11 22:44:58 +02:00
static bool test_OpenDomain ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2009-11-26 00:32:47 +01:00
struct torture_samr_context * ctx , struct dom_sid * sid )
2003-11-15 08:06:39 +00:00
{
NTSTATUS status ;
struct samr_OpenDomain r ;
struct policy_handle domain_handle ;
2003-12-19 03:59:27 +00:00
struct policy_handle alias_handle ;
2006-07-07 07:38:36 +00:00
struct policy_handle user_handle ;
2004-04-17 05:54:55 +00:00
struct policy_handle group_handle ;
2007-10-06 22:28:14 +00:00
bool ret = true ;
2003-11-15 08:06:39 +00:00
2003-12-19 03:59:27 +00:00
ZERO_STRUCT ( alias_handle ) ;
2006-07-07 07:38:36 +00:00
ZERO_STRUCT ( user_handle ) ;
2004-04-23 04:21:22 +00:00
ZERO_STRUCT ( group_handle ) ;
ZERO_STRUCT ( domain_handle ) ;
2003-12-19 03:59:27 +00:00
2008-10-31 16:09:29 +01:00
torture_comment ( tctx , " Testing OpenDomain of %s \n " , dom_sid_string ( tctx , sid ) ) ;
2003-11-15 08:06:39 +00:00
2009-11-26 00:32:47 +01:00
r . in . connect_handle = & ctx - > handle ;
2004-12-02 04:37:36 +00:00
r . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
2003-11-15 08:06:39 +00:00
r . in . sid = sid ;
r . out . domain_handle = & domain_handle ;
2007-12-03 15:53:17 +01:00
status = dcerpc_samr_OpenDomain ( p , tctx , & r ) ;
2008-10-31 16:09:29 +01:00
torture_assert_ntstatus_ok ( tctx , status , " OpenDomain " ) ;
2003-11-15 08:06:39 +00:00
2004-09-27 05:15:14 +00:00
/* run the domain tests with the main handle closed - this tests
the servers reference counting */
2009-11-26 00:32:47 +01:00
torture_assert ( tctx , test_samr_handle_Close ( p , tctx , & ctx - > handle ) , " Failed to close SAMR handle " ) ;
2004-09-27 05:15:14 +00:00
2009-11-26 00:32:47 +01:00
switch ( ctx - > choice ) {
2006-07-07 02:03:04 +00:00
case TORTURE_SAMR_PASSWORDS :
2009-05-29 08:35:59 +10:00
case TORTURE_SAMR_USER_PRIVILEGES :
if ( ! torture_setting_bool ( tctx , " samba3 " , false ) ) {
2009-11-26 00:32:47 +01:00
ret & = test_CreateUser2 ( p , tctx , & domain_handle , sid , ctx - > choice , NULL ) ;
2009-05-29 08:35:59 +10:00
}
2009-11-26 00:32:47 +01:00
ret & = test_CreateUser ( p , tctx , & domain_handle , TEST_ACCOUNT_NAME , & user_handle , sid , ctx - > choice , NULL , true ) ;
2009-06-04 18:12:59 +10:00
if ( ! ret ) {
2009-10-19 10:40:15 +02:00
torture_warning ( tctx , " Testing PASSWORDS or PRIVILEGES on domain %s failed! \n " , dom_sid_string ( tctx , sid ) ) ;
2009-06-04 18:12:59 +10:00
}
2009-05-29 08:35:59 +10:00
break ;
case TORTURE_SAMR_USER_ATTRIBUTES :
2009-05-07 21:47:47 +02:00
if ( ! torture_setting_bool ( tctx , " samba3 " , false ) ) {
2009-11-26 00:32:47 +01:00
ret & = test_CreateUser2 ( p , tctx , & domain_handle , sid , ctx - > choice , NULL ) ;
2009-05-07 21:47:47 +02:00
}
2009-11-26 00:32:47 +01:00
ret & = test_CreateUser ( p , tctx , & domain_handle , TEST_ACCOUNT_NAME , & user_handle , sid , ctx - > choice , NULL , true ) ;
2007-07-26 03:50:24 +00:00
/* This test needs 'complex' users to validate */
2007-12-03 15:53:17 +01:00
ret & = test_QueryDisplayInfo ( p , tctx , & domain_handle ) ;
2008-03-14 12:26:03 +11:00
if ( ! ret ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " Testing ATTRIBUTES on domain %s failed! \n " , dom_sid_string ( tctx , sid ) ) ;
2008-03-14 12:26:03 +11:00
}
2006-07-07 02:03:04 +00:00
break ;
2008-12-02 23:22:14 +01:00
case TORTURE_SAMR_PASSWORDS_PWDLASTSET :
2010-01-11 21:18:51 +01:00
case TORTURE_SAMR_PASSWORDS_BADPWDCOUNT :
2010-01-15 18:08:57 +01:00
case TORTURE_SAMR_PASSWORDS_LOCKOUT :
2009-04-17 11:04:44 +02:00
if ( ! torture_setting_bool ( tctx , " samba3 " , false ) ) {
2009-11-26 00:32:47 +01:00
ret & = test_CreateUser2 ( p , tctx , & domain_handle , sid , ctx - > choice , ctx - > machine_credentials ) ;
2009-04-17 11:04:44 +02:00
}
2009-11-26 00:32:47 +01:00
ret & = test_CreateUser ( p , tctx , & domain_handle , TEST_ACCOUNT_NAME , & user_handle , sid , ctx - > choice , ctx - > machine_credentials , true ) ;
2008-12-02 23:22:14 +01:00
if ( ! ret ) {
2010-01-11 21:18:51 +01:00
torture_warning ( tctx , " Testing PASSWORDS PWDLASTSET or BADPWDCOUNT on domain %s failed! \n " , dom_sid_string ( tctx , sid ) ) ;
2008-12-02 23:22:14 +01:00
}
break ;
2009-05-25 13:08:58 +02:00
case TORTURE_SAMR_MANY_ACCOUNTS :
