2 Unix SMB/CIFS implementation.
4 utility code to join/leave a domain
6 Copyright (C) Andrew Tridgell 2004
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 this code is used by other torture modules to join/leave a domain
25 as either a member, bdc or thru a trust relationship
29 #include "librpc/gen_ndr/ndr_samr.h"
30 #include "system/time.h"
33 struct dcerpc_pipe *p;
34 struct policy_handle user_handle;
39 static NTSTATUS DeleteUser_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
40 struct policy_handle *handle, const char *name)
43 struct samr_DeleteUser d;
44 struct policy_handle user_handle;
46 struct samr_LookupNames n;
47 struct lsa_String sname;
48 struct samr_OpenUser r;
52 n.in.domain_handle = handle;
56 status = dcerpc_samr_LookupNames(p, mem_ctx, &n);
57 if (NT_STATUS_IS_OK(status)) {
58 rid = n.out.rids.ids[0];
63 r.in.domain_handle = handle;
64 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
66 r.out.user_handle = &user_handle;
68 status = dcerpc_samr_OpenUser(p, mem_ctx, &r);
69 if (!NT_STATUS_IS_OK(status)) {
70 printf("OpenUser(%s) failed - %s\n", name, nt_errstr(status));
74 d.in.user_handle = &user_handle;
75 d.out.user_handle = &user_handle;
76 status = dcerpc_samr_DeleteUser(p, mem_ctx, &d);
77 if (!NT_STATUS_IS_OK(status)) {
85 create a test user in the domain
86 an opaque pointer is returned. Pass it to torture_leave_domain()
90 struct test_join *torture_create_testuser(const char *username,
93 const char **random_password)
96 struct samr_Connect c;
97 struct samr_CreateUser2 r;
98 struct samr_OpenDomain o;
99 struct samr_LookupDomain l;
100 struct samr_GetUserPwInfo pwp;
101 struct samr_SetUserInfo s;
102 union samr_UserInfo u;
103 struct policy_handle handle;
104 struct policy_handle domain_handle;
105 uint32_t access_granted;
107 DATA_BLOB session_key;
108 struct lsa_String name;
109 struct lsa_String comment;
110 struct lsa_String full_name;
112 int policy_min_pw_len = 0;
113 struct test_join *join;
116 join = talloc(NULL, struct test_join);
123 printf("Connecting to SAMR\n");
125 status = torture_rpc_connection(join,
129 DCERPC_SAMR_VERSION);
130 if (!NT_STATUS_IS_OK(status)) {
134 c.in.system_name = NULL;
135 c.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
136 c.out.connect_handle = &handle;
138 status = dcerpc_samr_Connect(join->p, join, &c);
139 if (!NT_STATUS_IS_OK(status)) {
140 const char *errstr = nt_errstr(status);
141 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
142 errstr = dcerpc_errstr(join, join->p->last_fault_code);
144 printf("samr_Connect failed - %s\n", errstr);
148 printf("Opening domain %s\n", domain);
150 name.string = domain;
151 l.in.connect_handle = &handle;
152 l.in.domain_name = &name;
154 status = dcerpc_samr_LookupDomain(join->p, join, &l);
155 if (!NT_STATUS_IS_OK(status)) {
156 printf("LookupDomain failed - %s\n", nt_errstr(status));
160 join->dom_sid = dom_sid_string(join, l.out.sid);
162 o.in.connect_handle = &handle;
163 o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
164 o.in.sid = l.out.sid;
165 o.out.domain_handle = &domain_handle;
167 status = dcerpc_samr_OpenDomain(join->p, join, &o);
168 if (!NT_STATUS_IS_OK(status)) {
169 printf("OpenDomain failed - %s\n", nt_errstr(status));
173 printf("Creating account %s\n", username);
176 name.string = username;
177 r.in.domain_handle = &domain_handle;
178 r.in.account_name = &name;
179 r.in.acct_flags = acct_type;
180 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
181 r.out.user_handle = &join->user_handle;
182 r.out.access_granted = &access_granted;
185 status = dcerpc_samr_CreateUser2(join->p, join, &r);
187 if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
188 status = DeleteUser_byname(join->p, join, &domain_handle, name.string);
189 if (NT_STATUS_IS_OK(status)) {
194 if (!NT_STATUS_IS_OK(status)) {
195 printf("CreateUser2 failed - %s\n", nt_errstr(status));
199 pwp.in.user_handle = &join->user_handle;
201 status = dcerpc_samr_GetUserPwInfo(join->p, join, &pwp);
202 if (NT_STATUS_IS_OK(status)) {
203 policy_min_pw_len = pwp.out.info.min_password_length;
206 random_pw = generate_random_str(join, MAX(8, policy_min_pw_len));
208 printf("Setting account password '%s'\n", random_pw);
210 s.in.user_handle = &join->user_handle;
214 encode_pw_buffer(u.info24.password.data, random_pw, STR_UNICODE);
215 u.info24.pw_len = strlen(random_pw);
217 status = dcerpc_fetch_session_key(join->p, &session_key);
218 if (!NT_STATUS_IS_OK(status)) {
219 printf("SetUserInfo level %u - no session key - %s\n",
