#include "system/time.h"
#include "librpc/gen_ndr/lsa.h"
#include "librpc/gen_ndr/ndr_samr_c.h"
-#include "lib/crypto/crypto.h"
+#include "../lib/crypto/crypto.h"
#include "libcli/auth/libcli_auth.h"
#include "libcli/security/security.h"
#include "torture/rpc/rpc.h"
+#include "param/param.h"
#define TEST_ACCOUNT_NAME "samrtorturetest"
#define TEST_ALIASNAME "samrtorturetestalias"
TORTURE_SAMR_OTHER
};
-static BOOL test_QueryUserInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_QueryUserInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *handle);
-static BOOL test_QueryUserInfo2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_QueryUserInfo2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *handle);
-static BOOL test_QueryAliasInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_QueryAliasInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *handle);
-static BOOL test_ChangePassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_ChangePassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
const char *acct_name,
struct policy_handle *domain_handle, char **password);
string->string = s;
}
-BOOL test_samr_handle_Close(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+bool test_samr_handle_Close(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *handle)
{
NTSTATUS status;
status = dcerpc_samr_Close(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
printf("Close handle failed - %s\n", nt_errstr(status));
- return False;
+ return false;
}
- return True;
+ return true;
}
-static BOOL test_Shutdown(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_Shutdown(struct dcerpc_pipe *p, struct torture_context *tctx,
struct policy_handle *handle)
{
NTSTATUS status;
struct samr_Shutdown r;
- if (!lp_parm_bool(-1, "torture", "dangerous", False)) {
+ if (!torture_setting_bool(tctx, "dangerous", false)) {
printf("samr_Shutdown disabled - enable dangerous tests to use\n");
- return True;
+ return true;
}
r.in.connect_handle = handle;
printf("testing samr_Shutdown\n");
- status = dcerpc_samr_Shutdown(p, mem_ctx, &r);
+ status = dcerpc_samr_Shutdown(p, tctx, &r);
if (!NT_STATUS_IS_OK(status)) {
printf("samr_Shutdown failed - %s\n", nt_errstr(status));
- return False;
+ return false;
}
- return True;
+ return true;
}
-static BOOL test_SetDsrmPassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_SetDsrmPassword(struct dcerpc_pipe *p, struct torture_context *tctx,
struct policy_handle *handle)
{
NTSTATUS status;
struct lsa_String string;
struct samr_Password hash;
- if (!lp_parm_bool(-1, "torture", "dangerous", False)) {
+ if (!torture_setting_bool(tctx, "dangerous", false)) {
printf("samr_SetDsrmPassword disabled - enable dangerous tests to use\n");
- return True;
+ return true;
}
E_md4hash("TeSTDSRM123", hash.hash);
printf("testing samr_SetDsrmPassword\n");
- status = dcerpc_samr_SetDsrmPassword(p, mem_ctx, &r);
+ status = dcerpc_samr_SetDsrmPassword(p, tctx, &r);
if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
printf("samr_SetDsrmPassword failed - %s\n", nt_errstr(status));
- return False;
+ return false;
}
- return True;
+ return true;
}
-static BOOL test_QuerySecurity(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_QuerySecurity(struct dcerpc_pipe *p,
+ struct torture_context *tctx,
struct policy_handle *handle)
{
NTSTATUS status;
r.in.handle = handle;
r.in.sec_info = 7;
- status = dcerpc_samr_QuerySecurity(p, mem_ctx, &r);
+ status = dcerpc_samr_QuerySecurity(p, tctx, &r);
if (!NT_STATUS_IS_OK(status)) {
printf("QuerySecurity failed - %s\n", nt_errstr(status));
- return False;
+ return false;
}
if (r.out.sdbuf == NULL) {
- return False;
+ return false;
}
s.in.handle = handle;
s.in.sec_info = 7;
s.in.sdbuf = r.out.sdbuf;
- if (lp_parm_bool(-1, "torture", "samba4", False)) {
+ if (torture_setting_bool(tctx, "samba4", false)) {
printf("skipping SetSecurity test against Samba4\n");
- return True;
+ return true;
}
- status = dcerpc_samr_SetSecurity(p, mem_ctx, &s);
+ status = dcerpc_samr_SetSecurity(p, tctx, &s);
if (!NT_STATUS_IS_OK(status)) {
printf("SetSecurity failed - %s\n", nt_errstr(status));
- return False;
+ return false;
}
- status = dcerpc_samr_QuerySecurity(p, mem_ctx, &r);
+ status = dcerpc_samr_QuerySecurity(p, tctx, &r);
if (!NT_STATUS_IS_OK(status)) {
printf("QuerySecurity failed - %s\n", nt_errstr(status));
- return False;
+ return false;
}
- return True;
+ return true;
}
-static BOOL test_SetUserInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_SetUserInfo(struct dcerpc_pipe *p, struct torture_context *tctx,
struct policy_handle *handle, uint32_t base_acct_flags,
const char *base_account_name)
{
struct samr_QueryUserInfo q;
struct samr_QueryUserInfo q0;
union samr_UserInfo u;
- BOOL ret = True;
+ bool ret = true;
const char *test_account_name;
uint32_t user_extra_flags = 0;
q0 = q;
#define TESTCALL(call, r) \
- status = dcerpc_samr_ ##call(p, mem_ctx, &r); \
+ status = dcerpc_samr_ ##call(p, tctx, &r); \
if (!NT_STATUS_IS_OK(status)) { \
printf(#call " level %u failed - %s (%s)\n", \
r.in.level, nt_errstr(status), __location__); \
- ret = False; \
+ ret = false; \
break; \
}
if ((s1 && !s2) || (s2 && !s1) || strcmp(s1, s2)) { \
printf("Failed to set %s to '%s' (%s)\n", \
#field, s2, __location__); \
- ret = False; \
+ ret = false; \
break; \
}
#define INT_EQUAL(i1, i2, field) \
if (i1 != i2) { \
- printf("Failed to set %s to 0x%x - got 0x%x (%s)\n", \
- #field, i2, i1, __location__); \
- ret = False; \
+ printf("Failed to set %s to 0x%llx - got 0x%llx (%s)\n", \
+ #field, (unsigned long long)i2, (unsigned long long)i1, __location__); \
+ ret = false; \
break; \
}
TEST_USERINFO_STRING(21, comment, 21, comment, "xx21-21 comment",
SAMR_FIELD_COMMENT);
- test_account_name = talloc_asprintf(mem_ctx, "%sxx7-1", base_account_name);
+ test_account_name = talloc_asprintf(tctx, "%sxx7-1", base_account_name);
TEST_USERINFO_STRING(7, account_name, 1, account_name, base_account_name, 0);
- test_account_name = talloc_asprintf(mem_ctx, "%sxx7-3", base_account_name);
+ test_account_name = talloc_asprintf(tctx, "%sxx7-3", base_account_name);
TEST_USERINFO_STRING(7, account_name, 3, account_name, base_account_name, 0);
- test_account_name = talloc_asprintf(mem_ctx, "%sxx7-5", base_account_name);
+ test_account_name = talloc_asprintf(tctx, "%sxx7-5", base_account_name);
TEST_USERINFO_STRING(7, account_name, 5, account_name, base_account_name, 0);
- test_account_name = talloc_asprintf(mem_ctx, "%sxx7-6", base_account_name);
+ test_account_name = talloc_asprintf(tctx, "%sxx7-6", base_account_name);
TEST_USERINFO_STRING(7, account_name, 6, account_name, base_account_name, 0);
- test_account_name = talloc_asprintf(mem_ctx, "%sxx7-7", base_account_name);
+ test_account_name = talloc_asprintf(tctx, "%sxx7-7", base_account_name);
TEST_USERINFO_STRING(7, account_name, 7, account_name, base_account_name, 0);
- test_account_name = talloc_asprintf(mem_ctx, "%sxx7-21", base_account_name);
+ test_account_name = talloc_asprintf(tctx, "%sxx7-21", base_account_name);
TEST_USERINFO_STRING(7, account_name, 21, account_name, base_account_name, 0);
test_account_name = base_account_name;
TEST_USERINFO_STRING(21, account_name, 21, account_name, base_account_name,
TEST_USERINFO_STRING(21, full_name, 21, full_name, "xx21-21 full_name",
SAMR_FIELD_FULL_NAME);
+ TEST_USERINFO_STRING(6, full_name, 1, full_name, "", 0);
+ TEST_USERINFO_STRING(6, full_name, 3, full_name, "", 0);
+ TEST_USERINFO_STRING(6, full_name, 5, full_name, "", 0);
+ TEST_USERINFO_STRING(6, full_name, 6, full_name, "", 0);
+ TEST_USERINFO_STRING(6, full_name, 8, full_name, "", 0);
+ TEST_USERINFO_STRING(6, full_name, 21, full_name, "", 0);
+ TEST_USERINFO_STRING(8, full_name, 21, full_name, "", 0);
+ TEST_USERINFO_STRING(21, full_name, 21, full_name, "",
+ SAMR_FIELD_FULL_NAME);
+
TEST_USERINFO_STRING(11, logon_script, 3, logon_script, "xx11-3 logon_script", 0);
TEST_USERINFO_STRING(11, logon_script, 5, logon_script, "xx11-5 logon_script", 0);
TEST_USERINFO_STRING(11, logon_script, 21, logon_script, "xx11-21 logon_script", 0);
TEST_USERINFO_STRING(14, workstations, 21, workstations, "14workstation21", 0);
TEST_USERINFO_STRING(21, workstations, 21, workstations, "21workstation21",
SAMR_FIELD_WORKSTATIONS);
+ TEST_USERINFO_STRING(21, workstations, 3, workstations, "21workstation3",
+ SAMR_FIELD_WORKSTATIONS);
+ TEST_USERINFO_STRING(21, workstations, 5, workstations, "21workstation5",
+ SAMR_FIELD_WORKSTATIONS);
+ TEST_USERINFO_STRING(21, workstations, 14, workstations, "21workstation14",
+ SAMR_FIELD_WORKSTATIONS);
TEST_USERINFO_STRING(20, parameters, 21, parameters, "xx20-21 parameters", 0);
TEST_USERINFO_STRING(21, parameters, 21, parameters, "xx21-21 parameters",
SAMR_FIELD_PARAMETERS);
+ TEST_USERINFO_STRING(21, parameters, 20, parameters, "xx21-20 parameters",
+ SAMR_FIELD_PARAMETERS);
+ TEST_USERINFO_INT(2, country_code, 2, country_code, __LINE__, 0);
TEST_USERINFO_INT(2, country_code, 21, country_code, __LINE__, 0);
TEST_USERINFO_INT(21, country_code, 21, country_code, __LINE__,
SAMR_FIELD_COUNTRY_CODE);
+ TEST_USERINFO_INT(21, country_code, 2, country_code, __LINE__,
+ SAMR_FIELD_COUNTRY_CODE);
TEST_USERINFO_INT(2, code_page, 21, code_page, __LINE__, 0);
TEST_USERINFO_INT(21, code_page, 21, code_page, __LINE__,
SAMR_FIELD_CODE_PAGE);
+ TEST_USERINFO_INT(21, code_page, 2, code_page, __LINE__,
+ SAMR_FIELD_CODE_PAGE);
+
+ TEST_USERINFO_INT(17, acct_expiry, 21, acct_expiry, __LINE__, 0);
+ TEST_USERINFO_INT(17, acct_expiry, 5, acct_expiry, __LINE__, 0);
+ TEST_USERINFO_INT(21, acct_expiry, 21, acct_expiry, __LINE__,
+ SAMR_FIELD_ACCT_EXPIRY);
+ TEST_USERINFO_INT(21, acct_expiry, 5, acct_expiry, __LINE__,
+ SAMR_FIELD_ACCT_EXPIRY);
+ TEST_USERINFO_INT(21, acct_expiry, 17, acct_expiry, __LINE__,
+ SAMR_FIELD_ACCT_EXPIRY);
TEST_USERINFO_INT(4, logon_hours.bits[3], 3, logon_hours.bits[3], 1, 0);
TEST_USERINFO_INT(4, logon_hours.bits[3], 5, logon_hours.bits[3], 2, 0);
TEST_USERINFO_INT(21, logon_hours.bits[3], 21, logon_hours.bits[3], 4,
SAMR_FIELD_LOGON_HOURS);
- if (lp_parm_bool(-1, "torture", "samba4", False)) {
- printf("skipping Set Account Flag tests against Samba4\n");
- return ret;
- }
-
TEST_USERINFO_INT_EXP(16, acct_flags, 5, acct_flags,
(base_acct_flags | ACB_DISABLED | ACB_HOMDIRREQ),
(base_acct_flags | ACB_DISABLED | ACB_HOMDIRREQ | user_extra_flags),
return s;
}
-static BOOL test_SetUserPass(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_SetUserPass(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *handle, char **password)
{
NTSTATUS status;
struct samr_SetUserInfo s;
union samr_UserInfo u;
- BOOL ret = True;
+ bool ret = true;
DATA_BLOB session_key;
char *newpass;
struct samr_GetUserPwInfo pwp;
if (!NT_STATUS_IS_OK(status)) {
printf("SetUserInfo level %u - no session key - %s\n",
s.in.level, nt_errstr(status));
- return False;
+ return false;
}
arcfour_crypt_blob(u.info24.password.data, 516, &session_key);
if (!NT_STATUS_IS_OK(status)) {
printf("SetUserInfo level %u failed - %s\n",
s.in.level, nt_errstr(status));
- ret = False;
+ ret = false;
} else {
*password = newpass;
}
}
-static BOOL test_SetUserPass_23(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_SetUserPass_23(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *handle, uint32_t fields_present,
char **password)
{
NTSTATUS status;
struct samr_SetUserInfo s;
union samr_UserInfo u;
- BOOL ret = True;
+ bool ret = true;
DATA_BLOB session_key;
char *newpass;
struct samr_GetUserPwInfo pwp;
if (!NT_STATUS_IS_OK(status)) {
printf("SetUserInfo level %u - no session key - %s\n",
s.in.level, nt_errstr(status));
- return False;
+ return false;
}
arcfour_crypt_blob(u.info23.password.data, 516, &session_key);
if (!NT_STATUS_IS_OK(status)) {
printf("SetUserInfo level %u failed - %s\n",
s.in.level, nt_errstr(status));
- ret = False;
+ ret = false;
} else {
*password = newpass;
}
if (!NT_STATUS_IS_OK(status)) {
printf("SetUserInfo level %u - no session key - %s\n",
s.in.level, nt_errstr(status));
- return False;
+ return false;
}
/* This should break the key nicely */
if (!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
printf("SetUserInfo level %u should have failed with WRONG_PASSWORD- %s\n",
s.in.level, nt_errstr(status));
- ret = False;
+ ret = false;
}
return ret;
}
-static BOOL test_SetUserPassEx(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
- struct policy_handle *handle, char **password)
+static bool test_SetUserPassEx(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+ struct policy_handle *handle, bool makeshort,
+ char **password)
{
NTSTATUS status;
struct samr_SetUserInfo s;
union samr_UserInfo u;
- BOOL ret = True;
+ bool ret = true;
DATA_BLOB session_key;
DATA_BLOB confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16);
uint8_t confounder[16];
if (NT_STATUS_IS_OK(status)) {
policy_min_pw_len = pwp.out.info.min_password_length;
}
- newpass = samr_rand_pass(mem_ctx, policy_min_pw_len);
+ if (makeshort && policy_min_pw_len) {
+ newpass = samr_rand_pass_fixed_len(mem_ctx, policy_min_pw_len - 1);
+ } else {
+ newpass = samr_rand_pass(mem_ctx, policy_min_pw_len);
+ }
s.in.user_handle = handle;
s.in.info = &u;
if (!NT_STATUS_IS_OK(status)) {
printf("SetUserInfo level %u - no session key - %s\n",
s.in.level, nt_errstr(status));
- return False;
+ return false;
}
generate_random_buffer((uint8_t *)confounder, 16);
if (!NT_STATUS_IS_OK(status)) {
printf("SetUserInfo level %u failed - %s\n",
s.in.level, nt_errstr(status));
- ret = False;
+ ret = false;
} else {
*password = newpass;
}
status = dcerpc_samr_SetUserInfo(p, mem_ctx, &s);
if (!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
