2 Unix SMB/CIFS implementation.
3 test suite for samr rpc operations
5 Copyright (C) Andrew Tridgell 2003
6 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2003
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25 #define TEST_USERNAME "samrtorturetest"
26 #define TEST_ALIASNAME "samrtorturetestalias"
27 #define TEST_GROUPNAME "samrtorturetestgroup"
28 #define TEST_MACHINENAME "samrtorturetestmach$"
29 #define TEST_DOMAINNAME "samrtorturetestdom$"
32 static BOOL test_QueryUserInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
33 struct policy_handle *handle);
35 static BOOL test_QueryUserInfo2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
36 struct policy_handle *handle);
38 static BOOL test_QueryAliasInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
39 struct policy_handle *handle);
41 static void init_samr_Name(struct samr_Name *name, const char *s)
46 static BOOL test_Close(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
47 struct policy_handle *handle)
53 r.out.handle = handle;
55 status = dcerpc_samr_Close(p, mem_ctx, &r);
56 if (!NT_STATUS_IS_OK(status)) {
57 printf("Close handle failed - %s\n", nt_errstr(status));
64 static BOOL test_Shutdown(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
65 struct policy_handle *handle)
68 struct samr_Shutdown r;
70 if (lp_parm_int(-1, "torture", "dangerous") != 1) {
71 printf("samr_Shutdown disabled - enable dangerous tests to use\n");
77 printf("testing samr_Shutdown\n");
79 status = dcerpc_samr_Shutdown(p, mem_ctx, &r);
80 if (!NT_STATUS_IS_OK(status)) {
81 printf("samr_Shutdown failed - %s\n", nt_errstr(status));
88 static BOOL test_SetDsrmPassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
89 struct policy_handle *handle)
92 struct samr_SetDsrmPassword r;
93 struct samr_Name name;
94 struct samr_Hash hash;
96 if (lp_parm_int(-1, "torture", "dangerous") != 1) {
97 printf("samr_SetDsrmPassword disabled - enable dangerous tests to use\n");
101 E_md4hash("TeSTDSRM123", hash.hash);
103 init_samr_Name(&name, "Administrator");
109 printf("testing samr_SetDsrmPassword\n");
111 status = dcerpc_samr_SetDsrmPassword(p, mem_ctx, &r);
112 if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
113 printf("samr_SetDsrmPassword failed - %s\n", nt_errstr(status));
121 static BOOL test_QuerySecurity(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
122 struct policy_handle *handle)
125 struct samr_QuerySecurity r;
126 struct samr_SetSecurity s;
128 r.in.handle = handle;
131 status = dcerpc_samr_QuerySecurity(p, mem_ctx, &r);
132 if (!NT_STATUS_IS_OK(status)) {
133 printf("QuerySecurity failed - %s\n", nt_errstr(status));
137 s.in.handle = handle;
139 s.in.sdbuf = r.out.sdbuf;
141 status = dcerpc_samr_SetSecurity(p, mem_ctx, &s);
142 if (!NT_STATUS_IS_OK(status)) {
143 printf("SetSecurity failed - %s\n", nt_errstr(status));
147 status = dcerpc_samr_QuerySecurity(p, mem_ctx, &r);
148 if (!NT_STATUS_IS_OK(status)) {
149 printf("QuerySecurity failed - %s\n", nt_errstr(status));
157 static BOOL test_SetUserInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
158 struct policy_handle *handle)
161 struct samr_SetUserInfo s;
162 struct samr_SetUserInfo2 s2;
163 struct samr_QueryUserInfo q;
164 struct samr_QueryUserInfo q0;
165 union samr_UserInfo u;
168 s.in.handle = handle;
171 s2.in.handle = handle;
174 q.in.handle = handle;
178 #define TESTCALL(call, r) \
179 status = dcerpc_samr_ ##call(p, mem_ctx, &r); \
180 if (!NT_STATUS_IS_OK(status)) { \
181 printf(#call " level %u failed - %s (line %d)\n", \
182 r.in.level, nt_errstr(status), __LINE__); \
187 #define STRING_EQUAL(s1, s2, field) \
188 if ((s1 && !s2) || (s2 && !s1) || strcmp(s1, s2)) { \
189 printf("Failed to set %s to '%s' (line %d)\n", \
190 #field, s2, __LINE__); \
195 #define INT_EQUAL(i1, i2, field) \
197 printf("Failed to set %s to %u (line %d)\n", \
198 #field, i2, __LINE__); \
203 #define TEST_USERINFO_NAME(lvl1, field1, lvl2, field2, value, fpval) do { \
204 printf("field test %d/%s vs %d/%s\n", lvl1, #field1, lvl2, #field2); \
206 TESTCALL(QueryUserInfo, q) \
208 s2.in.level = lvl1; \
211 ZERO_STRUCT(u.info21); \
212 u.info21.fields_present = fpval; \
214 init_samr_Name(&u.info ## lvl1.field1, value); \
215 TESTCALL(SetUserInfo, s) \
216 TESTCALL(SetUserInfo2, s2) \
217 init_samr_Name(&u.info ## lvl1.field1, ""); \
218 TESTCALL(QueryUserInfo, q); \
220 STRING_EQUAL(u.info ## lvl1.field1.name, value, field1); \
222 TESTCALL(QueryUserInfo, q) \
224 STRING_EQUAL(u.info ## lvl2.field2.name, value, field2); \
227 #define TEST_USERINFO_INT(lvl1, field1, lvl2, field2, value, fpval) do { \
228 printf("field test %d/%s vs %d/%s\n", lvl1, #field1, lvl2, #field2); \
230 TESTCALL(QueryUserInfo, q) \
232 s2.in.level = lvl1; \
235 uint8_t *bitmap = u.info21.logon_hours.bitmap; \
236 ZERO_STRUCT(u.info21); \
237 if (fpval == SAMR_FIELD_LOGON_HOURS) { \
238 u.info21.logon_hours.units_per_week = 168; \
239 u.info21.logon_hours.bitmap = bitmap; \
241 u.info21.fields_present = fpval; \
243 u.info ## lvl1.field1 = value; \
244 TESTCALL(SetUserInfo, s) \
245 TESTCALL(SetUserInfo2, s2) \
246 u.info ## lvl1.field1 = 0; \
247 TESTCALL(QueryUserInfo, q); \
249 INT_EQUAL(u.info ## lvl1.field1, value, field1); \
251 TESTCALL(QueryUserInfo, q) \
253 INT_EQUAL(u.info ## lvl2.field2, value, field1); \
257 do { TESTCALL(QueryUserInfo, q0) } while (0);
259 TEST_USERINFO_NAME(2, comment, 1, comment, "xx2-1 comment", 0);
260 TEST_USERINFO_NAME(2, comment, 21, comment, "xx2-21 comment", 0);
261 TEST_USERINFO_NAME(21, comment, 21, comment, "xx21-21 comment",
264 TEST_USERINFO_NAME(6, full_name, 1, full_name, "xx6-1 full_name", 0);
265 TEST_USERINFO_NAME(6, full_name, 3, full_name, "xx6-3 full_name", 0);
266 TEST_USERINFO_NAME(6, full_name, 5, full_name, "xx6-5 full_name", 0);
267 TEST_USERINFO_NAME(6, full_name, 6, full_name, "xx6-6 full_name", 0);
268 TEST_USERINFO_NAME(6, full_name, 8, full_name, "xx6-8 full_name", 0);
269 TEST_USERINFO_NAME(6, full_name, 21, full_name, "xx6-21 full_name", 0);
270 TEST_USERINFO_NAME(8, full_name, 21, full_name, "xx8-21 full_name", 0);
271 TEST_USERINFO_NAME(21, full_name, 21, full_name, "xx21-21 full_name",
274 TEST_USERINFO_NAME(11, logon_script, 3, logon_script, "xx11-3 logon_script", 0);
275 TEST_USERINFO_NAME(11, logon_script, 5, logon_script, "xx11-5 logon_script", 0);
276 TEST_USERINFO_NAME(11, logon_script, 21, logon_script, "xx11-21 logon_script", 0);
277 TEST_USERINFO_NAME(21, logon_script, 21, logon_script, "xx21-21 logon_script",
278 SAMR_FIELD_LOGON_SCRIPT);
