*/
#include "includes.h"
-#include "librpc/gen_ndr/ndr_samr.h"
+#include "torture/torture.h"
#include "system/time.h"
#include "lib/crypto/crypto.h"
#include "libnet/libnet.h"
#include "lib/cmdline/popt_common.h"
+#include "smb.h"
#include "lib/ldb/include/ldb.h"
+#include "librpc/gen_ndr/ndr_samr.h"
+#include "librpc/gen_ndr/ndr_samr_c.h"
+#include "libcli/auth/libcli_auth.h"
+#include "torture/rpc/rpc.h"
+#include "libcli/security/proto.h"
struct test_join {
struct dcerpc_pipe *p;
struct policy_handle user_handle;
struct libnet_JoinDomain *libnet_r;
- const char *dom_sid;
+ struct dom_sid *dom_sid;
+ struct dom_sid *user_sid;
};
uint32_t rid;
DATA_BLOB session_key;
struct lsa_String name;
- struct lsa_String comment;
- struct lsa_String full_name;
int policy_min_pw_len = 0;
struct test_join *join;
status = torture_rpc_connection(join,
&join->p,
- DCERPC_SAMR_NAME,
- DCERPC_SAMR_UUID,
- DCERPC_SAMR_VERSION);
+ &dcerpc_table_samr);
if (!NT_STATUS_IS_OK(status)) {
return NULL;
}
goto failed;
}
- join->dom_sid = dom_sid_string(join, l.out.sid);
+ talloc_steal(join, l.out.sid);
+ join->dom_sid = l.out.sid;
o.in.connect_handle = &handle;
o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
goto failed;
}
+ join->user_sid = dom_sid_add_rid(join, join->dom_sid, rid);
+
pwp.in.user_handle = &join->user_handle;
status = dcerpc_samr_GetUserPwInfo(join->p, join, &pwp);
u.info21.acct_flags = acct_type;
u.info21.fields_present = SAMR_FIELD_ACCT_FLAGS | SAMR_FIELD_DESCRIPTION | SAMR_FIELD_COMMENT | SAMR_FIELD_FULL_NAME;
- comment.string = talloc_asprintf(join,
- "Tortured by Samba4: %s",
- timestring(join, time(NULL)));
- u.info21.comment = comment;
- full_name.string = talloc_asprintf(join,
- "Torture account for Samba4: %s",
- timestring(join, time(NULL)));
- u.info21.full_name = full_name;
+ u.info21.comment.string = talloc_asprintf(join,
+ "Tortured by Samba4: %s",
+ timestring(join, time(NULL)));
+
+ u.info21.full_name.string = talloc_asprintf(join,
+ "Torture account for Samba4: %s",
+ timestring(join, time(NULL)));
+
u.info21.description.string = talloc_asprintf(join,
"Samba4 torture account created by host %s: %s",
lp_netbios_name(), timestring(join, time(NULL)));
struct test_join *torture_join_domain(const char *machine_name,
uint32_t acct_flags,
- const char **machine_password)
+ struct cli_credentials **machine_credentials)
{
NTSTATUS status;
struct libnet_context *libnet_ctx;
struct test_join *tj;
struct samr_SetUserInfo s;
union samr_UserInfo u;
- struct lsa_String comment;
- struct lsa_String full_name;
tj = talloc(NULL, struct test_join);
if (!tj) return NULL;
libnet_ctx->cred = cmdline_credentials;
libnet_r->in.binding = lp_parm_string(-1, "torture", "binding");
+ if (!libnet_r->in.binding) {
+ libnet_r->in.binding = talloc_asprintf(libnet_r, "ncacn_np:%s", lp_parm_string(-1, "torture", "host"));
+ }
libnet_r->in.level = LIBNET_JOINDOMAIN_SPECIFIED;
libnet_r->in.netbios_name = machine_name;
libnet_r->in.account_name = talloc_asprintf(libnet_r, "%s$", machine_name);
}
libnet_r->in.acct_type = acct_flags;
+ libnet_r->in.recreate_account = True;
status = libnet_JoinDomain(libnet_ctx, libnet_r, libnet_r);
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0, ("Domain join failed - %s.\n", nt_errstr(status)));
+ if (libnet_r->out.error_string) {
+ DEBUG(0, ("Domain join failed - %s.\n", libnet_r->out.error_string));