case TORTURE_SAMR_MANY_GROUPS :
case TORTURE_SAMR_MANY_ALIASES :
2009-11-26 00:32:47 +01:00
ret & = test_ManyObjects ( p , tctx , & domain_handle , sid , ctx ) ;
2009-06-04 18:12:59 +10:00
if ( ! ret ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " Testing MANY-{ACCOUNTS,GROUPS,ALIASES} on domain %s failed! \n " , dom_sid_string ( tctx , sid ) ) ;
2009-06-04 18:12:59 +10:00
}
2009-05-25 13:08:58 +02:00
break ;
2006-07-07 02:03:04 +00:00
case TORTURE_SAMR_OTHER :
2009-11-26 00:32:47 +01:00
ret & = test_CreateUser ( p , tctx , & domain_handle , TEST_ACCOUNT_NAME , & user_handle , sid , ctx - > choice , NULL , true ) ;
2008-03-14 12:26:03 +11:00
if ( ! ret ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " Failed to CreateUser in SAMR-OTHER on domain %s! \n " , dom_sid_string ( tctx , sid ) ) ;
2008-03-14 12:26:03 +11:00
}
2009-05-11 23:46:45 +02:00
if ( ! torture_setting_bool ( tctx , " samba3 " , false ) ) {
ret & = test_QuerySecurity ( p , tctx , & domain_handle ) ;
}
2007-12-03 15:53:17 +01:00
ret & = test_RemoveMemberFromForeignDomain ( p , tctx , & domain_handle ) ;
2009-05-21 18:12:29 +02:00
ret & = test_CreateAlias ( p , tctx , & domain_handle , TEST_ALIASNAME , & alias_handle , sid , true ) ;
ret & = test_CreateDomainGroup ( p , tctx , & domain_handle , TEST_GROUPNAME , & group_handle , sid , true ) ;
2009-12-17 15:34:22 +01:00
ret & = test_GetAliasMembership ( p , tctx , & domain_handle ) ;
2007-12-03 15:53:17 +01:00
ret & = test_QueryDomainInfo ( p , tctx , & domain_handle ) ;
ret & = test_QueryDomainInfo2 ( p , tctx , & domain_handle ) ;
2009-05-22 19:04:25 +02:00
ret & = test_EnumDomainUsers_all ( p , tctx , & domain_handle ) ;
2007-12-03 15:53:17 +01:00
ret & = test_EnumDomainUsers_async ( p , tctx , & domain_handle ) ;
2009-05-22 19:04:25 +02:00
ret & = test_EnumDomainGroups_all ( p , tctx , & domain_handle ) ;
ret & = test_EnumDomainAliases_all ( p , tctx , & domain_handle ) ;
2007-12-03 15:53:17 +01:00
ret & = test_QueryDisplayInfo2 ( p , tctx , & domain_handle ) ;
ret & = test_QueryDisplayInfo3 ( p , tctx , & domain_handle ) ;
ret & = test_QueryDisplayInfo_continue ( p , tctx , & domain_handle ) ;
2009-05-11 22:44:58 +02:00
2007-12-03 15:53:17 +01:00
if ( torture_setting_bool ( tctx , " samba4 " , false ) ) {
2008-10-31 16:09:29 +01:00
torture_comment ( tctx , " skipping GetDisplayEnumerationIndex test against Samba4 \n " ) ;
2006-07-07 02:03:04 +00:00
} else {
2007-12-03 15:53:17 +01:00
ret & = test_GetDisplayEnumerationIndex ( p , tctx , & domain_handle ) ;
ret & = test_GetDisplayEnumerationIndex2 ( p , tctx , & domain_handle ) ;
2006-07-07 02:03:04 +00:00
}
2007-12-03 15:53:17 +01:00
ret & = test_GroupList ( p , tctx , & domain_handle ) ;
ret & = test_TestPrivateFunctionsDomain ( p , tctx , & domain_handle ) ;
ret & = test_RidToSid ( p , tctx , sid , & domain_handle ) ;
ret & = test_GetBootKeyInformation ( p , tctx , & domain_handle ) ;
2008-03-14 12:26:03 +11:00
if ( ! ret ) {
2008-10-31 16:09:29 +01:00
torture_comment ( tctx , " Testing SAMR-OTHER on domain %s failed! \n " , dom_sid_string ( tctx , sid ) ) ;
2008-03-14 12:26:03 +11:00
}
2006-07-07 02:03:04 +00:00
break ;
2003-12-19 03:59:27 +00:00
}
2006-07-07 07:38:36 +00:00
if ( ! policy_handle_empty ( & user_handle ) & &
2007-12-03 15:53:17 +01:00
! test_DeleteUser ( p , tctx , & user_handle ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2006-07-07 07:38:36 +00:00
}
2003-12-19 03:59:27 +00:00
if ( ! policy_handle_empty ( & alias_handle ) & &
2007-12-03 15:53:17 +01:00
! test_DeleteAlias ( p , tctx , & alias_handle ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2004-04-17 05:54:55 +00:00
}
if ( ! policy_handle_empty ( & group_handle ) & &
2007-12-03 15:53:17 +01:00
! test_DeleteDomainGroup ( p , tctx , & group_handle ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2003-12-19 03:59:27 +00:00
}
2009-06-04 18:12:59 +10:00
torture_assert ( tctx , test_samr_handle_Close ( p , tctx , & domain_handle ) , " Failed to close SAMR domain handle " ) ;
2004-09-27 05:15:14 +00:00
2009-11-26 00:32:47 +01:00
torture_assert ( tctx , test_Connect ( p , tctx , & ctx - > handle ) , " Faile to re-connect SAMR handle " ) ;
2004-09-27 05:15:14 +00:00