280 TEST_USERINFO_NAME(12, profile, 3, profile, "xx12-3 profile", 0);
281 TEST_USERINFO_NAME(12, profile, 5, profile, "xx12-5 profile", 0);
282 TEST_USERINFO_NAME(12, profile, 21, profile, "xx12-21 profile", 0);
283 TEST_USERINFO_NAME(21, profile, 21, profile, "xx21-21 profile",
286 TEST_USERINFO_NAME(13, description, 1, description, "xx13-1 description", 0);
287 TEST_USERINFO_NAME(13, description, 5, description, "xx13-5 description", 0);
288 TEST_USERINFO_NAME(13, description, 21, description, "xx13-21 description", 0);
289 TEST_USERINFO_NAME(21, description, 21, description, "xx21-21 description",
290 SAMR_FIELD_DESCRIPTION);
292 TEST_USERINFO_NAME(14, workstations, 3, workstations, "14workstation3", 0);
293 TEST_USERINFO_NAME(14, workstations, 5, workstations, "14workstation4", 0);
294 TEST_USERINFO_NAME(14, workstations, 21, workstations, "14workstation21", 0);
295 TEST_USERINFO_NAME(21, workstations, 21, workstations, "21workstation21",
296 SAMR_FIELD_WORKSTATION);
298 TEST_USERINFO_NAME(20, callback, 21, callback, "xx20-21 callback", 0);
299 TEST_USERINFO_NAME(21, callback, 21, callback, "xx21-21 callback",
300 SAMR_FIELD_CALLBACK);
302 TEST_USERINFO_INT(2, country_code, 21, country_code, __LINE__, 0);
303 TEST_USERINFO_INT(21, country_code, 21, country_code, __LINE__,
304 SAMR_FIELD_COUNTRY_CODE);
306 TEST_USERINFO_INT(2, code_page, 21, code_page, __LINE__, 0);
307 TEST_USERINFO_INT(21, code_page, 21, code_page, __LINE__,
308 SAMR_FIELD_CODE_PAGE);
310 TEST_USERINFO_INT(4, logon_hours.bitmap[3], 3, logon_hours.bitmap[3], 1, 0);
311 TEST_USERINFO_INT(4, logon_hours.bitmap[3], 5, logon_hours.bitmap[3], 2, 0);
312 TEST_USERINFO_INT(4, logon_hours.bitmap[3], 21, logon_hours.bitmap[3], 3, 0);
313 TEST_USERINFO_INT(21, logon_hours.bitmap[3], 21, logon_hours.bitmap[3], 4,
314 SAMR_FIELD_LOGON_HOURS);
317 /* these fail with win2003 - it appears you can't set the primary gid?
318 the set succeeds, but the gid isn't changed. Very weird! */
319 TEST_USERINFO_INT(9, primary_gid, 1, primary_gid, 513);
320 TEST_USERINFO_INT(9, primary_gid, 3, primary_gid, 513);
321 TEST_USERINFO_INT(9, primary_gid, 5, primary_gid, 513);
322 TEST_USERINFO_INT(9, primary_gid, 21, primary_gid, 513);
328 generate a random password for password change tests
330 static char *samr_rand_pass(TALLOC_CTX *mem_ctx)
332 size_t len = 8 + (random() % 6);
333 char *s = generate_random_str(mem_ctx, len);
334 printf("Generated password '%s'\n", s);
338 static BOOL test_SetUserPass(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
339 struct policy_handle *handle, char **password)
342 struct samr_SetUserInfo s;
343 union samr_UserInfo u;
345 DATA_BLOB session_key;
346 char *newpass = samr_rand_pass(mem_ctx);
348 s.in.handle = handle;
352 encode_pw_buffer(u.info24.password.data, newpass, STR_UNICODE);
353 /* w2k3 ignores this length */
354 u.info24.pw_len = str_charnum(newpass)*2;
356 status = dcerpc_fetch_session_key(p, &session_key);
357 if (!NT_STATUS_IS_OK(status)) {
358 printf("SetUserInfo level %u - no session key - %s\n",
359 s.in.level, nt_errstr(status));
363 SamOEMhashBlob(u.info24.password.data, 516, &session_key);
365 printf("Testing SetUserInfo level 24 (set password)\n");
367 status = dcerpc_samr_SetUserInfo(p, mem_ctx, &s);
368 if (!NT_STATUS_IS_OK(status)) {
369 printf("SetUserInfo level %u failed - %s\n",
370 s.in.level, nt_errstr(status));
380 static BOOL test_SetUserPass_23(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
381 struct policy_handle *handle, char **password)
384 struct samr_SetUserInfo s;
385 union samr_UserInfo u;
387 DATA_BLOB session_key;
388 char *newpass = samr_rand_pass(mem_ctx);
390 s.in.handle = handle;
396 u.info23.info.fields_present = SAMR_FIELD_PASSWORD;
398 encode_pw_buffer(u.info23.password.data, newpass, STR_UNICODE);
400 status = dcerpc_fetch_session_key(p, &session_key);
401 if (!NT_STATUS_IS_OK(status)) {
402 printf("SetUserInfo level %u - no session key - %s\n",
403 s.in.level, nt_errstr(status));
407 SamOEMhashBlob(u.info23.password.data, 516, &session_key);
409 printf("Testing SetUserInfo level 23 (set password)\n");
411 status = dcerpc_samr_SetUserInfo(p, mem_ctx, &s);
412 if (!NT_STATUS_IS_OK(status)) {
413 printf("SetUserInfo level %u failed - %s\n",
414 s.in.level, nt_errstr(status));
424 static BOOL test_SetUserPassEx(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
425 struct policy_handle *handle, char **password)
428 struct samr_SetUserInfo s;
429 union samr_UserInfo u;
431 DATA_BLOB session_key;
432 DATA_BLOB confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16);
433 uint8_t confounder[16];
434 char *newpass = samr_rand_pass(mem_ctx);
435 struct MD5Context ctx;
437 s.in.handle = handle;
441 encode_pw_buffer(u.info26.password.data, newpass, STR_UNICODE);
442 u.info26.pw_len = strlen(newpass);
444 status = dcerpc_fetch_session_key(p, &session_key);
445 if (!NT_STATUS_IS_OK(status)) {
446 printf("SetUserInfo level %u - no session key - %s\n",
447 s.in.level, nt_errstr(status));
451 generate_random_buffer((unsigned char *)confounder, 16, False);
454 MD5Update(&ctx, confounder, 16);
455 MD5Update(&ctx, session_key.data, session_key.length);
456 MD5Final(confounded_session_key.data, &ctx);
458 SamOEMhashBlob(u.info26.password.data, 516, &confounded_session_key);
459 memcpy(&u.info26.password.data[516], confounder, 16);
461 printf("Testing SetUserInfo level 26 (set password ex)\n");
463 status = dcerpc_samr_SetUserInfo(p, mem_ctx, &s);
464 if (!NT_STATUS_IS_OK(status)) {
465 printf("SetUserInfo level %u failed - %s\n",
466 s.in.level, nt_errstr(status));
475 static BOOL test_SetUserPass_25(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
476 struct policy_handle *handle, char **password)
479 struct samr_SetUserInfo s;
480 union samr_UserInfo u;
482 DATA_BLOB session_key;
483 DATA_BLOB confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16);
484 uint8_t confounder[16];
485 char *newpass = samr_rand_pass(mem_ctx);
486 struct MD5Context ctx;
488 s.in.handle = handle;
494 u.info25.info.fields_present = SAMR_FIELD_PASSWORD;
496 encode_pw_buffer(u.info25.password.data, newpass, STR_UNICODE);
498 status = dcerpc_fetch_session_key(p, &session_key);
499 if (!NT_STATUS_IS_OK(status)) {
500 printf("SetUserInfo level %u - no session key - %s\n",
501 s.in.level, nt_errstr(status));
505 generate_random_buffer((unsigned char *)confounder, 16, False);
508 MD5Update(&ctx, confounder, 16);
509 MD5Update(&ctx, session_key.data, session_key.length);
510 MD5Final(confounded_session_key.data, &ctx);
