mirror of
https://github.com/samba-team/samba.git
synced 2025-01-20 14:03:59 +03:00
e7f36ff1a5
generate a separate *_send() async function for every RPC call, and there is a single dcerpc_ndr_request_recv() call that processes the receive side of any rpc call. The caller can use dcerpc_event_context() to get a pointer to the event context for the pipe so that events can be waited for asynchronously. The only part that remains synchronous is the initial bind calls. These could also be made async if necessary, although I suspect most applications won't need them to be. (This used to be commit f5d004d8eb8c76c03342cace1976b27266cfa1f0)
282 lines
6.8 KiB
C
282 lines
6.8 KiB
C
/*
|
|
Unix SMB/CIFS implementation.
|
|
|
|
utility code to join/leave a domain
|
|
|
|
Copyright (C) Andrew Tridgell 2004
|
|
|
|
This program is free software; you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation; either version 2 of the License, or
|
|
(at your option) any later version.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program; if not, write to the Free Software
|
|
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
|
*/
|
|
|
|
/*
|
|
this code is used by other torture modules to join/leave a domain
|
|
as either a member, bdc or thru a trust relationship
|
|
*/
|
|
|
|
#include "includes.h"
|
|
|
|
struct test_join {
|
|
TALLOC_CTX *mem_ctx;
|
|
struct dcerpc_pipe *p;
|
|
const char *machine_password;
|
|
struct policy_handle acct_handle;
|
|
};
|
|
|
|
|
|
static NTSTATUS DeleteUser_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
|
|
struct policy_handle *handle, const char *name)
|
|
{
|
|
NTSTATUS status;
|
|
struct samr_DeleteUser d;
|
|
struct policy_handle acct_handle;
|
|
uint32_t rid;
|
|
struct samr_LookupNames n;
|
|
struct samr_Name sname;
|
|
struct samr_OpenUser r;
|
|
|
|
sname.name = name;
|
|
|
|
n.in.handle = handle;
|
|
n.in.num_names = 1;
|
|
n.in.names = &sname;
|
|
|
|
status = dcerpc_samr_LookupNames(p, mem_ctx, &n);
|
|
if (NT_STATUS_IS_OK(status)) {
|
|
rid = n.out.rids.ids[0];
|
|
} else {
|
|
return status;
|
|
}
|
|
|
|
r.in.handle = handle;
|
|
r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
|
|
r.in.rid = rid;
|
|
r.out.acct_handle = &acct_handle;
|
|
|
|
status = dcerpc_samr_OpenUser(p, mem_ctx, &r);
|
|
if (!NT_STATUS_IS_OK(status)) {
|
|
printf("OpenUser(%s) failed - %s\n", name, nt_errstr(status));
|
|
return status;
|
|
}
|
|
|
|
d.in.handle = &acct_handle;
|
|
d.out.handle = &acct_handle;
|
|
status = dcerpc_samr_DeleteUser(p, mem_ctx, &d);
|
|
if (!NT_STATUS_IS_OK(status)) {
|
|
return status;
|
|
}
|
|
|
|
return NT_STATUS_OK;
|
|
}
|
|
|
|
/*
|
|
join the domain as a test machine
|
|
an opaque pointer is returned. Pass it to torture_leave_domain()
|
|
when finished
|
|
*/
|
|
void *torture_join_domain(const char *machine_name,
|
|
const char *domain,
|
|
uint16 acct_flags,
|
|
const char **machine_password)
|
|
{
|
|
NTSTATUS status;
|
|
struct samr_Connect c;
|
|
struct samr_CreateUser2 r;
|
|
struct samr_OpenDomain o;
|
|
struct samr_LookupDomain l;
|
|
struct samr_GetUserPwInfo pwp;
|
|
struct samr_SetUserInfo s;
|
|
union samr_UserInfo u;
|
|
struct policy_handle handle;
|
|
struct policy_handle domain_handle;
|
|
uint32_t access_granted;
|
|
uint32_t rid;
|
|
DATA_BLOB session_key;
|
|
struct samr_Name name;
|
|
int policy_min_pw_len = 0;
|
|
struct test_join *join;
|
|
TALLOC_CTX *mem_ctx;
|
|
|
|
mem_ctx = talloc_init("torture_join_domain");
|
|
if (!mem_ctx) {
|
|
return NULL;
|
|
}
|
|
|
|
join = talloc_p(mem_ctx, struct test_join);
|
|
if (join == NULL) {
|
|
talloc_destroy(mem_ctx);
|
|
return NULL;
|
|
}
|
|
|
|
ZERO_STRUCTP(join);
|
|
|
|
join->mem_ctx = mem_ctx;
|
|
|
|
printf("Connecting to SAMR\n");
|
|
|
|
status = torture_rpc_connection(&join->p,
|
|
DCERPC_SAMR_NAME,
|
|
DCERPC_SAMR_UUID,
|
|
DCERPC_SAMR_VERSION);
|
|
if (!NT_STATUS_IS_OK(status)) {
|
|
goto failed;
|
|
}
|
|
|
|
c.in.system_name = NULL;
|
|
c.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
|
|
c.out.handle = &handle;