/* reconnect the main handle */
2003-11-15 20:47:59 +00:00
2006-07-07 02:36:54 +00:00
if ( ! ret ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " Testing domain %s failed! \n " , dom_sid_string ( tctx , sid ) ) ;
2006-07-07 02:36:54 +00:00
}
2003-11-15 20:47:59 +00:00
return ret ;
2003-11-15 08:06:39 +00:00
}
2007-12-03 15:53:28 +01:00
static bool test_LookupDomain ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2009-11-26 00:32:47 +01:00
struct torture_samr_context * ctx , const char * domain )
2003-11-15 07:51:19 +00:00
{
NTSTATUS status ;
struct samr_LookupDomain r ;
2008-11-07 02:42:45 +01:00
struct dom_sid2 * sid = NULL ;
2006-07-07 02:03:04 +00:00
struct lsa_String n1 ;
2005-07-08 08:09:02 +00:00
struct lsa_String n2 ;
2007-10-06 22:28:14 +00:00
bool ret = true ;
2003-11-15 07:51:19 +00:00
2008-10-31 16:09:29 +01:00
torture_comment ( tctx , " Testing LookupDomain(%s) \n " , domain ) ;
2003-11-15 07:51:19 +00:00
2004-05-03 14:54:47 +00:00
/* check for correct error codes */
2009-11-26 00:32:47 +01:00
r . in . connect_handle = & ctx - > handle ;
2005-02-13 00:26:43 +00:00
r . in . domain_name = & n2 ;
2008-11-07 02:42:45 +01:00
r . out . sid = & sid ;
2004-11-13 13:45:41 +00:00
n2 . string = NULL ;
2004-05-03 14:54:47 +00:00
2007-12-03 15:53:28 +01:00
status = dcerpc_samr_LookupDomain ( p , tctx , & r ) ;
2008-10-31 16:09:29 +01:00
torture_assert_ntstatus_equal ( tctx , NT_STATUS_INVALID_PARAMETER , status , " LookupDomain expected NT_STATUS_INVALID_PARAMETER " ) ;
2004-05-03 14:54:47 +00:00
2006-07-07 02:03:04 +00:00
init_lsa_String ( & n2 , " xxNODOMAINxx " ) ;
2004-05-03 14:54:47 +00:00
2007-12-03 15:53:28 +01:00
status = dcerpc_samr_LookupDomain ( p , tctx , & r ) ;
2008-10-31 16:09:29 +01:00
torture_assert_ntstatus_equal ( tctx , NT_STATUS_NO_SUCH_DOMAIN , status , " LookupDomain expected NT_STATUS_NO_SUCH_DOMAIN " ) ;
2004-05-03 14:54:47 +00:00
2009-11-26 00:32:47 +01:00
r . in . connect_handle = & ctx - > handle ;
2006-07-07 02:03:04 +00:00
init_lsa_String ( & n1 , domain ) ;
r . in . domain_name = & n1 ;
2003-11-15 07:51:19 +00:00
2007-12-03 15:53:28 +01:00
status = dcerpc_samr_LookupDomain ( p , tctx , & r ) ;
2008-10-31 16:09:29 +01:00
torture_assert_ntstatus_ok ( tctx , status , " LookupDomain " ) ;
2003-11-15 07:51:19 +00:00
2007-12-03 15:53:28 +01:00
if ( ! test_GetDomPwInfo ( p , tctx , & n1 ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2004-04-21 06:23:29 +00:00
}
2009-11-26 00:32:47 +01:00
if ( ! test_OpenDomain ( p , tctx , ctx , * r . out . sid ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2003-11-15 08:06:39 +00:00
}
2004-04-21 06:23:29 +00:00
return ret ;
2003-11-15 07:51:19 +00:00
}
2003-11-15 06:00:21 +00:00
2007-12-03 15:53:28 +01:00
static bool test_EnumDomains ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2009-11-26 00:32:47 +01:00
struct torture_samr_context * ctx )
2003-11-15 06:00:21 +00:00
{
NTSTATUS status ;
struct samr_EnumDomains r ;
2004-05-25 16:24:13 +00:00
uint32_t resume_handle = 0 ;
2008-11-07 02:57:58 +01:00
uint32_t num_entries = 0 ;
struct samr_SamArray * sam = NULL ;
2003-11-15 07:51:19 +00:00
int i ;
2007-10-06 22:28:14 +00:00
bool ret = true ;
2003-11-15 06:00:21 +00:00
2009-11-26 00:32:47 +01:00
r . in . connect_handle = & ctx - > handle ;
2003-11-15 06:00:21 +00:00
r . in . resume_handle = & resume_handle ;
2004-05-25 16:24:13 +00:00
r . in . buf_size = ( uint32_t ) - 1 ;
2003-11-15 06:00:21 +00:00
r . out . resume_handle = & resume_handle ;
2008-11-07 02:57:58 +01:00
r . out . num_entries = & num_entries ;
r . out . sam = & sam ;
2003-11-15 06:00:21 +00:00
2007-12-03 15:53:28 +01:00
status = dcerpc_samr_EnumDomains ( p , tctx , & r ) ;
2008-10-31 16:09:29 +01:00
torture_assert_ntstatus_ok ( tctx , status , " EnumDomains " ) ;
2003-11-15 06:00:21 +00:00
2008-11-07 02:57:58 +01:00
if ( ! * r . out . sam ) {
2007-10-06 22:28:14 +00:00
return false ;
2003-11-15 08:06:39 +00:00
}
2008-11-07 02:57:58 +01:00
for ( i = 0 ; i < sam - > count ; i + + ) {
2009-11-26 00:32:47 +01:00
if ( ! test_LookupDomain ( p , tctx , ctx ,
sam - > entries [ i ] . name . string ) ) {
2007-10-06 22:28:14 +00:00
ret = false ;
2003-11-15 07:51:19 +00:00
}
}
2007-12-03 15:53:28 +01:00