512 SamOEMhashBlob(u.info25.password.data, 516, &confounded_session_key);
513 memcpy(&u.info25.password.data[516], confounder, 16);
515 printf("Testing SetUserInfo level 25 (set password ex)\n");
517 status = dcerpc_samr_SetUserInfo(p, mem_ctx, &s);
518 if (!NT_STATUS_IS_OK(status)) {
519 printf("SetUserInfo level %u failed - %s\n",
520 s.in.level, nt_errstr(status));
529 static BOOL test_SetAliasInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
530 struct policy_handle *handle)
533 struct samr_SetAliasInfo r;
534 struct samr_QueryAliasInfo q;
535 uint16_t levels[] = {2, 3};
539 /* Ignoring switch level 1, as that includes the number of members for the alias
540 * and setting this to a wrong value might have negative consequences
543 for (i=0;i<ARRAY_SIZE(levels);i++) {
544 printf("Testing SetAliasInfo level %u\n", levels[i]);
546 r.in.handle = handle;
547 r.in.level = levels[i];
548 switch (r.in.level) {
549 case 2 : init_samr_Name(&r.in.info.name,TEST_ALIASNAME); break;
550 case 3 : init_samr_Name(&r.in.info.description,
551 "Test Description, should test I18N as well"); break;
554 status = dcerpc_samr_SetAliasInfo(p, mem_ctx, &r);
555 if (!NT_STATUS_IS_OK(status)) {
556 printf("SetAliasInfo level %u failed - %s\n",
557 levels[i], nt_errstr(status));
561 q.in.handle = handle;
562 q.in.level = levels[i];
564 status = dcerpc_samr_QueryAliasInfo(p, mem_ctx, &q);
565 if (!NT_STATUS_IS_OK(status)) {
566 printf("QueryAliasInfo level %u failed - %s\n",
567 levels[i], nt_errstr(status));
575 static BOOL test_GetGroupsForUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
576 struct policy_handle *user_handle)
578 struct samr_GetGroupsForUser r;
582 printf("testing GetGroupsForUser\n");
584 r.in.handle = user_handle;
586 status = dcerpc_samr_GetGroupsForUser(p, mem_ctx, &r);
587 if (!NT_STATUS_IS_OK(status)) {
588 printf("GetGroupsForUser failed - %s\n",nt_errstr(status));
596 static BOOL test_GetDomPwInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
597 struct samr_Name *domain_name)
600 struct samr_GetDomPwInfo r;
603 r.in.name = domain_name;
604 printf("Testing GetDomPwInfo with name %s\n", r.in.name->name);
606 status = dcerpc_samr_GetDomPwInfo(p, mem_ctx, &r);
607 if (!NT_STATUS_IS_OK(status)) {
608 printf("GetDomPwInfo failed - %s\n", nt_errstr(status));
612 r.in.name->name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
613 printf("Testing GetDomPwInfo with name %s\n", r.in.name->name);
615 status = dcerpc_samr_GetDomPwInfo(p, mem_ctx, &r);
616 if (!NT_STATUS_IS_OK(status)) {
617 printf("GetDomPwInfo failed - %s\n", nt_errstr(status));
621 r.in.name->name = "\\\\__NONAME__";
622 printf("Testing GetDomPwInfo with name %s\n", r.in.name->name);
624 status = dcerpc_samr_GetDomPwInfo(p, mem_ctx, &r);
625 if (!NT_STATUS_IS_OK(status)) {
626 printf("GetDomPwInfo failed - %s\n", nt_errstr(status));
630 r.in.name->name = "\\\\Builtin";
631 printf("Testing GetDomPwInfo with name %s\n", r.in.name->name);
633 status = dcerpc_samr_GetDomPwInfo(p, mem_ctx, &r);
634 if (!NT_STATUS_IS_OK(status)) {
635 printf("GetDomPwInfo failed - %s\n", nt_errstr(status));
643 static BOOL test_GetUserPwInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
644 struct policy_handle *handle)
647 struct samr_GetUserPwInfo r;
650 printf("Testing GetUserPwInfo\n");
652 r.in.handle = handle;
654 status = dcerpc_samr_GetUserPwInfo(p, mem_ctx, &r);
655 if (!NT_STATUS_IS_OK(status)) {
656 printf("GetUserPwInfo failed - %s\n", nt_errstr(status));
663 static NTSTATUS test_LookupName(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
664 struct policy_handle *domain_handle, const char *name,
668 struct samr_LookupNames n;
669 struct samr_Name sname[2];
671 init_samr_Name(&sname[0], name);
673 n.in.handle = domain_handle;
676 status = dcerpc_samr_LookupNames(p, mem_ctx, &n);
677 if (NT_STATUS_IS_OK(status)) {
678 *rid = n.out.rids.ids[0];
683 init_samr_Name(&sname[1], "xxNONAMExx");
685 status = dcerpc_samr_LookupNames(p, mem_ctx, &n);
686 if (!NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) {
687 printf("LookupNames[2] failed - %s\n", nt_errstr(status));
691 init_samr_Name(&sname[1], "xxNONAMExx");
693 status = dcerpc_samr_LookupNames(p, mem_ctx, &n);
694 if (!NT_STATUS_IS_OK(status)) {
695 printf("LookupNames[0] failed - %s\n", nt_errstr(status));
701 static NTSTATUS test_OpenUser_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
702 struct policy_handle *domain_handle,
703 const char *name, struct policy_handle *user_handle)
706 struct samr_OpenUser r;
709 status = test_LookupName(p, mem_ctx, domain_handle, name, &rid);
710 if (!NT_STATUS_IS_OK(status)) {
714 r.in.handle = domain_handle;
715 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
717 r.out.acct_handle = user_handle;
718 status = dcerpc_samr_OpenUser(p, mem_ctx, &r);
719 if (!NT_STATUS_IS_OK(status)) {
720 printf("OpenUser_byname(%s) failed - %s\n", name, nt_errstr(status));
727 static BOOL test_ChangePasswordUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
728 struct policy_handle *handle, char **password)
731 struct samr_ChangePasswordUser r;
733 struct samr_Hash hash1, hash2, hash3, hash4, hash5, hash6;
734 struct policy_handle user_handle;
735 char *oldpass = *password;
736 char *newpass = samr_rand_pass(mem_ctx);
737 uint8_t old_nt_hash[16], new_nt_hash[16];
738 uint8_t old_lm_hash[16], new_lm_hash[16];
740 status = test_OpenUser_byname(p, mem_ctx, handle, TEST_USERNAME, &user_handle);
741 if (!NT_STATUS_IS_OK(status)) {
745 printf("Testing ChangePasswordUser\n");
747 E_md4hash(oldpass, old_nt_hash);
748 E_md4hash(newpass, new_nt_hash);
749 E_deshash(oldpass, old_lm_hash);
750 E_deshash(newpass, new_lm_hash);
752 E_old_pw_hash(new_lm_hash, old_lm_hash, hash1.hash);
753 E_old_pw_hash(old_lm_hash, new_lm_hash, hash2.hash);
754 E_old_pw_hash(new_nt_hash, old_nt_hash, hash3.hash);
755 E_old_pw_hash(old_nt_hash, new_nt_hash, hash4.hash);
756 E_old_pw_hash(old_lm_hash, new_nt_hash, hash5.hash);
757 E_old_pw_hash(old_nt_hash, new_lm_hash, hash6.hash);
759 r.in.handle = &user_handle;
761 r.in.old_lm_crypted = &hash1;
762 r.in.new_lm_crypted = &hash2;
764 r.in.old_nt_crypted = &hash3;
765 r.in.new_nt_crypted = &hash4;
766 r.in.cross1_present = 1;
767 r.in.nt_cross = &hash5;
768 r.in.cross2_present = 1;
769 r.in.lm_cross = &hash6;
771 status = dcerpc_samr_ChangePasswordUser(p, mem_ctx, &r);
772 if (!NT_STATUS_IS_OK(status)) {
773 printf("ChangePasswordUser failed - %s\n", nt_errstr(status));
779 if (!test_Close(p, mem_ctx, &user_handle)) {
