2009-05-12 00:44:58 +04:00
/*
2003-11-15 09:00:21 +03:00
Unix SMB / CIFS implementation .
test suite for samr rpc operations
Copyright ( C ) Andrew Tridgell 2003
2003-12-03 06:10:10 +03:00
Copyright ( C ) Andrew Bartlett < abartlet @ samba . org > 2003
2012-03-18 20:44:24 +04:00
Copyright ( C ) Jelmer Vernooij 2005 - 2007
2010-01-11 23:18:51 +03:00
Copyright ( C ) Guenther Deschner 2008 - 2010
2009-05-12 00:44:58 +04:00
2003-11-15 09:00:21 +03:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-10 06:07:03 +04:00
the Free Software Foundation ; either version 3 of the License , or
2003-11-15 09:00:21 +03:00
( at your option ) any later version .
2009-05-12 00:44:58 +04:00
2003-11-15 09:00:21 +03:00
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
2009-05-12 00:44:58 +04:00
2003-11-15 09:00:21 +03:00
You should have received a copy of the GNU General Public License
2007-07-10 06:07:03 +04:00
along with this program . If not , see < http : //www.gnu.org/licenses/>.
2003-11-15 09:00:21 +03:00
*/
# include "includes.h"
2006-01-03 16:41:17 +03:00
# include "torture/torture.h"
2010-03-09 17:46:55 +03:00
# include <tevent.h>
2006-07-04 06:46:24 +04:00
# include "system/time.h"
2011-10-08 14:10:20 +04:00
# include "system/network.h"
2006-03-16 03:23:11 +03:00
# include "librpc/gen_ndr/lsa.h"
2008-12-08 15:10:56 +03:00
# include "librpc/gen_ndr/ndr_netlogon.h"
# include "librpc/gen_ndr/ndr_netlogon_c.h"
2006-03-15 02:35:30 +03:00
# include "librpc/gen_ndr/ndr_samr_c.h"
2009-05-18 21:37:13 +04:00
# include "librpc/gen_ndr/ndr_lsa_c.h"
2008-09-24 17:30:23 +04:00
# include "../lib/crypto/crypto.h"
2006-03-14 18:02:05 +03:00
# include "libcli/auth/libcli_auth.h"
2006-04-02 16:02:01 +04:00
# include "libcli/security/security.h"
2010-04-14 00:06:51 +04:00
# include "torture/rpc/torture_rpc.h"
2009-01-06 23:52:54 +03:00
# include "param/param.h"
2010-01-12 13:48:23 +03:00
# include "auth/gensec/gensec.h"
# include "auth/gensec/gensec_proto.h"
# include "../libcli/auth/schannel.h"
2017-04-28 06:31:40 +03:00
# include "torture/util.h"
2003-11-15 09:00:21 +03:00
2004-06-05 07:22:10 +04:00
# define TEST_ACCOUNT_NAME "samrtorturetest"
2008-12-08 15:10:56 +03:00
# define TEST_ACCOUNT_NAME_PWD "samrpwdlastset"
2003-12-19 06:59:27 +03:00
# define TEST_ALIASNAME "samrtorturetestalias"
2004-04-17 09:54:55 +04:00
# define TEST_GROUPNAME "samrtorturetestgroup"
2005-03-13 09:43:34 +03:00
# define TEST_MACHINENAME "samrtestmach$"
# define TEST_DOMAINNAME "samrtestdom$"
2003-11-19 06:20:32 +03:00
2006-07-07 06:03:04 +04:00
enum torture_samr_choice {
TORTURE_SAMR_PASSWORDS ,
2008-11-27 14:09:39 +03:00
TORTURE_SAMR_PASSWORDS_PWDLASTSET ,
2010-01-11 23:18:51 +03:00
TORTURE_SAMR_PASSWORDS_BADPWDCOUNT ,
2010-01-15 20:08:57 +03:00
TORTURE_SAMR_PASSWORDS_LOCKOUT ,
2006-07-07 06:03:04 +04:00
TORTURE_SAMR_USER_ATTRIBUTES ,
2009-05-18 21:37:13 +04:00
TORTURE_SAMR_USER_PRIVILEGES ,
2009-05-25 15:08:58 +04:00
TORTURE_SAMR_OTHER ,
TORTURE_SAMR_MANY_ACCOUNTS ,
TORTURE_SAMR_MANY_GROUPS ,
TORTURE_SAMR_MANY_ALIASES
2006-07-07 06:03:04 +04:00
} ;
2003-12-19 06:59:27 +03:00
2009-11-26 02:32:47 +03:00
struct torture_samr_context {
struct policy_handle handle ;
struct cli_credentials * machine_credentials ;
enum torture_samr_choice choice ;
uint32_t num_objects_large_dc ;
} ;
2010-03-12 19:51:06 +03:00
static bool test_QueryUserInfo ( struct dcerpc_binding_handle * b ,
2009-05-12 01:13:26 +04:00
struct torture_context * tctx ,
2003-11-20 06:09:19 +03:00
struct policy_handle * handle ) ;
2010-03-12 19:51:06 +03:00
static bool test_QueryUserInfo2 ( struct dcerpc_binding_handle * b ,
2009-05-12 01:13:26 +04:00
struct torture_context * tctx ,
2004-04-18 08:32:04 +04:00
struct policy_handle * handle ) ;
2010-03-12 19:51:06 +03:00
static bool test_QueryAliasInfo ( struct dcerpc_binding_handle * b ,
2009-05-12 01:13:26 +04:00
struct torture_context * tctx ,
struct policy_handle * handle ) ;
2003-12-19 06:59:27 +03:00
2009-05-12 01:13:26 +04:00
static bool test_ChangePassword ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
2009-05-12 00:44:58 +04:00
const char * acct_name ,
2006-07-07 06:03:04 +04:00
struct policy_handle * domain_handle , char * * password ) ;
2005-07-08 12:09:02 +04:00
static void init_lsa_String ( struct lsa_String * string , const char * s )
2003-11-19 06:20:32 +03:00
{
2004-11-13 16:45:41 +03:00
string - > string = s ;
2003-11-19 06:20:32 +03:00
}
2009-05-18 21:37:13 +04:00
static void init_lsa_StringLarge ( struct lsa_StringLarge * string , const char * s )
{
string - > string = s ;
}
2008-11-10 16:02:34 +03:00
static void init_lsa_BinaryString ( struct lsa_BinaryString * string , const char * s , uint32_t length )
{
string - > length = length ;
string - > size = length ;
string - > array = ( uint16_t * ) discard_const ( s ) ;
}
2010-03-12 19:51:06 +03:00
bool test_samr_handle_Close ( struct dcerpc_binding_handle * b ,
struct torture_context * tctx ,
struct policy_handle * handle )
2003-11-15 23:47:59 +03:00
{
struct samr_Close r ;
r . in . handle = handle ;
r . out . handle = handle ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_Close_r ( b , tctx , & r ) ,
" Close failed " ) ;
torture_assert_ntstatus_ok ( tctx , r . out . result , " Close failed " ) ;
2003-11-15 23:47:59 +03:00
2007-10-07 02:28:14 +04:00
return true ;
2003-11-15 23:47:59 +03:00
}
2010-03-12 19:51:06 +03:00
static bool test_Shutdown ( struct dcerpc_binding_handle * b ,
struct torture_context * tctx ,
struct policy_handle * handle )
2004-04-23 09:40:18 +04:00
{
struct samr_Shutdown r ;
2007-12-03 17:53:17 +03:00
if ( ! torture_setting_bool ( tctx , " dangerous " , false ) ) {
2008-10-31 18:09:29 +03:00
torture_skip ( tctx , " samr_Shutdown disabled - enable dangerous tests to use \n " ) ;
2007-10-07 02:28:14 +04:00
return true ;
2004-04-23 09:40:18 +04:00
}
2004-09-21 07:51:38 +04:00
r . in . connect_handle = handle ;
2004-04-23 09:40:18 +04:00
2010-04-11 03:39:06 +04:00
torture_comment ( tctx , " Testing samr_Shutdown \n " ) ;
2004-04-23 09:40:18 +04:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_Shutdown_r ( b , tctx , & r ) ,
" Shutdown failed " ) ;
torture_assert_ntstatus_ok ( tctx , r . out . result , " Shutdown failed " ) ;
2004-04-23 09:40:18 +04:00
2007-10-07 02:28:14 +04:00
return true ;
2004-04-23 09:40:18 +04:00
}
2010-03-12 19:51:06 +03:00
static bool test_SetDsrmPassword ( struct dcerpc_binding_handle * b ,
struct torture_context * tctx ,
2004-04-23 09:40:18 +04:00
struct policy_handle * handle )
{
struct samr_SetDsrmPassword r ;
2005-07-08 12:09:02 +04:00
struct lsa_String string ;
2004-06-04 15:58:46 +04:00
struct samr_Password hash ;
2004-04-23 09:40:18 +04:00
2007-12-03 17:53:17 +03:00
if ( ! torture_setting_bool ( tctx , " dangerous " , false ) ) {
2008-10-31 18:09:29 +03:00
torture_skip ( tctx , " samr_SetDsrmPassword disabled - enable dangerous tests to use " ) ;
2004-04-23 09:40:18 +04:00
}
E_md4hash ( " TeSTDSRM123 " , hash . hash ) ;
2005-07-08 12:09:02 +04:00
init_lsa_String ( & string , " Administrator " ) ;
2004-04-23 09:40:18 +04:00
2004-11-13 16:45:41 +03:00
r . in . name = & string ;
2004-04-23 09:40:18 +04:00
r . in . unknown = 0 ;
r . in . hash = & hash ;
2010-04-11 03:39:06 +04:00
torture_comment ( tctx , " Testing samr_SetDsrmPassword \n " ) ;
2004-04-23 09:40:18 +04:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_SetDsrmPassword_r ( b , tctx , & r ) ,
" SetDsrmPassword failed " ) ;
torture_assert_ntstatus_equal ( tctx , r . out . result , NT_STATUS_NOT_SUPPORTED , " SetDsrmPassword failed " ) ;
2004-04-23 09:40:18 +04:00
2007-10-07 02:28:14 +04:00
return true ;
2004-04-23 09:40:18 +04:00
}
2003-11-15 23:47:59 +03:00
2010-03-12 19:51:06 +03:00
static bool test_QuerySecurity ( struct dcerpc_binding_handle * b ,
2009-05-12 00:44:58 +04:00
struct torture_context * tctx ,
2003-11-18 08:20:54 +03:00
struct policy_handle * handle )
{
struct samr_QuerySecurity r ;
2003-12-20 02:44:26 +03:00
struct samr_SetSecurity s ;
2008-10-28 00:57:51 +03:00
struct sec_desc_buf * sdbuf = NULL ;
2003-11-18 08:20:54 +03:00
r . in . handle = handle ;
r . in . sec_info = 7 ;
2008-10-28 00:57:51 +03:00
r . out . sdbuf = & sdbuf ;
2003-11-18 08:20:54 +03:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_QuerySecurity_r ( b , tctx , & r ) ,
" QuerySecurity failed " ) ;
torture_assert_ntstatus_ok ( tctx , r . out . result , " QuerySecurity failed " ) ;
2003-11-18 08:20:54 +03:00
2008-10-28 00:57:51 +03:00
torture_assert ( tctx , sdbuf ! = NULL , " sdbuf is NULL " ) ;
2004-05-28 17:23:30 +04:00
2003-12-20 02:44:26 +03:00
s . in . handle = handle ;
s . in . sec_info = 7 ;
2008-10-28 00:57:51 +03:00
s . in . sdbuf = sdbuf ;
2003-12-20 02:44:26 +03:00
2007-12-03 17:53:17 +03:00
if ( torture_setting_bool ( tctx , " samba4 " , false ) ) {
2008-10-31 18:09:29 +03:00
torture_skip ( tctx , " skipping SetSecurity test against Samba4 \n " ) ;
2006-07-03 07:39:02 +04:00
}
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_SetSecurity_r ( b , tctx , & s ) ,
" SetSecurity failed " ) ;
torture_assert_ntstatus_ok ( tctx , r . out . result , " SetSecurity failed " ) ;
2003-12-20 02:44:26 +03:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_QuerySecurity_r ( b , tctx , & r ) ,
" QuerySecurity failed " ) ;
torture_assert_ntstatus_ok ( tctx , r . out . result , " QuerySecurity failed " ) ;
2003-12-20 02:44:26 +03:00
2007-10-07 02:28:14 +04:00
return true ;
2003-11-18 08:20:54 +03:00
}
2003-11-20 10:20:59 +03:00
2010-03-12 19:51:06 +03:00
static bool test_SetUserInfo ( struct dcerpc_binding_handle * b , struct torture_context * tctx ,
2005-03-13 09:43:34 +03:00
struct policy_handle * handle , uint32_t base_acct_flags ,
const char * base_account_name )
2003-11-20 10:20:59 +03:00
{
2003-11-20 13:29:54 +03:00
struct samr_SetUserInfo s ;
2004-04-21 10:23:29 +04:00
struct samr_SetUserInfo2 s2 ;
2003-11-20 13:29:54 +03:00
struct samr_QueryUserInfo q ;
2003-11-20 13:53:08 +03:00
struct samr_QueryUserInfo q0 ;
2003-11-20 10:20:59 +03:00
union samr_UserInfo u ;
2008-11-10 16:42:27 +03:00
union samr_UserInfo * info ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2005-03-13 09:43:34 +03:00
const char * test_account_name ;
2003-11-20 10:20:59 +03:00
2004-10-20 06:08:36 +04:00
uint32_t user_extra_flags = 0 ;
2009-05-09 00:20:38 +04:00
if ( ! torture_setting_bool ( tctx , " samba3 " , false ) ) {
if ( base_acct_flags = = ACB_NORMAL ) {
/* When created, accounts are expired by default */
user_extra_flags = ACB_PW_EXPIRED ;
}
2004-10-20 06:08:36 +04:00
}
2004-09-21 07:51:38 +04:00
s . in . user_handle = handle ;
2003-11-20 13:29:54 +03:00
s . in . info = & u ;
2004-04-21 10:23:29 +04:00
2004-09-21 07:51:38 +04:00
s2 . in . user_handle = handle ;
2004-04-21 10:23:29 +04:00
s2 . in . info = & u ;
2004-09-21 07:51:38 +04:00
q . in . user_handle = handle ;
2008-11-10 16:42:27 +03:00
q . out . info = & info ;
2003-11-20 13:53:08 +03:00
q0 = q ;
2003-11-20 13:29:54 +03:00
# define TESTCALL(call, r) \
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_ # # call # # _r ( b , tctx , & r ) , \
# call " failed"); \
if ( ! NT_STATUS_IS_OK ( r . out . result ) ) { \
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , # call " level %u failed - %s (%s) \n " , \
2010-03-19 02:38:04 +03:00
r . in . level , nt_errstr ( r . out . result ) , __location__ ) ; \
2007-10-07 02:28:14 +04:00
ret = false ; \
2003-11-20 13:29:54 +03:00
break ; \
}
# define STRING_EQUAL(s1, s2, field) \
2014-06-20 14:28:43 +04:00
torture_assert_str_equal ( tctx , s1 , s2 , " Failed to set " # field )
2003-11-20 13:29:54 +03:00
2008-11-10 16:02:34 +03:00
# define MEM_EQUAL(s1, s2, length, field) \
2014-06-20 14:28:43 +04:00
torture_assert_mem_equal ( tctx , s1 , s2 , length , " Failed to set " # field )
2008-11-10 16:02:34 +03:00
2003-11-20 13:29:54 +03:00
# define INT_EQUAL(i1, i2, field) \
2014-06-20 14:28:43 +04:00
torture_assert_int_equal ( tctx , i1 , i2 , " Failed to set " # field )
2003-11-20 13:29:54 +03:00
2004-11-13 16:45:41 +03:00
# define TEST_USERINFO_STRING(lvl1, field1, lvl2, field2, value, fpval) do { \
2008-10-31 18:09:29 +03:00
torture_comment ( tctx , " field test %d/%s vs %d/%s \n " , lvl1 , # field1 , lvl2 , # field2 ) ; \
2003-11-20 13:29:54 +03:00
q . in . level = lvl1 ; \
TESTCALL ( QueryUserInfo , q ) \
s . in . level = lvl1 ; \
2004-04-21 10:23:29 +04:00
s2 . in . level = lvl1 ; \
2008-11-10 16:42:27 +03:00
u = * info ; \
2004-01-19 11:59:14 +03:00
if ( lvl1 = = 21 ) { \
2004-04-22 11:28:18 +04:00
ZERO_STRUCT ( u . info21 ) ; \
2004-01-19 11:59:14 +03:00
u . info21 . fields_present = fpval ; \
} \
2005-07-08 12:09:02 +04:00
init_lsa_String ( & u . info # # lvl1 . field1 , value ) ; \
2003-11-20 13:29:54 +03:00
TESTCALL ( SetUserInfo , s ) \
2004-04-21 10:23:29 +04:00
TESTCALL ( SetUserInfo2 , s2 ) \
2005-07-08 12:09:02 +04:00
init_lsa_String ( & u . info # # lvl1 . field1 , " " ) ; \
2003-11-20 13:29:54 +03:00
TESTCALL ( QueryUserInfo , q ) ; \
2008-11-10 16:42:27 +03:00
u = * info ; \
2004-11-13 16:45:41 +03:00
STRING_EQUAL ( u . info # # lvl1 . field1 . string , value , field1 ) ; \
2003-11-20 13:29:54 +03:00
q . in . level = lvl2 ; \
TESTCALL ( QueryUserInfo , q ) \
2008-11-10 16:42:27 +03:00
u = * info ; \
2004-11-13 16:45:41 +03:00
STRING_EQUAL ( u . info # # lvl2 . field2 . string , value , field2 ) ; \
2003-11-20 13:29:54 +03:00
} while ( 0 )
2008-11-10 16:02:34 +03:00
# define TEST_USERINFO_BINARYSTRING(lvl1, field1, lvl2, field2, value, fpval) do { \
torture_comment ( tctx , " field test %d/%s vs %d/%s \n " , lvl1 , # field1 , lvl2 , # field2 ) ; \
q . in . level = lvl1 ; \
TESTCALL ( QueryUserInfo , q ) \
s . in . level = lvl1 ; \
s2 . in . level = lvl1 ; \
2008-11-10 16:42:27 +03:00
u = * info ; \
2008-11-10 16:02:34 +03:00
if ( lvl1 = = 21 ) { \
ZERO_STRUCT ( u . info21 ) ; \
u . info21 . fields_present = fpval ; \
} \
init_lsa_BinaryString ( & u . info # # lvl1 . field1 , value , strlen ( value ) ) ; \
TESTCALL ( SetUserInfo , s ) \
TESTCALL ( SetUserInfo2 , s2 ) \
init_lsa_BinaryString ( & u . info # # lvl1 . field1 , " " , 1 ) ; \
TESTCALL ( QueryUserInfo , q ) ; \
2008-11-10 16:42:27 +03:00
u = * info ; \
2008-11-10 16:02:34 +03:00
MEM_EQUAL ( u . info # # lvl1 . field1 . array , value , strlen ( value ) , field1 ) ; \
q . in . level = lvl2 ; \
TESTCALL ( QueryUserInfo , q ) \
2008-11-10 16:42:27 +03:00
u = * info ; \
2008-11-10 16:02:34 +03:00
MEM_EQUAL ( u . info # # lvl2 . field2 . array , value , strlen ( value ) , field2 ) ; \
} while ( 0 )
2004-10-20 06:08:36 +04:00
# define TEST_USERINFO_INT_EXP(lvl1, field1, lvl2, field2, value, exp_value, fpval) do { \
2008-10-31 18:09:29 +03:00
torture_comment ( tctx , " field test %d/%s vs %d/%s \n " , lvl1 , # field1 , lvl2 , # field2 ) ; \
2003-11-20 13:29:54 +03:00
q . in . level = lvl1 ; \
TESTCALL ( QueryUserInfo , q ) \
s . in . level = lvl1 ; \
2004-04-21 10:23:29 +04:00
s2 . in . level = lvl1 ; \
2008-11-10 16:42:27 +03:00
u = * info ; \
2004-01-19 11:59:14 +03:00
if ( lvl1 = = 21 ) { \
2005-01-05 18:24:20 +03:00
uint8_t * bits = u . info21 . logon_hours . bits ; \
2004-04-22 11:28:18 +04:00
ZERO_STRUCT ( u . info21 ) ; \
2004-04-30 07:57:48 +04:00
if ( fpval = = SAMR_FIELD_LOGON_HOURS ) { \
2004-04-22 11:28:18 +04:00
u . info21 . logon_hours . units_per_week = 168 ; \
2005-01-05 18:24:20 +03:00
u . info21 . logon_hours . bits = bits ; \
2004-04-22 11:28:18 +04:00
} \
2004-01-19 11:59:14 +03:00
u . info21 . fields_present = fpval ; \
} \
2004-04-22 11:28:18 +04:00
u . info # # lvl1 . field1 = value ; \
2003-11-20 13:29:54 +03:00
TESTCALL ( SetUserInfo , s ) \
2004-04-21 10:23:29 +04:00
TESTCALL ( SetUserInfo2 , s2 ) \
2003-11-20 13:29:54 +03:00
u . info # # lvl1 . field1 = 0 ; \
TESTCALL ( QueryUserInfo , q ) ; \
2008-11-10 16:42:27 +03:00
u = * info ; \
2004-10-20 06:08:36 +04:00
INT_EQUAL ( u . info # # lvl1 . field1 , exp_value , field1 ) ; \
2003-11-20 13:29:54 +03:00
q . in . level = lvl2 ; \
TESTCALL ( QueryUserInfo , q ) \
2008-11-10 16:42:27 +03:00
u = * info ; \
2004-10-20 06:08:36 +04:00
INT_EQUAL ( u . info # # lvl2 . field2 , exp_value , field1 ) ; \
2003-11-20 13:29:54 +03:00
} while ( 0 )
2003-11-20 13:53:08 +03:00
2004-10-20 06:08:36 +04:00
# define TEST_USERINFO_INT(lvl1, field1, lvl2, field2, value, fpval) do { \
TEST_USERINFO_INT_EXP ( lvl1 , field1 , lvl2 , field2 , value , value , fpval ) ; \
} while ( 0 )
2003-11-20 13:53:08 +03:00
q0 . in . level = 12 ;
do { TESTCALL ( QueryUserInfo , q0 ) } while ( 0 ) ;
2003-11-20 10:20:59 +03:00
2009-06-24 02:24:03 +04:00
TEST_USERINFO_STRING ( 2 , comment , 1 , comment , " xx2-1 comment " , 0 ) ;
TEST_USERINFO_STRING ( 2 , comment , 21 , comment , " xx2-21 comment " , 0 ) ;
TEST_USERINFO_STRING ( 21 , comment , 21 , comment , " xx21-21 comment " ,
SAMR_FIELD_COMMENT ) ;
2004-01-19 11:59:14 +03:00
2007-12-03 17:53:17 +03:00
test_account_name = talloc_asprintf ( tctx , " %sxx7-1 " , base_account_name ) ;
2014-05-13 01:33:53 +04:00
TEST_USERINFO_STRING ( 7 , account_name , 1 , account_name , test_account_name , 0 ) ;
2007-12-03 17:53:17 +03:00
test_account_name = talloc_asprintf ( tctx , " %sxx7-3 " , base_account_name ) ;
2014-05-13 01:33:53 +04:00
TEST_USERINFO_STRING ( 7 , account_name , 3 , account_name , test_account_name , 0 ) ;
2007-12-03 17:53:17 +03:00
test_account_name = talloc_asprintf ( tctx , " %sxx7-5 " , base_account_name ) ;
2014-05-13 01:33:53 +04:00
TEST_USERINFO_STRING ( 7 , account_name , 5 , account_name , test_account_name , 0 ) ;
2007-12-03 17:53:17 +03:00
test_account_name = talloc_asprintf ( tctx , " %sxx7-6 " , base_account_name ) ;
2014-05-13 01:33:53 +04:00
TEST_USERINFO_STRING ( 7 , account_name , 6 , account_name , test_account_name , 0 ) ;
2007-12-03 17:53:17 +03:00
test_account_name = talloc_asprintf ( tctx , " %sxx7-7 " , base_account_name ) ;
2014-05-13 01:33:53 +04:00
TEST_USERINFO_STRING ( 7 , account_name , 7 , account_name , test_account_name , 0 ) ;
2007-12-03 17:53:17 +03:00
test_account_name = talloc_asprintf ( tctx , " %sxx7-21 " , base_account_name ) ;
2014-05-13 01:33:53 +04:00
TEST_USERINFO_STRING ( 7 , account_name , 21 , account_name , test_account_name , 0 ) ;
2005-03-13 09:43:34 +03:00
test_account_name = base_account_name ;
2014-05-13 01:33:53 +04:00
TEST_USERINFO_STRING ( 21 , account_name , 21 , account_name , test_account_name ,
2005-03-13 09:43:34 +03:00
SAMR_FIELD_ACCOUNT_NAME ) ;
2004-11-13 16:45:41 +03:00
TEST_USERINFO_STRING ( 6 , full_name , 1 , full_name , " xx6-1 full_name " , 0 ) ;
TEST_USERINFO_STRING ( 6 , full_name , 3 , full_name , " xx6-3 full_name " , 0 ) ;
TEST_USERINFO_STRING ( 6 , full_name , 5 , full_name , " xx6-5 full_name " , 0 ) ;
TEST_USERINFO_STRING ( 6 , full_name , 6 , full_name , " xx6-6 full_name " , 0 ) ;
TEST_USERINFO_STRING ( 6 , full_name , 8 , full_name , " xx6-8 full_name " , 0 ) ;
TEST_USERINFO_STRING ( 6 , full_name , 21 , full_name , " xx6-21 full_name " , 0 ) ;
TEST_USERINFO_STRING ( 8 , full_name , 21 , full_name , " xx8-21 full_name " , 0 ) ;
2009-05-12 00:44:58 +04:00
TEST_USERINFO_STRING ( 21 , full_name , 21 , full_name , " xx21-21 full_name " ,
2005-03-13 09:43:34 +03:00
SAMR_FIELD_FULL_NAME ) ;
2004-01-19 11:59:14 +03:00
2007-07-27 06:07:17 +04:00
TEST_USERINFO_STRING ( 6 , full_name , 1 , full_name , " " , 0 ) ;
TEST_USERINFO_STRING ( 6 , full_name , 3 , full_name , " " , 0 ) ;
TEST_USERINFO_STRING ( 6 , full_name , 5 , full_name , " " , 0 ) ;
TEST_USERINFO_STRING ( 6 , full_name , 6 , full_name , " " , 0 ) ;
TEST_USERINFO_STRING ( 6 , full_name , 8 , full_name , " " , 0 ) ;
TEST_USERINFO_STRING ( 6 , full_name , 21 , full_name , " " , 0 ) ;
TEST_USERINFO_STRING ( 8 , full_name , 21 , full_name , " " , 0 ) ;
2009-05-12 00:44:58 +04:00
TEST_USERINFO_STRING ( 21 , full_name , 21 , full_name , " " ,
2007-07-27 06:07:17 +04:00
SAMR_FIELD_FULL_NAME ) ;
2004-11-13 16:45:41 +03:00
TEST_USERINFO_STRING ( 11 , logon_script , 3 , logon_script , " xx11-3 logon_script " , 0 ) ;
TEST_USERINFO_STRING ( 11 , logon_script , 5 , logon_script , " xx11-5 logon_script " , 0 ) ;
TEST_USERINFO_STRING ( 11 , logon_script , 21 , logon_script , " xx11-21 logon_script " , 0 ) ;
2009-05-12 00:44:58 +04:00
TEST_USERINFO_STRING ( 21 , logon_script , 21 , logon_script , " xx21-21 logon_script " ,
2004-04-30 07:57:48 +04:00
SAMR_FIELD_LOGON_SCRIPT ) ;
2004-01-19 11:59:14 +03:00
2004-11-13 16:45:41 +03:00
TEST_USERINFO_STRING ( 12 , profile_path , 3 , profile_path , " xx12-3 profile_path " , 0 ) ;
TEST_USERINFO_STRING ( 12 , profile_path , 5 , profile_path , " xx12-5 profile_path " , 0 ) ;
TEST_USERINFO_STRING ( 12 , profile_path , 21 , profile_path , " xx12-21 profile_path " , 0 ) ;
2009-05-12 00:44:58 +04:00
TEST_USERINFO_STRING ( 21 , profile_path , 21 , profile_path , " xx21-21 profile_path " ,
2004-06-05 07:22:10 +04:00
SAMR_FIELD_PROFILE_PATH ) ;
2004-01-19 11:59:14 +03:00
2006-10-18 00:32:01 +04:00
TEST_USERINFO_STRING ( 10 , home_directory , 3 , home_directory , " xx10-3 home_directory " , 0 ) ;
TEST_USERINFO_STRING ( 10 , home_directory , 5 , home_directory , " xx10-5 home_directory " , 0 ) ;
TEST_USERINFO_STRING ( 10 , home_directory , 21 , home_directory , " xx10-21 home_directory " , 0 ) ;
TEST_USERINFO_STRING ( 21 , home_directory , 21 , home_directory , " xx21-21 home_directory " ,
SAMR_FIELD_HOME_DIRECTORY ) ;
TEST_USERINFO_STRING ( 21 , home_directory , 10 , home_directory , " xx21-10 home_directory " ,
SAMR_FIELD_HOME_DIRECTORY ) ;
2006-10-18 00:56:46 +04:00
TEST_USERINFO_STRING ( 10 , home_drive , 3 , home_drive , " xx10-3 home_drive " , 0 ) ;
TEST_USERINFO_STRING ( 10 , home_drive , 5 , home_drive , " xx10-5 home_drive " , 0 ) ;
TEST_USERINFO_STRING ( 10 , home_drive , 21 , home_drive , " xx10-21 home_drive " , 0 ) ;
TEST_USERINFO_STRING ( 21 , home_drive , 21 , home_drive , " xx21-21 home_drive " ,
SAMR_FIELD_HOME_DRIVE ) ;
TEST_USERINFO_STRING ( 21 , home_drive , 10 , home_drive , " xx21-10 home_drive " ,
SAMR_FIELD_HOME_DRIVE ) ;
2009-05-12 00:44:58 +04:00
2004-11-13 16:45:41 +03:00
TEST_USERINFO_STRING ( 13 , description , 1 , description , " xx13-1 description " , 0 ) ;
TEST_USERINFO_STRING ( 13 , description , 5 , description , " xx13-5 description " , 0 ) ;
TEST_USERINFO_STRING ( 13 , description , 21 , description , " xx13-21 description " , 0 ) ;
2009-05-12 00:44:58 +04:00
TEST_USERINFO_STRING ( 21 , description , 21 , description , " xx21-21 description " ,
2004-04-30 07:57:48 +04:00
SAMR_FIELD_DESCRIPTION ) ;
2004-01-19 11:59:14 +03:00
2004-11-13 16:45:41 +03:00
TEST_USERINFO_STRING ( 14 , workstations , 3 , workstations , " 14workstation3 " , 0 ) ;
TEST_USERINFO_STRING ( 14 , workstations , 5 , workstations , " 14workstation4 " , 0 ) ;
TEST_USERINFO_STRING ( 14 , workstations , 21 , workstations , " 14workstation21 " , 0 ) ;
2009-05-12 00:44:58 +04:00
TEST_USERINFO_STRING ( 21 , workstations , 21 , workstations , " 21workstation21 " ,
2005-03-18 07:25:10 +03:00
SAMR_FIELD_WORKSTATIONS ) ;
2009-05-12 00:44:58 +04:00
TEST_USERINFO_STRING ( 21 , workstations , 3 , workstations , " 21workstation3 " ,
2007-09-06 06:56:56 +04:00
SAMR_FIELD_WORKSTATIONS ) ;
2009-05-12 00:44:58 +04:00
TEST_USERINFO_STRING ( 21 , workstations , 5 , workstations , " 21workstation5 " ,
2007-09-06 06:56:56 +04:00
SAMR_FIELD_WORKSTATIONS ) ;
2009-05-12 00:44:58 +04:00
TEST_USERINFO_STRING ( 21 , workstations , 14 , workstations , " 21workstation14 " ,
2007-09-06 06:56:56 +04:00
SAMR_FIELD_WORKSTATIONS ) ;
2004-01-19 11:59:14 +03:00
2008-11-10 16:02:34 +03:00
TEST_USERINFO_BINARYSTRING ( 20 , parameters , 21 , parameters , " xx20-21 parameters " , 0 ) ;
TEST_USERINFO_BINARYSTRING ( 21 , parameters , 21 , parameters , " xx21-21 parameters " ,
2004-11-13 16:45:41 +03:00
SAMR_FIELD_PARAMETERS ) ;
2008-11-10 16:02:34 +03:00
TEST_USERINFO_BINARYSTRING ( 21 , parameters , 20 , parameters , " xx21-20 parameters " ,
2007-09-06 06:56:56 +04:00
SAMR_FIELD_PARAMETERS ) ;
2008-12-10 01:32:04 +03:00
/* also empty user parameters are allowed */
TEST_USERINFO_BINARYSTRING ( 20 , parameters , 21 , parameters , " " , 0 ) ;
TEST_USERINFO_BINARYSTRING ( 21 , parameters , 21 , parameters , " " ,
SAMR_FIELD_PARAMETERS ) ;
TEST_USERINFO_BINARYSTRING ( 21 , parameters , 20 , parameters , " " ,
SAMR_FIELD_PARAMETERS ) ;
2004-01-19 11:59:14 +03:00
2011-02-15 21:02:29 +03:00
/* Samba 3 cannot store country_code and code_page atm. - gd */
2009-05-07 23:47:47 +04:00
if ( ! torture_setting_bool ( tctx , " samba3 " , false ) ) {
TEST_USERINFO_INT ( 2 , country_code , 2 , country_code , __LINE__ , 0 ) ;
TEST_USERINFO_INT ( 2 , country_code , 21 , country_code , __LINE__ , 0 ) ;
TEST_USERINFO_INT ( 21 , country_code , 21 , country_code , __LINE__ ,
SAMR_FIELD_COUNTRY_CODE ) ;
TEST_USERINFO_INT ( 21 , country_code , 2 , country_code , __LINE__ ,
SAMR_FIELD_COUNTRY_CODE ) ;
2004-04-30 07:57:48 +04:00
2009-05-07 23:47:47 +04:00
TEST_USERINFO_INT ( 2 , code_page , 21 , code_page , __LINE__ , 0 ) ;
TEST_USERINFO_INT ( 21 , code_page , 21 , code_page , __LINE__ ,
SAMR_FIELD_CODE_PAGE ) ;
TEST_USERINFO_INT ( 21 , code_page , 2 , code_page , __LINE__ ,
SAMR_FIELD_CODE_PAGE ) ;
}
2004-01-19 11:59:14 +03:00
2009-05-09 00:01:55 +04:00
if ( ! torture_setting_bool ( tctx , " samba3 " , false ) ) {
TEST_USERINFO_INT ( 17 , acct_expiry , 21 , acct_expiry , __LINE__ , 0 ) ;
TEST_USERINFO_INT ( 17 , acct_expiry , 5 , acct_expiry , __LINE__ , 0 ) ;
TEST_USERINFO_INT ( 21 , acct_expiry , 21 , acct_expiry , __LINE__ ,
SAMR_FIELD_ACCT_EXPIRY ) ;
TEST_USERINFO_INT ( 21 , acct_expiry , 5 , acct_expiry , __LINE__ ,
SAMR_FIELD_ACCT_EXPIRY ) ;
TEST_USERINFO_INT ( 21 , acct_expiry , 17 , acct_expiry , __LINE__ ,
SAMR_FIELD_ACCT_EXPIRY ) ;
} else {
/* Samba 3 can only store seconds / time_t in passdb - gd */
NTTIME nt ;
unix_to_nt_time ( & nt , time ( NULL ) + __LINE__ ) ;
TEST_USERINFO_INT ( 17 , acct_expiry , 21 , acct_expiry , nt , 0 ) ;
unix_to_nt_time ( & nt , time ( NULL ) + __LINE__ ) ;
TEST_USERINFO_INT ( 17 , acct_expiry , 5 , acct_expiry , nt , 0 ) ;
unix_to_nt_time ( & nt , time ( NULL ) + __LINE__ ) ;
TEST_USERINFO_INT ( 21 , acct_expiry , 21 , acct_expiry , nt , SAMR_FIELD_ACCT_EXPIRY ) ;
unix_to_nt_time ( & nt , time ( NULL ) + __LINE__ ) ;
TEST_USERINFO_INT ( 21 , acct_expiry , 5 , acct_expiry , nt , SAMR_FIELD_ACCT_EXPIRY ) ;
unix_to_nt_time ( & nt , time ( NULL ) + __LINE__ ) ;
TEST_USERINFO_INT ( 21 , acct_expiry , 17 , acct_expiry , nt , SAMR_FIELD_ACCT_EXPIRY ) ;
}
2007-09-04 06:22:04 +04:00
2005-01-05 18:24:20 +03:00
TEST_USERINFO_INT ( 4 , logon_hours . bits [ 3 ] , 3 , logon_hours . bits [ 3 ] , 1 , 0 ) ;
TEST_USERINFO_INT ( 4 , logon_hours . bits [ 3 ] , 5 , logon_hours . bits [ 3 ] , 2 , 0 ) ;
TEST_USERINFO_INT ( 4 , logon_hours . bits [ 3 ] , 21 , logon_hours . bits [ 3 ] , 3 , 0 ) ;
2009-05-12 00:44:58 +04:00
TEST_USERINFO_INT ( 21 , logon_hours . bits [ 3 ] , 21 , logon_hours . bits [ 3 ] , 4 ,
2004-04-30 07:57:48 +04:00
SAMR_FIELD_LOGON_HOURS ) ;
2003-11-20 13:53:08 +03:00
2009-05-12 00:44:58 +04:00
TEST_USERINFO_INT_EXP ( 16 , acct_flags , 5 , acct_flags ,
( base_acct_flags | ACB_DISABLED | ACB_HOMDIRREQ ) ,
( base_acct_flags | ACB_DISABLED | ACB_HOMDIRREQ | user_extra_flags ) ,
2006-03-23 01:27:06 +03:00
0 ) ;
2009-05-12 00:44:58 +04:00
TEST_USERINFO_INT_EXP ( 16 , acct_flags , 5 , acct_flags ,
( base_acct_flags | ACB_DISABLED ) ,
( base_acct_flags | ACB_DISABLED | user_extra_flags ) ,
2006-03-23 01:27:06 +03:00
0 ) ;
2009-05-12 00:44:58 +04:00
2006-03-07 06:24:29 +03:00
/* Setting PWNOEXP clears the magic ACB_PW_EXPIRED flag */
2009-05-12 00:44:58 +04:00
TEST_USERINFO_INT_EXP ( 16 , acct_flags , 5 , acct_flags ,
( base_acct_flags | ACB_DISABLED | ACB_PWNOEXP ) ,
( base_acct_flags | ACB_DISABLED | ACB_PWNOEXP ) ,
2006-03-23 01:27:06 +03:00
0 ) ;
2009-05-12 00:44:58 +04:00
TEST_USERINFO_INT_EXP ( 16 , acct_flags , 21 , acct_flags ,
( base_acct_flags | ACB_DISABLED | ACB_HOMDIRREQ ) ,
( base_acct_flags | ACB_DISABLED | ACB_HOMDIRREQ | user_extra_flags ) ,
2006-03-23 01:27:06 +03:00
0 ) ;
2004-10-20 06:08:36 +04:00
2006-07-03 07:39:02 +04:00
2004-10-20 06:08:36 +04:00
/* The 'autolock' flag doesn't stick - check this */
2009-05-12 00:44:58 +04:00
TEST_USERINFO_INT_EXP ( 16 , acct_flags , 21 , acct_flags ,
( base_acct_flags | ACB_DISABLED | ACB_AUTOLOCK ) ,
( base_acct_flags | ACB_DISABLED | user_extra_flags ) ,
2006-03-23 01:27:06 +03:00
0 ) ;
2006-07-03 07:39:02 +04:00
#if 0
/* Removing the 'disabled' flag doesn't stick - check this */
2009-05-12 00:44:58 +04:00
TEST_USERINFO_INT_EXP ( 16 , acct_flags , 21 , acct_flags ,
( base_acct_flags ) ,
( base_acct_flags | ACB_DISABLED | user_extra_flags ) ,
2006-07-03 07:39:02 +04:00
0 ) ;
# endif
2009-05-09 00:20:38 +04:00
/* Samba3 cannot store these atm */
if ( ! torture_setting_bool ( tctx , " samba3 " , false ) ) {
2013-10-30 05:16:27 +04:00
/* The 'store plaintext' flag does stick */
TEST_USERINFO_INT_EXP ( 16 , acct_flags , 21 , acct_flags ,
( base_acct_flags | ACB_DISABLED | ACB_ENC_TXT_PWD_ALLOWED ) ,
( base_acct_flags | ACB_DISABLED | ACB_ENC_TXT_PWD_ALLOWED | user_extra_flags ) ,
0 ) ;
/* The 'use DES' flag does stick */
TEST_USERINFO_INT_EXP ( 16 , acct_flags , 21 , acct_flags ,
( base_acct_flags | ACB_DISABLED | ACB_USE_DES_KEY_ONLY ) ,
( base_acct_flags | ACB_DISABLED | ACB_USE_DES_KEY_ONLY | user_extra_flags ) ,
0 ) ;
/* The 'don't require kerberos pre-authentication flag does stick */
TEST_USERINFO_INT_EXP ( 16 , acct_flags , 21 , acct_flags ,
( base_acct_flags | ACB_DISABLED | ACB_DONT_REQUIRE_PREAUTH ) ,
( base_acct_flags | ACB_DISABLED | ACB_DONT_REQUIRE_PREAUTH | user_extra_flags ) ,
0 ) ;
/* The 'no kerberos PAC required' flag sticks */
TEST_USERINFO_INT_EXP ( 16 , acct_flags , 21 , acct_flags ,
( base_acct_flags | ACB_DISABLED | ACB_NO_AUTH_DATA_REQD ) ,
( base_acct_flags | ACB_DISABLED | ACB_NO_AUTH_DATA_REQD | user_extra_flags ) ,
0 ) ;
2009-05-09 00:20:38 +04:00
}
2009-05-12 00:44:58 +04:00
TEST_USERINFO_INT_EXP ( 21 , acct_flags , 21 , acct_flags ,
( base_acct_flags | ACB_DISABLED ) ,
( base_acct_flags | ACB_DISABLED | user_extra_flags ) ,
2006-03-23 01:27:06 +03:00
SAMR_FIELD_ACCT_FLAGS ) ;
2004-10-20 06:08:36 +04:00
2003-12-19 06:59:27 +03:00
#if 0
/* these fail with win2003 - it appears you can't set the primary gid?
the set succeeds , but the gid isn ' t changed . Very weird ! */
2003-11-20 13:53:08 +03:00
TEST_USERINFO_INT ( 9 , primary_gid , 1 , primary_gid , 513 ) ;
TEST_USERINFO_INT ( 9 , primary_gid , 3 , primary_gid , 513 ) ;
TEST_USERINFO_INT ( 9 , primary_gid , 5 , primary_gid , 513 ) ;
TEST_USERINFO_INT ( 9 , primary_gid , 21 , primary_gid , 513 ) ;
2003-12-19 06:59:27 +03:00
# endif
2005-03-18 07:25:10 +03:00
2003-12-19 06:59:27 +03:00
return ret ;
}
2004-04-22 10:19:48 +04:00
/*
generate a random password for password change tests
*/
2008-11-28 03:56:09 +03:00
static char * samr_rand_pass_silent ( TALLOC_CTX * mem_ctx , int min_len )
2004-04-22 10:19:48 +04:00
{
2010-02-24 17:12:17 +03:00
size_t len = MAX ( 8 , min_len ) ;
char * s = generate_random_password ( mem_ctx , len , len + 6 ) ;
2008-11-28 03:56:09 +03:00
return s ;
}
static char * samr_rand_pass ( TALLOC_CTX * mem_ctx , int min_len )
{
char * s = samr_rand_pass_silent ( mem_ctx , min_len ) ;
2004-04-22 10:19:48 +04:00
printf ( " Generated password '%s' \n " , s ) ;
2004-05-15 11:51:38 +04:00
return s ;
2008-11-28 03:56:09 +03:00
2004-04-22 10:19:48 +04:00
}
2008-10-17 06:00:24 +04:00
/*
generate a random password for password change tests
*/
static DATA_BLOB samr_very_rand_pass ( TALLOC_CTX * mem_ctx , int len )
{
int i ;
DATA_BLOB password = data_blob_talloc ( mem_ctx , NULL , len * 2 /* number of unicode chars */ ) ;
generate_random_buffer ( password . data , password . length ) ;
for ( i = 0 ; i < len ; i + + ) {
if ( ( ( uint16_t * ) password . data ) [ i ] = = 0 ) {
( ( uint16_t * ) password . data ) [ i ] = 1 ;
}
}
return password ;
}
2006-09-21 03:32:56 +04:00
/*
generate a random password for password change tests ( fixed length )
*/
static char * samr_rand_pass_fixed_len ( TALLOC_CTX * mem_ctx , int len )
{
2010-02-24 17:12:17 +03:00
char * s = generate_random_password ( mem_ctx , len , len ) ;
2006-09-21 03:32:56 +04:00
printf ( " Generated password '%s' \n " , s ) ;
return s ;
}
2008-10-31 17:24:24 +03:00
static bool test_SetUserPass ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2004-04-22 10:19:48 +04:00
struct policy_handle * handle , char * * password )
2004-04-21 09:01:31 +04:00
{
NTSTATUS status ;
struct samr_SetUserInfo s ;
union samr_UserInfo u ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2004-05-09 17:37:17 +04:00
DATA_BLOB session_key ;
2004-10-20 06:08:36 +04:00
char * newpass ;
2010-03-12 19:51:06 +03:00
struct dcerpc_binding_handle * b = p - > binding_handle ;
2004-10-20 06:08:36 +04:00
struct samr_GetUserPwInfo pwp ;
2008-11-05 03:28:49 +03:00
struct samr_PwInfo info ;
2004-10-20 06:08:36 +04:00
int policy_min_pw_len = 0 ;
pwp . in . user_handle = handle ;
2008-11-05 03:28:49 +03:00
pwp . out . info = & info ;
2004-10-20 06:08:36 +04:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_GetUserPwInfo_r ( b , tctx , & pwp ) ,
" GetUserPwInfo failed " ) ;
if ( NT_STATUS_IS_OK ( pwp . out . result ) ) {
2008-11-05 03:28:49 +03:00
policy_min_pw_len = pwp . out . info - > min_password_length ;
2004-10-20 06:08:36 +04:00
}
2008-10-31 17:24:24 +03:00
newpass = samr_rand_pass ( tctx , policy_min_pw_len ) ;
2004-04-21 09:01:31 +04:00
2004-09-21 07:51:38 +04:00
s . in . user_handle = handle ;
2004-04-21 09:01:31 +04:00
s . in . info = & u ;
s . in . level = 24 ;
2004-04-22 10:19:48 +04:00
encode_pw_buffer ( u . info24 . password . data , newpass , STR_UNICODE ) ;
2008-11-27 19:45:01 +03:00
u . info24 . password_expired = 0 ;
2004-04-21 09:01:31 +04:00
2004-05-09 17:37:17 +04:00
status = dcerpc_fetch_session_key ( p , & session_key ) ;
2004-04-21 09:01:31 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " SetUserInfo level %u - no session key - %s \n " ,
2004-04-21 09:01:31 +04:00
s . in . level , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2004-04-21 09:01:31 +04:00
}
2004-06-04 03:15:16 +04:00
arcfour_crypt_blob ( u . info24 . password . data , 516 , & session_key ) ;
2004-04-21 09:01:31 +04:00
2008-10-31 17:24:24 +03:00
torture_comment ( tctx , " Testing SetUserInfo level 24 (set password) \n " ) ;
2004-04-21 09:01:31 +04:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_SetUserInfo_r ( b , tctx , & s ) ,
" SetUserInfo failed " ) ;
2012-12-11 14:42:11 +04:00
torture_comment ( tctx , " (%s:%s) new_password[%s] status[%s] \n " ,
__location__ , __FUNCTION__ ,
newpass , nt_errstr ( s . out . result ) ) ;
2010-03-19 02:38:04 +03:00
if ( ! NT_STATUS_IS_OK ( s . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " SetUserInfo level %u failed - %s \n " ,
2010-03-19 02:38:04 +03:00
s . in . level , nt_errstr ( s . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2004-04-22 10:19:48 +04:00
} else {
* password = newpass ;
2004-04-21 09:01:31 +04:00
}
return ret ;
}
2004-04-28 17:15:49 +04:00
2008-10-31 17:24:24 +03:00
static bool test_SetUserPass_23 ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2005-02-10 08:09:35 +03:00
struct policy_handle * handle , uint32_t fields_present ,
2004-10-20 06:08:36 +04:00
char * * password )
2004-04-30 07:57:48 +04:00
{
NTSTATUS status ;
struct samr_SetUserInfo s ;
union samr_UserInfo u ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2004-05-09 17:37:17 +04:00
DATA_BLOB session_key ;
2010-03-12 19:51:06 +03:00
struct dcerpc_binding_handle * b = p - > binding_handle ;
2004-10-20 06:08:36 +04:00
char * newpass ;
struct samr_GetUserPwInfo pwp ;
2008-11-05 03:28:49 +03:00
struct samr_PwInfo info ;
2004-10-20 06:08:36 +04:00
int policy_min_pw_len = 0 ;
pwp . in . user_handle = handle ;
2008-11-05 03:28:49 +03:00
pwp . out . info = & info ;
2004-10-20 06:08:36 +04:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_GetUserPwInfo_r ( b , tctx , & pwp ) ,
" GetUserPwInfo failed " ) ;
if ( NT_STATUS_IS_OK ( pwp . out . result ) ) {
2008-11-05 03:28:49 +03:00
policy_min_pw_len = pwp . out . info - > min_password_length ;
2004-10-20 06:08:36 +04:00
}
2008-10-31 17:24:24 +03:00
newpass = samr_rand_pass ( tctx , policy_min_pw_len ) ;
2004-04-30 07:57:48 +04:00
2004-09-21 07:51:38 +04:00
s . in . user_handle = handle ;
2004-04-30 07:57:48 +04:00
s . in . info = & u ;
s . in . level = 23 ;
ZERO_STRUCT ( u ) ;
2004-10-20 06:08:36 +04:00
u . info23 . info . fields_present = fields_present ;
2004-04-30 07:57:48 +04:00
encode_pw_buffer ( u . info23 . password . data , newpass , STR_UNICODE ) ;
2004-05-09 17:37:17 +04:00
status = dcerpc_fetch_session_key ( p , & session_key ) ;
2004-04-30 07:57:48 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " SetUserInfo level %u - no session key - %s \n " ,
2004-04-30 07:57:48 +04:00
s . in . level , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2004-04-30 07:57:48 +04:00
}
2004-06-04 03:15:16 +04:00
arcfour_crypt_blob ( u . info23 . password . data , 516 , & session_key ) ;
2004-04-30 07:57:48 +04:00
2008-10-31 17:24:24 +03:00
torture_comment ( tctx , " Testing SetUserInfo level 23 (set password) \n " ) ;
2004-04-30 07:57:48 +04:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_SetUserInfo_r ( b , tctx , & s ) ,
" SetUserInfo failed " ) ;
2012-12-11 14:42:11 +04:00
torture_comment ( tctx , " (%s:%s) new_password[%s] status[%s] \n " ,
__location__ , __FUNCTION__ ,
newpass , nt_errstr ( s . out . result ) ) ;
2010-03-19 02:38:04 +03:00
if ( ! NT_STATUS_IS_OK ( s . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " SetUserInfo level %u failed - %s \n " ,
2010-03-19 02:38:04 +03:00
s . in . level , nt_errstr ( s . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2004-04-30 07:57:48 +04:00
} else {
* password = newpass ;
}
2007-03-05 12:54:37 +03:00
encode_pw_buffer ( u . info23 . password . data , newpass , STR_UNICODE ) ;
status = dcerpc_fetch_session_key ( p , & session_key ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " SetUserInfo level %u - no session key - %s \n " ,
2007-03-05 12:54:37 +03:00
s . in . level , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2007-03-05 12:54:37 +03:00
}
/* This should break the key nicely */
session_key . length - - ;
arcfour_crypt_blob ( u . info23 . password . data , 516 , & session_key ) ;
2008-10-31 17:24:24 +03:00
torture_comment ( tctx , " Testing SetUserInfo level 23 (set password) with wrong password \n " ) ;
2007-03-05 12:54:37 +03:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_SetUserInfo_r ( b , tctx , & s ) ,
" SetUserInfo failed " ) ;
2012-12-11 14:42:11 +04:00
torture_comment ( tctx , " (%s:%s) new_password[%s] status[%s] \n " ,
__location__ , __FUNCTION__ ,
newpass , nt_errstr ( s . out . result ) ) ;
2010-03-19 02:38:04 +03:00
if ( ! NT_STATUS_EQUAL ( s . out . result , NT_STATUS_WRONG_PASSWORD ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " SetUserInfo level %u should have failed with WRONG_PASSWORD- %s \n " ,
2010-03-19 02:38:04 +03:00
s . in . level , nt_errstr ( s . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2007-03-05 12:54:37 +03:00
}
2004-04-30 07:57:48 +04:00
return ret ;
}
2008-10-31 17:24:24 +03:00
static bool test_SetUserPassEx ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2009-05-12 00:44:58 +04:00
struct policy_handle * handle , bool makeshort ,
2007-08-22 08:28:15 +04:00
char * * password )
2004-04-28 17:15:49 +04:00
{
NTSTATUS status ;
struct samr_SetUserInfo s ;
union samr_UserInfo u ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2004-05-09 17:37:17 +04:00
DATA_BLOB session_key ;
2008-10-31 17:24:24 +03:00
DATA_BLOB confounded_session_key = data_blob_talloc ( tctx , NULL , 16 ) ;
2004-05-25 21:50:17 +04:00
uint8_t confounder [ 16 ] ;
2004-10-20 06:08:36 +04:00
char * newpass ;
2010-03-12 19:51:06 +03:00
struct dcerpc_binding_handle * b = p - > binding_handle ;
2013-06-08 09:48:40 +04:00
MD5_CTX ctx ;
2004-10-20 06:08:36 +04:00
struct samr_GetUserPwInfo pwp ;
2008-11-05 03:28:49 +03:00
struct samr_PwInfo info ;
2004-10-20 06:08:36 +04:00
int policy_min_pw_len = 0 ;
pwp . in . user_handle = handle ;
2008-11-05 03:28:49 +03:00
pwp . out . info = & info ;
2004-10-20 06:08:36 +04:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_GetUserPwInfo_r ( b , tctx , & pwp ) ,
" GetUserPwInfo failed " ) ;
if ( NT_STATUS_IS_OK ( pwp . out . result ) ) {
2008-11-05 03:28:49 +03:00
policy_min_pw_len = pwp . out . info - > min_password_length ;
2004-10-20 06:08:36 +04:00
}
2007-08-22 08:28:15 +04:00
if ( makeshort & & policy_min_pw_len ) {
2008-10-31 17:24:24 +03:00
newpass = samr_rand_pass_fixed_len ( tctx , policy_min_pw_len - 1 ) ;
2007-08-22 08:28:15 +04:00
} else {
2008-10-31 17:24:24 +03:00
newpass = samr_rand_pass ( tctx , policy_min_pw_len ) ;
2007-08-22 08:28:15 +04:00
}
2004-04-28 17:15:49 +04:00
2004-09-21 07:51:38 +04:00
s . in . user_handle = handle ;
2004-04-28 17:15:49 +04:00
s . in . info = & u ;
s . in . level = 26 ;
encode_pw_buffer ( u . info26 . password . data , newpass , STR_UNICODE ) ;
2008-11-27 19:45:01 +03:00
u . info26 . password_expired = 0 ;
2004-04-28 17:15:49 +04:00
2004-05-09 17:37:17 +04:00
status = dcerpc_fetch_session_key ( p , & session_key ) ;
2004-04-28 17:15:49 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " SetUserInfo level %u - no session key - %s \n " ,
2004-04-28 17:15:49 +04:00
s . in . level , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2004-04-28 17:15:49 +04:00
}
2004-07-14 16:14:07 +04:00
generate_random_buffer ( ( uint8_t * ) confounder , 16 ) ;
2004-04-28 17:15:49 +04:00
MD5Init ( & ctx ) ;
MD5Update ( & ctx , confounder , 16 ) ;
2004-05-09 17:37:17 +04:00
MD5Update ( & ctx , session_key . data , session_key . length ) ;
MD5Final ( confounded_session_key . data , & ctx ) ;
2004-04-28 17:15:49 +04:00
2004-06-04 03:15:16 +04:00
arcfour_crypt_blob ( u . info26 . password . data , 516 , & confounded_session_key ) ;
2004-04-28 17:15:49 +04:00
memcpy ( & u . info26 . password . data [ 516 ] , confounder , 16 ) ;
2008-10-31 18:09:29 +03:00
torture_comment ( tctx , " Testing SetUserInfo level 26 (set password ex) \n " ) ;
2004-04-28 17:15:49 +04:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_SetUserInfo_r ( b , tctx , & s ) ,
" SetUserInfo failed " ) ;
2012-12-11 14:42:11 +04:00
torture_comment ( tctx , " (%s:%s) new_password[%s] status[%s] \n " ,
__location__ , __FUNCTION__ ,
newpass , nt_errstr ( s . out . result ) ) ;
2010-03-19 02:38:04 +03:00
if ( ! NT_STATUS_IS_OK ( s . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " SetUserInfo level %u failed - %s \n " ,
2010-03-19 02:38:04 +03:00
s . in . level , nt_errstr ( s . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2004-04-28 17:15:49 +04:00
} else {
* password = newpass ;
}
2007-03-05 12:54:37 +03:00
/* This should break the key nicely */
confounded_session_key . data [ 0 ] + + ;
arcfour_crypt_blob ( u . info26 . password . data , 516 , & confounded_session_key ) ;
memcpy ( & u . info26 . password . data [ 516 ] , confounder , 16 ) ;
2008-10-31 17:24:24 +03:00
torture_comment ( tctx , " Testing SetUserInfo level 26 (set password ex) with wrong session key \n " ) ;
2007-03-05 12:54:37 +03:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_SetUserInfo_r ( b , tctx , & s ) ,
" SetUserInfo failed " ) ;
2012-12-11 14:42:11 +04:00
torture_comment ( tctx , " (%s:%s) new_password[%s] status[%s] \n " ,
__location__ , __FUNCTION__ ,
newpass , nt_errstr ( s . out . result ) ) ;
2010-03-19 02:38:04 +03:00
if ( ! NT_STATUS_EQUAL ( s . out . result , NT_STATUS_WRONG_PASSWORD ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " SetUserInfo level %u should have failed with WRONG_PASSWORD: %s \n " ,
2010-03-19 02:38:04 +03:00
s . in . level , nt_errstr ( s . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2007-03-05 12:54:37 +03:00
} else {
* password = newpass ;
}
2004-04-28 17:15:49 +04:00
return ret ;
}
2008-10-31 18:09:29 +03:00
static bool test_SetUserPass_25 ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2005-02-10 08:09:35 +03:00
struct policy_handle * handle , uint32_t fields_present ,
2004-10-20 06:08:36 +04:00
char * * password )
2004-04-30 07:57:48 +04:00
{
NTSTATUS status ;
struct samr_SetUserInfo s ;
union samr_UserInfo u ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2004-05-09 17:37:17 +04:00
DATA_BLOB session_key ;
2008-10-31 18:09:29 +03:00
DATA_BLOB confounded_session_key = data_blob_talloc ( tctx , NULL , 16 ) ;
2013-06-08 09:48:40 +04:00
MD5_CTX ctx ;
2004-10-20 06:08:36 +04:00
uint8_t confounder [ 16 ] ;
char * newpass ;
2010-03-12 19:51:06 +03:00
struct dcerpc_binding_handle * b = p - > binding_handle ;
2004-10-20 06:08:36 +04:00
struct samr_GetUserPwInfo pwp ;
2008-11-05 03:28:49 +03:00
struct samr_PwInfo info ;
2004-10-20 06:08:36 +04:00
int policy_min_pw_len = 0 ;
pwp . in . user_handle = handle ;
2008-11-05 03:28:49 +03:00
pwp . out . info = & info ;
2004-10-20 06:08:36 +04:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_GetUserPwInfo_r ( b , tctx , & pwp ) ,
" GetUserPwInfo failed " ) ;
if ( NT_STATUS_IS_OK ( pwp . out . result ) ) {
2008-11-05 03:28:49 +03:00
policy_min_pw_len = pwp . out . info - > min_password_length ;
2004-10-20 06:08:36 +04:00
}
2008-10-31 18:09:29 +03:00
newpass = samr_rand_pass ( tctx , policy_min_pw_len ) ;
2004-04-30 07:57:48 +04:00
2004-09-21 07:51:38 +04:00
s . in . user_handle = handle ;
2004-04-30 07:57:48 +04:00
s . in . info = & u ;
s . in . level = 25 ;
ZERO_STRUCT ( u ) ;
2004-10-20 06:08:36 +04:00
u . info25 . info . fields_present = fields_present ;
2004-04-30 07:57:48 +04:00
encode_pw_buffer ( u . info25 . password . data , newpass , STR_UNICODE ) ;
2004-05-09 17:37:17 +04:00
status = dcerpc_fetch_session_key ( p , & session_key ) ;
2004-04-30 07:57:48 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " SetUserInfo level %u - no session key - %s \n " ,
2004-04-30 07:57:48 +04:00
s . in . level , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2004-04-30 07:57:48 +04:00
}
2004-07-14 16:14:07 +04:00
generate_random_buffer ( ( uint8_t * ) confounder , 16 ) ;
2004-04-30 07:57:48 +04:00
MD5Init ( & ctx ) ;
MD5Update ( & ctx , confounder , 16 ) ;
2004-05-09 17:37:17 +04:00
MD5Update ( & ctx , session_key . data , session_key . length ) ;
MD5Final ( confounded_session_key . data , & ctx ) ;
2004-04-30 07:57:48 +04:00
2004-06-04 03:15:16 +04:00
arcfour_crypt_blob ( u . info25 . password . data , 516 , & confounded_session_key ) ;
2004-04-30 07:57:48 +04:00
memcpy ( & u . info25 . password . data [ 516 ] , confounder , 16 ) ;
2008-10-31 18:09:29 +03:00
torture_comment ( tctx , " Testing SetUserInfo level 25 (set password ex) \n " ) ;
2004-04-30 07:57:48 +04:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_SetUserInfo_r ( b , tctx , & s ) ,
" SetUserInfo failed " ) ;
2012-12-11 14:42:11 +04:00
torture_comment ( tctx , " (%s:%s) new_password[%s] status[%s] \n " ,
__location__ , __FUNCTION__ ,
newpass , nt_errstr ( s . out . result ) ) ;
2010-03-19 02:38:04 +03:00
if ( ! NT_STATUS_IS_OK ( s . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " SetUserInfo level %u failed - %s \n " ,
2010-03-19 02:38:04 +03:00
s . in . level , nt_errstr ( s . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2004-04-30 07:57:48 +04:00
} else {
* password = newpass ;
}
2007-03-05 12:54:37 +03:00
/* This should break the key nicely */
confounded_session_key . data [ 0 ] + + ;
arcfour_crypt_blob ( u . info25 . password . data , 516 , & confounded_session_key ) ;
memcpy ( & u . info25 . password . data [ 516 ] , confounder , 16 ) ;
2008-10-31 18:09:29 +03:00
torture_comment ( tctx , " Testing SetUserInfo level 25 (set password ex) with wrong session key \n " ) ;
2007-03-05 12:54:37 +03:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_SetUserInfo_r ( b , tctx , & s ) ,
" SetUserInfo failed " ) ;
2012-12-11 14:42:11 +04:00
torture_comment ( tctx , " (%s:%s) new_password[%s] status[%s] \n " ,
__location__ , __FUNCTION__ ,
newpass , nt_errstr ( s . out . result ) ) ;
2010-03-19 02:38:04 +03:00