- printf("SetUserInfo level %u should have failed with WRONG_PASSWORD- %s\n",
+ printf("SetUserInfo level %u should have failed with WRONG_PASSWORD: %s\n",
s.in.level, nt_errstr(status));
- ret = False;
+ ret = false;
} else {
*password = newpass;
}
return ret;
}
-static BOOL test_SetUserPass_25(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_SetUserPass_25(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *handle, uint32_t fields_present,
char **password)
{
NTSTATUS status;
struct samr_SetUserInfo s;
union samr_UserInfo u;
- BOOL ret = True;
+ bool ret = true;
DATA_BLOB session_key;
DATA_BLOB confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16);
struct MD5Context ctx;
if (!NT_STATUS_IS_OK(status)) {
printf("SetUserInfo level %u - no session key - %s\n",
s.in.level, nt_errstr(status));
- return False;
+ return false;
}
generate_random_buffer((uint8_t *)confounder, 16);
if (!NT_STATUS_IS_OK(status)) {
printf("SetUserInfo level %u failed - %s\n",
s.in.level, nt_errstr(status));
- ret = False;
+ ret = false;
} else {
*password = newpass;
}
if (!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
printf("SetUserInfo level %u should have failed with WRONG_PASSWORD- %s\n",
s.in.level, nt_errstr(status));
- ret = False;
+ ret = false;
}
return ret;
}
-static BOOL test_SetAliasInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_SetAliasInfo(struct dcerpc_pipe *p, struct torture_context *tctx,
struct policy_handle *handle)
{
NTSTATUS status;
struct samr_QueryAliasInfo q;
uint16_t levels[] = {2, 3};
int i;
- BOOL ret = True;
+ bool ret = true;
/* Ignoring switch level 1, as that includes the number of members for the alias
* and setting this to a wrong value might have negative consequences
r.in.alias_handle = handle;
r.in.level = levels[i];
- r.in.info = talloc(mem_ctx, union samr_AliasInfo);
+ r.in.info = talloc(tctx, union samr_AliasInfo);
switch (r.in.level) {
case ALIASINFONAME: init_lsa_String(&r.in.info->name,TEST_ALIASNAME); break;
case ALIASINFODESCRIPTION: init_lsa_String(&r.in.info->description,
"Test Description, should test I18N as well"); break;
+ case ALIASINFOALL: printf("ALIASINFOALL ignored\n"); break;
}
- status = dcerpc_samr_SetAliasInfo(p, mem_ctx, &r);
+ status = dcerpc_samr_SetAliasInfo(p, tctx, &r);
if (!NT_STATUS_IS_OK(status)) {
printf("SetAliasInfo level %u failed - %s\n",
levels[i], nt_errstr(status));
- ret = False;
+ ret = false;
}
q.in.alias_handle = handle;
q.in.level = levels[i];
- status = dcerpc_samr_QueryAliasInfo(p, mem_ctx, &q);
+ status = dcerpc_samr_QueryAliasInfo(p, tctx, &q);
if (!NT_STATUS_IS_OK(status)) {
printf("QueryAliasInfo level %u failed - %s\n",
levels[i], nt_errstr(status));
- ret = False;
+ ret = false;
}
}
return ret;
}
-static BOOL test_GetGroupsForUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_GetGroupsForUser(struct dcerpc_pipe *p, struct torture_context *tctx,
struct policy_handle *user_handle)
{
struct samr_GetGroupsForUser r;
NTSTATUS status;
- BOOL ret = True;
+ bool ret = true;
printf("testing GetGroupsForUser\n");
r.in.user_handle = user_handle;
- status = dcerpc_samr_GetGroupsForUser(p, mem_ctx, &r);
+ status = dcerpc_samr_GetGroupsForUser(p, tctx, &r);
if (!NT_STATUS_IS_OK(status)) {
printf("GetGroupsForUser failed - %s\n",nt_errstr(status));
- ret = False;
+ ret = false;
}
return ret;
}
-static BOOL test_GetDomPwInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_GetDomPwInfo(struct dcerpc_pipe *p, struct torture_context *tctx,
struct lsa_String *domain_name)
{
NTSTATUS status;
struct samr_GetDomPwInfo r;
- BOOL ret = True;
+ bool ret = true;
r.in.domain_name = domain_name;
printf("Testing GetDomPwInfo with name %s\n", r.in.domain_name->string);
- status = dcerpc_samr_GetDomPwInfo(p, mem_ctx, &r);
+ status = dcerpc_samr_GetDomPwInfo(p, tctx, &r);
if (!NT_STATUS_IS_OK(status)) {
printf("GetDomPwInfo failed - %s\n", nt_errstr(status));
- ret = False;
+ ret = false;
}
- r.in.domain_name->string = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
+ r.in.domain_name->string = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
printf("Testing GetDomPwInfo with name %s\n", r.in.domain_name->string);
- status = dcerpc_samr_GetDomPwInfo(p, mem_ctx, &r);
+ status = dcerpc_samr_GetDomPwInfo(p, tctx, &r);
if (!NT_STATUS_IS_OK(status)) {
printf("GetDomPwInfo failed - %s\n", nt_errstr(status));
- ret = False;
+ ret = false;
}
r.in.domain_name->string = "\\\\__NONAME__";
printf("Testing GetDomPwInfo with name %s\n", r.in.domain_name->string);
- status = dcerpc_samr_GetDomPwInfo(p, mem_ctx, &r);
+ status = dcerpc_samr_GetDomPwInfo(p, tctx, &r);
if (!NT_STATUS_IS_OK(status)) {
printf("GetDomPwInfo failed - %s\n", nt_errstr(status));
- ret = False;
+ ret = false;
}
r.in.domain_name->string = "\\\\Builtin";
printf("Testing GetDomPwInfo with name %s\n", r.in.domain_name->string);
- status = dcerpc_samr_GetDomPwInfo(p, mem_ctx, &r);
+ status = dcerpc_samr_GetDomPwInfo(p, tctx, &r);
if (!NT_STATUS_IS_OK(status)) {
printf("GetDomPwInfo failed - %s\n", nt_errstr(status));
- ret = False;
+ ret = false;
}
return ret;
}
-static BOOL test_GetUserPwInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_GetUserPwInfo(struct dcerpc_pipe *p, struct torture_context *tctx,
struct policy_handle *handle)
{
NTSTATUS status;
struct samr_GetUserPwInfo r;
- BOOL ret = True;
+ bool ret = true;
printf("Testing GetUserPwInfo\n");
r.in.user_handle = handle;
- status = dcerpc_samr_GetUserPwInfo(p, mem_ctx, &r);
+ status = dcerpc_samr_GetUserPwInfo(p, tctx, &r);
if (!NT_STATUS_IS_OK(status)) {
printf("GetUserPwInfo failed - %s\n", nt_errstr(status));
- ret = False;
+ ret = false;
}
return ret;
}
-static NTSTATUS test_LookupName(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static NTSTATUS test_LookupName(struct dcerpc_pipe *p, struct torture_context *tctx,
struct policy_handle *domain_handle, const char *name,
uint32_t *rid)
{
n.in.domain_handle = domain_handle;
n.in.num_names = 1;
n.in.names = sname;
- status = dcerpc_samr_LookupNames(p, mem_ctx, &n);
+ status = dcerpc_samr_LookupNames(p, tctx, &n);
if (NT_STATUS_IS_OK(status)) {
*rid = n.out.rids.ids[0];
} else {
init_lsa_String(&sname[1], "xxNONAMExx");
n.in.num_names = 2;
- status = dcerpc_samr_LookupNames(p, mem_ctx, &n);
+ status = dcerpc_samr_LookupNames(p, tctx, &n);
if (!NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) {
printf("LookupNames[2] failed - %s\n", nt_errstr(status));
if (NT_STATUS_IS_OK(status)) {
}
n.in.num_names = 0;
- status = dcerpc_samr_LookupNames(p, mem_ctx, &n);
+ status = dcerpc_samr_LookupNames(p, tctx, &n);
if (!NT_STATUS_IS_OK(status)) {
printf("LookupNames[0] failed - %s\n", nt_errstr(status));
return status;
init_lsa_String(&sname[0], "xxNONAMExx");
n.in.num_names = 1;
- status = dcerpc_samr_LookupNames(p, mem_ctx, &n);
+ status = dcerpc_samr_LookupNames(p, tctx, &n);
if (!NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)) {
printf("LookupNames[1 bad name] failed - %s\n", nt_errstr(status));
if (NT_STATUS_IS_OK(status)) {
init_lsa_String(&sname[0], "xxNONAMExx");
init_lsa_String(&sname[1], "xxNONAME2xx");
n.in.num_names = 2;
- status = dcerpc_samr_LookupNames(p, mem_ctx, &n);
+ status = dcerpc_samr_LookupNames(p, tctx, &n);
if (!NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)) {
printf("LookupNames[2 bad names] failed - %s\n", nt_errstr(status));
if (NT_STATUS_IS_OK(status)) {
}
#if 0
-static BOOL test_ChangePasswordNT3(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_ChangePasswordNT3(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *handle)
{
NTSTATUS status;
struct samr_ChangePasswordUser r;
- BOOL ret = True;
+ bool ret = true;
struct samr_Password hash1, hash2, hash3, hash4, hash5, hash6;
struct policy_handle user_handle;
char *oldpass = "test";
status = test_OpenUser_byname(p, mem_ctx, handle, "testuser", &user_handle);
if (!NT_STATUS_IS_OK(status)) {
- return False;
+ return false;
}
printf("Testing ChangePasswordUser for user 'testuser'\n");
status = dcerpc_samr_ChangePasswordUser(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
printf("ChangePasswordUser failed - %s\n", nt_errstr(status));
- ret = False;
+ ret = false;
}
if (!test_samr_handle_Close(p, mem_ctx, &user_handle)) {
- ret = False;
+ ret = false;
}
return ret;
}
#endif
-static BOOL test_ChangePasswordUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_ChangePasswordUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
const char *acct_name,
struct policy_handle *handle, char **password)
{
NTSTATUS status;
struct samr_ChangePasswordUser r;
- BOOL ret = True;
+ bool ret = true;
struct samr_Password hash1, hash2, hash3, hash4, hash5, hash6;
struct policy_handle user_handle;
char *oldpass;
uint8_t old_nt_hash[16], new_nt_hash[16];
uint8_t old_lm_hash[16], new_lm_hash[16];
- BOOL changed = True;
+ bool changed = true;
char *newpass;
struct samr_GetUserPwInfo pwp;
status = test_OpenUser_byname(p, mem_ctx, handle, acct_name, &user_handle);
if (!NT_STATUS_IS_OK(status)) {
- return False;
+ return false;
}
pwp.in.user_handle = &user_handle;
if (!*password) {
printf("Failing ChangePasswordUser as old password was NULL. Previous test failed?\n");
- return False;
+ return false;
}
oldpass = *password;
E_old_pw_hash(old_lm_hash, new_nt_hash, hash5.hash);
E_old_pw_hash(old_nt_hash, new_lm_hash, hash6.hash);
- r.in.user_handle = &user_handle;
- r.in.lm_present = 1;
- r.in.old_lm_crypted = &hash1;
- r.in.new_lm_crypted = &hash2;
- r.in.nt_present = 1;
- r.in.old_nt_crypted = &hash3;
- r.in.new_nt_crypted = &hash4;
- r.in.cross1_present = 1;
- r.in.nt_cross = &hash5;
- r.in.cross2_present = 0;
- r.in.lm_cross = NULL;
-
- status = dcerpc_samr_ChangePasswordUser(p, mem_ctx, &r);
- if (!NT_STATUS_EQUAL(status, NT_STATUS_LM_CROSS_ENCRYPTION_REQUIRED)) {
- printf("ChangePasswordUser failed: expected NT_STATUS_LM_CROSS_ENCRYPTION_REQUIRED, got %s\n", nt_errstr(status));
- ret = False;
- }
-
-
- r.in.user_handle = &user_handle;
- r.in.lm_present = 1;
- r.in.old_lm_crypted = &hash1;
- r.in.new_lm_crypted = &hash2;
- r.in.nt_present = 1;
- r.in.old_nt_crypted = &hash3;
- r.in.new_nt_crypted = &hash4;
- r.in.cross1_present = 0;
- r.in.nt_cross = NULL;
- r.in.cross2_present = 1;
- r.in.lm_cross = &hash6;
-
- status = dcerpc_samr_ChangePasswordUser(p, mem_ctx, &r);
- if (!NT_STATUS_EQUAL(status, NT_STATUS_NT_CROSS_ENCRYPTION_REQUIRED)) {
- printf("ChangePasswordUser failed: expected NT_STATUS_NT_CROSS_ENCRYPTION_REQUIRED, got %s\n", nt_errstr(status));
- ret = False;
- }
-
r.in.user_handle = &user_handle;
r.in.lm_present = 1;
/* Break the LM hash */
status = dcerpc_samr_ChangePasswordUser(p, mem_ctx, &r);
if (!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
printf("ChangePasswordUser failed: expected NT_STATUS_WRONG_PASSWORD because we broke the LM hash, got %s\n", nt_errstr(status));
- ret = False;
+ ret = false;
}
/* Unbreak the LM hash */
status = dcerpc_samr_ChangePasswordUser(p, mem_ctx, &r);
if (!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
printf("ChangePasswordUser failed: expected NT_STATUS_WRONG_PASSWORD because we broke the NT hash, got %s\n", nt_errstr(status));
- ret = False;
+ ret = false;
}
/* Unbreak the NT hash */
status = dcerpc_samr_ChangePasswordUser(p, mem_ctx, &r);
if (!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
printf("ChangePasswordUser failed: expected NT_STATUS_WRONG_PASSWORD because we broke the LM cross-hash, got %s\n", nt_errstr(status));
- ret = False;
+ ret = false;
}
/* Unbreak the LM cross */
status = dcerpc_samr_ChangePasswordUser(p, mem_ctx, &r);
if (!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
printf("ChangePasswordUser failed: expected NT_STATUS_WRONG_PASSWORD because we broke the NT cross-hash, got %s\n", nt_errstr(status));
- ret = False;
+ ret = false;
}
/* Unbreak the NT cross */
hash5.hash[0]--;
+
+ /* Reset the hashes to not broken values */
+ E_old_pw_hash(new_lm_hash, old_lm_hash, hash1.hash);
+ E_old_pw_hash(old_lm_hash, new_lm_hash, hash2.hash);
+ E_old_pw_hash(new_nt_hash, old_nt_hash, hash3.hash);
+ E_old_pw_hash(old_nt_hash, new_nt_hash, hash4.hash);
+ E_old_pw_hash(old_lm_hash, new_nt_hash, hash5.hash);
+ E_old_pw_hash(old_nt_hash, new_lm_hash, hash6.hash);
+
+ r.in.user_handle = &user_handle;
+ r.in.lm_present = 1;
+ r.in.old_lm_crypted = &hash1;
+ r.in.new_lm_crypted = &hash2;
+ r.in.nt_present = 1;
+ r.in.old_nt_crypted = &hash3;
+ r.in.new_nt_crypted = &hash4;
+ r.in.cross1_present = 1;
+ r.in.nt_cross = &hash5;
+ r.in.cross2_present = 0;
+ r.in.lm_cross = NULL;
+
+ status = dcerpc_samr_ChangePasswordUser(p, mem_ctx, &r);
+ if (NT_STATUS_IS_OK(status)) {
+ changed = true;
+ *password = newpass;
+ } else if (!NT_STATUS_EQUAL(NT_STATUS_PASSWORD_RESTRICTION, status)) {
+ printf("ChangePasswordUser failed: expected NT_STATUS_OK, or at least NT_STATUS_PASSWORD_RESTRICTION, got %s\n", nt_errstr(status));
+ ret = false;
+ }
+
+ oldpass = newpass;
+ newpass = samr_rand_pass(mem_ctx, policy_min_pw_len);
+
+ E_md4hash(oldpass, old_nt_hash);
+ E_md4hash(newpass, new_nt_hash);
+ E_deshash(oldpass, old_lm_hash);
+ E_deshash(newpass, new_lm_hash);
+
+
+ /* Reset the hashes to not broken values */
+ E_old_pw_hash(new_lm_hash, old_lm_hash, hash1.hash);
+ E_old_pw_hash(old_lm_hash, new_lm_hash, hash2.hash);
+ E_old_pw_hash(new_nt_hash, old_nt_hash, hash3.hash);
+ E_old_pw_hash(old_nt_hash, new_nt_hash, hash4.hash);
+ E_old_pw_hash(old_lm_hash, new_nt_hash, hash5.hash);
+ E_old_pw_hash(old_nt_hash, new_lm_hash, hash6.hash);
+
+ r.in.user_handle = &user_handle;
+ r.in.lm_present = 1;
+ r.in.old_lm_crypted = &hash1;
+ r.in.new_lm_crypted = &hash2;
+ r.in.nt_present = 1;
+ r.in.old_nt_crypted = &hash3;