status = dcerpc_samr_EnumDomains ( p , tctx , & r ) ;
2008-10-31 16:09:29 +01:00
torture_assert_ntstatus_ok ( tctx , status , " EnumDomains " ) ;
2004-05-03 14:54:47 +00:00
2003-11-15 08:06:39 +00:00
return ret ;
2003-11-15 06:00:21 +00:00
}
2008-10-31 16:09:29 +01:00
static bool test_Connect ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2003-11-15 06:00:21 +00:00
struct policy_handle * handle )
{
NTSTATUS status ;
struct samr_Connect r ;
2003-11-23 21:51:24 +00:00
struct samr_Connect2 r2 ;
2004-04-21 06:23:29 +00:00
struct samr_Connect3 r3 ;
2003-11-15 07:51:19 +00:00
struct samr_Connect4 r4 ;
2003-12-19 03:59:27 +00:00
struct samr_Connect5 r5 ;
2004-04-26 03:52:44 +00:00
union samr_ConnectInfo info ;
2004-09-28 05:44:59 +00:00
struct policy_handle h ;
2008-11-05 01:51:51 +01:00
uint32_t level_out = 0 ;
2007-10-06 22:28:14 +00:00
bool ret = true , got_handle = false ;
2003-11-15 06:00:21 +00:00
2008-10-31 16:09:29 +01:00
torture_comment ( tctx , " testing samr_Connect \n " ) ;
2004-04-21 06:23:29 +00:00
2003-11-15 06:00:21 +00:00
r . in . system_name = 0 ;
2004-12-02 04:37:36 +00:00
r . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
2004-09-28 05:44:59 +00:00
r . out . connect_handle = & h ;
2003-11-15 06:00:21 +00:00
2008-10-31 16:09:29 +01:00
status = dcerpc_samr_Connect ( p , tctx , & r ) ;
2003-11-15 06:00:21 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2008-10-31 16:09:29 +01:00
torture_comment ( tctx , " Connect failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2004-09-28 05:44:59 +00:00
} else {
2007-10-06 22:28:14 +00:00
got_handle = true ;
2004-09-28 05:44:59 +00:00
* handle = h ;
2003-11-23 21:51:24 +00:00
}
2008-10-31 16:09:29 +01:00
torture_comment ( tctx , " testing samr_Connect2 \n " ) ;
2004-04-21 06:23:29 +00:00
2004-04-26 03:52:44 +00:00
r2 . in . system_name = NULL ;
2004-12-02 04:37:36 +00:00
r2 . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
2004-09-28 05:44:59 +00:00
r2 . out . connect_handle = & h ;
2003-11-23 21:51:24 +00:00
2008-10-31 16:09:29 +01:00
status = dcerpc_samr_Connect2 ( p , tctx , & r2 ) ;
2003-11-23 21:51:24 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2008-10-31 16:09:29 +01:00
torture_comment ( tctx , " Connect2 failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2004-09-28 05:44:59 +00:00
} else {
if ( got_handle ) {
2008-10-31 16:09:29 +01:00
test_samr_handle_Close ( p , tctx , handle ) ;
2004-09-28 05:44:59 +00:00
}
2007-10-06 22:28:14 +00:00
got_handle = true ;
2004-09-28 05:44:59 +00:00
* handle = h ;
2003-11-15 06:00:21 +00:00
}
2008-10-31 16:09:29 +01:00
torture_comment ( tctx , " testing samr_Connect3 \n " ) ;
2004-04-21 06:23:29 +00:00
2004-04-26 03:52:44 +00:00
r3 . in . system_name = NULL ;
2004-04-21 06:23:29 +00:00
r3 . in . unknown = 0 ;
2004-12-02 04:37:36 +00:00
r3 . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
2004-09-28 05:44:59 +00:00
r3 . out . connect_handle = & h ;
2004-04-21 06:23:29 +00:00
2008-10-31 16:09:29 +01:00
status = dcerpc_samr_Connect3 ( p , tctx , & r3 ) ;
2004-04-21 06:23:29 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " Connect3 failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2004-09-28 05:44:59 +00:00
} else {
if ( got_handle ) {
2008-10-31 16:09:29 +01:00
test_samr_handle_Close ( p , tctx , handle ) ;
2004-09-28 05:44:59 +00:00
}
2007-10-06 22:28:14 +00:00
got_handle = true ;
2004-09-28 05:44:59 +00:00
* handle = h ;
2004-04-21 06:23:29 +00:00
}
2008-10-31 16:09:29 +01:00
torture_comment ( tctx , " testing samr_Connect4 \n " ) ;
2004-04-21 06:23:29 +00:00
2003-11-15 11:39:47 +00:00
r4 . in . system_name = " " ;
2008-10-15 17:42:33 +02:00
r4 . in . client_version = 0 ;
2004-12-02 04:37:36 +00:00
r4 . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
2004-09-28 05:44:59 +00:00
r4 . out . connect_handle = & h ;
2003-11-15 07:51:19 +00:00
2008-10-31 16:09:29 +01:00
status = dcerpc_samr_Connect4 ( p , tctx , & r4 ) ;
2003-11-15 07:51:19 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " Connect4 failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2004-09-28 05:44:59 +00:00
} else {
if ( got_handle ) {
2008-10-31 16:09:29 +01:00
test_samr_handle_Close ( p , tctx , handle ) ;
2004-09-28 05:44:59 +00:00
}