if ( ! NT_STATUS_EQUAL ( s . out . result , NT_STATUS_WRONG_PASSWORD ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " SetUserInfo level %u should have failed with WRONG_PASSWORD- %s \n " ,
2010-03-19 02:38:04 +03:00
s . in . level , nt_errstr ( s . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2007-03-05 12:54:37 +03:00
}
2004-04-30 07:57:48 +04:00
return ret ;
}
2008-12-05 17:19:22 +03:00
static bool test_SetUserPass_18 ( struct dcerpc_pipe * p , struct torture_context * tctx ,
struct policy_handle * handle , char * * password )
{
NTSTATUS status ;
struct samr_SetUserInfo s ;
union samr_UserInfo u ;
bool ret = true ;
DATA_BLOB session_key ;
char * newpass ;
2010-03-12 19:51:06 +03:00
struct dcerpc_binding_handle * b = p - > binding_handle ;
2008-12-05 17:19:22 +03:00
struct samr_GetUserPwInfo pwp ;
struct samr_PwInfo info ;
int policy_min_pw_len = 0 ;
uint8_t lm_hash [ 16 ] , nt_hash [ 16 ] ;
pwp . in . user_handle = handle ;
pwp . out . info = & info ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_GetUserPwInfo_r ( b , tctx , & pwp ) ,
" GetUserPwInfo failed " ) ;
if ( NT_STATUS_IS_OK ( pwp . out . result ) ) {
2008-12-05 17:19:22 +03:00
policy_min_pw_len = pwp . out . info - > min_password_length ;
}
newpass = samr_rand_pass ( tctx , policy_min_pw_len ) ;
s . in . user_handle = handle ;
s . in . info = & u ;
s . in . level = 18 ;
ZERO_STRUCT ( u ) ;
u . info18 . nt_pwd_active = true ;
u . info18 . lm_pwd_active = true ;
E_md4hash ( newpass , nt_hash ) ;
E_deshash ( newpass , lm_hash ) ;
status = dcerpc_fetch_session_key ( p , & session_key ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " SetUserInfo level %u - no session key - %s \n " ,
2008-12-05 17:19:22 +03:00
s . in . level , nt_errstr ( status ) ) ;
return false ;
}
{
DATA_BLOB in , out ;
in = data_blob_const ( nt_hash , 16 ) ;
out = data_blob_talloc_zero ( tctx , 16 ) ;
sess_crypt_blob ( & out , & in , & session_key , true ) ;
memcpy ( u . info18 . nt_pwd . hash , out . data , out . length ) ;
}
{
DATA_BLOB in , out ;
in = data_blob_const ( lm_hash , 16 ) ;
out = data_blob_talloc_zero ( tctx , 16 ) ;
sess_crypt_blob ( & out , & in , & session_key , true ) ;
memcpy ( u . info18 . lm_pwd . hash , out . data , out . length ) ;
}
torture_comment ( tctx , " Testing SetUserInfo level 18 (set password hash) \n " ) ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_SetUserInfo_r ( b , tctx , & s ) ,
" SetUserInfo failed " ) ;
if ( ! NT_STATUS_IS_OK ( s . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " SetUserInfo level %u failed - %s \n " ,
2010-03-19 02:38:04 +03:00
s . in . level , nt_errstr ( s . out . result ) ) ;
2008-12-05 17:19:22 +03:00
ret = false ;
} else {
* password = newpass ;
}
return ret ;
}
2008-12-05 17:43:33 +03:00
static bool test_SetUserPass_21 ( struct dcerpc_pipe * p , struct torture_context * tctx ,
struct policy_handle * handle , uint32_t fields_present ,
char * * password )
{
NTSTATUS status ;
struct samr_SetUserInfo s ;
union samr_UserInfo u ;
bool ret = true ;
DATA_BLOB session_key ;
char * newpass ;
2010-03-12 19:51:06 +03:00
struct dcerpc_binding_handle * b = p - > binding_handle ;
2008-12-05 17:43:33 +03:00
struct samr_GetUserPwInfo pwp ;
struct samr_PwInfo info ;
int policy_min_pw_len = 0 ;
uint8_t lm_hash [ 16 ] , nt_hash [ 16 ] ;
pwp . in . user_handle = handle ;
pwp . out . info = & info ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_GetUserPwInfo_r ( b , tctx , & pwp ) ,
" GetUserPwInfo failed " ) ;
if ( NT_STATUS_IS_OK ( pwp . out . result ) ) {
2008-12-05 17:43:33 +03:00
policy_min_pw_len = pwp . out . info - > min_password_length ;
}
newpass = samr_rand_pass ( tctx , policy_min_pw_len ) ;
s . in . user_handle = handle ;
s . in . info = & u ;
s . in . level = 21 ;
E_md4hash ( newpass , nt_hash ) ;
E_deshash ( newpass , lm_hash ) ;
ZERO_STRUCT ( u ) ;
u . info21 . fields_present = fields_present ;
if ( fields_present & SAMR_FIELD_LM_PASSWORD_PRESENT ) {
u . info21 . lm_owf_password . length = 16 ;
u . info21 . lm_owf_password . size = 16 ;
u . info21 . lm_owf_password . array = ( uint16_t * ) lm_hash ;
u . info21 . lm_password_set = true ;
}
if ( fields_present & SAMR_FIELD_NT_PASSWORD_PRESENT ) {
u . info21 . nt_owf_password . length = 16 ;
u . info21 . nt_owf_password . size = 16 ;
u . info21 . nt_owf_password . array = ( uint16_t * ) nt_hash ;
u . info21 . nt_password_set = true ;
}
status = dcerpc_fetch_session_key ( p , & session_key ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " SetUserInfo level %u - no session key - %s \n " ,
2008-12-05 17:43:33 +03:00
s . in . level , nt_errstr ( status ) ) ;
return false ;
}
if ( fields_present & SAMR_FIELD_LM_PASSWORD_PRESENT ) {
DATA_BLOB in , out ;
in = data_blob_const ( u . info21 . lm_owf_password . array ,
u . info21 . lm_owf_password . length ) ;
out = data_blob_talloc_zero ( tctx , 16 ) ;
sess_crypt_blob ( & out , & in , & session_key , true ) ;
u . info21 . lm_owf_password . array = ( uint16_t * ) out . data ;
}
if ( fields_present & SAMR_FIELD_NT_PASSWORD_PRESENT ) {
DATA_BLOB in , out ;
in = data_blob_const ( u . info21 . nt_owf_password . array ,
u . info21 . nt_owf_password . length ) ;
out = data_blob_talloc_zero ( tctx , 16 ) ;
sess_crypt_blob ( & out , & in , & session_key , true ) ;
u . info21 . nt_owf_password . array = ( uint16_t * ) out . data ;
}
torture_comment ( tctx , " Testing SetUserInfo level 21 (set password hash) \n " ) ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_SetUserInfo_r ( b , tctx , & s ) ,
" SetUserInfo failed " ) ;
if ( ! NT_STATUS_IS_OK ( s . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " SetUserInfo level %u failed - %s \n " ,
2010-03-19 02:38:04 +03:00
s . in . level , nt_errstr ( s . out . result ) ) ;
2008-12-05 17:43:33 +03:00
ret = false ;
} else {
* password = newpass ;
}
/* try invalid length */
if ( fields_present & SAMR_FIELD_NT_PASSWORD_PRESENT ) {
u . info21 . nt_owf_password . length + + ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_SetUserInfo_r ( b , tctx , & s ) ,
" SetUserInfo failed " ) ;
if ( ! NT_STATUS_EQUAL ( s . out . result , NT_STATUS_INVALID_PARAMETER ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " SetUserInfo level %u should have failed with NT_STATUS_INVALID_PARAMETER - %s \n " ,
2010-03-19 02:38:04 +03:00
s . in . level , nt_errstr ( s . out . result ) ) ;
2008-12-05 17:43:33 +03:00
ret = false ;
}
}
if ( fields_present & SAMR_FIELD_LM_PASSWORD_PRESENT ) {
u . info21 . lm_owf_password . length + + ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_SetUserInfo_r ( b , tctx , & s ) ,
" SetUserInfo failed " ) ;
if ( ! NT_STATUS_EQUAL ( s . out . result , NT_STATUS_INVALID_PARAMETER ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " SetUserInfo level %u should have failed with NT_STATUS_INVALID_PARAMETER - %s \n " ,
2010-03-19 02:38:04 +03:00
s . in . level , nt_errstr ( s . out . result ) ) ;
2008-12-05 17:43:33 +03:00
ret = false ;
}
}
return ret ;
}
2008-11-28 14:04:09 +03:00
static bool test_SetUserPass_level_ex ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * handle ,
uint16_t level ,
uint32_t fields_present ,
char * * password , uint8_t password_expired ,
2008-12-03 01:22:14 +03:00
bool use_setinfo2 ,
bool * matched_expected_error )
2008-11-28 14:04:09 +03:00
{
NTSTATUS status ;
2008-12-03 01:22:14 +03:00
NTSTATUS expected_error = NT_STATUS_OK ;
2008-11-28 14:04:09 +03:00
struct samr_SetUserInfo s ;
struct samr_SetUserInfo2 s2 ;
union samr_UserInfo u ;
bool ret = true ;
DATA_BLOB session_key ;
DATA_BLOB confounded_session_key = data_blob_talloc ( tctx , NULL , 16 ) ;
2013-06-08 09:48:40 +04:00
MD5_CTX ctx ;
2008-11-28 14:04:09 +03:00
uint8_t confounder [ 16 ] ;
char * newpass ;
2010-03-12 19:51:06 +03:00
struct dcerpc_binding_handle * b = p - > binding_handle ;
2008-11-28 14:04:09 +03:00
struct samr_GetUserPwInfo pwp ;
struct samr_PwInfo info ;
int policy_min_pw_len = 0 ;
2008-11-29 00:01:18 +03:00
const char * comment = NULL ;
2008-12-05 18:07:06 +03:00
uint8_t lm_hash [ 16 ] , nt_hash [ 16 ] ;
2008-11-29 00:01:18 +03:00
2008-11-28 14:04:09 +03:00
pwp . in . user_handle = handle ;
pwp . out . info = & info ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_GetUserPwInfo_r ( b , tctx , & pwp ) ,
" GetUserPwInfo failed " ) ;
if ( NT_STATUS_IS_OK ( pwp . out . result ) ) {
2008-11-28 14:04:09 +03:00
policy_min_pw_len = pwp . out . info - > min_password_length ;
}
newpass = samr_rand_pass_silent ( tctx , policy_min_pw_len ) ;
if ( use_setinfo2 ) {
s2 . in . user_handle = handle ;
s2 . in . info = & u ;
s2 . in . level = level ;
} else {
s . in . user_handle = handle ;
s . in . info = & u ;
s . in . level = level ;
}
2008-11-29 00:01:18 +03:00
if ( fields_present & SAMR_FIELD_COMMENT ) {
2010-11-28 18:06:19 +03:00
comment = talloc_asprintf ( tctx , " comment: %ld \n " , ( long int ) time ( NULL ) ) ;
2008-11-29 00:01:18 +03:00
}
2008-11-28 14:04:09 +03:00
ZERO_STRUCT ( u ) ;
switch ( level ) {
2008-12-05 18:07:06 +03:00
case 18 :
E_md4hash ( newpass , nt_hash ) ;
E_deshash ( newpass , lm_hash ) ;
u . info18 . nt_pwd_active = true ;
u . info18 . lm_pwd_active = true ;
u . info18 . password_expired = password_expired ;
memcpy ( u . info18 . lm_pwd . hash , lm_hash , 16 ) ;
memcpy ( u . info18 . nt_pwd . hash , nt_hash , 16 ) ;
break ;
2008-11-28 14:04:09 +03:00
case 21 :
2008-12-05 18:07:06 +03:00
E_md4hash ( newpass , nt_hash ) ;
E_deshash ( newpass , lm_hash ) ;
2008-11-28 14:04:09 +03:00
u . info21 . fields_present = fields_present ;
u . info21 . password_expired = password_expired ;
2008-11-29 00:01:18 +03:00
u . info21 . comment . string = comment ;
2008-11-28 14:04:09 +03:00
2008-12-05 18:07:06 +03:00
if ( fields_present & SAMR_FIELD_LM_PASSWORD_PRESENT ) {
u . info21 . lm_owf_password . length = 16 ;
u . info21 . lm_owf_password . size = 16 ;
u . info21 . lm_owf_password . array = ( uint16_t * ) lm_hash ;
u . info21 . lm_password_set = true ;
}
if ( fields_present & SAMR_FIELD_NT_PASSWORD_PRESENT ) {
u . info21 . nt_owf_password . length = 16 ;
u . info21 . nt_owf_password . size = 16 ;
u . info21 . nt_owf_password . array = ( uint16_t * ) nt_hash ;
u . info21 . nt_password_set = true ;
}
2008-11-28 14:04:09 +03:00
break ;
case 23 :
u . info23 . info . fields_present = fields_present ;
u . info23 . info . password_expired = password_expired ;
2008-11-29 00:01:18 +03:00
u . info23 . info . comment . string = comment ;
2008-11-28 14:04:09 +03:00
encode_pw_buffer ( u . info23 . password . data , newpass , STR_UNICODE ) ;
break ;
case 24 :
u . info24 . password_expired = password_expired ;
encode_pw_buffer ( u . info24 . password . data , newpass , STR_UNICODE ) ;
break ;
case 25 :
u . info25 . info . fields_present = fields_present ;
u . info25 . info . password_expired = password_expired ;
2008-11-29 00:01:18 +03:00
u . info25 . info . comment . string = comment ;
2008-11-28 14:04:09 +03:00
encode_pw_buffer ( u . info25 . password . data , newpass , STR_UNICODE ) ;
break ;
case 26 :
u . info26 . password_expired = password_expired ;
encode_pw_buffer ( u . info26 . password . data , newpass , STR_UNICODE ) ;
break ;
}
status = dcerpc_fetch_session_key ( p , & session_key ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " SetUserInfo level %u - no session key - %s \n " ,
2008-11-28 14:04:09 +03:00
s . in . level , nt_errstr ( status ) ) ;
return false ;
}
generate_random_buffer ( ( uint8_t * ) confounder , 16 ) ;
MD5Init ( & ctx ) ;
MD5Update ( & ctx , confounder , 16 ) ;
MD5Update ( & ctx , session_key . data , session_key . length ) ;
MD5Final ( confounded_session_key . data , & ctx ) ;
switch ( level ) {
2008-12-05 18:07:06 +03:00
case 18 :
{
DATA_BLOB in , out ;
in = data_blob_const ( u . info18 . nt_pwd . hash , 16 ) ;
out = data_blob_talloc_zero ( tctx , 16 ) ;
sess_crypt_blob ( & out , & in , & session_key , true ) ;
memcpy ( u . info18 . nt_pwd . hash , out . data , out . length ) ;
}
{
DATA_BLOB in , out ;
in = data_blob_const ( u . info18 . lm_pwd . hash , 16 ) ;
out = data_blob_talloc_zero ( tctx , 16 ) ;
sess_crypt_blob ( & out , & in , & session_key , true ) ;
memcpy ( u . info18 . lm_pwd . hash , out . data , out . length ) ;
}
break ;
case 21 :
if ( fields_present & SAMR_FIELD_LM_PASSWORD_PRESENT ) {
DATA_BLOB in , out ;
in = data_blob_const ( u . info21 . lm_owf_password . array ,
u . info21 . lm_owf_password . length ) ;
out = data_blob_talloc_zero ( tctx , 16 ) ;
sess_crypt_blob ( & out , & in , & session_key , true ) ;
u . info21 . lm_owf_password . array = ( uint16_t * ) out . data ;
}
if ( fields_present & SAMR_FIELD_NT_PASSWORD_PRESENT ) {
DATA_BLOB in , out ;
in = data_blob_const ( u . info21 . nt_owf_password . array ,
u . info21 . nt_owf_password . length ) ;
out = data_blob_talloc_zero ( tctx , 16 ) ;
sess_crypt_blob ( & out , & in , & session_key , true ) ;
u . info21 . nt_owf_password . array = ( uint16_t * ) out . data ;
}
break ;
2008-11-28 14:04:09 +03:00
case 23 :
arcfour_crypt_blob ( u . info23 . password . data , 516 , & session_key ) ;
break ;
case 24 :
arcfour_crypt_blob ( u . info24 . password . data , 516 , & session_key ) ;
break ;
case 25 :
arcfour_crypt_blob ( u . info25 . password . data , 516 , & confounded_session_key ) ;
memcpy ( & u . info25 . password . data [ 516 ] , confounder , 16 ) ;
break ;
case 26 :
arcfour_crypt_blob ( u . info26 . password . data , 516 , & confounded_session_key ) ;
memcpy ( & u . info26 . password . data [ 516 ] , confounder , 16 ) ;
break ;
}
if ( use_setinfo2 ) {
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_SetUserInfo2_r ( b , tctx , & s2 ) ,
" SetUserInfo2 failed " ) ;
2012-12-11 14:42:11 +04:00
torture_comment ( tctx , " (%s:%s) new_password[%s] status[%s] \n " ,
__location__ , __FUNCTION__ ,
newpass , nt_errstr ( s2 . out . result ) ) ;
status = s2 . out . result ;
2008-11-28 14:04:09 +03:00
} else {
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_SetUserInfo_r ( b , tctx , & s ) ,
" SetUserInfo failed " ) ;
2012-12-11 14:42:11 +04:00
torture_comment ( tctx , " (%s:%s) new_password[%s] status[%s] \n " ,
__location__ , __FUNCTION__ ,
newpass , nt_errstr ( s . out . result ) ) ;
2010-03-19 02:38:04 +03:00
status = s . out . result ;
2008-11-28 14:04:09 +03:00
}
2008-12-03 01:22:14 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
if ( fields_present = = 0 ) {
expected_error = NT_STATUS_INVALID_PARAMETER ;
}
if ( fields_present & SAMR_FIELD_LAST_PWD_CHANGE ) {
expected_error = NT_STATUS_ACCESS_DENIED ;
}
}
2008-11-29 00:01:18 +03:00
if ( ! NT_STATUS_IS_OK ( expected_error ) ) {
if ( use_setinfo2 ) {
torture_assert_ntstatus_equal ( tctx ,
s2 . out . result ,
expected_error , " SetUserInfo2 failed " ) ;
} else {
torture_assert_ntstatus_equal ( tctx ,
s . out . result ,
expected_error , " SetUserInfo failed " ) ;
}
2008-12-03 01:22:14 +03:00
* matched_expected_error = true ;
2008-11-28 14:04:09 +03:00
return true ;
}
if ( ! NT_STATUS_IS_OK ( status ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " SetUserInfo%s level %u failed - %s \n " ,
2008-11-28 14:04:09 +03:00
use_setinfo2 ? " 2 " : " " , level , nt_errstr ( status ) ) ;
ret = false ;
} else {
2008-12-05 18:07:06 +03:00
* password = newpass ;
2008-11-28 14:04:09 +03:00
}
return ret ;
}
2010-03-12 19:51:06 +03:00
static bool test_SetAliasInfo ( struct dcerpc_binding_handle * b ,
struct torture_context * tctx ,
struct policy_handle * handle )
2003-12-19 06:59:27 +03:00
{
struct samr_SetAliasInfo r ;
struct samr_QueryAliasInfo q ;
2008-11-10 16:09:06 +03:00
union samr_AliasInfo * info ;
2004-05-25 21:24:24 +04:00
uint16_t levels [ ] = { 2 , 3 } ;
2003-12-19 06:59:27 +03:00
int i ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2003-12-19 06:59:27 +03:00
/* Ignoring switch level 1, as that includes the number of members for the alias
* and setting this to a wrong value might have negative consequences
*/
for ( i = 0 ; i < ARRAY_SIZE ( levels ) ; i + + ) {
2008-10-31 18:09:29 +03:00
torture_comment ( tctx , " Testing SetAliasInfo level %u \n " , levels [ i ] ) ;
2003-12-19 06:59:27 +03:00
2004-09-21 07:51:38 +04:00
r . in . alias_handle = handle ;
2003-12-19 06:59:27 +03:00
r . in . level = levels [ i ] ;
2007-12-03 17:53:28 +03:00
r . in . info = talloc ( tctx , union samr_AliasInfo ) ;
2003-12-19 06:59:27 +03:00
switch ( r . in . level ) {
2005-11-10 06:01:21 +03:00
case ALIASINFONAME : init_lsa_String ( & r . in . info - > name , TEST_ALIASNAME ) ; break ;
case ALIASINFODESCRIPTION : init_lsa_String ( & r . in . info - > description ,
2003-12-19 06:59:27 +03:00
" Test Description, should test I18N as well " ) ; break ;
2009-06-30 01:42:58 +04:00
case ALIASINFOALL : torture_comment ( tctx , " ALIASINFOALL ignored \n " ) ; break ;
2003-12-19 06:59:27 +03:00
}
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_SetAliasInfo_r ( b , tctx , & r ) ,
" SetAliasInfo failed " ) ;
if ( ! NT_STATUS_IS_OK ( r . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " SetAliasInfo level %u failed - %s \n " ,
2010-03-19 02:38:04 +03:00
levels [ i ] , nt_errstr ( r . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2003-12-19 06:59:27 +03:00
}
2004-09-21 07:51:38 +04:00
q . in . alias_handle = handle ;
2003-12-19 06:59:27 +03:00
q . in . level = levels [ i ] ;
2008-11-10 16:09:06 +03:00
q . out . info = & info ;
2003-12-19 06:59:27 +03:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_QueryAliasInfo_r ( b , tctx , & q ) ,
" QueryAliasInfo failed " ) ;
if ( ! NT_STATUS_IS_OK ( q . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " QueryAliasInfo level %u failed - %s \n " ,
2010-03-19 02:38:04 +03:00
levels [ i ] , nt_errstr ( q . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2003-12-19 06:59:27 +03:00
}
}
2003-11-20 13:53:08 +03:00
2003-11-20 10:20:59 +03:00
return ret ;
}
2010-03-12 19:51:06 +03:00
static bool test_GetGroupsForUser ( struct dcerpc_binding_handle * b ,
struct torture_context * tctx ,
2003-12-19 06:59:27 +03:00
struct policy_handle * user_handle )
{
struct samr_GetGroupsForUser r ;
2008-11-05 12:58:35 +03:00
struct samr_RidWithAttributeArray * rids = NULL ;
2003-12-19 06:59:27 +03:00
2010-04-11 03:39:06 +04:00
torture_comment ( tctx , " Testing GetGroupsForUser \n " ) ;
2003-12-19 06:59:27 +03:00
2004-09-21 07:51:38 +04:00
r . in . user_handle = user_handle ;
2008-11-05 12:58:35 +03:00
r . out . rids = & rids ;
2003-12-19 06:59:27 +03:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_GetGroupsForUser_r ( b , tctx , & r ) ,
" GetGroupsForUser failed " ) ;
torture_assert_ntstatus_ok ( tctx , r . out . result , " GetGroupsForUser failed " ) ;
2003-12-19 06:59:27 +03:00
2008-10-31 17:24:24 +03:00
return true ;
2003-12-19 06:59:27 +03:00
}
2004-04-21 10:23:29 +04:00
2007-12-03 17:53:28 +03:00
static bool test_GetDomPwInfo ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2005-07-08 12:09:02 +04:00
struct lsa_String * domain_name )
2004-04-21 10:23:29 +04:00
{
struct samr_GetDomPwInfo r ;
2008-11-05 03:34:55 +03:00
struct samr_PwInfo info ;
2010-03-12 19:51:06 +03:00
struct dcerpc_binding_handle * b = p - > binding_handle ;
2004-04-21 10:23:29 +04:00
2005-02-13 03:26:43 +03:00
r . in . domain_name = domain_name ;
2008-11-05 03:34:55 +03:00
r . out . info = & info ;
2008-10-31 17:24:24 +03:00
torture_comment ( tctx , " Testing GetDomPwInfo with name %s \n " , r . in . domain_name - > string ) ;
2004-05-26 11:33:05 +04:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_GetDomPwInfo_r ( b , tctx , & r ) ,
" GetDomPwInfo failed " ) ;
torture_assert_ntstatus_ok ( tctx , r . out . result , " GetDomPwInfo failed " ) ;
2004-05-26 11:33:05 +04:00
2007-12-03 17:53:28 +03:00
r . in . domain_name - > string = talloc_asprintf ( tctx , " \\ \\ %s " , dcerpc_server_name ( p ) ) ;
2008-10-31 17:24:24 +03:00
torture_comment ( tctx , " Testing GetDomPwInfo with name %s \n " , r . in . domain_name - > string ) ;
2004-04-21 10:23:29 +04:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_GetDomPwInfo_r ( b , tctx , & r ) ,
" GetDomPwInfo failed " ) ;
torture_assert_ntstatus_ok ( tctx , r . out . result , " GetDomPwInfo failed " ) ;
2004-04-21 10:23:29 +04:00
2005-02-13 03:26:43 +03:00
r . in . domain_name - > string = " \\ \\ __NONAME__ " ;
2008-10-31 17:24:24 +03:00
torture_comment ( tctx , " Testing GetDomPwInfo with name %s \n " , r . in . domain_name - > string ) ;
2004-05-26 11:33:05 +04:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_GetDomPwInfo_r ( b , tctx , & r ) ,
" GetDomPwInfo failed " ) ;
torture_assert_ntstatus_ok ( tctx , r . out . result , " GetDomPwInfo failed " ) ;
2004-05-26 11:33:05 +04:00
2005-02-13 03:26:43 +03:00
r . in . domain_name - > string = " \\ \\ Builtin " ;
2008-10-31 17:24:24 +03:00
torture_comment ( tctx , " Testing GetDomPwInfo with name %s \n " , r . in . domain_name - > string ) ;
2004-05-26 11:33:05 +04:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_GetDomPwInfo_r ( b , tctx , & r ) ,
" GetDomPwInfo failed " ) ;
torture_assert_ntstatus_ok ( tctx , r . out . result , " GetDomPwInfo failed " ) ;
2004-05-26 11:33:05 +04:00
2008-10-31 17:24:24 +03:00
return true ;
2004-04-21 10:23:29 +04:00
}
2010-03-12 19:51:06 +03:00
static bool test_GetUserPwInfo ( struct dcerpc_binding_handle * b ,
struct torture_context * tctx ,
2003-11-21 16:14:17 +03:00
struct policy_handle * handle )
{
struct samr_GetUserPwInfo r ;
2008-11-05 03:28:49 +03:00
struct samr_PwInfo info ;
2003-11-21 16:14:17 +03:00
2008-10-31 17:24:24 +03:00
torture_comment ( tctx , " Testing GetUserPwInfo \n " ) ;
2003-11-21 16:14:17 +03:00
2004-09-21 07:51:38 +04:00
r . in . user_handle = handle ;
2008-11-05 03:28:49 +03:00
r . out . info = & info ;
2003-11-21 16:14:17 +03:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_GetUserPwInfo_r ( b , tctx , & r ) ,
" GetUserPwInfo failed " ) ;
torture_assert_ntstatus_ok ( tctx , r . out . result , " GetUserPwInfo " ) ;
2003-11-21 16:14:17 +03:00
2008-10-31 17:24:24 +03:00
return true ;
2003-11-21 16:14:17 +03:00
}
2010-03-12 19:51:06 +03:00
static NTSTATUS test_LookupName ( struct dcerpc_binding_handle * b ,
struct torture_context * tctx ,
2004-04-18 08:06:15 +04:00
struct policy_handle * domain_handle , const char * name ,
2004-05-25 20:24:13 +04:00
uint32_t * rid )
2004-04-18 08:06:15 +04:00
{
NTSTATUS status ;
struct samr_LookupNames n ;
2005-07-08 12:09:02 +04:00
struct lsa_String sname [ 2 ] ;
2008-11-05 16:28:17 +03:00
struct samr_Ids rids , types ;
2004-04-18 08:06:15 +04:00
2005-07-08 12:09:02 +04:00
init_lsa_String ( & sname [ 0 ] , name ) ;
2004-04-18 08:06:15 +04:00
2004-09-21 07:51:38 +04:00
n . in . domain_handle = domain_handle ;
2004-04-18 08:06:15 +04:00
n . in . num_names = 1 ;
2004-05-08 03:57:35 +04:00
n . in . names = sname ;
2008-11-05 16:28:17 +03:00
n . out . rids = & rids ;
n . out . types = & types ;
2010-03-12 19:51:06 +03:00
status = dcerpc_samr_LookupNames_r ( b , tctx , & n ) ;
2010-03-19 02:38:04 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
if ( NT_STATUS_IS_OK ( n . out . result ) ) {
2008-11-05 16:28:17 +03:00
* rid = n . out . rids - > ids [ 0 ] ;
2004-05-08 03:57:35 +04:00
} else {
2010-03-19 02:38:04 +03:00
return n . out . result ;
2004-05-08 03:57:35 +04:00
}
2005-07-08 12:09:02 +04:00
init_lsa_String ( & sname [ 1 ] , " xxNONAMExx " ) ;
2004-05-08 03:57:35 +04:00
n . in . num_names = 2 ;
2010-03-12 19:51:06 +03:00
status = dcerpc_samr_LookupNames_r ( b , tctx , & n ) ;
2010-03-19 02:38:04 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
if ( ! NT_STATUS_EQUAL ( n . out . result , STATUS_SOME_UNMAPPED ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " LookupNames[2] failed - %s \n " , nt_errstr ( n . out . result ) ) ;
2010-03-19 02:38:04 +03:00
if ( NT_STATUS_IS_OK ( n . out . result ) ) {
2007-06-06 16:51:45 +04:00
return NT_STATUS_UNSUCCESSFUL ;
}
2010-03-19 02:38:04 +03:00
return n . out . result ;
2004-05-08 03:57:35 +04:00
}
n . in . num_names = 0 ;
2010-03-12 19:51:06 +03:00
status = dcerpc_samr_LookupNames_r ( b , tctx , & n ) ;
2004-05-08 03:57:35 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2007-06-06 16:51:45 +04:00
return status ;
}
2010-03-19 02:38:04 +03:00
if ( ! NT_STATUS_IS_OK ( n . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " LookupNames[0] failed - %s \n " , nt_errstr ( status ) ) ;
2010-03-19 02:38:04 +03:00
return n . out . result ;
}
2007-06-06 16:51:45 +04:00
init_lsa_String ( & sname [ 0 ] , " xxNONAMExx " ) ;
n . in . num_names = 1 ;
2010-03-12 19:51:06 +03:00
status = dcerpc_samr_LookupNames_r ( b , tctx , & n ) ;
2010-03-19 02:38:04 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
if ( ! NT_STATUS_EQUAL ( n . out . result , NT_STATUS_NONE_MAPPED ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " LookupNames[1 bad name] failed - %s \n " , nt_errstr ( n . out . result ) ) ;
2010-03-19 02:38:04 +03:00
if ( NT_STATUS_IS_OK ( n . out . result ) ) {
2007-06-06 16:51:45 +04:00
return NT_STATUS_UNSUCCESSFUL ;
}
2010-03-19 02:38:04 +03:00
return n . out . result ;
2007-06-06 16:51:45 +04:00
}
init_lsa_String ( & sname [ 0 ] , " xxNONAMExx " ) ;
init_lsa_String ( & sname [ 1 ] , " xxNONAME2xx " ) ;
n . in . num_names = 2 ;
2010-03-12 19:51:06 +03:00
status = dcerpc_samr_LookupNames_r ( b , tctx , & n ) ;
2010-03-19 02:38:04 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
if ( ! NT_STATUS_EQUAL ( n . out . result , NT_STATUS_NONE_MAPPED ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " LookupNames[2 bad names] failed - %s \n " , nt_errstr ( n . out . result ) ) ;
2010-03-19 02:38:04 +03:00
if ( NT_STATUS_IS_OK ( n . out . result ) ) {
2007-06-06 16:51:45 +04:00
return NT_STATUS_UNSUCCESSFUL ;
}
2010-03-19 02:38:04 +03:00
return n . out . result ;
2004-04-18 08:06:15 +04:00
}
2007-06-06 16:51:45 +04:00
return NT_STATUS_OK ;
2004-04-18 08:06:15 +04:00
}
2010-03-12 19:51:06 +03:00
static NTSTATUS test_OpenUser_byname ( struct dcerpc_binding_handle * b ,
2009-05-12 01:13:26 +04:00
struct torture_context * tctx ,
2004-04-18 08:06:15 +04:00
struct policy_handle * domain_handle ,
const char * name , struct policy_handle * user_handle )
{
NTSTATUS status ;
struct samr_OpenUser r ;
2004-05-25 20:24:13 +04:00
uint32_t rid ;
2004-04-18 08:06:15 +04:00
2010-03-12 19:51:06 +03:00
status = test_LookupName ( b , tctx , domain_handle , name , & rid ) ;
2004-04-18 08:06:15 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
2004-09-21 07:51:38 +04:00
r . in . domain_handle = domain_handle ;
2004-12-02 07:37:36 +03:00
r . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
2004-04-18 08:06:15 +04:00
r . in . rid = rid ;
2004-09-21 07:51:38 +04:00
r . out . user_handle = user_handle ;
2010-03-12 19:51:06 +03:00
status = dcerpc_samr_OpenUser_r ( b , tctx , & r ) ;
2004-04-18 08:06:15 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2010-03-19 02:38:04 +03:00
return status ;
}
if ( ! NT_STATUS_IS_OK ( r . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " OpenUser_byname(%s -> %d) failed - %s \n " , name , rid , nt_errstr ( r . out . result ) ) ;
2004-04-18 08:06:15 +04:00
}
2010-03-19 02:38:04 +03:00
return r . out . result ;
2004-04-18 08:06:15 +04:00
}
2004-07-15 09:13:08 +04:00
#if 0
2009-05-12 01:13:26 +04:00
static bool test_ChangePasswordNT3 ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
2004-07-15 09:13:08 +04:00
struct policy_handle * handle )
{
NTSTATUS status ;
struct samr_ChangePasswordUser r ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2004-07-15 09:13:08 +04:00
struct samr_Password hash1 , hash2 , hash3 , hash4 , hash5 , hash6 ;
struct policy_handle user_handle ;
char * oldpass = " test " ;
char * newpass = " test2 " ;
uint8_t old_nt_hash [ 16 ] , new_nt_hash [ 16 ] ;
uint8_t old_lm_hash [ 16 ] , new_lm_hash [ 16 ] ;
2009-05-12 01:13:26 +04:00
status = test_OpenUser_byname ( p , tctx , handle , " testuser " , & user_handle ) ;
2004-07-15 09:13:08 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2007-10-07 02:28:14 +04:00
return false ;
2004-07-15 09:13:08 +04:00
}
2009-06-30 01:42:58 +04:00
torture_comment ( tctx , " Testing ChangePasswordUser for user 'testuser' \n " ) ;
2004-07-15 09:13:08 +04:00
2009-06-30 01:42:58 +04:00
torture_comment ( tctx , " old password: %s \n " , oldpass ) ;
torture_comment ( tctx , " new password: %s \n " , newpass ) ;
2004-07-15 09:13:08 +04:00
E_md4hash ( oldpass , old_nt_hash ) ;
E_md4hash ( newpass , new_nt_hash ) ;
E_deshash ( oldpass , old_lm_hash ) ;
E_deshash ( newpass , new_lm_hash ) ;
E_old_pw_hash ( new_lm_hash , old_lm_hash , hash1 . hash ) ;
E_old_pw_hash ( old_lm_hash , new_lm_hash , hash2 . hash ) ;
E_old_pw_hash ( new_nt_hash , old_nt_hash , hash3 . hash ) ;
E_old_pw_hash ( old_nt_hash , new_nt_hash , hash4 . hash ) ;
E_old_pw_hash ( old_lm_hash , new_nt_hash , hash5 . hash ) ;
E_old_pw_hash ( old_nt_hash , new_lm_hash , hash6 . hash ) ;
r . in . handle = & user_handle ;
r . in . lm_present = 1 ;
r . in . old_lm_crypted = & hash1 ;
r . in . new_lm_crypted = & hash2 ;
r . in . nt_present = 1 ;
r . in . old_nt_crypted = & hash3 ;
r . in . new_nt_crypted = & hash4 ;
r . in . cross1_present = 1 ;
r . in . nt_cross = & hash5 ;
r . in . cross2_present = 1 ;
r . in . lm_cross = & hash6 ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_ChangePasswordUser_r ( b , tctx , & r ) ,
" ChangePasswordUser failed " ) ;
if ( ! NT_STATUS_IS_OK ( r . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " ChangePasswordUser failed - %s \n " , nt_errstr ( r . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2004-07-15 09:13:08 +04:00
}
2009-05-12 01:13:26 +04:00
if ( ! test_samr_handle_Close ( p , tctx , & user_handle ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2004-07-15 09:13:08 +04:00
}
return ret ;
}
# endif
2004-04-18 08:06:15 +04:00
2010-03-12 19:51:06 +03:00
static bool test_ChangePasswordUser ( struct dcerpc_binding_handle * b ,
struct torture_context * tctx ,
2009-05-12 00:44:58 +04:00
const char * acct_name ,
2004-04-22 10:19:48 +04:00
struct policy_handle * handle , char * * password )
2004-04-18 08:06:15 +04:00
{
NTSTATUS status ;
struct samr_ChangePasswordUser r ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2004-06-04 15:58:46 +04:00
struct samr_Password hash1 , hash2 , hash3 , hash4 , hash5 , hash6 ;
2004-04-18 08:06:15 +04:00
struct policy_handle user_handle ;
2006-07-06 09:09:14 +04:00
char * oldpass ;
2004-05-25 21:50:17 +04:00
uint8_t old_nt_hash [ 16 ] , new_nt_hash [ 16 ] ;
uint8_t old_lm_hash [ 16 ] , new_lm_hash [ 16 ] ;
2007-10-07 02:28:14 +04:00
bool changed = true ;
2004-04-18 08:06:15 +04:00
2004-10-20 06:08:36 +04:00
char * newpass ;
struct samr_GetUserPwInfo pwp ;
2008-11-05 03:28:49 +03:00
struct samr_PwInfo info ;
2004-10-20 06:08:36 +04:00
int policy_min_pw_len = 0 ;
2010-03-12 19:51:06 +03:00
status = test_OpenUser_byname ( b , tctx , handle , acct_name , & user_handle ) ;
2004-04-18 08:06:15 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2007-10-07 02:28:14 +04:00
return false ;
2004-04-18 08:06:15 +04:00
}
2004-10-20 06:08:36 +04:00
pwp . in . user_handle = & user_handle ;
2008-11-05 03:28:49 +03:00
pwp . out . info = & info ;
2004-10-20 06:08:36 +04:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_GetUserPwInfo_r ( b , tctx , & pwp ) ,
" GetUserPwInfo failed " ) ;
if ( NT_STATUS_IS_OK ( pwp . out . result ) ) {
2008-11-05 03:28:49 +03:00
policy_min_pw_len = pwp . out . info - > min_password_length ;
2004-10-20 06:08:36 +04:00
}
2008-10-31 17:24:24 +03:00
newpass = samr_rand_pass ( tctx , policy_min_pw_len ) ;
2004-04-18 08:06:15 +04:00
2008-10-31 18:09:29 +03:00
torture_comment ( tctx , " Testing ChangePasswordUser \n " ) ;
2004-04-18 08:06:15 +04:00
2009-05-12 00:44:58 +04:00
torture_assert ( tctx , * password ! = NULL ,
2008-10-31 18:09:29 +03:00
" Failing ChangePasswordUser as old password was NULL. Previous test failed? " ) ;
2006-07-06 09:09:14 +04:00
oldpass = * password ;
2004-04-22 10:19:48 +04:00
E_md4hash ( oldpass , old_nt_hash ) ;
E_md4hash ( newpass , new_nt_hash ) ;
E_deshash ( oldpass , old_lm_hash ) ;
E_deshash ( newpass , new_lm_hash ) ;
2004-04-26 07:07:46 +04:00
E_old_pw_hash ( new_lm_hash , old_lm_hash , hash1 . hash ) ;
E_old_pw_hash ( old_lm_hash , new_lm_hash , hash2 . hash ) ;
E_old_pw_hash ( new_nt_hash , old_nt_hash , hash3 . hash ) ;
E_old_pw_hash ( old_nt_hash , new_nt_hash , hash4 . hash ) ;
E_old_pw_hash ( old_lm_hash , new_nt_hash , hash5 . hash ) ;
E_old_pw_hash ( old_nt_hash , new_lm_hash , hash6 . hash ) ;
2004-04-18 08:06:15 +04:00
2007-03-06 08:30:25 +03:00
r . in . user_handle = & user_handle ;
r . in . lm_present = 1 ;
2013-11-07 08:04:14 +04:00
/* Break the NT hash */
hash3 . hash [ 0 ] + + ;
2007-03-06 08:30:25 +03:00
r . in . old_lm_crypted = & hash1 ;
r . in . new_lm_crypted = & hash2 ;
r . in . nt_present = 1 ;
r . in . old_nt_crypted = & hash3 ;
r . in . new_nt_crypted = & hash4 ;
r . in . cross1_present = 1 ;
r . in . nt_cross = & hash5 ;
2007-08-22 08:28:15 +04:00
r . in . cross2_present = 1 ;
r . in . lm_cross = & hash6 ;
2007-03-06 08:30:25 +03:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_ChangePasswordUser_r ( b , tctx , & r ) ,
" ChangePasswordUser failed " ) ;
2012-12-11 14:42:11 +04:00
torture_comment ( tctx , " (%s:%s) old_password[%s] new_password[%s] status[%s] \n " ,
__location__ , __FUNCTION__ ,
oldpass , newpass , nt_errstr ( r . out . result ) ) ;
2013-11-07 07:23:12 +04:00
/* Do not proceed if this call has been removed */
if ( NT_STATUS_EQUAL ( r . out . result , NT_STATUS_NOT_IMPLEMENTED ) ) {
torture_skip ( tctx , " ValidatePassword not supported by server \n " ) ;
}
2012-12-11 16:21:11 +04:00
if ( ! NT_STATUS_EQUAL ( r . out . result , NT_STATUS_PASSWORD_RESTRICTION ) ) {
torture_assert_ntstatus_equal ( tctx , r . out . result , NT_STATUS_WRONG_PASSWORD ,
" ChangePasswordUser failed: expected NT_STATUS_WRONG_PASSWORD because we broke the LM hash " ) ;
}
2007-03-06 08:30:25 +03:00
2013-11-07 08:04:14 +04:00
/* Unbreak the NT hash */
hash3 . hash [ 0 ] - - ;
2007-08-22 08:28:15 +04:00
2007-03-06 08:30:25 +03:00
r . in . user_handle = & user_handle ;
r . in . lm_present = 1 ;
r . in . old_lm_crypted = & hash1 ;
r . in . new_lm_crypted = & hash2 ;
2013-11-07 08:04:14 +04:00
/* Break the LM hash */
hash1 . hash [ 0 ] - - ;
2007-03-06 08:30:25 +03:00
r . in . nt_present = 1 ;
r . in . old_nt_crypted = & hash3 ;
r . in . new_nt_crypted = & hash4 ;
2007-08-22 08:28:15 +04:00
r . in . cross1_present = 1 ;
r . in . nt_cross = & hash5 ;
2007-03-06 08:30:25 +03:00
r . in . cross2_present = 1 ;
r . in . lm_cross = & hash6 ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_ChangePasswordUser_r ( b , tctx , & r ) ,
" ChangePasswordUser failed " ) ;
2012-12-11 14:42:11 +04:00
torture_comment ( tctx , " (%s:%s) old_password[%s] new_password[%s] status[%s] \n " ,
__location__ , __FUNCTION__ ,
oldpass , newpass , nt_errstr ( r . out . result ) ) ;
2012-12-11 16:21:11 +04:00
if ( ! NT_STATUS_EQUAL ( r . out . result , NT_STATUS_PASSWORD_RESTRICTION ) ) {
torture_assert_ntstatus_equal ( tctx , r . out . result , NT_STATUS_WRONG_PASSWORD ,
" expected NT_STATUS_WRONG_PASSWORD because we broke the NT hash " ) ;
}
2007-03-06 08:30:25 +03:00
2007-08-22 08:28:15 +04:00
/* Unbreak the NT hash */
hash3 . hash [ 0 ] - - ;
2007-03-07 01:22:25 +03:00
r . in . user_handle = & user_handle ;
r . in . lm_present = 1 ;
r . in . old_lm_crypted = & hash1 ;
r . in . new_lm_crypted = & hash2 ;
r . in . nt_present = 1 ;
r . in . old_nt_crypted = & hash3 ;
r . in . new_nt_crypted = & hash4 ;
r . in . cross1_present = 1 ;
r . in . nt_cross = & hash5 ;
r . in . cross2_present = 1 ;
2007-08-22 08:28:15 +04:00
/* Break the LM cross */
hash6 . hash [ 0 ] + + ;
2007-03-07 01:22:25 +03:00
r . in . lm_cross = & hash6 ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_ChangePasswordUser_r ( b , tctx , & r ) ,
" ChangePasswordUser failed " ) ;
2012-12-11 14:42:11 +04:00
torture_comment ( tctx , " (%s:%s) old_password[%s] new_password[%s] status[%s] \n " ,
__location__ , __FUNCTION__ ,
oldpass , newpass , nt_errstr ( r . out . result ) ) ;
2012-12-11 16:21:11 +04:00
if ( ! NT_STATUS_EQUAL ( r . out . result , NT_STATUS_WRONG_PASSWORD ) & &
! NT_STATUS_EQUAL ( r . out . result , NT_STATUS_PASSWORD_RESTRICTION ) )
{
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " ChangePasswordUser failed: expected NT_STATUS_WRONG_PASSWORD or NT_STATUS_PASSWORD_RESTRICTION because we broke the LM cross-hash, got %s \n " , nt_errstr ( r . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2007-03-07 01:22:25 +03:00
}
2007-08-22 08:28:15 +04:00
/* Unbreak the LM cross */
hash6 . hash [ 0 ] - - ;
2007-03-07 01:22:25 +03:00
r . in . user_handle = & user_handle ;
r . in . lm_present = 1 ;
r . in . old_lm_crypted = & hash1 ;
r . in . new_lm_crypted = & hash2 ;
r . in . nt_present = 1 ;
r . in . old_nt_crypted = & hash3 ;
r . in . new_nt_crypted = & hash4 ;
r . in . cross1_present = 1 ;
2007-08-22 08:28:15 +04:00
/* Break the NT cross */
hash5 . hash [ 0 ] + + ;
2007-03-07 01:22:25 +03:00
r . in . nt_cross = & hash5 ;
r . in . cross2_present = 1 ;
r . in . lm_cross = & hash6 ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_ChangePasswordUser_r ( b , tctx , & r ) ,
" ChangePasswordUser failed " ) ;
2012-12-11 14:42:11 +04:00
torture_comment ( tctx , " (%s:%s) old_password[%s] new_password[%s] status[%s] \n " ,
__location__ , __FUNCTION__ ,
oldpass , newpass , nt_errstr ( r . out . result ) ) ;
2012-12-11 16:21:11 +04:00
if ( ! NT_STATUS_EQUAL ( r . out . result , NT_STATUS_WRONG_PASSWORD ) & &
! NT_STATUS_EQUAL ( r . out . result , NT_STATUS_PASSWORD_RESTRICTION ) )
{
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " ChangePasswordUser failed: expected NT_STATUS_WRONG_PASSWORD or NT_STATUS_PASSWORD_RESTRICTION because we broke the NT cross-hash, got %s \n " , nt_errstr ( r . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2007-03-07 01:22:25 +03:00
}
2007-08-22 08:28:15 +04:00
/* Unbreak the NT cross */
hash5 . hash [ 0 ] - - ;
/* Reset the hashes to not broken values */
E_old_pw_hash ( new_lm_hash , old_lm_hash , hash1 . hash ) ;
E_old_pw_hash ( old_lm_hash , new_lm_hash , hash2 . hash ) ;
E_old_pw_hash ( new_nt_hash , old_nt_hash , hash3 . hash ) ;
E_old_pw_hash ( old_nt_hash , new_nt_hash , hash4 . hash ) ;
E_old_pw_hash ( old_lm_hash , new_nt_hash , hash5 . hash ) ;
E_old_pw_hash ( old_nt_hash , new_lm_hash , hash6 . hash ) ;
2007-03-07 01:22:25 +03:00
r . in . user_handle = & user_handle ;
r . in . lm_present = 1 ;
r . in . old_lm_crypted = & hash1 ;
r . in . new_lm_crypted = & hash2 ;
r . in . nt_present = 1 ;
r . in . old_nt_crypted = & hash3 ;
r . in . new_nt_crypted = & hash4 ;
r . in . cross1_present = 1 ;
r . in . nt_cross = & hash5 ;
2007-08-22 08:28:15 +04:00
r . in . cross2_present = 0 ;
r . in . lm_cross = NULL ;
2007-03-07 01:22:25 +03:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_ChangePasswordUser_r ( b , tctx , & r ) ,
" ChangePasswordUser failed " ) ;
2012-12-11 14:42:11 +04:00
torture_comment ( tctx , " (%s:%s) old_password[%s] new_password[%s] status[%s] \n " ,
__location__ , __FUNCTION__ ,
oldpass , newpass , nt_errstr ( r . out . result ) ) ;
2010-03-19 02:38:04 +03:00
if ( NT_STATUS_IS_OK ( r . out . result ) ) {
2007-10-07 02:28:14 +04:00
changed = true ;
2007-08-22 08:28:15 +04:00
* password = newpass ;
2010-03-19 02:38:04 +03:00
} else if ( ! NT_STATUS_EQUAL ( NT_STATUS_PASSWORD_RESTRICTION , r . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " ChangePasswordUser failed: expected NT_STATUS_OK, or at least NT_STATUS_PASSWORD_RESTRICTION, got %s \n " , nt_errstr ( r . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2007-03-07 01:22:25 +03:00
}
2007-08-22 08:28:15 +04:00
oldpass = newpass ;
2008-10-31 17:24:24 +03:00
newpass = samr_rand_pass ( tctx , policy_min_pw_len ) ;
2007-08-22 08:28:15 +04:00
E_md4hash ( oldpass , old_nt_hash ) ;
E_md4hash ( newpass , new_nt_hash ) ;
E_deshash ( oldpass , old_lm_hash ) ;
E_deshash ( newpass , new_lm_hash ) ;
/* Reset the hashes to not broken values */
E_old_pw_hash ( new_lm_hash , old_lm_hash , hash1 . hash ) ;
E_old_pw_hash ( old_lm_hash , new_lm_hash , hash2 . hash ) ;
E_old_pw_hash ( new_nt_hash , old_nt_hash , hash3 . hash ) ;
E_old_pw_hash ( old_nt_hash , new_nt_hash , hash4 . hash ) ;
E_old_pw_hash ( old_lm_hash , new_nt_hash , hash5 . hash ) ;
E_old_pw_hash ( old_nt_hash , new_lm_hash , hash6 . hash ) ;
2007-03-07 01:22:25 +03:00
r . in . user_handle = & user_handle ;
r . in . lm_present = 1 ;
r . in . old_lm_crypted = & hash1 ;
r . in . new_lm_crypted = & hash2 ;
r . in . nt_present = 1 ;
r . in . old_nt_crypted = & hash3 ;
r . in . new_nt_crypted = & hash4 ;
2007-08-22 08:28:15 +04:00
r . in . cross1_present = 0 ;
r . in . nt_cross = NULL ;
2007-03-07 01:22:25 +03:00
r . in . cross2_present = 1 ;
r . in . lm_cross = & hash6 ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_ChangePasswordUser_r ( b , tctx , & r ) ,
" ChangePasswordUser failed " ) ;
2012-12-11 14:42:11 +04:00
torture_comment ( tctx , " (%s:%s) old_password[%s] new_password[%s] status[%s] \n " ,
__location__ , __FUNCTION__ ,
oldpass , newpass , nt_errstr ( r . out . result ) ) ;
2010-03-19 02:38:04 +03:00
if ( NT_STATUS_IS_OK ( r . out . result ) ) {
2007-10-07 02:28:14 +04:00
changed = true ;
2007-08-22 08:28:15 +04:00
* password = newpass ;
2010-03-19 02:38:04 +03:00
} else if ( ! NT_STATUS_EQUAL ( NT_STATUS_PASSWORD_RESTRICTION , r . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " ChangePasswordUser failed: expected NT_STATUS_OK, or at least NT_STATUS_PASSWORD_RESTRICTION, got %s \n " , nt_errstr ( r . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2007-03-07 01:22:25 +03:00
}
2007-08-22 08:28:15 +04:00
oldpass = newpass ;
2008-10-31 17:24:24 +03:00
newpass = samr_rand_pass ( tctx , policy_min_pw_len ) ;
2007-08-22 08:28:15 +04:00
E_md4hash ( oldpass , old_nt_hash ) ;
E_md4hash ( newpass , new_nt_hash ) ;
E_deshash ( oldpass , old_lm_hash ) ;
E_deshash ( newpass , new_lm_hash ) ;
2007-03-07 01:22:25 +03:00
/* Reset the hashes to not broken values */
E_old_pw_hash ( new_lm_hash , old_lm_hash , hash1 . hash ) ;
E_old_pw_hash ( old_lm_hash , new_lm_hash , hash2 . hash ) ;
E_old_pw_hash ( new_nt_hash , old_nt_hash , hash3 . hash ) ;
E_old_pw_hash ( old_nt_hash , new_nt_hash , hash4 . hash ) ;
E_old_pw_hash ( old_lm_hash , new_nt_hash , hash5 . hash ) ;
E_old_pw_hash ( old_nt_hash , new_lm_hash , hash6 . hash ) ;
2004-09-21 07:51:38 +04:00
r . in . user_handle = & user_handle ;
2004-04-26 07:07:46 +04:00
r . in . lm_present = 1 ;
r . in . old_lm_crypted = & hash1 ;
r . in . new_lm_crypted = & hash2 ;
r . in . nt_present = 1 ;
r . in . old_nt_crypted = & hash3 ;
r . in . new_nt_crypted = & hash4 ;
r . in . cross1_present = 1 ;
r . in . nt_cross = & hash5 ;
r . in . cross2_present = 1 ;
r . in . lm_cross = & hash6 ;
2004-04-18 08:06:15 +04:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_ChangePasswordUser_r ( b , tctx , & r ) ,
" ChangePasswordUser failed " ) ;
2012-12-11 14:42:11 +04:00
torture_comment ( tctx , " (%s:%s) old_password[%s] new_password[%s] status[%s] \n " ,
__location__ , __FUNCTION__ ,
oldpass , newpass , nt_errstr ( r . out . result ) ) ;
2010-03-19 02:38:04 +03:00
if ( NT_STATUS_EQUAL ( r . out . result , NT_STATUS_PASSWORD_RESTRICTION ) ) {
torture_comment ( tctx , " ChangePasswordUser returned: %s perhaps min password age? (not fatal) \n " , nt_errstr ( r . out . result ) ) ;
} else if ( ! NT_STATUS_IS_OK ( r . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " ChangePasswordUser failed - %s \n " , nt_errstr ( r . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2004-04-26 07:07:46 +04:00
} else {
2007-10-07 02:28:14 +04:00
changed = true ;
2004-04-26 07:07:46 +04:00
* password = newpass ;
2004-04-18 08:06:15 +04:00
}
2007-03-06 08:30:25 +03:00
r . in . user_handle = & user_handle ;
r . in . lm_present = 1 ;
r . in . old_lm_crypted = & hash1 ;
r . in . new_lm_crypted = & hash2 ;
r . in . nt_present = 1 ;
r . in . old_nt_crypted = & hash3 ;
r . in . new_nt_crypted = & hash4 ;
r . in . cross1_present = 1 ;
r . in . nt_cross = & hash5 ;
r . in . cross2_present = 1 ;
r . in . lm_cross = & hash6 ;
if ( changed ) {
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_ChangePasswordUser_r ( b , tctx , & r ) ,
" ChangePasswordUser failed " ) ;
2012-12-11 14:42:11 +04:00
torture_comment ( tctx , " (%s:%s) old_password[%s] new_password[%s] status[%s] \n " ,
__location__ , __FUNCTION__ ,
oldpass , newpass , nt_errstr ( r . out . result ) ) ;
2010-03-19 02:38:04 +03:00
if ( NT_STATUS_EQUAL ( r . out . result , NT_STATUS_PASSWORD_RESTRICTION ) ) {
torture_comment ( tctx , " ChangePasswordUser returned: %s perhaps min password age? (not fatal) \n " , nt_errstr ( r . out . result ) ) ;
} else if ( ! NT_STATUS_EQUAL ( r . out . result , NT_STATUS_WRONG_PASSWORD ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " ChangePasswordUser failed: expected NT_STATUS_WRONG_PASSWORD because we already changed the password, got %s \n " , nt_errstr ( r . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2007-03-06 08:30:25 +03:00
}
}
2009-05-12 00:44:58 +04:00
2010-03-12 19:51:06 +03:00
if ( ! test_samr_handle_Close ( b , tctx , & user_handle ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2004-04-18 08:06:15 +04:00
}
return ret ;
}
2010-03-12 19:51:06 +03:00
static bool test_OemChangePasswordUser2 ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
2006-07-07 06:03:04 +04:00
const char * acct_name ,
2004-04-22 10:19:48 +04:00
struct policy_handle * handle , char * * password )
2004-04-19 09:48:03 +04:00
{
struct samr_OemChangePasswordUser2 r ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2004-06-04 15:58:46 +04:00
struct samr_Password lm_verifier ;
2004-04-21 09:01:31 +04:00
struct samr_CryptPassword lm_pass ;
2005-12-27 10:48:11 +03:00
struct lsa_AsciiString server , account , account_bad ;
2006-07-06 09:09:14 +04:00
char * oldpass ;
2004-10-20 06:08:36 +04:00
char * newpass ;
2010-03-12 19:51:06 +03:00
struct dcerpc_binding_handle * b = p - > binding_handle ;
2004-05-25 21:50:17 +04:00
uint8_t old_lm_hash [ 16 ] , new_lm_hash [ 16 ] ;
2004-04-19 09:48:03 +04:00
2004-10-20 06:08:36 +04:00
struct samr_GetDomPwInfo dom_pw_info ;
2008-11-05 03:34:55 +03:00
struct samr_PwInfo info ;
2004-10-20 06:08:36 +04:00
int policy_min_pw_len = 0 ;
2005-07-08 12:09:02 +04:00
struct lsa_String domain_name ;
2006-07-06 09:09:14 +04:00
2004-11-13 16:45:41 +03:00
domain_name . string = " " ;
2005-02-13 03:26:43 +03:00
dom_pw_info . in . domain_name = & domain_name ;
2008-11-05 03:34:55 +03:00
dom_pw_info . out . info = & info ;
2004-10-20 06:08:36 +04:00
2008-10-31 18:09:29 +03:00
torture_comment ( tctx , " Testing OemChangePasswordUser2 \n " ) ;
2004-04-19 09:48:03 +04:00
2009-05-12 00:44:58 +04:00
torture_assert ( tctx , * password ! = NULL ,
2008-10-31 18:09:29 +03:00
" Failing OemChangePasswordUser2 as old password was NULL. Previous test failed? " ) ;
2006-07-06 09:09:14 +04:00
oldpass = * password ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_GetDomPwInfo_r ( b , tctx , & dom_pw_info ) ,
" GetDomPwInfo failed " ) ;
if ( NT_STATUS_IS_OK ( dom_pw_info . out . result ) ) {
2008-11-05 03:34:55 +03:00
policy_min_pw_len = dom_pw_info . out . info - > min_password_length ;
2004-10-20 06:08:36 +04:00
}
2008-10-31 18:09:29 +03:00
newpass = samr_rand_pass ( tctx , policy_min_pw_len ) ;
2004-10-20 06:08:36 +04:00
2008-10-31 18:09:29 +03:00
server . string = talloc_asprintf ( tctx , " \\ \\ %s " , dcerpc_server_name ( p ) ) ;
2006-07-07 06:03:04 +04:00
account . string = acct_name ;
2004-04-19 09:48:03 +04:00
2004-04-21 09:01:31 +04:00
E_deshash ( oldpass , old_lm_hash ) ;
E_deshash ( newpass , new_lm_hash ) ;
2004-04-22 10:19:48 +04:00
encode_pw_buffer ( lm_pass . data , newpass , STR_ASCII ) ;
2004-06-04 03:15:16 +04:00
arcfour_crypt ( lm_pass . data , old_lm_hash , 516 ) ;
2004-04-21 09:01:31 +04:00
E_old_pw_hash ( new_lm_hash , old_lm_hash , lm_verifier . hash ) ;
2004-04-19 09:48:03 +04:00
r . in . server = & server ;
r . in . account = & account ;
2004-04-21 09:01:31 +04:00
r . in . password = & lm_pass ;