+ r.in.new_nt_crypted = &hash4;
+ r.in.cross1_present = 0;
+ r.in.nt_cross = NULL;
+ r.in.cross2_present = 1;
+ r.in.lm_cross = &hash6;
+
+ status = dcerpc_samr_ChangePasswordUser(p, mem_ctx, &r);
+ if (NT_STATUS_IS_OK(status)) {
+ changed = true;
+ *password = newpass;
+ } else if (!NT_STATUS_EQUAL(NT_STATUS_PASSWORD_RESTRICTION, status)) {
+ printf("ChangePasswordUser failed: expected NT_STATUS_NT_CROSS_ENCRYPTION_REQUIRED, got %s\n", nt_errstr(status));
+ ret = false;
+ }
+
+ oldpass = newpass;
+ newpass = samr_rand_pass(mem_ctx, policy_min_pw_len);
+
+ E_md4hash(oldpass, old_nt_hash);
+ E_md4hash(newpass, new_nt_hash);
+ E_deshash(oldpass, old_lm_hash);
+ E_deshash(newpass, new_lm_hash);
+
+
/* Reset the hashes to not broken values */
E_old_pw_hash(new_lm_hash, old_lm_hash, hash1.hash);
E_old_pw_hash(old_lm_hash, new_lm_hash, hash2.hash);
printf("ChangePasswordUser returned: %s perhaps min password age? (not fatal)\n", nt_errstr(status));
} else if (!NT_STATUS_IS_OK(status)) {
printf("ChangePasswordUser failed - %s\n", nt_errstr(status));
- ret = False;
+ ret = false;
} else {
- changed = True;
+ changed = true;
*password = newpass;
}
if (changed) {
status = dcerpc_samr_ChangePasswordUser(p, mem_ctx, &r);
- if (!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
+ if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) {
+ printf("ChangePasswordUser returned: %s perhaps min password age? (not fatal)\n", nt_errstr(status));
+ } else if (!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
printf("ChangePasswordUser failed: expected NT_STATUS_WRONG_PASSWORD because we already changed the password, got %s\n", nt_errstr(status));
- ret = False;
+ ret = false;
}
}
+
if (!test_samr_handle_Close(p, mem_ctx, &user_handle)) {
- ret = False;
+ ret = false;
}
return ret;
}
-static BOOL test_OemChangePasswordUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_OemChangePasswordUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
const char *acct_name,
struct policy_handle *handle, char **password)
{
NTSTATUS status;
struct samr_OemChangePasswordUser2 r;
- BOOL ret = True;
+ bool ret = true;
struct samr_Password lm_verifier;
struct samr_CryptPassword lm_pass;
struct lsa_AsciiString server, account, account_bad;
if (!*password) {
printf("Failing OemChangePasswordUser2 as old password was NULL. Previous test failed?\n");
- return False;
+ return false;
}
oldpass = *password;
&& !NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
printf("ChangePasswordUser3 failed, should have returned WRONG_PASSWORD (or at least 'PASSWORD_RESTRICTON') for invalid password verifier - %s\n",
nt_errstr(status));
- ret = False;
+ ret = false;
}
encode_pw_buffer(lm_pass.data, newpass, STR_ASCII);
&& !NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
printf("ChangePasswordUser3 failed, should have returned WRONG_PASSWORD (or at least 'PASSWORD_RESTRICTON') for invalidly encrpted password - %s\n",
nt_errstr(status));
- ret = False;
+ ret = false;
}
encode_pw_buffer(lm_pass.data, newpass, STR_ASCII);
status = dcerpc_samr_OemChangePasswordUser2(p, mem_ctx, &r);
if (!NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)
- && !NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
- printf("ChangePasswordUser3 failed, should have returned WRONG_PASSWORD (or at least 'PASSWORD_RESTRICTON') for no supplied validation hash - %s\n",
+ && !NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
+ printf("ChangePasswordUser3 failed, should have returned INVALID_PARAMETER (or at least 'PASSWORD_RESTRICTON') for no supplied validation hash - %s\n",
nt_errstr(status));
- ret = False;
+ ret = false;
}
/* This shouldn't be a valid name */
status = dcerpc_samr_OemChangePasswordUser2(p, mem_ctx, &r);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
+ printf("ChangePasswordUser3 failed, should have returned INVALID_PARAMETER for no supplied validation hash and invalid user - %s\n",
+ nt_errstr(status));
+ ret = false;
+ }
+
+ /* This shouldn't be a valid name */
+ account_bad.string = TEST_ACCOUNT_NAME "XX";
+ r.in.account = &account_bad;
+ r.in.password = &lm_pass;
+ r.in.hash = &lm_verifier;
+
+ status = dcerpc_samr_OemChangePasswordUser2(p, mem_ctx, &r);
+
if (!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
printf("ChangePasswordUser3 failed, should have returned WRONG_PASSWORD for invalid user - %s\n",
nt_errstr(status));
- ret = False;
+ ret = false;
+ }
+
+ /* This shouldn't be a valid name */
+ account_bad.string = TEST_ACCOUNT_NAME "XX";
+ r.in.account = &account_bad;
+ r.in.password = NULL;
+ r.in.hash = &lm_verifier;
+
+ status = dcerpc_samr_OemChangePasswordUser2(p, mem_ctx, &r);
+
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
+ printf("ChangePasswordUser3 failed, should have returned INVALID_PARAMETER for no supplied password and invalid user - %s\n",
+ nt_errstr(status));
+ ret = false;
}
E_deshash(oldpass, old_lm_hash);
printf("OemChangePasswordUser2 returned: %s perhaps min password age? (not fatal)\n", nt_errstr(status));
} else if (!NT_STATUS_IS_OK(status)) {
printf("OemChangePasswordUser2 failed - %s\n", nt_errstr(status));
- ret = False;
+ ret = false;
} else {
*password = newpass;
}
}
-static BOOL test_ChangePasswordUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_ChangePasswordUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
const char *acct_name,
- struct policy_handle *handle, char **password)
+ char **password,
+ char *newpass, bool allow_password_restriction)
{
NTSTATUS status;
struct samr_ChangePasswordUser2 r;
- BOOL ret = True;
+ bool ret = true;
struct lsa_String server, account;
struct samr_CryptPassword nt_pass, lm_pass;
struct samr_Password nt_verifier, lm_verifier;
char *oldpass;
- char *newpass;
uint8_t old_nt_hash[16], new_nt_hash[16];
uint8_t old_lm_hash[16], new_lm_hash[16];
struct samr_GetDomPwInfo dom_pw_info;
- int policy_min_pw_len = 0;
struct lsa_String domain_name;
-
domain_name.string = "";
dom_pw_info.in.domain_name = &domain_name;
- printf("Testing ChangePasswordUser2\n");
+ printf("Testing ChangePasswordUser2 on %s\n", acct_name);
if (!*password) {
printf("Failing ChangePasswordUser3 as old password was NULL. Previous test failed?\n");
- return False;
+ return false;
}
oldpass = *password;
- status = dcerpc_samr_GetDomPwInfo(p, mem_ctx, &dom_pw_info);
- if (NT_STATUS_IS_OK(status)) {
- policy_min_pw_len = dom_pw_info.out.info.min_password_length;
- }
+ if (!newpass) {
+ int policy_min_pw_len = 0;
+ status = dcerpc_samr_GetDomPwInfo(p, mem_ctx, &dom_pw_info);
+ if (NT_STATUS_IS_OK(status)) {
+ policy_min_pw_len = dom_pw_info.out.info.min_password_length;
+ }
- newpass = samr_rand_pass(mem_ctx, policy_min_pw_len);
+ newpass = samr_rand_pass(mem_ctx, policy_min_pw_len);
+ }
server.string = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
init_lsa_String(&account, acct_name);
r.in.lm_verifier = &lm_verifier;
status = dcerpc_samr_ChangePasswordUser2(p, mem_ctx, &r);
- if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) {
+ if (allow_password_restriction && NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) {
printf("ChangePasswordUser2 returned: %s perhaps min password age? (not fatal)\n", nt_errstr(status));
} else if (!NT_STATUS_IS_OK(status)) {
printf("ChangePasswordUser2 failed - %s\n", nt_errstr(status));
- ret = False;
+ ret = false;
} else {
*password = newpass;
}
}
-BOOL test_ChangePasswordUser3(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+bool test_ChangePasswordUser3(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
const char *account_string,
int policy_min_pw_len,
char **password,
const char *newpass,
NTTIME last_password_change,
- BOOL handle_reject_reason)
+ bool handle_reject_reason)
{
NTSTATUS status;
struct samr_ChangePasswordUser3 r;
- BOOL ret = True;
+ bool ret = true;
struct lsa_String server, account, account_bad;
struct samr_CryptPassword nt_pass, lm_pass;
struct samr_Password nt_verifier, lm_verifier;
} else {
newpass = samr_rand_pass_fixed_len(mem_ctx, policy_min_pw_len);
}
- } while (check_password_quality(newpass) == False);
+ } while (check_password_quality(newpass) == false);
} else {
printf("Using password '%s'\n", newpass);
}
if (!*password) {
printf("Failing ChangePasswordUser3 as old password was NULL. Previous test failed?\n");
- return False;
+ return false;
}
oldpass = *password;
(!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD))) {
printf("ChangePasswordUser3 failed, should have returned WRONG_PASSWORD (or at least 'PASSWORD_RESTRICTON') for invalid password verifier - %s\n",
nt_errstr(status));
- ret = False;
+ ret = false;
}
encode_pw_buffer(lm_pass.data, newpass, STR_UNICODE);
(!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD))) {
printf("ChangePasswordUser3 failed, should have returned WRONG_PASSWORD (or at least 'PASSWORD_RESTRICTON') for invalidly encrpted password - %s\n",
nt_errstr(status));
- ret = False;
+ ret = false;
}
/* This shouldn't be a valid name */
if (!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
printf("ChangePasswordUser3 failed, should have returned WRONG_PASSWORD for invalid username - %s\n",
nt_errstr(status));
- ret = False;
+ ret = false;
}
E_md4hash(oldpass, old_nt_hash);
status = dcerpc_samr_ChangePasswordUser3(p, mem_ctx, &r);
- if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION) &&
- r.out.dominfo && r.out.reject && handle_reject_reason) {
-
+ if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)
+ && r.out.dominfo
+ && r.out.reject
+ && handle_reject_reason
+ && (!null_nttime(last_password_change) || !r.out.dominfo->min_password_age)) {
if (r.out.dominfo->password_properties & DOMAIN_REFUSE_PASSWORD_CHANGE ) {
if (r.out.reject && (r.out.reject->reason != SAMR_REJECT_OTHER)) {
printf("expected SAMR_REJECT_OTHER (%d), got %d\n",
SAMR_REJECT_OTHER, r.out.reject->reason);
- return False;
+ return false;
}
}
if (r.out.reject->reason != SAMR_REJECT_OTHER) {
printf("expected SAMR_REJECT_OTHER (%d), got %d\n",
SAMR_REJECT_OTHER, r.out.reject->reason);
- return False;
+ return false;
}
} else if ((r.out.dominfo->min_password_length > 0) &&
if (r.out.reject->reason != SAMR_REJECT_TOO_SHORT) {
printf("expected SAMR_REJECT_TOO_SHORT (%d), got %d\n",
SAMR_REJECT_TOO_SHORT, r.out.reject->reason);
- return False;
+ return false;
}
} else if ((r.out.dominfo->password_history_length > 0) &&
if (r.out.reject->reason != SAMR_REJECT_IN_HISTORY) {
printf("expected SAMR_REJECT_IN_HISTORY (%d), got %d\n",
SAMR_REJECT_IN_HISTORY, r.out.reject->reason);
- return False;
+ return false;
}
} else if (r.out.dominfo->password_properties & DOMAIN_PASSWORD_COMPLEX) {
if (r.out.reject->reason != SAMR_REJECT_COMPLEXITY) {
printf("expected SAMR_REJECT_COMPLEXITY (%d), got %d\n",
SAMR_REJECT_COMPLEXITY, r.out.reject->reason);
- return False;
+ return false;
}
}
/* retry with adjusted size */
return test_ChangePasswordUser3(p, mem_ctx, account_string,
r.out.dominfo->min_password_length,
- password, NULL, 0, False);
+ password, NULL, 0, false);
+
+ }
+ } else if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) {
+ if (r.out.reject && r.out.reject->reason != SAMR_REJECT_OTHER) {
+ printf("expected SAMR_REJECT_OTHER (%d), got %d\n",
+ SAMR_REJECT_OTHER, r.out.reject->reason);
+ return false;
}
+ /* Perhaps the server has a 'min password age' set? */
} else if (!NT_STATUS_IS_OK(status)) {
printf("ChangePasswordUser3 failed - %s\n", nt_errstr(status));
- ret = False;
+ ret = false;
} else {
*password = talloc_strdup(mem_ctx, newpass);
}
}
-static BOOL test_GetMembersInAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_GetMembersInAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *alias_handle)
{
struct samr_GetMembersInAlias r;
struct lsa_SidArray sids;
NTSTATUS status;
- BOOL ret = True;
+ bool ret = true;
printf("Testing GetMembersInAlias\n");
if (!NT_STATUS_IS_OK(status)) {
printf("GetMembersInAlias failed - %s\n",
nt_errstr(status));
- ret = False;
+ ret = false;
}
return ret;
}
-static BOOL test_AddMemberToAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_AddMemberToAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *alias_handle,
const struct dom_sid *domain_sid)
{
struct samr_AddAliasMember r;
struct samr_DeleteAliasMember d;
NTSTATUS status;
- BOOL ret = True;
+ bool ret = true;
struct dom_sid *sid;
sid = dom_sid_add_rid(mem_ctx, domain_sid, 512);
status = dcerpc_samr_AddAliasMember(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
printf("AddAliasMember failed - %s\n", nt_errstr(status));
- ret = False;
+ ret = false;
}
d.in.alias_handle = alias_handle;
status = dcerpc_samr_DeleteAliasMember(p, mem_ctx, &d);
if (!NT_STATUS_IS_OK(status)) {
printf("DelAliasMember failed - %s\n", nt_errstr(status));
- ret = False;
+ ret = false;
}
return ret;
}
-static BOOL test_AddMultipleMembersToAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_AddMultipleMembersToAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *alias_handle)
{
struct samr_AddMultipleMembersToAlias a;
struct samr_RemoveMultipleMembersFromAlias r;
NTSTATUS status;
- BOOL ret = True;
+ bool ret = true;
struct lsa_SidArray sids;
printf("testing AddMultipleMembersToAlias\n");
status = dcerpc_samr_AddMultipleMembersToAlias(p, mem_ctx, &a);
if (!NT_STATUS_IS_OK(status)) {
printf("AddMultipleMembersToAlias failed - %s\n", nt_errstr(status));
- ret = False;
+ ret = false;
}
status = dcerpc_samr_RemoveMultipleMembersFromAlias(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
printf("RemoveMultipleMembersFromAlias failed - %s\n", nt_errstr(status));
- ret = False;
+ ret = false;
}
/* strange! removing twice doesn't give any error */