2007-10-06 22:28:14 +00:00
got_handle = true ;
2004-09-28 05:44:59 +00:00
* handle = h ;
2003-11-15 07:51:19 +00:00
}
2008-10-31 16:09:29 +01:00
torture_comment ( tctx , " testing samr_Connect5 \n " ) ;
2004-04-21 06:23:29 +00:00
2008-10-15 17:42:33 +02:00
info . info1 . client_version = 0 ;
2004-04-26 03:52:44 +00:00
info . info1 . unknown2 = 0 ;
2003-12-19 03:59:27 +00:00
r5 . in . system_name = " " ;
2004-12-02 04:37:36 +00:00
r5 . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
2008-11-05 01:51:51 +01:00
r5 . in . level_in = 1 ;
r5 . out . level_out = & level_out ;
r5 . in . info_in = & info ;
r5 . out . info_out = & info ;
2004-09-28 05:44:59 +00:00
r5 . out . connect_handle = & h ;
2003-12-19 03:59:27 +00:00
2008-10-31 16:09:29 +01:00
status = dcerpc_samr_Connect5 ( p , tctx , & r5 ) ;
2003-12-19 03:59:27 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-06-29 23:42:58 +02:00
torture_warning ( tctx , " Connect5 failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-06 22:28:14 +00:00
ret = false ;
2004-09-28 05:44:59 +00:00
} else {
if ( got_handle ) {
2008-10-31 16:09:29 +01:00
test_samr_handle_Close ( p , tctx , handle ) ;
2004-09-28 05:44:59 +00:00
}
2007-10-06 22:28:14 +00:00
got_handle = true ;
2004-09-28 05:44:59 +00:00
* handle = h ;
2003-12-19 03:59:27 +00:00
}
2003-11-23 21:51:24 +00:00
return ret ;
2003-11-15 06:00:21 +00:00
}
2009-10-02 16:03:02 +10:00
static bool test_samr_ValidatePassword ( struct dcerpc_pipe * p , struct torture_context * tctx )
{
struct samr_ValidatePassword r ;
union samr_ValidatePasswordReq req ;
union samr_ValidatePasswordRep * repp = NULL ;
NTSTATUS status ;
const char * passwords [ ] = { " penguin " , " p@ssw0rd " , " p@ssw0rd123$ " , NULL } ;
int i ;
2009-11-05 12:37:16 +01:00
torture_comment ( tctx , " testing samr_ValidatePassword \n " ) ;
2009-10-02 16:03:02 +10:00
ZERO_STRUCT ( r ) ;
r . in . level = NetValidatePasswordReset ;
r . in . req = & req ;
r . out . rep = & repp ;
2009-11-09 17:40:28 +01:00
2009-10-02 16:03:02 +10:00
ZERO_STRUCT ( req ) ;
req . req3 . account . string = " non-existant-account-aklsdji " ;
for ( i = 0 ; passwords [ i ] ; i + + ) {
req . req3 . password . string = passwords [ i ] ;
status = dcerpc_samr_ValidatePassword ( p , tctx , & r ) ;
2009-12-09 11:21:08 +01:00
if ( NT_STATUS_EQUAL ( status , NT_STATUS_NET_WRITE_FAULT ) & &
p - > last_fault_code = = DCERPC_FAULT_OP_RNG_ERROR ) {
torture_skip ( tctx , " ValidatePassword not supported by server \n " ) ;
}
2009-10-02 16:03:02 +10:00
torture_assert_ntstatus_ok ( tctx , status , " samr_ValidatePassword " ) ;
2009-11-06 12:32:47 +01:00
torture_comment ( tctx , " Server %s password '%s' with code %i \n " ,
2009-10-02 16:03:02 +10:00
repp - > ctr3 . status = = SAMR_VALIDATION_STATUS_SUCCESS ? " allowed " : " refused " ,
2009-11-06 12:32:47 +01:00
req . req3 . password . string , repp - > ctr3 . status ) ;
2009-10-02 16:03:02 +10:00
}
2009-11-09 17:40:28 +01:00
return true ;
2009-10-02 16:03:02 +10:00
}
2007-10-06 22:28:14 +00:00
bool torture_rpc_samr ( struct torture_context * torture )
2003-11-15 06:00:21 +00:00
{
2006-07-07 02:03:04 +00:00
NTSTATUS status ;
struct dcerpc_pipe * p ;
2007-10-06 22:28:14 +00:00
bool ret = true ;
2009-11-26 00:32:47 +01:00
struct torture_samr_context * ctx ;
2003-11-15 06:00:21 +00:00
2007-08-19 21:23:03 +00:00
status = torture_rpc_connection ( torture , & p , & ndr_table_samr ) ;
2003-11-15 06:00:21 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2007-10-06 22:28:14 +00:00
return false ;
2003-11-15 06:00:21 +00:00
}
2003-11-18 01:18:24 +00:00
2009-11-26 00:32:47 +01:00
ctx = talloc_zero ( torture , struct torture_samr_context ) ;
ctx - > choice = TORTURE_SAMR_OTHER ;
ret & = test_Connect ( p , torture , & ctx - > handle ) ;
2003-11-15 06:00:21 +00:00
2009-05-11 23:46:45 +02:00
if ( ! torture_setting_bool ( torture , " samba3 " , false ) ) {
2009-11-26 00:32:47 +01:00
ret & = test_QuerySecurity ( p , torture , & ctx - > handle ) ;
2009-05-11 23:46:45 +02:00
}
2003-11-15 06:00:21 +00:00
2009-11-26 00:32:47 +01:00
ret & = test_EnumDomains ( p , torture , ctx ) ;
2004-04-23 05:40:18 +00:00
2009-11-26 00:32:47 +01:00
ret & = test_SetDsrmPassword ( p , torture , & ctx - > handle ) ;