787 static BOOL test_OemChangePasswordUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
788 struct policy_handle *handle, char **password)
791 struct samr_OemChangePasswordUser2 r;
793 struct samr_Hash lm_verifier;
794 struct samr_CryptPassword lm_pass;
795 struct samr_AsciiName server, account;
796 char *oldpass = *password;
797 char *newpass = samr_rand_pass(mem_ctx);
798 uint8_t old_lm_hash[16], new_lm_hash[16];
800 printf("Testing OemChangePasswordUser2\n");
802 server.name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
803 account.name = TEST_USERNAME;
805 E_deshash(oldpass, old_lm_hash);
806 E_deshash(newpass, new_lm_hash);
808 encode_pw_buffer(lm_pass.data, newpass, STR_ASCII);
809 SamOEMhash(lm_pass.data, old_lm_hash, 516);
810 E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash);
812 r.in.server = &server;
813 r.in.account = &account;
814 r.in.password = &lm_pass;
815 r.in.hash = &lm_verifier;
817 status = dcerpc_samr_OemChangePasswordUser2(p, mem_ctx, &r);
818 if (!NT_STATUS_IS_OK(status)) {
819 printf("OemChangePasswordUser2 failed - %s\n", nt_errstr(status));
829 static BOOL test_ChangePasswordUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
830 struct policy_handle *handle, char **password)
833 struct samr_ChangePasswordUser2 r;
835 struct samr_Name server, account;
836 struct samr_CryptPassword nt_pass, lm_pass;
837 struct samr_Hash nt_verifier, lm_verifier;
838 char *oldpass = *password;
839 char *newpass = samr_rand_pass(mem_ctx);
840 uint8_t old_nt_hash[16], new_nt_hash[16];
841 uint8_t old_lm_hash[16], new_lm_hash[16];
843 printf("Testing ChangePasswordUser2\n");
845 server.name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
846 init_samr_Name(&account, TEST_USERNAME);
848 E_md4hash(oldpass, old_nt_hash);
849 E_md4hash(newpass, new_nt_hash);
851 E_deshash(oldpass, old_lm_hash);
852 E_deshash(newpass, new_lm_hash);
854 encode_pw_buffer(lm_pass.data, newpass, STR_ASCII|STR_TERMINATE);
855 SamOEMhash(lm_pass.data, old_lm_hash, 516);
856 E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash);
858 encode_pw_buffer(nt_pass.data, newpass, STR_UNICODE);
859 SamOEMhash(nt_pass.data, old_nt_hash, 516);
860 E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
862 r.in.server = &server;
863 r.in.account = &account;
864 r.in.nt_password = &nt_pass;
865 r.in.nt_verifier = &nt_verifier;
867 r.in.lm_password = &lm_pass;
868 r.in.lm_verifier = &lm_verifier;
870 status = dcerpc_samr_ChangePasswordUser2(p, mem_ctx, &r);
871 if (!NT_STATUS_IS_OK(status)) {
872 printf("ChangePasswordUser2 failed - %s\n", nt_errstr(status));
882 static BOOL test_ChangePasswordUser3(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
883 struct policy_handle *handle, char **password)
886 struct samr_ChangePasswordUser3 r;
888 struct samr_Name server, account;
889 struct samr_CryptPassword nt_pass, lm_pass;
890 struct samr_Hash nt_verifier, lm_verifier;
891 char *oldpass = *password;
892 char *newpass = samr_rand_pass(mem_ctx);
893 uint8_t old_nt_hash[16], new_nt_hash[16];
894 uint8_t old_lm_hash[16], new_lm_hash[16];
896 printf("Testing ChangePasswordUser3\n");
898 server.name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
899 init_samr_Name(&account, TEST_USERNAME);
901 E_md4hash(oldpass, old_nt_hash);
902 E_md4hash(newpass, new_nt_hash);
904 E_deshash(oldpass, old_lm_hash);
905 E_deshash(newpass, new_lm_hash);
907 encode_pw_buffer(lm_pass.data, newpass, STR_UNICODE);
908 SamOEMhash(lm_pass.data, old_nt_hash, 516);
909 E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash);
911 encode_pw_buffer(nt_pass.data, newpass, STR_UNICODE);
912 SamOEMhash(nt_pass.data, old_nt_hash, 516);
913 E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
915 r.in.server = &server;
916 r.in.account = &account;
917 r.in.nt_password = &nt_pass;
918 r.in.nt_verifier = &nt_verifier;
920 r.in.lm_password = &lm_pass;
921 r.in.lm_verifier = &lm_verifier;
922 r.in.password3 = NULL;
924 status = dcerpc_samr_ChangePasswordUser3(p, mem_ctx, &r);
925 if (!NT_STATUS_IS_OK(status)) {
926 printf("ChangePasswordUser3 failed - %s\n", nt_errstr(status));
936 static BOOL test_GetMembersInAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
937 struct policy_handle *alias_handle)
939 struct samr_GetMembersInAlias r;
940 struct lsa_SidArray sids;
944 printf("Testing GetMembersInAlias\n");
946 r.in.handle = alias_handle;
949 status = dcerpc_samr_GetMembersInAlias(p, mem_ctx, &r);
950 if (!NT_STATUS_IS_OK(status)) {
951 printf("GetMembersInAlias failed - %s\n",
959 static BOOL test_AddMemberToAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
960 struct policy_handle *alias_handle,
961 struct policy_handle *domain_handle,
962 const struct dom_sid *domain_sid)
964 struct samr_AddAliasMember r;
965 struct samr_DeleteAliasMember d;
970 sid = dom_sid_add_rid(mem_ctx, domain_sid, 512);
972 printf("testing AddAliasMember\n");
973 r.in.handle = alias_handle;
976 status = dcerpc_samr_AddAliasMember(p, mem_ctx, &r);
977 if (!NT_STATUS_IS_OK(status)) {
978 printf("AddAliasMember failed - %s\n", nt_errstr(status));
982 d.in.handle = alias_handle;
985 status = dcerpc_samr_DeleteAliasMember(p, mem_ctx, &d);
986 if (!NT_STATUS_IS_OK(status)) {
987 printf("DelAliasMember failed - %s\n", nt_errstr(status));
994 static BOOL test_AddMultipleMembersToAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
995 struct policy_handle *alias_handle)
997 struct samr_AddMultipleMembersToAlias a;
998 struct samr_RemoveMultipleMembersFromAlias r;
1001 struct lsa_SidArray sids;
1003 printf("testing AddMultipleMembersToAlias\n");
1004 a.in.handle = alias_handle;
1008 sids.sids = talloc_array_p(mem_ctx, struct lsa_SidPtr, 3);
1010 sids.sids[0].sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-1-2-3-1");
1011 sids.sids[1].sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-1-2-3-2");
1012 sids.sids[2].sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-1-2-3-3");
1014 status = dcerpc_samr_AddMultipleMembersToAlias(p, mem_ctx, &a);
1015 if (!NT_STATUS_IS_OK(status)) {
1016 printf("AddMultipleMembersToAlias failed - %s\n", nt_errstr(status));
1021 printf("testing RemoveMultipleMembersFromAlias\n");
1022 r.in.handle = alias_handle;
1025 status = dcerpc_samr_RemoveMultipleMembersFromAlias(p, mem_ctx, &r);
1026 if (!NT_STATUS_IS_OK(status)) {
1027 printf("RemoveMultipleMembersFromAlias failed - %s\n", nt_errstr(status));
1031 /* strange! removing twice doesn't give any error */
1032 status = dcerpc_samr_RemoveMultipleMembersFromAlias(p, mem_ctx, &r);
1033 if (!NT_STATUS_IS_OK(status)) {