|
|
|
|
status = dcerpc_samr_Connect(join->p, mem_ctx, &c);
|
|
if (!NT_STATUS_IS_OK(status)) {
|
|
const char *errstr = nt_errstr(status);
|
|
if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
|
|
errstr = dcerpc_errstr(mem_ctx, join->p->last_fault_code);
|
|
}
|
|
printf("samr_Connect failed - %s\n", errstr);
|
|
goto failed;
|
|
}
|
|
|
|
printf("Opening domain %s\n", domain);
|
|
|
|
name.name = domain;
|
|
l.in.handle = &handle;
|
|
l.in.domain = &name;
|
|
|
|
status = dcerpc_samr_LookupDomain(join->p, mem_ctx, &l);
|
|
if (!NT_STATUS_IS_OK(status)) {
|
|
printf("LookupDomain failed - %s\n", nt_errstr(status));
|
|
goto failed;
|
|
}
|
|
|
|
o.in.handle = &handle;
|
|
o.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
|
|
o.in.sid = l.out.sid;
|
|
o.out.domain_handle = &domain_handle;
|
|
|
|
status = dcerpc_samr_OpenDomain(join->p, mem_ctx, &o);
|
|
if (!NT_STATUS_IS_OK(status)) {
|
|
printf("OpenDomain failed - %s\n", nt_errstr(status));
|
|
goto failed;
|
|
}
|
|
|
|
printf("Creating machine account %s\n", machine_name);
|
|
|
|
again:
|
|
name.name = talloc_asprintf(mem_ctx, "%s$", machine_name);
|
|
r.in.handle = &domain_handle;
|
|
r.in.account_name = &name;
|
|
r.in.acct_flags = acct_flags;
|
|
r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
|
|
r.out.acct_handle = &join->acct_handle;
|
|
r.out.access_granted = &access_granted;
|
|
r.out.rid = &rid;
|
|
|
|
status = dcerpc_samr_CreateUser2(join->p, mem_ctx, &r);
|
|
|
|
if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
|
|
status = DeleteUser_byname(join->p, mem_ctx, &domain_handle, name.name);
|
|
if (NT_STATUS_IS_OK(status)) {
|
|
goto again;
|
|
}
|
|
}
|
|
|
|
if (!NT_STATUS_IS_OK(status)) {
|
|
printf("CreateUser2 failed - %s\n", nt_errstr(status));
|
|
goto failed;
|
|
}
|
|
|
|
pwp.in.handle = &join->acct_handle;
|
|
|
|
status = dcerpc_samr_GetUserPwInfo(join->p, mem_ctx, &pwp);
|
|
if (NT_STATUS_IS_OK(status)) {
|
|
policy_min_pw_len = pwp.out.info.min_password_len;
|
|
}
|
|
|
|
join->machine_password = generate_random_str(mem_ctx, MAX(8, policy_min_pw_len));
|
|
|
|
printf("Setting machine account password '%s'\n", join->machine_password);
|
|
|
|
s.in.handle = &join->acct_handle;
|
|
s.in.info = &u;
|
|
s.in.level = 24;
|
|
|
|
encode_pw_buffer(u.info24.password.data, join->machine_password, STR_UNICODE);
|
|
u.info24.pw_len = strlen(join->machine_password);
|
|
|
|
status = dcerpc_fetch_session_key(join->p, &session_key);
|
|
if (!NT_STATUS_IS_OK(status)) {
|
|
printf("SetUserInfo level %u - no session key - %s\n",
|
|
s.in.level, nt_errstr(status));
|
|
torture_leave_domain(&join);
|
|
goto failed;
|
|
}
|
|
|
|
arcfour_crypt_blob(u.info24.password.data, 516, &session_key);
|
|
|
|
status = dcerpc_samr_SetUserInfo(join->p, mem_ctx, &s);
|
|
if (!NT_STATUS_IS_OK(status)) {
|
|
printf("SetUserInfo failed - %s\n", nt_errstr(status));
|
|
goto failed;
|
|
}
|
|
|
|
s.in.handle = &join->acct_handle;
|
|
s.in.info = &u;
|
|
s.in.level = 16;
|
|
|
|
u.info16.acct_flags = acct_flags;
|
|
|
|
printf("Resetting ACB flags\n");
|
|
|
|
status = dcerpc_samr_SetUserInfo(join->p, mem_ctx, &s);
|
|
if (!NT_STATUS_IS_OK(status)) {
|
|
printf("SetUserInfo failed - %s\n", nt_errstr(status));
|
|
goto failed;
|
|
}
|
|
|
|
*machine_password = join->machine_password;
|
|
|
|
return join;
|
|
|
|
failed:
|
|
torture_leave_domain(join);
|
|
return NULL;
|
|
}
|
|
|
|
|
|
/*
|
|
leave the domain, deleting the machine acct
|
|
*/
|
|
void torture_leave_domain(void *join_ctx)
|
|
{
|
|
struct test_join *join = join_ctx;
|
|
struct samr_DeleteUser d;
|
|
NTSTATUS status;
|
|
|
|
if (!uuid_all_zero(&join->acct_handle.uuid)) {
|
|
d.in.handle = &join->acct_handle;
|
|
d.out.handle = &join->acct_handle;
|
|
|
|
status = dcerpc_samr_DeleteUser(join->p, join->mem_ctx, &d);
|
|
if (!NT_STATUS_IS_OK(status)) {
|
|
printf("Delete of machine account failed\n");
|
|
}
|
|
}
|
|
|
|
if (join->p) {
|
|
torture_rpc_close(join->p);
|
|
}
|
|
|
|
talloc_destroy(join->mem_ctx);
|
|
}
|