status = dcerpc_samr_RemoveMultipleMembersFromAlias(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
printf("RemoveMultipleMembersFromAlias failed - %s\n", nt_errstr(status));
- ret = False;
+ ret = false;
}
/* but removing an alias that isn't there does */
status = dcerpc_samr_RemoveMultipleMembersFromAlias(p, mem_ctx, &r);
if (!NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_NOT_FOUND, status)) {
printf("RemoveMultipleMembersFromAlias failed - %s\n", nt_errstr(status));
- ret = False;
+ ret = false;
}
return ret;
}
-static BOOL test_TestPrivateFunctionsUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_TestPrivateFunctionsUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *user_handle)
{
struct samr_TestPrivateFunctionsUser r;
NTSTATUS status;
- BOOL ret = True;
+ bool ret = true;
printf("Testing TestPrivateFunctionsUser\n");
status = dcerpc_samr_TestPrivateFunctionsUser(p, mem_ctx, &r);
if (!NT_STATUS_EQUAL(NT_STATUS_NOT_IMPLEMENTED, status)) {
printf("TestPrivateFunctionsUser failed - %s\n", nt_errstr(status));
- ret = False;
+ ret = false;
}
return ret;
}
-static BOOL test_user_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_user_ops(struct dcerpc_pipe *p,
+ struct torture_context *tctx,
struct policy_handle *user_handle,
struct policy_handle *domain_handle,
uint32_t base_acct_flags,
const char *base_acct_name, enum torture_samr_choice which_ops)
{
- TALLOC_CTX *user_ctx;
char *password = NULL;
+ struct samr_QueryUserInfo q;
+ NTSTATUS status;
- BOOL ret = True;
+ bool ret = true;
int i;
+ uint32_t rid;
const uint32_t password_fields[] = {
SAMR_FIELD_PASSWORD,
SAMR_FIELD_PASSWORD2,
0
};
- user_ctx = talloc_named(mem_ctx, 0, "test_user_ops per-user context");
+ status = test_LookupName(p, tctx, domain_handle, base_acct_name, &rid);
+ if (!NT_STATUS_IS_OK(status)) {
+ ret = false;
+ }
+
switch (which_ops) {
case TORTURE_SAMR_USER_ATTRIBUTES:
- if (!test_QuerySecurity(p, user_ctx, user_handle)) {
- ret = False;
+ if (!test_QuerySecurity(p, tctx, user_handle)) {
+ ret = false;
}
- if (!test_QueryUserInfo(p, user_ctx, user_handle)) {
- ret = False;
+ if (!test_QueryUserInfo(p, tctx, user_handle)) {
+ ret = false;
}
- if (!test_QueryUserInfo2(p, user_ctx, user_handle)) {
- ret = False;
+ if (!test_QueryUserInfo2(p, tctx, user_handle)) {
+ ret = false;
}
- if (!test_SetUserInfo(p, user_ctx, user_handle, base_acct_flags,
+ if (!test_SetUserInfo(p, tctx, user_handle, base_acct_flags,
base_acct_name)) {
- ret = False;
+ ret = false;
}
- if (!test_GetUserPwInfo(p, user_ctx, user_handle)) {
- ret = False;
+ if (!test_GetUserPwInfo(p, tctx, user_handle)) {
+ ret = false;
}
- if (!test_TestPrivateFunctionsUser(p, user_ctx, user_handle)) {
- ret = False;
+ if (!test_TestPrivateFunctionsUser(p, tctx, user_handle)) {
+ ret = false;
}
- if (!test_SetUserPass(p, user_ctx, user_handle, &password)) {
- ret = False;
+ if (!test_SetUserPass(p, tctx, user_handle, &password)) {
+ ret = false;
}
break;
case TORTURE_SAMR_PASSWORDS:
+ if (base_acct_flags & (ACB_WSTRUST|ACB_DOMTRUST|ACB_SVRTRUST)) {
+ char simple_pass[9];
+ char *v = generate_random_str(tctx, 1);
+
+ ZERO_STRUCT(simple_pass);
+ memset(simple_pass, *v, sizeof(simple_pass) - 1);
+
+ printf("Testing machine account password policy rules\n");
+
+ /* Workstation trust accounts don't seem to need to honour password quality policy */
+ if (!test_SetUserPassEx(p, tctx, user_handle, true, &password)) {
+ ret = false;
+ }
+
+ if (!test_ChangePasswordUser2(p, tctx, base_acct_name, &password, simple_pass, false)) {
+ ret = false;
+ }
+
+ /* reset again, to allow another 'user' password change */
+ if (!test_SetUserPassEx(p, tctx, user_handle, true, &password)) {
+ ret = false;
+ }
+
+ /* Try a 'short' password */
+ if (!test_ChangePasswordUser2(p, tctx, base_acct_name, &password, samr_rand_pass(tctx, 4), false)) {
+ ret = false;
+ }
+
+ }
+
for (i = 0; password_fields[i]; i++) {
- if (!test_SetUserPass_23(p, user_ctx, user_handle, password_fields[i], &password)) {
- ret = False;
+ if (!test_SetUserPass_23(p, tctx, user_handle, password_fields[i], &password)) {
+ ret = false;
}
/* check it was set right */
- if (!test_ChangePasswordUser3(p, user_ctx, base_acct_name, 0, &password, NULL, 0, False)) {
- ret = False;
+ if (!test_ChangePasswordUser3(p, tctx, base_acct_name, 0, &password, NULL, 0, false)) {
+ ret = false;
}
}
for (i = 0; password_fields[i]; i++) {
- if (!test_SetUserPass_25(p, user_ctx, user_handle, password_fields[i], &password)) {
- ret = False;
+ if (!test_SetUserPass_25(p, tctx, user_handle, password_fields[i], &password)) {
+ ret = false;
}
/* check it was set right */
- if (!test_ChangePasswordUser3(p, user_ctx, base_acct_name, 0, &password, NULL, 0, False)) {
- ret = False;
+ if (!test_ChangePasswordUser3(p, tctx, base_acct_name, 0, &password, NULL, 0, false)) {
+ ret = false;
}
}
- if (!test_SetUserPassEx(p, user_ctx, user_handle, &password)) {
- ret = False;
+ if (!test_SetUserPassEx(p, tctx, user_handle, false, &password)) {
+ ret = false;
}
- if (!test_ChangePassword(p, user_ctx, base_acct_name, domain_handle, &password)) {
- ret = False;
+ if (!test_ChangePassword(p, tctx, base_acct_name, domain_handle, &password)) {
+ ret = false;
}
+
+ q.in.user_handle = user_handle;
+ q.in.level = 5;
+
+ status = dcerpc_samr_QueryUserInfo(p, tctx, &q);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("QueryUserInfo level %u failed - %s\n",
+ q.in.level, nt_errstr(status));
+ ret = false;
+ } else {
+ uint32_t expected_flags = (base_acct_flags | ACB_PWNOTREQ | ACB_DISABLED);
+ if ((q.out.info->info5.acct_flags) != expected_flags) {
+ printf("QuerUserInfo level 5 failed, it returned 0x%08x when we expected flags of 0x%08x\n",
+ q.out.info->info5.acct_flags,
+ expected_flags);
+ ret = false;
+ }
+ if (q.out.info->info5.rid != rid) {
+ printf("QuerUserInfo level 5 failed, it returned %u when we expected rid of %u\n",
+ q.out.info->info5.rid, rid);
+
+ }
+ }
+
break;
case TORTURE_SAMR_OTHER:
/* We just need the account to exist */
break;
}
- talloc_free(user_ctx);
return ret;
}
-static BOOL test_alias_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_alias_ops(struct dcerpc_pipe *p, struct torture_context *tctx,
struct policy_handle *alias_handle,
const struct dom_sid *domain_sid)
{
- BOOL ret = True;
+ bool ret = true;
- if (!test_QuerySecurity(p, mem_ctx, alias_handle)) {
- ret = False;
+ if (!test_QuerySecurity(p, tctx, alias_handle)) {
+ ret = false;
}
- if (!test_QueryAliasInfo(p, mem_ctx, alias_handle)) {
- ret = False;
+ if (!test_QueryAliasInfo(p, tctx, alias_handle)) {
+ ret = false;
}
- if (!test_SetAliasInfo(p, mem_ctx, alias_handle)) {
- ret = False;
+ if (!test_SetAliasInfo(p, tctx, alias_handle)) {
+ ret = false;
}
- if (!test_AddMemberToAlias(p, mem_ctx, alias_handle, domain_sid)) {
- ret = False;
+ if (!test_AddMemberToAlias(p, tctx, alias_handle, domain_sid)) {
+ ret = false;
}
- if (lp_parm_bool(-1, "torture", "samba4", False)) {
+ if (torture_setting_bool(tctx, "samba4", false)) {
printf("skipping MultipleMembers Alias tests against Samba4\n");
return ret;
}
- if (!test_AddMultipleMembersToAlias(p, mem_ctx, alias_handle)) {
- ret = False;
+ if (!test_AddMultipleMembersToAlias(p, tctx, alias_handle)) {
+ ret = false;
}
return ret;
}
-static BOOL test_DeleteUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_DeleteUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *user_handle)
{
struct samr_DeleteUser d;
NTSTATUS status;
- BOOL ret = True;
+ bool ret = true;
printf("Testing DeleteUser\n");
d.in.user_handle = user_handle;
status = dcerpc_samr_DeleteUser(p, mem_ctx, &d);
if (!NT_STATUS_IS_OK(status)) {
printf("DeleteUser failed - %s\n", nt_errstr(status));
- ret = False;
+ ret = false;
}
return ret;
}
-BOOL test_DeleteUser_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+bool test_DeleteUser_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *handle, const char *name)
{
NTSTATUS status;
goto failed;
}
- return True;
+ return true;
failed:
printf("DeleteUser_byname(%s) failed - %s\n", name, nt_errstr(status));
- return False;
+ return false;
}
-static BOOL test_DeleteGroup_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_DeleteGroup_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *handle, const char *name)
{
NTSTATUS status;
goto failed;
}
- return True;
+ return true;
failed:
printf("DeleteGroup_byname(%s) failed - %s\n", name, nt_errstr(status));
- return False;
+ return false;
}
-static BOOL test_DeleteAlias_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_DeleteAlias_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *domain_handle, const char *name)
{
NTSTATUS status;
goto failed;
}
- return True;
+ return true;
failed:
printf("DeleteAlias_byname(%s) failed - %s\n", name, nt_errstr(status));
- return False;
+ return false;
}
-static BOOL test_DeleteAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_DeleteAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *alias_handle)
{
struct samr_DeleteDomAlias d;
NTSTATUS status;
- BOOL ret = True;
+ bool ret = true;
printf("Testing DeleteAlias\n");
d.in.alias_handle = alias_handle;
status = dcerpc_samr_DeleteDomAlias(p, mem_ctx, &d);
if (!NT_STATUS_IS_OK(status)) {
printf("DeleteAlias failed - %s\n", nt_errstr(status));
- ret = False;
+ ret = false;
}
return ret;
}
-static BOOL test_CreateAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_CreateAlias(struct dcerpc_pipe *p, struct torture_context *tctx,
struct policy_handle *domain_handle,
struct policy_handle *alias_handle,
const struct dom_sid *domain_sid)
struct samr_CreateDomAlias r;
struct lsa_String name;
uint32_t rid;
- BOOL ret = True;
+ bool ret = true;
init_lsa_String(&name, TEST_ALIASNAME);
r.in.domain_handle = domain_handle;
printf("Testing CreateAlias (%s)\n", r.in.alias_name->string);
- status = dcerpc_samr_CreateDomAlias(p, mem_ctx, &r);
+ status = dcerpc_samr_CreateDomAlias(p, tctx, &r);
- if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
- printf("Server refused create of '%s'\n", r.in.alias_name->string);
- return True;
+ if (dom_sid_equal(domain_sid, dom_sid_parse_talloc(tctx, SID_BUILTIN))) {
+ if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
+ printf("Server correctly refused create of '%s'\n", r.in.alias_name->string);
+ return true;
+ } else {
+ printf("Server should have refused create of '%s', got %s instead\n", r.in.alias_name->string,
+ nt_errstr(status));
+ return false;
+ }
}
if (NT_STATUS_EQUAL(status, NT_STATUS_ALIAS_EXISTS)) {
- if (!test_DeleteAlias_byname(p, mem_ctx, domain_handle, r.in.alias_name->string)) {
- return False;
+ if (!test_DeleteAlias_byname(p, tctx, domain_handle, r.in.alias_name->string)) {
+ return false;
}
- status = dcerpc_samr_CreateDomAlias(p, mem_ctx, &r);
+ status = dcerpc_samr_CreateDomAlias(p, tctx, &r);
}
if (!NT_STATUS_IS_OK(status)) {
printf("CreateAlias failed - %s\n", nt_errstr(status));
- return False;
+ return false;
}
- if (!test_alias_ops(p, mem_ctx, alias_handle, domain_sid)) {
- ret = False;
+ if (!test_alias_ops(p, tctx, alias_handle, domain_sid)) {
+ ret = false;
}
return ret;
}
-static BOOL test_ChangePassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_ChangePassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
const char *acct_name,
struct policy_handle *domain_handle, char **password)
{
- BOOL ret = True;
+ bool ret = true;
if (!*password) {
- return False;
+ return false;
}
if (!test_ChangePasswordUser(p, mem_ctx, acct_name, domain_handle, password)) {
- ret = False;
+ ret = false;
}
- if (!test_ChangePasswordUser2(p, mem_ctx, acct_name, domain_handle, password)) {
- ret = False;
+ if (!test_ChangePasswordUser2(p, mem_ctx, acct_name, password, 0, true)) {
+ ret = false;
}
if (!test_OemChangePasswordUser2(p, mem_ctx, acct_name, domain_handle, password)) {
- ret = False;
+ ret = false;
}
/* test what happens when setting the old password again */
- if (!test_ChangePasswordUser3(p, mem_ctx, acct_name, 0, password, *password, 0, True)) {
- ret = False;
+ if (!test_ChangePasswordUser3(p, mem_ctx, acct_name, 0, password, *password, 0, true)) {
+ ret = false;
}
{
memset(simple_pass, *v, sizeof(simple_pass) - 1);
/* test what happens when picking a simple password */
- if (!test_ChangePasswordUser3(p, mem_ctx, acct_name, 0, password, simple_pass, 0, True)) {
- ret = False;
+ if (!test_ChangePasswordUser3(p, mem_ctx, acct_name, 0, password, simple_pass, 0, true)) {
+ ret = false;
}
}
struct samr_SetDomainInfo s;
uint16_t len_old, len;
uint32_t pwd_prop_old;
+ int64_t min_pwd_age_old;
NTSTATUS status;
len = 5;
printf("testing samr_QueryDomainInfo level 1\n");
status = dcerpc_samr_QueryDomainInfo(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
- return False;
+ return false;
}
s.in.domain_handle = domain_handle;
/* turn off password complexity checks for this test */
s.in.info->info1.password_properties &= ~DOMAIN_PASSWORD_COMPLEX;
+ min_pwd_age_old = s.in.info->info1.min_password_age;
+ s.in.info->info1.min_password_age = 0;
+
printf("testing samr_SetDomainInfo level 1\n");
status = dcerpc_samr_SetDomainInfo(p, mem_ctx, &s);
if (!NT_STATUS_IS_OK(status)) {
- return False;
+ return false;
}
printf("calling test_ChangePasswordUser3 with too short password\n");
- if (!test_ChangePasswordUser3(p, mem_ctx, acct_name, len - 1, password, NULL, 0, True)) {
- ret = False;
+ if (!test_ChangePasswordUser3(p, mem_ctx, acct_name, len - 1, password, NULL, 0, true)) {
+ ret = false;
}
s.in.info->info1.min_password_length = len_old;
s.in.info->info1.password_properties = pwd_prop_old;
+ s.in.info->info1.min_password_age = min_pwd_age_old;
printf("testing samr_SetDomainInfo level 1\n");
status = dcerpc_samr_SetDomainInfo(p, mem_ctx, &s);