r . in . hash = & lm_verifier ;
2004-04-19 09:48:03 +04:00
2005-12-27 10:48:11 +03:00
/* Break the verification */
lm_verifier . hash [ 0 ] + + ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_OemChangePasswordUser2_r ( b , tctx , & r ) ,
" OemChangePasswordUser2 failed " ) ;
2012-12-11 14:42:11 +04:00
torture_comment ( tctx , " (%s:%s) old_password[%s] new_password[%s] status[%s] \n " ,
__location__ , __FUNCTION__ ,
oldpass , newpass , nt_errstr ( r . out . result ) ) ;
2005-12-27 10:48:11 +03:00
2010-03-19 02:38:04 +03:00
if ( ! NT_STATUS_EQUAL ( r . out . result , NT_STATUS_PASSWORD_RESTRICTION )
& & ! NT_STATUS_EQUAL ( r . out . result , NT_STATUS_WRONG_PASSWORD ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " OemChangePasswordUser2 failed, should have returned WRONG_PASSWORD (or at least 'PASSWORD_RESTRICTON') for invalid password verifier - %s \n " ,
2010-03-19 02:38:04 +03:00
nt_errstr ( r . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2005-12-27 10:48:11 +03:00
}
2007-03-06 08:30:25 +03:00
encode_pw_buffer ( lm_pass . data , newpass , STR_ASCII ) ;
/* Break the old password */
old_lm_hash [ 0 ] + + ;
arcfour_crypt ( lm_pass . data , old_lm_hash , 516 ) ;
/* unbreak it for the next operation */
old_lm_hash [ 0 ] - - ;
E_old_pw_hash ( new_lm_hash , old_lm_hash , lm_verifier . hash ) ;
r . in . server = & server ;
r . in . account = & account ;
r . in . password = & lm_pass ;
r . in . hash = & lm_verifier ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_OemChangePasswordUser2_r ( b , tctx , & r ) ,
" OemChangePasswordUser2 failed " ) ;
2012-12-11 14:42:11 +04:00
torture_comment ( tctx , " (%s:%s) old_password[%s] new_password[%s] status[%s] \n " ,
__location__ , __FUNCTION__ ,
oldpass , newpass , nt_errstr ( r . out . result ) ) ;
2007-03-06 08:30:25 +03:00
2010-03-19 02:38:04 +03:00
if ( ! NT_STATUS_EQUAL ( r . out . result , NT_STATUS_PASSWORD_RESTRICTION )
& & ! NT_STATUS_EQUAL ( r . out . result , NT_STATUS_WRONG_PASSWORD ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " OemChangePasswordUser2 failed, should have returned WRONG_PASSWORD (or at least 'PASSWORD_RESTRICTON') for invalidly encrpted password - %s \n " ,
2010-03-19 02:38:04 +03:00
nt_errstr ( r . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2007-03-06 08:30:25 +03:00
}
encode_pw_buffer ( lm_pass . data , newpass , STR_ASCII ) ;
arcfour_crypt ( lm_pass . data , old_lm_hash , 516 ) ;
r . in . server = & server ;
r . in . account = & account ;
r . in . password = & lm_pass ;
r . in . hash = NULL ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_OemChangePasswordUser2_r ( b , tctx , & r ) ,
" OemChangePasswordUser2 failed " ) ;
2012-12-11 14:42:11 +04:00
torture_comment ( tctx , " (%s:%s) old_password[%s] new_password[%s] status[%s] \n " ,
__location__ , __FUNCTION__ ,
oldpass , newpass , nt_errstr ( r . out . result ) ) ;
2007-03-06 08:30:25 +03:00
2010-03-19 02:38:04 +03:00
if ( ! NT_STATUS_EQUAL ( r . out . result , NT_STATUS_PASSWORD_RESTRICTION )
& & ! NT_STATUS_EQUAL ( r . out . result , NT_STATUS_INVALID_PARAMETER ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " OemChangePasswordUser2 failed, should have returned INVALID_PARAMETER (or at least 'PASSWORD_RESTRICTON') for no supplied validation hash - %s \n " ,
2010-03-19 02:38:04 +03:00
nt_errstr ( r . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2007-08-22 08:28:15 +04:00
}
/* This shouldn't be a valid name */
account_bad . string = TEST_ACCOUNT_NAME " XX " ;
r . in . account = & account_bad ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_OemChangePasswordUser2_r ( b , tctx , & r ) ,
" OemChangePasswordUser2 failed " ) ;
2012-12-11 14:42:11 +04:00
torture_comment ( tctx , " (%s:%s) old_password[%s] new_password[%s] status[%s] \n " ,
__location__ , __FUNCTION__ ,
oldpass , newpass , nt_errstr ( r . out . result ) ) ;
2007-08-22 08:28:15 +04:00
2010-03-19 02:38:04 +03:00
if ( ! NT_STATUS_EQUAL ( r . out . result , NT_STATUS_INVALID_PARAMETER ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " OemChangePasswordUser2 failed, should have returned INVALID_PARAMETER for no supplied validation hash and invalid user - %s \n " ,
2010-03-19 02:38:04 +03:00
nt_errstr ( r . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2007-03-06 08:30:25 +03:00
}
2005-12-27 10:48:11 +03:00
/* This shouldn't be a valid name */
account_bad . string = TEST_ACCOUNT_NAME " XX " ;
r . in . account = & account_bad ;
2007-08-22 08:28:15 +04:00
r . in . password = & lm_pass ;
r . in . hash = & lm_verifier ;
2005-12-27 10:48:11 +03:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_OemChangePasswordUser2_r ( b , tctx , & r ) ,
" OemChangePasswordUser2 failed " ) ;
2012-12-11 14:42:11 +04:00
torture_comment ( tctx , " (%s:%s) old_password[%s] new_password[%s] status[%s] \n " ,
__location__ , __FUNCTION__ ,
oldpass , newpass , nt_errstr ( r . out . result ) ) ;
2005-12-27 10:48:11 +03:00
2010-03-19 02:38:04 +03:00
if ( ! NT_STATUS_EQUAL ( r . out . result , NT_STATUS_WRONG_PASSWORD ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " OemChangePasswordUser2 failed, should have returned WRONG_PASSWORD for invalid user - %s \n " ,
2010-03-19 02:38:04 +03:00
nt_errstr ( r . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2005-12-27 10:48:11 +03:00
}
2007-08-22 08:28:15 +04:00
/* This shouldn't be a valid name */
account_bad . string = TEST_ACCOUNT_NAME " XX " ;
r . in . account = & account_bad ;
r . in . password = NULL ;
r . in . hash = & lm_verifier ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_OemChangePasswordUser2_r ( b , tctx , & r ) ,
" OemChangePasswordUser2 failed " ) ;
2012-12-11 14:42:11 +04:00
torture_comment ( tctx , " (%s:%s) old_password[%s] new_password[%s] status[%s] \n " ,
__location__ , __FUNCTION__ ,
oldpass , newpass , nt_errstr ( r . out . result ) ) ;
2007-08-22 08:28:15 +04:00
2010-03-19 02:38:04 +03:00
if ( ! NT_STATUS_EQUAL ( r . out . result , NT_STATUS_INVALID_PARAMETER ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " OemChangePasswordUser2 failed, should have returned INVALID_PARAMETER for no supplied password and invalid user - %s \n " ,
2010-03-19 02:38:04 +03:00
nt_errstr ( r . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2007-08-22 08:28:15 +04:00
}
2005-12-27 10:48:11 +03:00
E_deshash ( oldpass , old_lm_hash ) ;
E_deshash ( newpass , new_lm_hash ) ;
encode_pw_buffer ( lm_pass . data , newpass , STR_ASCII ) ;
arcfour_crypt ( lm_pass . data , old_lm_hash , 516 ) ;
E_old_pw_hash ( new_lm_hash , old_lm_hash , lm_verifier . hash ) ;
r . in . server = & server ;
r . in . account = & account ;
r . in . password = & lm_pass ;
r . in . hash = & lm_verifier ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_OemChangePasswordUser2_r ( b , tctx , & r ) ,
" OemChangePasswordUser2 failed " ) ;
2012-12-11 14:42:11 +04:00
torture_comment ( tctx , " (%s:%s) old_password[%s] new_password[%s] status[%s] \n " ,
__location__ , __FUNCTION__ ,
oldpass , newpass , nt_errstr ( r . out . result ) ) ;
2010-03-19 02:38:04 +03:00
if ( NT_STATUS_EQUAL ( r . out . result , NT_STATUS_PASSWORD_RESTRICTION ) ) {
torture_comment ( tctx , " OemChangePasswordUser2 returned: %s perhaps min password age? (not fatal) \n " , nt_errstr ( r . out . result ) ) ;
} else if ( ! NT_STATUS_IS_OK ( r . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " OemChangePasswordUser2 failed - %s \n " , nt_errstr ( r . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2004-04-22 10:19:48 +04:00
} else {
* password = newpass ;
2004-04-19 09:48:03 +04:00
}
return ret ;
}
2004-04-22 10:19:48 +04:00
2008-10-31 18:09:29 +03:00
static bool test_ChangePasswordUser2 ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2006-07-07 06:03:04 +04:00
const char * acct_name ,
2007-08-22 08:28:15 +04:00
char * * password ,
char * newpass , bool allow_password_restriction )
2004-04-19 09:48:03 +04:00
{
struct samr_ChangePasswordUser2 r ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2005-07-08 12:09:02 +04:00
struct lsa_String server , account ;
2004-04-19 09:48:03 +04:00
struct samr_CryptPassword nt_pass , lm_pass ;
2004-06-04 15:58:46 +04:00
struct samr_Password nt_verifier , lm_verifier ;
2006-07-06 09:09:14 +04:00
char * oldpass ;
2010-03-12 19:51:06 +03:00
struct dcerpc_binding_handle * b = p - > binding_handle ;
2004-05-25 21:50:17 +04:00
uint8_t old_nt_hash [ 16 ] , new_nt_hash [ 16 ] ;
uint8_t old_lm_hash [ 16 ] , new_lm_hash [ 16 ] ;
2004-04-19 09:48:03 +04:00
2004-10-20 06:08:36 +04:00
struct samr_GetDomPwInfo dom_pw_info ;
2008-11-05 03:34:55 +03:00
struct samr_PwInfo info ;
2004-10-20 06:08:36 +04:00
2005-07-08 12:09:02 +04:00
struct lsa_String domain_name ;
2006-07-06 09:09:14 +04:00
2004-11-13 16:45:41 +03:00
domain_name . string = " " ;
2005-02-13 03:26:43 +03:00
dom_pw_info . in . domain_name = & domain_name ;
2008-11-05 03:34:55 +03:00
dom_pw_info . out . info = & info ;
2004-10-20 06:08:36 +04:00
2008-10-31 18:09:29 +03:00
torture_comment ( tctx , " Testing ChangePasswordUser2 on %s \n " , acct_name ) ;
2004-04-19 09:48:03 +04:00
2009-05-12 00:44:58 +04:00
torture_assert ( tctx , * password ! = NULL ,
2008-11-04 21:37:55 +03:00
" Failing ChangePasswordUser2 as old password was NULL. Previous test failed? " ) ;
2006-07-06 09:09:14 +04:00
oldpass = * password ;
2007-08-22 08:28:15 +04:00
if ( ! newpass ) {
int policy_min_pw_len = 0 ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_GetDomPwInfo_r ( b , tctx , & dom_pw_info ) ,
" GetDomPwInfo failed " ) ;
if ( NT_STATUS_IS_OK ( dom_pw_info . out . result ) ) {
2008-11-05 03:34:55 +03:00
policy_min_pw_len = dom_pw_info . out . info - > min_password_length ;
2007-08-22 08:28:15 +04:00
}
2004-10-20 06:08:36 +04:00
2008-10-31 18:09:29 +03:00
newpass = samr_rand_pass ( tctx , policy_min_pw_len ) ;
2009-05-12 00:44:58 +04:00
}
2004-10-20 06:08:36 +04:00
2008-10-31 18:09:29 +03:00
server . string = talloc_asprintf ( tctx , " \\ \\ %s " , dcerpc_server_name ( p ) ) ;
2006-07-07 06:03:04 +04:00
init_lsa_String ( & account , acct_name ) ;
2004-04-19 09:48:03 +04:00
2004-04-21 09:01:31 +04:00
E_md4hash ( oldpass , old_nt_hash ) ;
E_md4hash ( newpass , new_nt_hash ) ;
E_deshash ( oldpass , old_lm_hash ) ;
E_deshash ( newpass , new_lm_hash ) ;
2004-04-22 10:19:48 +04:00
encode_pw_buffer ( lm_pass . data , newpass , STR_ASCII | STR_TERMINATE ) ;
2004-06-04 03:15:16 +04:00
arcfour_crypt ( lm_pass . data , old_lm_hash , 516 ) ;
2004-11-26 08:58:03 +03:00
E_old_pw_hash ( new_nt_hash , old_lm_hash , lm_verifier . hash ) ;
2004-04-21 09:01:31 +04:00
encode_pw_buffer ( nt_pass . data , newpass , STR_UNICODE ) ;
2004-06-04 03:15:16 +04:00
arcfour_crypt ( nt_pass . data , old_nt_hash , 516 ) ;
2004-04-21 09:01:31 +04:00
E_old_pw_hash ( new_nt_hash , old_nt_hash , nt_verifier . hash ) ;
2004-04-19 09:48:03 +04:00
r . in . server = & server ;
r . in . account = & account ;
r . in . nt_password = & nt_pass ;
r . in . nt_verifier = & nt_verifier ;
r . in . lm_change = 1 ;
r . in . lm_password = & lm_pass ;
r . in . lm_verifier = & lm_verifier ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_ChangePasswordUser2_r ( b , tctx , & r ) ,
" ChangePasswordUser2 failed " ) ;
2012-12-11 14:42:11 +04:00
torture_comment ( tctx , " (%s:%s) old_password[%s] new_password[%s] status[%s] \n " ,
__location__ , __FUNCTION__ ,
oldpass , newpass , nt_errstr ( r . out . result ) ) ;
2010-03-19 02:38:04 +03:00
if ( allow_password_restriction & & NT_STATUS_EQUAL ( r . out . result , NT_STATUS_PASSWORD_RESTRICTION ) ) {
torture_comment ( tctx , " ChangePasswordUser2 returned: %s perhaps min password age? (not fatal) \n " , nt_errstr ( r . out . result ) ) ;
} else if ( ! NT_STATUS_IS_OK ( r . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " ChangePasswordUser2 failed - %s \n " , nt_errstr ( r . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2004-04-22 10:19:48 +04:00
} else {
* password = newpass ;
}
return ret ;
}
2013-10-31 07:57:10 +04:00
static bool test_ChangePasswordUser2_ntstatus ( struct dcerpc_pipe * p , struct torture_context * tctx ,
const char * acct_name ,
const char * password , NTSTATUS status )
{
struct samr_ChangePasswordUser2 r ;
struct lsa_String server , account ;
struct samr_CryptPassword nt_pass , lm_pass ;
struct samr_Password nt_verifier , lm_verifier ;
const char * oldpass ;
struct dcerpc_binding_handle * b = p - > binding_handle ;
uint8_t old_nt_hash [ 16 ] , new_nt_hash [ 16 ] ;
uint8_t old_lm_hash [ 16 ] , new_lm_hash [ 16 ] ;
struct samr_GetDomPwInfo dom_pw_info ;
struct samr_PwInfo info ;
struct lsa_String domain_name ;
char * newpass ;
int policy_min_pw_len = 0 ;
domain_name . string = " " ;
dom_pw_info . in . domain_name = & domain_name ;
dom_pw_info . out . info = & info ;
torture_comment ( tctx , " Testing ChangePasswordUser2 on %s \n " , acct_name ) ;
oldpass = password ;
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_GetDomPwInfo_r ( b , tctx , & dom_pw_info ) ,
" GetDomPwInfo failed " ) ;
if ( NT_STATUS_IS_OK ( dom_pw_info . out . result ) ) {
policy_min_pw_len = dom_pw_info . out . info - > min_password_length ;
}
newpass = samr_rand_pass ( tctx , policy_min_pw_len ) ;
server . string = talloc_asprintf ( tctx , " \\ \\ %s " , dcerpc_server_name ( p ) ) ;
init_lsa_String ( & account , acct_name ) ;
E_md4hash ( oldpass , old_nt_hash ) ;
E_md4hash ( newpass , new_nt_hash ) ;
E_deshash ( oldpass , old_lm_hash ) ;
E_deshash ( newpass , new_lm_hash ) ;
encode_pw_buffer ( lm_pass . data , newpass , STR_ASCII | STR_TERMINATE ) ;
arcfour_crypt ( lm_pass . data , old_lm_hash , 516 ) ;
E_old_pw_hash ( new_nt_hash , old_lm_hash , lm_verifier . hash ) ;
encode_pw_buffer ( nt_pass . data , newpass , STR_UNICODE ) ;
arcfour_crypt ( nt_pass . data , old_nt_hash , 516 ) ;
E_old_pw_hash ( new_nt_hash , old_nt_hash , nt_verifier . hash ) ;
r . in . server = & server ;
r . in . account = & account ;
r . in . nt_password = & nt_pass ;
r . in . nt_verifier = & nt_verifier ;
r . in . lm_change = 1 ;
r . in . lm_password = & lm_pass ;
r . in . lm_verifier = & lm_verifier ;
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_ChangePasswordUser2_r ( b , tctx , & r ) ,
" ChangePasswordUser2 failed " ) ;
torture_comment ( tctx , " (%s:%s) old_password[%s] new_password[%s] status[%s] \n " ,
__location__ , __FUNCTION__ ,
oldpass , newpass , nt_errstr ( r . out . result ) ) ;
if ( NT_STATUS_EQUAL ( r . out . result , NT_STATUS_PASSWORD_RESTRICTION ) ) {
torture_comment ( tctx , " ChangePasswordUser2 returned: %s perhaps min password age? (not fatal) \n " , nt_errstr ( r . out . result ) ) ;
} else {
torture_assert_ntstatus_equal ( tctx , r . out . result , status , " ChangePasswordUser2 returned unexpected value " ) ;
}
return true ;
}
2009-05-12 00:44:58 +04:00
bool test_ChangePasswordUser3 ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2005-10-04 05:02:06 +04:00
const char * account_string ,
int policy_min_pw_len ,
2006-09-21 03:32:56 +04:00
char * * password ,
const char * newpass ,
NTTIME last_password_change ,
2007-10-07 02:28:14 +04:00
bool handle_reject_reason )
2004-04-22 10:19:48 +04:00
{
struct samr_ChangePasswordUser3 r ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2005-12-27 10:48:11 +03:00
struct lsa_String server , account , account_bad ;
2004-04-22 10:19:48 +04:00
struct samr_CryptPassword nt_pass , lm_pass ;
2004-06-04 15:58:46 +04:00
struct samr_Password nt_verifier , lm_verifier ;
2006-07-06 09:09:14 +04:00
char * oldpass ;
2010-03-12 19:51:06 +03:00
struct dcerpc_binding_handle * b = p - > binding_handle ;
2004-05-25 21:50:17 +04:00
uint8_t old_nt_hash [ 16 ] , new_nt_hash [ 16 ] ;
uint8_t old_lm_hash [ 16 ] , new_lm_hash [ 16 ] ;
2006-09-21 03:32:56 +04:00
NTTIME t ;
2008-11-04 21:40:24 +03:00
struct samr_DomInfo1 * dominfo = NULL ;
2009-09-26 00:44:00 +04:00
struct userPwdChangeFailureInformation * reject = NULL ;
2004-04-22 10:19:48 +04:00
2008-10-31 18:09:29 +03:00
torture_comment ( tctx , " Testing ChangePasswordUser3 \n " ) ;
2004-04-22 10:19:48 +04:00
2006-09-21 03:32:56 +04:00
if ( newpass = = NULL ) {
2007-03-06 08:30:25 +03:00
do {
if ( policy_min_pw_len = = 0 ) {
2008-10-31 18:09:29 +03:00
newpass = samr_rand_pass ( tctx , policy_min_pw_len ) ;
2007-03-06 08:30:25 +03:00
} else {
2008-10-31 18:09:29 +03:00
newpass = samr_rand_pass_fixed_len ( tctx , policy_min_pw_len ) ;
2007-03-06 08:30:25 +03:00
}
2007-10-07 02:28:14 +04:00
} while ( check_password_quality ( newpass ) = = false ) ;
2006-09-21 03:32:56 +04:00
} else {
2008-10-31 18:09:29 +03:00
torture_comment ( tctx , " Using password '%s' \n " , newpass ) ;
2006-09-21 03:32:56 +04:00
}
2009-05-12 00:44:58 +04:00
torture_assert ( tctx , * password ! = NULL ,
2008-10-31 18:09:29 +03:00
" Failing ChangePasswordUser3 as old password was NULL. Previous test failed? " ) ;
2006-07-06 09:09:14 +04:00
oldpass = * password ;
2008-10-31 18:09:29 +03:00
server . string = talloc_asprintf ( tctx , " \\ \\ %s " , dcerpc_server_name ( p ) ) ;
2005-10-04 05:02:06 +04:00
init_lsa_String ( & account , account_string ) ;
2004-04-22 10:19:48 +04:00
E_md4hash ( oldpass , old_nt_hash ) ;
E_md4hash ( newpass , new_nt_hash ) ;
E_deshash ( oldpass , old_lm_hash ) ;
E_deshash ( newpass , new_lm_hash ) ;
encode_pw_buffer ( lm_pass . data , newpass , STR_UNICODE ) ;
2004-06-04 03:15:16 +04:00
arcfour_crypt ( lm_pass . data , old_nt_hash , 516 ) ;
2004-11-26 08:58:03 +03:00
E_old_pw_hash ( new_nt_hash , old_lm_hash , lm_verifier . hash ) ;
2004-04-22 10:19:48 +04:00
2005-12-27 10:48:11 +03:00
encode_pw_buffer ( nt_pass . data , newpass , STR_UNICODE ) ;
arcfour_crypt ( nt_pass . data , old_nt_hash , 516 ) ;
E_old_pw_hash ( new_nt_hash , old_nt_hash , nt_verifier . hash ) ;
2009-05-12 00:44:58 +04:00
2005-12-27 10:48:11 +03:00
/* Break the verification */
nt_verifier . hash [ 0 ] + + ;
r . in . server = & server ;
r . in . account = & account ;
r . in . nt_password = & nt_pass ;
r . in . nt_verifier = & nt_verifier ;
r . in . lm_change = 1 ;
r . in . lm_password = & lm_pass ;
r . in . lm_verifier = & lm_verifier ;
r . in . password3 = NULL ;
2008-11-04 21:40:24 +03:00
r . out . dominfo = & dominfo ;
r . out . reject = & reject ;
2005-12-27 10:48:11 +03:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_ChangePasswordUser3_r ( b , tctx , & r ) ,
" ChangePasswordUser3 failed " ) ;
2012-12-11 14:42:11 +04:00
torture_comment ( tctx , " (%s:%s) old_password[%s] new_password[%s] status[%s] \n " ,
__location__ , __FUNCTION__ ,
oldpass , newpass , nt_errstr ( r . out . result ) ) ;
2010-03-19 02:38:04 +03:00
if ( ! NT_STATUS_EQUAL ( r . out . result , NT_STATUS_PASSWORD_RESTRICTION ) & &
( ! NT_STATUS_EQUAL ( r . out . result , NT_STATUS_WRONG_PASSWORD ) ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " ChangePasswordUser3 failed, should have returned WRONG_PASSWORD (or at least 'PASSWORD_RESTRICTON') for invalid password verifier - %s \n " ,
2010-03-19 02:38:04 +03:00
nt_errstr ( r . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2005-12-27 10:48:11 +03:00
}
2009-05-12 00:44:58 +04:00
2007-03-06 08:30:25 +03:00
encode_pw_buffer ( lm_pass . data , newpass , STR_UNICODE ) ;
arcfour_crypt ( lm_pass . data , old_nt_hash , 516 ) ;
E_old_pw_hash ( new_nt_hash , old_lm_hash , lm_verifier . hash ) ;
encode_pw_buffer ( nt_pass . data , newpass , STR_UNICODE ) ;
/* Break the NT hash */
old_nt_hash [ 0 ] + + ;
arcfour_crypt ( nt_pass . data , old_nt_hash , 516 ) ;
/* Unbreak it again */
old_nt_hash [ 0 ] - - ;
E_old_pw_hash ( new_nt_hash , old_nt_hash , nt_verifier . hash ) ;
2009-05-12 00:44:58 +04:00
2007-03-06 08:30:25 +03:00
r . in . server = & server ;
r . in . account = & account ;
r . in . nt_password = & nt_pass ;
r . in . nt_verifier = & nt_verifier ;
r . in . lm_change = 1 ;
r . in . lm_password = & lm_pass ;
r . in . lm_verifier = & lm_verifier ;
r . in . password3 = NULL ;
2008-11-04 21:40:24 +03:00
r . out . dominfo = & dominfo ;
r . out . reject = & reject ;
2007-03-06 08:30:25 +03:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_ChangePasswordUser3_r ( b , tctx , & r ) ,
" ChangePasswordUser3 failed " ) ;
2012-12-11 14:42:11 +04:00
torture_comment ( tctx , " (%s:%s) old_password[%s] new_password[%s] status[%s] \n " ,
__location__ , __FUNCTION__ ,
oldpass , newpass , nt_errstr ( r . out . result ) ) ;
2010-03-19 02:38:04 +03:00
if ( ! NT_STATUS_EQUAL ( r . out . result , NT_STATUS_PASSWORD_RESTRICTION ) & &
( ! NT_STATUS_EQUAL ( r . out . result , NT_STATUS_WRONG_PASSWORD ) ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " ChangePasswordUser3 failed, should have returned WRONG_PASSWORD (or at least 'PASSWORD_RESTRICTON') for invalidly encrpted password - %s \n " ,
2010-03-19 02:38:04 +03:00
nt_errstr ( r . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2007-03-06 08:30:25 +03:00
}
2009-05-12 00:44:58 +04:00
2005-12-27 10:48:11 +03:00
/* This shouldn't be a valid name */
2008-10-31 18:09:29 +03:00
init_lsa_String ( & account_bad , talloc_asprintf ( tctx , " %sXX " , account_string ) ) ;
2005-12-27 10:48:11 +03:00
r . in . account = & account_bad ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_ChangePasswordUser3_r ( b , tctx , & r ) ,
" ChangePasswordUser3 failed " ) ;
2012-12-11 14:42:11 +04:00
torture_comment ( tctx , " (%s:%s) old_password[%s] new_password[%s] status[%s] \n " ,
__location__ , __FUNCTION__ ,
oldpass , newpass , nt_errstr ( r . out . result ) ) ;
2010-03-19 02:38:04 +03:00
if ( ! NT_STATUS_EQUAL ( r . out . result , NT_STATUS_WRONG_PASSWORD ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " ChangePasswordUser3 failed, should have returned WRONG_PASSWORD for invalid username - %s \n " ,
2010-03-19 02:38:04 +03:00
nt_errstr ( r . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2005-12-27 10:48:11 +03:00
}
E_md4hash ( oldpass , old_nt_hash ) ;
E_md4hash ( newpass , new_nt_hash ) ;
E_deshash ( oldpass , old_lm_hash ) ;
E_deshash ( newpass , new_lm_hash ) ;
encode_pw_buffer ( lm_pass . data , newpass , STR_UNICODE ) ;
arcfour_crypt ( lm_pass . data , old_nt_hash , 516 ) ;
E_old_pw_hash ( new_nt_hash , old_lm_hash , lm_verifier . hash ) ;
2004-04-22 10:19:48 +04:00
encode_pw_buffer ( nt_pass . data , newpass , STR_UNICODE ) ;
2004-06-04 03:15:16 +04:00
arcfour_crypt ( nt_pass . data , old_nt_hash , 516 ) ;
2004-04-22 10:19:48 +04:00
E_old_pw_hash ( new_nt_hash , old_nt_hash , nt_verifier . hash ) ;
r . in . server = & server ;
r . in . account = & account ;
r . in . nt_password = & nt_pass ;
r . in . nt_verifier = & nt_verifier ;
r . in . lm_change = 1 ;
r . in . lm_password = & lm_pass ;
r . in . lm_verifier = & lm_verifier ;
r . in . password3 = NULL ;
2008-11-04 21:40:24 +03:00
r . out . dominfo = & dominfo ;
r . out . reject = & reject ;
2004-04-22 10:19:48 +04:00
2006-09-21 03:32:56 +04:00
unix_to_nt_time ( & t , time ( NULL ) ) ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_ChangePasswordUser3_r ( b , tctx , & r ) ,
" ChangePasswordUser3 failed " ) ;
2012-12-11 14:42:11 +04:00
torture_comment ( tctx , " (%s:%s) old_password[%s] new_password[%s] status[%s] \n " ,
__location__ , __FUNCTION__ ,
oldpass , newpass , nt_errstr ( r . out . result ) ) ;
torture_comment ( tctx , " (%s): dominfo[%s], reject[%s], handle_reject_reason[%s], "
" last_password_change[%s], dominfo->min_password_age[%lld] \n " ,
__location__ ,
( dominfo = = NULL ) ? " NULL " : " present " ,
reject ? " true " : " false " ,
handle_reject_reason ? " true " : " false " ,
null_nttime ( last_password_change ) ? " null " : " not null " ,
dominfo ? ( long long ) dominfo - > min_password_age : ( long long ) 0 ) ;
2006-09-21 03:32:56 +04:00
2010-03-19 02:38:04 +03:00
if ( NT_STATUS_EQUAL ( r . out . result , NT_STATUS_PASSWORD_RESTRICTION )
2008-11-04 21:40:24 +03:00
& & dominfo
& & reject
2007-08-22 08:28:15 +04:00
& & handle_reject_reason
2008-11-04 21:40:24 +03:00
& & ( ! null_nttime ( last_password_change ) | | ! dominfo - > min_password_age ) ) {
if ( dominfo - > password_properties & DOMAIN_REFUSE_PASSWORD_CHANGE ) {
2006-09-21 03:32:56 +04:00
2009-09-26 00:44:00 +04:00
if ( reject & & ( reject - > extendedFailureReason ! = SAM_PWD_CHANGE_NO_ERROR ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " expected SAM_PWD_CHANGE_NO_ERROR (%d), got %d \n " ,
2009-09-26 00:44:00 +04:00
SAM_PWD_CHANGE_NO_ERROR , reject - > extendedFailureReason ) ;
2007-10-07 02:28:14 +04:00
return false ;
2006-09-21 03:32:56 +04:00
}
2004-10-20 06:08:36 +04:00
}
2006-09-21 03:32:56 +04:00
/* We tested the order of precendence which is as follows:
2009-05-12 00:44:58 +04:00
* pwd min_age
2006-09-21 03:32:56 +04:00
* pwd length
* pwd complexity
* pwd history
Guenther */
2012-12-11 16:34:49 +04:00
if ( ( dominfo - > min_password_age < 0 ) & & ! null_nttime ( last_password_change ) & &
( last_password_change - dominfo - > min_password_age > t ) ) {
2006-09-21 03:32:56 +04:00
2009-09-26 00:44:00 +04:00
if ( reject - > extendedFailureReason ! = SAM_PWD_CHANGE_NO_ERROR ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " expected SAM_PWD_CHANGE_NO_ERROR (%d), got %d \n " ,
2009-09-26 00:44:00 +04:00
SAM_PWD_CHANGE_NO_ERROR , reject - > extendedFailureReason ) ;
2007-10-07 02:28:14 +04:00
return false ;
2006-09-21 03:32:56 +04:00
}
2008-11-04 21:40:24 +03:00
} else if ( ( dominfo - > min_password_length > 0 ) & &
( strlen ( newpass ) < dominfo - > min_password_length ) ) {
2006-09-21 03:32:56 +04:00
2009-09-26 00:44:00 +04:00
if ( reject - > extendedFailureReason ! = SAM_PWD_CHANGE_PASSWORD_TOO_SHORT ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " expected SAM_PWD_CHANGE_PASSWORD_TOO_SHORT (%d), got %d \n " ,
2009-09-26 00:44:00 +04:00
SAM_PWD_CHANGE_PASSWORD_TOO_SHORT , reject - > extendedFailureReason ) ;
2007-10-07 02:28:14 +04:00
return false ;
2006-09-21 03:32:56 +04:00
}
2008-11-04 21:40:24 +03:00
} else if ( ( dominfo - > password_history_length > 0 ) & &
2006-09-21 03:32:56 +04:00
strequal ( oldpass , newpass ) ) {
2009-09-26 00:44:00 +04:00
if ( reject - > extendedFailureReason ! = SAM_PWD_CHANGE_PWD_IN_HISTORY ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " expected SAM_PWD_CHANGE_PWD_IN_HISTORY (%d), got %d \n " ,
2009-09-26 00:44:00 +04:00
SAM_PWD_CHANGE_PWD_IN_HISTORY , reject - > extendedFailureReason ) ;
2007-10-07 02:28:14 +04:00
return false ;
2006-09-21 03:32:56 +04:00
}
2008-11-04 21:40:24 +03:00
} else if ( dominfo - > password_properties & DOMAIN_PASSWORD_COMPLEX ) {
2007-03-06 08:30:25 +03:00
2009-09-26 00:44:00 +04:00
if ( reject - > extendedFailureReason ! = SAM_PWD_CHANGE_NOT_COMPLEX ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " expected SAM_PWD_CHANGE_NOT_COMPLEX (%d), got %d \n " ,
2009-09-26 00:44:00 +04:00
SAM_PWD_CHANGE_NOT_COMPLEX , reject - > extendedFailureReason ) ;
2007-10-07 02:28:14 +04:00
return false ;
2007-03-06 08:30:25 +03:00
}
2004-10-20 06:08:36 +04:00
}
2006-09-21 03:32:56 +04:00
2009-09-26 00:44:00 +04:00
if ( reject - > extendedFailureReason = = SAM_PWD_CHANGE_PASSWORD_TOO_SHORT ) {
2006-09-21 03:32:56 +04:00
/* retry with adjusted size */
2009-05-12 00:44:58 +04:00
return test_ChangePasswordUser3 ( p , tctx , account_string ,
2008-11-04 21:40:24 +03:00
dominfo - > min_password_length ,
2009-05-12 00:44:58 +04:00
password , NULL , 0 , false ) ;
2006-09-21 03:32:56 +04:00
}
2010-03-19 02:38:04 +03:00
} else if ( NT_STATUS_EQUAL ( r . out . result , NT_STATUS_PASSWORD_RESTRICTION ) ) {
2009-09-26 00:44:00 +04:00
if ( reject & & reject - > extendedFailureReason ! = SAM_PWD_CHANGE_NO_ERROR ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " expected SAM_PWD_CHANGE_NO_ERROR (%d), got %d \n " ,
2009-09-26 00:44:00 +04:00
SAM_PWD_CHANGE_NO_ERROR , reject - > extendedFailureReason ) ;
2007-10-07 02:28:14 +04:00
return false ;
2007-08-22 08:28:15 +04:00
}
/* Perhaps the server has a 'min password age' set? */
2009-05-12 00:44:58 +04:00
} else {
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , r . out . result , " ChangePasswordUser3 " ) ;
2008-10-31 18:09:29 +03:00
* password = talloc_strdup ( tctx , newpass ) ;
2004-04-19 09:48:03 +04:00
}
return ret ;
}
2008-10-31 18:09:29 +03:00
bool test_ChangePasswordRandomBytes ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2008-10-17 06:00:24 +04:00
const char * account_string ,
2009-05-12 00:44:58 +04:00
struct policy_handle * handle ,
2008-10-17 06:00:24 +04:00
char * * password )
{
NTSTATUS status ;
struct samr_ChangePasswordUser3 r ;
struct samr_SetUserInfo s ;
union samr_UserInfo u ;
DATA_BLOB session_key ;
2008-10-31 18:09:29 +03:00
DATA_BLOB confounded_session_key = data_blob_talloc ( tctx , NULL , 16 ) ;
2008-10-17 06:00:24 +04:00
uint8_t confounder [ 16 ] ;
2013-06-08 09:48:40 +04:00
MD5_CTX ctx ;
2008-10-17 06:00:24 +04:00
bool ret = true ;
struct lsa_String server , account ;
struct samr_CryptPassword nt_pass ;
struct samr_Password nt_verifier ;
DATA_BLOB new_random_pass ;
char * newpass ;
char * oldpass ;
2010-03-12 19:51:06 +03:00
struct dcerpc_binding_handle * b = p - > binding_handle ;
2008-10-17 06:00:24 +04:00
uint8_t old_nt_hash [ 16 ] , new_nt_hash [ 16 ] ;
NTTIME t ;
2008-11-04 21:40:24 +03:00
struct samr_DomInfo1 * dominfo = NULL ;
2009-09-26 00:44:00 +04:00
struct userPwdChangeFailureInformation * reject = NULL ;
2008-10-17 06:00:24 +04:00
2008-10-31 18:09:29 +03:00
new_random_pass = samr_very_rand_pass ( tctx , 128 ) ;
2008-10-17 06:00:24 +04:00
2009-05-12 00:44:58 +04:00
torture_assert ( tctx , * password ! = NULL ,
2008-10-31 18:09:29 +03:00
" Failing ChangePasswordUser3 as old password was NULL. Previous test failed? " ) ;
2008-10-17 06:00:24 +04:00
oldpass = * password ;
2008-10-31 18:09:29 +03:00
server . string = talloc_asprintf ( tctx , " \\ \\ %s " , dcerpc_server_name ( p ) ) ;
2008-10-17 06:00:24 +04:00
init_lsa_String ( & account , account_string ) ;
s . in . user_handle = handle ;
s . in . info = & u ;
s . in . level = 25 ;
ZERO_STRUCT ( u ) ;
2008-12-04 20:18:06 +03:00
u . info25 . info . fields_present = SAMR_FIELD_NT_PASSWORD_PRESENT ;
2008-10-17 06:00:24 +04:00
set_pw_in_buffer ( u . info25 . password . data , & new_random_pass ) ;
status = dcerpc_fetch_session_key ( p , & session_key ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " SetUserInfo level %u - no session key - %s \n " ,
2008-10-17 06:00:24 +04:00
s . in . level , nt_errstr ( status ) ) ;
return false ;
}
generate_random_buffer ( ( uint8_t * ) confounder , 16 ) ;
MD5Init ( & ctx ) ;
MD5Update ( & ctx , confounder , 16 ) ;
MD5Update ( & ctx , session_key . data , session_key . length ) ;
MD5Final ( confounded_session_key . data , & ctx ) ;
arcfour_crypt_blob ( u . info25 . password . data , 516 , & confounded_session_key ) ;
memcpy ( & u . info25 . password . data [ 516 ] , confounder , 16 ) ;
2008-10-31 18:09:29 +03:00
torture_comment ( tctx , " Testing SetUserInfo level 25 (set password ex) with a password made up of only random bytes \n " ) ;
2008-10-17 06:00:24 +04:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_SetUserInfo_r ( b , tctx , & s ) ,
" SetUserInfo failed " ) ;
2012-12-11 14:42:11 +04:00
torture_comment ( tctx , " (%s:%s) old_password[%s] new_password[%s] status[%s] \n " ,
__location__ , __FUNCTION__ ,
oldpass , " RANDOM " , nt_errstr ( s . out . result ) ) ;
2010-03-19 02:38:04 +03:00
if ( ! NT_STATUS_IS_OK ( s . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " SetUserInfo level %u failed - %s \n " ,
2010-03-19 02:38:04 +03:00
s . in . level , nt_errstr ( s . out . result ) ) ;
2008-10-17 06:00:24 +04:00
ret = false ;
}
2008-10-31 18:09:29 +03:00
torture_comment ( tctx , " Testing ChangePasswordUser3 with a password made up of only random bytes \n " ) ;
2008-10-17 06:00:24 +04:00
mdfour ( old_nt_hash , new_random_pass . data , new_random_pass . length ) ;
2008-10-31 18:09:29 +03:00
new_random_pass = samr_very_rand_pass ( tctx , 128 ) ;
2008-10-17 06:00:24 +04:00
mdfour ( new_nt_hash , new_random_pass . data , new_random_pass . length ) ;
set_pw_in_buffer ( nt_pass . data , & new_random_pass ) ;
arcfour_crypt ( nt_pass . data , old_nt_hash , 516 ) ;
E_old_pw_hash ( new_nt_hash , old_nt_hash , nt_verifier . hash ) ;
r . in . server = & server ;
r . in . account = & account ;
r . in . nt_password = & nt_pass ;
r . in . nt_verifier = & nt_verifier ;
r . in . lm_change = 0 ;
r . in . lm_password = NULL ;
r . in . lm_verifier = NULL ;
r . in . password3 = NULL ;
2008-11-04 21:40:24 +03:00
r . out . dominfo = & dominfo ;
r . out . reject = & reject ;
2008-10-17 06:00:24 +04:00
unix_to_nt_time ( & t , time ( NULL ) ) ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_ChangePasswordUser3_r ( b , tctx , & r ) ,
" ChangePasswordUser3 failed " ) ;
2012-12-11 14:42:11 +04:00
torture_comment ( tctx , " (%s:%s) old_password[%s] new_password[%s] status[%s] \n " ,
__location__ , __FUNCTION__ ,
oldpass , " RANDOM " , nt_errstr ( r . out . result ) ) ;
2008-10-17 06:00:24 +04:00
2010-03-19 02:38:04 +03:00
if ( NT_STATUS_EQUAL ( r . out . result , NT_STATUS_PASSWORD_RESTRICTION ) ) {
2009-09-26 00:44:00 +04:00
if ( reject & & reject - > extendedFailureReason ! = SAM_PWD_CHANGE_NO_ERROR ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " expected SAM_PWD_CHANGE_NO_ERROR (%d), got %d \n " ,
2009-09-26 00:44:00 +04:00
SAM_PWD_CHANGE_NO_ERROR , reject - > extendedFailureReason ) ;
2008-10-17 06:00:24 +04:00
return false ;
}
/* Perhaps the server has a 'min password age' set? */
2010-03-19 02:38:04 +03:00
} else if ( ! NT_STATUS_IS_OK ( r . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " ChangePasswordUser3 failed - %s \n " , nt_errstr ( r . out . result ) ) ;
2008-10-17 06:00:24 +04:00
ret = false ;
}
2009-05-12 00:44:58 +04:00
2008-10-31 18:09:29 +03:00
newpass = samr_rand_pass ( tctx , 128 ) ;
2008-10-17 06:00:24 +04:00
mdfour ( old_nt_hash , new_random_pass . data , new_random_pass . length ) ;
E_md4hash ( newpass , new_nt_hash ) ;
encode_pw_buffer ( nt_pass . data , newpass , STR_UNICODE ) ;
arcfour_crypt ( nt_pass . data , old_nt_hash , 516 ) ;
E_old_pw_hash ( new_nt_hash , old_nt_hash , nt_verifier . hash ) ;
r . in . server = & server ;
r . in . account = & account ;
r . in . nt_password = & nt_pass ;
r . in . nt_verifier = & nt_verifier ;
r . in . lm_change = 0 ;
r . in . lm_password = NULL ;
r . in . lm_verifier = NULL ;
r . in . password3 = NULL ;
2008-11-04 21:40:24 +03:00
r . out . dominfo = & dominfo ;
r . out . reject = & reject ;
2008-10-17 06:00:24 +04:00
unix_to_nt_time ( & t , time ( NULL ) ) ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_ChangePasswordUser3_r ( b , tctx , & r ) ,
" ChangePasswordUser3 failed " ) ;
2012-12-11 14:42:11 +04:00
torture_comment ( tctx , " (%s:%s) old_password[%s] new_password[%s] status[%s] \n " ,
__location__ , __FUNCTION__ ,
oldpass , newpass , nt_errstr ( r . out . result ) ) ;
2008-10-17 06:00:24 +04:00
2010-03-19 02:38:04 +03:00
if ( NT_STATUS_EQUAL ( r . out . result , NT_STATUS_PASSWORD_RESTRICTION ) ) {
2009-09-26 00:44:00 +04:00
if ( reject & & reject - > extendedFailureReason ! = SAM_PWD_CHANGE_NO_ERROR ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " expected SAM_PWD_CHANGE_NO_ERROR (%d), got %d \n " ,
2009-09-26 00:44:00 +04:00
SAM_PWD_CHANGE_NO_ERROR , reject - > extendedFailureReason ) ;
2008-10-17 06:00:24 +04:00
return false ;
}
/* Perhaps the server has a 'min password age' set? */
} else {
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , r . out . result , " ChangePasswordUser3 (on second random password) " ) ;
2008-10-31 18:09:29 +03:00
* password = talloc_strdup ( tctx , newpass ) ;
2008-10-17 06:00:24 +04:00
}
return ret ;
}
2004-04-19 09:48:03 +04:00
2010-03-12 19:51:06 +03:00
static bool test_GetMembersInAlias ( struct dcerpc_binding_handle * b ,
struct torture_context * tctx ,
struct policy_handle * alias_handle )
2003-12-19 06:59:27 +03:00
{
struct samr_GetMembersInAlias r ;
struct lsa_SidArray sids ;
2008-10-31 18:09:29 +03:00
torture_comment ( tctx , " Testing GetMembersInAlias \n " ) ;
2003-12-19 06:59:27 +03:00
2004-09-21 07:51:38 +04:00
r . in . alias_handle = alias_handle ;
2003-12-19 06:59:27 +03:00
r . out . sids = & sids ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_GetMembersInAlias_r ( b , tctx , & r ) ,
" GetMembersInAlias failed " ) ;
torture_assert_ntstatus_ok ( tctx , r . out . result , " GetMembersInAlias failed " ) ;
2003-12-19 06:59:27 +03:00
2008-10-31 18:09:29 +03:00
return true ;
2003-12-19 06:59:27 +03:00
}
2010-03-12 19:51:06 +03:00
static bool test_AddMemberToAlias ( struct dcerpc_binding_handle * b ,
struct torture_context * tctx ,
2003-12-19 06:59:27 +03:00
struct policy_handle * alias_handle ,
2003-12-19 07:13:39 +03:00
const struct dom_sid * domain_sid )
2003-12-19 06:59:27 +03:00
{
2004-04-23 08:21:22 +04:00
struct samr_AddAliasMember r ;
struct samr_DeleteAliasMember d ;
2003-12-19 07:13:39 +03:00
struct dom_sid * sid ;
2003-12-19 06:59:27 +03:00
2008-10-31 18:09:29 +03:00
sid = dom_sid_add_rid ( tctx , domain_sid , 512 ) ;
2003-12-19 06:59:27 +03:00
2010-04-11 03:39:06 +04:00
torture_comment ( tctx , " Testing AddAliasMember \n " ) ;
2004-09-21 07:51:38 +04:00
r . in . alias_handle = alias_handle ;
2003-12-19 07:13:39 +03:00
r . in . sid = sid ;
2003-12-19 06:59:27 +03:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_AddAliasMember_r ( b , tctx , & r ) ,
" AddAliasMember failed " ) ;
torture_assert_ntstatus_ok ( tctx , r . out . result , " AddAliasMember failed " ) ;
2003-12-19 06:59:27 +03:00
2004-09-21 07:51:38 +04:00
d . in . alias_handle = alias_handle ;
2003-12-19 07:13:39 +03:00
d . in . sid = sid ;
2003-12-19 06:59:27 +03:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_DeleteAliasMember_r ( b , tctx , & d ) ,
" DeleteAliasMember failed " ) ;
torture_assert_ntstatus_ok ( tctx , d . out . result , " DelAliasMember failed " ) ;
2003-12-19 06:59:27 +03:00
2008-10-31 18:09:29 +03:00
return true ;
2003-12-19 06:59:27 +03:00
}
2003-11-20 10:20:59 +03:00
2010-03-12 19:51:06 +03:00
static bool test_AddMultipleMembersToAlias ( struct dcerpc_binding_handle * b ,
struct torture_context * tctx ,
2004-04-19 09:48:03 +04:00
struct policy_handle * alias_handle )
{
struct samr_AddMultipleMembersToAlias a ;
struct samr_RemoveMultipleMembersFromAlias r ;
struct lsa_SidArray sids ;
2010-04-11 03:39:06 +04:00
torture_comment ( tctx , " Testing AddMultipleMembersToAlias \n " ) ;
2004-09-21 07:51:38 +04:00
a . in . alias_handle = alias_handle ;
2004-04-19 09:48:03 +04:00
a . in . sids = & sids ;
sids . num_sids = 3 ;
2008-10-31 18:09:29 +03:00
sids . sids = talloc_array ( tctx , struct lsa_SidPtr , 3 ) ;
2004-04-19 09:48:03 +04:00
2008-10-31 18:09:29 +03:00
sids . sids [ 0 ] . sid = dom_sid_parse_talloc ( tctx , " S-1-5-32-1-2-3-1 " ) ;
sids . sids [ 1 ] . sid = dom_sid_parse_talloc ( tctx , " S-1-5-32-1-2-3-2 " ) ;
sids . sids [ 2 ] . sid = dom_sid_parse_talloc ( tctx , " S-1-5-32-1-2-3-3 " ) ;
2004-04-19 09:48:03 +04:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_AddMultipleMembersToAlias_r ( b , tctx , & a ) ,
" AddMultipleMembersToAlias failed " ) ;
torture_assert_ntstatus_ok ( tctx , a . out . result , " AddMultipleMembersToAlias " ) ;
2004-04-19 09:48:03 +04:00
2010-04-11 03:39:06 +04:00
torture_comment ( tctx , " Testing RemoveMultipleMembersFromAlias \n " ) ;
2004-09-21 07:51:38 +04:00
r . in . alias_handle = alias_handle ;
2004-04-19 09:48:03 +04:00
r . in . sids = & sids ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_RemoveMultipleMembersFromAlias_r ( b , tctx , & r ) ,
" RemoveMultipleMembersFromAlias failed " ) ;
torture_assert_ntstatus_ok ( tctx , r . out . result , " RemoveMultipleMembersFromAlias failed " ) ;
2004-04-19 09:48:03 +04:00
/* strange! removing twice doesn't give any error */
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_RemoveMultipleMembersFromAlias_r ( b , tctx , & r ) ,
" RemoveMultipleMembersFromAlias failed " ) ;
torture_assert_ntstatus_ok ( tctx , r . out . result , " RemoveMultipleMembersFromAlias failed " ) ;
2004-04-19 09:48:03 +04:00
/* but removing an alias that isn't there does */
2008-10-31 18:09:29 +03:00
sids . sids [ 2 ] . sid = dom_sid_parse_talloc ( tctx , " S-1-5-32-1-2-3-4 " ) ;
2004-04-19 09:48:03 +04:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_RemoveMultipleMembersFromAlias_r ( b , tctx , & r ) ,
" RemoveMultipleMembersFromAlias failed " ) ;
torture_assert_ntstatus_equal ( tctx , r . out . result , NT_STATUS_OBJECT_NAME_NOT_FOUND , " RemoveMultipleMembersFromAlias " ) ;
2004-04-19 09:48:03 +04:00
2008-10-31 18:09:29 +03:00
return true ;
2004-04-19 09:48:03 +04:00
}
2010-03-12 19:51:06 +03:00
static bool test_GetAliasMembership ( struct dcerpc_binding_handle * b ,
2009-12-17 17:34:22 +03:00
struct torture_context * tctx ,
struct policy_handle * domain_handle )
{
struct samr_GetAliasMembership r ;
struct lsa_SidArray sids ;
struct samr_Ids rids ;
torture_comment ( tctx , " Testing GetAliasMembership \n " ) ;
r . in . domain_handle = domain_handle ;
r . in . sids = & sids ;
r . out . rids = & rids ;
sids . num_sids = 0 ;
sids . sids = talloc_zero_array ( tctx , struct lsa_SidPtr , sids . num_sids ) ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_GetAliasMembership_r ( b , tctx , & r ) ,
" GetAliasMembership failed " ) ;
torture_assert_ntstatus_ok ( tctx , r . out . result ,
2009-12-17 17:34:22 +03:00
" samr_GetAliasMembership failed " ) ;
torture_assert_int_equal ( tctx , sids . num_sids , rids . count ,
" protocol misbehaviour " ) ;
sids . num_sids = 1 ;
sids . sids = talloc_zero_array ( tctx , struct lsa_SidPtr , sids . num_sids ) ;
sids . sids [ 0 ] . sid = dom_sid_parse_talloc ( tctx , " S-1-5-32-1-2-3-1 " ) ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_GetAliasMembership_r ( b , tctx , & r ) ,
" samr_GetAliasMembership failed " ) ;
torture_assert_ntstatus_ok ( tctx , r . out . result ,
2009-12-17 17:34:22 +03:00
" samr_GetAliasMembership failed " ) ;
#if 0
/* only true for w2k8 it seems
* win7 , xp , w2k3 will return a 0 length array pointer */
2010-01-11 14:40:01 +03:00
if ( rids . ids & & ( rids . count = = 0 ) ) {
torture_fail ( tctx , " samr_GetAliasMembership returned 0 count and a rids array " ) ;
}
2009-12-17 17:34:22 +03:00
# endif
2010-01-11 14:40:01 +03:00
if ( ! rids . ids & & rids . count ) {
torture_fail ( tctx , " samr_GetAliasMembership returned non-0 count but no rids " ) ;
}
2009-12-17 17:34:22 +03:00
return true ;
}
2010-03-12 19:51:06 +03:00
static bool test_TestPrivateFunctionsUser ( struct dcerpc_binding_handle * b ,
struct torture_context * tctx ,
struct policy_handle * user_handle )
2004-04-18 08:06:15 +04:00
{
struct samr_TestPrivateFunctionsUser r ;
2008-10-31 18:09:29 +03:00
torture_comment ( tctx , " Testing TestPrivateFunctionsUser \n " ) ;
2004-04-18 08:06:15 +04:00
2004-09-21 07:51:38 +04:00
r . in . user_handle = user_handle ;
2004-04-18 08:06:15 +04:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_TestPrivateFunctionsUser_r ( b , tctx , & r ) ,
" TestPrivateFunctionsUser failed " ) ;
torture_assert_ntstatus_equal ( tctx , r . out . result , NT_STATUS_NOT_IMPLEMENTED , " TestPrivateFunctionsUser " ) ;
2004-04-18 08:06:15 +04:00
2008-10-31 18:09:29 +03:00
return true ;
2004-04-18 08:06:15 +04:00
}
2010-03-12 19:51:06 +03:00
static bool test_QueryUserInfo_pwdlastset ( struct dcerpc_binding_handle * b ,
2008-11-25 04:46:25 +03:00
struct torture_context * tctx ,
struct policy_handle * handle ,
bool use_info2 ,
NTTIME * pwdlastset )
{
NTSTATUS status ;
uint16_t levels [ ] = { /* 3, */ 5 , 21 } ;
int i ;
2014-05-13 01:33:53 +04:00
/* NTTIME pwdlastset3 = 0; */
2008-11-25 04:46:25 +03:00
NTTIME pwdlastset5 = 0 ;
NTTIME pwdlastset21 = 0 ;
torture_comment ( tctx , " Testing QueryUserInfo%s level 5 and 21 call " ,
use_info2 ? " 2 " : " " ) ;
for ( i = 0 ; i < ARRAY_SIZE ( levels ) ; i + + ) {
struct samr_QueryUserInfo r ;
struct samr_QueryUserInfo2 r2 ;
union samr_UserInfo * info ;
if ( use_info2 ) {
r2 . in . user_handle = handle ;
r2 . in . level = levels [ i ] ;
r2 . out . info = & info ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_QueryUserInfo2_r ( b , tctx , & r2 ) ,
" QueryUserInfo2 failed " ) ;
status = r2 . out . result ;
2008-11-25 04:46:25 +03:00
} else {
r . in . user_handle = handle ;
r . in . level = levels [ i ] ;
r . out . info = & info ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_QueryUserInfo_r ( b , tctx , & r ) ,
" QueryUserInfo failed " ) ;
status = r . out . result ;
2008-11-25 04:46:25 +03:00
}
if ( ! NT_STATUS_IS_OK ( status ) & &
! NT_STATUS_EQUAL ( status , NT_STATUS_INVALID_INFO_CLASS ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " QueryUserInfo%s level %u failed - %s \n " ,
2008-11-25 04:46:25 +03:00
use_info2 ? " 2 " : " " , levels [ i ] , nt_errstr ( status ) ) ;
return false ;
}
switch ( levels [ i ] ) {
case 3 :
2014-05-13 01:33:53 +04:00
/* pwdlastset3 = info->info3.last_password_change; */
2008-11-25 04:46:25 +03:00
break ;
case 5 :
pwdlastset5 = info - > info5 . last_password_change ;
break ;
case 21 :
pwdlastset21 = info - > info21 . last_password_change ;
break ;
default :
return false ;
}
}
/* torture_assert_int_equal(tctx, pwdlastset3, pwdlastset5,
" pwdlastset mixup " ) ; */
torture_assert_int_equal ( tctx , pwdlastset5 , pwdlastset21 ,
" pwdlastset mixup " ) ;
* pwdlastset = pwdlastset21 ;
2010-10-29 13:26:47 +04:00
torture_comment ( tctx , " (pwdlastset: %llu) \n " ,
( unsigned long long ) * pwdlastset ) ;
2008-11-25 04:46:25 +03:00
return true ;
}
2009-05-28 04:42:28 +04:00
static bool test_SamLogon ( struct torture_context * tctx ,
2009-05-29 15:18:23 +04:00
struct dcerpc_pipe * p ,
2013-08-02 12:08:54 +04:00
struct cli_credentials * machine_credentials ,
2009-05-28 04:42:28 +04:00
struct cli_credentials * test_credentials ,
2010-01-12 13:48:23 +03:00
NTSTATUS expected_result ,
bool interactive )
2008-12-08 15:10:56 +03:00
{
NTSTATUS status ;
2009-05-28 04:42:28 +04:00
struct netr_LogonSamLogonEx r ;
2008-12-08 15:10:56 +03:00
union netr_LogonLevel logon ;
union netr_Validation validation ;
uint8_t authoritative ;
2010-01-12 13:48:23 +03:00
struct netr_IdentityInfo identity ;
2008-12-08 15:10:56 +03:00
struct netr_NetworkInfo ninfo ;
2010-01-12 13:48:23 +03:00
struct netr_PasswordInfo pinfo ;
2008-12-08 15:10:56 +03:00
DATA_BLOB names_blob , chal , lm_resp , nt_resp ;
int flags = CLI_CRED_NTLM_AUTH ;
2009-05-28 04:42:28 +04:00
uint32_t samlogon_flags = 0 ;
2010-01-12 13:48:23 +03:00
struct netlogon_creds_CredentialState * creds ;
struct netr_Authenticator a ;
2010-03-12 19:51:06 +03:00
struct dcerpc_binding_handle * b = p - > binding_handle ;
2010-01-12 13:48:23 +03:00
2013-08-02 12:08:54 +04:00
torture_assert ( tctx , ( creds = cli_credentials_get_netlogon_creds ( machine_credentials ) ) , " " ) ;
2008-12-08 15:10:56 +03:00
2010-07-16 08:32:42 +04:00
if ( lpcfg_client_lanman_auth ( tctx - > lp_ctx ) ) {
2008-12-08 15:10:56 +03:00
flags | = CLI_CRED_LANMAN_AUTH ;
}
2010-07-16 08:32:42 +04:00
if ( lpcfg_client_ntlmv2_auth ( tctx - > lp_ctx ) ) {
2008-12-08 15:10:56 +03:00
flags | = CLI_CRED_NTLMv2_AUTH ;
}
cli_credentials_get_ntlm_username_domain ( test_credentials , tctx ,
2010-01-12 13:48:23 +03:00
& identity . account_name . string ,
& identity . domain_name . string ) ;
2008-12-08 15:10:56 +03:00
2010-01-12 13:48:23 +03:00
identity . parameter_control =
MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT |
MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT ;
identity . logon_id_low = 0 ;
identity . logon_id_high = 0 ;
identity . workstation . string = cli_credentials_get_workstation ( test_credentials ) ;
2008-12-08 15:10:56 +03:00
2010-01-12 13:48:23 +03:00
if ( interactive ) {
netlogon_creds_client_authenticator ( creds , & a ) ;
2008-12-08 15:10:56 +03:00
2010-01-12 13:48:23 +03:00
if ( ! E_deshash ( cli_credentials_get_password ( test_credentials ) , pinfo . lmpassword . hash ) ) {
ZERO_STRUCT ( pinfo . lmpassword . hash ) ;
}
E_md4hash ( cli_credentials_get_password ( test_credentials ) , pinfo . ntpassword . hash ) ;
2008-12-08 15:10:56 +03:00
2012-12-05 19:20:14 +04:00
if ( creds - > negotiate_flags & NETLOGON_NEG_SUPPORTS_AES ) {