2004-04-23 05:40:18 +00:00
2009-11-26 00:32:47 +01:00
ret & = test_Shutdown ( p , torture , & ctx - > handle ) ;
2003-11-15 20:47:59 +00:00
2009-11-26 00:32:47 +01:00
ret & = test_samr_handle_Close ( p , torture , & ctx - > handle ) ;
2003-11-22 08:11:32 +00:00
2003-11-15 06:00:21 +00:00
return ret ;
}
2004-04-26 03:07:46 +00:00
2006-07-07 02:03:04 +00:00
2007-10-06 22:28:14 +00:00
bool torture_rpc_samr_users ( struct torture_context * torture )
2006-07-07 02:03:04 +00:00
{
NTSTATUS status ;
struct dcerpc_pipe * p ;
2007-10-06 22:28:14 +00:00
bool ret = true ;
2009-11-26 00:32:47 +01:00
struct torture_samr_context * ctx ;
2006-07-07 02:03:04 +00:00
2007-08-19 21:23:03 +00:00
status = torture_rpc_connection ( torture , & p , & ndr_table_samr ) ;
2006-07-07 02:03:04 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2007-10-06 22:28:14 +00:00
return false ;
2006-07-07 02:03:04 +00:00
}
2009-11-26 00:32:47 +01:00
ctx = talloc_zero ( torture , struct torture_samr_context ) ;
ctx - > choice = TORTURE_SAMR_USER_ATTRIBUTES ;
ret & = test_Connect ( p , torture , & ctx - > handle ) ;
2006-07-07 02:03:04 +00:00
2009-05-09 00:46:17 +02:00
if ( ! torture_setting_bool ( torture , " samba3 " , false ) ) {
2009-11-26 00:32:47 +01:00
ret & = test_QuerySecurity ( p , torture , & ctx - > handle ) ;
2009-05-09 00:46:17 +02:00
}
2006-07-07 02:03:04 +00:00
2009-11-26 00:32:47 +01:00
ret & = test_EnumDomains ( p , torture , ctx ) ;
2006-07-07 02:03:04 +00:00
2009-11-26 00:32:47 +01:00
ret & = test_SetDsrmPassword ( p , torture , & ctx - > handle ) ;
2006-07-07 02:03:04 +00:00
2009-11-26 00:32:47 +01:00
ret & = test_Shutdown ( p , torture , & ctx - > handle ) ;
2006-07-07 02:03:04 +00:00
2009-11-26 00:32:47 +01:00
ret & = test_samr_handle_Close ( p , torture , & ctx - > handle ) ;
2006-07-07 02:03:04 +00:00
return ret ;
}
2007-10-06 22:28:14 +00:00
bool torture_rpc_samr_passwords ( struct torture_context * torture )
2006-07-07 02:03:04 +00:00
{
NTSTATUS status ;
struct dcerpc_pipe * p ;
2007-10-06 22:28:14 +00:00
bool ret = true ;
2009-11-26 00:32:47 +01:00
struct torture_samr_context * ctx ;
2006-07-07 02:03:04 +00:00
2007-08-19 21:23:03 +00:00
status = torture_rpc_connection ( torture , & p , & ndr_table_samr ) ;
2006-07-07 02:03:04 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2007-10-06 22:28:14 +00:00
return false ;
2006-07-07 02:03:04 +00:00
}
2009-11-26 00:32:47 +01:00
ctx = talloc_zero ( torture , struct torture_samr_context ) ;
ctx - > choice = TORTURE_SAMR_PASSWORDS ;
ret & = test_Connect ( p , torture , & ctx - > handle ) ;
2006-07-07 02:03:04 +00:00
2009-11-26 00:32:47 +01:00
ret & = test_EnumDomains ( p , torture , ctx ) ;
2006-07-07 02:03:04 +00:00
2009-11-26 00:32:47 +01:00
ret & = test_samr_handle_Close ( p , torture , & ctx - > handle ) ;
2006-07-07 02:03:04 +00:00
2009-11-06 12:16:30 +01:00
ret & = test_samr_ValidatePassword ( p , torture ) ;
2006-07-07 02:03:04 +00:00
return ret ;
}
2008-12-08 13:10:56 +01:00
static bool torture_rpc_samr_pwdlastset ( struct torture_context * torture ,
struct dcerpc_pipe * p2 ,
struct cli_credentials * machine_credentials )
2008-11-27 12:09:39 +01:00
{
NTSTATUS status ;
struct dcerpc_pipe * p ;
bool ret = true ;
2009-11-26 00:32:47 +01:00
struct torture_samr_context * ctx ;
2008-11-27 12:09:39 +01:00
status = torture_rpc_connection ( torture , & p , & ndr_table_samr ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return false ;
}
2009-11-26 00:32:47 +01:00
ctx = talloc_zero ( torture , struct torture_samr_context ) ;
ctx - > choice = TORTURE_SAMR_PASSWORDS_PWDLASTSET ;
ctx - > machine_credentials = machine_credentials ;
2008-11-27 12:09:39 +01:00
2009-11-26 00:32:47 +01:00
ret & = test_Connect ( p , torture , & ctx - > handle ) ;
2008-11-27 12:09:39 +01:00
2009-11-26 00:32:47 +01:00
ret & = test_EnumDomains ( p , torture , ctx ) ;
ret & = test_samr_handle_Close ( p , torture , & ctx - > handle ) ;
2008-11-27 12:09:39 +01:00
return ret ;
}
2009-05-19 02:01:27 +02:00
struct torture_suite * torture_rpc_samr_passwords_pwdlastset ( TALLOC_CTX * mem_ctx )
2008-12-08 13:10:56 +01:00
{
2009-05-18 18:31:46 -07:00
struct torture_suite * suite = torture_suite_create ( mem_ctx , " SAMR-PASSWORDS-PWDLASTSET " ) ;