if (!NT_STATUS_IS_OK(status)) {
- return False;
+ return false;
}
}
status = dcerpc_samr_LookupNames(p, mem_ctx, &n);
if (!NT_STATUS_IS_OK(status)) {
printf("LookupNames failed - %s\n", nt_errstr(status));
- return False;
+ return false;
}
r.in.domain_handle = domain_handle;
status = dcerpc_samr_OpenUser(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
printf("OpenUser(%u) failed - %s\n", n.out.rids.ids[0], nt_errstr(status));
- return False;
+ return false;
}
q.in.user_handle = &user_handle;
status = dcerpc_samr_QueryUserInfo(p, mem_ctx, &q);
if (!NT_STATUS_IS_OK(status)) {
printf("QueryUserInfo failed - %s\n", nt_errstr(status));
- return False;
+ return false;
}
printf("calling test_ChangePasswordUser3 with too early password change\n");
if (!test_ChangePasswordUser3(p, mem_ctx, acct_name, 0, password, NULL,
- q.out.info->info5.last_password_change, True)) {
- ret = False;
+ q.out.info->info5.last_password_change, true)) {
+ ret = false;
}
}
/* we change passwords twice - this has the effect of verifying
they were changed correctly for the final call */
- if (!test_ChangePasswordUser3(p, mem_ctx, acct_name, 0, password, NULL, 0, True)) {
- ret = False;
+ if (!test_ChangePasswordUser3(p, mem_ctx, acct_name, 0, password, NULL, 0, true)) {
+ ret = false;
}
- if (!test_ChangePasswordUser3(p, mem_ctx, acct_name, 0, password, NULL, 0, True)) {
- ret = False;
+ if (!test_ChangePasswordUser3(p, mem_ctx, acct_name, 0, password, NULL, 0, true)) {
+ ret = false;
}
return ret;
}
-static BOOL test_CreateUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_CreateUser(struct dcerpc_pipe *p, struct torture_context *tctx,
struct policy_handle *domain_handle,
- struct policy_handle *user_handle_out,
+ struct policy_handle *user_handle_out,
+ struct dom_sid *domain_sid,
enum torture_samr_choice which_ops)
{
/* This call creates a 'normal' account - check that it really does */
const uint32_t acct_flags = ACB_NORMAL;
struct lsa_String name;
- BOOL ret = True;
+ bool ret = true;
struct policy_handle user_handle;
- user_ctx = talloc_named(mem_ctx, 0, "test_CreateUser2 per-user context");
+ user_ctx = talloc_named(tctx, 0, "test_CreateUser2 per-user context");
init_lsa_String(&name, TEST_ACCOUNT_NAME);
r.in.domain_handle = domain_handle;
status = dcerpc_samr_CreateUser(p, user_ctx, &r);
- if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
- printf("Server refused create of '%s': %s\n", r.in.account_name->string, nt_errstr(status));
- talloc_free(user_ctx);
- return True;
+ if (dom_sid_equal(domain_sid, dom_sid_parse_talloc(tctx, SID_BUILTIN))) {
+ if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
+ printf("Server correctly refused create of '%s'\n", r.in.account_name->string);
+ return true;
+ } else {
+ printf("Server should have refused create of '%s', got %s instead\n", r.in.account_name->string,
+ nt_errstr(status));
+ return false;
+ }
}
if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
if (!test_DeleteUser_byname(p, user_ctx, domain_handle, r.in.account_name->string)) {
talloc_free(user_ctx);
- return False;
+ return false;
}
status = dcerpc_samr_CreateUser(p, user_ctx, &r);
}
if (!NT_STATUS_IS_OK(status)) {
talloc_free(user_ctx);
printf("CreateUser failed - %s\n", nt_errstr(status));
- return False;
+ return false;
} else {
q.in.user_handle = &user_handle;
q.in.level = 16;
if (!NT_STATUS_IS_OK(status)) {
printf("QueryUserInfo level %u failed - %s\n",
q.in.level, nt_errstr(status));
- ret = False;
+ ret = false;
} else {
if ((q.out.info->info16.acct_flags & acct_flags) != acct_flags) {
printf("QuerUserInfo level 16 failed, it returned 0x%08x when we expected flags of 0x%08x\n",
q.out.info->info16.acct_flags,
acct_flags);
- ret = False;
+ ret = false;
}
}
- if (!test_user_ops(p, user_ctx, &user_handle, domain_handle,
+ if (!test_user_ops(p, tctx, &user_handle, domain_handle,
acct_flags, name.string, which_ops)) {
- ret = False;
+ ret = false;
}
if (user_handle_out) {
status = dcerpc_samr_DeleteUser(p, user_ctx, &d);
if (!NT_STATUS_IS_OK(status)) {
printf("DeleteUser failed - %s\n", nt_errstr(status));
- ret = False;
+ ret = false;
}
}
}
-static BOOL test_CreateUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
- struct policy_handle *domain_handle, enum torture_samr_choice which_ops)
+static bool test_CreateUser2(struct dcerpc_pipe *p, struct torture_context *tctx,
+ struct policy_handle *domain_handle,
+ struct dom_sid *domain_sid,
+ enum torture_samr_choice which_ops)
{
NTSTATUS status;
struct samr_CreateUser2 r;
struct policy_handle user_handle;
uint32_t rid;
struct lsa_String name;
- BOOL ret = True;
+ bool ret = true;
int i;
struct {
TALLOC_CTX *user_ctx;
uint32_t acct_flags = account_types[i].acct_flags;
uint32_t access_granted;
- user_ctx = talloc_named(mem_ctx, 0, "test_CreateUser2 per-user context");
+ user_ctx = talloc_named(tctx, 0, "test_CreateUser2 per-user context");
init_lsa_String(&name, account_types[i].account_name);
r.in.domain_handle = domain_handle;
status = dcerpc_samr_CreateUser2(p, user_ctx, &r);
- if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
- talloc_free(user_ctx);
- printf("Server refused create of '%s'\n", r.in.account_name->string);
- continue;
+ if (dom_sid_equal(domain_sid, dom_sid_parse_talloc(tctx, SID_BUILTIN))) {
+ if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
+ printf("Server correctly refused create of '%s'\n", r.in.account_name->string);
+ continue;
+ } else {
+ printf("Server should have refused create of '%s', got %s instead\n", r.in.account_name->string,
+ nt_errstr(status));
+ ret = false;
+ continue;
+ }
+ }
- } else if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
+ if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
if (!test_DeleteUser_byname(p, user_ctx, domain_handle, r.in.account_name->string)) {
talloc_free(user_ctx);
- ret = False;
+ ret = false;
continue;
}
status = dcerpc_samr_CreateUser2(p, user_ctx, &r);
if (!NT_STATUS_EQUAL(status, account_types[i].nt_status)) {
printf("CreateUser2 failed gave incorrect error return - %s (should be %s)\n",
nt_errstr(status), nt_errstr(account_types[i].nt_status));
- ret = False;
+ ret = false;
}
if (NT_STATUS_IS_OK(status)) {
q.in.user_handle = &user_handle;
- q.in.level = 16;
+ q.in.level = 5;
status = dcerpc_samr_QueryUserInfo(p, user_ctx, &q);
if (!NT_STATUS_IS_OK(status)) {
printf("QueryUserInfo level %u failed - %s\n",
q.in.level, nt_errstr(status));
- ret = False;
+ ret = false;
} else {
- if ((q.out.info->info16.acct_flags & acct_flags) != acct_flags) {
- printf("QuerUserInfo level 16 failed, it returned 0x%08x when we expected flags of 0x%08x\n",
- q.out.info->info16.acct_flags,
- acct_flags);
- ret = False;
+ uint32_t expected_flags = (acct_flags | ACB_PWNOTREQ | ACB_DISABLED);
+ if (acct_flags == ACB_NORMAL) {
+ expected_flags |= ACB_PW_EXPIRED;
+ }
+ if ((q.out.info->info5.acct_flags) != expected_flags) {
+ printf("QuerUserInfo level 5 failed, it returned 0x%08x when we expected flags of 0x%08x\n",
+ q.out.info->info5.acct_flags,
+ expected_flags);
+ ret = false;
+ }
+ switch (acct_flags) {
+ case ACB_SVRTRUST:
+ if (q.out.info->info5.primary_gid != DOMAIN_RID_DCS) {
+ printf("QuerUserInfo level 5: DC should have had Primary Group %d, got %d\n",
+ DOMAIN_RID_DCS, q.out.info->info5.primary_gid);
+ ret = false;
+ }
+ break;
+ case ACB_WSTRUST:
+ if (q.out.info->info5.primary_gid != DOMAIN_RID_DOMAIN_MEMBERS) {
+ printf("QuerUserInfo level 5: Domain Member should have had Primary Group %d, got %d\n",
+ DOMAIN_RID_DOMAIN_MEMBERS, q.out.info->info5.primary_gid);
+ ret = false;
+ }
+ break;
+ case ACB_NORMAL:
+ if (q.out.info->info5.primary_gid != DOMAIN_RID_USERS) {
+ printf("QuerUserInfo level 5: Users should have had Primary Group %d, got %d\n",
+ DOMAIN_RID_USERS, q.out.info->info5.primary_gid);
+ ret = false;
+ }
+ break;
}
}
- if (!test_user_ops(p, user_ctx, &user_handle, domain_handle,
+ if (!test_user_ops(p, tctx, &user_handle, domain_handle,
acct_flags, name.string, which_ops)) {
- ret = False;
+ ret = false;
}
printf("Testing DeleteUser (createuser2 test)\n");
status = dcerpc_samr_DeleteUser(p, user_ctx, &d);
if (!NT_STATUS_IS_OK(status)) {
printf("DeleteUser failed - %s\n", nt_errstr(status));
- ret = False;
+ ret = false;
}
}
talloc_free(user_ctx);
return ret;
}
-static BOOL test_QueryAliasInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_QueryAliasInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *handle)
{
NTSTATUS status;
struct samr_QueryAliasInfo r;
uint16_t levels[] = {1, 2, 3};
int i;
- BOOL ret = True;
+ bool ret = true;
for (i=0;i<ARRAY_SIZE(levels);i++) {
printf("Testing QueryAliasInfo level %u\n", levels[i]);
if (!NT_STATUS_IS_OK(status)) {
printf("QueryAliasInfo level %u failed - %s\n",
levels[i], nt_errstr(status));
- ret = False;
+ ret = false;
}
}
return ret;
}
-static BOOL test_QueryGroupInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_QueryGroupInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *handle)
{
NTSTATUS status;
struct samr_QueryGroupInfo r;
uint16_t levels[] = {1, 2, 3, 4, 5};
int i;
- BOOL ret = True;
+ bool ret = true;
for (i=0;i<ARRAY_SIZE(levels);i++) {
printf("Testing QueryGroupInfo level %u\n", levels[i]);
if (!NT_STATUS_IS_OK(status)) {
printf("QueryGroupInfo level %u failed - %s\n",
levels[i], nt_errstr(status));
- ret = False;
+ ret = false;
}
}
return ret;
}
-static BOOL test_QueryGroupMember(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_QueryGroupMember(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *handle)
{
NTSTATUS status;
struct samr_QueryGroupMember r;
- BOOL ret = True;
+ bool ret = true;
printf("Testing QueryGroupMember\n");
status = dcerpc_samr_QueryGroupMember(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
printf("QueryGroupInfo failed - %s\n", nt_errstr(status));
- ret = False;
+ ret = false;
}
return ret;
}
-static BOOL test_SetGroupInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_SetGroupInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *handle)
{
NTSTATUS status;
uint16_t levels[] = {1, 2, 3, 4};
uint16_t set_ok[] = {0, 1, 1, 1};
int i;
- BOOL ret = True;
+ bool ret = true;
for (i=0;i<ARRAY_SIZE(levels);i++) {
printf("Testing QueryGroupInfo level %u\n", levels[i]);
if (!NT_STATUS_IS_OK(status)) {
printf("QueryGroupInfo level %u failed - %s\n",
levels[i], nt_errstr(status));
- ret = False;
+ ret = false;
}
printf("Testing SetGroupInfo level %u\n", levels[i]);
if (!NT_STATUS_IS_OK(status)) {
printf("SetGroupInfo level %u failed - %s\n",
r.in.level, nt_errstr(status));
- ret = False;
+ ret = false;
continue;
}
} else {
if (!NT_STATUS_EQUAL(NT_STATUS_INVALID_INFO_CLASS, status)) {
printf("SetGroupInfo level %u gave %s - should have been NT_STATUS_INVALID_INFO_CLASS\n",
r.in.level, nt_errstr(status));
- ret = False;
+ ret = false;
continue;
}
}
return ret;
}
-static BOOL test_QueryUserInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_QueryUserInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *handle)
{
NTSTATUS status;
uint16_t levels[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
11, 12, 13, 14, 16, 17, 20, 21};
int i;
- BOOL ret = True;
+ bool ret = true;
for (i=0;i<ARRAY_SIZE(levels);i++) {
printf("Testing QueryUserInfo level %u\n", levels[i]);
if (!NT_STATUS_IS_OK(status)) {
printf("QueryUserInfo level %u failed - %s\n",
levels[i], nt_errstr(status));
- ret = False;
+ ret = false;
}
}
return ret;
}
-static BOOL test_QueryUserInfo2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_QueryUserInfo2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *handle)
{
NTSTATUS status;
uint16_t levels[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
11, 12, 13, 14, 16, 17, 20, 21};
int i;
- BOOL ret = True;
+ bool ret = true;
for (i=0;i<ARRAY_SIZE(levels);i++) {
printf("Testing QueryUserInfo2 level %u\n", levels[i]);
if (!NT_STATUS_IS_OK(status)) {
printf("QueryUserInfo2 level %u failed - %s\n",
levels[i], nt_errstr(status));
- ret = False;
+ ret = false;
}
}
return ret;
}
-static BOOL test_OpenUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_OpenUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *handle, uint32_t rid)
{
NTSTATUS status;
struct samr_OpenUser r;
struct policy_handle user_handle;
- BOOL ret = True;
+ bool ret = true;
printf("Testing OpenUser(%u)\n", rid);
status = dcerpc_samr_OpenUser(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
printf("OpenUser(%u) failed - %s\n", rid, nt_errstr(status));
- return False;
+ return false;
}
if (!test_QuerySecurity(p, mem_ctx, &user_handle)) {
- ret = False;
+ ret = false;
}
if (!test_QueryUserInfo(p, mem_ctx, &user_handle)) {
- ret = False;
+ ret = false;
}
if (!test_QueryUserInfo2(p, mem_ctx, &user_handle)) {
- ret = False;
+ ret = false;
}
if (!test_GetUserPwInfo(p, mem_ctx, &user_handle)) {
- ret = False;
+ ret = false;
}
if (!test_GetGroupsForUser(p,mem_ctx, &user_handle)) {
- ret = False;
+ ret = false;
}
if (!test_samr_handle_Close(p, mem_ctx, &user_handle)) {
- ret = False;
+ ret = false;
}
return ret;
}
-static BOOL test_OpenGroup(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_OpenGroup(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *handle, uint32_t rid)
{
NTSTATUS status;
struct samr_OpenGroup r;
struct policy_handle group_handle;
- BOOL ret = True;
+ bool ret = true;
printf("Testing OpenGroup(%u)\n", rid);
status = dcerpc_samr_OpenGroup(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
printf("OpenGroup(%u) failed - %s\n", rid, nt_errstr(status));
- return False;
+ return false;
}
if (!test_QuerySecurity(p, mem_ctx, &group_handle)) {
- ret = False;
+ ret = false;
}
if (!test_QueryGroupInfo(p, mem_ctx, &group_handle)) {