netlogon_creds_aes_encrypt ( creds , pinfo . lmpassword . hash , 16 ) ;
netlogon_creds_aes_encrypt ( creds , pinfo . ntpassword . hash , 16 ) ;
} else if ( creds - > negotiate_flags & NETLOGON_NEG_ARCFOUR ) {
2010-01-12 13:48:23 +03:00
netlogon_creds_arcfour_crypt ( creds , pinfo . lmpassword . hash , 16 ) ;
netlogon_creds_arcfour_crypt ( creds , pinfo . ntpassword . hash , 16 ) ;
} else {
netlogon_creds_des_encrypt ( creds , & pinfo . lmpassword ) ;
netlogon_creds_des_encrypt ( creds , & pinfo . ntpassword ) ;
}
2008-12-08 15:10:56 +03:00
2010-01-12 13:48:23 +03:00
pinfo . identity_info = identity ;
logon . password = & pinfo ;
2008-12-08 15:10:56 +03:00
2010-01-12 13:48:23 +03:00
r . in . logon_level = NetlogonInteractiveInformation ;
} else {
generate_random_buffer ( ninfo . challenge ,
sizeof ( ninfo . challenge ) ) ;
chal = data_blob_const ( ninfo . challenge ,
sizeof ( ninfo . challenge ) ) ;
names_blob = NTLMv2_generate_names_blob ( tctx , cli_credentials_get_workstation ( test_credentials ) ,
cli_credentials_get_domain ( test_credentials ) ) ;
status = cli_credentials_get_ntlm_response ( test_credentials , tctx ,
& flags ,
chal ,
2015-11-20 11:29:11 +03:00
NULL , /* server_timestamp */
2010-01-12 13:48:23 +03:00
names_blob ,
& lm_resp , & nt_resp ,
NULL , NULL ) ;
torture_assert_ntstatus_ok ( tctx , status , " cli_credentials_get_ntlm_response failed " ) ;
ninfo . lm . data = lm_resp . data ;
ninfo . lm . length = lm_resp . length ;
2008-12-08 15:10:56 +03:00
2010-01-12 13:48:23 +03:00
ninfo . nt . data = nt_resp . data ;
ninfo . nt . length = nt_resp . length ;
ninfo . identity_info = identity ;
logon . network = & ninfo ;
r . in . logon_level = NetlogonNetworkInformation ;
}
2008-12-08 15:10:56 +03:00
r . in . server_name = talloc_asprintf ( tctx , " \\ \\ %s " , dcerpc_server_name ( p ) ) ;
2009-05-28 04:42:28 +04:00
r . in . computer_name = cli_credentials_get_workstation ( test_credentials ) ;
2008-12-08 15:10:56 +03:00
r . in . logon = & logon ;
2009-05-28 04:42:28 +04:00
r . in . flags = & samlogon_flags ;
r . out . flags = & samlogon_flags ;
2008-12-08 15:10:56 +03:00
r . out . validation = & validation ;
r . out . authoritative = & authoritative ;
2010-01-12 13:48:23 +03:00
torture_comment ( tctx , " Testing LogonSamLogon with name %s \n " , identity . account_name . string ) ;
2008-12-08 15:10:56 +03:00
2009-05-28 04:42:28 +04:00
r . in . validation_level = 6 ;
2008-12-08 15:10:56 +03:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_netr_LogonSamLogonEx_r ( b , tctx , & r ) ,
" netr_LogonSamLogonEx failed " ) ;
if ( NT_STATUS_EQUAL ( r . out . result , NT_STATUS_INVALID_INFO_CLASS ) ) {
2009-05-29 15:16:25 +04:00
r . in . validation_level = 3 ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_netr_LogonSamLogonEx_r ( b , tctx , & r ) ,
" netr_LogonSamLogonEx failed " ) ;
2009-05-29 15:16:25 +04:00
}
2010-03-19 02:38:04 +03:00
if ( ! NT_STATUS_IS_OK ( r . out . result ) ) {
torture_assert_ntstatus_equal ( tctx , r . out . result , expected_result , " LogonSamLogonEx failed " ) ;
2008-12-08 15:10:56 +03:00
return true ;
} else {
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , r . out . result , " LogonSamLogonEx failed " ) ;
2008-12-08 15:10:56 +03:00
}
return true ;
}
static bool test_SamLogon_with_creds ( struct torture_context * tctx ,
struct dcerpc_pipe * p ,
struct cli_credentials * machine_creds ,
const char * acct_name ,
2010-03-05 10:49:25 +03:00
const char * password ,
2010-01-12 13:48:23 +03:00
NTSTATUS expected_samlogon_result ,
bool interactive )
2008-12-08 15:10:56 +03:00
{
bool ret = true ;
struct cli_credentials * test_credentials ;
test_credentials = cli_credentials_init ( tctx ) ;
cli_credentials_set_workstation ( test_credentials ,
2009-05-28 04:42:28 +04:00
cli_credentials_get_workstation ( machine_creds ) , CRED_SPECIFIED ) ;
2008-12-08 15:10:56 +03:00
cli_credentials_set_domain ( test_credentials ,
2009-05-28 04:42:28 +04:00
cli_credentials_get_domain ( machine_creds ) , CRED_SPECIFIED ) ;
2008-12-08 15:10:56 +03:00
cli_credentials_set_username ( test_credentials ,
acct_name , CRED_SPECIFIED ) ;
cli_credentials_set_password ( test_credentials ,
password , CRED_SPECIFIED ) ;
2010-04-11 03:39:06 +04:00
torture_comment ( tctx , " Testing samlogon (%s) as %s password: %s \n " ,
2010-01-12 13:48:23 +03:00
interactive ? " interactive " : " network " , acct_name , password ) ;
2008-12-08 15:10:56 +03:00
2013-08-02 12:08:54 +04:00
if ( ! test_SamLogon ( tctx , p , machine_creds , test_credentials ,
2010-01-12 13:48:23 +03:00
expected_samlogon_result , interactive ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " new password did not work \n " ) ;
2008-12-08 15:10:56 +03:00
ret = false ;
}
return ret ;
}
2008-11-25 04:46:25 +03:00
static bool test_SetPassword_level ( struct dcerpc_pipe * p ,
2008-12-08 15:10:56 +03:00
struct dcerpc_pipe * np ,
2008-11-25 04:46:25 +03:00
struct torture_context * tctx ,
struct policy_handle * handle ,
uint16_t level ,
uint32_t fields_present ,
uint8_t password_expired ,
2008-12-03 01:22:14 +03:00
bool * matched_expected_error ,
2008-11-25 04:46:25 +03:00
bool use_setinfo2 ,
2008-12-08 15:10:56 +03:00
const char * acct_name ,
2008-11-25 04:46:25 +03:00
char * * password ,
2008-12-08 15:10:56 +03:00
struct cli_credentials * machine_creds ,
2008-11-25 04:46:25 +03:00
bool use_queryinfo2 ,
2008-12-08 15:10:56 +03:00
NTTIME * pwdlastset ,
NTSTATUS expected_samlogon_result )
2008-11-25 04:46:25 +03:00
{
const char * fields = NULL ;
bool ret = true ;
2010-03-12 19:51:06 +03:00
struct dcerpc_binding_handle * b = p - > binding_handle ;
2008-11-25 04:46:25 +03:00
switch ( level ) {
case 21 :
case 23 :
case 25 :
fields = talloc_asprintf ( tctx , " (fields_present: 0x%08x) " ,
fields_present ) ;
break ;
default :
break ;
}
torture_comment ( tctx , " Testing SetUserInfo%s level %d call "
" (password_expired: %d) %s \n " ,
use_setinfo2 ? " 2 " : " " , level , password_expired ,
fields ? fields : " " ) ;
2008-12-05 18:07:06 +03:00
if ( ! test_SetUserPass_level_ex ( p , tctx , handle , level ,
fields_present ,
password ,
password_expired ,
use_setinfo2 ,
matched_expected_error ) ) {
ret = false ;
2008-11-25 04:46:25 +03:00
}
2010-03-12 19:51:06 +03:00
if ( ! test_QueryUserInfo_pwdlastset ( b , tctx , handle ,
2008-11-25 04:46:25 +03:00
use_queryinfo2 ,
pwdlastset ) ) {
ret = false ;
}
2008-12-08 15:10:56 +03:00
if ( * matched_expected_error = = true ) {
return ret ;
}
if ( ! test_SamLogon_with_creds ( tctx , np ,
machine_creds ,
acct_name ,
* password ,
2010-01-12 13:48:23 +03:00
expected_samlogon_result ,
false ) ) {
2008-12-08 15:10:56 +03:00
ret = false ;
}
2008-11-25 04:46:25 +03:00
return ret ;
}
2010-01-15 02:25:06 +03:00
static bool setup_schannel_netlogon_pipe ( struct torture_context * tctx ,
struct cli_credentials * credentials ,
struct dcerpc_pipe * * p )
{
struct dcerpc_binding * b ;
2014-01-30 22:40:20 +04:00
NTSTATUS status ;
2010-01-15 02:25:06 +03:00
torture_assert_ntstatus_ok ( tctx , torture_rpc_binding ( tctx , & b ) ,
" failed to get rpc binding " ) ;
/* We have to use schannel, otherwise the SamLogonEx fails
* with INTERNAL_ERROR */
2014-01-30 22:40:20 +04:00
status = dcerpc_binding_set_flags ( b ,
2016-03-10 19:24:03 +03:00
DCERPC_SCHANNEL |
DCERPC_SIGN | DCERPC_SEAL |
2014-01-30 22:40:20 +04:00
DCERPC_SCHANNEL_AUTO ,
DCERPC_AUTH_OPTIONS ) ;
torture_assert_ntstatus_ok ( tctx , status , " set flags " ) ;
2010-01-15 02:25:06 +03:00
torture_assert_ntstatus_ok ( tctx ,
dcerpc_pipe_connect_b ( tctx , p , b , & ndr_table_netlogon ,
credentials , tctx - > ev , tctx - > lp_ctx ) ,
" failed to bind to netlogon " ) ;
return true ;
}
2008-11-25 04:46:25 +03:00
static bool test_SetPassword_pwdlastset ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
uint32_t acct_flags ,
2008-12-08 15:10:56 +03:00
const char * acct_name ,
2008-11-25 04:46:25 +03:00
struct policy_handle * handle ,
2008-12-08 15:10:56 +03:00
char * * password ,
struct cli_credentials * machine_credentials )
2008-11-25 04:46:25 +03:00
{
2008-12-10 01:32:04 +03:00
int s = 0 , q = 0 , f = 0 , l = 0 , z = 0 ;
2008-11-25 04:46:25 +03:00
bool ret = true ;
2009-05-28 04:42:28 +04:00
int delay = 50000 ;
2008-11-25 04:46:25 +03:00
bool set_levels [ ] = { false , true } ;
bool query_levels [ ] = { false , true } ;
2009-05-28 08:49:29 +04:00
uint32_t levels [ ] = { 18 , 21 , 26 , 23 , 24 , 25 } ; /* Second half only used when TEST_ALL_LEVELS defined */
2008-12-05 18:11:15 +03:00
uint32_t nonzeros [ ] = { 1 , 24 } ;
2008-12-03 01:22:14 +03:00
uint32_t fields_present [ ] = {
0 ,
SAMR_FIELD_EXPIRED_FLAG ,
SAMR_FIELD_LAST_PWD_CHANGE ,
SAMR_FIELD_EXPIRED_FLAG | SAMR_FIELD_LAST_PWD_CHANGE ,
SAMR_FIELD_COMMENT ,
SAMR_FIELD_NT_PASSWORD_PRESENT ,
SAMR_FIELD_NT_PASSWORD_PRESENT | SAMR_FIELD_LAST_PWD_CHANGE ,
SAMR_FIELD_NT_PASSWORD_PRESENT | SAMR_FIELD_LM_PASSWORD_PRESENT ,
SAMR_FIELD_NT_PASSWORD_PRESENT | SAMR_FIELD_LM_PASSWORD_PRESENT | SAMR_FIELD_LAST_PWD_CHANGE ,
SAMR_FIELD_NT_PASSWORD_PRESENT | SAMR_FIELD_EXPIRED_FLAG ,
SAMR_FIELD_NT_PASSWORD_PRESENT | SAMR_FIELD_LM_PASSWORD_PRESENT | SAMR_FIELD_EXPIRED_FLAG ,
SAMR_FIELD_NT_PASSWORD_PRESENT | SAMR_FIELD_LM_PASSWORD_PRESENT | SAMR_FIELD_LAST_PWD_CHANGE | SAMR_FIELD_EXPIRED_FLAG
} ;
2008-12-08 15:10:56 +03:00
struct dcerpc_pipe * np = NULL ;
2008-11-25 04:46:25 +03:00
2010-06-28 12:43:11 +04:00
if ( torture_setting_bool ( tctx , " samba3 " , false ) | |
torture_setting_bool ( tctx , " samba4 " , false ) ) {
2009-06-03 19:39:50 +04:00
delay = 999999 ;
2009-06-30 01:42:58 +04:00
torture_comment ( tctx , " Samba3 has second granularity, setting delay to: %d \n " ,
2008-11-25 04:46:25 +03:00
delay ) ;
}
2010-01-15 02:25:06 +03:00
torture_assert ( tctx , setup_schannel_netlogon_pipe ( tctx , machine_credentials , & np ) , " " ) ;
2008-12-08 15:10:56 +03:00
2008-11-28 14:10:56 +03:00
/* set to 1 to enable testing for all possible opcode
( SetUserInfo , SetUserInfo2 , QueryUserInfo , QueryUserInfo2 )
combinations */
#if 0
2009-05-28 08:49:29 +04:00
# define TEST_ALL_LEVELS 1
2008-11-28 14:10:56 +03:00
# define TEST_SET_LEVELS 1
# define TEST_QUERY_LEVELS 1
# endif
2009-05-28 08:49:29 +04:00
# ifdef TEST_ALL_LEVELS
2008-12-05 18:11:15 +03:00
for ( l = 0 ; l < ARRAY_SIZE ( levels ) ; l + + ) {
2009-05-28 08:49:29 +04:00
# else
for ( l = 0 ; l < ( ARRAY_SIZE ( levels ) ) / 2 ; l + + ) {
# endif
2008-12-05 18:11:15 +03:00
for ( z = 0 ; z < ARRAY_SIZE ( nonzeros ) ; z + + ) {
2008-12-03 01:22:14 +03:00
for ( f = 0 ; f < ARRAY_SIZE ( fields_present ) ; f + + ) {
2008-11-28 14:10:56 +03:00
# ifdef TEST_SET_LEVELS
2008-11-25 04:46:25 +03:00
for ( s = 0 ; s < ARRAY_SIZE ( set_levels ) ; s + + ) {
2008-11-28 14:10:56 +03:00
# endif
# ifdef TEST_QUERY_LEVELS
2008-11-25 04:46:25 +03:00
for ( q = 0 ; q < ARRAY_SIZE ( query_levels ) ; q + + ) {
2008-11-28 14:10:56 +03:00
# endif
2008-11-25 04:46:25 +03:00
NTTIME pwdlastset_old = 0 ;
NTTIME pwdlastset_new = 0 ;
2008-12-03 01:22:14 +03:00
bool matched_expected_error = false ;
2008-12-08 15:10:56 +03:00
NTSTATUS expected_samlogon_result = NT_STATUS_ACCOUNT_DISABLED ;
2008-11-25 04:46:25 +03:00
torture_comment ( tctx , " ------------------------------ \n "
" Testing pwdLastSet attribute for flags: 0x%08x "
" (s: %d (l: %d), q: %d) \n " ,
2008-12-05 18:11:15 +03:00
acct_flags , s , levels [ l ] , q ) ;
2008-11-25 04:46:25 +03:00
2008-12-08 15:10:56 +03:00
switch ( levels [ l ] ) {
case 21 :
case 23 :
case 25 :
if ( ! ( ( fields_present [ f ] & SAMR_FIELD_NT_PASSWORD_PRESENT ) | |
( fields_present [ f ] & SAMR_FIELD_LM_PASSWORD_PRESENT ) ) ) {
expected_samlogon_result = NT_STATUS_WRONG_PASSWORD ;
}
break ;
}
2008-11-29 00:01:18 +03:00
/* set #1 */
/* set a password and force password change (pwdlastset 0) by
* setting the password expired flag to a non - 0 value */
2008-12-08 15:10:56 +03:00
if ( ! test_SetPassword_level ( p , np , tctx , handle ,
2008-12-05 18:11:15 +03:00
levels [ l ] ,
2008-12-03 01:22:14 +03:00
fields_present [ f ] ,
2008-12-05 18:11:15 +03:00
nonzeros [ z ] ,
2008-12-03 01:22:14 +03:00
& matched_expected_error ,
2008-11-25 04:46:25 +03:00
set_levels [ s ] ,
2008-12-08 15:10:56 +03:00
acct_name ,
2008-11-25 04:46:25 +03:00
password ,
2008-12-08 15:10:56 +03:00
machine_credentials ,
2008-11-25 04:46:25 +03:00
query_levels [ q ] ,
2010-06-28 12:24:28 +04:00
& pwdlastset_new ,
2008-12-08 15:10:56 +03:00
expected_samlogon_result ) ) {
2008-11-25 04:46:25 +03:00
ret = false ;
}
2008-12-03 01:22:14 +03:00
if ( matched_expected_error = = true ) {
2008-11-25 04:46:25 +03:00
/* skipping on expected failure */
continue ;
}
2008-11-29 00:01:18 +03:00
/* pwdlastset must be 0 afterwards, except for a level 21, 23 and 25
2008-11-25 04:46:25 +03:00
* set without the SAMR_FIELD_EXPIRED_FLAG */
2008-12-05 18:11:15 +03:00
switch ( levels [ l ] ) {
2008-11-29 00:01:18 +03:00
case 21 :
2008-11-25 04:46:25 +03:00
case 23 :
case 25 :
if ( ( pwdlastset_new ! = 0 ) & &
2008-12-03 01:22:14 +03:00
! ( fields_present [ f ] & SAMR_FIELD_EXPIRED_FLAG ) ) {
2008-11-25 04:46:25 +03:00
torture_comment ( tctx , " not considering a non-0 "
" pwdLastSet as a an error as the "
" SAMR_FIELD_EXPIRED_FLAG has not "
" been set \n " ) ;
break ;
}
2010-06-28 12:24:28 +04:00
break ;
2008-11-25 04:46:25 +03:00
default :
if ( pwdlastset_new ! = 0 ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " pwdLastSet test failed: "
2010-10-29 13:26:47 +04:00
" expected pwdLastSet 0 but got %llu \n " ,
( unsigned long long ) pwdlastset_old ) ;
2008-11-25 04:46:25 +03:00
ret = false ;
}
break ;
}
2008-12-05 18:11:15 +03:00
switch ( levels [ l ] ) {
2008-12-03 01:22:14 +03:00
case 21 :
case 23 :
case 25 :
if ( ( ( fields_present [ f ] & SAMR_FIELD_NT_PASSWORD_PRESENT ) | |
( fields_present [ f ] & SAMR_FIELD_LM_PASSWORD_PRESENT ) ) & &
( pwdlastset_old > 0 ) & & ( pwdlastset_new > 0 ) & &
( pwdlastset_old > = pwdlastset_new ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " pwdlastset not increasing \n " ) ;
2008-12-03 01:22:14 +03:00
ret = false ;
}
break ;
}
2010-06-28 12:24:28 +04:00
pwdlastset_old = pwdlastset_new ;
2008-11-25 04:46:25 +03:00
usleep ( delay ) ;
/* set #2 */
2008-11-29 00:01:18 +03:00
/* set a password, pwdlastset needs to get updated (increased
* value ) , password_expired value used here is 0 */
2008-12-08 15:10:56 +03:00
if ( ! test_SetPassword_level ( p , np , tctx , handle ,
2008-12-05 18:11:15 +03:00
levels [ l ] ,
2008-12-03 01:22:14 +03:00
fields_present [ f ] ,
2008-11-25 04:46:25 +03:00
0 ,
2008-12-03 01:22:14 +03:00
& matched_expected_error ,
2008-11-25 04:46:25 +03:00
set_levels [ s ] ,
2008-12-08 15:10:56 +03:00
acct_name ,
2008-11-25 04:46:25 +03:00
password ,
2008-12-08 15:10:56 +03:00
machine_credentials ,
2008-11-25 04:46:25 +03:00
query_levels [ q ] ,
2008-12-08 15:10:56 +03:00
& pwdlastset_new ,
expected_samlogon_result ) ) {
2008-11-25 04:46:25 +03:00
ret = false ;
}
2008-11-29 00:01:18 +03:00
/* when a password has been changed, pwdlastset must not be 0 afterwards
* and must be larger then the old value */
2008-11-25 04:46:25 +03:00
2008-12-05 18:11:15 +03:00
switch ( levels [ l ] ) {
2008-11-29 00:01:18 +03:00
case 21 :
case 23 :
case 25 :
/* SAMR_FIELD_EXPIRED_FLAG has not been set and no
* password has been changed , old and new pwdlastset
* need to be the same value */
2008-12-05 18:11:15 +03:00
if ( ! ( fields_present [ f ] & SAMR_FIELD_EXPIRED_FLAG ) & &
! ( ( fields_present [ f ] & SAMR_FIELD_NT_PASSWORD_PRESENT ) | |
( fields_present [ f ] & SAMR_FIELD_LM_PASSWORD_PRESENT ) ) )
2008-11-29 00:01:18 +03:00
{
torture_assert_int_equal ( tctx , pwdlastset_old ,
pwdlastset_new , " pwdlastset must be equal " ) ;
break ;
}
2010-06-28 12:24:28 +04:00
break ;
2008-11-29 00:01:18 +03:00
default :
if ( pwdlastset_old > = pwdlastset_new ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " pwdLastSet test failed: "
2010-10-29 13:26:47 +04:00
" expected last pwdlastset (%llu) < new pwdlastset (%llu) \n " ,
( unsigned long long ) pwdlastset_old ,
( unsigned long long ) pwdlastset_new ) ;
2008-11-29 00:01:18 +03:00
ret = false ;
}
if ( pwdlastset_new = = 0 ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " pwdLastSet test failed: "
2010-10-29 13:26:47 +04:00
" expected non-0 pwdlastset, got: %llu \n " ,
( unsigned long long ) pwdlastset_new ) ;
2008-11-29 00:01:18 +03:00
ret = false ;
}
2010-06-28 12:24:28 +04:00
break ;
2008-11-25 04:46:25 +03:00
}
2008-11-29 00:01:18 +03:00
2008-12-05 18:11:15 +03:00
switch ( levels [ l ] ) {
2008-12-03 01:22:14 +03:00
case 21 :
case 23 :
case 25 :
if ( ( ( fields_present [ f ] & SAMR_FIELD_NT_PASSWORD_PRESENT ) | |
( fields_present [ f ] & SAMR_FIELD_LM_PASSWORD_PRESENT ) ) & &
( pwdlastset_old > 0 ) & & ( pwdlastset_new > 0 ) & &
( pwdlastset_old > = pwdlastset_new ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " pwdlastset not increasing \n " ) ;
2008-12-03 01:22:14 +03:00
ret = false ;
}
break ;
}
2008-11-25 04:46:25 +03:00
pwdlastset_old = pwdlastset_new ;
usleep ( delay ) ;
2008-12-03 01:22:14 +03:00
/* set #2b */
/* set a password, pwdlastset needs to get updated (increased
* value ) , password_expired value used here is 0 */
2008-12-08 15:10:56 +03:00
if ( ! test_SetPassword_level ( p , np , tctx , handle ,
2008-12-05 18:11:15 +03:00
levels [ l ] ,
2008-12-03 01:22:14 +03:00
fields_present [ f ] ,
0 ,
& matched_expected_error ,
set_levels [ s ] ,
2008-12-08 15:10:56 +03:00
acct_name ,
2008-12-03 01:22:14 +03:00
password ,
2008-12-08 15:10:56 +03:00
machine_credentials ,
2008-12-03 01:22:14 +03:00
query_levels [ q ] ,
2008-12-08 15:10:56 +03:00
& pwdlastset_new ,
expected_samlogon_result ) ) {
2008-12-03 01:22:14 +03:00
ret = false ;
}
/* when a password has been changed, pwdlastset must not be 0 afterwards
* and must be larger then the old value */
2008-12-05 18:11:15 +03:00
switch ( levels [ l ] ) {
2008-12-03 01:22:14 +03:00
case 21 :
case 23 :
case 25 :
2010-06-28 12:24:28 +04:00
/* SAMR_FIELD_EXPIRED_FLAG has not been set and no
* password has been changed , old and new pwdlastset
2008-12-03 01:22:14 +03:00
* need to be the same value */
2010-06-28 12:24:28 +04:00
if ( ! ( fields_present [ f ] & SAMR_FIELD_EXPIRED_FLAG ) & &
! ( ( fields_present [ f ] & SAMR_FIELD_NT_PASSWORD_PRESENT ) | |
2008-12-03 01:22:14 +03:00
( fields_present [ f ] & SAMR_FIELD_LM_PASSWORD_PRESENT ) ) )
{
torture_assert_int_equal ( tctx , pwdlastset_old ,
pwdlastset_new , " pwdlastset must be equal " ) ;
break ;
}
2010-06-28 12:24:28 +04:00
break ;
2008-12-03 01:22:14 +03:00
default :
if ( pwdlastset_old > = pwdlastset_new ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " pwdLastSet test failed: "
2010-10-29 13:26:47 +04:00
" expected last pwdlastset (%llu) < new pwdlastset (%llu) \n " ,
( unsigned long long ) pwdlastset_old ,
( unsigned long long ) pwdlastset_new ) ;
2008-12-03 01:22:14 +03:00
ret = false ;
}
if ( pwdlastset_new = = 0 ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " pwdLastSet test failed: "
2010-10-29 13:26:47 +04:00
" expected non-0 pwdlastset, got: %llu \n " ,
( unsigned long long ) pwdlastset_new ) ;
2008-12-03 01:22:14 +03:00
ret = false ;
}
2010-06-28 12:24:28 +04:00
break ;
}
switch ( levels [ l ] ) {
case 21 :
case 23 :
case 25 :
if ( ( ( fields_present [ f ] & SAMR_FIELD_NT_PASSWORD_PRESENT ) | |
( fields_present [ f ] & SAMR_FIELD_LM_PASSWORD_PRESENT ) ) & &
( pwdlastset_old > 0 ) & & ( pwdlastset_new > 0 ) & &
( pwdlastset_old > = pwdlastset_new ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " pwdlastset not increasing \n " ) ;
2010-06-28 12:24:28 +04:00
ret = false ;
}
break ;
2008-12-03 01:22:14 +03:00
}
2010-06-28 12:24:28 +04:00
pwdlastset_old = pwdlastset_new ;
usleep ( delay ) ;
2008-11-25 04:46:25 +03:00
/* set #3 */
2008-11-29 00:01:18 +03:00
/* set a password and force password change (pwdlastset 0) by
* setting the password expired flag to a non - 0 value */
2008-12-08 15:10:56 +03:00
if ( ! test_SetPassword_level ( p , np , tctx , handle ,
2008-12-05 18:11:15 +03:00
levels [ l ] ,
2008-12-03 01:22:14 +03:00
fields_present [ f ] ,
2008-12-05 18:11:15 +03:00
nonzeros [ z ] ,
2008-12-03 01:22:14 +03:00
& matched_expected_error ,
2008-11-25 04:46:25 +03:00
set_levels [ s ] ,
2008-12-08 15:10:56 +03:00
acct_name ,
2008-11-25 04:46:25 +03:00
password ,
2008-12-08 15:10:56 +03:00
machine_credentials ,
2008-11-25 04:46:25 +03:00
query_levels [ q ] ,
2008-12-08 15:10:56 +03:00
& pwdlastset_new ,
expected_samlogon_result ) ) {
2008-11-25 04:46:25 +03:00
ret = false ;
}
2008-11-29 00:01:18 +03:00
/* pwdlastset must be 0 afterwards, except for a level 21, 23 and 25
2008-11-25 04:46:25 +03:00
* set without the SAMR_FIELD_EXPIRED_FLAG */
2008-12-05 18:11:15 +03:00
switch ( levels [ l ] ) {
2008-11-29 00:01:18 +03:00
case 21 :
2008-11-25 04:46:25 +03:00
case 23 :
case 25 :
if ( ( pwdlastset_new ! = 0 ) & &
2008-12-03 01:22:14 +03:00
! ( fields_present [ f ] & SAMR_FIELD_EXPIRED_FLAG ) ) {
2008-11-29 00:01:18 +03:00
torture_comment ( tctx , " not considering a non-0 "
" pwdLastSet as a an error as the "
" SAMR_FIELD_EXPIRED_FLAG has not "
" been set \n " ) ;
break ;
}
/* SAMR_FIELD_EXPIRED_FLAG has not been set and no
* password has been changed , old and new pwdlastset
* need to be the same value */
2008-12-05 18:11:15 +03:00
if ( ! ( fields_present [ f ] & SAMR_FIELD_EXPIRED_FLAG ) & &
! ( ( fields_present [ f ] & SAMR_FIELD_NT_PASSWORD_PRESENT ) | |
( fields_present [ f ] & SAMR_FIELD_LM_PASSWORD_PRESENT ) ) )
2008-11-29 00:01:18 +03:00
{
torture_assert_int_equal ( tctx , pwdlastset_old ,
pwdlastset_new , " pwdlastset must be equal " ) ;
2008-11-25 04:46:25 +03:00
break ;
}
2010-06-28 12:24:28 +04:00
break ;
2008-11-25 04:46:25 +03:00
default :
if ( pwdlastset_new ! = 0 ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " pwdLastSet test failed: "
2010-10-29 13:26:47 +04:00
" expected pwdLastSet 0, got %llu \n " ,
( unsigned long long ) pwdlastset_old ) ;
2008-11-25 04:46:25 +03:00
ret = false ;
}
break ;
}
2008-12-03 01:22:14 +03:00
2008-12-05 18:11:15 +03:00
switch ( levels [ l ] ) {
2008-12-03 01:22:14 +03:00
case 21 :
case 23 :
case 25 :
if ( ( ( fields_present [ f ] & SAMR_FIELD_NT_PASSWORD_PRESENT ) | |
( fields_present [ f ] & SAMR_FIELD_LM_PASSWORD_PRESENT ) ) & &
( pwdlastset_old > 0 ) & & ( pwdlastset_new > 0 ) & &
( pwdlastset_old > = pwdlastset_new ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " pwdlastset not increasing \n " ) ;
2008-12-03 01:22:14 +03:00
ret = false ;
}
break ;
}
2008-12-05 18:11:15 +03:00
/* if the level we are testing does not have a fields_present
* field , skip all fields present tests by setting f to to
* arraysize */
switch ( levels [ l ] ) {
case 18 :
2008-12-03 01:22:14 +03:00
case 24 :
case 26 :
f = ARRAY_SIZE ( fields_present ) ;
break ;
}
2008-11-28 14:10:56 +03:00
# ifdef TEST_QUERY_LEVELS
2008-11-25 04:46:25 +03:00
}
2008-11-28 14:10:56 +03:00
# endif
# ifdef TEST_SET_LEVELS
2008-11-25 04:46:25 +03:00
}
2008-11-28 14:10:56 +03:00
# endif
2008-12-05 18:11:15 +03:00
} /* fields present */
} /* nonzeros */
} /* levels */
2008-11-25 04:46:25 +03:00
2008-11-28 14:10:56 +03:00
# undef TEST_SET_LEVELS
# undef TEST_QUERY_LEVELS
2009-10-20 09:34:42 +04:00
talloc_free ( np ) ;
2008-11-25 04:46:25 +03:00
return ret ;
}
2004-04-18 08:06:15 +04:00
2010-03-12 19:51:06 +03:00
static bool test_QueryUserInfo_badpwdcount ( struct dcerpc_binding_handle * b ,
2010-01-11 23:18:51 +03:00
struct torture_context * tctx ,
struct policy_handle * handle ,
uint32_t * badpwdcount )
{
union samr_UserInfo * info ;
struct samr_QueryUserInfo r ;
r . in . user_handle = handle ;
r . in . level = 3 ;
r . out . info = & info ;
torture_comment ( tctx , " Testing QueryUserInfo level %d " , r . in . level ) ;
2010-03-12 19:51:06 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_QueryUserInfo_r ( b , tctx , & r ) ,
2010-01-11 23:18:51 +03:00
" failed to query userinfo " ) ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , r . out . result ,
" failed to query userinfo " ) ;
2010-01-11 23:18:51 +03:00
* badpwdcount = info - > info3 . bad_password_count ;
torture_comment ( tctx , " (bad password count: %d) \n " , * badpwdcount ) ;
return true ;
}
2010-03-12 19:51:06 +03:00
static bool test_SetUserInfo_acct_flags ( struct dcerpc_binding_handle * b ,
2010-01-22 01:55:51 +03:00
struct torture_context * tctx ,
struct policy_handle * user_handle ,
uint32_t acct_flags )
2010-01-11 23:18:51 +03:00
{
struct samr_SetUserInfo r ;
union samr_UserInfo user_info ;
2010-01-22 01:55:51 +03:00
torture_comment ( tctx , " Testing SetUserInfo level 16 \n " ) ;
2010-01-11 23:18:51 +03:00
user_info . info16 . acct_flags = acct_flags ;
r . in . user_handle = user_handle ;
r . in . level = 16 ;
r . in . info = & user_info ;
2010-03-12 19:51:06 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_SetUserInfo_r ( b , tctx , & r ) ,
2010-01-22 01:55:51 +03:00
" failed to set account flags " ) ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , r . out . result ,
" failed to set account flags " ) ;
2010-01-22 01:55:51 +03:00
return true ;
}
static bool test_reset_badpwdcount ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * user_handle ,
uint32_t acct_flags ,
char * * password )
{
2010-03-12 19:51:06 +03:00
struct dcerpc_binding_handle * b = p - > binding_handle ;
2010-01-22 01:55:51 +03:00
torture_assert ( tctx , test_SetUserPass ( p , tctx , user_handle , password ) ,
" failed to set password " ) ;
torture_comment ( tctx , " Testing SetUserInfo level 16 (enable account) \n " ) ;
torture_assert ( tctx ,
2010-03-12 19:51:06 +03:00
test_SetUserInfo_acct_flags ( b , tctx , user_handle ,
2010-01-22 01:55:51 +03:00
acct_flags & ~ ACB_DISABLED ) ,
" failed to enable user " ) ;
2010-01-11 23:18:51 +03:00
torture_assert ( tctx , test_SetUserPass ( p , tctx , user_handle , password ) ,
" failed to set password " ) ;
return true ;
}
2010-03-12 19:51:06 +03:00
static bool test_SetDomainInfo ( struct dcerpc_binding_handle * b ,
2010-01-22 02:21:29 +03:00
struct torture_context * tctx ,
struct policy_handle * domain_handle ,
enum samr_DomainInfoClass level ,
union samr_DomainInfo * info )
{
struct samr_SetDomainInfo r ;
r . in . domain_handle = domain_handle ;
r . in . level = level ;
r . in . info = info ;
torture_assert_ntstatus_ok ( tctx ,
2010-03-12 19:51:06 +03:00
dcerpc_samr_SetDomainInfo_r ( b , tctx , & r ) ,
2010-01-22 02:21:29 +03:00
" failed to set domain info " ) ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , r . out . result ,
" failed to set domain info " ) ;
2010-01-22 02:21:29 +03:00
return true ;
}
2010-03-12 19:51:06 +03:00
static bool test_SetDomainInfo_ntstatus ( struct dcerpc_binding_handle * b ,
2010-01-22 02:46:19 +03:00
struct torture_context * tctx ,
struct policy_handle * domain_handle ,
enum samr_DomainInfoClass level ,
union samr_DomainInfo * info ,
NTSTATUS expected )
{
struct samr_SetDomainInfo r ;
r . in . domain_handle = domain_handle ;
r . in . level = level ;
r . in . info = info ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_SetDomainInfo_r ( b , tctx , & r ) ,
" SetDomainInfo failed " ) ;
torture_assert_ntstatus_equal ( tctx , r . out . result , expected , " " ) ;
2010-01-22 02:46:19 +03:00
return true ;
}
2010-03-12 19:51:06 +03:00
static bool test_QueryDomainInfo2_level ( struct dcerpc_binding_handle * b ,
2010-01-22 02:47:42 +03:00
struct torture_context * tctx ,
struct policy_handle * domain_handle ,
enum samr_DomainInfoClass level ,
union samr_DomainInfo * * q_info )
{
struct samr_QueryDomainInfo2 r ;
r . in . domain_handle = domain_handle ;
r . in . level = level ;
r . out . info = q_info ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_QueryDomainInfo2_r ( b , tctx , & r ) ,
" failed to query domain info " ) ;
torture_assert_ntstatus_ok ( tctx , r . out . result ,
2010-01-22 02:47:42 +03:00
" failed to query domain info " ) ;
return true ;
}
2010-01-22 02:21:29 +03:00
2010-01-11 23:18:51 +03:00
static bool test_Password_badpwdcount ( struct dcerpc_pipe * p ,
struct dcerpc_pipe * np ,
struct torture_context * tctx ,
uint32_t acct_flags ,
const char * acct_name ,
struct policy_handle * domain_handle ,
struct policy_handle * user_handle ,
char * * password ,
struct cli_credentials * machine_credentials ,
const char * comment ,
bool disable ,
bool interactive ,
NTSTATUS expected_success_status ,
struct samr_DomInfo1 * info1 ,
struct samr_DomInfo12 * info12 )
{
union samr_DomainInfo info ;
char * * passwords ;
int i ;
uint32_t badpwdcount , tmp ;
uint32_t password_history_length = 12 ;
uint32_t lockout_threshold = 15 ;
2013-12-05 07:57:49 +04:00
uint32_t lockout_seconds = 5 ;
uint64_t delta_time_factor = 10 * 1000 * 1000 ;
2010-03-12 19:51:06 +03:00
struct dcerpc_binding_handle * b = p - > binding_handle ;
2010-01-11 23:18:51 +03:00
2013-12-05 07:57:49 +04:00
if ( torture_setting_bool ( tctx , " samba3 " , false ) ) {
lockout_seconds = 60 ;
}
2010-01-11 23:18:51 +03:00
torture_comment ( tctx , " \n Testing bad pwd count with: %s \n " , comment ) ;
torture_assert ( tctx , password_history_length < lockout_threshold ,
" password history length needs to be smaller than account lockout threshold for this test " ) ;
/* set policies */
info . info1 = * info1 ;
info . info1 . password_history_length = password_history_length ;
2013-11-08 07:21:39 +04:00
info . info1 . min_password_age = 0 ;
2010-01-11 23:18:51 +03:00
2010-01-22 02:21:29 +03:00
torture_assert ( tctx ,
2010-03-12 19:51:06 +03:00
test_SetDomainInfo ( b , tctx , domain_handle ,
2010-01-22 02:21:29 +03:00
DomainPasswordInformation , & info ) ,
2013-11-08 07:21:39 +04:00
" failed to set password history length and min passwd age " ) ;
2010-01-11 23:18:51 +03:00
info . info12 = * info12 ;
info . info12 . lockout_threshold = lockout_threshold ;
2013-12-05 07:57:49 +04:00
/* set lockout duration of 5 seconds */
info . info12 . lockout_duration = ~ ( lockout_seconds * delta_time_factor ) ;
info . info12 . lockout_window = ~ ( lockout_seconds * delta_time_factor ) ;
2010-01-22 02:21:29 +03:00
torture_assert ( tctx ,
2010-03-12 19:51:06 +03:00
test_SetDomainInfo ( b , tctx , domain_handle ,
2010-01-22 02:21:29 +03:00
DomainLockoutInformation , & info ) ,
" failed to set lockout threshold " ) ;
2010-01-11 23:18:51 +03:00
/* reset bad pwd count */
torture_assert ( tctx ,
test_reset_badpwdcount ( p , tctx , user_handle , acct_flags , password ) , " " ) ;
/* enable or disable account */
2010-01-22 01:55:51 +03:00
if ( disable ) {
torture_assert ( tctx ,
2010-03-12 19:51:06 +03:00
test_SetUserInfo_acct_flags ( b , tctx , user_handle ,
2010-01-22 01:55:51 +03:00
acct_flags | ACB_DISABLED ) ,
" failed to disable user " ) ;
} else {
torture_assert ( tctx ,
2010-03-12 19:51:06 +03:00
test_SetUserInfo_acct_flags ( b , tctx , user_handle ,
2010-01-22 01:55:51 +03:00
acct_flags & ~ ACB_DISABLED ) ,
" failed to enable user " ) ;
2010-01-11 23:18:51 +03:00
}
/* setup password history */
passwords = talloc_array ( tctx , char * , password_history_length ) ;
for ( i = 0 ; i < password_history_length ; i + + ) {
torture_assert ( tctx , test_SetUserPass ( p , tctx , user_handle , password ) ,
" failed to set password " ) ;
passwords [ i ] = talloc_strdup ( tctx , * password ) ;
if ( ! test_SamLogon_with_creds ( tctx , np , machine_credentials ,
acct_name , passwords [ i ] ,
expected_success_status , interactive ) ) {
torture_fail ( tctx , " failed to auth with latest password " ) ;
}
torture_assert ( tctx ,
2010-03-12 19:51:06 +03:00
test_QueryUserInfo_badpwdcount ( b , tctx , user_handle , & badpwdcount ) , " " ) ;
2010-01-11 23:18:51 +03:00
torture_assert_int_equal ( tctx , badpwdcount , 0 , " expected badpwdcount to be 0 " ) ;
}
/* test with wrong password */
if ( ! test_SamLogon_with_creds ( tctx , np , machine_credentials ,
acct_name , " random_crap " ,
NT_STATUS_WRONG_PASSWORD , interactive ) ) {
torture_fail ( tctx , " succeeded to authenticate with wrong password " ) ;
}
torture_assert ( tctx ,
2010-03-12 19:51:06 +03:00
test_QueryUserInfo_badpwdcount ( b , tctx , user_handle , & badpwdcount ) , " " ) ;
2010-01-11 23:18:51 +03:00
torture_assert_int_equal ( tctx , badpwdcount , 1 , " expected badpwdcount to be 1 " ) ;
/* test with latest good password */
if ( ! test_SamLogon_with_creds ( tctx , np , machine_credentials , acct_name ,
passwords [ password_history_length - 1 ] ,
expected_success_status , interactive ) ) {
torture_fail ( tctx , " succeeded to authenticate with wrong password " ) ;
}
torture_assert ( tctx ,
2010-03-12 19:51:06 +03:00
test_QueryUserInfo_badpwdcount ( b , tctx , user_handle , & badpwdcount ) , " " ) ;
2010-01-11 23:18:51 +03:00
if ( disable ) {
torture_assert_int_equal ( tctx , badpwdcount , 1 , " expected badpwdcount to be 1 " ) ;
} else {
/* only enabled accounts get the bad pwd count reset upon
* successful logon */
torture_assert_int_equal ( tctx , badpwdcount , 0 , " expected badpwdcount to be 0 " ) ;
}
tmp = badpwdcount ;
/* test password history */
for ( i = 0 ; i < password_history_length ; i + + ) {
torture_comment ( tctx , " Testing bad password count behavior with "
" password #%d of #%d \n " , i , password_history_length ) ;
/* - network samlogon will succeed auth and not
* increase badpwdcount for 2 last entries
* - interactive samlogon only for the last one */
if ( i = = password_history_length - 1 | |
( i = = password_history_length - 2 & & ! interactive ) ) {
if ( ! test_SamLogon_with_creds ( tctx , np , machine_credentials ,
acct_name , passwords [ i ] ,
expected_success_status , interactive ) ) {
2013-12-09 05:25:06 +04:00
torture_fail ( tctx , talloc_asprintf ( tctx , " did not successfully to obtain %s for %s login with old password (#%d of #%d in history) " ,
nt_errstr ( expected_success_status ) ,
interactive ? " interactive " : " network " , i , password_history_length ) ) ;
2010-01-11 23:18:51 +03:00
}
torture_assert ( tctx ,
2010-03-12 19:51:06 +03:00
test_QueryUserInfo_badpwdcount ( b , tctx , user_handle , & badpwdcount ) , " " ) ;
2010-01-11 23:18:51 +03:00
if ( disable ) {
/* torture_comment(tctx, "expecting bad pwd count to *NOT INCREASE* for pwd history entry %d\n", i); */
torture_assert_int_equal ( tctx , badpwdcount , tmp , " unexpected badpwdcount " ) ;
} else {
/* torture_comment(tctx, "expecting bad pwd count to be 0 for pwd history entry %d\n", i); */
torture_assert_int_equal ( tctx , badpwdcount , 0 , " expected badpwdcount to be 0 " ) ;
}
tmp = badpwdcount ;
continue ;
}
if ( ! test_SamLogon_with_creds ( tctx , np , machine_credentials ,
acct_name , passwords [ i ] ,
NT_STATUS_WRONG_PASSWORD , interactive ) ) {
torture_fail ( tctx , talloc_asprintf ( tctx , " succeeded to authenticate with old password (#%d of #%d in history) " , i , password_history_length ) ) ;
}
torture_assert ( tctx ,
2010-03-12 19:51:06 +03:00
test_QueryUserInfo_badpwdcount ( b , tctx , user_handle , & badpwdcount ) , " " ) ;
2010-01-11 23:18:51 +03:00
/* - network samlogon will fail auth but not increase
* badpwdcount for 3 rd last entry
* - interactive samlogon for 3 rd and 2 nd last entry */
if ( i = = password_history_length - 3 | |
( i = = password_history_length - 2 & & interactive ) ) {
/* torture_comment(tctx, "expecting bad pwd count to *NOT INCREASE * by one for pwd history entry %d\n", i); */
torture_assert_int_equal ( tctx , badpwdcount , tmp , " unexpected badpwdcount " ) ;
} else {
/* torture_comment(tctx, "expecting bad pwd count to increase by one for pwd history entry %d\n", i); */
torture_assert_int_equal ( tctx , badpwdcount , tmp + 1 , " unexpected badpwdcount " ) ;
}
tmp = badpwdcount ;
}
return true ;
}
static bool test_Password_badpwdcount_wrap ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
uint32_t acct_flags ,
const char * acct_name ,
struct policy_handle * domain_handle ,
struct policy_handle * user_handle ,
char * * password ,
struct cli_credentials * machine_credentials )
{
union samr_DomainInfo * q_info , s_info ;
struct samr_DomInfo1 info1 , _info1 ;
struct samr_DomInfo12 info12 , _info12 ;
bool ret = true ;
2010-03-12 19:51:06 +03:00
struct dcerpc_binding_handle * b = p - > binding_handle ;
2010-01-11 23:18:51 +03:00
struct dcerpc_pipe * np ;
int i ;
struct {
const char * comment ;
bool disabled ;
bool interactive ;
NTSTATUS expected_success_status ;
} creds [ ] = {
{
. comment = " network logon (disabled account) " ,
. disabled = true ,
. interactive = false ,
. expected_success_status = NT_STATUS_ACCOUNT_DISABLED
} ,
{
. comment = " network logon (enabled account) " ,
. disabled = false ,
. interactive = false ,
. expected_success_status = NT_STATUS_OK
} ,
{
. comment = " interactive logon (disabled account) " ,
. disabled = true ,
. interactive = true ,
. expected_success_status = NT_STATUS_ACCOUNT_DISABLED
} ,
{
. comment = " interactive logon (enabled account) " ,
. disabled = false ,
. interactive = true ,
. expected_success_status = NT_STATUS_OK
} ,
} ;
2010-01-15 02:25:06 +03:00
torture_assert ( tctx , setup_schannel_netlogon_pipe ( tctx , machine_credentials , & np ) , " " ) ;
2010-01-11 23:18:51 +03:00
/* backup old policies */
2010-01-22 02:47:42 +03:00
torture_assert ( tctx ,
2010-03-12 19:51:06 +03:00
test_QueryDomainInfo2_level ( b , tctx , domain_handle ,
2010-01-22 02:47:42 +03:00
DomainPasswordInformation , & q_info ) ,
" failed to query domain info level 1 " ) ;
2010-01-11 23:18:51 +03:00
2010-01-22 02:47:42 +03:00
info1 = q_info - > info1 ;
_info1 = info1 ;
2010-01-11 23:18:51 +03:00
2010-01-22 02:47:42 +03:00
torture_assert ( tctx ,
2010-03-12 19:51:06 +03:00
test_QueryDomainInfo2_level ( b , tctx , domain_handle ,
2010-01-22 02:47:42 +03:00
DomainLockoutInformation , & q_info ) ,
" failed to query domain info level 12 " ) ;
2010-01-11 23:18:51 +03:00
2010-01-22 02:47:42 +03:00
info12 = q_info - > info12 ;
2010-01-11 23:18:51 +03:00
_info12 = info12 ;
/* run tests */
for ( i = 0 ; i < ARRAY_SIZE ( creds ) ; i + + ) {
/* skip trust tests for now */
if ( acct_flags & ACB_WSTRUST | |
acct_flags & ACB_SVRTRUST | |
acct_flags & ACB_DOMTRUST ) {
continue ;
}
2013-12-09 05:25:06 +04:00
if ( ! test_Password_badpwdcount ( p , np , tctx , acct_flags , acct_name ,
domain_handle , user_handle , password ,
machine_credentials ,
creds [ i ] . comment ,
creds [ i ] . disabled ,
creds [ i ] . interactive ,
creds [ i ] . expected_success_status ,
& _info1 , & _info12 ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " TEST #%d (%s) failed \n " , i , creds [ i ] . comment ) ;
2013-12-09 05:25:06 +04:00
ret = false ;
2010-01-11 23:18:51 +03:00
} else {
torture_comment ( tctx , " TEST #%d (%s) succeeded \n " , i , creds [ i ] . comment ) ;
}
}
/* restore policies */
s_info . info1 = info1 ;
2010-01-22 02:21:29 +03:00
torture_assert ( tctx ,
2010-03-12 19:51:06 +03:00
test_SetDomainInfo ( b , tctx , domain_handle ,
2010-01-22 02:21:29 +03:00
DomainPasswordInformation , & s_info ) ,
" failed to set password information " ) ;
2010-01-11 23:18:51 +03:00
s_info . info12 = info12 ;
2010-01-22 02:21:29 +03:00
torture_assert ( tctx ,
2010-03-12 19:51:06 +03:00
test_SetDomainInfo ( b , tctx , domain_handle ,
2010-01-22 02:21:29 +03:00
DomainLockoutInformation , & s_info ) ,
" failed to set lockout information " ) ;
2010-01-11 23:18:51 +03:00
return ret ;
}
2013-10-31 07:57:10 +04:00
static bool test_QueryUserInfo_lockout ( struct dcerpc_binding_handle * b ,
struct torture_context * tctx ,
struct policy_handle * domain_handle ,
const char * acct_name ,
uint16_t raw_bad_password_count ,
uint16_t effective_bad_password_count ,
uint32_t effective_acb_lockout )
2010-01-15 20:08:57 +03:00
{
2013-11-25 08:23:53 +04:00
struct policy_handle user_handle ;
2013-10-31 07:57:10 +04:00
union samr_UserInfo * i ;
2010-01-15 20:08:57 +03:00
struct samr_QueryUserInfo r ;
2013-11-25 08:23:53 +04:00
NTSTATUS status = test_OpenUser_byname ( b , tctx , domain_handle , acct_name , & user_handle ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return false ;
}
r . in . user_handle = & user_handle ;
2013-10-31 07:57:10 +04:00
r . in . level = 3 ;
r . out . info = & i ;
2010-01-15 20:08:57 +03:00
torture_comment ( tctx , " Testing QueryUserInfo level %d " , r . in . level ) ;
2013-10-31 07:57:10 +04:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_QueryUserInfo_r ( b , tctx , & r ) ,
" failed to query userinfo " ) ;
torture_assert_ntstatus_ok ( tctx , r . out . result ,
" failed to query userinfo " ) ;
torture_comment ( tctx , " (acct_flags: 0x%08x) (raw_bad_pwd_count: %u) \n " ,
i - > info3 . acct_flags , i - > info3 . bad_password_count ) ;
torture_assert_int_equal ( tctx , i - > info3 . bad_password_count ,
raw_bad_password_count ,
" raw badpwdcount " ) ;
torture_assert_int_equal ( tctx , i - > info3 . acct_flags & ACB_AUTOLOCK ,
effective_acb_lockout ,
" effective acb_lockout " ) ;
TALLOC_FREE ( i ) ;
2010-01-15 20:08:57 +03:00
2013-10-31 07:57:10 +04:00
r . in . user_handle = & user_handle ;
r . in . level = 5 ;
r . out . info = & i ;
torture_comment ( tctx , " Testing QueryUserInfo level %d " , r . in . level ) ;
2010-03-12 19:51:06 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_QueryUserInfo_r ( b , tctx , & r ) ,
2010-01-15 20:08:57 +03:00
" failed to query userinfo " ) ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , r . out . result ,
" failed to query userinfo " ) ;
2013-10-31 07:57:10 +04:00
torture_comment ( tctx , " (acct_flags: 0x%08x) (effective_bad_pwd_count: %u) \n " ,
i - > info5 . acct_flags , i - > info5 . bad_password_count ) ;
torture_assert_int_equal ( tctx , i - > info5 . bad_password_count ,
effective_bad_password_count ,
" effective badpwdcount " ) ;
torture_assert_int_equal ( tctx , i - > info5 . acct_flags & ACB_AUTOLOCK ,
effective_acb_lockout ,
" effective acb_lockout " ) ;
TALLOC_FREE ( i ) ;
2010-01-15 20:08:57 +03:00
2013-10-31 07:57:10 +04:00
r . in . user_handle = & user_handle ;
r . in . level = 16 ;
r . out . info = & i ;
torture_comment ( tctx , " Testing QueryUserInfo level %d " , r . in . level ) ;
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_QueryUserInfo_r ( b , tctx , & r ) ,
" failed to query userinfo " ) ;
torture_assert_ntstatus_ok ( tctx , r . out . result ,
" failed to query userinfo " ) ;
torture_comment ( tctx , " (acct_flags: 0x%08x) \n " ,
i - > info16 . acct_flags ) ;
torture_assert_int_equal ( tctx , i - > info16 . acct_flags & ACB_AUTOLOCK ,
effective_acb_lockout ,
" effective acb_lockout " ) ;
TALLOC_FREE ( i ) ;
2010-01-15 20:08:57 +03:00
2013-10-31 07:57:10 +04:00
r . in . user_handle = & user_handle ;
r . in . level = 21 ;
r . out . info = & i ;
torture_comment ( tctx , " Testing QueryUserInfo level %d " , r . in . level ) ;
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_QueryUserInfo_r ( b , tctx , & r ) ,
" failed to query userinfo " ) ;
torture_assert_ntstatus_ok ( tctx , r . out . result ,
" failed to query userinfo " ) ;
torture_comment ( tctx , " (acct_flags: 0x%08x) (effective_bad_pwd_count: %u) \n " ,
i - > info21 . acct_flags , i - > info21 . bad_password_count ) ;
torture_assert_int_equal ( tctx , i - > info21 . bad_password_count ,
effective_bad_password_count ,
" effective badpwdcount " ) ;
torture_assert_int_equal ( tctx , i - > info21 . acct_flags & ACB_AUTOLOCK ,
effective_acb_lockout ,
" effective acb_lockout " ) ;
TALLOC_FREE ( i ) ;
2010-01-15 20:08:57 +03:00
2013-11-25 08:23:53 +04:00
if ( ! test_samr_handle_Close ( b , tctx , & user_handle ) ) {
return false ;
}
2010-01-15 20:08:57 +03:00
return true ;
}
static bool test_Password_lockout ( struct dcerpc_pipe * p ,
struct dcerpc_pipe * np ,
struct torture_context * tctx ,
uint32_t acct_flags ,
const char * acct_name ,
struct policy_handle * domain_handle ,
struct policy_handle * user_handle ,
char * * password ,
struct cli_credentials * machine_credentials ,
const char * comment ,
bool disable ,
bool interactive ,
2014-03-16 12:14:51 +04:00
uint32_t password_history_length ,
2010-01-15 20:08:57 +03:00
NTSTATUS expected_success_status ,
struct samr_DomInfo1 * info1 ,
struct samr_DomInfo12 * info12 )
{
union samr_DomainInfo info ;
uint64_t lockout_threshold = 1 ;
uint32_t lockout_seconds = 5 ;
uint64_t delta_time_factor = 10 * 1000 * 1000 ;
2010-03-12 19:51:06 +03:00
struct dcerpc_binding_handle * b = p - > binding_handle ;
2010-01-15 20:08:57 +03:00
2013-11-04 03:26:18 +04:00
if ( torture_setting_bool ( tctx , " samba3 " , false ) ) {
lockout_seconds = 60 ;
}
2010-01-15 20:08:57 +03:00
torture_comment ( tctx , " \n Testing account lockout: %s \n " , comment ) ;
/* set policies */
info . info1 = * info1 ;
2014-03-16 12:14:51 +04:00
torture_comment ( tctx , " setting password history length to %d. \n " , password_history_length ) ;
2010-01-15 20:08:57 +03:00
info . info1 . password_history_length = password_history_length ;
2013-11-08 07:21:39 +04:00
torture_comment ( tctx , " setting min password again. \n " ) ;
info . info1 . min_password_age = 0 ;
2010-01-22 02:21:29 +03:00
torture_assert ( tctx ,
2010-03-12 19:51:06 +03:00
test_SetDomainInfo ( b , tctx , domain_handle ,
2010-01-22 02:21:29 +03:00
DomainPasswordInformation , & info ) ,
" failed to set password history length " ) ;
2010-01-15 20:08:57 +03:00
info . info12 = * info12 ;
info . info12 . lockout_threshold = lockout_threshold ;
/* set lockout duration < lockout window: should fail */
info . info12 . lockout_duration = ~ ( lockout_seconds * delta_time_factor ) ;
info . info12 . lockout_window = ~ ( ( lockout_seconds + 1 ) * delta_time_factor ) ;
2010-01-22 02:46:19 +03:00
torture_assert ( tctx ,
2010-03-12 19:51:06 +03:00
test_SetDomainInfo_ntstatus ( b , tctx , domain_handle ,
2010-01-22 02:46:19 +03:00
DomainLockoutInformation , & info ,
NT_STATUS_INVALID_PARAMETER ) ,
" setting lockout duration < lockout window gave unexpected result " ) ;
2010-01-15 20:08:57 +03:00
info . info12 . lockout_duration = 0 ;
info . info12 . lockout_window = 0 ;
2010-01-22 02:21:29 +03:00
torture_assert ( tctx ,
2010-03-12 19:51:06 +03:00
test_SetDomainInfo ( b , tctx , domain_handle ,
2010-01-22 02:21:29 +03:00
DomainLockoutInformation , & info ) ,
" failed to set lockout window and duration to 0 " ) ;
2010-01-15 20:08:57 +03:00
/* set lockout duration of 5 seconds */
info . info12 . lockout_duration = ~ ( lockout_seconds * delta_time_factor ) ;
info . info12 . lockout_window = ~ ( lockout_seconds * delta_time_factor ) ;
2010-01-22 02:21:29 +03:00
torture_assert ( tctx ,
2010-03-12 19:51:06 +03:00
test_SetDomainInfo ( b , tctx , domain_handle ,
2010-01-22 02:21:29 +03:00
DomainLockoutInformation , & info ) ,
" failed to set lockout window and duration to 5 seconds " ) ;
2010-01-15 20:08:57 +03:00
/* reset bad pwd count */
torture_assert ( tctx ,
test_reset_badpwdcount ( p , tctx , user_handle , acct_flags , password ) , " " ) ;
/* enable or disable account */
2010-01-22 01:55:51 +03:00
if ( disable ) {
torture_assert ( tctx ,
2010-03-12 19:51:06 +03:00
test_SetUserInfo_acct_flags ( b , tctx , user_handle ,
2010-01-22 01:55:51 +03:00
acct_flags | ACB_DISABLED ) ,
" failed to disable user " ) ;
} else {
torture_assert ( tctx ,
2010-03-12 19:51:06 +03:00
test_SetUserInfo_acct_flags ( b , tctx , user_handle ,
2010-01-22 01:55:51 +03:00
acct_flags & ~ ACB_DISABLED ) ,
" failed to enable user " ) ;
2010-01-15 20:08:57 +03:00
}
2010-01-22 01:55:51 +03:00
2010-01-15 20:08:57 +03:00
/* test logon with right password */
if ( ! test_SamLogon_with_creds ( tctx , np , machine_credentials ,
acct_name , * password ,
expected_success_status , interactive ) ) {
torture_fail ( tctx , " failed to auth with latest password " ) ;
}
torture_assert ( tctx ,
2013-10-31 07:57:10 +04:00
test_QueryUserInfo_lockout ( b , tctx , domain_handle , acct_name ,
0 , 0 , 0 ) ,
" expected account to not be locked " ) ;
2010-01-15 20:08:57 +03:00
/* test with wrong password ==> lockout */
if ( ! test_SamLogon_with_creds ( tctx , np , machine_credentials ,
acct_name , " random_crap " ,
NT_STATUS_WRONG_PASSWORD , interactive ) ) {
torture_fail ( tctx , " succeeded to authenticate with wrong password " ) ;
}
2013-10-31 07:57:10 +04:00
/*
* curiously , windows does _not_ return fresh values of
* effective bad_password_count and ACB_AUTOLOCK .