1034 printf("RemoveMultipleMembersFromAlias failed - %s\n", nt_errstr(status));
1038 /* but removing an alias that isn't there does */
1039 sids.sids[2].sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-1-2-3-4");
1041 status = dcerpc_samr_RemoveMultipleMembersFromAlias(p, mem_ctx, &r);
1042 if (!NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_NOT_FOUND, status)) {
1043 printf("RemoveMultipleMembersFromAlias failed - %s\n", nt_errstr(status));
1050 static BOOL test_TestPrivateFunctionsUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1051 struct policy_handle *user_handle)
1053 struct samr_TestPrivateFunctionsUser r;
1057 printf("Testing TestPrivateFunctionsUser\n");
1059 r.in.handle = user_handle;
1061 status = dcerpc_samr_TestPrivateFunctionsUser(p, mem_ctx, &r);
1062 if (!NT_STATUS_EQUAL(NT_STATUS_NOT_IMPLEMENTED, status)) {
1063 printf("TestPrivateFunctionsUser failed - %s\n", nt_errstr(status));
1071 static BOOL test_user_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1072 struct policy_handle *handle)
1076 if (!test_QuerySecurity(p, mem_ctx, handle)) {
1080 if (!test_QueryUserInfo(p, mem_ctx, handle)) {
1084 if (!test_QueryUserInfo2(p, mem_ctx, handle)) {
1088 if (!test_SetUserInfo(p, mem_ctx, handle)) {
1092 if (!test_GetUserPwInfo(p, mem_ctx, handle)) {
1096 if (!test_TestPrivateFunctionsUser(p, mem_ctx, handle)) {
1103 static BOOL test_alias_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1104 struct policy_handle *alias_handle,
1105 struct policy_handle *domain_handle,
1106 const struct dom_sid *domain_sid)
1110 if (!test_QuerySecurity(p, mem_ctx, alias_handle)) {
1114 if (!test_QueryAliasInfo(p, mem_ctx, alias_handle)) {
1118 if (!test_SetAliasInfo(p, mem_ctx, alias_handle)) {
1122 if (!test_AddMemberToAlias(p, mem_ctx, alias_handle,
1123 domain_handle, domain_sid)) {
1127 if (!test_AddMultipleMembersToAlias(p, mem_ctx, alias_handle)) {
1135 BOOL test_DeleteUser_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1136 struct policy_handle *handle, const char *name)
1139 struct samr_DeleteUser d;
1140 struct policy_handle acct_handle;
1143 status = test_LookupName(p, mem_ctx, handle, name, &rid);
1144 if (!NT_STATUS_IS_OK(status)) {
1148 status = test_OpenUser_byname(p, mem_ctx, handle, name, &acct_handle);
1149 if (!NT_STATUS_IS_OK(status)) {
1153 d.in.handle = &acct_handle;
1154 d.out.handle = &acct_handle;
1155 status = dcerpc_samr_DeleteUser(p, mem_ctx, &d);
1156 if (!NT_STATUS_IS_OK(status)) {
1163 printf("DeleteUser_byname(%s) failed - %s\n", name, nt_errstr(status));
1168 static BOOL test_DeleteGroup_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1169 struct policy_handle *handle, const char *name)
1172 struct samr_OpenGroup r;
1173 struct samr_DeleteDomainGroup d;
1174 struct policy_handle group_handle;
1177 status = test_LookupName(p, mem_ctx, handle, name, &rid);
1178 if (!NT_STATUS_IS_OK(status)) {
1182 r.in.handle = handle;
1183 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
1185 r.out.acct_handle = &group_handle;
1186 status = dcerpc_samr_OpenGroup(p, mem_ctx, &r);
1187 if (!NT_STATUS_IS_OK(status)) {
1191 d.in.handle = &group_handle;
1192 d.out.handle = &group_handle;
1193 status = dcerpc_samr_DeleteDomainGroup(p, mem_ctx, &d);
1194 if (!NT_STATUS_IS_OK(status)) {
1201 printf("DeleteGroup_byname(%s) failed - %s\n", name, nt_errstr(status));
1206 static BOOL test_DeleteAlias_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1207 struct policy_handle *domain_handle, const char *name)
1210 struct samr_OpenAlias r;
1211 struct samr_DeleteDomAlias d;
1212 struct policy_handle alias_handle;
1215 printf("testing DeleteAlias_byname\n");
1217 status = test_LookupName(p, mem_ctx, domain_handle, name, &rid);
1218 if (!NT_STATUS_IS_OK(status)) {
1222 r.in.handle = domain_handle;
1223 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
1225 r.out.acct_handle = &alias_handle;
1226 status = dcerpc_samr_OpenAlias(p, mem_ctx, &r);
1227 if (!NT_STATUS_IS_OK(status)) {
1231 d.in.handle = &alias_handle;
1232 d.out.handle = &alias_handle;
1233 status = dcerpc_samr_DeleteDomAlias(p, mem_ctx, &d);
1234 if (!NT_STATUS_IS_OK(status)) {
1241 printf("DeleteUser_byname(%s) failed - %s\n", name, nt_errstr(status));
1245 static BOOL test_DeleteAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1246 struct policy_handle *alias_handle)
1248 struct samr_DeleteDomAlias d;
1251 printf("Testing DeleteAlias\n");
1253 d.in.handle = alias_handle;
1254 d.out.handle = alias_handle;
1256 status = dcerpc_samr_DeleteDomAlias(p, mem_ctx, &d);
1257 if (!NT_STATUS_IS_OK(status)) {
1258 printf("DeleteAlias failed - %s\n", nt_errstr(status));
1265 static BOOL test_CreateAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1266 struct policy_handle *domain_handle,
1267 struct policy_handle *alias_handle,
1268 const struct dom_sid *domain_sid)
1271 struct samr_CreateDomAlias r;
1272 struct samr_Name name;
1276 init_samr_Name(&name, TEST_ALIASNAME);
1277 r.in.handle = domain_handle;
1278 r.in.aliasname = &name;
1279 r.in.access_mask = SEC_RIGHT_MAXIMUM_ALLOWED;
1280 r.out.acct_handle = alias_handle;
1283 printf("Testing CreateAlias (%s)\n", r.in.aliasname->name);
1285 status = dcerpc_samr_CreateDomAlias(p, mem_ctx, &r);
1287 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
1288 printf("Server refused create of '%s'\n", r.in.aliasname->name);
1292 if (NT_STATUS_EQUAL(status, NT_STATUS_ALIAS_EXISTS)) {
1293 if (!test_DeleteAlias_byname(p, mem_ctx, domain_handle, r.in.aliasname->name)) {
1296 status = dcerpc_samr_CreateDomAlias(p, mem_ctx, &r);
1299 if (!NT_STATUS_IS_OK(status)) {
1300 printf("CreateAlias failed - %s\n", nt_errstr(status));
1304 if (!test_alias_ops(p, mem_ctx, alias_handle, domain_handle, domain_sid)) {
1311 static BOOL test_ChangePassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1312 struct policy_handle *domain_handle, char **password)
1320 if (!test_ChangePasswordUser(p, mem_ctx, domain_handle, password)) {
1324 if (!test_ChangePasswordUser2(p, mem_ctx, domain_handle, password)) {
1328 if (!test_OemChangePasswordUser2(p, mem_ctx, domain_handle, password)) {
1332 if (!test_ChangePasswordUser3(p, mem_ctx, domain_handle, password)) {
1339 static BOOL test_CreateUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1340 struct policy_handle *domain_handle, struct policy_handle *user_handle)
1343 struct samr_CreateUser r;
1344 struct samr_QueryUserInfo q;
1346 char *password = NULL;
1348 /* This call creates a 'normal' account - check that it really does */