- ret = False;
+ ret = false;
}
if (!test_QueryGroupMember(p, mem_ctx, &group_handle)) {
- ret = False;
+ ret = false;
}
if (!test_samr_handle_Close(p, mem_ctx, &group_handle)) {
- ret = False;
+ ret = false;
}
return ret;
}
-static BOOL test_OpenAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_OpenAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *handle, uint32_t rid)
{
NTSTATUS status;
struct samr_OpenAlias r;
struct policy_handle alias_handle;
- BOOL ret = True;
+ bool ret = true;
printf("Testing OpenAlias(%u)\n", rid);
status = dcerpc_samr_OpenAlias(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
printf("OpenAlias(%u) failed - %s\n", rid, nt_errstr(status));
- return False;
+ return false;
}
if (!test_QuerySecurity(p, mem_ctx, &alias_handle)) {
- ret = False;
+ ret = false;
}
if (!test_QueryAliasInfo(p, mem_ctx, &alias_handle)) {
- ret = False;
+ ret = false;
}
if (!test_GetMembersInAlias(p, mem_ctx, &alias_handle)) {
- ret = False;
+ ret = false;
}
if (!test_samr_handle_Close(p, mem_ctx, &alias_handle)) {
- ret = False;
+ ret = false;
}
return ret;
}
-static BOOL check_mask(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool check_mask(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *handle, uint32_t rid,
uint32_t acct_flag_mask)
{
struct samr_OpenUser r;
struct samr_QueryUserInfo q;
struct policy_handle user_handle;
- BOOL ret = True;
+ bool ret = true;
printf("Testing OpenUser(%u)\n", rid);
status = dcerpc_samr_OpenUser(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
printf("OpenUser(%u) failed - %s\n", rid, nt_errstr(status));
- return False;
+ return false;
}
q.in.user_handle = &user_handle;
if (!NT_STATUS_IS_OK(status)) {
printf("QueryUserInfo level 16 failed - %s\n",
nt_errstr(status));
- ret = False;
+ ret = false;
} else {
if ((acct_flag_mask & q.out.info->info16.acct_flags) == 0) {
printf("Server failed to filter for 0x%x, allowed 0x%x (%d) on EnumDomainUsers\n",
acct_flag_mask, q.out.info->info16.acct_flags, rid);
- ret = False;
+ ret = false;
}
}
if (!test_samr_handle_Close(p, mem_ctx, &user_handle)) {
- ret = False;
+ ret = false;
}
return ret;
}
-static BOOL test_EnumDomainUsers(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_EnumDomainUsers(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *handle)
{
NTSTATUS status = STATUS_MORE_ENTRIES;
struct samr_EnumDomainUsers r;
uint32_t mask, resume_handle=0;
int i, mask_idx;
- BOOL ret = True;
+ bool ret = true;
struct samr_LookupNames n;
struct samr_LookupRids lr ;
uint32_t masks[] = {ACB_NORMAL, ACB_DOMTRUST, ACB_WSTRUST,
if (!NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES) &&
!NT_STATUS_IS_OK(status)) {
printf("EnumDomainUsers failed - %s\n", nt_errstr(status));
- return False;
+ return false;
}
if (!r.out.sam) {
printf("EnumDomainUsers failed: r.out.sam unexpectedly NULL\n");
- return False;
+ return false;
}
if (r.out.sam->count == 0) {
for (i=0;i<r.out.sam->count;i++) {
if (mask) {
if (!check_mask(p, mem_ctx, handle, r.out.sam->entries[i].idx, mask)) {
- ret = False;
+ ret = false;
}
} else if (!test_OpenUser(p, mem_ctx, handle, r.out.sam->entries[i].idx)) {
- ret = False;
+ ret = false;
}
}
}
status = dcerpc_samr_LookupNames(p, mem_ctx, &n);
if (!NT_STATUS_IS_OK(status)) {
printf("LookupNames failed - %s\n", nt_errstr(status));
- ret = False;
+ ret = false;
}
status = dcerpc_samr_LookupRids(p, mem_ctx, &lr);
if (!NT_STATUS_IS_OK(status)) {
printf("LookupRids failed - %s\n", nt_errstr(status));
- ret = False;
+ ret = false;
}
return ret;
/*
try blasting the server with a bunch of sync requests
*/
-static BOOL test_EnumDomainUsers_async(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_EnumDomainUsers_async(struct dcerpc_pipe *p, TALLOC_CTX *tctx,
struct policy_handle *handle)
{
NTSTATUS status;
#define ASYNC_COUNT 100
struct rpc_request *req[ASYNC_COUNT];
- if (!lp_parm_bool(-1, "torture", "dangerous", False)) {
+ if (!torture_setting_bool(tctx, "dangerous", false)) {
printf("samr async test disabled - enable dangerous tests to use\n");
- return True;
+ return true;
}
printf("Testing EnumDomainUsers_async\n");
r.out.resume_handle = &resume_handle;
for (i=0;i<ASYNC_COUNT;i++) {
- req[i] = dcerpc_samr_EnumDomainUsers_send(p, mem_ctx, &r);
+ req[i] = dcerpc_samr_EnumDomainUsers_send(p, tctx, &r);
}
for (i=0;i<ASYNC_COUNT;i++) {
if (!NT_STATUS_IS_OK(status)) {
printf("EnumDomainUsers[%d] failed - %s\n",
i, nt_errstr(status));
- return False;
+ return false;
}
}
printf("%d async requests OK\n", i);
- return True;
+ return true;
}
-static BOOL test_EnumDomainGroups(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_EnumDomainGroups(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *handle)
{
NTSTATUS status;
struct samr_EnumDomainGroups r;
uint32_t resume_handle=0;
int i;
- BOOL ret = True;
+ bool ret = true;
printf("Testing EnumDomainGroups\n");
status = dcerpc_samr_EnumDomainGroups(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
printf("EnumDomainGroups failed - %s\n", nt_errstr(status));
- return False;
+ return false;
}
if (!r.out.sam) {
- return False;
+ return false;
}
for (i=0;i<r.out.sam->count;i++) {
if (!test_OpenGroup(p, mem_ctx, handle, r.out.sam->entries[i].idx)) {
- ret = False;
+ ret = false;
}
}
return ret;
}
-static BOOL test_EnumDomainAliases(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_EnumDomainAliases(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *handle)
{
NTSTATUS status;
struct samr_EnumDomainAliases r;
uint32_t resume_handle=0;
int i;
- BOOL ret = True;
+ bool ret = true;
printf("Testing EnumDomainAliases\n");
status = dcerpc_samr_EnumDomainAliases(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
printf("EnumDomainAliases failed - %s\n", nt_errstr(status));
- return False;
+ return false;
}
if (!r.out.sam) {
- return False;
+ return false;
}
for (i=0;i<r.out.sam->count;i++) {
if (!test_OpenAlias(p, mem_ctx, handle, r.out.sam->entries[i].idx)) {
- ret = False;
+ ret = false;
}
}
return ret;
}
-static BOOL test_GetDisplayEnumerationIndex(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_GetDisplayEnumerationIndex(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *handle)
{
NTSTATUS status;
struct samr_GetDisplayEnumerationIndex r;
- BOOL ret = True;
+ bool ret = true;
uint16_t levels[] = {1, 2, 3, 4, 5};
uint16_t ok_lvl[] = {1, 1, 1, 0, 0};
int i;
!NT_STATUS_EQUAL(NT_STATUS_NO_MORE_ENTRIES, status)) {
printf("GetDisplayEnumerationIndex level %u failed - %s\n",
levels[i], nt_errstr(status));
- ret = False;
+ ret = false;
}
init_lsa_String(&r.in.name, "zzzzzzzz");
if (ok_lvl[i] && !NT_STATUS_EQUAL(NT_STATUS_NO_MORE_ENTRIES, status)) {
printf("GetDisplayEnumerationIndex level %u failed - %s\n",
levels[i], nt_errstr(status));
- ret = False;
+ ret = false;
}
}
return ret;
}
-static BOOL test_GetDisplayEnumerationIndex2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_GetDisplayEnumerationIndex2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *handle)
{
NTSTATUS status;
struct samr_GetDisplayEnumerationIndex2 r;
- BOOL ret = True;
+ bool ret = true;
uint16_t levels[] = {1, 2, 3, 4, 5};
uint16_t ok_lvl[] = {1, 1, 1, 0, 0};
int i;
!NT_STATUS_EQUAL(NT_STATUS_NO_MORE_ENTRIES, status)) {
printf("GetDisplayEnumerationIndex2 level %u failed - %s\n",
levels[i], nt_errstr(status));
- ret = False;
+ ret = false;
}
init_lsa_String(&r.in.name, "zzzzzzzz");
if (ok_lvl[i] && !NT_STATUS_EQUAL(NT_STATUS_NO_MORE_ENTRIES, status)) {
printf("GetDisplayEnumerationIndex2 level %u failed - %s\n",
levels[i], nt_errstr(status));
- ret = False;
+ ret = false;
}
}
} else if ((s1.string && !s2.string) || (s2.string && !s1.string) || strcmp(s1.string, s2.string)) { \
printf("%s mismatch for %s: %s != %s (%s)\n", \
#s1, user.string, s1.string, s2.string, __location__); \
- ret = False; \
+ ret = false; \
}
#define INT_EQUAL_QUERY(s1, s2, user) \
if (s1 != s2) { \
- printf("%s mismatch for %s: 0x%x != 0x%x (%s)\n", \
- #s1, user.string, (unsigned int)s1, (unsigned int)s2, __location__); \
- ret = False; \
+ printf("%s mismatch for %s: 0x%llx != 0x%llx (%s)\n", \
+ #s1, user.string, (unsigned long long)s1, (unsigned long long)s2, __location__); \
+ ret = false; \
}
-static BOOL test_each_DisplayInfo_user(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_each_DisplayInfo_user(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct samr_QueryDisplayInfo *querydisplayinfo,
bool *seen_testuser)
{
struct samr_OpenUser r;
struct samr_QueryUserInfo q;
struct policy_handle user_handle;
- int i, ret = True;
+ int i, ret = true;
NTSTATUS status;
r.in.domain_handle = querydisplayinfo->in.domain_handle;
r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
status = dcerpc_samr_OpenUser(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
printf("OpenUser(%u) failed - %s\n", r.in.rid, nt_errstr(status));
- return False;
+ return false;
}
}
status = dcerpc_samr_QueryUserInfo(p, mem_ctx, &q);
if (!NT_STATUS_IS_OK(status)) {
printf("QueryUserInfo(%u) failed - %s\n", r.in.rid, nt_errstr(status));
- return False;
+ return false;
}
switch (querydisplayinfo->in.level) {
q.out.info->info21.account_name.string);
}
- if (!(q.out.info->info21.acct_flags & (ACB_WSTRUST))) {
- printf("Found non-trust account %s in trust accoutn listing: 0x%x 0x%x\n",
+ if (!(q.out.info->info21.acct_flags & (ACB_WSTRUST | ACB_SVRTRUST))) {
+ printf("Found non-trust account %s in trust account listing: 0x%x 0x%x\n",
q.out.info->info21.account_name.string,
querydisplayinfo->out.info.info2.entries[i].acct_flags,
q.out.info->info21.acct_flags);
- return False;
+ return false;
}
break;
}
if (!test_samr_handle_Close(p, mem_ctx, &user_handle)) {
- return False;
+ return false;
}
}
return ret;
}
-static BOOL test_QueryDisplayInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_QueryDisplayInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *handle)
{
NTSTATUS status;
struct samr_QueryDisplayInfo r;
struct samr_QueryDomainInfo dom_info;
- BOOL ret = True;
+ bool ret = true;
uint16_t levels[] = {1, 2, 3, 4, 5};
int i;
bool seen_testuser = false;
if (!NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES) && !NT_STATUS_IS_OK(status)) {
printf("QueryDisplayInfo level %u failed - %s\n",
levels[i], nt_errstr(status));
- ret = False;
+ ret = false;
}
switch (r.in.level) {
case 1:
if (!test_each_DisplayInfo_user(p, mem_ctx, &r, &seen_testuser)) {
- ret = False;
+ ret = false;
}
r.in.start_idx += r.out.info.info1.count;
break;
case 2:
if (!test_each_DisplayInfo_user(p, mem_ctx, &r, NULL)) {
- ret = False;
+ ret = false;
}
r.in.start_idx += r.out.info.info2.count;
break;
if (!NT_STATUS_IS_OK(status)) {
printf("QueryDomainInfo level %u failed - %s\n",
r.in.level, nt_errstr(status));
- ret = False;
+ ret = false;
break;
}
switch (r.in.level) {
case 1:
case 4:
- if (dom_info.out.info->info2.num_users < r.in.start_idx) {
+ if (dom_info.out.info->general.num_users < r.in.start_idx) {
printf("QueryDomainInfo indicates that QueryDisplayInfo returned more users (%d/%d) than the domain %s is said to contain!\n",
- r.in.start_idx, dom_info.out.info->info2.num_groups,
- dom_info.out.info->info2.domain_name.string);
- ret = False;
+ r.in.start_idx, dom_info.out.info->general.num_groups,
+ dom_info.out.info->general.domain_name.string);
+ ret = false;
}
if (!seen_testuser) {
- printf("Didn't find test user " TEST_ACCOUNT_NAME " in enumeration of %s\n",
- dom_info.out.info->info2.domain_name.string);
- ret = False;
+ struct policy_handle user_handle;
+ if (NT_STATUS_IS_OK(test_OpenUser_byname(p, mem_ctx, handle, TEST_ACCOUNT_NAME, &user_handle))) {
+ printf("Didn't find test user " TEST_ACCOUNT_NAME " in enumeration of %s\n",
+ dom_info.out.info->general.domain_name.string);
+ ret = false;
+ test_samr_handle_Close(p, mem_ctx, &user_handle);
+ }
}
break;
case 3:
case 5:
- if (dom_info.out.info->info2.num_groups != r.in.start_idx) {
+ if (dom_info.out.info->general.num_groups != r.in.start_idx) {
printf("QueryDomainInfo indicates that QueryDisplayInfo didn't return all (%d/%d) the groups in %s\n",
- r.in.start_idx, dom_info.out.info->info2.num_groups,
- dom_info.out.info->info2.domain_name.string);
- ret = False;
+ r.in.start_idx, dom_info.out.info->general.num_groups,
+ dom_info.out.info->general.domain_name.string);
+ ret = false;
}
break;
return ret;
}
-static BOOL test_QueryDisplayInfo2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_QueryDisplayInfo2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *handle)
{
NTSTATUS status;
struct samr_QueryDisplayInfo2 r;
- BOOL ret = True;
+ bool ret = true;
uint16_t levels[] = {1, 2, 3, 4, 5};
int i;
if (!NT_STATUS_IS_OK(status)) {
printf("QueryDisplayInfo2 level %u failed - %s\n",
levels[i], nt_errstr(status));
- ret = False;
+ ret = false;
}
}
return ret;
}
-static BOOL test_QueryDisplayInfo3(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_QueryDisplayInfo3(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *handle)
{
NTSTATUS status;
struct samr_QueryDisplayInfo3 r;
- BOOL ret = True;
+ bool ret = true;
uint16_t levels[] = {1, 2, 3, 4, 5};
int i;
if (!NT_STATUS_IS_OK(status)) {
printf("QueryDisplayInfo3 level %u failed - %s\n",
levels[i], nt_errstr(status));
- ret = False;
+ ret = false;
}
}
}
-static BOOL test_QueryDisplayInfo_continue(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_QueryDisplayInfo_continue(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *handle)
{
NTSTATUS status;
struct samr_QueryDisplayInfo r;
- BOOL ret = True;
+ bool ret = true;
printf("Testing QueryDisplayInfo continuation\n");
!NT_STATUS_IS_OK(status)) {
printf("QueryDisplayInfo level %u failed - %s\n",
r.in.level, nt_errstr(status));