+ } else {
+ DEBUG(0, ("Domain join failed - %s.\n", nt_errstr(status)));
+ }
talloc_free(tj);
return NULL;
}
tj->p = libnet_r->out.samr_pipe;
tj->user_handle = *libnet_r->out.user_handle;
- tj->dom_sid = dom_sid_string(tj, libnet_r->out.domain_sid);
- *machine_password = libnet_r->out.join_password;
+ tj->dom_sid = libnet_r->out.domain_sid;
+ talloc_steal(tj, libnet_r->out.domain_sid);
ZERO_STRUCT(u);
s.in.user_handle = &tj->user_handle;
s.in.level = 21;
u.info21.fields_present = SAMR_FIELD_DESCRIPTION | SAMR_FIELD_COMMENT | SAMR_FIELD_FULL_NAME;
- comment.string = talloc_asprintf(tj,
- "Tortured by Samba4: %s",
- timestring(tj, time(NULL)));
- u.info21.comment = comment;
- full_name.string = talloc_asprintf(tj,
- "Torture account for Samba4: %s",
- timestring(tj, time(NULL)));
- u.info21.full_name = full_name;
-
+ u.info21.comment.string = talloc_asprintf(tj,
+ "Tortured by Samba4: %s",
+ timestring(tj, time(NULL)));
+ u.info21.full_name.string = talloc_asprintf(tj,
+ "Torture account for Samba4: %s",
+ timestring(tj, time(NULL)));
+
u.info21.description.string = talloc_asprintf(tj,
"Samba4 torture account created by host %s: %s",
lp_netbios_name(), timestring(tj, time(NULL)));
printf("SetUserInfo (non-critical) failed - %s\n", nt_errstr(status));
}
- DEBUG(0, ("%s joined domain %s (%s).\n",
- libnet_r->in.netbios_name,
- libnet_r->out.domain_name,
- tj->dom_sid));
+ *machine_credentials = cli_credentials_init(tj);
+ cli_credentials_set_conf(*machine_credentials);
+ cli_credentials_set_workstation(*machine_credentials, machine_name, CRED_SPECIFIED);
+ cli_credentials_set_domain(*machine_credentials, libnet_r->out.domain_name, CRED_SPECIFIED);
+ if (libnet_r->out.realm) {
+ cli_credentials_set_realm(*machine_credentials, libnet_r->out.realm, CRED_SPECIFIED);
+ }
+ cli_credentials_set_username(*machine_credentials, libnet_r->in.account_name, CRED_SPECIFIED);
+ cli_credentials_set_password(*machine_credentials, libnet_r->out.join_password, CRED_SPECIFIED);
+ if (acct_flags & ACB_SVRTRUST) {
+ cli_credentials_set_secure_channel_type(*machine_credentials,
+ SEC_CHAN_BDC);
+ } else if (acct_flags & ACB_WSTRUST) {
+ cli_credentials_set_secure_channel_type(*machine_credentials,
+ SEC_CHAN_WKSTA);
+ } else {
+ DEBUG(0, ("Invalid account type specificed to torture_join_domain\n"));
+ talloc_free(*machine_credentials);
+ return NULL;
+ }
return tj;
}
NTSTATUS torture_leave_ads_domain(TALLOC_CTX *mem_ctx, struct libnet_JoinDomain *libnet_r)
{
- NTSTATUS status;
int rtn;
TALLOC_CTX *tmp_ctx;
DEBUG(0, ("%s removed successfully.\n", libnet_r->out.server_dn_str));
talloc_free(tmp_ctx);
- return status;
+ return NT_STATUS_OK;
}
/*
/*
return the dom sid for a test join
*/
-const char *torture_join_sid(struct test_join *join)
+const struct dom_sid *torture_join_sid(struct test_join *join)
{
return join->dom_sid;
}
+const struct dom_sid *torture_join_user_sid(struct test_join *join)
+{
+ return join->user_sid;
+}
+
struct test_join_ads_dc {
struct test_join *join;
struct test_join_ads_dc *torture_join_domain_ads_dc(const char *machine_name,
const char *domain,
- const char **machine_password)
+ struct cli_credentials **machine_credentials)
{
struct test_join_ads_dc *join;
join->join = torture_join_domain(machine_name,
ACB_SVRTRUST,
- machine_password);
+ machine_credentials);
if (!join->join) {
return NULL;