220 s.in.level, nt_errstr(status));
221 torture_leave_domain(join);
225 arcfour_crypt_blob(u.info24.password.data, 516, &session_key);
227 status = dcerpc_samr_SetUserInfo(join->p, join, &s);
228 if (!NT_STATUS_IS_OK(status)) {
229 printf("SetUserInfo failed - %s\n", nt_errstr(status));
234 s.in.user_handle = &join->user_handle;
238 u.info21.acct_flags = acct_type;
239 u.info21.fields_present = SAMR_FIELD_ACCT_FLAGS | SAMR_FIELD_DESCRIPTION | SAMR_FIELD_COMMENT | SAMR_FIELD_FULL_NAME;
240 comment.string = talloc_asprintf(join,
241 "Tortured by Samba4: %s",
242 timestring(join, time(NULL)));
243 u.info21.comment = comment;
244 full_name.string = talloc_asprintf(join,
245 "Torture account for Samba4: %s",
246 timestring(join, time(NULL)));
247 u.info21.full_name = full_name;
249 u.info21.description.string = talloc_asprintf(join,
250 "Samba4 torture account created by host %s: %s",
251 lp_netbios_name(), timestring(join, time(NULL)));
253 printf("Resetting ACB flags, force pw change time\n");
255 status = dcerpc_samr_SetUserInfo(join->p, join, &s);
256 if (!NT_STATUS_IS_OK(status)) {
257 printf("SetUserInfo failed - %s\n", nt_errstr(status));
261 if (random_password) {
262 *random_password = random_pw;
268 torture_leave_domain(join);
273 struct test_join *torture_join_domain(const char *machine_name,
276 const char **machine_password)
278 char *username = talloc_asprintf(NULL, "%s$", machine_name);
279 struct test_join *tj = torture_create_testuser(username, domain, acct_flags, machine_password);
280 talloc_free(username);
284 struct dcerpc_pipe *torture_join_samr_pipe(struct test_join *join)
289 struct policy_handle *torture_join_samr_user_policy(struct test_join *join)
291 return &join->user_handle;
295 leave the domain, deleting the machine acct
297 void torture_leave_domain(struct test_join *join)
299 struct samr_DeleteUser d;
302 if (!GUID_all_zero(&join->user_handle.uuid)) {
303 d.in.user_handle = &join->user_handle;
304 d.out.user_handle = &join->user_handle;
306 status = dcerpc_samr_DeleteUser(join->p, join, &d);
307 if (!NT_STATUS_IS_OK(status)) {
308 printf("Delete of machine account failed\n");
316 return the dom sid for a test join
318 const char *torture_join_sid(struct test_join *join)
320 return join->dom_sid;
324 struct test_join_ads_dc {
325 struct test_join *join;
328 struct test_join_ads_dc *torture_join_domain_ads_dc(const char *machine_name,
330 const char **machine_password)
332 struct test_join_ads_dc *join;
334 join = talloc(NULL, struct test_join_ads_dc);
339 join->join = torture_join_domain(machine_name, domain,
347 /* do netlogon DrsEnumerateDomainTrusts */
349 /* modify userAccountControl from 4096 to 532480 */
351 /* modify RDN to OU=Domain Controllers and skip the $ from server name */
353 /* ask objectVersion of Schema Partition */
355 /* ask rIDManagerReferenz of the Domain Partition */
357 /* ask fsMORoleOwner of the RID-Manager$ object
358 * returns CN=NTDS Settings,CN=<DC>,CN=Servers,CN=Default-First-Site-Name, ...
361 /* ask for dnsHostName of CN=<DC>,CN=Servers,CN=Default-First-Site-Name, ... */
363 /* ask for objectGUID of CN=NTDS Settings,CN=<DC>,CN=Servers,CN=Default-First-Site-Name, ... */
365 /* ask for * of CN=Default-First-Site-Name, ... */
367 /* search (&(|(objectClass=user)(objectClass=computer))(sAMAccountName=<machine_name>$)) in Domain Partition
368 * attributes : distinguishedName, userAccountControl
371 /* ask * for CN=<machine_name>,CN=Servers,CN=Default-First-Site-Name,...
372 * should fail with noSuchObject
375 /* add CN=<machine_name>,CN=Servers,CN=Default-First-Site-Name,...
377 * objectClass = server
378 * systemFlags = 50000000
379 * serverReferenz = CN=<machine_name>,OU=Domain Controllers,...
382 /* ask for * of CN=NTDS Settings,CN=<machine_name>,CN=Servers,CN=Default-First-Site-Name, ...
383 * should fail with noSuchObject
386 /* search for (ncname=<domain_nc>) in CN=Partitions,CN=Configuration,...
387 * attributes: ncName, dnsRoot
390 /* modify add CN=<machine_name>,CN=Servers,CN=Default-First-Site-Name,...
391 * serverReferenz = CN=<machine_name>,OU=Domain Controllers,...
392 * should fail with attributeOrValueExists
395 /* modify replace CN=<machine_name>,CN=Servers,CN=Default-First-Site-Name,...
396 * serverReferenz = CN=<machine_name>,OU=Domain Controllers,...
399 /* DsReplicaAdd to create the CN=NTDS Settings,CN=<machine_name>,CN=Servers,CN=Default-First-Site-Name, ...
406 void torture_leave_domain_ads_dc(struct test_join_ads_dc *join)
410 torture_leave_domain(join->join);