*/
2010-01-15 20:08:57 +03:00
torture_assert ( tctx ,
2013-10-31 07:57:10 +04:00
test_QueryUserInfo_lockout ( b , tctx , domain_handle , acct_name ,
1 , 1 , ACB_AUTOLOCK ) ,
" expected account to not be locked " ) ;
2010-01-15 20:08:57 +03:00
/* test with good password */
if ( ! test_SamLogon_with_creds ( tctx , np , machine_credentials , acct_name ,
* password ,
NT_STATUS_ACCOUNT_LOCKED_OUT , interactive ) )
{
torture_fail ( tctx , " authenticate did not return NT_STATUS_ACCOUNT_LOCKED_OUT " ) ;
}
/* bad pwd count should not get updated */
torture_assert ( tctx ,
2013-10-31 07:57:10 +04:00
test_QueryUserInfo_lockout ( b , tctx , domain_handle , acct_name ,
1 , 1 , ACB_AUTOLOCK ) ,
" expected account to be locked " ) ;
2010-01-15 20:08:57 +03:00
torture_assert ( tctx ,
2013-10-31 07:57:10 +04:00
test_ChangePasswordUser2_ntstatus ( p , tctx , acct_name , * password ,
NT_STATUS_ACCOUNT_LOCKED_OUT ) ,
" got wrong status from ChangePasswordUser2 " ) ;
2010-01-15 20:08:57 +03:00
2013-10-31 07:57:10 +04:00
/* bad pwd count should not get updated */
torture_assert ( tctx ,
test_QueryUserInfo_lockout ( b , tctx , domain_handle , acct_name ,
1 , 1 , ACB_AUTOLOCK ) ,
" expected account to be locked " ) ;
torture_assert ( tctx ,
test_ChangePasswordUser2_ntstatus ( p , tctx , acct_name , " random_crap " , NT_STATUS_ACCOUNT_LOCKED_OUT ) ,
" got wrong status from ChangePasswordUser2 " ) ;
/* bad pwd count should not get updated */
torture_assert ( tctx ,
test_QueryUserInfo_lockout ( b , tctx , domain_handle , acct_name ,
1 , 1 , ACB_AUTOLOCK ) ,
" expected account to be locked " ) ;
2010-01-15 20:08:57 +03:00
/* with bad password */
if ( ! test_SamLogon_with_creds ( tctx , np , machine_credentials ,
acct_name , " random_crap2 " ,
NT_STATUS_ACCOUNT_LOCKED_OUT , interactive ) )
{
torture_fail ( tctx , " authenticate did not return NT_STATUS_ACCOUNT_LOCKED_OUT " ) ;
}
/* bad pwd count should not get updated */
torture_assert ( tctx ,
2013-10-31 07:57:10 +04:00
test_QueryUserInfo_lockout ( b , tctx , domain_handle , acct_name ,
1 , 1 , ACB_AUTOLOCK ) ,
" expected account to be locked " ) ;
/* let lockout duration expire ==> unlock */
torture_comment ( tctx , " let lockout duration expire... \n " ) ;
sleep ( lockout_seconds + 1 ) ;
2010-01-15 20:08:57 +03:00
torture_assert ( tctx ,
2013-10-31 07:57:10 +04:00
test_QueryUserInfo_lockout ( b , tctx , domain_handle , acct_name ,
1 , 0 , 0 ) ,
" expected account to not be locked " ) ;
2010-01-15 20:08:57 +03:00
2013-10-31 07:57:10 +04:00
if ( ! test_SamLogon_with_creds ( tctx , np , machine_credentials , acct_name ,
* password ,
expected_success_status , interactive ) )
{
torture_fail ( tctx , " failed to authenticate after lockout expired " ) ;
}
if ( NT_STATUS_IS_OK ( expected_success_status ) ) {
torture_assert ( tctx ,
test_QueryUserInfo_lockout ( b , tctx , domain_handle , acct_name ,
0 , 0 , 0 ) ,
" expected account to not be locked " ) ;
} else {
torture_assert ( tctx ,
test_QueryUserInfo_lockout ( b , tctx , domain_handle , acct_name ,
1 , 0 , 0 ) ,
" expected account to not be locked " ) ;
}
torture_assert ( tctx ,
test_ChangePasswordUser2_ntstatus ( p , tctx , acct_name , " random_crap " , NT_STATUS_WRONG_PASSWORD ) ,
" got wrong status from ChangePasswordUser2 " ) ;
torture_assert ( tctx ,
test_QueryUserInfo_lockout ( b , tctx , domain_handle , acct_name ,
1 , 1 , ACB_AUTOLOCK ) ,
" expected account to be locked " ) ;
torture_assert ( tctx ,
test_ChangePasswordUser2_ntstatus ( p , tctx , acct_name , * password , NT_STATUS_ACCOUNT_LOCKED_OUT ) ,
" got wrong status from ChangePasswordUser2 " ) ;
torture_assert ( tctx ,
test_QueryUserInfo_lockout ( b , tctx , domain_handle , acct_name ,
1 , 1 , ACB_AUTOLOCK ) ,
" expected account to be locked " ) ;
torture_assert ( tctx ,
test_ChangePasswordUser2_ntstatus ( p , tctx , acct_name , " random_crap " , NT_STATUS_ACCOUNT_LOCKED_OUT ) ,
" got wrong status from ChangePasswordUser2 " ) ;
torture_assert ( tctx ,
test_QueryUserInfo_lockout ( b , tctx , domain_handle , acct_name ,
1 , 1 , ACB_AUTOLOCK ) ,
" expected account to be locked " ) ;
2010-01-15 20:08:57 +03:00
/* let lockout duration expire ==> unlock */
torture_comment ( tctx , " let lockout duration expire... \n " ) ;
sleep ( lockout_seconds + 1 ) ;
2013-10-31 07:57:10 +04:00
torture_assert ( tctx ,
test_QueryUserInfo_lockout ( b , tctx , domain_handle , acct_name ,
1 , 0 , 0 ) ,
" expected account to not be locked " ) ;
2010-01-15 20:08:57 +03:00
if ( ! test_SamLogon_with_creds ( tctx , np , machine_credentials , acct_name ,
* password ,
expected_success_status , interactive ) )
{
torture_fail ( tctx , " failed to authenticate after lockout expired " ) ;
}
2013-10-31 07:57:10 +04:00
if ( NT_STATUS_IS_OK ( expected_success_status ) ) {
torture_assert ( tctx ,
test_QueryUserInfo_lockout ( b , tctx , domain_handle , acct_name ,
0 , 0 , 0 ) ,
" expected account to not be locked " ) ;
} else {
torture_assert ( tctx ,
test_QueryUserInfo_lockout ( b , tctx , domain_handle , acct_name ,
1 , 0 , 0 ) ,
" expected account to not be locked " ) ;
}
/* Testing ChangePasswordUser behaviour with 3 attempts */
info . info12 . lockout_threshold = 3 ;
2010-01-15 20:08:57 +03:00
torture_assert ( tctx ,
2013-10-31 07:57:10 +04:00
test_SetDomainInfo ( b , tctx , domain_handle ,
DomainLockoutInformation , & info ) ,
" failed to set lockout threshold to 3 " ) ;
if ( NT_STATUS_IS_OK ( expected_success_status ) ) {
torture_assert ( tctx ,
test_QueryUserInfo_lockout ( b , tctx , domain_handle , acct_name ,
0 , 0 , 0 ) ,
" expected account to not be locked " ) ;
} else {
torture_assert ( tctx ,
test_QueryUserInfo_lockout ( b , tctx , domain_handle , acct_name ,
1 , 0 , 0 ) ,
" expected account to not be locked " ) ;
}
torture_assert ( tctx ,
test_ChangePasswordUser2_ntstatus ( p , tctx , acct_name , " random_crap " , NT_STATUS_WRONG_PASSWORD ) ,
" got wrong status from ChangePasswordUser2 " ) ;
/* bad pwd count will get updated */
torture_assert ( tctx ,
test_QueryUserInfo_lockout ( b , tctx , domain_handle , acct_name ,
1 , 1 , 0 ) ,
" expected account to not be locked " ) ;
torture_assert ( tctx ,
test_ChangePasswordUser2_ntstatus ( p , tctx , acct_name , " random_crap " , NT_STATUS_WRONG_PASSWORD ) ,
" got wrong status from ChangePasswordUser2 " ) ;
/* bad pwd count will get updated */
torture_assert ( tctx ,
test_QueryUserInfo_lockout ( b , tctx , domain_handle , acct_name ,
2 , 2 , 0 ) ,
" expected account to not be locked " ) ;
torture_assert ( tctx ,
test_ChangePasswordUser2_ntstatus ( p , tctx , acct_name , " random_crap " , NT_STATUS_WRONG_PASSWORD ) ,
" got wrong status from ChangePasswordUser2 " ) ;
/* bad pwd count should get updated */
torture_assert ( tctx ,
test_QueryUserInfo_lockout ( b , tctx , domain_handle , acct_name ,
3 , 3 , ACB_AUTOLOCK ) ,
" expected account to be locked " ) ;
torture_assert ( tctx ,
test_ChangePasswordUser2_ntstatus ( p , tctx , acct_name , * password , NT_STATUS_ACCOUNT_LOCKED_OUT ) ,
" got wrong status from ChangePasswordUser2 " ) ;
/* bad pwd count should not get updated */
torture_assert ( tctx ,
test_QueryUserInfo_lockout ( b , tctx , domain_handle , acct_name ,
3 , 3 , ACB_AUTOLOCK ) ,
" expected account to be locked " ) ;
/* let lockout duration expire ==> unlock */
torture_comment ( tctx , " let lockout duration expire... \n " ) ;
sleep ( lockout_seconds + 1 ) ;
torture_assert ( tctx ,
test_QueryUserInfo_lockout ( b , tctx , domain_handle , acct_name ,
3 , 0 , 0 ) ,
" expected account to not be locked " ) ;
torture_assert ( tctx ,
test_ChangePasswordUser2 ( p , tctx , acct_name , password , NULL , false ) ,
" got wrong status from ChangePasswordUser2 " ) ;
torture_assert ( tctx ,
test_QueryUserInfo_lockout ( b , tctx , domain_handle , acct_name ,
3 , 0 , 0 ) ,
" expected account to not be locked " ) ;
/* Used to reset the badPwdCount for the other tests */
if ( ! test_SamLogon_with_creds ( tctx , np , machine_credentials , acct_name ,
* password ,
expected_success_status , interactive ) )
{
torture_fail ( tctx , " failed to authenticate after lockout expired " ) ;
}
if ( NT_STATUS_IS_OK ( expected_success_status ) ) {
torture_assert ( tctx ,
test_QueryUserInfo_lockout ( b , tctx , domain_handle , acct_name ,
0 , 0 , 0 ) ,
" expected account to not be locked " ) ;
} else {
torture_assert ( tctx ,
test_QueryUserInfo_lockout ( b , tctx , domain_handle , acct_name ,
3 , 0 , 0 ) ,
" expected account to not be locked " ) ;
}
2010-01-15 20:08:57 +03:00
return true ;
}
static bool test_Password_lockout_wrap ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
uint32_t acct_flags ,
const char * acct_name ,
struct policy_handle * domain_handle ,
struct policy_handle * user_handle ,
char * * password ,
struct cli_credentials * machine_credentials )
{
union samr_DomainInfo * q_info , s_info ;
struct samr_DomInfo1 info1 , _info1 ;
struct samr_DomInfo12 info12 , _info12 ;
bool ret = true ;
2010-03-12 19:51:06 +03:00
struct dcerpc_binding_handle * b = p - > binding_handle ;
2010-01-15 20:08:57 +03:00
struct dcerpc_pipe * np ;
int i ;
struct {
const char * comment ;
bool disabled ;
bool interactive ;
2014-03-16 12:14:51 +04:00
uint32_t password_history_length ;
2010-01-15 20:08:57 +03:00
NTSTATUS expected_success_status ;
} creds [ ] = {
{
. comment = " network logon (disabled account) " ,
. disabled = true ,
. interactive = false ,
. expected_success_status = NT_STATUS_ACCOUNT_DISABLED
} ,
{
. comment = " network logon (enabled account) " ,
. disabled = false ,
. interactive = false ,
. expected_success_status = NT_STATUS_OK
} ,
2014-03-16 12:14:51 +04:00
{
. comment = " network logon (enabled account, history len = 1) " ,
. disabled = false ,
. interactive = false ,
. expected_success_status = NT_STATUS_OK ,
. password_history_length = 1
} ,
2010-01-15 20:08:57 +03:00
{
. comment = " interactive logon (disabled account) " ,
. disabled = true ,
. interactive = true ,
. expected_success_status = NT_STATUS_ACCOUNT_DISABLED
} ,
{
. comment = " interactive logon (enabled account) " ,
. disabled = false ,
. interactive = true ,
. expected_success_status = NT_STATUS_OK
} ,
2014-03-16 12:14:51 +04:00
{
. comment = " interactive logon (enabled account, history len = 1) " ,
. disabled = false ,
. interactive = true ,
. expected_success_status = NT_STATUS_OK ,
. password_history_length = 1
} ,
2010-01-15 20:08:57 +03:00
} ;
torture_assert ( tctx , setup_schannel_netlogon_pipe ( tctx , machine_credentials , & np ) , " " ) ;
/* backup old policies */
2010-01-22 02:47:42 +03:00
torture_assert ( tctx ,
2010-03-12 19:51:06 +03:00
test_QueryDomainInfo2_level ( b , tctx , domain_handle ,
2010-01-22 02:47:42 +03:00
DomainPasswordInformation , & q_info ) ,
" failed to query domain info level 1 " ) ;
2010-01-15 20:08:57 +03:00
2010-01-22 02:47:42 +03:00
info1 = q_info - > info1 ;
_info1 = info1 ;
2010-01-15 20:08:57 +03:00
2010-01-22 02:47:42 +03:00
torture_assert ( tctx ,
2010-03-12 19:51:06 +03:00
test_QueryDomainInfo2_level ( b , tctx , domain_handle ,
2010-01-22 02:47:42 +03:00
DomainLockoutInformation , & q_info ) ,
" failed to query domain info level 12 " ) ;
2010-01-15 20:08:57 +03:00
2010-01-22 02:47:42 +03:00
info12 = q_info - > info12 ;
2010-01-15 20:08:57 +03:00
_info12 = info12 ;
/* run tests */
for ( i = 0 ; i < ARRAY_SIZE ( creds ) ; i + + ) {
2014-03-16 13:59:32 +04:00
bool test_passed ;
2010-01-15 20:08:57 +03:00
/* skip trust tests for now */
if ( acct_flags & ACB_WSTRUST | |
acct_flags & ACB_SVRTRUST | |
acct_flags & ACB_DOMTRUST ) {
continue ;
}
2014-03-16 13:59:32 +04:00
test_passed = test_Password_lockout ( p , np , tctx , acct_flags , acct_name ,
2010-01-15 20:08:57 +03:00
domain_handle , user_handle , password ,
machine_credentials ,
creds [ i ] . comment ,
creds [ i ] . disabled ,
creds [ i ] . interactive ,
2014-03-16 12:14:51 +04:00
creds [ i ] . password_history_length ,
2010-01-15 20:08:57 +03:00
creds [ i ] . expected_success_status ,
& _info1 , & _info12 ) ;
2014-03-16 13:59:32 +04:00
ret & = test_passed ;
if ( ! test_passed ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " TEST #%d (%s) failed \n " , i , creds [ i ] . comment ) ;
2014-03-16 13:59:32 +04:00
break ;
2010-01-15 20:08:57 +03:00
} else {
torture_comment ( tctx , " TEST #%d (%s) succeeded \n " , i , creds [ i ] . comment ) ;
}
}
/* restore policies */
s_info . info1 = info1 ;
2010-01-22 02:21:29 +03:00
torture_assert ( tctx ,
2010-03-12 19:51:06 +03:00
test_SetDomainInfo ( b , tctx , domain_handle ,
2010-01-22 02:21:29 +03:00
DomainPasswordInformation , & s_info ) ,
" failed to set password information " ) ;
2010-01-15 20:08:57 +03:00
s_info . info12 = info12 ;
2010-01-22 02:21:29 +03:00
torture_assert ( tctx ,
2010-03-12 19:51:06 +03:00
test_SetDomainInfo ( b , tctx , domain_handle ,
2010-01-22 02:21:29 +03:00
DomainLockoutInformation , & s_info ) ,
" failed to set lockout information " ) ;
2010-01-15 20:08:57 +03:00
return ret ;
}
2009-05-18 21:37:13 +04:00
static bool test_DeleteUser_with_privs ( struct dcerpc_pipe * p ,
struct dcerpc_pipe * lp ,
struct torture_context * tctx ,
struct policy_handle * domain_handle ,
struct policy_handle * lsa_handle ,
struct policy_handle * user_handle ,
const struct dom_sid * domain_sid ,
uint32_t rid ,
struct cli_credentials * machine_credentials )
{
bool ret = true ;
2010-03-12 19:51:06 +03:00
struct dcerpc_binding_handle * b = p - > binding_handle ;
struct dcerpc_binding_handle * lb = lp - > binding_handle ;
2009-05-18 21:37:13 +04:00
struct policy_handle lsa_acct_handle ;
struct dom_sid * user_sid ;
user_sid = dom_sid_add_rid ( tctx , domain_sid , rid ) ;
{
struct lsa_EnumAccountRights r ;
struct lsa_RightSet rights ;
2009-06-17 03:20:03 +04:00
torture_comment ( tctx , " Testing LSA EnumAccountRights \n " ) ;
2009-05-18 21:37:13 +04:00
r . in . handle = lsa_handle ;
r . in . sid = user_sid ;
r . out . rights = & rights ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_lsa_EnumAccountRights_r ( lb , tctx , & r ) ,
" lsa_EnumAccountRights failed " ) ;
torture_assert_ntstatus_equal ( tctx , r . out . result , NT_STATUS_OBJECT_NAME_NOT_FOUND ,
2009-05-18 21:37:13 +04:00
" Expected enum rights for account to fail " ) ;
}
{
struct lsa_RightSet rights ;
struct lsa_StringLarge names [ 2 ] ;
struct lsa_AddAccountRights r ;
2009-06-17 03:20:03 +04:00
torture_comment ( tctx , " Testing LSA AddAccountRights \n " ) ;
2009-05-18 21:37:13 +04:00
init_lsa_StringLarge ( & names [ 0 ] , " SeMachineAccountPrivilege " ) ;
init_lsa_StringLarge ( & names [ 1 ] , NULL ) ;
rights . count = 1 ;
rights . names = names ;
r . in . handle = lsa_handle ;
r . in . sid = user_sid ;
r . in . rights = & rights ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_lsa_AddAccountRights_r ( lb , tctx , & r ) ,
" lsa_AddAccountRights failed " ) ;
torture_assert_ntstatus_ok ( tctx , r . out . result ,
2009-05-18 21:37:13 +04:00
" Failed to add privileges " ) ;
}
2017-04-28 06:31:40 +03:00
{
struct lsa_RightSet rights ;
struct lsa_StringLarge names [ 2 ] ;
struct lsa_AddAccountRights r ;
torture_comment ( tctx , " Testing LSA AddAccountRights 1 \n " ) ;
init_lsa_StringLarge ( & names [ 0 ] , " SeInteractiveLogonRight " ) ;
init_lsa_StringLarge ( & names [ 1 ] , NULL ) ;
rights . count = 1 ;
rights . names = names ;
r . in . handle = lsa_handle ;
r . in . sid = user_sid ;
r . in . rights = & rights ;
torture_assert_ntstatus_ok ( tctx , dcerpc_lsa_AddAccountRights_r ( lb , tctx , & r ) ,
" lsa_AddAccountRights 1 failed " ) ;
if ( torture_setting_bool ( tctx , " nt4_dc " , false ) ) {
/*
* The NT4 DC doesn ' t implement Rights .
*/
torture_assert_ntstatus_equal ( tctx , r . out . result ,
NT_STATUS_NO_SUCH_PRIVILEGE ,
" Add rights failed with incorrect error " ) ;
} else {
torture_assert_ntstatus_ok ( tctx , r . out . result ,
" Failed to add rights " ) ;
}
}
2009-05-18 21:37:13 +04:00
{
struct lsa_EnumAccounts r ;
uint32_t resume_handle = 0 ;
struct lsa_SidArray lsa_sid_array ;
int i ;
bool found_sid = false ;
2009-06-17 03:20:03 +04:00
torture_comment ( tctx , " Testing LSA EnumAccounts \n " ) ;
2009-05-18 21:37:13 +04:00
r . in . handle = lsa_handle ;
r . in . num_entries = 0x1000 ;
r . in . resume_handle = & resume_handle ;
r . out . sids = & lsa_sid_array ;
r . out . resume_handle = & resume_handle ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_lsa_EnumAccounts_r ( lb , tctx , & r ) ,
" lsa_EnumAccounts failed " ) ;
torture_assert_ntstatus_ok ( tctx , r . out . result ,
2009-05-18 21:37:13 +04:00
" Failed to enum accounts " ) ;
for ( i = 0 ; i < lsa_sid_array . num_sids ; i + + ) {
if ( dom_sid_equal ( user_sid , lsa_sid_array . sids [ i ] . sid ) ) {
found_sid = true ;
}
}
torture_assert ( tctx , found_sid ,
" failed to list privileged account " ) ;
}
{
struct lsa_EnumAccountRights r ;
struct lsa_RightSet user_rights ;
2017-04-28 06:31:40 +03:00
uint32_t expected_count = 2 ;
if ( torture_setting_bool ( tctx , " nt4_dc " , false ) ) {
/*
* NT4 DC doesn ' t store rights .
*/
expected_count = 1 ;
}
2009-05-18 21:37:13 +04:00
2009-06-17 03:20:03 +04:00
torture_comment ( tctx , " Testing LSA EnumAccountRights \n " ) ;
2009-05-18 21:37:13 +04:00
r . in . handle = lsa_handle ;
r . in . sid = user_sid ;
r . out . rights = & user_rights ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_lsa_EnumAccountRights_r ( lb , tctx , & r ) ,
" lsa_EnumAccountRights failed " ) ;
torture_assert_ntstatus_ok ( tctx , r . out . result ,
2009-05-18 21:37:13 +04:00
" Failed to enum rights for account " ) ;
2017-04-28 06:31:40 +03:00
if ( user_rights . count < expected_count ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " failed to find newly added rights " ) ;
2009-05-18 21:37:13 +04:00
return false ;
}
}
{
struct lsa_OpenAccount r ;
2009-06-17 03:20:03 +04:00
torture_comment ( tctx , " Testing LSA OpenAccount \n " ) ;
2009-05-18 21:37:13 +04:00
r . in . handle = lsa_handle ;
r . in . sid = user_sid ;
r . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
r . out . acct_handle = & lsa_acct_handle ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_lsa_OpenAccount_r ( lb , tctx , & r ) ,
" lsa_OpenAccount failed " ) ;
torture_assert_ntstatus_ok ( tctx , r . out . result ,
2009-05-18 21:37:13 +04:00
" Failed to open lsa account " ) ;
}
{
struct lsa_GetSystemAccessAccount r ;
uint32_t access_mask ;
2009-06-17 03:20:03 +04:00
torture_comment ( tctx , " Testing LSA GetSystemAccessAccount \n " ) ;
2009-05-18 21:37:13 +04:00
r . in . handle = & lsa_acct_handle ;
r . out . access_mask = & access_mask ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_lsa_GetSystemAccessAccount_r ( lb , tctx , & r ) ,
" lsa_GetSystemAccessAccount failed " ) ;
torture_assert_ntstatus_ok ( tctx , r . out . result ,
2009-05-18 21:37:13 +04:00
" Failed to get lsa system access account " ) ;
}
{
struct lsa_Close r ;
2009-06-17 03:20:03 +04:00
torture_comment ( tctx , " Testing LSA Close \n " ) ;
2009-05-18 21:37:13 +04:00
r . in . handle = & lsa_acct_handle ;
r . out . handle = & lsa_acct_handle ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_lsa_Close_r ( lb , tctx , & r ) ,
" lsa_Close failed " ) ;
torture_assert_ntstatus_ok ( tctx , r . out . result ,
2009-05-18 21:37:13 +04:00
" Failed to close lsa " ) ;
}
{
struct samr_DeleteUser r ;
2009-06-17 03:20:03 +04:00
torture_comment ( tctx , " Testing SAMR DeleteUser \n " ) ;
2009-05-18 21:37:13 +04:00
r . in . user_handle = user_handle ;
r . out . user_handle = user_handle ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_DeleteUser_r ( b , tctx , & r ) ,
" DeleteUser failed " ) ;
torture_assert_ntstatus_ok ( tctx , r . out . result ,
" DeleteUser failed " ) ;
2009-05-18 21:37:13 +04:00
}
{
struct lsa_EnumAccounts r ;
uint32_t resume_handle = 0 ;
struct lsa_SidArray lsa_sid_array ;
int i ;
bool found_sid = false ;
2009-06-17 03:20:03 +04:00
torture_comment ( tctx , " Testing LSA EnumAccounts \n " ) ;
2009-05-18 21:37:13 +04:00
r . in . handle = lsa_handle ;
r . in . num_entries = 0x1000 ;
r . in . resume_handle = & resume_handle ;
r . out . sids = & lsa_sid_array ;
r . out . resume_handle = & resume_handle ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_lsa_EnumAccounts_r ( lb , tctx , & r ) ,
" lsa_EnumAccounts failed " ) ;
torture_assert_ntstatus_ok ( tctx , r . out . result ,
2009-05-18 21:37:13 +04:00
" Failed to enum accounts " ) ;
for ( i = 0 ; i < lsa_sid_array . num_sids ; i + + ) {
if ( dom_sid_equal ( user_sid , lsa_sid_array . sids [ i ] . sid ) ) {
found_sid = true ;
}
}
torture_assert ( tctx , found_sid ,
" failed to list privileged account " ) ;
}
{
struct lsa_EnumAccountRights r ;
struct lsa_RightSet user_rights ;
2009-06-17 03:20:03 +04:00
torture_comment ( tctx , " Testing LSA EnumAccountRights \n " ) ;
2009-05-18 21:37:13 +04:00
r . in . handle = lsa_handle ;
r . in . sid = user_sid ;
r . out . rights = & user_rights ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_lsa_EnumAccountRights_r ( lb , tctx , & r ) ,
" lsa_EnumAccountRights failed " ) ;
torture_assert_ntstatus_ok ( tctx , r . out . result ,
2009-05-18 21:37:13 +04:00
" Failed to enum rights for account " ) ;
if ( user_rights . count < 1 ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " failed to find newly added rights " ) ;
2009-05-18 21:37:13 +04:00
return false ;
}
}
{
struct lsa_OpenAccount r ;
2009-06-17 03:20:03 +04:00
torture_comment ( tctx , " Testing LSA OpenAccount \n " ) ;
2009-05-18 21:37:13 +04:00
r . in . handle = lsa_handle ;
r . in . sid = user_sid ;
r . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
r . out . acct_handle = & lsa_acct_handle ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_lsa_OpenAccount_r ( lb , tctx , & r ) ,
" lsa_OpenAccount failed " ) ;
torture_assert_ntstatus_ok ( tctx , r . out . result ,
2009-05-18 21:37:13 +04:00
" Failed to open lsa account " ) ;
}
{
struct lsa_GetSystemAccessAccount r ;
uint32_t access_mask ;
2009-06-17 03:20:03 +04:00
torture_comment ( tctx , " Testing LSA GetSystemAccessAccount \n " ) ;
2009-05-18 21:37:13 +04:00
r . in . handle = & lsa_acct_handle ;
r . out . access_mask = & access_mask ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_lsa_GetSystemAccessAccount_r ( lb , tctx , & r ) ,
" lsa_GetSystemAccessAccount failed " ) ;
torture_assert_ntstatus_ok ( tctx , r . out . result ,
2009-05-18 21:37:13 +04:00
" Failed to get lsa system access account " ) ;
}
{
struct lsa_DeleteObject r ;
2009-06-17 03:20:03 +04:00
torture_comment ( tctx , " Testing LSA DeleteObject \n " ) ;
2009-05-18 21:37:13 +04:00
r . in . handle = & lsa_acct_handle ;
r . out . handle = & lsa_acct_handle ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_lsa_DeleteObject_r ( lb , tctx , & r ) ,
" lsa_DeleteObject failed " ) ;
torture_assert_ntstatus_ok ( tctx , r . out . result ,
2009-05-18 21:37:13 +04:00
" Failed to delete object " ) ;
}
{
struct lsa_EnumAccounts r ;
uint32_t resume_handle = 0 ;
struct lsa_SidArray lsa_sid_array ;
int i ;
bool found_sid = false ;
2009-06-17 03:20:03 +04:00
torture_comment ( tctx , " Testing LSA EnumAccounts \n " ) ;
2009-05-18 21:37:13 +04:00
r . in . handle = lsa_handle ;
r . in . num_entries = 0x1000 ;
r . in . resume_handle = & resume_handle ;
r . out . sids = & lsa_sid_array ;
r . out . resume_handle = & resume_handle ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_lsa_EnumAccounts_r ( lb , tctx , & r ) ,
" lsa_EnumAccounts failed " ) ;
torture_assert_ntstatus_ok ( tctx , r . out . result ,
2009-05-18 21:37:13 +04:00
" Failed to enum accounts " ) ;
for ( i = 0 ; i < lsa_sid_array . num_sids ; i + + ) {
if ( dom_sid_equal ( user_sid , lsa_sid_array . sids [ i ] . sid ) ) {
found_sid = true ;
}
}
torture_assert ( tctx , ! found_sid ,
" should not have listed privileged account " ) ;
}
{
struct lsa_EnumAccountRights r ;
struct lsa_RightSet user_rights ;
2009-06-17 03:20:03 +04:00
torture_comment ( tctx , " Testing LSA EnumAccountRights \n " ) ;
2009-05-18 21:37:13 +04:00
r . in . handle = lsa_handle ;
r . in . sid = user_sid ;
r . out . rights = & user_rights ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_lsa_EnumAccountRights_r ( lb , tctx , & r ) ,
" lsa_EnumAccountRights failed " ) ;
torture_assert_ntstatus_equal ( tctx , r . out . result , NT_STATUS_OBJECT_NAME_NOT_FOUND ,
2009-05-18 21:37:13 +04:00
" Failed to enum rights for account " ) ;
}
return ret ;
}
2009-05-12 00:44:58 +04:00
static bool test_user_ops ( struct dcerpc_pipe * p ,
2007-12-03 17:53:28 +03:00
struct torture_context * tctx ,
2009-05-12 00:44:58 +04:00
struct policy_handle * user_handle ,
struct policy_handle * domain_handle ,
2009-05-18 21:37:13 +04:00
const struct dom_sid * domain_sid ,
2009-05-12 00:44:58 +04:00
uint32_t base_acct_flags ,
2008-12-08 15:10:56 +03:00
const char * base_acct_name , enum torture_samr_choice which_ops ,
struct cli_credentials * machine_credentials )
2003-11-20 06:09:19 +03:00
{
2006-07-07 06:03:04 +04:00
char * password = NULL ;
2008-02-28 00:50:00 +03:00
struct samr_QueryUserInfo q ;
2008-11-10 16:42:27 +03:00
union samr_UserInfo * info ;
2008-02-28 00:50:00 +03:00
NTSTATUS status ;
2010-03-12 19:51:06 +03:00
struct dcerpc_binding_handle * b = p - > binding_handle ;
2006-07-07 06:03:04 +04:00
2007-10-07 02:28:14 +04:00
bool ret = true ;
2006-07-07 06:03:04 +04:00
int i ;
2008-02-28 00:50:00 +03:00
uint32_t rid ;
2006-07-07 06:03:04 +04:00
const uint32_t password_fields [ ] = {
2008-12-04 20:18:06 +03:00
SAMR_FIELD_NT_PASSWORD_PRESENT ,
SAMR_FIELD_LM_PASSWORD_PRESENT ,
SAMR_FIELD_NT_PASSWORD_PRESENT | SAMR_FIELD_LM_PASSWORD_PRESENT ,
2006-07-07 06:03:04 +04:00
0
} ;
2009-05-12 00:44:58 +04:00
2010-03-12 19:51:06 +03:00
status = test_LookupName ( b , tctx , domain_handle , base_acct_name , & rid ) ;
2008-02-28 00:50:00 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
ret = false ;
}
2006-07-07 06:03:04 +04:00
switch ( which_ops ) {
case TORTURE_SAMR_USER_ATTRIBUTES :
2010-03-12 19:51:06 +03:00
if ( ! test_QuerySecurity ( b , tctx , user_handle ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2006-07-07 06:03:04 +04:00
}
2003-11-20 06:09:19 +03:00
2010-03-12 19:51:06 +03:00
if ( ! test_QueryUserInfo ( b , tctx , user_handle ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2006-07-07 06:03:04 +04:00
}
2003-11-20 06:09:19 +03:00
2010-03-12 19:51:06 +03:00
if ( ! test_QueryUserInfo2 ( b , tctx , user_handle ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2006-07-07 06:03:04 +04:00
}
2003-11-20 06:09:19 +03:00
2010-03-12 19:51:06 +03:00
if ( ! test_SetUserInfo ( b , tctx , user_handle , base_acct_flags ,
2006-07-07 06:03:04 +04:00
base_acct_name ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2009-05-12 00:44:58 +04:00
}
2004-04-18 08:32:04 +04:00
2010-03-12 19:51:06 +03:00
if ( ! test_GetUserPwInfo ( b , tctx , user_handle ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2006-07-07 06:03:04 +04:00
}
2003-11-20 10:20:59 +03:00
2010-03-12 19:51:06 +03:00
if ( ! test_TestPrivateFunctionsUser ( b , tctx , user_handle ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2006-07-07 06:03:04 +04:00
}
2003-11-21 16:14:17 +03:00
2007-12-03 17:53:28 +03:00
if ( ! test_SetUserPass ( p , tctx , user_handle , & password ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2006-07-07 06:03:04 +04:00
}
break ;
case TORTURE_SAMR_PASSWORDS :
2007-08-22 08:28:15 +04:00
if ( base_acct_flags & ( ACB_WSTRUST | ACB_DOMTRUST | ACB_SVRTRUST ) ) {
char simple_pass [ 9 ] ;
2007-12-03 17:53:28 +03:00
char * v = generate_random_str ( tctx , 1 ) ;
2009-05-12 00:44:58 +04:00
2007-08-22 08:28:15 +04:00
ZERO_STRUCT ( simple_pass ) ;
memset ( simple_pass , * v , sizeof ( simple_pass ) - 1 ) ;
2009-06-30 01:42:58 +04:00
torture_comment ( tctx , " Testing machine account password policy rules \n " ) ;
2007-08-22 08:28:15 +04:00
/* Workstation trust accounts don't seem to need to honour password quality policy */
2007-12-03 17:53:28 +03:00
if ( ! test_SetUserPassEx ( p , tctx , user_handle , true , & password ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2007-08-22 08:28:15 +04:00
}
2007-12-03 17:53:28 +03:00
if ( ! test_ChangePasswordUser2 ( p , tctx , base_acct_name , & password , simple_pass , false ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2007-08-22 08:28:15 +04:00
}
/* reset again, to allow another 'user' password change */
2007-12-03 17:53:28 +03:00
if ( ! test_SetUserPassEx ( p , tctx , user_handle , true , & password ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2007-08-22 08:28:15 +04:00
}
/* Try a 'short' password */
2007-12-03 17:53:28 +03:00
if ( ! test_ChangePasswordUser2 ( p , tctx , base_acct_name , & password , samr_rand_pass ( tctx , 4 ) , false ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2007-08-22 08:28:15 +04:00
}
2008-10-17 06:00:24 +04:00
/* Try a compleatly random password */
if ( ! test_ChangePasswordRandomBytes ( p , tctx , base_acct_name , user_handle , & password ) ) {
ret = false ;
}
2007-08-22 08:28:15 +04:00
}
2008-11-25 04:46:25 +03:00
2006-07-07 06:03:04 +04:00
for ( i = 0 ; password_fields [ i ] ; i + + ) {
2007-12-03 17:53:28 +03:00
if ( ! test_SetUserPass_23 ( p , tctx , user_handle , password_fields [ i ] , & password ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2009-05-12 00:44:58 +04:00
}
2006-07-07 06:03:04 +04:00
/* check it was set right */
2007-12-03 17:53:28 +03:00
if ( ! test_ChangePasswordUser3 ( p , tctx , base_acct_name , 0 , & password , NULL , 0 , false ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2006-07-07 06:03:04 +04:00
}
2009-05-12 00:44:58 +04:00
}
2006-07-07 06:03:04 +04:00
for ( i = 0 ; password_fields [ i ] ; i + + ) {
2007-12-03 17:53:28 +03:00
if ( ! test_SetUserPass_25 ( p , tctx , user_handle , password_fields [ i ] , & password ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2009-05-12 00:44:58 +04:00
}
2006-07-07 06:03:04 +04:00
/* check it was set right */
2007-12-03 17:53:28 +03:00
if ( ! test_ChangePasswordUser3 ( p , tctx , base_acct_name , 0 , & password , NULL , 0 , false ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2006-07-07 06:03:04 +04:00
}
2009-05-12 00:44:58 +04:00
}
2006-07-07 06:03:04 +04:00
2007-12-03 17:53:28 +03:00
if ( ! test_SetUserPassEx ( p , tctx , user_handle , false , & password ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2009-05-12 00:44:58 +04:00
}
2004-04-18 08:06:15 +04:00
2007-12-03 17:53:28 +03:00
if ( ! test_ChangePassword ( p , tctx , base_acct_name , domain_handle , & password ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2009-05-12 00:44:58 +04:00
}
2007-08-22 08:28:15 +04:00
2010-06-12 17:47:14 +04:00
if ( ! test_SetUserPass_18 ( p , tctx , user_handle , & password ) ) {
ret = false ;
}
2008-12-05 17:19:22 +03:00
2010-06-12 17:47:14 +04:00
if ( ! test_ChangePasswordUser3 ( p , tctx , base_acct_name , 0 , & password , NULL , 0 , false ) ) {
ret = false ;
}
for ( i = 0 ; password_fields [ i ] ; i + + ) {
if ( password_fields [ i ] = = SAMR_FIELD_LM_PASSWORD_PRESENT ) {
/* we need to skip as that would break
* the ChangePasswordUser3 verify */
continue ;
2008-12-05 17:19:22 +03:00
}
2010-06-12 17:47:14 +04:00
if ( ! test_SetUserPass_21 ( p , tctx , user_handle , password_fields [ i ] , & password ) ) {
2008-12-05 17:19:22 +03:00
ret = false ;
}
2008-12-05 17:43:33 +03:00
2010-06-12 17:47:14 +04:00
/* check it was set right */
if ( ! test_ChangePasswordUser3 ( p , tctx , base_acct_name , 0 , & password , NULL , 0 , false ) ) {
ret = false ;
2008-12-05 17:43:33 +03:00
}
2008-12-05 17:19:22 +03:00
}
2008-02-28 00:50:00 +03:00
q . in . user_handle = user_handle ;
q . in . level = 5 ;
2008-11-10 16:42:27 +03:00
q . out . info = & info ;
2009-05-12 00:44:58 +04:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_QueryUserInfo_r ( b , tctx , & q ) ,
" QueryUserInfo failed " ) ;
if ( ! NT_STATUS_IS_OK ( q . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " QueryUserInfo level %u failed - %s \n " ,
2010-03-19 02:38:04 +03:00
q . in . level , nt_errstr ( q . out . result ) ) ;
2008-02-28 00:50:00 +03:00
ret = false ;
} else {
uint32_t expected_flags = ( base_acct_flags | ACB_PWNOTREQ | ACB_DISABLED ) ;
2008-11-10 16:42:27 +03:00
if ( ( info - > info5 . acct_flags ) ! = expected_flags ) {
2009-05-08 02:30:11 +04:00
/* FIXME: GD */
if ( ! torture_setting_bool ( tctx , " samba3 " , false ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " QueryUserInfo level 5 failed, it returned 0x%08x when we expected flags of 0x%08x \n " ,
info - > info5 . acct_flags ,
expected_flags ) ;
2009-05-08 02:30:11 +04:00
ret = false ;
}
2008-02-28 00:50:00 +03:00
}
2008-11-10 16:42:27 +03:00
if ( info - > info5 . rid ! = rid ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " QueryUserInfo level 5 failed, it returned %u when we expected rid of %u \n " ,
2008-11-10 16:42:27 +03:00
info - > info5 . rid , rid ) ;
2008-02-28 00:50:00 +03:00
}
}
2006-07-07 06:03:04 +04:00
break ;
2008-11-27 14:09:39 +03:00
case TORTURE_SAMR_PASSWORDS_PWDLASTSET :
/* test last password change timestamp behaviour */
2013-10-31 07:57:47 +04:00
torture_assert ( tctx , test_SetPassword_pwdlastset ( p , tctx , base_acct_flags ,
base_acct_name ,
user_handle , & password ,
machine_credentials ) ,
" pwdLastSet test failed \n " ) ;
2008-11-27 14:09:39 +03:00
break ;
2010-01-11 23:18:51 +03:00
case TORTURE_SAMR_PASSWORDS_BADPWDCOUNT :
/* test bad pwd count change behaviour */
2013-10-31 07:57:47 +04:00
torture_assert ( tctx , test_Password_badpwdcount_wrap ( p , tctx , base_acct_flags ,
base_acct_name ,
domain_handle ,
user_handle , & password ,
machine_credentials ) ,
" badPwdCount test failed \n " ) ;
2010-01-11 23:18:51 +03:00
break ;
2010-01-15 20:08:57 +03:00
case TORTURE_SAMR_PASSWORDS_LOCKOUT :
2013-10-31 07:57:47 +04:00
torture_assert ( tctx , test_Password_lockout_wrap ( p , tctx , base_acct_flags ,
base_acct_name ,
domain_handle ,
user_handle , & password ,
machine_credentials ) ,
" Lockout test failed " ) ;
2010-01-15 20:08:57 +03:00
break ;
2009-05-18 21:37:13 +04:00
case TORTURE_SAMR_USER_PRIVILEGES : {
struct dcerpc_pipe * lp ;
struct policy_handle * lsa_handle ;
2010-03-12 19:51:06 +03:00
struct dcerpc_binding_handle * lb ;
2009-05-18 21:37:13 +04:00
status = torture_rpc_connection ( tctx , & lp , & ndr_table_lsarpc ) ;
torture_assert_ntstatus_ok ( tctx , status , " Failed to open LSA pipe " ) ;
2010-03-12 19:51:06 +03:00
lb = lp - > binding_handle ;
2009-05-18 21:37:13 +04:00
2010-03-12 19:51:06 +03:00
if ( ! test_lsa_OpenPolicy2 ( lb , tctx , & lsa_handle ) ) {
2009-05-18 21:37:13 +04:00
ret = false ;
}
if ( ! test_DeleteUser_with_privs ( p , lp , tctx ,
domain_handle , lsa_handle , user_handle ,
domain_sid , rid ,
machine_credentials ) ) {
ret = false ;
}
2010-03-12 19:51:06 +03:00
if ( ! test_lsa_Close ( lb , tctx , lsa_handle ) ) {
2009-05-18 21:37:13 +04:00
ret = false ;
}
if ( ! ret ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " privileged user delete test failed \n " ) ;
2009-05-18 21:37:13 +04:00
}
break ;
}
2006-07-07 06:03:04 +04:00
case TORTURE_SAMR_OTHER :
2010-03-05 10:50:08 +03:00
case TORTURE_SAMR_MANY_ACCOUNTS :
case TORTURE_SAMR_MANY_GROUPS :
case TORTURE_SAMR_MANY_ALIASES :
2006-07-07 11:38:36 +04:00
/* We just need the account to exist */
2006-07-07 06:03:04 +04:00
break ;
}
2003-11-20 06:09:19 +03:00
return ret ;
}
2010-03-12 19:51:06 +03:00
static bool test_alias_ops ( struct dcerpc_binding_handle * b ,
struct torture_context * tctx ,
2003-12-19 07:13:39 +03:00
struct policy_handle * alias_handle ,
const struct dom_sid * domain_sid )
2003-12-19 06:59:27 +03:00
{
2007-10-07 02:28:14 +04:00
bool ret = true ;
2003-12-19 06:59:27 +03:00
2009-05-12 01:46:45 +04:00
if ( ! torture_setting_bool ( tctx , " samba3 " , false ) ) {
2010-03-12 19:51:06 +03:00
if ( ! test_QuerySecurity ( b , tctx , alias_handle ) ) {
2009-05-12 01:46:45 +04:00
ret = false ;
}
2003-12-19 06:59:27 +03:00
}
2010-03-12 19:51:06 +03:00
if ( ! test_QueryAliasInfo ( b , tctx , alias_handle ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2003-12-19 06:59:27 +03:00
}
2010-03-12 19:51:06 +03:00
if ( ! test_SetAliasInfo ( b , tctx , alias_handle ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2003-12-19 06:59:27 +03:00
}
2010-03-12 19:51:06 +03:00
if ( ! test_AddMemberToAlias ( b , tctx , alias_handle , domain_sid ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2003-12-19 06:59:27 +03:00
}
2009-06-07 02:39:32 +04:00
if ( torture_setting_bool ( tctx , " samba3 " , false ) | |
torture_setting_bool ( tctx , " samba4 " , false ) ) {
2009-06-30 01:42:58 +04:00
torture_comment ( tctx , " skipping MultipleMembers Alias tests against Samba \n " ) ;
2006-07-04 06:46:24 +04:00
return ret ;
}
2010-03-12 19:51:06 +03:00
if ( ! test_AddMultipleMembersToAlias ( b , tctx , alias_handle ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2004-04-19 09:48:03 +04:00
}
2003-12-19 06:59:27 +03:00
return ret ;
}
2003-11-15 23:47:59 +03:00
2004-04-17 10:40:50 +04:00
2010-03-12 19:51:06 +03:00
static bool test_DeleteUser ( struct dcerpc_binding_handle * b ,
struct torture_context * tctx ,
struct policy_handle * user_handle )
2006-07-07 11:38:36 +04:00
{
struct samr_DeleteUser d ;
2008-10-31 18:09:29 +03:00
torture_comment ( tctx , " Testing DeleteUser \n " ) ;
2006-07-07 11:38:36 +04:00
d . in . user_handle = user_handle ;
d . out . user_handle = user_handle ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_DeleteUser_r ( b , tctx , & d ) ,
" DeleteUser failed " ) ;
torture_assert_ntstatus_ok ( tctx , d . out . result , " DeleteUser " ) ;
2006-07-07 11:38:36 +04:00
2008-10-31 18:09:29 +03:00
return true ;
2006-07-07 11:38:36 +04:00
}
2010-03-12 19:51:06 +03:00
bool test_DeleteUser_byname ( struct dcerpc_binding_handle * b ,
2009-05-12 01:13:26 +04:00
struct torture_context * tctx ,
2004-04-27 10:36:39 +04:00
struct policy_handle * handle , const char * name )
2004-04-17 10:40:50 +04:00
{
NTSTATUS status ;
struct samr_DeleteUser d ;
2004-09-21 07:51:38 +04:00
struct policy_handle user_handle ;
2004-05-25 20:24:13 +04:00
uint32_t rid ;
2004-04-17 10:40:50 +04:00
2010-03-12 19:51:06 +03:00
status = test_LookupName ( b , tctx , handle , name , & rid ) ;
2003-11-20 10:20:59 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto failed ;
}
2010-03-12 19:51:06 +03:00
status = test_OpenUser_byname ( b , tctx , handle , name , & user_handle ) ;
2003-11-20 10:20:59 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto failed ;
}
2004-09-21 07:51:38 +04:00
d . in . user_handle = & user_handle ;
d . out . user_handle = & user_handle ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_DeleteUser_r ( b , tctx , & d ) ,
" DeleteUser failed " ) ;
if ( ! NT_STATUS_IS_OK ( d . out . result ) ) {
status = d . out . result ;
2003-11-20 10:20:59 +03:00
goto failed ;
}
2007-10-07 02:28:14 +04:00
return true ;
2003-11-20 10:20:59 +03:00
failed :
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " DeleteUser_byname(%s) failed - %s \n " , name , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2003-11-20 10:20:59 +03:00
}
2004-04-17 09:54:55 +04:00
2010-03-12 19:51:06 +03:00
static bool test_DeleteGroup_byname ( struct dcerpc_binding_handle * b ,
2009-05-12 01:13:26 +04:00
struct torture_context * tctx ,
2004-04-17 09:54:55 +04:00
struct policy_handle * handle , const char * name )
{
NTSTATUS status ;
struct samr_OpenGroup r ;
struct samr_DeleteDomainGroup d ;
struct policy_handle group_handle ;
2004-05-25 20:24:13 +04:00
uint32_t rid ;
2004-04-17 09:54:55 +04:00
2010-03-12 19:51:06 +03:00
status = test_LookupName ( b , tctx , handle , name , & rid ) ;
2004-04-17 09:54:55 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto failed ;
}
2004-09-21 07:51:38 +04:00
r . in . domain_handle = handle ;
2004-12-02 07:37:36 +03:00
r . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
2004-04-17 10:40:50 +04:00
r . in . rid = rid ;
2004-09-21 07:51:38 +04:00
r . out . group_handle = & group_handle ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_OpenGroup_r ( b , tctx , & r ) ,
" OpenGroup failed " ) ;
if ( ! NT_STATUS_IS_OK ( r . out . result ) ) {
status = r . out . result ;
2004-04-17 09:54:55 +04:00
goto failed ;
}
2004-09-21 07:51:38 +04:00
d . in . group_handle = & group_handle ;
d . out . group_handle = & group_handle ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_DeleteDomainGroup_r ( b , tctx , & d ) ,
" DeleteDomainGroup failed " ) ;
if ( ! NT_STATUS_IS_OK ( d . out . result ) ) {
status = d . out . result ;
2004-04-17 09:54:55 +04:00
goto failed ;
}
2007-10-07 02:28:14 +04:00
return true ;
2004-04-17 09:54:55 +04:00
failed :
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " DeleteGroup_byname(%s) failed - %s \n " , name , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2004-04-17 09:54:55 +04:00
}
2010-03-12 19:51:06 +03:00
static bool test_DeleteAlias_byname ( struct dcerpc_binding_handle * b ,
2009-05-12 01:13:26 +04:00
struct torture_context * tctx ,
struct policy_handle * domain_handle ,
const char * name )
2003-12-19 06:59:27 +03:00
{
NTSTATUS status ;
struct samr_OpenAlias r ;
struct samr_DeleteDomAlias d ;
struct policy_handle alias_handle ;
2004-05-25 20:24:13 +04:00
uint32_t rid ;
2003-12-19 06:59:27 +03:00
2010-04-11 03:39:06 +04:00
torture_comment ( tctx , " Testing DeleteAlias_byname \n " ) ;
2003-12-19 06:59:27 +03:00
2010-03-12 19:51:06 +03:00
status = test_LookupName ( b , tctx , domain_handle , name , & rid ) ;
2003-12-19 06:59:27 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto failed ;
}
2004-09-21 07:51:38 +04:00
r . in . domain_handle = domain_handle ;
2004-12-02 07:37:36 +03:00
r . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
2004-04-17 10:40:50 +04:00
r . in . rid = rid ;
2004-09-21 07:51:38 +04:00
r . out . alias_handle = & alias_handle ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_OpenAlias_r ( b , tctx , & r ) ,
" OpenAlias failed " ) ;
if ( ! NT_STATUS_IS_OK ( r . out . result ) ) {
status = r . out . result ;
2003-12-19 06:59:27 +03:00
goto failed ;
}
2004-09-21 07:51:38 +04:00
d . in . alias_handle = & alias_handle ;
d . out . alias_handle = & alias_handle ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_DeleteDomAlias_r ( b , tctx , & d ) ,
" DeleteDomAlias failed " ) ;
if ( ! NT_STATUS_IS_OK ( d . out . result ) ) {
status = d . out . result ;
2003-12-19 06:59:27 +03:00
goto failed ;
}
2007-10-07 02:28:14 +04:00
return true ;
2003-12-19 06:59:27 +03:00
failed :
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " DeleteAlias_byname(%s) failed - %s \n " , name , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2003-12-19 06:59:27 +03:00
}
2010-03-12 19:51:06 +03:00
static bool test_DeleteAlias ( struct dcerpc_binding_handle * b ,
2009-05-12 01:13:26 +04:00
struct torture_context * tctx ,
struct policy_handle * alias_handle )
2003-12-19 06:59:27 +03:00
{
struct samr_DeleteDomAlias d ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2009-06-30 01:42:58 +04:00
torture_comment ( tctx , " Testing DeleteAlias \n " ) ;
2003-12-19 06:59:27 +03:00
2004-09-21 07:51:38 +04:00
d . in . alias_handle = alias_handle ;
d . out . alias_handle = alias_handle ;
2003-12-19 06:59:27 +03:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_DeleteDomAlias_r ( b , tctx , & d ) ,
" DeleteDomAlias failed " ) ;
if ( ! NT_STATUS_IS_OK ( d . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " DeleteAlias failed - %s \n " , nt_errstr ( d . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2003-12-19 06:59:27 +03:00
}
return ret ;
}
2010-03-12 19:51:06 +03:00
static bool test_CreateAlias ( struct dcerpc_binding_handle * b ,
struct torture_context * tctx ,
2009-05-21 20:12:29 +04:00
struct policy_handle * domain_handle ,
const char * alias_name ,
2009-05-12 00:44:58 +04:00
struct policy_handle * alias_handle ,
2009-05-21 20:12:29 +04:00
const struct dom_sid * domain_sid ,
bool test_alias )
2003-12-19 06:59:27 +03:00
{
struct samr_CreateDomAlias r ;
2005-07-08 12:09:02 +04:00
struct lsa_String name ;
2004-05-25 20:24:13 +04:00
uint32_t rid ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2003-12-19 06:59:27 +03:00
2009-05-21 20:12:29 +04:00
init_lsa_String ( & name , alias_name ) ;
2004-09-21 07:51:38 +04:00
r . in . domain_handle = domain_handle ;
2005-04-13 10:26:43 +04:00
r . in . alias_name = & name ;
2004-12-02 07:37:36 +03:00
r . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
2004-09-21 07:51:38 +04:00
r . out . alias_handle = alias_handle ;
2003-12-19 06:59:27 +03:00
r . out . rid = & rid ;
2009-06-30 01:42:58 +04:00
torture_comment ( tctx , " Testing CreateAlias (%s) \n " , r . in . alias_name - > string ) ;
2003-12-19 06:59:27 +03:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_CreateDomAlias_r ( b , tctx , & r ) ,
" CreateDomAlias failed " ) ;
2003-12-19 06:59:27 +03:00
2008-03-14 04:26:03 +03:00
if ( dom_sid_equal ( domain_sid , dom_sid_parse_talloc ( tctx , SID_BUILTIN ) ) ) {
2010-03-19 02:38:04 +03:00
if ( NT_STATUS_EQUAL ( r . out . result , NT_STATUS_ACCESS_DENIED ) ) {
2009-06-30 01:42:58 +04:00
torture_comment ( tctx , " Server correctly refused create of '%s' \n " , r . in . alias_name - > string ) ;
2008-03-14 04:26:03 +03:00
return true ;
} else {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " Server should have refused create of '%s', got %s instead \n " , r . in . alias_name - > string ,
2010-03-19 02:38:04 +03:00
nt_errstr ( r . out . result ) ) ;
2008-03-14 04:26:03 +03:00
return false ;
}
2003-12-19 06:59:27 +03:00
}
2010-03-19 02:38:04 +03:00
if ( NT_STATUS_EQUAL ( r . out . result , NT_STATUS_ALIAS_EXISTS ) ) {
2010-03-12 19:51:06 +03:00
if ( ! test_DeleteAlias_byname ( b , tctx , domain_handle , r . in . alias_name - > string ) ) {
2007-10-07 02:28:14 +04:00
return false ;
2003-12-19 06:59:27 +03:00
}
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_CreateDomAlias_r ( b , tctx , & r ) ,
" CreateDomAlias failed " ) ;
2003-12-19 06:59:27 +03:00
}
2010-03-19 02:38:04 +03:00
if ( ! NT_STATUS_IS_OK ( r . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " CreateAlias failed - %s \n " , nt_errstr ( r . out . result ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2003-12-19 06:59:27 +03:00
}
2009-05-21 20:12:29 +04:00
if ( ! test_alias ) {
return ret ;
}
2010-03-12 19:51:06 +03:00
if ( ! test_alias_ops ( b , tctx , alias_handle , domain_sid ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2003-12-19 06:59:27 +03:00
}
return ret ;
}
2003-11-20 10:20:59 +03:00
2009-05-12 01:13:26 +04:00
static bool test_ChangePassword ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
2006-07-07 06:03:04 +04:00
const char * acct_name ,
2004-04-22 10:19:48 +04:00
struct policy_handle * domain_handle , char * * password )
{
2007-10-07 02:28:14 +04:00
bool ret = true ;
2010-03-12 19:51:06 +03:00
struct dcerpc_binding_handle * b = p - > binding_handle ;
2004-04-22 10:19:48 +04:00
if ( ! * password ) {
2007-10-07 02:28:14 +04:00
return false ;
2004-04-22 10:19:48 +04:00
}
2010-03-12 19:51:06 +03:00
if ( ! test_ChangePasswordUser ( b , tctx , acct_name , domain_handle , password ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2004-04-22 10:19:48 +04:00
}
2009-05-12 01:13:26 +04:00
if ( ! test_ChangePasswordUser2 ( p , tctx , acct_name , password , 0 , true ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2004-04-22 10:19:48 +04:00
}
2009-05-12 01:13:26 +04:00
if ( ! test_OemChangePasswordUser2 ( p , tctx , acct_name , domain_handle , password ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2004-04-22 10:19:48 +04:00
}
2006-09-21 03:32:56 +04:00
/* test what happens when setting the old password again */
2009-05-12 01:13:26 +04:00
if ( ! test_ChangePasswordUser3 ( p , tctx , acct_name , 0 , password , * password , 0 , true ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2006-09-21 03:32:56 +04:00
}
2006-09-21 03:59:17 +04:00
{
char simple_pass [ 9 ] ;
2009-05-12 01:13:26 +04:00
char * v = generate_random_str ( tctx , 1 ) ;
2006-09-21 03:59:17 +04:00
2006-09-22 02:55:00 +04:00
ZERO_STRUCT ( simple_pass ) ;