1349 const uint32_t acct_flags = ACB_NORMAL;
1350 struct samr_Name name;
1353 init_samr_Name(&name, TEST_USERNAME);
1355 r.in.handle = domain_handle;
1356 r.in.username = &name;
1357 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
1358 r.out.acct_handle = user_handle;
1361 printf("Testing CreateUser(%s)\n", r.in.username->name);
1363 status = dcerpc_samr_CreateUser(p, mem_ctx, &r);
1365 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
1366 printf("Server refused create of '%s'\n", r.in.username->name);
1367 ZERO_STRUCTP(user_handle);
1371 if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
1372 if (!test_DeleteUser_byname(p, mem_ctx, domain_handle, r.in.username->name)) {
1375 status = dcerpc_samr_CreateUser(p, mem_ctx, &r);
1377 if (!NT_STATUS_IS_OK(status)) {
1378 printf("CreateUser failed - %s\n", nt_errstr(status));
1382 q.in.handle = user_handle;
1385 status = dcerpc_samr_QueryUserInfo(p, mem_ctx, &q);
1386 if (!NT_STATUS_IS_OK(status)) {
1387 printf("QueryUserInfo level %u failed - %s\n",
1388 q.in.level, nt_errstr(status));
1391 if ((q.out.info->info16.acct_flags & acct_flags) != acct_flags) {
1392 printf("QuerUserInfo level 16 failed, it returned 0x%08x (%u) when we expected flags of 0x%08x (%u)\n",
1393 q.out.info->info16.acct_flags, q.out.info->info16.acct_flags,
1394 acct_flags, acct_flags);
1399 if (!test_user_ops(p, mem_ctx, user_handle)) {
1403 if (!test_SetUserPass(p, mem_ctx, user_handle, &password)) {
1407 if (!test_SetUserPass_23(p, mem_ctx, user_handle, &password)) {
1411 if (!test_SetUserPassEx(p, mem_ctx, user_handle, &password)) {
1415 if (!test_SetUserPass_25(p, mem_ctx, user_handle, &password)) {
1419 /* we change passwords twice - this has the effect of verifying
1420 they were changed correctly */
1421 if (!test_ChangePassword(p, mem_ctx, domain_handle, &password)) {
1425 if (!test_ChangePassword(p, mem_ctx, domain_handle, &password)) {
1434 static BOOL test_DeleteUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1435 struct policy_handle *user_handle)
1437 struct samr_DeleteUser d;
1441 printf("Testing DeleteUser\n");
1443 d.in.handle = user_handle;
1444 d.out.handle = user_handle;
1446 status = dcerpc_samr_DeleteUser(p, mem_ctx, &d);
1447 if (!NT_STATUS_IS_OK(status)) {
1448 printf("DeleteUser failed - %s\n", nt_errstr(status));
1455 static BOOL test_CreateUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1456 struct policy_handle *handle)
1459 struct samr_CreateUser2 r;
1460 struct samr_QueryUserInfo q;
1461 struct samr_DeleteUser d;
1462 struct policy_handle acct_handle;
1464 struct samr_Name name;
1469 uint32_t acct_flags;
1470 const char *account_name;
1472 } account_types[] = {
1473 { ACB_NORMAL, TEST_USERNAME, NT_STATUS_OK },
1474 { ACB_NORMAL | ACB_DISABLED, TEST_USERNAME, NT_STATUS_INVALID_PARAMETER },
1475 { ACB_NORMAL | ACB_PWNOEXP, TEST_USERNAME, NT_STATUS_INVALID_PARAMETER },
1476 { ACB_WSTRUST, TEST_MACHINENAME, NT_STATUS_OK },
1477 { ACB_WSTRUST | ACB_DISABLED, TEST_MACHINENAME, NT_STATUS_INVALID_PARAMETER },
1478 { ACB_WSTRUST | ACB_PWNOEXP, TEST_MACHINENAME, NT_STATUS_INVALID_PARAMETER },
1479 { ACB_SVRTRUST, TEST_MACHINENAME, NT_STATUS_OK },
1480 { ACB_SVRTRUST | ACB_DISABLED, TEST_MACHINENAME, NT_STATUS_INVALID_PARAMETER },
1481 { ACB_SVRTRUST | ACB_PWNOEXP, TEST_MACHINENAME, NT_STATUS_INVALID_PARAMETER },
1482 { ACB_DOMTRUST, TEST_DOMAINNAME, NT_STATUS_OK },
1483 { ACB_DOMTRUST | ACB_DISABLED, TEST_DOMAINNAME, NT_STATUS_INVALID_PARAMETER },
1484 { ACB_DOMTRUST | ACB_PWNOEXP, TEST_DOMAINNAME, NT_STATUS_INVALID_PARAMETER },
1485 { 0, TEST_USERNAME, NT_STATUS_INVALID_PARAMETER },
1486 { ACB_DISABLED, TEST_USERNAME, NT_STATUS_INVALID_PARAMETER },
1487 { 0, NULL, NT_STATUS_INVALID_PARAMETER }
1490 for (i = 0; account_types[i].account_name; i++) {
1491 uint32_t acct_flags = account_types[i].acct_flags;
1492 uint32_t access_granted;
1494 init_samr_Name(&name, account_types[i].account_name);
1496 r.in.handle = handle;
1497 r.in.username = &name;
1498 r.in.acct_flags = acct_flags;
1499 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
1500 r.out.acct_handle = &acct_handle;
1501 r.out.access_granted = &access_granted;
1504 printf("Testing CreateUser2(%s)\n", r.in.username->name);
1506 status = dcerpc_samr_CreateUser2(p, mem_ctx, &r);
1508 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
1509 printf("Server refused create of '%s'\n", r.in.username->name);
1512 } else if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
1513 if (!test_DeleteUser_byname(p, mem_ctx, handle, r.in.username->name)) {
1516 status = dcerpc_samr_CreateUser2(p, mem_ctx, &r);
1519 if (!NT_STATUS_EQUAL(status, account_types[i].nt_status)) {
1520 printf("CreateUser2 failed gave incorrect error return - %s (should be %s)\n",
1521 nt_errstr(status), nt_errstr(account_types[i].nt_status));
1525 if (NT_STATUS_IS_OK(status)) {
1526 q.in.handle = &acct_handle;
1529 status = dcerpc_samr_QueryUserInfo(p, mem_ctx, &q);
1530 if (!NT_STATUS_IS_OK(status)) {
1531 printf("QueryUserInfo level %u failed - %s\n",
1532 q.in.level, nt_errstr(status));
1535 if ((q.out.info->info16.acct_flags & acct_flags) != acct_flags) {
1536 printf("QuerUserInfo level 16 failed, it returned 0x%08x when we expected flags of 0x%08x\n",
1537 q.out.info->info16.acct_flags,
1543 if (!test_user_ops(p, mem_ctx, &acct_handle)) {
1547 printf("Testing DeleteUser (createuser2 test)\n");
1549 d.in.handle = &acct_handle;
1550 d.out.handle = &acct_handle;
1552 status = dcerpc_samr_DeleteUser(p, mem_ctx, &d);
1553 if (!NT_STATUS_IS_OK(status)) {
1554 printf("DeleteUser failed - %s\n", nt_errstr(status));
1563 static BOOL test_QueryAliasInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1564 struct policy_handle *handle)
1567 struct samr_QueryAliasInfo r;
1568 uint16_t levels[] = {1, 2, 3};
1572 for (i=0;i<ARRAY_SIZE(levels);i++) {
1573 printf("Testing QueryAliasInfo level %u\n", levels[i]);
1575 r.in.handle = handle;
1576 r.in.level = levels[i];
1578 status = dcerpc_samr_QueryAliasInfo(p, mem_ctx, &r);
1579 if (!NT_STATUS_IS_OK(status)) {
1580 printf("QueryAliasInfo level %u failed - %s\n",
1581 levels[i], nt_errstr(status));
1589 static BOOL test_QueryGroupInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1590 struct policy_handle *handle)
1593 struct samr_QueryGroupInfo r;
1594 uint16_t levels[] = {1, 2, 3, 4};
1598 for (i=0;i<ARRAY_SIZE(levels);i++) {
1599 printf("Testing QueryGroupInfo level %u\n", levels[i]);
1601 r.in.handle = handle;
1602 r.in.level = levels[i];
1604 status = dcerpc_samr_QueryGroupInfo(p, mem_ctx, &r);