2008-12-08 13:10:56 +01:00
struct torture_rpc_tcase * tcase ;
2009-06-26 16:51:53 +02:00
tcase = torture_suite_add_machine_bdc_rpc_iface_tcase ( suite , " samr " ,
2008-12-08 13:10:56 +01:00
& ndr_table_samr ,
TEST_ACCOUNT_NAME_PWD ) ;
torture_rpc_tcase_add_test_creds ( tcase , " pwdLastSet " ,
torture_rpc_samr_pwdlastset ) ;
return suite ;
}
2009-05-18 19:37:13 +02:00
static bool torture_rpc_samr_users_privileges_delete_user ( struct torture_context * torture ,
struct dcerpc_pipe * p2 ,
struct cli_credentials * machine_credentials )
{
NTSTATUS status ;
struct dcerpc_pipe * p ;
bool ret = true ;
2009-11-26 00:32:47 +01:00
struct torture_samr_context * ctx ;
2009-05-18 19:37:13 +02:00
status = torture_rpc_connection ( torture , & p , & ndr_table_samr ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return false ;
}
2009-11-26 00:32:47 +01:00
ctx = talloc_zero ( torture , struct torture_samr_context ) ;
ctx - > choice = TORTURE_SAMR_USER_PRIVILEGES ;
ctx - > machine_credentials = machine_credentials ;
ret & = test_Connect ( p , torture , & ctx - > handle ) ;
2009-05-18 19:37:13 +02:00
2009-11-26 00:32:47 +01:00
ret & = test_EnumDomains ( p , torture , ctx ) ;
2009-05-18 19:37:13 +02:00
2009-11-26 00:32:47 +01:00
ret & = test_samr_handle_Close ( p , torture , & ctx - > handle ) ;
2009-05-18 19:37:13 +02:00
return ret ;
}
struct torture_suite * torture_rpc_samr_user_privileges ( TALLOC_CTX * mem_ctx )
{
struct torture_suite * suite = torture_suite_create ( mem_ctx , " SAMR-USERS-PRIVILEGES " ) ;
struct torture_rpc_tcase * tcase ;
2009-06-26 16:51:53 +02:00
tcase = torture_suite_add_machine_bdc_rpc_iface_tcase ( suite , " samr " ,
2009-05-18 19:37:13 +02:00
& ndr_table_samr ,
TEST_ACCOUNT_NAME_PWD ) ;
torture_rpc_tcase_add_test_creds ( tcase , " delete_privileged_user " ,
torture_rpc_samr_users_privileges_delete_user ) ;
return suite ;
}
2009-05-25 13:08:58 +02:00
static bool torture_rpc_samr_many_accounts ( struct torture_context * torture ,
struct dcerpc_pipe * p2 ,
2009-11-26 01:25:56 +01:00
void * data )
2009-05-25 13:08:58 +02:00
{
NTSTATUS status ;
struct dcerpc_pipe * p ;
bool ret = true ;
2009-11-26 01:25:56 +01:00
struct torture_samr_context * ctx =
talloc_get_type_abort ( data , struct torture_samr_context ) ;
2009-05-25 13:08:58 +02:00
status = torture_rpc_connection ( torture , & p , & ndr_table_samr ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return false ;
}
2009-11-26 00:32:47 +01:00
ctx - > choice = TORTURE_SAMR_MANY_ACCOUNTS ;
2009-11-26 01:25:56 +01:00
ctx - > num_objects_large_dc = torture_setting_int ( torture , " large_dc " ,
ctx - > num_objects_large_dc ) ;
2009-11-26 00:32:47 +01:00
ret & = test_Connect ( p , torture , & ctx - > handle ) ;
2009-05-25 13:08:58 +02:00
2009-11-26 00:32:47 +01:00
ret & = test_EnumDomains ( p , torture , ctx ) ;
2009-05-25 13:08:58 +02:00
2009-11-26 00:32:47 +01:00
ret & = test_samr_handle_Close ( p , torture , & ctx - > handle ) ;
2009-05-25 13:08:58 +02:00
return ret ;
}
static bool torture_rpc_samr_many_groups ( struct torture_context * torture ,
struct dcerpc_pipe * p2 ,
2009-11-26 01:25:56 +01:00
void * data )
2009-05-25 13:08:58 +02:00
{
NTSTATUS status ;
struct dcerpc_pipe * p ;
bool ret = true ;
2009-11-26 01:25:56 +01:00
struct torture_samr_context * ctx =
talloc_get_type_abort ( data , struct torture_samr_context ) ;
2009-05-25 13:08:58 +02:00
status = torture_rpc_connection ( torture , & p , & ndr_table_samr ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return false ;
}
2009-11-26 00:32:47 +01:00
ctx - > choice = TORTURE_SAMR_MANY_GROUPS ;
2009-11-26 01:25:56 +01:00
ctx - > num_objects_large_dc = torture_setting_int ( torture , " large_dc " ,
ctx - > num_objects_large_dc ) ;
2009-05-25 13:08:58 +02:00
2009-11-26 00:32:47 +01:00
ret & = test_Connect ( p , torture , & ctx - > handle ) ;
2009-05-25 13:08:58 +02:00
2009-11-26 00:32:47 +01:00
ret & = test_EnumDomains ( p , torture , ctx ) ;
ret & = test_samr_handle_Close ( p , torture , & ctx - > handle ) ;
2009-05-25 13:08:58 +02:00
return ret ;
}
static bool torture_rpc_samr_many_aliases ( struct torture_context * torture ,
struct dcerpc_pipe * p2 ,
2009-11-26 01:25:56 +01:00
void * data )
2009-05-25 13:08:58 +02:00
{