- ret = False;
+ ret = false;
break;
}
r.in.start_idx++;
return ret;
}
-static BOOL test_QueryDomainInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_QueryDomainInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *handle)
{
NTSTATUS status;
uint16_t levels[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 11, 12, 13};
uint16_t set_ok[] = {1, 0, 1, 1, 0, 1, 1, 0, 1, 0, 1, 0};
int i;
- BOOL ret = True;
+ bool ret = true;
const char *domain_comment = talloc_asprintf(mem_ctx,
"Tortured by Samba4 RPC-SAMR: %s",
timestring(mem_ctx, time(NULL)));
s.in.level = 4;
s.in.info = talloc(mem_ctx, union samr_DomainInfo);
- s.in.info->info4.comment.string = domain_comment;
+ s.in.info->oem.oem_information.string = domain_comment;
status = dcerpc_samr_SetDomainInfo(p, mem_ctx, &s);
if (!NT_STATUS_IS_OK(status)) {
printf("SetDomainInfo level %u (set comment) failed - %s\n",
r.in.level, nt_errstr(status));
- return False;
+ return false;
}
for (i=0;i<ARRAY_SIZE(levels);i++) {
if (!NT_STATUS_IS_OK(status)) {
printf("QueryDomainInfo level %u failed - %s\n",
r.in.level, nt_errstr(status));
- ret = False;
+ ret = false;
continue;
}
switch (levels[i]) {
case 2:
- if (strcmp(r.out.info->info2.comment.string, domain_comment) != 0) {
- printf("QueryDomainInfo level %u returned different comment (%s, expected %s)\n",
- levels[i], r.out.info->info2.comment.string, domain_comment);
- ret = False;
+ if (strcmp(r.out.info->general.oem_information.string, domain_comment) != 0) {
+ printf("QueryDomainInfo level %u returned different oem_information (comment) (%s, expected %s)\n",
+ levels[i], r.out.info->general.oem_information.string, domain_comment);
+ ret = false;
}
- if (!r.out.info->info2.primary.string) {
+ if (!r.out.info->general.primary.string) {
printf("QueryDomainInfo level %u returned no PDC name\n",
levels[i]);
- ret = False;
- } else if (r.out.info->info2.role == SAMR_ROLE_DOMAIN_PDC) {
- if (dcerpc_server_name(p) && strcasecmp_m(dcerpc_server_name(p), r.out.info->info2.primary.string) != 0) {
+ ret = false;
+ } else if (r.out.info->general.role == SAMR_ROLE_DOMAIN_PDC) {
+ if (dcerpc_server_name(p) && strcasecmp_m(dcerpc_server_name(p), r.out.info->general.primary.string) != 0) {
printf("QueryDomainInfo level %u returned different PDC name (%s) compared to server name (%s), despite claiming to be the PDC\n",
- levels[i], r.out.info->info2.primary.string, dcerpc_server_name(p));
+ levels[i], r.out.info->general.primary.string, dcerpc_server_name(p));
}
}
break;
case 4:
- if (strcmp(r.out.info->info4.comment.string, domain_comment) != 0) {
- printf("QueryDomainInfo level %u returned different comment (%s, expected %s)\n",
- levels[i], r.out.info->info4.comment.string, domain_comment);
- ret = False;
+ if (strcmp(r.out.info->oem.oem_information.string, domain_comment) != 0) {
+ printf("QueryDomainInfo level %u returned different oem_information (comment) (%s, expected %s)\n",
+ levels[i], r.out.info->oem.oem_information.string, domain_comment);
+ ret = false;
}
break;
case 6:
if (!r.out.info->info6.primary.string) {
printf("QueryDomainInfo level %u returned no PDC name\n",
levels[i]);
- ret = False;
+ ret = false;
}
break;
case 11:
- if (strcmp(r.out.info->info11.info2.comment.string, domain_comment) != 0) {
+ if (strcmp(r.out.info->general2.general.oem_information.string, domain_comment) != 0) {
printf("QueryDomainInfo level %u returned different comment (%s, expected %s)\n",
- levels[i], r.out.info->info11.info2.comment.string, domain_comment);
- ret = False;
+ levels[i], r.out.info->general2.general.oem_information.string, domain_comment);
+ ret = false;
}
break;
}
if (!NT_STATUS_IS_OK(status)) {
printf("SetDomainInfo level %u failed - %s\n",
r.in.level, nt_errstr(status));
- ret = False;
+ ret = false;
continue;
}
} else {
if (!NT_STATUS_EQUAL(NT_STATUS_INVALID_INFO_CLASS, status)) {
printf("SetDomainInfo level %u gave %s - should have been NT_STATUS_INVALID_INFO_CLASS\n",
r.in.level, nt_errstr(status));
- ret = False;
+ ret = false;
continue;
}
}
if (!NT_STATUS_IS_OK(status)) {
printf("QueryDomainInfo level %u failed - %s\n",
r.in.level, nt_errstr(status));
- ret = False;
+ ret = false;
continue;
}
}
}
-static BOOL test_QueryDomainInfo2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_QueryDomainInfo2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *handle)
{
NTSTATUS status;
struct samr_QueryDomainInfo2 r;
uint16_t levels[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 11, 12, 13};
int i;
- BOOL ret = True;
+ bool ret = true;
for (i=0;i<ARRAY_SIZE(levels);i++) {
printf("Testing QueryDomainInfo2 level %u\n", levels[i]);
if (!NT_STATUS_IS_OK(status)) {
printf("QueryDomainInfo2 level %u failed - %s\n",
r.in.level, nt_errstr(status));
- ret = False;
+ ret = false;
continue;
}
}
- return True;
+ return true;
}
/* Test whether querydispinfo level 5 and enumdomgroups return the same
set of group names. */
-static BOOL test_GroupList(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_GroupList(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *handle)
{
struct samr_EnumDomainGroups q1;
NTSTATUS status;
uint32_t resume_handle=0;
int i;
- BOOL ret = True;
+ bool ret = true;
int num_names = 0;
const char **names = NULL;
if (!NT_STATUS_IS_OK(status)) {
printf("EnumDomainGroups failed - %s\n", nt_errstr(status));
- return False;
+ return false;
}
if (!q1.out.sam) {
- return False;
+ printf("EnumDomainGroups failed to return q1.out.sam\n");
+ return false;
}
q2.in.domain_handle = handle;
for (i=0; i<q2.out.info.info5.count; i++) {
int j;
const char *name = q2.out.info.info5.entries[i].account_name.string;
- BOOL found = False;
+ bool found = false;
for (j=0; j<num_names; j++) {
if (names[j] == NULL)
continue;
- /* Hmm. No strequal in samba4 */
if (strequal(names[j], name)) {
names[j] = NULL;
- found = True;
+ found = true;
break;
}
}
if (!found) {
printf("QueryDisplayInfo gave name [%s] that EnumDomainGroups did not\n",
name);
- ret = False;
+ ret = false;
}
}
q2.in.start_idx += q2.out.info.info5.count;
if (!NT_STATUS_IS_OK(status)) {
printf("QueryDisplayInfo level 5 failed - %s\n",
nt_errstr(status));
- ret = False;
+ ret = false;
}
for (i=0; i<num_names; i++) {
if (names[i] != NULL) {
printf("EnumDomainGroups gave name [%s] that QueryDisplayInfo did not\n",
names[i]);
- ret = False;
+ ret = false;
}
}
return ret;
}
-static BOOL test_DeleteDomainGroup(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_DeleteDomainGroup(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *group_handle)
{
struct samr_DeleteDomainGroup d;
NTSTATUS status;
- BOOL ret = True;
+ bool ret = true;
printf("Testing DeleteDomainGroup\n");
status = dcerpc_samr_DeleteDomainGroup(p, mem_ctx, &d);
if (!NT_STATUS_IS_OK(status)) {
printf("DeleteDomainGroup failed - %s\n", nt_errstr(status));
- ret = False;
+ ret = false;
}
return ret;
}
-static BOOL test_TestPrivateFunctionsDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_TestPrivateFunctionsDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *domain_handle)
{
struct samr_TestPrivateFunctionsDomain r;
NTSTATUS status;
- BOOL ret = True;
+ bool ret = true;
printf("Testing TestPrivateFunctionsDomain\n");
status = dcerpc_samr_TestPrivateFunctionsDomain(p, mem_ctx, &r);
if (!NT_STATUS_EQUAL(NT_STATUS_NOT_IMPLEMENTED, status)) {
printf("TestPrivateFunctionsDomain failed - %s\n", nt_errstr(status));
- ret = False;
+ ret = false;
}
return ret;
}
-static BOOL test_RidToSid(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_RidToSid(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct dom_sid *domain_sid,
struct policy_handle *domain_handle)
{
struct samr_RidToSid r;
NTSTATUS status;
- BOOL ret = True;
+ bool ret = true;
struct dom_sid *calc_sid;
int rids[] = { 0, 42, 512, 10200 };
int i;
status = dcerpc_samr_RidToSid(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
printf("RidToSid for %d failed - %s\n", rids[i], nt_errstr(status));
- ret = False;
+ ret = false;
} else {
calc_sid = dom_sid_add_rid(calc_sid, calc_sid, rids[i]);
printf("RidToSid for %d failed - got %s, expected %s\n", rids[i],
dom_sid_string(mem_ctx, r.out.sid),
dom_sid_string(mem_ctx, calc_sid));
- ret = False;
+ ret = false;
}
}
}
return ret;
}
-static BOOL test_GetBootKeyInformation(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_GetBootKeyInformation(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *domain_handle)
{
struct samr_GetBootKeyInformation r;
NTSTATUS status;
- BOOL ret = True;
+ bool ret = true;
printf("Testing GetBootKeyInformation\n");
return ret;
}
-static BOOL test_AddGroupMember(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_AddGroupMember(struct dcerpc_pipe *p, struct torture_context *tctx,
struct policy_handle *domain_handle,
struct policy_handle *group_handle)
{
struct samr_DeleteGroupMember d;
struct samr_QueryGroupMember q;
struct samr_SetMemberAttributesOfGroup s;
- BOOL ret = True;
+ bool ret = true;
uint32_t rid;
- status = test_LookupName(p, mem_ctx, domain_handle, TEST_ACCOUNT_NAME, &rid);
+ status = test_LookupName(p, tctx, domain_handle, TEST_ACCOUNT_NAME, &rid);
if (!NT_STATUS_IS_OK(status)) {
printf("test_AddGroupMember looking up name " TEST_ACCOUNT_NAME " failed - %s\n", nt_errstr(status));
- return False;
+ return false;
}
r.in.group_handle = group_handle;
d.in.group_handle = group_handle;
d.in.rid = rid;
- status = dcerpc_samr_DeleteGroupMember(p, mem_ctx, &d);
+ status = dcerpc_samr_DeleteGroupMember(p, tctx, &d);
if (!NT_STATUS_EQUAL(NT_STATUS_MEMBER_NOT_IN_GROUP, status)) {
printf("DeleteGroupMember gave %s - should be NT_STATUS_MEMBER_NOT_IN_GROUP\n",
nt_errstr(status));
- return False;
+ return false;
}
- status = dcerpc_samr_AddGroupMember(p, mem_ctx, &r);
+ status = dcerpc_samr_AddGroupMember(p, tctx, &r);
if (!NT_STATUS_IS_OK(status)) {
printf("AddGroupMember failed - %s\n", nt_errstr(status));
- return False;
+ return false;
}
- status = dcerpc_samr_AddGroupMember(p, mem_ctx, &r);
+ status = dcerpc_samr_AddGroupMember(p, tctx, &r);
if (!NT_STATUS_EQUAL(NT_STATUS_MEMBER_IN_GROUP, status)) {
printf("AddGroupMember gave %s - should be NT_STATUS_MEMBER_IN_GROUP\n",
nt_errstr(status));
- return False;
+ return false;
}
- if (lp_parm_bool(-1, "torture", "samba4", False)) {
+ if (torture_setting_bool(tctx, "samba4", false)) {
printf("skipping SetMemberAttributesOfGroup test against Samba4\n");
} else {
/* this one is quite strange. I am using random inputs in the
s.in.unknown1 = random();
s.in.unknown2 = random();
- status = dcerpc_samr_SetMemberAttributesOfGroup(p, mem_ctx, &s);
+ status = dcerpc_samr_SetMemberAttributesOfGroup(p, tctx, &s);
if (!NT_STATUS_IS_OK(status)) {
printf("SetMemberAttributesOfGroup failed - %s\n", nt_errstr(status));
- return False;
+ return false;
}
}
q.in.group_handle = group_handle;
- status = dcerpc_samr_QueryGroupMember(p, mem_ctx, &q);
+ status = dcerpc_samr_QueryGroupMember(p, tctx, &q);
if (!NT_STATUS_IS_OK(status)) {
printf("QueryGroupMember failed - %s\n", nt_errstr(status));
- return False;
+ return false;
}
- status = dcerpc_samr_DeleteGroupMember(p, mem_ctx, &d);
+ status = dcerpc_samr_DeleteGroupMember(p, tctx, &d);
if (!NT_STATUS_IS_OK(status)) {
printf("DeleteGroupMember failed - %s\n", nt_errstr(status));
- return False;
+ return false;
}
- status = dcerpc_samr_AddGroupMember(p, mem_ctx, &r);
+ status = dcerpc_samr_AddGroupMember(p, tctx, &r);
if (!NT_STATUS_IS_OK(status)) {
printf("AddGroupMember failed - %s\n", nt_errstr(status));
- return False;
+ return false;
}
return ret;
}
-static BOOL test_CreateDomainGroup(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
- struct policy_handle *domain_handle, struct policy_handle *group_handle)
+static bool test_CreateDomainGroup(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+ struct policy_handle *domain_handle,
+ struct policy_handle *group_handle,
+ struct dom_sid *domain_sid)
{
NTSTATUS status;
struct samr_CreateDomainGroup r;
uint32_t rid;
struct lsa_String name;
- BOOL ret = True;
+ bool ret = true;
init_lsa_String(&name, TEST_GROUPNAME);
status = dcerpc_samr_CreateDomainGroup(p, mem_ctx, &r);
- if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
- printf("Server refused create of '%s'\n", r.in.name->string);
- ZERO_STRUCTP(group_handle);
- return True;
+ if (dom_sid_equal(domain_sid, dom_sid_parse_talloc(mem_ctx, SID_BUILTIN))) {
+ if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
+ printf("Server correctly refused create of '%s'\n", r.in.name->string);
+ return true;
+ } else {
+ printf("Server should have refused create of '%s', got %s instead\n", r.in.name->string,
+ nt_errstr(status));
+ return false;
+ }
}
if (NT_STATUS_EQUAL(status, NT_STATUS_GROUP_EXISTS)) {
if (!test_DeleteGroup_byname(p, mem_ctx, domain_handle, r.in.name->string)) {
-
printf("CreateDomainGroup failed: Could not delete domain group %s - %s\n", r.in.name->string,
nt_errstr(status));
- return False;
+ return false;
}
status = dcerpc_samr_CreateDomainGroup(p, mem_ctx, &r);
}
printf("CreateDomainGroup failed: Could not delete user %s - %s\n", r.in.name->string,
nt_errstr(status));
- return False;
+ return false;
}
status = dcerpc_samr_CreateDomainGroup(p, mem_ctx, &r);
}
if (!NT_STATUS_IS_OK(status)) {
printf("CreateDomainGroup failed - %s\n", nt_errstr(status));
- return False;
+ return false;
}
if (!test_AddGroupMember(p, mem_ctx, domain_handle, group_handle)) {
printf("CreateDomainGroup failed - %s\n", nt_errstr(status));
- ret = False;
+ ret = false;
}
if (!test_SetGroupInfo(p, mem_ctx, group_handle)) {
- ret = False;
+ ret = false;
}
return ret;
/*
its not totally clear what this does. It seems to accept any sid you like.