memset ( simple_pass , * v , sizeof ( simple_pass ) - 1 ) ;
2006-09-21 03:59:17 +04:00
/* test what happens when picking a simple password */
2009-05-12 01:13:26 +04:00
if ( ! test_ChangePasswordUser3 ( p , tctx , acct_name , 0 , password , simple_pass , 0 , true ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2006-09-21 03:59:17 +04:00
}
2006-09-21 03:32:56 +04:00
}
/* set samr_SetDomainInfo level 1 with min_length 5 */
{
struct samr_QueryDomainInfo r ;
2008-11-05 04:59:51 +03:00
union samr_DomainInfo * info = NULL ;
2006-09-21 03:32:56 +04:00
struct samr_SetDomainInfo s ;
uint16_t len_old , len ;
2007-03-06 08:30:25 +03:00
uint32_t pwd_prop_old ;
2007-08-22 08:28:15 +04:00
int64_t min_pwd_age_old ;
2006-09-21 03:32:56 +04:00
2007-03-06 08:30:25 +03:00
len = 5 ;
2006-09-21 03:32:56 +04:00
r . in . domain_handle = domain_handle ;
r . in . level = 1 ;
2008-11-05 04:59:51 +03:00
r . out . info = & info ;
2006-09-21 03:32:56 +04:00
2010-04-11 03:39:06 +04:00
torture_comment ( tctx , " Testing samr_QueryDomainInfo level 1 \n " ) ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_QueryDomainInfo_r ( b , tctx , & r ) ,
" QueryDomainInfo failed " ) ;
if ( ! NT_STATUS_IS_OK ( r . out . result ) ) {
2007-10-07 02:28:14 +04:00
return false ;
2006-09-21 03:32:56 +04:00
}
s . in . domain_handle = domain_handle ;
s . in . level = 1 ;
2008-11-05 04:59:51 +03:00
s . in . info = info ;
2006-09-21 03:32:56 +04:00
2007-03-06 08:30:25 +03:00
/* remember the old min length, so we can reset it */
2006-09-21 03:32:56 +04:00
len_old = s . in . info - > info1 . min_password_length ;
s . in . info - > info1 . min_password_length = len ;
2007-03-06 08:30:25 +03:00
pwd_prop_old = s . in . info - > info1 . password_properties ;
/* turn off password complexity checks for this test */
s . in . info - > info1 . password_properties & = ~ DOMAIN_PASSWORD_COMPLEX ;
2006-09-21 03:32:56 +04:00
2007-08-22 08:28:15 +04:00
min_pwd_age_old = s . in . info - > info1 . min_password_age ;
s . in . info - > info1 . min_password_age = 0 ;
2010-04-11 03:39:06 +04:00
torture_comment ( tctx , " Testing samr_SetDomainInfo level 1 \n " ) ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_SetDomainInfo_r ( b , tctx , & s ) ,
" SetDomainInfo failed " ) ;
if ( ! NT_STATUS_IS_OK ( s . out . result ) ) {
2007-10-07 02:28:14 +04:00
return false ;
2006-09-21 03:32:56 +04:00
}
2009-06-30 01:42:58 +04:00
torture_comment ( tctx , " calling test_ChangePasswordUser3 with too short password \n " ) ;
2006-09-21 03:32:56 +04:00
2009-05-12 01:13:26 +04:00
if ( ! test_ChangePasswordUser3 ( p , tctx , acct_name , len - 1 , password , NULL , 0 , true ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2006-09-21 03:32:56 +04:00
}
s . in . info - > info1 . min_password_length = len_old ;
2007-03-06 08:30:25 +03:00
s . in . info - > info1 . password_properties = pwd_prop_old ;
2007-08-22 08:28:15 +04:00
s . in . info - > info1 . min_password_age = min_pwd_age_old ;
2009-05-12 00:44:58 +04:00
2010-04-11 03:39:06 +04:00
torture_comment ( tctx , " Testing samr_SetDomainInfo level 1 \n " ) ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_SetDomainInfo_r ( b , tctx , & s ) ,
" SetDomainInfo failed " ) ;
if ( ! NT_STATUS_IS_OK ( s . out . result ) ) {
2007-10-07 02:28:14 +04:00
return false ;
2006-09-21 03:32:56 +04:00
}
}
{
struct samr_OpenUser r ;
struct samr_QueryUserInfo q ;
2008-11-10 16:42:27 +03:00
union samr_UserInfo * info ;
2006-09-21 03:32:56 +04:00
struct samr_LookupNames n ;
struct policy_handle user_handle ;
2008-11-05 16:28:17 +03:00
struct samr_Ids rids , types ;
2006-09-21 03:32:56 +04:00
n . in . domain_handle = domain_handle ;
n . in . num_names = 1 ;
2009-05-12 01:13:26 +04:00
n . in . names = talloc_array ( tctx , struct lsa_String , 1 ) ;
2009-05-12 00:44:58 +04:00
n . in . names [ 0 ] . string = acct_name ;
2008-11-05 16:28:17 +03:00
n . out . rids = & rids ;
n . out . types = & types ;
2006-09-21 03:32:56 +04:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_LookupNames_r ( b , tctx , & n ) ,
" LookupNames failed " ) ;
if ( ! NT_STATUS_IS_OK ( n . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " LookupNames failed - %s \n " , nt_errstr ( n . out . result ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2006-09-21 03:32:56 +04:00
}
r . in . domain_handle = domain_handle ;
r . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
2008-11-05 16:28:17 +03:00
r . in . rid = n . out . rids - > ids [ 0 ] ;
2006-09-21 03:32:56 +04:00
r . out . user_handle = & user_handle ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_OpenUser_r ( b , tctx , & r ) ,
" OpenUser failed " ) ;
if ( ! NT_STATUS_IS_OK ( r . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " OpenUser(%u) failed - %s \n " , n . out . rids - > ids [ 0 ] , nt_errstr ( r . out . result ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2006-09-21 03:32:56 +04:00
}
q . in . user_handle = & user_handle ;
q . in . level = 5 ;
2008-11-10 16:42:27 +03:00
q . out . info = & info ;
2006-09-21 03:32:56 +04:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_QueryUserInfo_r ( b , tctx , & q ) ,
" QueryUserInfo failed " ) ;
if ( ! NT_STATUS_IS_OK ( q . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " QueryUserInfo failed - %s \n " , nt_errstr ( q . out . result ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2006-09-21 03:32:56 +04:00
}
2009-06-30 01:42:58 +04:00
torture_comment ( tctx , " calling test_ChangePasswordUser3 with too early password change \n " ) ;
2006-09-21 03:32:56 +04:00
2009-05-12 01:13:26 +04:00
if ( ! test_ChangePasswordUser3 ( p , tctx , acct_name , 0 , password , NULL ,
2008-11-10 16:42:27 +03:00
info - > info5 . last_password_change , true ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2006-09-21 03:32:56 +04:00
}
}
2004-10-20 06:08:36 +04:00
/* we change passwords twice - this has the effect of verifying
they were changed correctly for the final call */
2009-05-12 01:13:26 +04:00
if ( ! test_ChangePasswordUser3 ( p , tctx , acct_name , 0 , password , NULL , 0 , true ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2004-10-20 06:08:36 +04:00
}
2009-05-12 01:13:26 +04:00
if ( ! test_ChangePasswordUser3 ( p , tctx , acct_name , 0 , password , NULL , 0 , true ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2004-04-22 10:19:48 +04:00
}
return ret ;
}
2007-12-03 17:53:28 +03:00
static bool test_CreateUser ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2009-05-12 00:44:58 +04:00
struct policy_handle * domain_handle ,
2009-05-21 20:12:29 +04:00
const char * user_name ,
2008-03-14 04:26:03 +03:00
struct policy_handle * user_handle_out ,
2009-05-12 00:44:58 +04:00
struct dom_sid * domain_sid ,
2008-12-08 15:10:56 +03:00
enum torture_samr_choice which_ops ,
2009-05-21 20:12:29 +04:00
struct cli_credentials * machine_credentials ,
bool test_user )
2003-11-18 13:21:05 +03:00
{
2006-07-07 06:03:04 +04:00
TALLOC_CTX * user_ctx ;
2003-11-18 13:21:05 +03:00
struct samr_CreateUser r ;
2003-12-03 06:10:10 +03:00
struct samr_QueryUserInfo q ;
2008-11-10 16:42:27 +03:00
union samr_UserInfo * info ;
2006-07-07 06:03:04 +04:00
struct samr_DeleteUser d ;
2004-05-25 20:24:13 +04:00
uint32_t rid ;
2004-10-20 06:08:36 +04:00
2003-12-03 06:10:10 +03:00
/* This call creates a 'normal' account - check that it really does */
2004-05-25 20:24:13 +04:00
const uint32_t acct_flags = ACB_NORMAL ;
2005-07-08 12:09:02 +04:00
struct lsa_String name ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2010-03-12 19:51:06 +03:00
struct dcerpc_binding_handle * b = p - > binding_handle ;
2003-11-18 13:21:05 +03:00
2006-07-07 06:03:04 +04:00
struct policy_handle user_handle ;
2007-12-03 17:53:28 +03:00
user_ctx = talloc_named ( tctx , 0 , " test_CreateUser2 per-user context " ) ;
2009-05-21 20:12:29 +04:00
init_lsa_String ( & name , user_name ) ;
2003-11-18 13:21:05 +03:00
2004-09-21 07:51:38 +04:00
r . in . domain_handle = domain_handle ;
2004-06-05 07:22:10 +04:00
r . in . account_name = & name ;
2004-12-02 07:37:36 +03:00
r . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
2006-07-07 06:03:04 +04:00
r . out . user_handle = & user_handle ;
2003-11-18 13:21:05 +03:00
r . out . rid = & rid ;
2009-06-30 01:42:58 +04:00
torture_comment ( tctx , " Testing CreateUser(%s) \n " , r . in . account_name - > string ) ;
2003-11-18 13:21:05 +03:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_CreateUser_r ( b , user_ctx , & r ) ,
" CreateUser failed " ) ;
2003-11-20 04:02:09 +03:00
2008-03-14 04:26:03 +03:00
if ( dom_sid_equal ( domain_sid , dom_sid_parse_talloc ( tctx , SID_BUILTIN ) ) ) {
2010-03-19 02:38:04 +03:00
if ( NT_STATUS_EQUAL ( r . out . result , NT_STATUS_ACCESS_DENIED ) | | NT_STATUS_EQUAL ( r . out . result , NT_STATUS_INVALID_PARAMETER ) ) {
2009-06-30 01:42:58 +04:00
torture_comment ( tctx , " Server correctly refused create of '%s' \n " , r . in . account_name - > string ) ;
2008-03-14 04:26:03 +03:00
return true ;
} else {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " Server should have refused create of '%s', got %s instead \n " , r . in . account_name - > string ,
2010-03-19 02:38:04 +03:00
nt_errstr ( r . out . result ) ) ;
2008-03-14 04:26:03 +03:00
return false ;
}
2003-11-20 04:02:09 +03:00
}
2010-03-19 02:38:04 +03:00
if ( NT_STATUS_EQUAL ( r . out . result , NT_STATUS_USER_EXISTS ) ) {
2010-03-12 19:51:06 +03:00
if ( ! test_DeleteUser_byname ( b , tctx , domain_handle , r . in . account_name - > string ) ) {
2005-03-22 11:00:45 +03:00
talloc_free ( user_ctx ) ;
2007-10-07 02:28:14 +04:00
return false ;
2003-11-20 10:20:59 +03:00
}
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_CreateUser_r ( b , user_ctx , & r ) ,
" CreateUser failed " ) ;
2003-11-20 10:20:59 +03:00
}
2009-05-21 20:12:29 +04:00
2010-03-19 02:38:04 +03:00
if ( ! NT_STATUS_IS_OK ( r . out . result ) ) {
2005-03-22 11:00:45 +03:00
talloc_free ( user_ctx ) ;
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " CreateUser failed - %s \n " , nt_errstr ( r . out . result ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2009-05-21 20:12:29 +04:00
}
if ( ! test_user ) {
if ( user_handle_out ) {
* user_handle_out = user_handle ;
}
return ret ;
}
{
2006-07-07 06:03:04 +04:00
q . in . user_handle = & user_handle ;
q . in . level = 16 ;
2008-11-10 16:42:27 +03:00
q . out . info = & info ;
2009-05-12 00:44:58 +04:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_QueryUserInfo_r ( b , user_ctx , & q ) ,
" QueryUserInfo failed " ) ;
if ( ! NT_STATUS_IS_OK ( q . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " QueryUserInfo level %u failed - %s \n " ,
2010-03-19 02:38:04 +03:00
q . in . level , nt_errstr ( q . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2006-07-07 06:03:04 +04:00
} else {
2008-11-10 16:42:27 +03:00
if ( ( info - > info16 . acct_flags & acct_flags ) ! = acct_flags ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " QueryUserInfo level 16 failed, it returned 0x%08x when we expected flags of 0x%08x \n " ,
2008-11-10 16:42:27 +03:00
info - > info16 . acct_flags ,
2006-07-07 06:03:04 +04:00
acct_flags ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2006-07-07 06:03:04 +04:00
}
2003-12-03 06:10:10 +03:00
}
2009-05-12 00:44:58 +04:00
if ( ! test_user_ops ( p , tctx , & user_handle , domain_handle ,
2009-05-18 21:37:13 +04:00
domain_sid , acct_flags , name . string , which_ops ,
2008-12-08 15:10:56 +03:00
machine_credentials ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2004-10-20 06:08:36 +04:00
}
2009-05-12 00:44:58 +04:00
2006-07-07 11:38:36 +04:00
if ( user_handle_out ) {
* user_handle_out = user_handle ;
} else {
2009-06-30 01:42:58 +04:00
torture_comment ( tctx , " Testing DeleteUser (createuser test) \n " ) ;
2009-05-12 00:44:58 +04:00
2006-07-07 11:38:36 +04:00
d . in . user_handle = & user_handle ;
d . out . user_handle = & user_handle ;
2009-05-12 00:44:58 +04:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_DeleteUser_r ( b , user_ctx , & d ) ,
" DeleteUser failed " ) ;
if ( ! NT_STATUS_IS_OK ( d . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " DeleteUser failed - %s \n " , nt_errstr ( d . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2006-07-07 11:38:36 +04:00
}
2004-10-20 06:08:36 +04:00
}
2009-05-12 00:44:58 +04:00
2006-07-07 06:03:04 +04:00
}
2004-04-22 10:19:48 +04:00
2005-03-22 11:00:45 +03:00
talloc_free ( user_ctx ) ;
2009-05-12 00:44:58 +04:00
2003-12-19 06:59:27 +03:00
return ret ;
}
2007-12-03 17:53:28 +03:00
static bool test_CreateUser2 ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2008-03-14 04:26:03 +03:00
struct policy_handle * domain_handle ,
struct dom_sid * domain_sid ,
2008-12-08 15:10:56 +03:00
enum torture_samr_choice which_ops ,
struct cli_credentials * machine_credentials )
2003-12-03 06:10:10 +03:00
{
struct samr_CreateUser2 r ;
struct samr_QueryUserInfo q ;
2008-11-10 16:42:27 +03:00
union samr_UserInfo * info ;
2003-12-03 06:10:10 +03:00
struct samr_DeleteUser d ;
2004-09-21 07:51:38 +04:00
struct policy_handle user_handle ;
2004-05-25 20:24:13 +04:00
uint32_t rid ;
2005-07-08 12:09:02 +04:00
struct lsa_String name ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2003-12-03 06:10:10 +03:00
int i ;
2010-03-12 19:51:06 +03:00
struct dcerpc_binding_handle * b = p - > binding_handle ;
2003-12-03 06:10:10 +03:00
struct {
2004-05-25 20:24:13 +04:00
uint32_t acct_flags ;
2003-12-03 06:10:10 +03:00
const char * account_name ;
NTSTATUS nt_status ;
} account_types [ ] = {
2004-06-05 07:22:10 +04:00
{ ACB_NORMAL , TEST_ACCOUNT_NAME , NT_STATUS_OK } ,
{ ACB_NORMAL | ACB_DISABLED , TEST_ACCOUNT_NAME , NT_STATUS_INVALID_PARAMETER } ,
{ ACB_NORMAL | ACB_PWNOEXP , TEST_ACCOUNT_NAME , NT_STATUS_INVALID_PARAMETER } ,
2003-12-03 06:10:10 +03:00
{ ACB_WSTRUST , TEST_MACHINENAME , NT_STATUS_OK } ,
{ ACB_WSTRUST | ACB_DISABLED , TEST_MACHINENAME , NT_STATUS_INVALID_PARAMETER } ,
{ ACB_WSTRUST | ACB_PWNOEXP , TEST_MACHINENAME , NT_STATUS_INVALID_PARAMETER } ,
{ ACB_SVRTRUST , TEST_MACHINENAME , NT_STATUS_OK } ,
{ ACB_SVRTRUST | ACB_DISABLED , TEST_MACHINENAME , NT_STATUS_INVALID_PARAMETER } ,
{ ACB_SVRTRUST | ACB_PWNOEXP , TEST_MACHINENAME , NT_STATUS_INVALID_PARAMETER } ,
2009-05-29 11:12:06 +04:00
{ ACB_DOMTRUST , TEST_DOMAINNAME , NT_STATUS_ACCESS_DENIED } ,
2003-12-03 06:10:10 +03:00
{ ACB_DOMTRUST | ACB_DISABLED , TEST_DOMAINNAME , NT_STATUS_INVALID_PARAMETER } ,
{ ACB_DOMTRUST | ACB_PWNOEXP , TEST_DOMAINNAME , NT_STATUS_INVALID_PARAMETER } ,
2004-06-05 07:22:10 +04:00
{ 0 , TEST_ACCOUNT_NAME , NT_STATUS_INVALID_PARAMETER } ,
{ ACB_DISABLED , TEST_ACCOUNT_NAME , NT_STATUS_INVALID_PARAMETER } ,
2003-12-03 06:10:10 +03:00
{ 0 , NULL , NT_STATUS_INVALID_PARAMETER }
} ;
for ( i = 0 ; account_types [ i ] . account_name ; i + + ) {
2005-03-22 11:00:45 +03:00
TALLOC_CTX * user_ctx ;
2004-05-25 20:24:13 +04:00
uint32_t acct_flags = account_types [ i ] . acct_flags ;
uint32_t access_granted ;
2007-12-03 17:53:28 +03:00
user_ctx = talloc_named ( tctx , 0 , " test_CreateUser2 per-user context " ) ;
2005-07-08 12:09:02 +04:00
init_lsa_String ( & name , account_types [ i ] . account_name ) ;
2003-12-03 06:10:10 +03:00
2006-07-07 06:03:04 +04:00
r . in . domain_handle = domain_handle ;
2004-06-05 07:22:10 +04:00
r . in . account_name = & name ;
2003-12-03 06:10:10 +03:00
r . in . acct_flags = acct_flags ;
2004-12-02 07:37:36 +03:00
r . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
2004-09-21 07:51:38 +04:00
r . out . user_handle = & user_handle ;
2003-12-03 06:10:10 +03:00
r . out . access_granted = & access_granted ;
r . out . rid = & rid ;
2009-05-12 00:44:58 +04:00
2009-06-30 01:42:58 +04:00
torture_comment ( tctx , " Testing CreateUser2(%s, 0x%x) \n " , r . in . account_name - > string , acct_flags ) ;
2009-05-12 00:44:58 +04:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_CreateUser2_r ( b , user_ctx , & r ) ,
" CreateUser2 failed " ) ;
2009-05-12 00:44:58 +04:00
2008-03-14 04:26:03 +03:00
if ( dom_sid_equal ( domain_sid , dom_sid_parse_talloc ( tctx , SID_BUILTIN ) ) ) {
2010-03-19 02:38:04 +03:00
if ( NT_STATUS_EQUAL ( r . out . result , NT_STATUS_ACCESS_DENIED ) | | NT_STATUS_EQUAL ( r . out . result , NT_STATUS_INVALID_PARAMETER ) ) {
2009-06-30 01:42:58 +04:00
torture_comment ( tctx , " Server correctly refused create of '%s' \n " , r . in . account_name - > string ) ;
2008-03-14 04:26:03 +03:00
continue ;
} else {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " Server should have refused create of '%s', got %s instead \n " , r . in . account_name - > string ,
2010-03-19 02:38:04 +03:00
nt_errstr ( r . out . result ) ) ;
2008-03-14 04:26:03 +03:00
ret = false ;
continue ;
}
}
2003-12-03 06:10:10 +03:00
2010-03-19 02:38:04 +03:00
if ( NT_STATUS_EQUAL ( r . out . result , NT_STATUS_USER_EXISTS ) ) {
2010-03-12 19:51:06 +03:00
if ( ! test_DeleteUser_byname ( b , tctx , domain_handle , r . in . account_name - > string ) ) {
2005-03-22 11:00:45 +03:00
talloc_free ( user_ctx ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2005-03-22 11:00:45 +03:00
continue ;
2003-12-03 06:10:10 +03:00
}
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_CreateUser2_r ( b , user_ctx , & r ) ,
" CreateUser2 failed " ) ;
2003-12-03 06:10:10 +03:00
}
2010-03-19 02:38:04 +03:00
if ( ! NT_STATUS_EQUAL ( r . out . result , account_types [ i ] . nt_status ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " CreateUser2 failed gave incorrect error return - %s (should be %s) \n " ,
2010-03-19 02:38:04 +03:00
nt_errstr ( r . out . result ) , nt_errstr ( account_types [ i ] . nt_status ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2003-12-03 06:10:10 +03:00
}
2009-05-12 00:44:58 +04:00
2010-03-19 02:38:04 +03:00
if ( NT_STATUS_IS_OK ( r . out . result ) ) {
2004-09-21 07:51:38 +04:00
q . in . user_handle = & user_handle ;
2007-07-30 14:30:34 +04:00
q . in . level = 5 ;
2008-11-10 16:42:27 +03:00
q . out . info = & info ;
2009-05-12 00:44:58 +04:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_QueryUserInfo_r ( b , user_ctx , & q ) ,
" QueryUserInfo failed " ) ;
if ( ! NT_STATUS_IS_OK ( q . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " QueryUserInfo level %u failed - %s \n " ,
2010-03-19 02:38:04 +03:00
q . in . level , nt_errstr ( q . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2003-12-03 06:10:10 +03:00
} else {
2008-02-28 00:50:00 +03:00
uint32_t expected_flags = ( acct_flags | ACB_PWNOTREQ | ACB_DISABLED ) ;
if ( acct_flags = = ACB_NORMAL ) {
expected_flags | = ACB_PW_EXPIRED ;
}
2008-11-10 16:42:27 +03:00
if ( ( info - > info5 . acct_flags ) ! = expected_flags ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " QueryUserInfo level 5 failed, it returned 0x%08x when we expected flags of 0x%08x \n " ,
2008-11-10 16:42:27 +03:00
info - > info5 . acct_flags ,
2008-02-28 00:50:00 +03:00
expected_flags ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2009-05-12 00:44:58 +04:00
}
2007-07-30 14:30:34 +04:00
switch ( acct_flags ) {
case ACB_SVRTRUST :
2008-11-10 16:42:27 +03:00
if ( info - > info5 . primary_gid ! = DOMAIN_RID_DCS ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " QueryUserInfo level 5: DC should have had Primary Group %d, got %d \n " ,
2008-11-10 16:42:27 +03:00
DOMAIN_RID_DCS , info - > info5 . primary_gid ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2007-07-30 14:30:34 +04:00
}
break ;
case ACB_WSTRUST :
2008-11-10 16:42:27 +03:00
if ( info - > info5 . primary_gid ! = DOMAIN_RID_DOMAIN_MEMBERS ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " QueryUserInfo level 5: Domain Member should have had Primary Group %d, got %d \n " ,
2008-11-10 16:42:27 +03:00
DOMAIN_RID_DOMAIN_MEMBERS , info - > info5 . primary_gid ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2007-07-30 14:30:34 +04:00
}
break ;
case ACB_NORMAL :
2008-11-10 16:42:27 +03:00
if ( info - > info5 . primary_gid ! = DOMAIN_RID_USERS ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " QueryUserInfo level 5: Users should have had Primary Group %d, got %d \n " ,
2008-11-10 16:42:27 +03:00
DOMAIN_RID_USERS , info - > info5 . primary_gid ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2007-07-30 14:30:34 +04:00
}
break ;
2003-12-03 06:10:10 +03:00
}
}
2009-05-12 00:44:58 +04:00
if ( ! test_user_ops ( p , tctx , & user_handle , domain_handle ,
2009-05-18 21:37:13 +04:00
domain_sid , acct_flags , name . string , which_ops ,
2008-12-08 15:10:56 +03:00
machine_credentials ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2003-12-03 06:10:10 +03:00
}
2012-03-18 20:44:24 +04:00
if ( ! ndr_policy_handle_empty ( & user_handle ) ) {
2009-06-30 01:42:58 +04:00
torture_comment ( tctx , " Testing DeleteUser (createuser2 test) \n " ) ;
2009-05-12 00:44:58 +04:00
2009-05-18 21:37:13 +04:00
d . in . user_handle = & user_handle ;
d . out . user_handle = & user_handle ;
2009-05-12 00:44:58 +04:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_DeleteUser_r ( b , user_ctx , & d ) ,
" DeleteUser failed " ) ;
if ( ! NT_STATUS_IS_OK ( d . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " DeleteUser failed - %s \n " , nt_errstr ( d . out . result ) ) ;
2009-05-18 21:37:13 +04:00
ret = false ;
}
2003-12-03 06:10:10 +03:00
}
}
2005-03-22 11:00:45 +03:00
talloc_free ( user_ctx ) ;
2003-12-03 06:10:10 +03:00
}
return ret ;
}
2010-03-12 19:51:06 +03:00
static bool test_QueryAliasInfo ( struct dcerpc_binding_handle * b ,
2009-05-12 01:13:26 +04:00
struct torture_context * tctx ,
2003-11-15 15:38:06 +03:00
struct policy_handle * handle )
{
struct samr_QueryAliasInfo r ;
2008-11-10 16:09:06 +03:00
union samr_AliasInfo * info ;
2004-05-25 21:24:24 +04:00
uint16_t levels [ ] = { 1 , 2 , 3 } ;
2003-11-15 15:38:06 +03:00
int i ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2003-11-15 15:38:06 +03:00
for ( i = 0 ; i < ARRAY_SIZE ( levels ) ; i + + ) {
2009-06-30 01:42:58 +04:00
torture_comment ( tctx , " Testing QueryAliasInfo level %u \n " , levels [ i ] ) ;
2003-11-15 15:38:06 +03:00
2004-09-21 07:51:38 +04:00
r . in . alias_handle = handle ;
2003-11-15 15:38:06 +03:00
r . in . level = levels [ i ] ;
2008-11-10 16:09:06 +03:00
r . out . info = & info ;
2003-11-15 15:38:06 +03:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_QueryAliasInfo_r ( b , tctx , & r ) ,
" QueryAliasInfo failed " ) ;
if ( ! NT_STATUS_IS_OK ( r . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " QueryAliasInfo level %u failed - %s \n " ,
2010-03-19 02:38:04 +03:00
levels [ i ] , nt_errstr ( r . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2003-11-15 15:38:06 +03:00
}
}
return ret ;
}
2010-03-12 19:51:06 +03:00
static bool test_QueryGroupInfo ( struct dcerpc_binding_handle * b ,
2009-05-12 01:13:26 +04:00
struct torture_context * tctx ,
2003-11-15 15:14:22 +03:00
struct policy_handle * handle )
2004-04-22 11:28:18 +04:00
{
struct samr_QueryGroupInfo r ;
2008-11-10 16:15:33 +03:00
union samr_GroupInfo * info ;
2004-10-07 07:47:38 +04:00
uint16_t levels [ ] = { 1 , 2 , 3 , 4 , 5 } ;
2004-04-22 11:28:18 +04:00
int i ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2004-04-22 11:28:18 +04:00
for ( i = 0 ; i < ARRAY_SIZE ( levels ) ; i + + ) {
2009-06-30 01:42:58 +04:00
torture_comment ( tctx , " Testing QueryGroupInfo level %u \n " , levels [ i ] ) ;
2004-04-22 11:28:18 +04:00
2004-09-21 07:51:38 +04:00
r . in . group_handle = handle ;
2004-04-22 11:28:18 +04:00
r . in . level = levels [ i ] ;
2008-11-10 16:15:33 +03:00
r . out . info = & info ;
2004-04-22 11:28:18 +04:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_QueryGroupInfo_r ( b , tctx , & r ) ,
" QueryGroupInfo failed " ) ;
if ( ! NT_STATUS_IS_OK ( r . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " QueryGroupInfo level %u failed - %s \n " ,
2010-03-19 02:38:04 +03:00
levels [ i ] , nt_errstr ( r . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2004-04-22 11:28:18 +04:00
}
}
return ret ;
}
2010-03-12 19:51:06 +03:00
static bool test_QueryGroupMember ( struct dcerpc_binding_handle * b ,
2009-05-12 01:13:26 +04:00
struct torture_context * tctx ,
2004-10-07 07:47:38 +04:00
struct policy_handle * handle )
{
struct samr_QueryGroupMember r ;
2010-10-07 15:01:29 +04:00
struct samr_RidAttrArray * rids = NULL ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2004-10-07 07:47:38 +04:00
2009-06-30 01:42:58 +04:00
torture_comment ( tctx , " Testing QueryGroupMember \n " ) ;
2004-10-07 07:47:38 +04:00
r . in . group_handle = handle ;
2008-11-05 04:00:12 +03:00
r . out . rids = & rids ;
2004-10-07 07:47:38 +04:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_QueryGroupMember_r ( b , tctx , & r ) ,
" QueryGroupMember failed " ) ;
if ( ! NT_STATUS_IS_OK ( r . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " QueryGroupMember failed - %s \n " , nt_errstr ( r . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2004-10-07 07:47:38 +04:00
}
return ret ;
}
2004-04-22 11:28:18 +04:00
2010-03-12 19:51:06 +03:00
static bool test_SetGroupInfo ( struct dcerpc_binding_handle * b ,
2009-05-12 01:13:26 +04:00
struct torture_context * tctx ,
2004-04-22 11:28:18 +04:00
struct policy_handle * handle )
2003-11-15 15:14:22 +03:00
{
struct samr_QueryGroupInfo r ;
2008-11-10 16:15:33 +03:00
union samr_GroupInfo * info ;
2004-04-17 10:19:51 +04:00
struct samr_SetGroupInfo s ;
2004-05-25 21:24:24 +04:00
uint16_t levels [ ] = { 1 , 2 , 3 , 4 } ;
uint16_t set_ok [ ] = { 0 , 1 , 1 , 1 } ;
2003-11-15 15:14:22 +03:00
int i ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2003-11-15 15:14:22 +03:00
for ( i = 0 ; i < ARRAY_SIZE ( levels ) ; i + + ) {
2009-06-30 01:42:58 +04:00
torture_comment ( tctx , " Testing QueryGroupInfo level %u \n " , levels [ i ] ) ;
2003-11-15 15:14:22 +03:00
2004-09-21 07:51:38 +04:00
r . in . group_handle = handle ;
2003-11-15 15:14:22 +03:00
r . in . level = levels [ i ] ;
2008-11-10 16:15:33 +03:00
r . out . info = & info ;
2003-11-15 15:14:22 +03:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_QueryGroupInfo_r ( b , tctx , & r ) ,
" QueryGroupInfo failed " ) ;
if ( ! NT_STATUS_IS_OK ( r . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " QueryGroupInfo level %u failed - %s \n " ,
2010-03-19 02:38:04 +03:00
levels [ i ] , nt_errstr ( r . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2003-11-15 15:14:22 +03:00
}
2004-04-17 10:19:51 +04:00
2009-06-30 01:42:58 +04:00
torture_comment ( tctx , " Testing SetGroupInfo level %u \n " , levels [ i ] ) ;
2004-04-17 10:19:51 +04:00
2004-09-21 07:51:38 +04:00
s . in . group_handle = handle ;
2004-04-17 10:19:51 +04:00
s . in . level = levels [ i ] ;
2008-11-10 16:15:33 +03:00
s . in . info = * r . out . info ;
2004-04-17 10:19:51 +04:00
2004-08-04 10:01:10 +04:00
#if 0
2009-05-12 00:44:58 +04:00
/* disabled this, as it changes the name only from the point of view of samr,
2004-08-04 10:01:10 +04:00
but leaves the name from the point of view of w2k3 internals ( and ldap ) . This means
the name is still reserved , so creating the old name fails , but deleting by the old name
also fails */
2004-05-09 19:39:12 +04:00
if ( s . in . level = = 2 ) {
2005-07-08 12:09:02 +04:00
init_lsa_String ( & s . in . info - > string , " NewName " ) ;
2004-05-09 19:39:12 +04:00
}
2004-08-04 10:01:10 +04:00
# endif
2004-05-09 19:39:12 +04:00
2004-04-22 11:28:18 +04:00
if ( s . in . level = = 4 ) {
2005-07-08 12:09:02 +04:00
init_lsa_String ( & s . in . info - > description , " test description " ) ;
2004-04-22 11:28:18 +04:00
}
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_SetGroupInfo_r ( b , tctx , & s ) ,
" SetGroupInfo failed " ) ;
2004-04-17 10:19:51 +04:00
if ( set_ok [ i ] ) {
2010-03-19 02:38:04 +03:00
if ( ! NT_STATUS_IS_OK ( s . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " SetGroupInfo level %u failed - %s \n " ,
2010-03-19 02:38:04 +03:00
r . in . level , nt_errstr ( s . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2004-04-17 10:19:51 +04:00
continue ;
}
} else {
2010-03-19 02:38:04 +03:00
if ( ! NT_STATUS_EQUAL ( NT_STATUS_INVALID_INFO_CLASS , s . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " SetGroupInfo level %u gave %s - should have been NT_STATUS_INVALID_INFO_CLASS \n " ,
2010-03-19 02:38:04 +03:00
r . in . level , nt_errstr ( s . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2004-04-17 10:19:51 +04:00
continue ;
}
}
2003-11-15 15:14:22 +03:00
}
return ret ;
}
2010-03-12 19:51:06 +03:00
static bool test_QueryUserInfo ( struct dcerpc_binding_handle * b ,
2009-05-12 01:13:26 +04:00
struct torture_context * tctx ,
2003-11-15 13:03:12 +03:00
struct policy_handle * handle )
{
struct samr_QueryUserInfo r ;
2008-11-10 16:42:27 +03:00
union samr_UserInfo * info ;
2004-05-25 21:24:24 +04:00
uint16_t levels [ ] = { 1 , 2 , 3 , 4 , 5 , 6 , 7 , 8 , 9 , 10 ,
2003-11-15 14:34:01 +03:00
11 , 12 , 13 , 14 , 16 , 17 , 20 , 21 } ;
2003-11-15 13:58:29 +03:00
int i ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2003-11-15 13:03:12 +03:00
2003-11-15 13:58:29 +03:00
for ( i = 0 ; i < ARRAY_SIZE ( levels ) ; i + + ) {
2009-06-30 01:42:58 +04:00
torture_comment ( tctx , " Testing QueryUserInfo level %u \n " , levels [ i ] ) ;
2003-11-15 13:03:12 +03:00
2004-09-21 07:51:38 +04:00
r . in . user_handle = handle ;
2003-11-15 13:58:29 +03:00
r . in . level = levels [ i ] ;
2008-11-10 16:42:27 +03:00
r . out . info = & info ;
2003-11-15 13:03:12 +03:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_QueryUserInfo_r ( b , tctx , & r ) ,
" QueryUserInfo failed " ) ;
if ( ! NT_STATUS_IS_OK ( r . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " QueryUserInfo level %u failed - %s \n " ,
2010-03-19 02:38:04 +03:00
levels [ i ] , nt_errstr ( r . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2003-11-15 13:58:29 +03:00
}
}
2003-11-15 13:03:12 +03:00
2003-11-15 13:58:29 +03:00
return ret ;
2003-11-15 13:03:12 +03:00
}
2010-03-12 19:51:06 +03:00
static bool test_QueryUserInfo2 ( struct dcerpc_binding_handle * b ,
2009-05-12 01:13:26 +04:00
struct torture_context * tctx ,
2004-04-18 08:32:04 +04:00
struct policy_handle * handle )
{
struct samr_QueryUserInfo2 r ;
2008-11-10 16:42:27 +03:00
union samr_UserInfo * info ;
2004-05-25 21:24:24 +04:00
uint16_t levels [ ] = { 1 , 2 , 3 , 4 , 5 , 6 , 7 , 8 , 9 , 10 ,
2004-04-18 08:32:04 +04:00
11 , 12 , 13 , 14 , 16 , 17 , 20 , 21 } ;
int i ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2004-04-18 08:32:04 +04:00
for ( i = 0 ; i < ARRAY_SIZE ( levels ) ; i + + ) {
2009-06-30 01:42:58 +04:00
torture_comment ( tctx , " Testing QueryUserInfo2 level %u \n " , levels [ i ] ) ;
2004-04-18 08:32:04 +04:00
2004-09-21 07:51:38 +04:00
r . in . user_handle = handle ;
2004-04-18 08:32:04 +04:00
r . in . level = levels [ i ] ;
2008-11-10 16:42:27 +03:00
r . out . info = & info ;
2004-04-18 08:32:04 +04:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_QueryUserInfo2_r ( b , tctx , & r ) ,
" QueryUserInfo2 failed " ) ;
if ( ! NT_STATUS_IS_OK ( r . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " QueryUserInfo2 level %u failed - %s \n " ,
2010-03-19 02:38:04 +03:00
levels [ i ] , nt_errstr ( r . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2004-04-18 08:32:04 +04:00
}
}
return ret ;
}
2010-03-12 19:51:06 +03:00
static bool test_OpenUser ( struct dcerpc_binding_handle * b ,
2009-05-12 01:13:26 +04:00
struct torture_context * tctx ,
2004-05-25 20:24:13 +04:00
struct policy_handle * handle , uint32_t rid )
2003-11-15 13:03:12 +03:00
{
struct samr_OpenUser r ;
2004-09-21 07:51:38 +04:00
struct policy_handle user_handle ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2003-11-15 13:03:12 +03:00
2009-06-30 01:42:58 +04:00
torture_comment ( tctx , " Testing OpenUser(%u) \n " , rid ) ;
2003-11-15 13:03:12 +03:00
2004-09-21 07:51:38 +04:00
r . in . domain_handle = handle ;
2004-12-02 07:37:36 +03:00
r . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
2003-11-15 13:03:12 +03:00
r . in . rid = rid ;
2004-09-21 07:51:38 +04:00
r . out . user_handle = & user_handle ;
2003-11-15 13:03:12 +03:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_OpenUser_r ( b , tctx , & r ) ,
" OpenUser failed " ) ;
if ( ! NT_STATUS_IS_OK ( r . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " OpenUser(%u) failed - %s \n " , rid , nt_errstr ( r . out . result ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2003-11-15 13:03:12 +03:00
}
2010-03-12 19:51:06 +03:00
if ( ! test_QuerySecurity ( b , tctx , & user_handle ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2003-11-18 08:20:54 +03:00
}
2010-03-12 19:51:06 +03:00
if ( ! test_QueryUserInfo ( b , tctx , & user_handle ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2003-11-15 15:14:22 +03:00
}
2010-03-12 19:51:06 +03:00
if ( ! test_QueryUserInfo2 ( b , tctx , & user_handle ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2004-04-18 08:32:04 +04:00
}
2010-03-12 19:51:06 +03:00
if ( ! test_GetUserPwInfo ( b , tctx , & user_handle ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2003-11-21 16:14:17 +03:00
}
2010-03-12 19:51:06 +03:00
if ( ! test_GetGroupsForUser ( b , tctx , & user_handle ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2003-12-19 06:59:27 +03:00
}
2010-03-12 19:51:06 +03:00
if ( ! test_samr_handle_Close ( b , tctx , & user_handle ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2003-11-15 23:47:59 +03:00
}
2003-11-15 15:14:22 +03:00
return ret ;
}
2010-03-12 19:51:06 +03:00
static bool test_OpenGroup ( struct dcerpc_binding_handle * b ,
2009-05-12 01:13:26 +04:00
struct torture_context * tctx ,
2004-05-25 20:24:13 +04:00
struct policy_handle * handle , uint32_t rid )
2003-11-15 15:14:22 +03:00
{
struct samr_OpenGroup r ;
2004-09-21 07:51:38 +04:00
struct policy_handle group_handle ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2003-11-15 15:14:22 +03:00
2009-06-30 01:42:58 +04:00
torture_comment ( tctx , " Testing OpenGroup(%u) \n " , rid ) ;
2003-11-15 15:14:22 +03:00
2004-09-21 07:51:38 +04:00
r . in . domain_handle = handle ;
2004-12-02 07:37:36 +03:00
r . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
2003-11-15 15:14:22 +03:00
r . in . rid = rid ;
2004-09-21 07:51:38 +04:00
r . out . group_handle = & group_handle ;
2003-11-15 15:14:22 +03:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_OpenGroup_r ( b , tctx , & r ) ,
" OpenGroup failed " ) ;
if ( ! NT_STATUS_IS_OK ( r . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " OpenGroup(%u) failed - %s \n " , rid , nt_errstr ( r . out . result ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2003-11-15 13:03:12 +03:00
}
2003-11-15 15:14:22 +03:00
2009-05-12 01:46:45 +04:00
if ( ! torture_setting_bool ( tctx , " samba3 " , false ) ) {
2010-03-12 19:51:06 +03:00
if ( ! test_QuerySecurity ( b , tctx , & group_handle ) ) {
2009-05-12 01:46:45 +04:00
ret = false ;
}
2003-11-18 08:20:54 +03:00
}
2010-03-12 19:51:06 +03:00
if ( ! test_QueryGroupInfo ( b , tctx , & group_handle ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2003-11-15 15:14:22 +03:00
}
2010-03-12 19:51:06 +03:00
if ( ! test_QueryGroupMember ( b , tctx , & group_handle ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2004-10-07 07:47:38 +04:00
}
2010-03-12 19:51:06 +03:00
if ( ! test_samr_handle_Close ( b , tctx , & group_handle ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2003-11-15 23:47:59 +03:00
}
2003-11-15 15:14:22 +03:00
return ret ;
2003-11-15 13:03:12 +03:00
}
2010-03-12 19:51:06 +03:00
static bool test_OpenAlias ( struct dcerpc_binding_handle * b ,
struct torture_context * tctx ,
2004-05-25 20:24:13 +04:00
struct policy_handle * handle , uint32_t rid )
2003-11-15 15:38:06 +03:00
{
struct samr_OpenAlias r ;
2004-09-21 07:51:38 +04:00
struct policy_handle alias_handle ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2003-11-15 15:38:06 +03:00
2008-10-31 18:09:29 +03:00
torture_comment ( tctx , " Testing OpenAlias(%u) \n " , rid ) ;
2003-11-15 15:38:06 +03:00
2004-09-21 07:51:38 +04:00
r . in . domain_handle = handle ;
2004-12-02 07:37:36 +03:00
r . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
2003-11-15 15:38:06 +03:00
r . in . rid = rid ;
2004-09-21 07:51:38 +04:00
r . out . alias_handle = & alias_handle ;
2003-11-15 15:38:06 +03:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_OpenAlias_r ( b , tctx , & r ) ,
" OpenAlias failed " ) ;
if ( ! NT_STATUS_IS_OK ( r . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " OpenAlias(%u) failed - %s \n " , rid , nt_errstr ( r . out . result ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2003-11-15 15:38:06 +03:00
}
2009-05-12 01:46:45 +04:00
if ( ! torture_setting_bool ( tctx , " samba3 " , false ) ) {
2010-03-12 19:51:06 +03:00
if ( ! test_QuerySecurity ( b , tctx , & alias_handle ) ) {
2009-05-12 01:46:45 +04:00
ret = false ;
}
2003-11-18 08:20:54 +03:00
}
2010-03-12 19:51:06 +03:00
if ( ! test_QueryAliasInfo ( b , tctx , & alias_handle ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2003-11-15 15:38:06 +03:00
}
2010-03-12 19:51:06 +03:00
if ( ! test_GetMembersInAlias ( b , tctx , & alias_handle ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2003-12-19 06:59:27 +03:00
}
2010-03-12 19:51:06 +03:00
if ( ! test_samr_handle_Close ( b , tctx , & alias_handle ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2003-11-15 23:47:59 +03:00
}
2003-11-15 15:38:06 +03:00
return ret ;
}
2010-03-12 19:51:06 +03:00
static bool check_mask ( struct dcerpc_binding_handle * b ,
struct torture_context * tctx ,
2009-05-12 00:44:58 +04:00
struct policy_handle * handle , uint32_t rid ,
2007-07-26 11:27:46 +04:00
uint32_t acct_flag_mask )
2003-11-15 12:39:48 +03:00
{
2007-07-26 11:27:46 +04:00
struct samr_OpenUser r ;
struct samr_QueryUserInfo q ;
2008-11-10 16:42:27 +03:00
union samr_UserInfo * info ;
2007-07-26 11:27:46 +04:00
struct policy_handle user_handle ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2003-11-15 12:39:48 +03:00
2008-10-31 18:09:29 +03:00
torture_comment ( tctx , " Testing OpenUser(%u) \n " , rid ) ;
2003-11-15 12:39:48 +03:00
2004-09-21 07:51:38 +04:00
r . in . domain_handle = handle ;
2007-07-26 11:27:46 +04:00
r . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
r . in . rid = rid ;
r . out . user_handle = & user_handle ;
2003-11-15 12:39:48 +03:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_OpenUser_r ( b , tctx , & r ) ,
" OpenUser failed " ) ;
if ( ! NT_STATUS_IS_OK ( r . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " OpenUser(%u) failed - %s \n " , rid , nt_errstr ( r . out . result ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2003-11-15 12:39:48 +03:00
}
2007-07-26 11:27:46 +04:00
q . in . user_handle = & user_handle ;
q . in . level = 16 ;
2008-11-10 16:42:27 +03:00
q . out . info = & info ;
2009-05-12 00:44:58 +04:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_QueryUserInfo_r ( b , tctx , & q ) ,
" QueryUserInfo failed " ) ;
if ( ! NT_STATUS_IS_OK ( q . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " QueryUserInfo level 16 failed - %s \n " ,
2010-03-19 02:38:04 +03:00
nt_errstr ( q . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2007-07-26 11:27:46 +04:00
} else {
2008-11-10 16:42:27 +03:00
if ( ( acct_flag_mask & info - > info16 . acct_flags ) = = 0 ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " Server failed to filter for 0x%x, allowed 0x%x (%d) on EnumDomainUsers \n " ,
2008-11-10 16:42:27 +03:00
acct_flag_mask , info - > info16 . acct_flags , rid ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2007-07-26 11:27:46 +04:00
}
2003-11-15 13:03:12 +03:00
}
2009-05-12 00:44:58 +04:00
2010-03-12 19:51:06 +03:00
if ( ! test_samr_handle_Close ( b , tctx , & user_handle ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2003-11-20 06:09:19 +03:00
}
2007-07-26 11:27:46 +04:00
return ret ;
}
2010-03-12 19:51:06 +03:00
static bool test_EnumDomainUsers_all ( struct dcerpc_binding_handle * b ,
2009-05-22 21:04:25 +04:00
struct torture_context * tctx ,
struct policy_handle * handle )
2007-07-26 11:27:46 +04:00
{
struct samr_EnumDomainUsers r ;
uint32_t mask , resume_handle = 0 ;
int i , mask_idx ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2007-07-26 11:27:46 +04:00
struct samr_LookupNames n ;
struct samr_LookupRids lr ;
2008-11-05 04:12:38 +03:00
struct lsa_Strings names ;
2008-11-05 16:28:17 +03:00
struct samr_Ids rids , types ;
2008-11-07 13:25:01 +03:00
struct samr_SamArray * sam = NULL ;
uint32_t num_entries = 0 ;
2008-11-05 04:12:38 +03:00
2009-05-12 00:44:58 +04:00
uint32_t masks [ ] = { ACB_NORMAL , ACB_DOMTRUST , ACB_WSTRUST ,
ACB_DISABLED , ACB_NORMAL | ACB_DISABLED ,
ACB_SVRTRUST | ACB_DOMTRUST | ACB_WSTRUST ,
2007-07-26 11:27:46 +04:00
ACB_PWNOEXP , 0 } ;
2009-06-30 01:42:58 +04:00
torture_comment ( tctx , " Testing EnumDomainUsers \n " ) ;
2007-07-26 11:27:46 +04:00
for ( mask_idx = 0 ; mask_idx < ARRAY_SIZE ( masks ) ; mask_idx + + ) {
r . in . domain_handle = handle ;
r . in . resume_handle = & resume_handle ;
r . in . acct_flags = mask = masks [ mask_idx ] ;
r . in . max_size = ( uint32_t ) - 1 ;
r . out . resume_handle = & resume_handle ;
2008-11-07 13:25:01 +03:00
r . out . num_entries = & num_entries ;
r . out . sam = & sam ;
2007-07-26 11:27:46 +04:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_EnumDomainUsers_r ( b , tctx , & r ) ,
" EnumDomainUsers failed " ) ;
if ( ! NT_STATUS_EQUAL ( r . out . result , STATUS_MORE_ENTRIES ) & &
! NT_STATUS_IS_OK ( r . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " EnumDomainUsers failed - %s \n " , nt_errstr ( r . out . result ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2007-07-26 11:27:46 +04:00
}
2009-05-12 00:44:58 +04:00
2008-11-07 13:25:01 +03:00
torture_assert ( tctx , sam , " EnumDomainUsers failed: r.out.sam unexpectedly NULL " ) ;
2007-07-26 11:27:46 +04:00
2008-11-07 13:25:01 +03:00
if ( sam - > count = = 0 ) {
2007-07-26 11:27:46 +04:00
continue ;
}
2008-11-07 13:25:01 +03:00
for ( i = 0 ; i < sam - > count ; i + + ) {
2007-07-26 11:27:46 +04:00
if ( mask ) {
2010-03-12 19:51:06 +03:00
if ( ! check_mask ( b , tctx , handle , sam - > entries [ i ] . idx , mask ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2007-07-26 11:27:46 +04:00
}
2010-03-12 19:51:06 +03:00
} else if ( ! test_OpenUser ( b , tctx , handle , sam - > entries [ i ] . idx ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2007-07-26 11:27:46 +04:00
}
2003-11-15 13:03:12 +03:00
}
}
2009-06-30 01:42:58 +04:00
torture_comment ( tctx , " Testing LookupNames \n " ) ;
2004-09-21 07:51:38 +04:00
n . in . domain_handle = handle ;
2008-11-07 13:25:01 +03:00
n . in . num_names = sam - > count ;
n . in . names = talloc_array ( tctx , struct lsa_String , sam - > count ) ;
2008-11-05 16:28:17 +03:00
n . out . rids = & rids ;
n . out . types = & types ;
2008-11-07 13:25:01 +03:00
for ( i = 0 ; i < sam - > count ; i + + ) {
n . in . names [ i ] . string = sam - > entries [ i ] . name . string ;
2003-11-20 06:09:19 +03:00
}
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_LookupNames_r ( b , tctx , & n ) ,
" LookupNames failed " ) ;
if ( ! NT_STATUS_IS_OK ( n . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " LookupNames failed - %s \n " , nt_errstr ( n . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2003-11-20 06:18:07 +03:00
}
2009-06-30 01:42:58 +04:00
torture_comment ( tctx , " Testing LookupRids \n " ) ;
2004-09-21 07:51:38 +04:00
lr . in . domain_handle = handle ;
2008-11-07 13:25:01 +03:00
lr . in . num_rids = sam - > count ;
lr . in . rids = talloc_array ( tctx , uint32_t , sam - > count ) ;
2008-11-05 04:12:38 +03:00
lr . out . names = & names ;
lr . out . types = & types ;
2008-11-07 13:25:01 +03:00
for ( i = 0 ; i < sam - > count ; i + + ) {
lr . in . rids [ i ] = sam - > entries [ i ] . idx ;
2003-11-20 06:18:07 +03:00
}
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_LookupRids_r ( b , tctx , & lr ) ,
" LookupRids failed " ) ;
torture_assert_ntstatus_ok ( tctx , lr . out . result , " LookupRids " ) ;
2003-11-20 06:09:19 +03:00
2009-05-12 00:44:58 +04:00
return ret ;
2003-11-15 12:39:48 +03:00
}
2004-08-30 17:05:03 +04:00
/*
try blasting the server with a bunch of sync requests
*/
2009-05-12 00:44:58 +04:00
static bool test_EnumDomainUsers_async ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2004-08-30 17:05:03 +04:00
struct policy_handle * handle )
{
struct samr_EnumDomainUsers r ;
uint32_t resume_handle = 0 ;
int i ;
# define ASYNC_COUNT 100
2010-03-09 17:46:55 +03:00
struct tevent_req * req [ ASYNC_COUNT ] ;
2004-08-30 17:05:03 +04:00
2007-12-03 17:53:17 +03:00
if ( ! torture_setting_bool ( tctx , " dangerous " , false ) ) {
2008-10-31 18:09:29 +03:00
torture_skip ( tctx , " samr async test disabled - enable dangerous tests to use \n " ) ;
2004-09-10 07:38:16 +04:00
}
2008-10-31 18:09:29 +03:00
torture_comment ( tctx , " Testing EnumDomainUsers_async \n " ) ;
2004-08-30 17:05:03 +04:00
2004-09-21 07:51:38 +04:00
r . in . domain_handle = handle ;
2004-08-30 17:05:03 +04:00
r . in . resume_handle = & resume_handle ;
r . in . acct_flags = 0 ;
r . in . max_size = ( uint32_t ) - 1 ;
r . out . resume_handle = & resume_handle ;
for ( i = 0 ; i < ASYNC_COUNT ; i + + ) {
2010-03-09 17:46:55 +03:00
req [ i ] = dcerpc_samr_EnumDomainUsers_r_send ( tctx , tctx - > ev , p - > binding_handle , & r ) ;
2004-08-30 17:05:03 +04:00
}
for ( i = 0 ; i < ASYNC_COUNT ; i + + ) {
2010-03-09 17:46:55 +03:00
tevent_req_poll ( req [ i ] , tctx - > ev ) ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_EnumDomainUsers_r_recv ( req [ i ] , tctx ) ,
talloc_asprintf ( tctx , " EnumDomainUsers[%d] failed - %s \n " ,
i , nt_errstr ( r . out . result ) ) ) ;
2004-08-30 17:05:03 +04:00
}
2009-05-12 00:44:58 +04:00
2008-10-31 18:09:29 +03:00
torture_comment ( tctx , " %d async requests OK \n " , i ) ;
2004-08-30 17:05:03 +04:00
2007-10-07 02:28:14 +04:00
return true ;
2004-08-30 17:05:03 +04:00
}
2010-03-12 19:51:06 +03:00
static bool test_EnumDomainGroups_all ( struct dcerpc_binding_handle * b ,
2009-05-22 21:04:25 +04:00
struct torture_context * tctx ,
struct policy_handle * handle )
2003-11-15 12:39:48 +03:00
{
struct samr_EnumDomainGroups r ;
2004-05-25 20:24:13 +04:00
uint32_t resume_handle = 0 ;
2008-11-07 16:51:21 +03:00
struct samr_SamArray * sam = NULL ;
uint32_t num_entries = 0 ;
2003-11-15 15:14:22 +03:00
int i ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2010-03-03 14:01:40 +03:00
bool universal_group_found = false ;
2003-11-15 12:39:48 +03:00
2009-06-30 01:42:58 +04:00
torture_comment ( tctx , " Testing EnumDomainGroups \n " ) ;
2003-11-15 12:39:48 +03:00
2004-09-21 07:51:38 +04:00
r . in . domain_handle = handle ;
2003-11-15 12:39:48 +03:00
r . in . resume_handle = & resume_handle ;
2004-05-25 20:24:13 +04:00
r . in . max_size = ( uint32_t ) - 1 ;
2003-11-15 12:39:48 +03:00
r . out . resume_handle = & resume_handle ;
2008-11-07 16:51:21 +03:00
r . out . num_entries = & num_entries ;
r . out . sam = & sam ;
2003-11-15 12:39:48 +03:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_EnumDomainGroups_r ( b , tctx , & r ) ,
" EnumDomainGroups failed " ) ;
if ( ! NT_STATUS_IS_OK ( r . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " EnumDomainGroups failed - %s \n " , nt_errstr ( r . out . result ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2003-11-15 12:39:48 +03:00
}
2009-05-12 00:44:58 +04:00
2008-11-07 16:51:21 +03:00
if ( ! sam ) {
2007-10-07 02:28:14 +04:00
return false ;
2003-11-15 15:14:22 +03:00
}
2008-11-07 16:51:21 +03:00
for ( i = 0 ; i < sam - > count ; i + + ) {
2010-03-12 19:51:06 +03:00
if ( ! test_OpenGroup ( b , tctx , handle , sam - > entries [ i ] . idx ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2003-11-15 15:14:22 +03:00
}
2010-03-03 14:01:40 +03:00
if ( ( ret = = true ) & & ( strcasecmp ( sam - > entries [ i ] . name . string ,
" Enterprise Admins " ) = = 0 ) ) {
universal_group_found = true ;
}
}
/* when we are running this on s4 we should get back at least the
* " Enterprise Admins " universal group . If we don ' t get a group entry
* at all we probably are performing the test on the builtin domain .