1605 if (!NT_STATUS_IS_OK(status)) {
1606 printf("QueryGroupInfo level %u failed - %s\n",
1607 levels[i], nt_errstr(status));
1616 static BOOL test_SetGroupInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1617 struct policy_handle *handle)
1620 struct samr_QueryGroupInfo r;
1621 struct samr_SetGroupInfo s;
1622 uint16_t levels[] = {1, 2, 3, 4};
1623 uint16_t set_ok[] = {0, 1, 1, 1};
1627 for (i=0;i<ARRAY_SIZE(levels);i++) {
1628 printf("Testing QueryGroupInfo level %u\n", levels[i]);
1630 r.in.handle = handle;
1631 r.in.level = levels[i];
1633 status = dcerpc_samr_QueryGroupInfo(p, mem_ctx, &r);
1634 if (!NT_STATUS_IS_OK(status)) {
1635 printf("QueryGroupInfo level %u failed - %s\n",
1636 levels[i], nt_errstr(status));
1640 printf("Testing SetGroupInfo level %u\n", levels[i]);
1642 s.in.handle = handle;
1643 s.in.level = levels[i];
1644 s.in.info = r.out.info;
1646 if (s.in.level == 2) {
1647 init_samr_Name(&s.in.info->name, "NewName");
1650 if (s.in.level == 4) {
1651 init_samr_Name(&s.in.info->description, "test description");
1654 status = dcerpc_samr_SetGroupInfo(p, mem_ctx, &s);
1656 if (!NT_STATUS_IS_OK(status)) {
1657 printf("SetGroupInfo level %u failed - %s\n",
1658 r.in.level, nt_errstr(status));
1663 if (!NT_STATUS_EQUAL(NT_STATUS_INVALID_INFO_CLASS, status)) {
1664 printf("SetGroupInfo level %u gave %s - should have been NT_STATUS_INVALID_INFO_CLASS\n",
1665 r.in.level, nt_errstr(status));
1675 static BOOL test_QueryUserInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1676 struct policy_handle *handle)
1679 struct samr_QueryUserInfo r;
1680 uint16_t levels[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
1681 11, 12, 13, 14, 16, 17, 20, 21};
1685 for (i=0;i<ARRAY_SIZE(levels);i++) {
1686 printf("Testing QueryUserInfo level %u\n", levels[i]);
1688 r.in.handle = handle;
1689 r.in.level = levels[i];
1691 status = dcerpc_samr_QueryUserInfo(p, mem_ctx, &r);
1692 if (!NT_STATUS_IS_OK(status)) {
1693 printf("QueryUserInfo level %u failed - %s\n",
1694 levels[i], nt_errstr(status));
1702 static BOOL test_QueryUserInfo2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1703 struct policy_handle *handle)
1706 struct samr_QueryUserInfo2 r;
1707 uint16_t levels[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
1708 11, 12, 13, 14, 16, 17, 20, 21};
1712 for (i=0;i<ARRAY_SIZE(levels);i++) {
1713 printf("Testing QueryUserInfo2 level %u\n", levels[i]);
1715 r.in.handle = handle;
1716 r.in.level = levels[i];
1718 status = dcerpc_samr_QueryUserInfo2(p, mem_ctx, &r);
1719 if (!NT_STATUS_IS_OK(status)) {
1720 printf("QueryUserInfo2 level %u failed - %s\n",
1721 levels[i], nt_errstr(status));
1729 static BOOL test_OpenUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1730 struct policy_handle *handle, uint32_t rid)
1733 struct samr_OpenUser r;
1734 struct policy_handle acct_handle;
1737 printf("Testing OpenUser(%u)\n", rid);
1739 r.in.handle = handle;
1740 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
1742 r.out.acct_handle = &acct_handle;
1744 status = dcerpc_samr_OpenUser(p, mem_ctx, &r);
1745 if (!NT_STATUS_IS_OK(status)) {
1746 printf("OpenUser(%u) failed - %s\n", rid, nt_errstr(status));
1750 if (!test_QuerySecurity(p, mem_ctx, &acct_handle)) {
1754 if (!test_QueryUserInfo(p, mem_ctx, &acct_handle)) {
1758 if (!test_QueryUserInfo2(p, mem_ctx, &acct_handle)) {
1762 if (!test_GetUserPwInfo(p, mem_ctx, &acct_handle)) {
1766 if (!test_GetGroupsForUser(p,mem_ctx, &acct_handle)) {
1770 if (!test_Close(p, mem_ctx, &acct_handle)) {
1777 static BOOL test_OpenGroup(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1778 struct policy_handle *handle, uint32_t rid)
1781 struct samr_OpenGroup r;
1782 struct policy_handle acct_handle;
1785 printf("Testing OpenGroup(%u)\n", rid);
1787 r.in.handle = handle;
1788 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
1790 r.out.acct_handle = &acct_handle;
1792 status = dcerpc_samr_OpenGroup(p, mem_ctx, &r);
1793 if (!NT_STATUS_IS_OK(status)) {
1794 printf("OpenGroup(%u) failed - %s\n", rid, nt_errstr(status));
1798 if (!test_QuerySecurity(p, mem_ctx, &acct_handle)) {
1802 if (!test_QueryGroupInfo(p, mem_ctx, &acct_handle)) {
1806 if (!test_Close(p, mem_ctx, &acct_handle)) {
1813 static BOOL test_OpenAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1814 struct policy_handle *handle, uint32_t rid)
1817 struct samr_OpenAlias r;
1818 struct policy_handle acct_handle;
1821 printf("Testing OpenAlias(%u)\n", rid);
1823 r.in.handle = handle;
1824 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
1826 r.out.acct_handle = &acct_handle;
1828 status = dcerpc_samr_OpenAlias(p, mem_ctx, &r);
1829 if (!NT_STATUS_IS_OK(status)) {
1830 printf("OpenAlias(%u) failed - %s\n", rid, nt_errstr(status));
1834 if (!test_QuerySecurity(p, mem_ctx, &acct_handle)) {
1838 if (!test_QueryAliasInfo(p, mem_ctx, &acct_handle)) {
1842 if (!test_GetMembersInAlias(p, mem_ctx, &acct_handle)) {
1846 if (!test_Close(p, mem_ctx, &acct_handle)) {
1853 static BOOL test_EnumDomainUsers(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1854 struct policy_handle *handle)
1857 struct samr_EnumDomainUsers r;
1858 uint32_t resume_handle=0;
1861 struct samr_LookupNames n;
1862 struct samr_LookupRids lr ;
1864 printf("Testing EnumDomainUsers\n");
1866 r.in.handle = handle;
1867 r.in.resume_handle = &resume_handle;
1868 r.in.acct_flags = 0;
1869 r.in.max_size = (uint32_t)-1;
1870 r.out.resume_handle = &resume_handle;
1872 status = dcerpc_samr_EnumDomainUsers(p, mem_ctx, &r);
1873 if (!NT_STATUS_IS_OK(status)) {
1874 printf("EnumDomainUsers failed - %s\n", nt_errstr(status));
1882 if (r.out.sam->count == 0) {
1886 for (i=0;i<r.out.sam->count;i++) {
1887 if (!test_OpenUser(p, mem_ctx, handle, r.out.sam->entries[i].idx)) {
1892 printf("Testing LookupNames\n");
1893 n.in.handle = handle;
1894 n.in.num_names = r.out.sam->count;
1895 n.in.names = talloc(mem_ctx, r.out.sam->count * sizeof(struct samr_Name));
1896 for (i=0;i<r.out.sam->count;i++) {
1897 n.in.names[i] = r.out.sam->entries[i].name;
1899 status = dcerpc_samr_LookupNames(p, mem_ctx, &n);
1900 if (!NT_STATUS_IS_OK(status)) {
1901 printf("LookupNames failed - %s\n", nt_errstr(status));
1906 printf("Testing LookupRids\n");
1907 lr.in.handle = handle;
1908 lr.in.num_rids = r.out.sam->count;
1909 lr.in.rids = talloc(mem_ctx, r.out.sam->count * sizeof(uint32_t));
1910 for (i=0;i<r.out.sam->count;i++) {
1911 lr.in.rids[i] = r.out.sam->entries[i].idx;
1913 status = dcerpc_samr_LookupRids(p, mem_ctx, &lr);
1914 if (!NT_STATUS_IS_OK(status)) {