*/
-static BOOL test_RemoveMemberFromForeignDomain(struct dcerpc_pipe *p,
+static bool test_RemoveMemberFromForeignDomain(struct dcerpc_pipe *p,
TALLOC_CTX *mem_ctx,
struct policy_handle *domain_handle)
{
status = dcerpc_samr_RemoveMemberFromForeignDomain(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
printf("RemoveMemberFromForeignDomain failed - %s\n", nt_errstr(status));
- return False;
+ return false;
}
- return True;
+ return true;
}
-static BOOL test_Connect(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_Connect(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *handle);
-static BOOL test_OpenDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_OpenDomain(struct dcerpc_pipe *p, struct torture_context *tctx,
struct policy_handle *handle, struct dom_sid *sid,
enum torture_samr_choice which_ops)
{
struct policy_handle alias_handle;
struct policy_handle user_handle;
struct policy_handle group_handle;
- BOOL ret = True;
+ bool ret = true;
ZERO_STRUCT(alias_handle);
ZERO_STRUCT(user_handle);
ZERO_STRUCT(group_handle);
ZERO_STRUCT(domain_handle);
- printf("Testing OpenDomain\n");
+ printf("Testing OpenDomain of %s\n", dom_sid_string(tctx, sid));
r.in.connect_handle = handle;
r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
r.in.sid = sid;
r.out.domain_handle = &domain_handle;
- status = dcerpc_samr_OpenDomain(p, mem_ctx, &r);
+ status = dcerpc_samr_OpenDomain(p, tctx, &r);
if (!NT_STATUS_IS_OK(status)) {
printf("OpenDomain failed - %s\n", nt_errstr(status));
- return False;
+ return false;
}
/* run the domain tests with the main handle closed - this tests
the servers reference counting */
- ret &= test_samr_handle_Close(p, mem_ctx, handle);
+ ret &= test_samr_handle_Close(p, tctx, handle);
switch (which_ops) {
case TORTURE_SAMR_USER_ATTRIBUTES:
case TORTURE_SAMR_PASSWORDS:
- ret &= test_CreateUser2(p, mem_ctx, &domain_handle, which_ops);
- ret &= test_CreateUser(p, mem_ctx, &domain_handle, &user_handle, which_ops);
+ ret &= test_CreateUser2(p, tctx, &domain_handle, sid, which_ops);
+ ret &= test_CreateUser(p, tctx, &domain_handle, &user_handle, sid, which_ops);
/* This test needs 'complex' users to validate */
- ret &= test_QueryDisplayInfo(p, mem_ctx, &domain_handle);
+ ret &= test_QueryDisplayInfo(p, tctx, &domain_handle);
+ if (!ret) {
+ printf("Testing PASSWORDS or ATTRIBUTES on domain %s failed!\n", dom_sid_string(tctx, sid));
+ }
break;
case TORTURE_SAMR_OTHER:
- ret &= test_CreateUser(p, mem_ctx, &domain_handle, &user_handle, which_ops);
- ret &= test_QuerySecurity(p, mem_ctx, &domain_handle);
- ret &= test_RemoveMemberFromForeignDomain(p, mem_ctx, &domain_handle);
- ret &= test_CreateAlias(p, mem_ctx, &domain_handle, &alias_handle, sid);
- ret &= test_CreateDomainGroup(p, mem_ctx, &domain_handle, &group_handle);
- ret &= test_QueryDomainInfo(p, mem_ctx, &domain_handle);
- ret &= test_QueryDomainInfo2(p, mem_ctx, &domain_handle);
- ret &= test_EnumDomainUsers(p, mem_ctx, &domain_handle);
- ret &= test_EnumDomainUsers_async(p, mem_ctx, &domain_handle);
- ret &= test_EnumDomainGroups(p, mem_ctx, &domain_handle);
- ret &= test_EnumDomainAliases(p, mem_ctx, &domain_handle);
- ret &= test_QueryDisplayInfo2(p, mem_ctx, &domain_handle);
- ret &= test_QueryDisplayInfo3(p, mem_ctx, &domain_handle);
- ret &= test_QueryDisplayInfo_continue(p, mem_ctx, &domain_handle);
+ ret &= test_CreateUser(p, tctx, &domain_handle, &user_handle, sid, which_ops);
+ if (!ret) {
+ printf("Failed to CreateUser in SAMR-OTHER on domain %s!\n", dom_sid_string(tctx, sid));
+ }
+ ret &= test_QuerySecurity(p, tctx, &domain_handle);
+ ret &= test_RemoveMemberFromForeignDomain(p, tctx, &domain_handle);
+ ret &= test_CreateAlias(p, tctx, &domain_handle, &alias_handle, sid);
+ ret &= test_CreateDomainGroup(p, tctx, &domain_handle, &group_handle, sid);
+ ret &= test_QueryDomainInfo(p, tctx, &domain_handle);
+ ret &= test_QueryDomainInfo2(p, tctx, &domain_handle);
+ ret &= test_EnumDomainUsers(p, tctx, &domain_handle);
+ ret &= test_EnumDomainUsers_async(p, tctx, &domain_handle);
+ ret &= test_EnumDomainGroups(p, tctx, &domain_handle);
+ ret &= test_EnumDomainAliases(p, tctx, &domain_handle);
+ ret &= test_QueryDisplayInfo2(p, tctx, &domain_handle);
+ ret &= test_QueryDisplayInfo3(p, tctx, &domain_handle);
+ ret &= test_QueryDisplayInfo_continue(p, tctx, &domain_handle);
- if (lp_parm_bool(-1, "torture", "samba4", False)) {
+ if (torture_setting_bool(tctx, "samba4", false)) {
printf("skipping GetDisplayEnumerationIndex test against Samba4\n");
} else {
- ret &= test_GetDisplayEnumerationIndex(p, mem_ctx, &domain_handle);
- ret &= test_GetDisplayEnumerationIndex2(p, mem_ctx, &domain_handle);
+ ret &= test_GetDisplayEnumerationIndex(p, tctx, &domain_handle);
+ ret &= test_GetDisplayEnumerationIndex2(p, tctx, &domain_handle);
+ }
+ ret &= test_GroupList(p, tctx, &domain_handle);
+ ret &= test_TestPrivateFunctionsDomain(p, tctx, &domain_handle);
+ ret &= test_RidToSid(p, tctx, sid, &domain_handle);
+ ret &= test_GetBootKeyInformation(p, tctx, &domain_handle);
+ if (!ret) {
+ printf("Testing SAMR-OTHER on domain %s failed!\n", dom_sid_string(tctx, sid));
}
- ret &= test_GroupList(p, mem_ctx, &domain_handle);
- ret &= test_TestPrivateFunctionsDomain(p, mem_ctx, &domain_handle);
- ret &= test_RidToSid(p, mem_ctx, sid, &domain_handle);
- ret &= test_GetBootKeyInformation(p, mem_ctx, &domain_handle);
break;
}
if (!policy_handle_empty(&user_handle) &&
- !test_DeleteUser(p, mem_ctx, &user_handle)) {
- ret = False;
+ !test_DeleteUser(p, tctx, &user_handle)) {
+ ret = false;
}
if (!policy_handle_empty(&alias_handle) &&
- !test_DeleteAlias(p, mem_ctx, &alias_handle)) {
- ret = False;
+ !test_DeleteAlias(p, tctx, &alias_handle)) {
+ ret = false;
}
if (!policy_handle_empty(&group_handle) &&
- !test_DeleteDomainGroup(p, mem_ctx, &group_handle)) {
- ret = False;
+ !test_DeleteDomainGroup(p, tctx, &group_handle)) {
+ ret = false;
}
- ret &= test_samr_handle_Close(p, mem_ctx, &domain_handle);
+ ret &= test_samr_handle_Close(p, tctx, &domain_handle);
/* reconnect the main handle */
- ret &= test_Connect(p, mem_ctx, handle);
+ ret &= test_Connect(p, tctx, handle);
if (!ret) {
- printf("Testing domain %s failed!\n", dom_sid_string(mem_ctx, sid));
+ printf("Testing domain %s failed!\n", dom_sid_string(tctx, sid));
}
return ret;
}
-static BOOL test_LookupDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_LookupDomain(struct dcerpc_pipe *p, struct torture_context *tctx,
struct policy_handle *handle, const char *domain,
enum torture_samr_choice which_ops)
{
struct samr_LookupDomain r;
struct lsa_String n1;
struct lsa_String n2;
- BOOL ret = True;
+ bool ret = true;
printf("Testing LookupDomain(%s)\n", domain);
r.in.domain_name = &n2;
n2.string = NULL;
- status = dcerpc_samr_LookupDomain(p, mem_ctx, &r);
+ status = dcerpc_samr_LookupDomain(p, tctx, &r);
if (!NT_STATUS_EQUAL(NT_STATUS_INVALID_PARAMETER, status)) {
printf("failed: LookupDomain expected NT_STATUS_INVALID_PARAMETER - %s\n", nt_errstr(status));
- ret = False;
+ ret = false;
}
init_lsa_String(&n2, "xxNODOMAINxx");
- status = dcerpc_samr_LookupDomain(p, mem_ctx, &r);
+ status = dcerpc_samr_LookupDomain(p, tctx, &r);
if (!NT_STATUS_EQUAL(NT_STATUS_NO_SUCH_DOMAIN, status)) {
printf("failed: LookupDomain expected NT_STATUS_NO_SUCH_DOMAIN - %s\n", nt_errstr(status));
- ret = False;
+ ret = false;
}
r.in.connect_handle = handle;
init_lsa_String(&n1, domain);
r.in.domain_name = &n1;
- status = dcerpc_samr_LookupDomain(p, mem_ctx, &r);
+ status = dcerpc_samr_LookupDomain(p, tctx, &r);
if (!NT_STATUS_IS_OK(status)) {
printf("LookupDomain failed - %s\n", nt_errstr(status));
- ret = False;
+ ret = false;
}
- if (!test_GetDomPwInfo(p, mem_ctx, &n1)) {
- ret = False;
+ if (!test_GetDomPwInfo(p, tctx, &n1)) {
+ ret = false;
}
- if (!test_OpenDomain(p, mem_ctx, handle, r.out.sid, which_ops)) {
- ret = False;
+ if (!test_OpenDomain(p, tctx, handle, r.out.sid, which_ops)) {
+ ret = false;
}
return ret;
}
-static BOOL test_EnumDomains(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_EnumDomains(struct dcerpc_pipe *p, struct torture_context *tctx,
struct policy_handle *handle, enum torture_samr_choice which_ops)
{
NTSTATUS status;
struct samr_EnumDomains r;
uint32_t resume_handle = 0;
int i;
- BOOL ret = True;
+ bool ret = true;
r.in.connect_handle = handle;
r.in.resume_handle = &resume_handle;
r.in.buf_size = (uint32_t)-1;
r.out.resume_handle = &resume_handle;
- status = dcerpc_samr_EnumDomains(p, mem_ctx, &r);
+ status = dcerpc_samr_EnumDomains(p, tctx, &r);
if (!NT_STATUS_IS_OK(status)) {
printf("EnumDomains failed - %s\n", nt_errstr(status));
- return False;
+ return false;
}
if (!r.out.sam) {
- return False;
+ return false;
}
for (i=0;i<r.out.sam->count;i++) {
- if (!test_LookupDomain(p, mem_ctx, handle,
+ if (!test_LookupDomain(p, tctx, handle,
r.out.sam->entries[i].name.string, which_ops)) {
- ret = False;
+ ret = false;
}
}
- status = dcerpc_samr_EnumDomains(p, mem_ctx, &r);
+ status = dcerpc_samr_EnumDomains(p, tctx, &r);
if (!NT_STATUS_IS_OK(status)) {
printf("EnumDomains failed - %s\n", nt_errstr(status));
- return False;
+ return false;
}
return ret;
}
-static BOOL test_Connect(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+static bool test_Connect(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *handle)
{
NTSTATUS status;
struct samr_Connect5 r5;
union samr_ConnectInfo info;
struct policy_handle h;
- BOOL ret = True, got_handle = False;
+ bool ret = true, got_handle = false;
printf("testing samr_Connect\n");
status = dcerpc_samr_Connect(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
printf("Connect failed - %s\n", nt_errstr(status));
- ret = False;
+ ret = false;
} else {
- got_handle = True;
+ got_handle = true;
*handle = h;
}
status = dcerpc_samr_Connect2(p, mem_ctx, &r2);
if (!NT_STATUS_IS_OK(status)) {
printf("Connect2 failed - %s\n", nt_errstr(status));
- ret = False;
+ ret = false;
} else {
if (got_handle) {
test_samr_handle_Close(p, mem_ctx, handle);
}
- got_handle = True;
+ got_handle = true;
*handle = h;
}
status = dcerpc_samr_Connect3(p, mem_ctx, &r3);
if (!NT_STATUS_IS_OK(status)) {
printf("Connect3 failed - %s\n", nt_errstr(status));
- ret = False;
+ ret = false;
} else {
if (got_handle) {
test_samr_handle_Close(p, mem_ctx, handle);
}
- got_handle = True;
+ got_handle = true;
*handle = h;
}
status = dcerpc_samr_Connect4(p, mem_ctx, &r4);
if (!NT_STATUS_IS_OK(status)) {
printf("Connect4 failed - %s\n", nt_errstr(status));
- ret = False;
+ ret = false;
} else {
if (got_handle) {
test_samr_handle_Close(p, mem_ctx, handle);
}
- got_handle = True;
+ got_handle = true;
*handle = h;
}
status = dcerpc_samr_Connect5(p, mem_ctx, &r5);
if (!NT_STATUS_IS_OK(status)) {
printf("Connect5 failed - %s\n", nt_errstr(status));
- ret = False;
+ ret = false;
} else {
if (got_handle) {
test_samr_handle_Close(p, mem_ctx, handle);
}
- got_handle = True;
+ got_handle = true;
*handle = h;
}
}
-BOOL torture_rpc_samr(struct torture_context *torture)
+bool torture_rpc_samr(struct torture_context *torture)
{
NTSTATUS status;
struct dcerpc_pipe *p;
- BOOL ret = True;
+ bool ret = true;
struct policy_handle handle;
- status = torture_rpc_connection(torture, &p, &dcerpc_table_samr);
+ status = torture_rpc_connection(torture, &p, &ndr_table_samr);
if (!NT_STATUS_IS_OK(status)) {
- return False;
+ return false;
}
ret &= test_Connect(p, torture, &handle);
}
-BOOL torture_rpc_samr_users(struct torture_context *torture)
+bool torture_rpc_samr_users(struct torture_context *torture)
{
NTSTATUS status;
struct dcerpc_pipe *p;
- BOOL ret = True;
+ bool ret = true;
struct policy_handle handle;
- status = torture_rpc_connection(torture, &p, &dcerpc_table_samr);
+ status = torture_rpc_connection(torture, &p, &ndr_table_samr);
if (!NT_STATUS_IS_OK(status)) {
- return False;
+ return false;
}
ret &= test_Connect(p, torture, &handle);
}
-BOOL torture_rpc_samr_passwords(struct torture_context *torture)
+bool torture_rpc_samr_passwords(struct torture_context *torture)
{
NTSTATUS status;
struct dcerpc_pipe *p;
- BOOL ret = True;
+ bool ret = true;
struct policy_handle handle;
- status = torture_rpc_connection(torture, &p, &dcerpc_table_samr);
+ status = torture_rpc_connection(torture, &p, &ndr_table_samr);
if (!NT_STATUS_IS_OK(status)) {
- return False;
+ return false;
}
ret &= test_Connect(p, torture, &handle);