* So ignore this case . */
if ( torture_setting_bool ( tctx , " samba4 " , false ) ) {
if ( ( sam - > count > 0 ) & & ( ! universal_group_found ) ) {
ret = false ;
}
2003-11-15 15:14:22 +03:00
}
return ret ;
2003-11-15 12:39:48 +03:00
}
2010-03-12 19:51:06 +03:00
static bool test_EnumDomainAliases_all ( struct dcerpc_binding_handle * b ,
2009-05-22 21:04:25 +04:00
struct torture_context * tctx ,
struct policy_handle * handle )
2003-11-15 13:03:12 +03:00
{
struct samr_EnumDomainAliases r ;
2004-05-25 20:24:13 +04:00
uint32_t resume_handle = 0 ;
2008-11-05 15:37:49 +03:00
struct samr_SamArray * sam = NULL ;
uint32_t num_entries = 0 ;
2003-11-15 15:38:06 +03:00
int i ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2003-11-15 13:03:12 +03:00
2009-06-30 01:42:58 +04:00
torture_comment ( tctx , " Testing EnumDomainAliases \n " ) ;
2003-11-15 13:03:12 +03:00
2004-09-21 07:51:38 +04:00
r . in . domain_handle = handle ;
2003-11-15 13:03:12 +03:00
r . in . resume_handle = & resume_handle ;
2008-11-05 15:37:49 +03:00
r . in . max_size = ( uint32_t ) - 1 ;
r . out . sam = & sam ;
r . out . num_entries = & num_entries ;
2003-11-15 13:03:12 +03:00
r . out . resume_handle = & resume_handle ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_EnumDomainAliases_r ( b , tctx , & r ) ,
" EnumDomainAliases failed " ) ;
if ( ! NT_STATUS_IS_OK ( r . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " EnumDomainAliases failed - %s \n " , nt_errstr ( r . out . result ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2003-11-15 13:03:12 +03:00
}
2009-05-12 00:44:58 +04:00
2008-11-05 15:37:49 +03:00
if ( ! sam ) {
2007-10-07 02:28:14 +04:00
return false ;
2003-11-15 15:38:06 +03:00
}
2008-11-05 15:37:49 +03:00
for ( i = 0 ; i < sam - > count ; i + + ) {
2010-03-12 19:51:06 +03:00
if ( ! test_OpenAlias ( b , tctx , handle , sam - > entries [ i ] . idx ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2003-11-15 15:38:06 +03:00
}
}
2009-05-12 00:44:58 +04:00
return ret ;
2003-11-15 13:03:12 +03:00
}
2010-03-12 19:51:06 +03:00
static bool test_GetDisplayEnumerationIndex ( struct dcerpc_binding_handle * b ,
2009-05-12 01:13:26 +04:00
struct torture_context * tctx ,
2004-04-18 08:06:15 +04:00
struct policy_handle * handle )
{
struct samr_GetDisplayEnumerationIndex r ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2004-05-25 21:24:24 +04:00
uint16_t levels [ ] = { 1 , 2 , 3 , 4 , 5 } ;
uint16_t ok_lvl [ ] = { 1 , 1 , 1 , 0 , 0 } ;
2008-11-04 21:46:24 +03:00
struct lsa_String name ;
uint32_t idx = 0 ;
2004-04-18 08:06:15 +04:00
int i ;
for ( i = 0 ; i < ARRAY_SIZE ( levels ) ; i + + ) {
2009-06-30 01:42:58 +04:00
torture_comment ( tctx , " Testing GetDisplayEnumerationIndex level %u \n " , levels [ i ] ) ;
2004-04-18 08:06:15 +04:00
2008-11-04 21:46:24 +03:00
init_lsa_String ( & name , TEST_ACCOUNT_NAME ) ;
2004-09-21 07:51:38 +04:00
r . in . domain_handle = handle ;
2004-04-18 08:06:15 +04:00
r . in . level = levels [ i ] ;
2008-11-04 21:46:24 +03:00
r . in . name = & name ;
r . out . idx = & idx ;
2004-04-18 08:06:15 +04:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_GetDisplayEnumerationIndex_r ( b , tctx , & r ) ,
" GetDisplayEnumerationIndex failed " ) ;
2004-04-22 11:28:18 +04:00
2009-05-12 00:44:58 +04:00
if ( ok_lvl [ i ] & &
2010-03-19 02:38:04 +03:00
! NT_STATUS_IS_OK ( r . out . result ) & &
! NT_STATUS_EQUAL ( NT_STATUS_NO_MORE_ENTRIES , r . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " GetDisplayEnumerationIndex level %u failed - %s \n " ,
2010-03-19 02:38:04 +03:00
levels [ i ] , nt_errstr ( r . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2004-04-18 08:06:15 +04:00
}
2004-04-18 08:32:04 +04:00
2008-11-04 21:46:24 +03:00
init_lsa_String ( & name , " zzzzzzzz " ) ;
2004-04-18 08:32:04 +04:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_GetDisplayEnumerationIndex_r ( b , tctx , & r ) ,
" GetDisplayEnumerationIndex failed " ) ;
2009-05-12 00:44:58 +04:00
2010-03-19 02:38:04 +03:00
if ( ok_lvl [ i ] & & ! NT_STATUS_EQUAL ( NT_STATUS_NO_MORE_ENTRIES , r . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " GetDisplayEnumerationIndex level %u failed - %s \n " ,
2010-03-19 02:38:04 +03:00
levels [ i ] , nt_errstr ( r . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2004-04-18 08:32:04 +04:00
}
}
2009-05-12 00:44:58 +04:00
return ret ;
2004-04-18 08:32:04 +04:00
}
2010-03-12 19:51:06 +03:00
static bool test_GetDisplayEnumerationIndex2 ( struct dcerpc_binding_handle * b ,
2009-05-12 01:13:26 +04:00
struct torture_context * tctx ,
2004-04-18 08:32:04 +04:00
struct policy_handle * handle )
{
struct samr_GetDisplayEnumerationIndex2 r ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2004-05-25 21:24:24 +04:00
uint16_t levels [ ] = { 1 , 2 , 3 , 4 , 5 } ;
uint16_t ok_lvl [ ] = { 1 , 1 , 1 , 0 , 0 } ;
2008-11-04 21:46:43 +03:00
struct lsa_String name ;
uint32_t idx = 0 ;
2004-04-18 08:32:04 +04:00
int i ;
for ( i = 0 ; i < ARRAY_SIZE ( levels ) ; i + + ) {
2009-06-30 01:42:58 +04:00
torture_comment ( tctx , " Testing GetDisplayEnumerationIndex2 level %u \n " , levels [ i ] ) ;
2004-04-18 08:32:04 +04:00
2008-11-04 21:46:43 +03:00
init_lsa_String ( & name , TEST_ACCOUNT_NAME ) ;
2004-09-21 07:51:38 +04:00
r . in . domain_handle = handle ;
2004-04-18 08:32:04 +04:00
r . in . level = levels [ i ] ;
2008-11-04 21:46:43 +03:00
r . in . name = & name ;
r . out . idx = & idx ;
2004-04-18 08:32:04 +04:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_GetDisplayEnumerationIndex2_r ( b , tctx , & r ) ,
" GetDisplayEnumerationIndex2 failed " ) ;
2009-05-12 00:44:58 +04:00
if ( ok_lvl [ i ] & &
2010-03-19 02:38:04 +03:00
! NT_STATUS_IS_OK ( r . out . result ) & &
! NT_STATUS_EQUAL ( NT_STATUS_NO_MORE_ENTRIES , r . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " GetDisplayEnumerationIndex2 level %u failed - %s \n " ,
2010-03-19 02:38:04 +03:00
levels [ i ] , nt_errstr ( r . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2004-04-18 08:32:04 +04:00
}
2008-11-04 21:46:43 +03:00
init_lsa_String ( & name , " zzzzzzzz " ) ;
2004-04-18 08:32:04 +04:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_GetDisplayEnumerationIndex2_r ( b , tctx , & r ) ,
" GetDisplayEnumerationIndex2 failed " ) ;
if ( ok_lvl [ i ] & & ! NT_STATUS_EQUAL ( NT_STATUS_NO_MORE_ENTRIES , r . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " GetDisplayEnumerationIndex2 level %u failed - %s \n " ,
2010-03-19 02:38:04 +03:00
levels [ i ] , nt_errstr ( r . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2004-04-18 08:32:04 +04:00
}
2004-04-18 08:06:15 +04:00
}
2009-05-12 00:44:58 +04:00
return ret ;
2004-04-18 08:06:15 +04:00
}
2007-07-26 07:50:24 +04:00
# define STRING_EQUAL_QUERY(s1, s2, user) \
if ( s1 . string = = NULL & & s2 . string ! = NULL & & s2 . string [ 0 ] = = ' \0 ' ) { \
/* odd, but valid */ \
} else if ( ( s1 . string & & ! s2 . string ) | | ( s2 . string & & ! s1 . string ) | | strcmp ( s1 . string , s2 . string ) ) { \
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " %s mismatch for %s: %s != %s (%s) \n " , \
2007-07-26 07:50:24 +04:00
# s1, user.string, s1.string, s2.string, __location__); \
2007-10-07 02:28:14 +04:00
ret = false ; \
2007-07-26 07:50:24 +04:00
}
# define INT_EQUAL_QUERY(s1, s2, user) \
if ( s1 ! = s2 ) { \
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " %s mismatch for %s: 0x%llx != 0x%llx (%s) \n " , \
2007-09-06 06:56:56 +04:00
# s1, user.string, (unsigned long long)s1, (unsigned long long)s2, __location__); \
2007-10-07 02:28:14 +04:00
ret = false ; \
2007-07-26 07:50:24 +04:00
}
2010-03-12 19:51:06 +03:00
static bool test_each_DisplayInfo_user ( struct dcerpc_binding_handle * b ,
2009-05-12 01:13:26 +04:00
struct torture_context * tctx ,
2007-07-26 07:50:24 +04:00
struct samr_QueryDisplayInfo * querydisplayinfo ,
2009-05-12 00:44:58 +04:00
bool * seen_testuser )
2007-07-26 07:50:24 +04:00
{
struct samr_OpenUser r ;
struct samr_QueryUserInfo q ;
2008-11-10 16:42:27 +03:00
union samr_UserInfo * info ;
2007-07-26 07:50:24 +04:00
struct policy_handle user_handle ;
2007-10-07 02:28:14 +04:00
int i , ret = true ;
2007-07-26 07:50:24 +04:00
r . in . domain_handle = querydisplayinfo - > in . domain_handle ;
r . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
for ( i = 0 ; ; i + + ) {
switch ( querydisplayinfo - > in . level ) {
case 1 :
2008-11-05 14:32:24 +03:00
if ( i > = querydisplayinfo - > out . info - > info1 . count ) {
2007-07-26 07:50:24 +04:00
return ret ;
}
2008-11-05 14:32:24 +03:00
r . in . rid = querydisplayinfo - > out . info - > info1 . entries [ i ] . rid ;
2007-07-26 07:50:24 +04:00
break ;
case 2 :
2008-11-05 14:32:24 +03:00
if ( i > = querydisplayinfo - > out . info - > info2 . count ) {
2007-07-26 07:50:24 +04:00
return ret ;
}
2008-11-05 14:32:24 +03:00
r . in . rid = querydisplayinfo - > out . info - > info2 . entries [ i ] . rid ;
2007-07-26 07:50:24 +04:00
break ;
case 3 :
/* Groups */
case 4 :
case 5 :
/* Not interested in validating just the account name */
return true ;
}
2009-05-12 00:44:58 +04:00
2007-07-26 07:50:24 +04:00
r . out . user_handle = & user_handle ;
2009-05-12 00:44:58 +04:00
2007-07-26 07:50:24 +04:00
switch ( querydisplayinfo - > in . level ) {
case 1 :
case 2 :
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_OpenUser_r ( b , tctx , & r ) ,
" OpenUser failed " ) ;
if ( ! NT_STATUS_IS_OK ( r . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " OpenUser(%u) failed - %s \n " , r . in . rid , nt_errstr ( r . out . result ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2007-07-26 07:50:24 +04:00
}
}
2009-05-12 00:44:58 +04:00
2007-07-26 07:50:24 +04:00
q . in . user_handle = & user_handle ;
q . in . level = 21 ;
2008-11-10 16:42:27 +03:00
q . out . info = & info ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_QueryUserInfo_r ( b , tctx , & q ) ,
" QueryUserInfo failed " ) ;
if ( ! NT_STATUS_IS_OK ( r . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " QueryUserInfo(%u) failed - %s \n " , r . in . rid , nt_errstr ( r . out . result ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2007-07-26 07:50:24 +04:00
}
2009-05-12 00:44:58 +04:00
2007-07-26 07:50:24 +04:00
switch ( querydisplayinfo - > in . level ) {
case 1 :
2008-11-10 16:42:27 +03:00
if ( seen_testuser & & strcmp ( info - > info21 . account_name . string , TEST_ACCOUNT_NAME ) = = 0 ) {
2007-07-26 07:50:24 +04:00
* seen_testuser = true ;
}
2008-11-05 14:32:24 +03:00
STRING_EQUAL_QUERY ( querydisplayinfo - > out . info - > info1 . entries [ i ] . full_name ,
2008-11-10 16:42:27 +03:00
info - > info21 . full_name , info - > info21 . account_name ) ;
2008-11-05 14:32:24 +03:00
STRING_EQUAL_QUERY ( querydisplayinfo - > out . info - > info1 . entries [ i ] . account_name ,
2008-11-10 16:42:27 +03:00
info - > info21 . account_name , info - > info21 . account_name ) ;
2008-11-05 14:32:24 +03:00
STRING_EQUAL_QUERY ( querydisplayinfo - > out . info - > info1 . entries [ i ] . description ,
2008-11-10 16:42:27 +03:00
info - > info21 . description , info - > info21 . account_name ) ;
2008-11-05 14:32:24 +03:00
INT_EQUAL_QUERY ( querydisplayinfo - > out . info - > info1 . entries [ i ] . rid ,
2008-11-10 16:42:27 +03:00
info - > info21 . rid , info - > info21 . account_name ) ;
2008-11-05 14:32:24 +03:00
INT_EQUAL_QUERY ( querydisplayinfo - > out . info - > info1 . entries [ i ] . acct_flags ,
2008-11-10 16:42:27 +03:00
info - > info21 . acct_flags , info - > info21 . account_name ) ;
2009-05-12 00:44:58 +04:00
2007-07-26 07:50:24 +04:00
break ;
case 2 :
2008-11-05 14:32:24 +03:00
STRING_EQUAL_QUERY ( querydisplayinfo - > out . info - > info2 . entries [ i ] . account_name ,
2008-11-10 16:42:27 +03:00
info - > info21 . account_name , info - > info21 . account_name ) ;
2008-11-05 14:32:24 +03:00
STRING_EQUAL_QUERY ( querydisplayinfo - > out . info - > info2 . entries [ i ] . description ,
2008-11-10 16:42:27 +03:00
info - > info21 . description , info - > info21 . account_name ) ;
2008-11-05 14:32:24 +03:00
INT_EQUAL_QUERY ( querydisplayinfo - > out . info - > info2 . entries [ i ] . rid ,
2008-11-10 16:42:27 +03:00
info - > info21 . rid , info - > info21 . account_name ) ;
2008-11-05 14:32:24 +03:00
INT_EQUAL_QUERY ( ( querydisplayinfo - > out . info - > info2 . entries [ i ] . acct_flags & ~ ACB_NORMAL ) ,
2008-11-10 16:42:27 +03:00
info - > info21 . acct_flags , info - > info21 . account_name ) ;
2009-05-12 00:44:58 +04:00
2008-11-05 14:32:24 +03:00
if ( ! ( querydisplayinfo - > out . info - > info2 . entries [ i ] . acct_flags & ACB_NORMAL ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " Missing ACB_NORMAL in querydisplayinfo->out.info.info2.entries[i].acct_flags on %s \n " ,
2008-11-10 16:42:27 +03:00
info - > info21 . account_name . string ) ;
2007-07-26 07:50:24 +04:00
}
2008-11-10 16:42:27 +03:00
if ( ! ( info - > info21 . acct_flags & ( ACB_WSTRUST | ACB_SVRTRUST ) ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " Found non-trust account %s in trust account listing: 0x%x 0x%x \n " ,
2008-11-10 16:42:27 +03:00
info - > info21 . account_name . string ,
2008-11-05 14:32:24 +03:00
querydisplayinfo - > out . info - > info2 . entries [ i ] . acct_flags ,
2008-11-10 16:42:27 +03:00
info - > info21 . acct_flags ) ;
2007-10-07 02:28:14 +04:00
return false ;
2007-07-26 07:50:24 +04:00
}
2009-05-12 00:44:58 +04:00
2007-07-26 07:50:24 +04:00
break ;
}
2009-05-12 00:44:58 +04:00
2010-03-12 19:51:06 +03:00
if ( ! test_samr_handle_Close ( b , tctx , & user_handle ) ) {
2007-10-07 02:28:14 +04:00
return false ;
2007-07-26 07:50:24 +04:00
}
}
return ret ;
}
2010-03-12 19:51:06 +03:00
static bool test_QueryDisplayInfo ( struct dcerpc_binding_handle * b ,
2009-05-12 01:13:26 +04:00
struct torture_context * tctx ,
2003-11-20 15:10:41 +03:00
struct policy_handle * handle )
{
struct samr_QueryDisplayInfo r ;
2007-07-26 07:50:24 +04:00
struct samr_QueryDomainInfo dom_info ;
2008-11-05 04:59:51 +03:00
union samr_DomainInfo * info = NULL ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2004-05-25 21:24:24 +04:00
uint16_t levels [ ] = { 1 , 2 , 3 , 4 , 5 } ;
2003-11-21 05:19:47 +03:00
int i ;
2007-07-26 07:50:24 +04:00
bool seen_testuser = false ;
2008-11-05 14:32:24 +03:00
uint32_t total_size ;
uint32_t returned_size ;
union samr_DispInfo disp_info ;
2003-11-20 15:10:41 +03:00
2003-11-21 05:19:47 +03:00
for ( i = 0 ; i < ARRAY_SIZE ( levels ) ; i + + ) {
2009-06-30 01:42:58 +04:00
torture_comment ( tctx , " Testing QueryDisplayInfo level %u \n " , levels [ i ] ) ;
2003-11-20 15:10:41 +03:00
2003-11-21 05:19:47 +03:00
r . in . start_idx = 0 ;
2010-03-19 02:38:04 +03:00
r . out . result = STATUS_MORE_ENTRIES ;
while ( NT_STATUS_EQUAL ( r . out . result , STATUS_MORE_ENTRIES ) ) {
2007-07-26 07:50:24 +04:00
r . in . domain_handle = handle ;
r . in . level = levels [ i ] ;
r . in . max_entries = 2 ;
r . in . buf_size = ( uint32_t ) - 1 ;
2008-11-05 14:32:24 +03:00
r . out . total_size = & total_size ;
r . out . returned_size = & returned_size ;
r . out . info = & disp_info ;
2009-05-12 00:44:58 +04:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_QueryDisplayInfo_r ( b , tctx , & r ) ,
" QueryDisplayInfo failed " ) ;
if ( ! NT_STATUS_EQUAL ( r . out . result , STATUS_MORE_ENTRIES ) & & ! NT_STATUS_IS_OK ( r . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " QueryDisplayInfo level %u failed - %s \n " ,
2010-03-19 02:38:04 +03:00
levels [ i ] , nt_errstr ( r . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2007-07-26 07:50:24 +04:00
}
switch ( r . in . level ) {
case 1 :
2010-03-12 19:51:06 +03:00
if ( ! test_each_DisplayInfo_user ( b , tctx , & r , & seen_testuser ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2007-07-26 07:50:24 +04:00
}
2008-11-05 14:32:24 +03:00
r . in . start_idx + = r . out . info - > info1 . count ;
2007-07-26 07:50:24 +04:00
break ;
case 2 :
2010-03-12 19:51:06 +03:00
if ( ! test_each_DisplayInfo_user ( b , tctx , & r , NULL ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2007-07-26 07:50:24 +04:00
}
2008-11-05 14:32:24 +03:00
r . in . start_idx + = r . out . info - > info2 . count ;
2007-07-26 07:50:24 +04:00
break ;
case 3 :
2008-11-05 14:32:24 +03:00
r . in . start_idx + = r . out . info - > info3 . count ;
2007-07-26 07:50:24 +04:00
break ;
case 4 :
2008-11-05 14:32:24 +03:00
r . in . start_idx + = r . out . info - > info4 . count ;
2007-07-26 07:50:24 +04:00
break ;
case 5 :
2008-11-05 14:32:24 +03:00
r . in . start_idx + = r . out . info - > info5 . count ;
2007-07-26 07:50:24 +04:00
break ;
}
}
dom_info . in . domain_handle = handle ;
dom_info . in . level = 2 ;
2008-11-05 04:59:51 +03:00
dom_info . out . info = & info ;
2007-07-26 07:50:24 +04:00
/* Check number of users returned is correct */
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_QueryDomainInfo_r ( b , tctx , & dom_info ) ,
" QueryDomainInfo failed " ) ;
if ( ! NT_STATUS_IS_OK ( dom_info . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " QueryDomainInfo level %u failed - %s \n " ,
2010-03-19 02:38:04 +03:00
r . in . level , nt_errstr ( dom_info . out . result ) ) ;
2010-03-03 19:41:43 +03:00
ret = false ;
break ;
2003-11-21 05:19:47 +03:00
}
2007-07-26 07:50:24 +04:00
switch ( r . in . level ) {
case 1 :
case 4 :
2008-11-05 04:59:51 +03:00
if ( info - > general . num_users < r . in . start_idx ) {
2010-03-03 19:41:43 +03:00
/* On AD deployments this numbers don't match
* since QueryDisplayInfo returns universal and
* global groups , QueryDomainInfo only global
* ones . */
if ( torture_setting_bool ( tctx , " samba3 " , false ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " QueryDomainInfo indicates that QueryDisplayInfo returned more users (%d/%d) than the domain %s is said to contain! \n " ,
2010-03-03 19:41:43 +03:00
r . in . start_idx , info - > general . num_groups ,
info - > general . domain_name . string ) ;
ret = false ;
}
2007-07-26 07:50:24 +04:00
}
if ( ! seen_testuser ) {
2007-07-30 14:43:50 +04:00
struct policy_handle user_handle ;
2010-03-12 19:51:06 +03:00
if ( NT_STATUS_IS_OK ( test_OpenUser_byname ( b , tctx , handle , TEST_ACCOUNT_NAME , & user_handle ) ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " Didn't find test user " TEST_ACCOUNT_NAME " in enumeration of %s \n " ,
2008-11-05 04:59:51 +03:00
info - > general . domain_name . string ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2010-03-12 19:51:06 +03:00
test_samr_handle_Close ( b , tctx , & user_handle ) ;
2007-07-30 14:43:50 +04:00
}
2007-07-26 07:50:24 +04:00
}
break ;
case 3 :
case 5 :
2008-11-05 04:59:51 +03:00
if ( info - > general . num_groups ! = r . in . start_idx ) {
2010-03-03 19:41:43 +03:00
/* On AD deployments this numbers don't match
* since QueryDisplayInfo returns universal and
* global groups , QueryDomainInfo only global
* ones . */
if ( torture_setting_bool ( tctx , " samba3 " , false ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " QueryDomainInfo indicates that QueryDisplayInfo didn't return all (%d/%d) the groups in %s \n " ,
2010-03-03 19:41:43 +03:00
r . in . start_idx , info - > general . num_groups ,
info - > general . domain_name . string ) ;
ret = false ;
}
2007-07-26 07:50:24 +04:00
}
2009-05-12 00:44:58 +04:00
2007-07-26 07:50:24 +04:00
break ;
}
2003-11-20 15:10:41 +03:00
}
2009-05-12 00:44:58 +04:00
return ret ;
2003-11-20 15:10:41 +03:00
}
2010-03-12 19:51:06 +03:00
static bool test_QueryDisplayInfo2 ( struct dcerpc_binding_handle * b ,
2009-05-12 01:13:26 +04:00
struct torture_context * tctx ,
struct policy_handle * handle )
2004-04-18 08:32:04 +04:00
{
struct samr_QueryDisplayInfo2 r ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2004-05-25 21:24:24 +04:00
uint16_t levels [ ] = { 1 , 2 , 3 , 4 , 5 } ;
2004-04-18 08:32:04 +04:00
int i ;
2008-11-05 13:17:22 +03:00
uint32_t total_size ;
uint32_t returned_size ;
union samr_DispInfo info ;
2004-04-18 08:32:04 +04:00
for ( i = 0 ; i < ARRAY_SIZE ( levels ) ; i + + ) {
2009-06-30 01:42:58 +04:00
torture_comment ( tctx , " Testing QueryDisplayInfo2 level %u \n " , levels [ i ] ) ;
2004-04-18 08:32:04 +04:00
2004-09-21 07:51:38 +04:00
r . in . domain_handle = handle ;
2004-04-18 08:32:04 +04:00
r . in . level = levels [ i ] ;
r . in . start_idx = 0 ;
r . in . max_entries = 1000 ;
2004-05-25 20:24:13 +04:00
r . in . buf_size = ( uint32_t ) - 1 ;
2008-11-05 13:17:22 +03:00
r . out . total_size = & total_size ;
r . out . returned_size = & returned_size ;
r . out . info = & info ;
2004-04-18 08:32:04 +04:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_QueryDisplayInfo2_r ( b , tctx , & r ) ,
" QueryDisplayInfo2 failed " ) ;
if ( ! NT_STATUS_IS_OK ( r . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " QueryDisplayInfo2 level %u failed - %s \n " ,
2010-03-19 02:38:04 +03:00
levels [ i ] , nt_errstr ( r . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2004-04-18 08:32:04 +04:00
}
}
2009-05-12 00:44:58 +04:00
return ret ;
2004-04-18 08:32:04 +04:00
}
2010-03-12 19:51:06 +03:00
static bool test_QueryDisplayInfo3 ( struct dcerpc_binding_handle * b ,
struct torture_context * tctx ,
struct policy_handle * handle )
2004-04-19 09:48:03 +04:00
{
struct samr_QueryDisplayInfo3 r ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2004-05-25 21:24:24 +04:00
uint16_t levels [ ] = { 1 , 2 , 3 , 4 , 5 } ;
2004-04-19 09:48:03 +04:00
int i ;
2008-11-05 13:15:08 +03:00
uint32_t total_size ;
uint32_t returned_size ;
union samr_DispInfo info ;
2004-04-19 09:48:03 +04:00
for ( i = 0 ; i < ARRAY_SIZE ( levels ) ; i + + ) {
2008-10-31 18:09:29 +03:00
torture_comment ( tctx , " Testing QueryDisplayInfo3 level %u \n " , levels [ i ] ) ;
2004-04-19 09:48:03 +04:00
2004-09-21 07:51:38 +04:00
r . in . domain_handle = handle ;
2004-04-19 09:48:03 +04:00
r . in . level = levels [ i ] ;
r . in . start_idx = 0 ;
r . in . max_entries = 1000 ;
2004-05-25 20:24:13 +04:00
r . in . buf_size = ( uint32_t ) - 1 ;
2008-11-05 13:15:08 +03:00
r . out . total_size = & total_size ;
r . out . returned_size = & returned_size ;
r . out . info = & info ;
2004-04-19 09:48:03 +04:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_QueryDisplayInfo3_r ( b , tctx , & r ) ,
" QueryDisplayInfo3 failed " ) ;
if ( ! NT_STATUS_IS_OK ( r . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " QueryDisplayInfo3 level %u failed - %s \n " ,
2010-03-19 02:38:04 +03:00
levels [ i ] , nt_errstr ( r . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2004-04-19 09:48:03 +04:00
}
}
2009-05-12 00:44:58 +04:00
return ret ;
2004-04-19 09:48:03 +04:00
}
2005-06-12 15:03:15 +04:00
2010-03-12 19:51:06 +03:00
static bool test_QueryDisplayInfo_continue ( struct dcerpc_binding_handle * b ,
2009-05-12 01:13:26 +04:00
struct torture_context * tctx ,
2005-06-12 15:03:15 +04:00
struct policy_handle * handle )
{
struct samr_QueryDisplayInfo r ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2008-11-05 14:32:24 +03:00
uint32_t total_size ;
uint32_t returned_size ;
union samr_DispInfo info ;
2005-06-12 15:03:15 +04:00
2009-06-30 01:42:58 +04:00
torture_comment ( tctx , " Testing QueryDisplayInfo continuation \n " ) ;
2005-06-12 15:03:15 +04:00
r . in . domain_handle = handle ;
r . in . level = 1 ;
r . in . start_idx = 0 ;
r . in . max_entries = 1 ;
r . in . buf_size = ( uint32_t ) - 1 ;
2008-11-05 14:32:24 +03:00
r . out . total_size = & total_size ;
r . out . returned_size = & returned_size ;
r . out . info = & info ;
2005-06-12 15:03:15 +04:00
do {
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_QueryDisplayInfo_r ( b , tctx , & r ) ,
" QueryDisplayInfo failed " ) ;
if ( NT_STATUS_IS_OK ( r . out . result ) & & * r . out . returned_size ! = 0 ) {
2008-11-05 14:32:24 +03:00
if ( r . out . info - > info1 . entries [ 0 ] . idx ! = r . in . start_idx + 1 ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " expected idx %d but got %d \n " ,
2005-06-12 15:03:15 +04:00
r . in . start_idx + 1 ,
2008-11-05 14:32:24 +03:00
r . out . info - > info1 . entries [ 0 ] . idx ) ;
2005-06-12 15:03:15 +04:00
break ;
}
}
2010-03-19 02:38:04 +03:00
if ( ! NT_STATUS_EQUAL ( r . out . result , STATUS_MORE_ENTRIES ) & &
! NT_STATUS_IS_OK ( r . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " QueryDisplayInfo level %u failed - %s \n " ,
2010-03-19 02:38:04 +03:00
r . in . level , nt_errstr ( r . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2005-06-12 15:03:15 +04:00
break ;
}
r . in . start_idx + + ;
2010-03-19 02:38:04 +03:00
} while ( ( NT_STATUS_EQUAL ( r . out . result , STATUS_MORE_ENTRIES ) | |
NT_STATUS_IS_OK ( r . out . result ) ) & &
2008-11-05 14:32:24 +03:00
* r . out . returned_size ! = 0 ) ;
2009-05-12 00:44:58 +04:00
return ret ;
2005-06-12 15:03:15 +04:00
}
2010-03-12 19:51:06 +03:00
static bool test_QueryDomainInfo ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
2003-11-15 11:06:39 +03:00
struct policy_handle * handle )
{
struct samr_QueryDomainInfo r ;
2008-11-05 04:59:51 +03:00
union samr_DomainInfo * info = NULL ;
2004-04-17 09:25:49 +04:00
struct samr_SetDomainInfo s ;
2004-05-25 21:24:24 +04:00
uint16_t levels [ ] = { 1 , 2 , 3 , 4 , 5 , 6 , 7 , 8 , 9 , 11 , 12 , 13 } ;
uint16_t set_ok [ ] = { 1 , 0 , 1 , 1 , 0 , 1 , 1 , 0 , 1 , 0 , 1 , 0 } ;
2003-11-15 12:18:02 +03:00
int i ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2010-03-12 19:51:06 +03:00
struct dcerpc_binding_handle * b = p - > binding_handle ;
2009-05-12 00:44:58 +04:00
const char * domain_comment = talloc_asprintf ( tctx ,
" Tortured by Samba4 RPC-SAMR: %s " ,
2008-10-31 18:09:29 +03:00
timestring ( tctx , time ( NULL ) ) ) ;
2006-07-04 06:46:24 +04:00
s . in . domain_handle = handle ;
s . in . level = 4 ;
2008-10-31 18:09:29 +03:00
s . in . info = talloc ( tctx , union samr_DomainInfo ) ;
2009-05-12 00:44:58 +04:00
2008-07-21 07:42:07 +04:00
s . in . info - > oem . oem_information . string = domain_comment ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_SetDomainInfo_r ( b , tctx , & s ) ,
" SetDomainInfo failed " ) ;
if ( ! NT_STATUS_IS_OK ( s . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " SetDomainInfo level %u (set comment) failed - %s \n " ,
2010-03-19 02:38:04 +03:00
s . in . level , nt_errstr ( s . out . result ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2006-07-04 06:46:24 +04:00
}
2003-11-15 11:06:39 +03:00
2003-11-15 12:18:02 +03:00
for ( i = 0 ; i < ARRAY_SIZE ( levels ) ; i + + ) {
2008-10-31 18:09:29 +03:00
torture_comment ( tctx , " Testing QueryDomainInfo level %u \n " , levels [ i ] ) ;
2003-11-15 11:06:39 +03:00
2004-09-21 07:51:38 +04:00
r . in . domain_handle = handle ;
2003-11-15 12:18:02 +03:00
r . in . level = levels [ i ] ;
2008-11-05 04:59:51 +03:00
r . out . info = & info ;
2003-11-15 11:06:39 +03:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_QueryDomainInfo_r ( b , tctx , & r ) ,
" QueryDomainInfo failed " ) ;
if ( ! NT_STATUS_IS_OK ( r . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " QueryDomainInfo level %u failed - %s \n " ,
2010-03-19 02:38:04 +03:00
r . in . level , nt_errstr ( r . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2003-11-15 12:18:02 +03:00
continue ;
}
2004-04-17 09:25:49 +04:00
2006-07-04 06:46:24 +04:00
switch ( levels [ i ] ) {
case 2 :
2008-11-05 04:59:51 +03:00
if ( strcmp ( info - > general . oem_information . string , domain_comment ) ! = 0 ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " QueryDomainInfo level %u returned different oem_information (comment) (%s, expected %s) \n " ,
2008-11-05 04:59:51 +03:00
levels [ i ] , info - > general . oem_information . string , domain_comment ) ;
2009-06-07 04:27:50 +04:00
if ( ! torture_setting_bool ( tctx , " samba3 " , false ) ) {
ret = false ;
}
2006-07-04 06:46:24 +04:00
}
2008-11-05 04:59:51 +03:00
if ( ! info - > general . primary . string ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " QueryDomainInfo level %u returned no PDC name \n " ,
2006-12-13 14:19:51 +03:00
levels [ i ] ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2008-11-05 04:59:51 +03:00
} else if ( info - > general . role = = SAMR_ROLE_DOMAIN_PDC ) {
if ( dcerpc_server_name ( p ) & & strcasecmp_m ( dcerpc_server_name ( p ) , info - > general . primary . string ) ! = 0 ) {
2010-09-19 12:54:29 +04:00
if ( torture_setting_bool ( tctx , " samba3 " , false ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " QueryDomainInfo level %u returned different PDC name (%s) compared to server name (%s), despite claiming to be the PDC \n " ,
2010-09-19 12:54:29 +04:00
levels [ i ] , info - > general . primary . string , dcerpc_server_name ( p ) ) ;
}
2006-12-13 14:19:51 +03:00
}
}
2006-07-04 06:46:24 +04:00
break ;
case 4 :
2008-11-05 04:59:51 +03:00
if ( strcmp ( info - > oem . oem_information . string , domain_comment ) ! = 0 ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " QueryDomainInfo level %u returned different oem_information (comment) (%s, expected %s) \n " ,
2008-11-05 04:59:51 +03:00
levels [ i ] , info - > oem . oem_information . string , domain_comment ) ;
2009-06-07 04:27:50 +04:00
if ( ! torture_setting_bool ( tctx , " samba3 " , false ) ) {
ret = false ;
}
2006-07-04 06:46:24 +04:00
}
break ;
2006-12-13 14:19:51 +03:00
case 6 :
2008-11-05 04:59:51 +03:00
if ( ! info - > info6 . primary . string ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " QueryDomainInfo level %u returned no PDC name \n " ,
2006-12-13 14:19:51 +03:00
levels [ i ] ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2006-12-13 14:19:51 +03:00
}
break ;
2006-07-04 06:46:24 +04:00
case 11 :
2008-11-05 04:59:51 +03:00
if ( strcmp ( info - > general2 . general . oem_information . string , domain_comment ) ! = 0 ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " QueryDomainInfo level %u returned different comment (%s, expected %s) \n " ,
2008-11-05 04:59:51 +03:00
levels [ i ] , info - > general2 . general . oem_information . string , domain_comment ) ;
2009-06-07 04:27:50 +04:00
if ( ! torture_setting_bool ( tctx , " samba3 " , false ) ) {
ret = false ;
}
2006-07-04 06:46:24 +04:00
}
break ;
}
2008-10-31 18:09:29 +03:00
torture_comment ( tctx , " Testing SetDomainInfo level %u \n " , levels [ i ] ) ;
2004-04-17 09:25:49 +04:00
2004-09-21 07:51:38 +04:00
s . in . domain_handle = handle ;
2004-04-17 09:25:49 +04:00
s . in . level = levels [ i ] ;
2008-11-05 04:59:51 +03:00
s . in . info = info ;
2004-04-17 09:25:49 +04:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_SetDomainInfo_r ( b , tctx , & s ) ,
" SetDomainInfo failed " ) ;
2004-04-17 09:25:49 +04:00
if ( set_ok [ i ] ) {
2010-03-19 02:38:04 +03:00
if ( ! NT_STATUS_IS_OK ( s . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " SetDomainInfo level %u failed - %s \n " ,
2010-03-19 02:38:04 +03:00
r . in . level , nt_errstr ( s . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2004-04-17 09:25:49 +04:00
continue ;
}
} else {
2010-03-19 02:38:04 +03:00
if ( ! NT_STATUS_EQUAL ( NT_STATUS_INVALID_INFO_CLASS , s . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " SetDomainInfo level %u gave %s - should have been NT_STATUS_INVALID_INFO_CLASS \n " ,
2010-03-19 02:38:04 +03:00
r . in . level , nt_errstr ( s . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2004-04-17 09:25:49 +04:00
continue ;
}
}
2004-04-26 06:04:48 +04:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_QueryDomainInfo_r ( b , tctx , & r ) ,
" QueryDomainInfo failed " ) ;
if ( ! NT_STATUS_IS_OK ( r . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " QueryDomainInfo level %u failed - %s \n " ,
2010-03-19 02:38:04 +03:00
r . in . level , nt_errstr ( r . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2004-04-26 06:04:48 +04:00
continue ;
}
2003-11-15 12:18:02 +03:00
}
2003-11-15 11:06:39 +03:00
2009-05-12 00:44:58 +04:00
return ret ;
2003-11-15 11:06:39 +03:00
}
2004-04-18 08:32:04 +04:00
2010-03-12 19:51:06 +03:00
static bool test_QueryDomainInfo2 ( struct dcerpc_binding_handle * b ,
struct torture_context * tctx ,
2004-04-18 08:32:04 +04:00
struct policy_handle * handle )
{
struct samr_QueryDomainInfo2 r ;
2008-11-05 05:02:37 +03:00
union samr_DomainInfo * info = NULL ;
2004-05-25 21:24:24 +04:00
uint16_t levels [ ] = { 1 , 2 , 3 , 4 , 5 , 6 , 7 , 8 , 9 , 11 , 12 , 13 } ;
2004-04-18 08:32:04 +04:00
int i ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2004-04-18 08:32:04 +04:00
for ( i = 0 ; i < ARRAY_SIZE ( levels ) ; i + + ) {
2009-06-30 01:42:58 +04:00
torture_comment ( tctx , " Testing QueryDomainInfo2 level %u \n " , levels [ i ] ) ;
2004-04-18 08:32:04 +04:00
2004-09-21 07:51:38 +04:00
r . in . domain_handle = handle ;
2004-04-18 08:32:04 +04:00
r . in . level = levels [ i ] ;
2008-11-05 05:02:37 +03:00
r . out . info = & info ;
2004-04-18 08:32:04 +04:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_QueryDomainInfo2_r ( b , tctx , & r ) ,
" QueryDomainInfo2 failed " ) ;
if ( ! NT_STATUS_IS_OK ( r . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " QueryDomainInfo2 level %u failed - %s \n " ,
2010-03-19 02:38:04 +03:00
r . in . level , nt_errstr ( r . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2004-04-18 08:32:04 +04:00
continue ;
}
}
2014-05-13 01:33:53 +04:00
return ret ;
2004-04-18 08:32:04 +04:00
}
2004-04-15 17:17:36 +04:00
/* Test whether querydispinfo level 5 and enumdomgroups return the same
set of group names . */
2010-03-12 19:51:06 +03:00
static bool test_GroupList ( struct dcerpc_binding_handle * b ,
struct torture_context * tctx ,
2011-02-15 12:24:51 +03:00
struct dom_sid * domain_sid ,
2004-04-15 17:17:36 +04:00
struct policy_handle * handle )
{
struct samr_EnumDomainGroups q1 ;
struct samr_QueryDisplayInfo q2 ;
NTSTATUS status ;
2004-05-25 20:24:13 +04:00
uint32_t resume_handle = 0 ;
2008-11-07 16:51:21 +03:00
struct samr_SamArray * sam = NULL ;
uint32_t num_entries = 0 ;
2004-04-15 17:17:36 +04:00
int i ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2008-11-05 14:32:24 +03:00
uint32_t total_size ;
uint32_t returned_size ;
union samr_DispInfo info ;
2004-04-15 17:17:36 +04:00
2014-11-14 16:12:26 +03:00
size_t num_names = 0 ;
2004-04-15 17:17:36 +04:00
const char * * names = NULL ;
2011-02-15 12:24:51 +03:00
bool builtin_domain = dom_sid_compare ( domain_sid ,
& global_sid_Builtin ) = = 0 ;
2008-10-31 17:24:24 +03:00
torture_comment ( tctx , " Testing coherency of querydispinfo vs enumdomgroups \n " ) ;
2004-04-15 17:17:36 +04:00
2004-09-21 07:51:38 +04:00
q1 . in . domain_handle = handle ;
2004-04-15 17:17:36 +04:00
q1 . in . resume_handle = & resume_handle ;
q1 . in . max_size = 5 ;
q1 . out . resume_handle = & resume_handle ;
2008-11-07 16:51:21 +03:00
q1 . out . num_entries = & num_entries ;
q1 . out . sam = & sam ;
2004-04-15 17:17:36 +04:00
status = STATUS_MORE_ENTRIES ;
while ( NT_STATUS_EQUAL ( status , STATUS_MORE_ENTRIES ) ) {
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_EnumDomainGroups_r ( b , tctx , & q1 ) ,
" EnumDomainGroups failed " ) ;
status = q1 . out . result ;
2004-04-15 17:17:36 +04:00
if ( ! NT_STATUS_IS_OK ( status ) & &
! NT_STATUS_EQUAL ( status , STATUS_MORE_ENTRIES ) )
break ;
2008-11-07 16:51:21 +03:00
for ( i = 0 ; i < * q1 . out . num_entries ; i + + ) {
2008-10-31 17:24:24 +03:00
add_string_to_array ( tctx ,
2008-11-07 16:51:21 +03:00
sam - > entries [ i ] . name . string ,
2004-04-15 17:17:36 +04:00
& names , & num_names ) ;
}
}
2008-10-31 17:24:24 +03:00
torture_assert_ntstatus_ok ( tctx , status , " EnumDomainGroups " ) ;
2009-05-12 00:44:58 +04:00
2008-11-07 16:51:21 +03:00
torture_assert ( tctx , sam , " EnumDomainGroups failed to return sam " ) ;
2004-04-15 17:17:36 +04:00
2011-02-15 12:24:51 +03:00
if ( builtin_domain ) {
torture_assert ( tctx , num_names = = 0 ,
" EnumDomainGroups shouldn't return any group in the builtin domain! " ) ;
}
2004-09-21 07:51:38 +04:00
q2 . in . domain_handle = handle ;
2004-04-15 17:17:36 +04:00
q2 . in . level = 5 ;
q2 . in . start_idx = 0 ;
q2 . in . max_entries = 5 ;
2004-05-25 20:24:13 +04:00
q2 . in . buf_size = ( uint32_t ) - 1 ;
2008-11-05 14:32:24 +03:00
q2 . out . total_size = & total_size ;
q2 . out . returned_size = & returned_size ;
q2 . out . info = & info ;
2004-04-15 17:17:36 +04:00
status = STATUS_MORE_ENTRIES ;
while ( NT_STATUS_EQUAL ( status , STATUS_MORE_ENTRIES ) ) {
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_QueryDisplayInfo_r ( b , tctx , & q2 ) ,
" QueryDisplayInfo failed " ) ;
status = q2 . out . result ;
2004-04-15 17:17:36 +04:00
if ( ! NT_STATUS_IS_OK ( status ) & &
! NT_STATUS_EQUAL ( status , STATUS_MORE_ENTRIES ) )
break ;
2008-11-05 14:32:24 +03:00
for ( i = 0 ; i < q2 . out . info - > info5 . count ; i + + ) {
2004-04-15 17:17:36 +04:00
int j ;
2008-11-05 14:32:24 +03:00
const char * name = q2 . out . info - > info5 . entries [ i ] . account_name . string ;
2007-10-07 02:28:14 +04:00
bool found = false ;
2004-04-15 17:17:36 +04:00
for ( j = 0 ; j < num_names ; j + + ) {
if ( names [ j ] = = NULL )
continue ;
if ( strequal ( names [ j ] , name ) ) {
names [ j ] = NULL ;
2007-10-07 02:28:14 +04:00
found = true ;
2004-04-15 17:17:36 +04:00
break ;
}
}
2011-02-15 12:24:51 +03:00
if ( ( ! found ) & & ( ! builtin_domain ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " QueryDisplayInfo gave name [%s] that EnumDomainGroups did not \n " ,
2004-04-15 17:17:36 +04:00
name ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2004-04-15 17:17:36 +04:00
}
}
2008-11-05 14:32:24 +03:00
q2 . in . start_idx + = q2 . out . info - > info5 . count ;
2004-04-15 17:17:36 +04:00
}
if ( ! NT_STATUS_IS_OK ( status ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " QueryDisplayInfo level 5 failed - %s \n " ,
2004-04-15 17:17:36 +04:00
nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2004-04-15 17:17:36 +04:00
}
2011-02-15 12:24:51 +03:00
if ( builtin_domain ) {
torture_assert ( tctx , q2 . in . start_idx ! = 0 ,
" QueryDisplayInfo should return all domain groups also on the builtin domain handle! " ) ;
}
2004-04-15 17:17:36 +04:00
for ( i = 0 ; i < num_names ; i + + ) {
if ( names [ i ] ! = NULL ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " EnumDomainGroups gave name [%s] that QueryDisplayInfo did not \n " ,
2004-04-15 17:17:36 +04:00
names [ i ] ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2004-04-15 17:17:36 +04:00
}
}
return ret ;
}
2010-03-12 19:51:06 +03:00
static bool test_DeleteDomainGroup ( struct dcerpc_binding_handle * b ,
struct torture_context * tctx ,
2004-04-17 09:54:55 +04:00
struct policy_handle * group_handle )
{
struct samr_DeleteDomainGroup d ;
2008-10-31 18:09:29 +03:00
torture_comment ( tctx , " Testing DeleteDomainGroup \n " ) ;
2004-04-17 09:54:55 +04:00
2004-09-21 07:51:38 +04:00
d . in . group_handle = group_handle ;
d . out . group_handle = group_handle ;
2004-04-17 09:54:55 +04:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_DeleteDomainGroup_r ( b , tctx , & d ) ,
" DeleteDomainGroup failed " ) ;
torture_assert_ntstatus_ok ( tctx , d . out . result , " DeleteDomainGroup " ) ;
2004-04-17 09:54:55 +04:00
2008-10-31 18:09:29 +03:00
return true ;
2004-04-17 09:54:55 +04:00
}
2010-03-12 19:51:06 +03:00
static bool test_TestPrivateFunctionsDomain ( struct dcerpc_binding_handle * b ,
struct torture_context * tctx ,
2004-04-18 08:06:15 +04:00
struct policy_handle * domain_handle )
{
struct samr_TestPrivateFunctionsDomain r ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2004-04-18 08:06:15 +04:00
2008-10-31 18:09:29 +03:00
torture_comment ( tctx , " Testing TestPrivateFunctionsDomain \n " ) ;
2004-04-18 08:06:15 +04:00
2004-09-21 07:51:38 +04:00
r . in . domain_handle = domain_handle ;
2004-04-18 08:06:15 +04:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_TestPrivateFunctionsDomain_r ( b , tctx , & r ) ,
" TestPrivateFunctionsDomain failed " ) ;
torture_assert_ntstatus_equal ( tctx , r . out . result , NT_STATUS_NOT_IMPLEMENTED , " TestPrivateFunctionsDomain " ) ;
2004-04-18 08:06:15 +04:00
return ret ;
}
2010-03-12 19:51:06 +03:00
static bool test_RidToSid ( struct dcerpc_binding_handle * b ,
struct torture_context * tctx ,
2005-12-27 02:06:09 +03:00
struct dom_sid * domain_sid ,
2004-04-21 09:01:31 +04:00
struct policy_handle * domain_handle )
{
struct samr_RidToSid r ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2008-10-28 02:03:28 +03:00
struct dom_sid * calc_sid , * out_sid ;
2005-12-27 02:06:09 +03:00
int rids [ ] = { 0 , 42 , 512 , 10200 } ;
int i ;
2004-04-21 09:01:31 +04:00
2005-12-27 02:06:09 +03:00
for ( i = 0 ; i < ARRAY_SIZE ( rids ) ; i + + ) {
2008-10-31 18:09:29 +03:00
torture_comment ( tctx , " Testing RidToSid \n " ) ;
2009-05-12 00:44:58 +04:00
2008-10-31 18:09:29 +03:00
calc_sid = dom_sid_dup ( tctx , domain_sid ) ;
2005-12-27 02:06:09 +03:00
r . in . domain_handle = domain_handle ;
r . in . rid = rids [ i ] ;
2008-10-28 02:03:28 +03:00
r . out . sid = & out_sid ;
2009-05-12 00:44:58 +04:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_RidToSid_r ( b , tctx , & r ) ,
" RidToSid failed " ) ;
if ( ! NT_STATUS_IS_OK ( r . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " RidToSid for %d failed - %s \n " , rids [ i ] , nt_errstr ( r . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2005-12-27 02:06:09 +03:00
} else {
calc_sid = dom_sid_add_rid ( calc_sid , calc_sid , rids [ i ] ) ;
2004-04-21 09:01:31 +04:00
2008-10-28 02:03:28 +03:00
if ( ! dom_sid_equal ( calc_sid , out_sid ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " RidToSid for %d failed - got %s, expected %s \n " , rids [ i ] ,
2008-10-28 02:03:28 +03:00
dom_sid_string ( tctx , out_sid ) ,
2008-10-31 18:09:29 +03:00
dom_sid_string ( tctx , calc_sid ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2005-12-27 02:06:09 +03:00
}
}
2004-04-21 09:01:31 +04:00
}
return ret ;
}
2010-03-12 19:51:06 +03:00
static bool test_GetBootKeyInformation ( struct dcerpc_binding_handle * b ,
struct torture_context * tctx ,
2004-04-21 10:23:29 +04:00
struct policy_handle * domain_handle )
{
2008-10-31 17:24:24 +03:00
struct samr_GetBootKeyInformation r ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2008-11-05 03:39:39 +03:00
uint32_t unknown = 0 ;
2010-03-19 02:38:04 +03:00
NTSTATUS status ;
2004-04-21 10:23:29 +04:00
2008-10-31 18:09:29 +03:00
torture_comment ( tctx , " Testing GetBootKeyInformation \n " ) ;
2004-04-21 10:23:29 +04:00
2004-09-21 07:51:38 +04:00
r . in . domain_handle = domain_handle ;
2008-11-05 03:39:39 +03:00
r . out . unknown = & unknown ;
2004-04-21 10:23:29 +04:00
2010-03-12 19:51:06 +03:00
status = dcerpc_samr_GetBootKeyInformation_r ( b , tctx , & r ) ;
2010-03-19 02:38:04 +03:00
if ( NT_STATUS_IS_OK ( status ) & & ! NT_STATUS_IS_OK ( r . out . result ) ) {
status = r . out . result ;
}
2004-04-21 10:23:29 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2004-04-30 07:57:48 +04:00
/* w2k3 seems to fail this sometimes and pass it sometimes */
2008-10-31 18:09:29 +03:00
torture_comment ( tctx , " GetBootKeyInformation (ignored) - %s \n " , nt_errstr ( status ) ) ;
2004-04-21 10:23:29 +04:00
}
return ret ;
}
2010-03-12 19:51:06 +03:00
static bool test_AddGroupMember ( struct dcerpc_binding_handle * b ,
struct torture_context * tctx ,
2004-04-17 10:40:50 +04:00
struct policy_handle * domain_handle ,
struct policy_handle * group_handle )
{
NTSTATUS status ;
struct samr_AddGroupMember r ;
2004-04-17 10:49:26 +04:00
struct samr_DeleteGroupMember d ;
2004-04-23 08:21:22 +04:00
struct samr_QueryGroupMember q ;
2010-10-07 15:01:29 +04:00
struct samr_RidAttrArray * rids = NULL ;
2004-04-23 08:21:22 +04:00
struct samr_SetMemberAttributesOfGroup s ;
2004-05-25 20:24:13 +04:00
uint32_t rid ;
2009-06-24 02:27:33 +04:00
bool found_member = false ;
int i ;
2004-04-17 10:40:50 +04:00
2010-03-12 19:51:06 +03:00
status = test_LookupName ( b , tctx , domain_handle , TEST_ACCOUNT_NAME , & rid ) ;
2008-10-31 17:24:24 +03:00
torture_assert_ntstatus_ok ( tctx , status , " test_AddGroupMember looking up name " TEST_ACCOUNT_NAME ) ;
2004-04-17 10:40:50 +04:00
2004-09-21 07:51:38 +04:00
r . in . group_handle = group_handle ;
2004-04-17 10:40:50 +04:00
r . in . rid = rid ;
r . in . flags = 0 ; /* ??? */
2009-06-24 02:27:33 +04:00
torture_comment ( tctx , " Testing AddGroupMember, QueryGroupMember and DeleteGroupMember \n " ) ;
2004-04-17 10:49:26 +04:00
2004-09-21 07:51:38 +04:00
d . in . group_handle = group_handle ;
2004-04-17 10:49:26 +04:00
d . in . rid = rid ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_DeleteGroupMember_r ( b , tctx , & d ) ,
" DeleteGroupMember failed " ) ;
torture_assert_ntstatus_equal ( tctx , NT_STATUS_MEMBER_NOT_IN_GROUP , d . out . result , " DeleteGroupMember " ) ;
2004-04-17 10:40:50 +04:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_AddGroupMember_r ( b , tctx , & r ) ,
" AddGroupMember failed " ) ;
torture_assert_ntstatus_ok ( tctx , r . out . result , " AddGroupMember " ) ;
2004-04-17 10:40:50 +04:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_AddGroupMember_r ( b , tctx , & r ) ,
" AddGroupMember failed " ) ;
torture_assert_ntstatus_equal ( tctx , NT_STATUS_MEMBER_IN_GROUP , r . out . result , " AddGroupMember " ) ;
2004-04-17 10:40:50 +04:00
2009-05-12 02:19:56 +04:00
if ( torture_setting_bool ( tctx , " samba4 " , false ) | |
torture_setting_bool ( tctx , " samba3 " , false ) ) {
2009-06-07 04:27:50 +04:00
torture_comment ( tctx , " skipping SetMemberAttributesOfGroup test against Samba \n " ) ;
2006-07-04 06:46:24 +04:00
} else {
/* this one is quite strange. I am using random inputs in the
hope of triggering an error that might give us a clue */
2004-04-23 08:21:22 +04:00
2006-07-04 06:46:24 +04:00
s . in . group_handle = group_handle ;
s . in . unknown1 = random ( ) ;
s . in . unknown2 = random ( ) ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_SetMemberAttributesOfGroup_r ( b , tctx , & s ) ,
" SetMemberAttributesOfGroup failed " ) ;
torture_assert_ntstatus_ok ( tctx , s . out . result , " SetMemberAttributesOfGroup " ) ;
2004-04-23 08:21:22 +04:00
}
2004-09-21 07:51:38 +04:00
q . in . group_handle = group_handle ;
2008-11-05 04:00:12 +03:00
q . out . rids = & rids ;
2004-04-23 08:21:22 +04:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_QueryGroupMember_r ( b , tctx , & q ) ,
" QueryGroupMember failed " ) ;
torture_assert_ntstatus_ok ( tctx , q . out . result , " QueryGroupMember " ) ;
2009-06-24 02:27:33 +04:00
torture_assert ( tctx , rids , " QueryGroupMember did not fill in rids structure " ) ;
for ( i = 0 ; i < rids - > count ; i + + ) {
if ( rids - > rids [ i ] = = rid ) {
found_member = true ;
}
}
torture_assert ( tctx , found_member , " QueryGroupMember did not list newly added member " ) ;
2004-04-18 08:06:15 +04:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_DeleteGroupMember_r ( b , tctx , & d ) ,
" DeleteGroupMember failed " ) ;
torture_assert_ntstatus_ok ( tctx , d . out . result , " DeleteGroupMember " ) ;
2004-04-17 10:49:26 +04:00
2009-06-24 02:27:33 +04:00
rids = NULL ;
found_member = false ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_QueryGroupMember_r ( b , tctx , & q ) ,
" QueryGroupMember failed " ) ;
torture_assert_ntstatus_ok ( tctx , q . out . result , " QueryGroupMember " ) ;
2009-06-24 02:27:33 +04:00
torture_assert ( tctx , rids , " QueryGroupMember did not fill in rids structure " ) ;
for ( i = 0 ; i < rids - > count ; i + + ) {
if ( rids - > rids [ i ] = = rid ) {
found_member = true ;
}
}
torture_assert ( tctx , ! found_member , " QueryGroupMember does still list removed member " ) ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_AddGroupMember_r ( b , tctx , & r ) ,
" AddGroupMember failed " ) ;
torture_assert_ntstatus_ok ( tctx , r . out . result , " AddGroupMember " ) ;
2004-04-17 10:49:26 +04:00
2008-10-31 18:09:29 +03:00
return true ;
2004-04-17 10:40:50 +04:00
}
2004-04-17 09:54:55 +04:00
2010-03-12 19:51:06 +03:00
static bool test_CreateDomainGroup ( struct dcerpc_binding_handle * b ,
2009-05-21 20:12:29 +04:00
struct torture_context * tctx ,
2009-05-12 00:44:58 +04:00
struct policy_handle * domain_handle ,
2009-05-21 20:12:29 +04:00
const char * group_name ,
2008-03-14 04:26:03 +03:00
struct policy_handle * group_handle ,
2009-05-21 20:12:29 +04:00
struct dom_sid * domain_sid ,
bool test_group )
2004-04-17 09:54:55 +04:00
{
struct samr_CreateDomainGroup r ;
2004-05-25 20:24:13 +04:00
uint32_t rid ;
2005-07-08 12:09:02 +04:00
struct lsa_String name ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2004-04-17 09:54:55 +04:00
2009-05-21 20:12:29 +04:00
init_lsa_String ( & name , group_name ) ;
2004-04-17 09:54:55 +04:00
2004-09-21 07:51:38 +04:00
r . in . domain_handle = domain_handle ;
2004-04-17 09:54:55 +04:00
r . in . name = & name ;
2004-12-02 07:37:36 +03:00
r . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
2004-04-17 09:54:55 +04:00
r . out . group_handle = group_handle ;
r . out . rid = & rid ;
2009-06-30 01:42:58 +04:00
torture_comment ( tctx , " Testing CreateDomainGroup(%s) \n " , r . in . name - > string ) ;
2004-04-17 09:54:55 +04:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_CreateDomainGroup_r ( b , tctx , & r ) ,
" CreateDomainGroup failed " ) ;
2004-04-17 09:54:55 +04:00
2008-10-31 17:24:24 +03:00
if ( dom_sid_equal ( domain_sid , dom_sid_parse_talloc ( tctx , SID_BUILTIN ) ) ) {
2010-03-19 02:38:04 +03:00
if ( NT_STATUS_EQUAL ( r . out . result , NT_STATUS_ACCESS_DENIED ) ) {
2008-10-31 17:24:24 +03:00
torture_comment ( tctx , " Server correctly refused create of '%s' \n " , r . in . name - > string ) ;
2008-03-14 04:26:03 +03:00
return true ;
} else {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " Server should have refused create of '%s', got %s instead \n " , r . in . name - > string ,
2010-03-19 02:38:04 +03:00
nt_errstr ( r . out . result ) ) ;
2008-03-14 04:26:03 +03:00
return false ;
}
2004-04-17 09:54:55 +04:00
}
2010-03-19 02:38:04 +03:00
if ( NT_STATUS_EQUAL ( r . out . result , NT_STATUS_GROUP_EXISTS ) ) {
2010-03-12 19:51:06 +03:00
if ( ! test_DeleteGroup_byname ( b , tctx , domain_handle , r . in . name - > string ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " CreateDomainGroup failed: Could not delete domain group %s - %s \n " , r . in . name - > string ,
2010-03-19 02:38:04 +03:00
nt_errstr ( r . out . result ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2006-07-07 11:38:36 +04:00
}
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_CreateDomainGroup_r ( b , tctx , & r ) ,
" CreateDomainGroup failed " ) ;
2006-07-07 11:38:36 +04:00
}
2010-03-19 02:38:04 +03:00
if ( NT_STATUS_EQUAL ( r . out . result , NT_STATUS_USER_EXISTS ) ) {
2010-03-12 19:51:06 +03:00
if ( ! test_DeleteUser_byname ( b , tctx , domain_handle , r . in . name - > string ) ) {
2009-05-12 00:44:58 +04:00
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " CreateDomainGroup failed: Could not delete user %s - %s \n " , r . in . name - > string ,
2010-03-19 02:38:04 +03:00
nt_errstr ( r . out . result ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2004-04-17 09:54:55 +04:00
}
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_CreateDomainGroup_r ( b , tctx , & r ) ,
" CreateDomainGroup failed " ) ;
2004-04-17 09:54:55 +04:00
}
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , r . out . result , " CreateDomainGroup " ) ;
2004-04-17 09:54:55 +04:00
2009-05-21 20:12:29 +04:00
if ( ! test_group ) {
return ret ;
}
2010-03-12 19:51:06 +03:00
if ( ! test_AddGroupMember ( b , tctx , domain_handle , group_handle ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " CreateDomainGroup failed - %s \n " , nt_errstr ( r . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2004-04-17 10:40:50 +04:00
}
2010-03-12 19:51:06 +03:00
if ( ! test_SetGroupInfo ( b , tctx , group_handle ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2004-04-22 11:28:18 +04:00
}
2004-04-17 09:54:55 +04:00
return ret ;
}
2004-04-15 17:17:36 +04:00
2004-04-18 08:06:15 +04:00
/*
its not totally clear what this does . It seems to accept any sid you like .