NTSTATUS status ;
struct dcerpc_pipe * p ;
bool ret = true ;
2009-11-26 01:25:56 +01:00
struct torture_samr_context * ctx =
talloc_get_type_abort ( data , struct torture_samr_context ) ;
2009-05-25 13:08:58 +02:00
status = torture_rpc_connection ( torture , & p , & ndr_table_samr ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return false ;
}
2009-11-26 00:32:47 +01:00
ctx - > choice = TORTURE_SAMR_MANY_ALIASES ;
2009-11-26 01:25:56 +01:00
ctx - > num_objects_large_dc = torture_setting_int ( torture , " large_dc " ,
ctx - > num_objects_large_dc ) ;
2009-11-26 00:32:47 +01:00
ret & = test_Connect ( p , torture , & ctx - > handle ) ;
2009-05-25 13:08:58 +02:00
2009-11-26 00:32:47 +01:00
ret & = test_EnumDomains ( p , torture , ctx ) ;
2009-05-25 13:08:58 +02:00
2009-11-26 00:32:47 +01:00
ret & = test_samr_handle_Close ( p , torture , & ctx - > handle ) ;
2009-05-25 13:08:58 +02:00
return ret ;
}
struct torture_suite * torture_rpc_samr_large_dc ( TALLOC_CTX * mem_ctx )
{
struct torture_suite * suite = torture_suite_create ( mem_ctx , " SAMR-LARGE-DC " ) ;
struct torture_rpc_tcase * tcase ;
2009-11-26 01:25:56 +01:00
struct torture_samr_context * ctx ;
2009-05-25 13:08:58 +02:00
2009-11-26 01:25:56 +01:00
tcase = torture_suite_add_rpc_iface_tcase ( suite , " samr " , & ndr_table_samr ) ;
ctx = talloc_zero ( suite , struct torture_samr_context ) ;
ctx - > num_objects_large_dc = 150 ;
2009-05-25 13:08:58 +02:00
2009-11-26 01:25:56 +01:00
torture_rpc_tcase_add_test_ex ( tcase , " many_aliases " ,
torture_rpc_samr_many_aliases , ctx ) ;
torture_rpc_tcase_add_test_ex ( tcase , " many_groups " ,
torture_rpc_samr_many_groups , ctx ) ;
torture_rpc_tcase_add_test_ex ( tcase , " many_accounts " ,
torture_rpc_samr_many_accounts , ctx ) ;
2009-05-25 13:08:58 +02:00
return suite ;
}
2010-01-11 21:18:51 +01:00
static bool torture_rpc_samr_badpwdcount ( struct torture_context * torture ,
struct dcerpc_pipe * p2 ,
struct cli_credentials * machine_credentials )
{
NTSTATUS status ;
struct dcerpc_pipe * p ;
bool ret = true ;
struct torture_samr_context * ctx ;
status = torture_rpc_connection ( torture , & p , & ndr_table_samr ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return false ;
}
ctx = talloc_zero ( torture , struct torture_samr_context ) ;
ctx - > choice = TORTURE_SAMR_PASSWORDS_BADPWDCOUNT ;
ctx - > machine_credentials = machine_credentials ;
ret & = test_Connect ( p , torture , & ctx - > handle ) ;
ret & = test_EnumDomains ( p , torture , ctx ) ;
ret & = test_samr_handle_Close ( p , torture , & ctx - > handle ) ;
return ret ;
}
struct torture_suite * torture_rpc_samr_passwords_badpwdcount ( TALLOC_CTX * mem_ctx )
{
struct torture_suite * suite = torture_suite_create ( mem_ctx , " SAMR-PASSWORDS-BADPWDCOUNT " ) ;
struct torture_rpc_tcase * tcase ;
tcase = torture_suite_add_machine_bdc_rpc_iface_tcase ( suite , " samr " ,
& ndr_table_samr ,
TEST_ACCOUNT_NAME_PWD ) ;
torture_rpc_tcase_add_test_creds ( tcase , " badPwdCount " ,
torture_rpc_samr_badpwdcount ) ;
return suite ;
}
2010-01-15 18:08:57 +01:00
static bool torture_rpc_samr_lockout ( struct torture_context * torture ,
struct dcerpc_pipe * p2 ,
struct cli_credentials * machine_credentials )
{
NTSTATUS status ;
struct dcerpc_pipe * p ;
bool ret = true ;
struct torture_samr_context * ctx ;
status = torture_rpc_connection ( torture , & p , & ndr_table_samr ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return false ;
}
ctx = talloc_zero ( torture , struct torture_samr_context ) ;
ctx - > choice = TORTURE_SAMR_PASSWORDS_LOCKOUT ;
ctx - > machine_credentials = machine_credentials ;
ret & = test_Connect ( p , torture , & ctx - > handle ) ;
ret & = test_EnumDomains ( p , torture , ctx ) ;
ret & = test_samr_handle_Close ( p , torture , & ctx - > handle ) ;
return ret ;
}
struct torture_suite * torture_rpc_samr_passwords_lockout ( TALLOC_CTX * mem_ctx )
{
struct torture_suite * suite = torture_suite_create ( mem_ctx , " SAMR-PASSWORDS-LOCKOUT " ) ;
struct torture_rpc_tcase * tcase ;
tcase = torture_suite_add_machine_bdc_rpc_iface_tcase ( suite , " samr " ,
& ndr_table_samr ,
TEST_ACCOUNT_NAME_PWD ) ;
torture_rpc_tcase_add_test_creds ( tcase , " lockout " ,
torture_rpc_samr_lockout ) ;
return suite ;
}