*/
2010-03-12 19:51:06 +03:00
static bool test_RemoveMemberFromForeignDomain ( struct dcerpc_binding_handle * b ,
2008-10-31 17:24:24 +03:00
struct torture_context * tctx ,
2004-04-18 08:06:15 +04:00
struct policy_handle * domain_handle )
{
struct samr_RemoveMemberFromForeignDomain r ;
2004-09-21 07:51:38 +04:00
r . in . domain_handle = domain_handle ;
2008-10-31 17:24:24 +03:00
r . in . sid = dom_sid_parse_talloc ( tctx , " S-1-5-32-12-34-56-78 " ) ;
2004-04-18 08:06:15 +04:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_RemoveMemberFromForeignDomain_r ( b , tctx , & r ) ,
" RemoveMemberFromForeignDomain failed " ) ;
torture_assert_ntstatus_ok ( tctx , r . out . result , " RemoveMemberFromForeignDomain " ) ;
2004-04-18 08:06:15 +04:00
2007-10-07 02:28:14 +04:00
return true ;
2004-04-18 08:06:15 +04:00
}
2010-03-12 19:51:06 +03:00
static bool test_EnumDomainUsers ( struct dcerpc_binding_handle * b ,
2009-05-25 15:08:58 +04:00
struct torture_context * tctx ,
struct policy_handle * domain_handle ,
uint32_t * total_num_entries_p )
{
NTSTATUS status ;
struct samr_EnumDomainUsers r ;
uint32_t resume_handle = 0 ;
uint32_t num_entries = 0 ;
uint32_t total_num_entries = 0 ;
struct samr_SamArray * sam ;
r . in . domain_handle = domain_handle ;
2009-06-04 12:12:59 +04:00
r . in . acct_flags = 0 ;
2009-05-25 15:08:58 +04:00
r . in . max_size = ( uint32_t ) - 1 ;
r . in . resume_handle = & resume_handle ;
2004-04-18 08:06:15 +04:00
2009-05-25 15:08:58 +04:00
r . out . sam = & sam ;
r . out . num_entries = & num_entries ;
r . out . resume_handle = & resume_handle ;
2009-06-30 01:42:58 +04:00
torture_comment ( tctx , " Testing EnumDomainUsers \n " ) ;
2009-05-25 15:08:58 +04:00
do {
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_EnumDomainUsers_r ( b , tctx , & r ) ,
" EnumDomainUsers failed " ) ;
if ( NT_STATUS_IS_ERR ( r . out . result ) ) {
torture_assert_ntstatus_ok ( tctx , r . out . result ,
2009-05-25 15:08:58 +04:00
" failed to enumerate users " ) ;
}
2010-11-27 21:52:46 +03:00
status = r . out . result ;
2009-05-25 15:08:58 +04:00
total_num_entries + = num_entries ;
} while ( NT_STATUS_EQUAL ( status , STATUS_MORE_ENTRIES ) ) ;
if ( total_num_entries_p ) {
* total_num_entries_p = total_num_entries ;
}
return true ;
}
2010-03-12 19:51:06 +03:00
static bool test_EnumDomainGroups ( struct dcerpc_binding_handle * b ,
2009-05-25 15:08:58 +04:00
struct torture_context * tctx ,
struct policy_handle * domain_handle ,
uint32_t * total_num_entries_p )
{
NTSTATUS status ;
struct samr_EnumDomainGroups r ;
uint32_t resume_handle = 0 ;
uint32_t num_entries = 0 ;
uint32_t total_num_entries = 0 ;
struct samr_SamArray * sam ;
r . in . domain_handle = domain_handle ;
r . in . max_size = ( uint32_t ) - 1 ;
r . in . resume_handle = & resume_handle ;
r . out . sam = & sam ;
r . out . num_entries = & num_entries ;
r . out . resume_handle = & resume_handle ;
2009-06-30 01:42:58 +04:00
torture_comment ( tctx , " Testing EnumDomainGroups \n " ) ;
2009-05-25 15:08:58 +04:00
do {
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_EnumDomainGroups_r ( b , tctx , & r ) ,
" EnumDomainGroups failed " ) ;
if ( NT_STATUS_IS_ERR ( r . out . result ) ) {
torture_assert_ntstatus_ok ( tctx , r . out . result ,
2009-05-25 15:08:58 +04:00
" failed to enumerate groups " ) ;
}
2010-11-27 21:52:46 +03:00
status = r . out . result ;
2009-05-25 15:08:58 +04:00
total_num_entries + = num_entries ;
} while ( NT_STATUS_EQUAL ( status , STATUS_MORE_ENTRIES ) ) ;
if ( total_num_entries_p ) {
* total_num_entries_p = total_num_entries ;
}
return true ;
}
2010-03-12 19:51:06 +03:00
static bool test_EnumDomainAliases ( struct dcerpc_binding_handle * b ,
2009-05-25 15:08:58 +04:00
struct torture_context * tctx ,
struct policy_handle * domain_handle ,
uint32_t * total_num_entries_p )
{
NTSTATUS status ;
struct samr_EnumDomainAliases r ;
uint32_t resume_handle = 0 ;
uint32_t num_entries = 0 ;
uint32_t total_num_entries = 0 ;
struct samr_SamArray * sam ;
r . in . domain_handle = domain_handle ;
r . in . max_size = ( uint32_t ) - 1 ;
r . in . resume_handle = & resume_handle ;
r . out . sam = & sam ;
r . out . num_entries = & num_entries ;
r . out . resume_handle = & resume_handle ;
2009-06-30 01:42:58 +04:00
torture_comment ( tctx , " Testing EnumDomainAliases \n " ) ;
2009-05-25 15:08:58 +04:00
do {
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_EnumDomainAliases_r ( b , tctx , & r ) ,
" EnumDomainAliases failed " ) ;
if ( NT_STATUS_IS_ERR ( r . out . result ) ) {
torture_assert_ntstatus_ok ( tctx , r . out . result ,
2009-05-25 15:08:58 +04:00
" failed to enumerate aliases " ) ;
}
2010-11-27 21:52:46 +03:00
status = r . out . result ;
2009-05-25 15:08:58 +04:00
total_num_entries + = num_entries ;
} while ( NT_STATUS_EQUAL ( status , STATUS_MORE_ENTRIES ) ) ;
if ( total_num_entries_p ) {
* total_num_entries_p = total_num_entries ;
}
return true ;
}
2010-03-12 19:51:06 +03:00
static bool test_QueryDisplayInfo_level ( struct dcerpc_binding_handle * b ,
2009-06-08 12:24:48 +04:00
struct torture_context * tctx ,
struct policy_handle * handle ,
uint16_t level ,
uint32_t * total_num_entries_p )
{
NTSTATUS status ;
struct samr_QueryDisplayInfo r ;
uint32_t total_num_entries = 0 ;
r . in . domain_handle = handle ;
r . in . level = level ;
r . in . start_idx = 0 ;
r . in . max_entries = ( uint32_t ) - 1 ;
r . in . buf_size = ( uint32_t ) - 1 ;
2009-06-30 01:42:58 +04:00
torture_comment ( tctx , " Testing QueryDisplayInfo \n " ) ;
2009-06-08 12:24:48 +04:00
do {
uint32_t total_size ;
uint32_t returned_size ;
union samr_DispInfo info ;
r . out . total_size = & total_size ;
r . out . returned_size = & returned_size ;
r . out . info = & info ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_QueryDisplayInfo_r ( b , tctx , & r ) ,
" failed to query displayinfo " ) ;
if ( NT_STATUS_IS_ERR ( r . out . result ) ) {
torture_assert_ntstatus_ok ( tctx , r . out . result ,
2009-06-08 12:24:48 +04:00
" failed to query displayinfo " ) ;
}
2010-11-27 21:52:46 +03:00
status = r . out . result ;
2009-06-08 12:24:48 +04:00
if ( * r . out . returned_size = = 0 ) {
break ;
}
switch ( r . in . level ) {
case 1 :
total_num_entries + = info . info1 . count ;
r . in . start_idx + = info . info1 . entries [ info . info1 . count - 1 ] . idx + 1 ;
break ;
case 2 :
total_num_entries + = info . info2 . count ;
r . in . start_idx + = info . info2 . entries [ info . info2 . count - 1 ] . idx + 1 ;
break ;
case 3 :
total_num_entries + = info . info3 . count ;
r . in . start_idx + = info . info3 . entries [ info . info3 . count - 1 ] . idx + 1 ;
break ;
case 4 :
total_num_entries + = info . info4 . count ;
r . in . start_idx + = info . info4 . entries [ info . info4 . count - 1 ] . idx + 1 ;
break ;
case 5 :
total_num_entries + = info . info5 . count ;
r . in . start_idx + = info . info5 . entries [ info . info5 . count - 1 ] . idx + 1 ;
break ;
default :
return false ;
}
} while ( NT_STATUS_EQUAL ( status , STATUS_MORE_ENTRIES ) ) ;
if ( total_num_entries_p ) {
* total_num_entries_p = total_num_entries ;
}
return true ;
}
2009-05-25 15:08:58 +04:00
static bool test_ManyObjects ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * domain_handle ,
struct dom_sid * domain_sid ,
2009-11-26 02:32:47 +03:00
struct torture_samr_context * ctx )
2009-05-25 15:08:58 +04:00
{
2009-11-26 02:32:47 +03:00
uint32_t num_total = ctx - > num_objects_large_dc ;
2009-05-25 15:08:58 +04:00
uint32_t num_enum = 0 ;
uint32_t num_disp = 0 ;
uint32_t num_created = 0 ;
uint32_t num_anounced = 0 ;
uint32_t i ;
2010-03-12 19:51:06 +03:00
struct dcerpc_binding_handle * b = p - > binding_handle ;
2009-05-25 15:08:58 +04:00
2009-05-29 02:35:41 +04:00
struct policy_handle * handles = talloc_zero_array ( tctx , struct policy_handle , num_total ) ;
2009-05-29 15:18:23 +04:00
2009-05-25 15:08:58 +04:00
/* query */
{
struct samr_QueryDomainInfo2 r ;
union samr_DomainInfo * info ;
r . in . domain_handle = domain_handle ;
r . in . level = 2 ;
r . out . info = & info ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_QueryDomainInfo2_r ( b , tctx , & r ) ,
" QueryDomainInfo2 failed " ) ;
torture_assert_ntstatus_ok ( tctx , r . out . result ,
2009-05-25 15:08:58 +04:00
" failed to query domain info " ) ;
2009-11-26 02:32:47 +03:00
switch ( ctx - > choice ) {
2009-05-25 15:08:58 +04:00
case TORTURE_SAMR_MANY_ACCOUNTS :
num_anounced = info - > general . num_users ;
break ;
case TORTURE_SAMR_MANY_GROUPS :
num_anounced = info - > general . num_groups ;
break ;
case TORTURE_SAMR_MANY_ALIASES :
num_anounced = info - > general . num_aliases ;
break ;
default :
return false ;
}
}
/* create */
for ( i = 0 ; i < num_total ; i + + ) {
const char * name = NULL ;
2009-11-26 02:32:47 +03:00
switch ( ctx - > choice ) {
2009-05-25 15:08:58 +04:00
case TORTURE_SAMR_MANY_ACCOUNTS :
name = talloc_asprintf ( tctx , " %s%04d " , TEST_ACCOUNT_NAME , i ) ;
2011-03-16 18:20:58 +03:00
torture_assert ( tctx ,
test_CreateUser ( p , tctx , domain_handle , name , & handles [ i ] , domain_sid , 0 , NULL , false ) ,
" failed to create user " ) ;
2009-05-25 15:08:58 +04:00
break ;
case TORTURE_SAMR_MANY_GROUPS :
name = talloc_asprintf ( tctx , " %s%04d " , TEST_GROUPNAME , i ) ;
2011-03-16 18:20:58 +03:00
torture_assert ( tctx ,
test_CreateDomainGroup ( b , tctx , domain_handle , name , & handles [ i ] , domain_sid , false ) ,
" failed to create group " ) ;
2009-05-25 15:08:58 +04:00
break ;
case TORTURE_SAMR_MANY_ALIASES :
name = talloc_asprintf ( tctx , " %s%04d " , TEST_ALIASNAME , i ) ;
2011-03-16 18:20:58 +03:00
torture_assert ( tctx ,
test_CreateAlias ( b , tctx , domain_handle , name , & handles [ i ] , domain_sid , false ) ,
" failed to create alias " ) ;
2009-05-25 15:08:58 +04:00
break ;
default :
return false ;
}
2012-03-18 20:44:24 +04:00
if ( ! ndr_policy_handle_empty ( & handles [ i ] ) ) {
2009-05-25 15:08:58 +04:00
num_created + + ;
}
}
/* enum */
2009-11-26 02:32:47 +03:00
switch ( ctx - > choice ) {
2009-05-25 15:08:58 +04:00
case TORTURE_SAMR_MANY_ACCOUNTS :
2011-03-16 18:20:58 +03:00
torture_assert ( tctx ,
test_EnumDomainUsers ( b , tctx , domain_handle , & num_enum ) ,
" failed to enum users " ) ;
2009-05-25 15:08:58 +04:00
break ;
case TORTURE_SAMR_MANY_GROUPS :
2011-03-16 18:20:58 +03:00
torture_assert ( tctx ,
test_EnumDomainGroups ( b , tctx , domain_handle , & num_enum ) ,
" failed to enum groups " ) ;
2009-05-25 15:08:58 +04:00
break ;
case TORTURE_SAMR_MANY_ALIASES :
2011-03-16 18:20:58 +03:00
torture_assert ( tctx ,
test_EnumDomainAliases ( b , tctx , domain_handle , & num_enum ) ,
" failed to enum aliases " ) ;
2009-05-25 15:08:58 +04:00
break ;
default :
return false ;
}
2009-06-08 12:24:48 +04:00
/* dispinfo */
2009-05-25 15:08:58 +04:00
2009-11-26 02:32:47 +03:00
switch ( ctx - > choice ) {
2009-05-25 15:08:58 +04:00
case TORTURE_SAMR_MANY_ACCOUNTS :
2011-03-16 18:20:58 +03:00
torture_assert ( tctx ,
test_QueryDisplayInfo_level ( b , tctx , domain_handle , 1 , & num_disp ) ,
" failed to query display info " ) ;
2009-05-25 15:08:58 +04:00
break ;
case TORTURE_SAMR_MANY_GROUPS :
2011-03-16 18:20:58 +03:00
torture_assert ( tctx ,
test_QueryDisplayInfo_level ( b , tctx , domain_handle , 3 , & num_disp ) ,
" failed to query display info " ) ;
2009-05-25 15:08:58 +04:00
break ;
case TORTURE_SAMR_MANY_ALIASES :
2009-06-08 12:24:48 +04:00
/* no aliases in dispinfo */
2009-05-25 15:08:58 +04:00
break ;
default :
return false ;
}
2009-06-09 00:41:23 +04:00
/* close or delete */
2009-05-29 02:35:41 +04:00
for ( i = 0 ; i < num_total ; i + + ) {
2012-03-18 20:44:24 +04:00
if ( ndr_policy_handle_empty ( & handles [ i ] ) ) {
2009-05-29 02:35:41 +04:00
continue ;
}
2009-06-09 00:41:23 +04:00
if ( torture_setting_bool ( tctx , " samba3 " , false ) ) {
2011-03-16 18:20:58 +03:00
torture_assert ( tctx ,
test_samr_handle_Close ( b , tctx , & handles [ i ] ) ,
" failed to close handle " ) ;
2009-06-09 00:41:23 +04:00
} else {
2009-11-26 02:32:47 +03:00
switch ( ctx - > choice ) {
2009-06-09 00:41:23 +04:00
case TORTURE_SAMR_MANY_ACCOUNTS :
2011-03-16 18:20:58 +03:00
torture_assert ( tctx ,
test_DeleteUser ( b , tctx , & handles [ i ] ) ,
" failed to delete user " ) ;
2009-06-09 00:41:23 +04:00
break ;
case TORTURE_SAMR_MANY_GROUPS :
2011-03-16 18:20:58 +03:00
torture_assert ( tctx ,
test_DeleteDomainGroup ( b , tctx , & handles [ i ] ) ,
" failed to delete group " ) ;
2009-06-09 00:41:23 +04:00
break ;
case TORTURE_SAMR_MANY_ALIASES :
2011-03-16 18:20:58 +03:00
torture_assert ( tctx ,
test_DeleteAlias ( b , tctx , & handles [ i ] ) ,
" failed to delete alias " ) ;
2009-06-09 00:41:23 +04:00
break ;
default :
return false ;
}
2009-05-29 02:35:41 +04:00
}
}
talloc_free ( handles ) ;
2009-11-26 02:32:47 +03:00
if ( ctx - > choice = = TORTURE_SAMR_MANY_ACCOUNTS & & num_enum ! = num_anounced + num_created ) {
2009-06-04 23:14:25 +04:00
torture_comment ( tctx ,
" unexpected number of results (%u) returned in enum call, expected %u \n " ,
num_enum , num_anounced + num_created ) ;
2009-06-08 12:24:48 +04:00
torture_comment ( tctx ,
" unexpected number of results (%u) returned in dispinfo, call, expected %u \n " ,
num_disp , num_anounced + num_created ) ;
2009-06-04 12:12:59 +04:00
}
2011-03-16 18:20:58 +03:00
return true ;
2009-05-25 15:08:58 +04:00
}
2004-04-18 08:06:15 +04:00
2010-03-12 19:51:06 +03:00
static bool test_Connect ( struct dcerpc_binding_handle * b ,
struct torture_context * tctx ,
2004-09-27 09:15:14 +04:00
struct policy_handle * handle ) ;
2004-04-18 08:06:15 +04:00
2009-05-12 00:44:58 +04:00
static bool test_OpenDomain ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2009-11-26 02:32:47 +03:00
struct torture_samr_context * ctx , struct dom_sid * sid )
2003-11-15 11:06:39 +03:00
{
struct samr_OpenDomain r ;
struct policy_handle domain_handle ;
2003-12-19 06:59:27 +03:00
struct policy_handle alias_handle ;
2006-07-07 11:38:36 +04:00
struct policy_handle user_handle ;
2004-04-17 09:54:55 +04:00
struct policy_handle group_handle ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2010-03-12 19:51:06 +03:00
struct dcerpc_binding_handle * b = p - > binding_handle ;
2003-11-15 11:06:39 +03:00
2003-12-19 06:59:27 +03:00
ZERO_STRUCT ( alias_handle ) ;
2006-07-07 11:38:36 +04:00
ZERO_STRUCT ( user_handle ) ;
2004-04-23 08:21:22 +04:00
ZERO_STRUCT ( group_handle ) ;
ZERO_STRUCT ( domain_handle ) ;
2003-12-19 06:59:27 +03:00
2008-10-31 18:09:29 +03:00
torture_comment ( tctx , " Testing OpenDomain of %s \n " , dom_sid_string ( tctx , sid ) ) ;
2003-11-15 11:06:39 +03:00
2009-11-26 02:32:47 +03:00
r . in . connect_handle = & ctx - > handle ;
2004-12-02 07:37:36 +03:00
r . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
2003-11-15 11:06:39 +03:00
r . in . sid = sid ;
r . out . domain_handle = & domain_handle ;
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_OpenDomain_r ( b , tctx , & r ) ,
" OpenDomain failed " ) ;
torture_assert_ntstatus_ok ( tctx , r . out . result , " OpenDomain failed " ) ;
2003-11-15 11:06:39 +03:00
2004-09-27 09:15:14 +04:00
/* run the domain tests with the main handle closed - this tests
the servers reference counting */
2010-03-12 19:51:06 +03:00
torture_assert ( tctx , test_samr_handle_Close ( b , tctx , & ctx - > handle ) , " Failed to close SAMR handle " ) ;
2004-09-27 09:15:14 +04:00
2009-11-26 02:32:47 +03:00
switch ( ctx - > choice ) {
2006-07-07 06:03:04 +04:00
case TORTURE_SAMR_PASSWORDS :
2009-05-29 02:35:59 +04:00
case TORTURE_SAMR_USER_PRIVILEGES :
if ( ! torture_setting_bool ( tctx , " samba3 " , false ) ) {
2009-11-26 02:32:47 +03:00
ret & = test_CreateUser2 ( p , tctx , & domain_handle , sid , ctx - > choice , NULL ) ;
2009-05-29 02:35:59 +04:00
}
2009-11-26 02:32:47 +03:00
ret & = test_CreateUser ( p , tctx , & domain_handle , TEST_ACCOUNT_NAME , & user_handle , sid , ctx - > choice , NULL , true ) ;
2009-06-04 12:12:59 +04:00
if ( ! ret ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " Testing PASSWORDS or PRIVILEGES on domain %s failed! \n " , dom_sid_string ( tctx , sid ) ) ;
2009-06-04 12:12:59 +04:00
}
2009-05-29 02:35:59 +04:00
break ;
case TORTURE_SAMR_USER_ATTRIBUTES :
2009-05-07 23:47:47 +04:00
if ( ! torture_setting_bool ( tctx , " samba3 " , false ) ) {
2009-11-26 02:32:47 +03:00
ret & = test_CreateUser2 ( p , tctx , & domain_handle , sid , ctx - > choice , NULL ) ;
2009-05-07 23:47:47 +04:00
}
2009-11-26 02:32:47 +03:00
ret & = test_CreateUser ( p , tctx , & domain_handle , TEST_ACCOUNT_NAME , & user_handle , sid , ctx - > choice , NULL , true ) ;
2007-07-26 07:50:24 +04:00
/* This test needs 'complex' users to validate */
2010-03-12 19:51:06 +03:00
ret & = test_QueryDisplayInfo ( b , tctx , & domain_handle ) ;
2008-03-14 04:26:03 +03:00
if ( ! ret ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " Testing ATTRIBUTES on domain %s failed! \n " , dom_sid_string ( tctx , sid ) ) ;
2008-03-14 04:26:03 +03:00
}
2006-07-07 06:03:04 +04:00
break ;
2008-12-03 01:22:14 +03:00
case TORTURE_SAMR_PASSWORDS_PWDLASTSET :
2010-01-11 23:18:51 +03:00
case TORTURE_SAMR_PASSWORDS_BADPWDCOUNT :
2010-01-15 20:08:57 +03:00
case TORTURE_SAMR_PASSWORDS_LOCKOUT :
2009-04-17 13:04:44 +04:00
if ( ! torture_setting_bool ( tctx , " samba3 " , false ) ) {
2009-11-26 02:32:47 +03:00
ret & = test_CreateUser2 ( p , tctx , & domain_handle , sid , ctx - > choice , ctx - > machine_credentials ) ;
2009-04-17 13:04:44 +04:00
}
2009-11-26 02:32:47 +03:00
ret & = test_CreateUser ( p , tctx , & domain_handle , TEST_ACCOUNT_NAME , & user_handle , sid , ctx - > choice , ctx - > machine_credentials , true ) ;
2008-12-03 01:22:14 +03:00
if ( ! ret ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " Testing PASSWORDS PWDLASTSET or BADPWDCOUNT on domain %s failed! \n " , dom_sid_string ( tctx , sid ) ) ;
2008-12-03 01:22:14 +03:00
}
break ;
2009-05-25 15:08:58 +04:00
case TORTURE_SAMR_MANY_ACCOUNTS :
case TORTURE_SAMR_MANY_GROUPS :
case TORTURE_SAMR_MANY_ALIASES :
2009-11-26 02:32:47 +03:00
ret & = test_ManyObjects ( p , tctx , & domain_handle , sid , ctx ) ;
2009-06-04 12:12:59 +04:00
if ( ! ret ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " Testing MANY-{ACCOUNTS,GROUPS,ALIASES} on domain %s failed! \n " , dom_sid_string ( tctx , sid ) ) ;
2009-06-04 12:12:59 +04:00
}
2009-05-25 15:08:58 +04:00
break ;
2006-07-07 06:03:04 +04:00
case TORTURE_SAMR_OTHER :
2009-11-26 02:32:47 +03:00
ret & = test_CreateUser ( p , tctx , & domain_handle , TEST_ACCOUNT_NAME , & user_handle , sid , ctx - > choice , NULL , true ) ;
2008-03-14 04:26:03 +03:00
if ( ! ret ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " Failed to CreateUser in SAMR-OTHER on domain %s! \n " , dom_sid_string ( tctx , sid ) ) ;
2008-03-14 04:26:03 +03:00
}
2009-05-12 01:46:45 +04:00
if ( ! torture_setting_bool ( tctx , " samba3 " , false ) ) {
2010-03-12 19:51:06 +03:00
ret & = test_QuerySecurity ( b , tctx , & domain_handle ) ;
2009-05-12 01:46:45 +04:00
}
2010-03-12 19:51:06 +03:00
ret & = test_RemoveMemberFromForeignDomain ( b , tctx , & domain_handle ) ;
ret & = test_CreateAlias ( b , tctx , & domain_handle , TEST_ALIASNAME , & alias_handle , sid , true ) ;
ret & = test_CreateDomainGroup ( b , tctx , & domain_handle , TEST_GROUPNAME , & group_handle , sid , true ) ;
ret & = test_GetAliasMembership ( b , tctx , & domain_handle ) ;
2007-12-03 17:53:17 +03:00
ret & = test_QueryDomainInfo ( p , tctx , & domain_handle ) ;
2010-03-12 19:51:06 +03:00
ret & = test_QueryDomainInfo2 ( b , tctx , & domain_handle ) ;
ret & = test_EnumDomainUsers_all ( b , tctx , & domain_handle ) ;
2007-12-03 17:53:17 +03:00
ret & = test_EnumDomainUsers_async ( p , tctx , & domain_handle ) ;
2010-03-12 19:51:06 +03:00
ret & = test_EnumDomainGroups_all ( b , tctx , & domain_handle ) ;
ret & = test_EnumDomainAliases_all ( b , tctx , & domain_handle ) ;
ret & = test_QueryDisplayInfo2 ( b , tctx , & domain_handle ) ;
ret & = test_QueryDisplayInfo3 ( b , tctx , & domain_handle ) ;
ret & = test_QueryDisplayInfo_continue ( b , tctx , & domain_handle ) ;
2009-05-12 00:44:58 +04:00
2007-12-03 17:53:17 +03:00
if ( torture_setting_bool ( tctx , " samba4 " , false ) ) {
2008-10-31 18:09:29 +03:00
torture_comment ( tctx , " skipping GetDisplayEnumerationIndex test against Samba4 \n " ) ;
2006-07-07 06:03:04 +04:00
} else {
2010-03-12 19:51:06 +03:00
ret & = test_GetDisplayEnumerationIndex ( b , tctx , & domain_handle ) ;
ret & = test_GetDisplayEnumerationIndex2 ( b , tctx , & domain_handle ) ;
2006-07-07 06:03:04 +04:00
}
2011-02-15 12:24:51 +03:00
ret & = test_GroupList ( b , tctx , sid , & domain_handle ) ;
2010-03-12 19:51:06 +03:00
ret & = test_TestPrivateFunctionsDomain ( b , tctx , & domain_handle ) ;
ret & = test_RidToSid ( b , tctx , sid , & domain_handle ) ;
ret & = test_GetBootKeyInformation ( b , tctx , & domain_handle ) ;
2008-03-14 04:26:03 +03:00
if ( ! ret ) {
2008-10-31 18:09:29 +03:00
torture_comment ( tctx , " Testing SAMR-OTHER on domain %s failed! \n " , dom_sid_string ( tctx , sid ) ) ;
2008-03-14 04:26:03 +03:00
}
2006-07-07 06:03:04 +04:00
break ;
2003-12-19 06:59:27 +03:00
}
2012-03-18 20:44:24 +04:00
if ( ! ndr_policy_handle_empty ( & user_handle ) & &
2010-03-12 19:51:06 +03:00
! test_DeleteUser ( b , tctx , & user_handle ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2006-07-07 11:38:36 +04:00
}
2012-03-18 20:44:24 +04:00
if ( ! ndr_policy_handle_empty ( & alias_handle ) & &
2010-03-12 19:51:06 +03:00
! test_DeleteAlias ( b , tctx , & alias_handle ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2004-04-17 09:54:55 +04:00
}
2012-03-18 20:44:24 +04:00
if ( ! ndr_policy_handle_empty ( & group_handle ) & &
2010-03-12 19:51:06 +03:00
! test_DeleteDomainGroup ( b , tctx , & group_handle ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2003-12-19 06:59:27 +03:00
}
2010-03-12 19:51:06 +03:00
torture_assert ( tctx , test_samr_handle_Close ( b , tctx , & domain_handle ) , " Failed to close SAMR domain handle " ) ;
2004-09-27 09:15:14 +04:00
2010-03-12 19:51:06 +03:00
torture_assert ( tctx , test_Connect ( b , tctx , & ctx - > handle ) , " Faile to re-connect SAMR handle " ) ;
2004-09-27 09:15:14 +04:00
/* reconnect the main handle */
2003-11-15 23:47:59 +03:00
2006-07-07 06:36:54 +04:00
if ( ! ret ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " Testing domain %s failed! \n " , dom_sid_string ( tctx , sid ) ) ;
2006-07-07 06:36:54 +04:00
}
2003-11-15 23:47:59 +03:00
return ret ;
2003-11-15 11:06:39 +03:00
}
2007-12-03 17:53:28 +03:00
static bool test_LookupDomain ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2009-11-26 02:32:47 +03:00
struct torture_samr_context * ctx , const char * domain )
2003-11-15 10:51:19 +03:00
{
struct samr_LookupDomain r ;
2008-11-07 04:42:45 +03:00
struct dom_sid2 * sid = NULL ;
2006-07-07 06:03:04 +04:00
struct lsa_String n1 ;
2005-07-08 12:09:02 +04:00
struct lsa_String n2 ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2010-03-12 19:51:06 +03:00
struct dcerpc_binding_handle * b = p - > binding_handle ;
2003-11-15 10:51:19 +03:00
2008-10-31 18:09:29 +03:00
torture_comment ( tctx , " Testing LookupDomain(%s) \n " , domain ) ;
2003-11-15 10:51:19 +03:00
2004-05-03 18:54:47 +04:00
/* check for correct error codes */
2009-11-26 02:32:47 +03:00
r . in . connect_handle = & ctx - > handle ;
2005-02-13 03:26:43 +03:00
r . in . domain_name = & n2 ;
2008-11-07 04:42:45 +03:00
r . out . sid = & sid ;
2004-11-13 16:45:41 +03:00
n2 . string = NULL ;
2004-05-03 18:54:47 +04:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_LookupDomain_r ( b , tctx , & r ) ,
" LookupDomain failed " ) ;
torture_assert_ntstatus_equal ( tctx , NT_STATUS_INVALID_PARAMETER , r . out . result , " LookupDomain expected NT_STATUS_INVALID_PARAMETER " ) ;
2004-05-03 18:54:47 +04:00
2006-07-07 06:03:04 +04:00
init_lsa_String ( & n2 , " xxNODOMAINxx " ) ;
2004-05-03 18:54:47 +04:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_LookupDomain_r ( b , tctx , & r ) ,
" LookupDomain failed " ) ;
torture_assert_ntstatus_equal ( tctx , NT_STATUS_NO_SUCH_DOMAIN , r . out . result , " LookupDomain expected NT_STATUS_NO_SUCH_DOMAIN " ) ;
2004-05-03 18:54:47 +04:00
2009-11-26 02:32:47 +03:00
r . in . connect_handle = & ctx - > handle ;
2006-07-07 06:03:04 +04:00
init_lsa_String ( & n1 , domain ) ;
r . in . domain_name = & n1 ;
2003-11-15 10:51:19 +03:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_LookupDomain_r ( b , tctx , & r ) ,
" LookupDomain failed " ) ;
torture_assert_ntstatus_ok ( tctx , r . out . result , " LookupDomain " ) ;
2003-11-15 10:51:19 +03:00
2007-12-03 17:53:28 +03:00
if ( ! test_GetDomPwInfo ( p , tctx , & n1 ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2004-04-21 10:23:29 +04:00
}
2009-11-26 02:32:47 +03:00
if ( ! test_OpenDomain ( p , tctx , ctx , * r . out . sid ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2003-11-15 11:06:39 +03:00
}
2004-04-21 10:23:29 +04:00
return ret ;
2003-11-15 10:51:19 +03:00
}
2003-11-15 09:00:21 +03:00
2007-12-03 17:53:28 +03:00
static bool test_EnumDomains ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2009-11-26 02:32:47 +03:00
struct torture_samr_context * ctx )
2003-11-15 09:00:21 +03:00
{
struct samr_EnumDomains r ;
2004-05-25 20:24:13 +04:00
uint32_t resume_handle = 0 ;
2008-11-07 04:57:58 +03:00
uint32_t num_entries = 0 ;
struct samr_SamArray * sam = NULL ;
2003-11-15 10:51:19 +03:00
int i ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2010-03-12 19:51:06 +03:00
struct dcerpc_binding_handle * b = p - > binding_handle ;
2003-11-15 09:00:21 +03:00
2009-11-26 02:32:47 +03:00
r . in . connect_handle = & ctx - > handle ;
2003-11-15 09:00:21 +03:00
r . in . resume_handle = & resume_handle ;
2004-05-25 20:24:13 +04:00
r . in . buf_size = ( uint32_t ) - 1 ;
2003-11-15 09:00:21 +03:00
r . out . resume_handle = & resume_handle ;
2008-11-07 04:57:58 +03:00
r . out . num_entries = & num_entries ;
r . out . sam = & sam ;
2003-11-15 09:00:21 +03:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_EnumDomains_r ( b , tctx , & r ) ,
" EnumDomains failed " ) ;
torture_assert_ntstatus_ok ( tctx , r . out . result , " EnumDomains failed " ) ;
2003-11-15 09:00:21 +03:00
2008-11-07 04:57:58 +03:00
if ( ! * r . out . sam ) {
2007-10-07 02:28:14 +04:00
return false ;
2003-11-15 11:06:39 +03:00
}
2008-11-07 04:57:58 +03:00
for ( i = 0 ; i < sam - > count ; i + + ) {
2009-11-26 02:32:47 +03:00
if ( ! test_LookupDomain ( p , tctx , ctx ,
sam - > entries [ i ] . name . string ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2003-11-15 10:51:19 +03:00
}
}
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_EnumDomains_r ( b , tctx , & r ) ,
" EnumDomains failed " ) ;
torture_assert_ntstatus_ok ( tctx , r . out . result , " EnumDomains failed " ) ;
2004-05-03 18:54:47 +04:00
2003-11-15 11:06:39 +03:00
return ret ;
2003-11-15 09:00:21 +03:00
}
2010-03-12 19:51:06 +03:00
static bool test_Connect ( struct dcerpc_binding_handle * b ,
struct torture_context * tctx ,
2003-11-15 09:00:21 +03:00
struct policy_handle * handle )
{
struct samr_Connect r ;
2003-11-24 00:51:24 +03:00
struct samr_Connect2 r2 ;
2004-04-21 10:23:29 +04:00
struct samr_Connect3 r3 ;
2003-11-15 10:51:19 +03:00
struct samr_Connect4 r4 ;
2003-12-19 06:59:27 +03:00
struct samr_Connect5 r5 ;
2004-04-26 07:52:44 +04:00
union samr_ConnectInfo info ;
2004-09-28 09:44:59 +04:00
struct policy_handle h ;
2008-11-05 03:51:51 +03:00
uint32_t level_out = 0 ;
2007-10-07 02:28:14 +04:00
bool ret = true , got_handle = false ;
2003-11-15 09:00:21 +03:00
2010-04-11 03:39:06 +04:00
torture_comment ( tctx , " Testing samr_Connect \n " ) ;
2004-04-21 10:23:29 +04:00
2011-11-14 00:33:09 +04:00
r . in . system_name = NULL ;
2004-12-02 07:37:36 +03:00
r . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
2004-09-28 09:44:59 +04:00
r . out . connect_handle = & h ;
2003-11-15 09:00:21 +03:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_Connect_r ( b , tctx , & r ) ,
" Connect failed " ) ;
if ( ! NT_STATUS_IS_OK ( r . out . result ) ) {
torture_comment ( tctx , " Connect failed - %s \n " , nt_errstr ( r . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2004-09-28 09:44:59 +04:00
} else {
2007-10-07 02:28:14 +04:00
got_handle = true ;
2004-09-28 09:44:59 +04:00
* handle = h ;
2003-11-24 00:51:24 +03:00
}
2010-04-11 03:39:06 +04:00
torture_comment ( tctx , " Testing samr_Connect2 \n " ) ;
2004-04-21 10:23:29 +04:00
2004-04-26 07:52:44 +04:00
r2 . in . system_name = NULL ;
2004-12-02 07:37:36 +03:00
r2 . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
2004-09-28 09:44:59 +04:00
r2 . out . connect_handle = & h ;
2003-11-24 00:51:24 +03:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_Connect2_r ( b , tctx , & r2 ) ,
" Connect2 failed " ) ;
if ( ! NT_STATUS_IS_OK ( r2 . out . result ) ) {
torture_comment ( tctx , " Connect2 failed - %s \n " , nt_errstr ( r2 . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2004-09-28 09:44:59 +04:00
} else {
if ( got_handle ) {
2010-03-12 19:51:06 +03:00
test_samr_handle_Close ( b , tctx , handle ) ;
2004-09-28 09:44:59 +04:00
}
2007-10-07 02:28:14 +04:00
got_handle = true ;
2004-09-28 09:44:59 +04:00
* handle = h ;
2003-11-15 09:00:21 +03:00
}
2010-04-11 03:39:06 +04:00
torture_comment ( tctx , " Testing samr_Connect3 \n " ) ;
2004-04-21 10:23:29 +04:00
2004-04-26 07:52:44 +04:00
r3 . in . system_name = NULL ;
2004-04-21 10:23:29 +04:00
r3 . in . unknown = 0 ;
2004-12-02 07:37:36 +03:00
r3 . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
2004-09-28 09:44:59 +04:00
r3 . out . connect_handle = & h ;
2004-04-21 10:23:29 +04:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_Connect3_r ( b , tctx , & r3 ) ,
" Connect3 failed " ) ;
if ( ! NT_STATUS_IS_OK ( r3 . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " Connect3 failed - %s \n " , nt_errstr ( r3 . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2004-09-28 09:44:59 +04:00
} else {
if ( got_handle ) {
2010-03-12 19:51:06 +03:00
test_samr_handle_Close ( b , tctx , handle ) ;
2004-09-28 09:44:59 +04:00
}
2007-10-07 02:28:14 +04:00
got_handle = true ;
2004-09-28 09:44:59 +04:00
* handle = h ;
2004-04-21 10:23:29 +04:00
}
2010-04-11 03:39:06 +04:00
torture_comment ( tctx , " Testing samr_Connect4 \n " ) ;
2004-04-21 10:23:29 +04:00
2003-11-15 14:39:47 +03:00
r4 . in . system_name = " " ;
2008-10-15 19:42:33 +04:00
r4 . in . client_version = 0 ;
2004-12-02 07:37:36 +03:00
r4 . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
2004-09-28 09:44:59 +04:00
r4 . out . connect_handle = & h ;
2003-11-15 10:51:19 +03:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_Connect4_r ( b , tctx , & r4 ) ,
" Connect4 failed " ) ;
if ( ! NT_STATUS_IS_OK ( r4 . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " Connect4 failed - %s \n " , nt_errstr ( r4 . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2004-09-28 09:44:59 +04:00
} else {
if ( got_handle ) {
2010-03-12 19:51:06 +03:00
test_samr_handle_Close ( b , tctx , handle ) ;
2004-09-28 09:44:59 +04:00
}
2007-10-07 02:28:14 +04:00
got_handle = true ;
2004-09-28 09:44:59 +04:00
* handle = h ;
2003-11-15 10:51:19 +03:00
}
2010-04-11 03:39:06 +04:00
torture_comment ( tctx , " Testing samr_Connect5 \n " ) ;
2004-04-21 10:23:29 +04:00
2008-10-15 19:42:33 +04:00
info . info1 . client_version = 0 ;
2004-04-26 07:52:44 +04:00
info . info1 . unknown2 = 0 ;
2003-12-19 06:59:27 +03:00
r5 . in . system_name = " " ;
2004-12-02 07:37:36 +03:00
r5 . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
2008-11-05 03:51:51 +03:00
r5 . in . level_in = 1 ;
r5 . out . level_out = & level_out ;
r5 . in . info_in = & info ;
r5 . out . info_out = & info ;
2004-09-28 09:44:59 +04:00
r5 . out . connect_handle = & h ;
2003-12-19 06:59:27 +03:00
2010-03-19 02:38:04 +03:00
torture_assert_ntstatus_ok ( tctx , dcerpc_samr_Connect5_r ( b , tctx , & r5 ) ,
" Connect5 failed " ) ;
if ( ! NT_STATUS_IS_OK ( r5 . out . result ) ) {
2013-10-30 05:16:03 +04:00
torture_result ( tctx , TORTURE_FAIL , " Connect5 failed - %s \n " , nt_errstr ( r5 . out . result ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2004-09-28 09:44:59 +04:00
} else {
if ( got_handle ) {
2010-03-12 19:51:06 +03:00
test_samr_handle_Close ( b , tctx , handle ) ;
2004-09-28 09:44:59 +04:00
}
2007-10-07 02:28:14 +04:00
got_handle = true ;
2004-09-28 09:44:59 +04:00
* handle = h ;
2003-12-19 06:59:27 +03:00
}
2003-11-24 00:51:24 +03:00
return ret ;
2003-11-15 09:00:21 +03:00
}
2012-12-11 12:25:53 +04:00
static bool test_samr_ValidatePassword ( struct torture_context * tctx ,
struct dcerpc_pipe * p )
2009-10-02 10:03:02 +04:00
{
struct samr_ValidatePassword r ;
union samr_ValidatePasswordReq req ;
union samr_ValidatePasswordRep * repp = NULL ;
NTSTATUS status ;
const char * passwords [ ] = { " penguin " , " p@ssw0rd " , " p@ssw0rd123$ " , NULL } ;
int i ;
2010-03-12 19:51:06 +03:00
struct dcerpc_binding_handle * b = p - > binding_handle ;
2009-10-02 10:03:02 +04:00
2010-04-11 03:39:06 +04:00
torture_comment ( tctx , " Testing samr_ValidatePassword \n " ) ;
2009-11-05 14:37:16 +03:00
2012-12-11 12:25:53 +04:00
if ( p - > conn - > transport . transport ! = NCACN_IP_TCP ) {
torture_comment ( tctx , " samr_ValidatePassword only should succeed over NCACN_IP_TCP! \n " ) ;
}
2009-10-02 10:03:02 +04:00
ZERO_STRUCT ( r ) ;
r . in . level = NetValidatePasswordReset ;
r . in . req = & req ;
r . out . rep = & repp ;
2009-11-09 19:40:28 +03:00
2009-10-02 10:03:02 +04:00
ZERO_STRUCT ( req ) ;
2012-06-11 19:58:02 +04:00
req . req3 . account . string = " non-existent-account-aklsdji " ;
2009-10-02 10:03:02 +04:00
for ( i = 0 ; passwords [ i ] ; i + + ) {
req . req3 . password . string = passwords [ i ] ;
2010-05-25 13:21:46 +04:00
status = dcerpc_samr_ValidatePassword_r ( b , tctx , & r ) ;
2010-04-12 16:13:27 +04:00
if ( NT_STATUS_EQUAL ( status , NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE ) ) {
2009-12-09 13:21:08 +03:00
torture_skip ( tctx , " ValidatePassword not supported by server \n " ) ;
}
2010-05-25 13:21:46 +04:00
torture_assert_ntstatus_ok ( tctx , status ,
" samr_ValidatePassword failed " ) ;
torture_assert_ntstatus_ok ( tctx , r . out . result ,
" samr_ValidatePassword failed " ) ;
2009-11-06 14:32:47 +03:00
torture_comment ( tctx , " Server %s password '%s' with code %i \n " ,
2009-10-02 10:03:02 +04:00
repp - > ctr3 . status = = SAMR_VALIDATION_STATUS_SUCCESS ? " allowed " : " refused " ,
2009-11-06 14:32:47 +03:00
req . req3 . password . string , repp - > ctr3 . status ) ;
2009-10-02 10:03:02 +04:00
}
2009-11-09 19:40:28 +03:00
return true ;
2009-10-02 10:03:02 +04:00
}
2007-10-07 02:28:14 +04:00
bool torture_rpc_samr ( struct torture_context * torture )
2003-11-15 09:00:21 +03:00
{
2006-07-07 06:03:04 +04:00
NTSTATUS status ;
struct dcerpc_pipe * p ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2009-11-26 02:32:47 +03:00
struct torture_samr_context * ctx ;
2010-03-12 19:51:06 +03:00
struct dcerpc_binding_handle * b ;
2003-11-15 09:00:21 +03:00
2007-08-20 01:23:03 +04:00
status = torture_rpc_connection ( torture , & p , & ndr_table_samr ) ;
2003-11-15 09:00:21 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2007-10-07 02:28:14 +04:00
return false ;
2003-11-15 09:00:21 +03:00
}
2010-03-12 19:51:06 +03:00
b = p - > binding_handle ;
2003-11-18 04:18:24 +03:00
2009-11-26 02:32:47 +03:00
ctx = talloc_zero ( torture , struct torture_samr_context ) ;
ctx - > choice = TORTURE_SAMR_OTHER ;
2010-03-12 19:51:06 +03:00
ret & = test_Connect ( b , torture , & ctx - > handle ) ;
2003-11-15 09:00:21 +03:00
2009-05-12 01:46:45 +04:00
if ( ! torture_setting_bool ( torture , " samba3 " , false ) ) {
2010-03-12 19:51:06 +03:00
ret & = test_QuerySecurity ( b , torture , & ctx - > handle ) ;
2009-05-12 01:46:45 +04:00
}
2003-11-15 09:00:21 +03:00
2009-11-26 02:32:47 +03:00
ret & = test_EnumDomains ( p , torture , ctx ) ;
2004-04-23 09:40:18 +04:00
2010-03-12 19:51:06 +03:00
ret & = test_SetDsrmPassword ( b , torture , & ctx - > handle ) ;
2004-04-23 09:40:18 +04:00
2010-03-12 19:51:06 +03:00
ret & = test_Shutdown ( b , torture , & ctx - > handle ) ;
2003-11-15 23:47:59 +03:00
2010-03-12 19:51:06 +03:00
ret & = test_samr_handle_Close ( b , torture , & ctx - > handle ) ;
2003-11-22 11:11:32 +03:00
2003-11-15 09:00:21 +03:00
return ret ;
}
2004-04-26 07:07:46 +04:00
2006-07-07 06:03:04 +04:00
2007-10-07 02:28:14 +04:00
bool torture_rpc_samr_users ( struct torture_context * torture )
2006-07-07 06:03:04 +04:00
{
NTSTATUS status ;
struct dcerpc_pipe * p ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2009-11-26 02:32:47 +03:00
struct torture_samr_context * ctx ;
2010-03-12 19:51:06 +03:00
struct dcerpc_binding_handle * b ;
2006-07-07 06:03:04 +04:00
2007-08-20 01:23:03 +04:00
status = torture_rpc_connection ( torture , & p , & ndr_table_samr ) ;
2006-07-07 06:03:04 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2007-10-07 02:28:14 +04:00
return false ;
2006-07-07 06:03:04 +04:00
}
2010-03-12 19:51:06 +03:00
b = p - > binding_handle ;
2006-07-07 06:03:04 +04:00
2009-11-26 02:32:47 +03:00
ctx = talloc_zero ( torture , struct torture_samr_context ) ;
ctx - > choice = TORTURE_SAMR_USER_ATTRIBUTES ;
2010-03-12 19:51:06 +03:00
ret & = test_Connect ( b , torture , & ctx - > handle ) ;
2006-07-07 06:03:04 +04:00
2009-05-09 02:46:17 +04:00
if ( ! torture_setting_bool ( torture , " samba3 " , false ) ) {
2010-03-12 19:51:06 +03:00
ret & = test_QuerySecurity ( b , torture , & ctx - > handle ) ;
2009-05-09 02:46:17 +04:00
}
2006-07-07 06:03:04 +04:00
2009-11-26 02:32:47 +03:00
ret & = test_EnumDomains ( p , torture , ctx ) ;
2006-07-07 06:03:04 +04:00
2010-03-12 19:51:06 +03:00
ret & = test_SetDsrmPassword ( b , torture , & ctx - > handle ) ;
2006-07-07 06:03:04 +04:00
2010-03-12 19:51:06 +03:00
ret & = test_Shutdown ( b , torture , & ctx - > handle ) ;
2006-07-07 06:03:04 +04:00
2010-03-12 19:51:06 +03:00
ret & = test_samr_handle_Close ( b , torture , & ctx - > handle ) ;
2006-07-07 06:03:04 +04:00
return ret ;
}
2007-10-07 02:28:14 +04:00
bool torture_rpc_samr_passwords ( struct torture_context * torture )
2006-07-07 06:03:04 +04:00
{
NTSTATUS status ;
struct dcerpc_pipe * p ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2009-11-26 02:32:47 +03:00
struct torture_samr_context * ctx ;
2010-03-12 19:51:06 +03:00
struct dcerpc_binding_handle * b ;
2006-07-07 06:03:04 +04:00
2007-08-20 01:23:03 +04:00
status = torture_rpc_connection ( torture , & p , & ndr_table_samr ) ;
2006-07-07 06:03:04 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2007-10-07 02:28:14 +04:00
return false ;
2006-07-07 06:03:04 +04:00
}
2010-03-12 19:51:06 +03:00
b = p - > binding_handle ;
2006-07-07 06:03:04 +04:00
2009-11-26 02:32:47 +03:00
ctx = talloc_zero ( torture , struct torture_samr_context ) ;
ctx - > choice = TORTURE_SAMR_PASSWORDS ;
2010-03-12 19:51:06 +03:00
ret & = test_Connect ( b , torture , & ctx - > handle ) ;
2006-07-07 06:03:04 +04:00
2009-11-26 02:32:47 +03:00
ret & = test_EnumDomains ( p , torture , ctx ) ;
2006-07-07 06:03:04 +04:00
2010-03-12 19:51:06 +03:00
ret & = test_samr_handle_Close ( b , torture , & ctx - > handle ) ;
2006-07-07 06:03:04 +04:00
return ret ;
}
2008-12-08 15:10:56 +03:00
static bool torture_rpc_samr_pwdlastset ( struct torture_context * torture ,
struct dcerpc_pipe * p2 ,
struct cli_credentials * machine_credentials )
2008-11-27 14:09:39 +03:00
{
NTSTATUS status ;
struct dcerpc_pipe * p ;
bool ret = true ;
2009-11-26 02:32:47 +03:00
struct torture_samr_context * ctx ;
2010-03-12 19:51:06 +03:00
struct dcerpc_binding_handle * b ;
2008-11-27 14:09:39 +03:00
status = torture_rpc_connection ( torture , & p , & ndr_table_samr ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return false ;
}
2010-03-12 19:51:06 +03:00
b = p - > binding_handle ;
2008-11-27 14:09:39 +03:00
2009-11-26 02:32:47 +03:00
ctx = talloc_zero ( torture , struct torture_samr_context ) ;
ctx - > choice = TORTURE_SAMR_PASSWORDS_PWDLASTSET ;
ctx - > machine_credentials = machine_credentials ;
2008-11-27 14:09:39 +03:00
2010-03-12 19:51:06 +03:00
ret & = test_Connect ( b , torture , & ctx - > handle ) ;
2008-11-27 14:09:39 +03:00
2009-11-26 02:32:47 +03:00
ret & = test_EnumDomains ( p , torture , ctx ) ;
2010-03-12 19:51:06 +03:00
ret & = test_samr_handle_Close ( b , torture , & ctx - > handle ) ;
2008-11-27 14:09:39 +03:00
return ret ;
}
2009-05-19 04:01:27 +04:00
struct torture_suite * torture_rpc_samr_passwords_pwdlastset ( TALLOC_CTX * mem_ctx )
2008-12-08 15:10:56 +03:00
{
2010-12-11 05:26:31 +03:00
struct torture_suite * suite = torture_suite_create ( mem_ctx , " samr.passwords.pwdlastset " ) ;
2008-12-08 15:10:56 +03:00
struct torture_rpc_tcase * tcase ;
2009-06-26 18:51:53 +04:00
tcase = torture_suite_add_machine_bdc_rpc_iface_tcase ( suite , " samr " ,
2008-12-08 15:10:56 +03:00
& ndr_table_samr ,
TEST_ACCOUNT_NAME_PWD ) ;
torture_rpc_tcase_add_test_creds ( tcase , " pwdLastSet " ,
torture_rpc_samr_pwdlastset ) ;
return suite ;
}
2009-05-18 21:37:13 +04:00
static bool torture_rpc_samr_users_privileges_delete_user ( struct torture_context * torture ,
struct dcerpc_pipe * p2 ,
struct cli_credentials * machine_credentials )
{
NTSTATUS status ;
struct dcerpc_pipe * p ;
bool ret = true ;
2009-11-26 02:32:47 +03:00
struct torture_samr_context * ctx ;
2010-03-12 19:51:06 +03:00
struct dcerpc_binding_handle * b ;
2009-05-18 21:37:13 +04:00
status = torture_rpc_connection ( torture , & p , & ndr_table_samr ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return false ;
}
2010-03-12 19:51:06 +03:00
b = p - > binding_handle ;
2009-05-18 21:37:13 +04:00
2009-11-26 02:32:47 +03:00
ctx = talloc_zero ( torture , struct torture_samr_context ) ;
ctx - > choice = TORTURE_SAMR_USER_PRIVILEGES ;
ctx - > machine_credentials = machine_credentials ;
2010-03-12 19:51:06 +03:00
ret & = test_Connect ( b , torture , & ctx - > handle ) ;
2009-05-18 21:37:13 +04:00
2009-11-26 02:32:47 +03:00
ret & = test_EnumDomains ( p , torture , ctx ) ;
2009-05-18 21:37:13 +04:00
2010-03-12 19:51:06 +03:00
ret & = test_samr_handle_Close ( b , torture , & ctx - > handle ) ;
2009-05-18 21:37:13 +04:00
return ret ;
}
struct torture_suite * torture_rpc_samr_user_privileges ( TALLOC_CTX * mem_ctx )
{
2010-12-11 05:26:31 +03:00
struct torture_suite * suite = torture_suite_create ( mem_ctx , " samr.users.privileges " ) ;
2009-05-18 21:37:13 +04:00
struct torture_rpc_tcase * tcase ;
2009-06-26 18:51:53 +04:00
tcase = torture_suite_add_machine_bdc_rpc_iface_tcase ( suite , " samr " ,
2009-05-18 21:37:13 +04:00
& ndr_table_samr ,
TEST_ACCOUNT_NAME_PWD ) ;
torture_rpc_tcase_add_test_creds ( tcase , " delete_privileged_user " ,
torture_rpc_samr_users_privileges_delete_user ) ;
return suite ;
}
2009-05-25 15:08:58 +04:00
static bool torture_rpc_samr_many_accounts ( struct torture_context * torture ,
struct dcerpc_pipe * p2 ,
2009-11-26 03:25:56 +03:00
void * data )
2009-05-25 15:08:58 +04:00
{
NTSTATUS status ;
struct dcerpc_pipe * p ;
bool ret = true ;
2009-11-26 03:25:56 +03:00
struct torture_samr_context * ctx =
talloc_get_type_abort ( data , struct torture_samr_context ) ;
2010-03-12 19:51:06 +03:00
struct dcerpc_binding_handle * b ;
2009-05-25 15:08:58 +04:00
status = torture_rpc_connection ( torture , & p , & ndr_table_samr ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return false ;
}
2010-03-12 19:51:06 +03:00
b = p - > binding_handle ;
2009-05-25 15:08:58 +04:00
2009-11-26 02:32:47 +03:00
ctx - > choice = TORTURE_SAMR_MANY_ACCOUNTS ;
2009-11-26 03:25:56 +03:00
ctx - > num_objects_large_dc = torture_setting_int ( torture , " large_dc " ,
ctx - > num_objects_large_dc ) ;
2009-11-26 02:32:47 +03:00
2010-03-12 19:51:06 +03:00
ret & = test_Connect ( b , torture , & ctx - > handle ) ;
2009-05-25 15:08:58 +04:00
2009-11-26 02:32:47 +03:00
ret & = test_EnumDomains ( p , torture , ctx ) ;
2009-05-25 15:08:58 +04:00
2010-03-12 19:51:06 +03:00
ret & = test_samr_handle_Close ( b , torture , & ctx - > handle ) ;
2009-05-25 15:08:58 +04:00
return ret ;
}
static bool torture_rpc_samr_many_groups ( struct torture_context * torture ,
struct dcerpc_pipe * p2 ,
2009-11-26 03:25:56 +03:00
void * data )
2009-05-25 15:08:58 +04:00
{
NTSTATUS status ;
struct dcerpc_pipe * p ;
bool ret = true ;
2009-11-26 03:25:56 +03:00
struct torture_samr_context * ctx =
talloc_get_type_abort ( data , struct torture_samr_context ) ;
2010-03-12 19:51:06 +03:00
struct dcerpc_binding_handle * b ;
2009-05-25 15:08:58 +04:00
status = torture_rpc_connection ( torture , & p , & ndr_table_samr ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return false ;
}
2010-03-12 19:51:06 +03:00
b = p - > binding_handle ;
2009-05-25 15:08:58 +04:00
2009-11-26 02:32:47 +03:00
ctx - > choice = TORTURE_SAMR_MANY_GROUPS ;
2009-11-26 03:25:56 +03:00
ctx - > num_objects_large_dc = torture_setting_int ( torture , " large_dc " ,
ctx - > num_objects_large_dc ) ;
2009-05-25 15:08:58 +04:00
2010-03-12 19:51:06 +03:00
ret & = test_Connect ( b , torture , & ctx - > handle ) ;
2009-05-25 15:08:58 +04:00
2009-11-26 02:32:47 +03:00
ret & = test_EnumDomains ( p , torture , ctx ) ;
2010-03-12 19:51:06 +03:00
ret & = test_samr_handle_Close ( b , torture , & ctx - > handle ) ;
2009-05-25 15:08:58 +04:00
return ret ;
}
static bool torture_rpc_samr_many_aliases ( struct torture_context * torture ,
struct dcerpc_pipe * p2 ,
2009-11-26 03:25:56 +03:00
void * data )
2009-05-25 15:08:58 +04:00
{
NTSTATUS status ;
struct dcerpc_pipe * p ;
bool ret = true ;
2009-11-26 03:25:56 +03:00
struct torture_samr_context * ctx =
talloc_get_type_abort ( data , struct torture_samr_context ) ;
2010-03-12 19:51:06 +03:00
struct dcerpc_binding_handle * b ;
2009-05-25 15:08:58 +04:00
status = torture_rpc_connection ( torture , & p , & ndr_table_samr ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return false ;
}
2010-03-12 19:51:06 +03:00
b = p - > binding_handle ;
2009-05-25 15:08:58 +04:00
2009-11-26 02:32:47 +03:00
ctx - > choice = TORTURE_SAMR_MANY_ALIASES ;
2009-11-26 03:25:56 +03:00
ctx - > num_objects_large_dc = torture_setting_int ( torture , " large_dc " ,
ctx - > num_objects_large_dc ) ;
2009-11-26 02:32:47 +03:00
2010-03-12 19:51:06 +03:00
ret & = test_Connect ( b , torture , & ctx - > handle ) ;
2009-05-25 15:08:58 +04:00
2009-11-26 02:32:47 +03:00
ret & = test_EnumDomains ( p , torture , ctx ) ;
2009-05-25 15:08:58 +04:00
2010-03-12 19:51:06 +03:00
ret & = test_samr_handle_Close ( b , torture , & ctx - > handle ) ;
2009-05-25 15:08:58 +04:00
return ret ;
}
struct torture_suite * torture_rpc_samr_large_dc ( TALLOC_CTX * mem_ctx )
{
2010-12-11 05:26:31 +03:00
struct torture_suite * suite = torture_suite_create ( mem_ctx , " samr.large-dc " ) ;
2009-05-25 15:08:58 +04:00
struct torture_rpc_tcase * tcase ;
2009-11-26 03:25:56 +03:00
struct torture_samr_context * ctx ;
2009-05-25 15:08:58 +04:00
2009-11-26 03:25:56 +03:00
tcase = torture_suite_add_rpc_iface_tcase ( suite , " samr " , & ndr_table_samr ) ;
ctx = talloc_zero ( suite , struct torture_samr_context ) ;
ctx - > num_objects_large_dc = 150 ;
2009-05-25 15:08:58 +04:00
2009-11-26 03:25:56 +03:00
torture_rpc_tcase_add_test_ex ( tcase , " many_aliases " ,
torture_rpc_samr_many_aliases , ctx ) ;
torture_rpc_tcase_add_test_ex ( tcase , " many_groups " ,
torture_rpc_samr_many_groups , ctx ) ;
torture_rpc_tcase_add_test_ex ( tcase , " many_accounts " ,
torture_rpc_samr_many_accounts , ctx ) ;
2009-05-25 15:08:58 +04:00
return suite ;
}
2010-01-11 23:18:51 +03:00
static bool torture_rpc_samr_badpwdcount ( struct torture_context * torture ,
struct dcerpc_pipe * p2 ,
struct cli_credentials * machine_credentials )
{
NTSTATUS status ;
struct dcerpc_pipe * p ;
bool ret = true ;
struct torture_samr_context * ctx ;
2010-03-12 19:51:06 +03:00
struct dcerpc_binding_handle * b ;
2010-01-11 23:18:51 +03:00
status = torture_rpc_connection ( torture , & p , & ndr_table_samr ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return false ;
}
2010-03-12 19:51:06 +03:00
b = p - > binding_handle ;
2010-01-11 23:18:51 +03:00
ctx = talloc_zero ( torture , struct torture_samr_context ) ;
ctx - > choice = TORTURE_SAMR_PASSWORDS_BADPWDCOUNT ;
ctx - > machine_credentials = machine_credentials ;
2010-03-12 19:51:06 +03:00
ret & = test_Connect ( b , torture , & ctx - > handle ) ;
2010-01-11 23:18:51 +03:00
ret & = test_EnumDomains ( p , torture , ctx ) ;
2010-03-12 19:51:06 +03:00
ret & = test_samr_handle_Close ( b , torture , & ctx - > handle ) ;
2010-01-11 23:18:51 +03:00
return ret ;
}
struct torture_suite * torture_rpc_samr_passwords_badpwdcount ( TALLOC_CTX * mem_ctx )
{
2010-12-11 05:26:31 +03:00
struct torture_suite * suite = torture_suite_create ( mem_ctx , " samr.passwords.badpwdcount " ) ;
2010-01-11 23:18:51 +03:00
struct torture_rpc_tcase * tcase ;
tcase = torture_suite_add_machine_bdc_rpc_iface_tcase ( suite , " samr " ,
& ndr_table_samr ,
TEST_ACCOUNT_NAME_PWD ) ;
torture_rpc_tcase_add_test_creds ( tcase , " badPwdCount " ,
torture_rpc_samr_badpwdcount ) ;
return suite ;
}
2010-01-15 20:08:57 +03:00
static bool torture_rpc_samr_lockout ( struct torture_context * torture ,
struct dcerpc_pipe * p2 ,
struct cli_credentials * machine_credentials )
{
NTSTATUS status ;
struct dcerpc_pipe * p ;
bool ret = true ;
struct torture_samr_context * ctx ;
2010-03-12 19:51:06 +03:00
struct dcerpc_binding_handle * b ;
2010-01-15 20:08:57 +03:00
status = torture_rpc_connection ( torture , & p , & ndr_table_samr ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return false ;
}
2010-03-12 19:51:06 +03:00
b = p - > binding_handle ;
2010-01-15 20:08:57 +03:00
ctx = talloc_zero ( torture , struct torture_samr_context ) ;
ctx - > choice = TORTURE_SAMR_PASSWORDS_LOCKOUT ;
ctx - > machine_credentials = machine_credentials ;
2010-03-12 19:51:06 +03:00
ret & = test_Connect ( b , torture , & ctx - > handle ) ;
2010-01-15 20:08:57 +03:00
ret & = test_EnumDomains ( p , torture , ctx ) ;
2010-03-12 19:51:06 +03:00
ret & = test_samr_handle_Close ( b , torture , & ctx - > handle ) ;
2010-01-15 20:08:57 +03:00
return ret ;
}
struct torture_suite * torture_rpc_samr_passwords_lockout ( TALLOC_CTX * mem_ctx )
{
2010-12-11 05:26:31 +03:00
struct torture_suite * suite = torture_suite_create ( mem_ctx , " samr.passwords.lockout " ) ;
2010-01-15 20:08:57 +03:00
struct torture_rpc_tcase * tcase ;
tcase = torture_suite_add_machine_bdc_rpc_iface_tcase ( suite , " samr " ,
& ndr_table_samr ,
TEST_ACCOUNT_NAME_PWD ) ;
torture_rpc_tcase_add_test_creds ( tcase , " lockout " ,
torture_rpc_samr_lockout ) ;
return suite ;
}
2012-12-11 12:25:53 +04:00
struct torture_suite * torture_rpc_samr_passwords_validate ( TALLOC_CTX * mem_ctx )
{
struct torture_suite * suite = torture_suite_create ( mem_ctx , " samr.passwords.validate " ) ;
struct torture_rpc_tcase * tcase ;
tcase = torture_suite_add_rpc_iface_tcase ( suite , " samr " ,
& ndr_table_samr ) ;
torture_rpc_tcase_add_test ( tcase , " validate " ,
test_samr_ValidatePassword ) ;
2010-01-15 20:08:57 +03:00
2012-12-11 12:25:53 +04:00
return suite ;
}