1915 printf("LookupRids failed - %s\n", nt_errstr(status));
1922 static BOOL test_EnumDomainGroups(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1923 struct policy_handle *handle)
1926 struct samr_EnumDomainGroups r;
1927 uint32_t resume_handle=0;
1931 printf("Testing EnumDomainGroups\n");
1933 r.in.handle = handle;
1934 r.in.resume_handle = &resume_handle;
1935 r.in.max_size = (uint32_t)-1;
1936 r.out.resume_handle = &resume_handle;
1938 status = dcerpc_samr_EnumDomainGroups(p, mem_ctx, &r);
1939 if (!NT_STATUS_IS_OK(status)) {
1940 printf("EnumDomainGroups failed - %s\n", nt_errstr(status));
1948 for (i=0;i<r.out.sam->count;i++) {
1949 if (!test_OpenGroup(p, mem_ctx, handle, r.out.sam->entries[i].idx)) {
1957 static BOOL test_EnumDomainAliases(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1958 struct policy_handle *handle)
1961 struct samr_EnumDomainAliases r;
1962 uint32_t resume_handle=0;
1966 printf("Testing EnumDomainAliases\n");
1968 r.in.handle = handle;
1969 r.in.resume_handle = &resume_handle;
1970 r.in.max_size = (uint32_t)-1;
1971 r.out.resume_handle = &resume_handle;
1973 status = dcerpc_samr_EnumDomainAliases(p, mem_ctx, &r);
1974 if (!NT_STATUS_IS_OK(status)) {
1975 printf("EnumDomainAliases failed - %s\n", nt_errstr(status));
1983 for (i=0;i<r.out.sam->count;i++) {
1984 if (!test_OpenAlias(p, mem_ctx, handle, r.out.sam->entries[i].idx)) {
1992 static BOOL test_GetDisplayEnumerationIndex(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1993 struct policy_handle *handle)
1996 struct samr_GetDisplayEnumerationIndex r;
1998 uint16_t levels[] = {1, 2, 3, 4, 5};
1999 uint16_t ok_lvl[] = {1, 1, 1, 0, 0};
2002 for (i=0;i<ARRAY_SIZE(levels);i++) {
2003 printf("Testing GetDisplayEnumerationIndex level %u\n", levels[i]);
2005 r.in.handle = handle;
2006 r.in.level = levels[i];
2007 init_samr_Name(&r.in.name, TEST_USERNAME);
2009 status = dcerpc_samr_GetDisplayEnumerationIndex(p, mem_ctx, &r);
2012 !NT_STATUS_IS_OK(status) &&
2013 !NT_STATUS_EQUAL(NT_STATUS_NO_MORE_ENTRIES, status)) {
2014 printf("GetDisplayEnumerationIndex level %u failed - %s\n",
2015 levels[i], nt_errstr(status));
2019 init_samr_Name(&r.in.name, "zzzzzzzz");
2021 status = dcerpc_samr_GetDisplayEnumerationIndex(p, mem_ctx, &r);
2023 if (ok_lvl[i] && !NT_STATUS_EQUAL(NT_STATUS_NO_MORE_ENTRIES, status)) {
2024 printf("GetDisplayEnumerationIndex level %u failed - %s\n",
2025 levels[i], nt_errstr(status));
2033 static BOOL test_GetDisplayEnumerationIndex2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2034 struct policy_handle *handle)
2037 struct samr_GetDisplayEnumerationIndex2 r;
2039 uint16_t levels[] = {1, 2, 3, 4, 5};
2040 uint16_t ok_lvl[] = {1, 1, 1, 0, 0};
2043 for (i=0;i<ARRAY_SIZE(levels);i++) {
2044 printf("Testing GetDisplayEnumerationIndex2 level %u\n", levels[i]);
2046 r.in.handle = handle;
2047 r.in.level = levels[i];
2048 init_samr_Name(&r.in.name, TEST_USERNAME);
2050 status = dcerpc_samr_GetDisplayEnumerationIndex2(p, mem_ctx, &r);
2052 !NT_STATUS_IS_OK(status) &&
2053 !NT_STATUS_EQUAL(NT_STATUS_NO_MORE_ENTRIES, status)) {
2054 printf("GetDisplayEnumerationIndex2 level %u failed - %s\n",
2055 levels[i], nt_errstr(status));
2059 init_samr_Name(&r.in.name, "zzzzzzzz");
2061 status = dcerpc_samr_GetDisplayEnumerationIndex2(p, mem_ctx, &r);
2062 if (ok_lvl[i] && !NT_STATUS_EQUAL(NT_STATUS_NO_MORE_ENTRIES, status)) {
2063 printf("GetDisplayEnumerationIndex2 level %u failed - %s\n",
2064 levels[i], nt_errstr(status));
2072 static BOOL test_QueryDisplayInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2073 struct policy_handle *handle)
2076 struct samr_QueryDisplayInfo r;
2078 uint16_t levels[] = {1, 2, 3, 4, 5};
2081 for (i=0;i<ARRAY_SIZE(levels);i++) {
2082 printf("Testing QueryDisplayInfo level %u\n", levels[i]);
2084 r.in.handle = handle;
2085 r.in.level = levels[i];
2087 r.in.max_entries = 1000;
2088 r.in.buf_size = (uint32_t)-1;
2090 status = dcerpc_samr_QueryDisplayInfo(p, mem_ctx, &r);
2091 if (!NT_STATUS_IS_OK(status)) {
2092 printf("QueryDisplayInfo level %u failed - %s\n",
2093 levels[i], nt_errstr(status));
2101 static BOOL test_QueryDisplayInfo2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2102 struct policy_handle *handle)
2105 struct samr_QueryDisplayInfo2 r;
2107 uint16_t levels[] = {1, 2, 3, 4, 5};
2110 for (i=0;i<ARRAY_SIZE(levels);i++) {
2111 printf("Testing QueryDisplayInfo2 level %u\n", levels[i]);
2113 r.in.handle = handle;
2114 r.in.level = levels[i];
2116 r.in.max_entries = 1000;
2117 r.in.buf_size = (uint32_t)-1;
2119 status = dcerpc_samr_QueryDisplayInfo2(p, mem_ctx, &r);
2120 if (!NT_STATUS_IS_OK(status)) {
2121 printf("QueryDisplayInfo2 level %u failed - %s\n",
2122 levels[i], nt_errstr(status));
2130 static BOOL test_QueryDisplayInfo3(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2131 struct policy_handle *handle)
2134 struct samr_QueryDisplayInfo3 r;
2136 uint16_t levels[] = {1, 2, 3, 4, 5};
2139 for (i=0;i<ARRAY_SIZE(levels);i++) {
2140 printf("Testing QueryDisplayInfo3 level %u\n", levels[i]);
2142 r.in.handle = handle;
2143 r.in.level = levels[i];
2145 r.in.max_entries = 1000;
2146 r.in.buf_size = (uint32_t)-1;
2148 status = dcerpc_samr_QueryDisplayInfo3(p, mem_ctx, &r);
2149 if (!NT_STATUS_IS_OK(status)) {
2150 printf("QueryDisplayInfo3 level %u failed - %s\n",
2151 levels[i], nt_errstr(status));
2159 static BOOL test_QueryDomainInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2160 struct policy_handle *handle)
2163 struct samr_QueryDomainInfo r;
2164 struct samr_SetDomainInfo s;
2165 uint16_t levels[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 11, 12, 13};
2166 uint16_t set_ok[] = {1, 0, 1, 1, 0, 1, 1, 0, 1, 0, 1, 0};
2170 for (i=0;i<ARRAY_SIZE(levels);i++) {
2171 printf("Testing QueryDomainInfo level %u\n", levels[i]);
2173 r.in.handle = handle;
2174 r.in.level = levels[i];
2176 status = dcerpc_samr_QueryDomainInfo(p, mem_ctx, &r);
2177 if (!NT_STATUS_IS_OK(status)) {
2178 printf("QueryDomainInfo level %u failed - %s\n",
2179 r.in.level, nt_errstr(status));
2184 printf("Testing SetDomainInfo level %u\n", levels[i]);
2186 s.in.handle = handle;
2187 s.in.level = levels[i];
2188 s.in.info = r.out.info;
2190 status = dcerpc_samr_SetDomainInfo(p, mem_ctx, &s);
2192 if (!NT_STATUS_IS_OK(status)) {
2193 printf("SetDomainInfo level %u failed - %s\n",
2194 r.in.level, nt_errstr(status));
2199 if (!NT_STATUS_EQUAL(NT_STATUS_INVALID_INFO_CLASS, status)) {
2200 printf("SetDomainInfo level %u gave %s - should have been NT_STATUS_INVALID_INFO_CLASS\n",
2201 r.in.level, nt_errstr(status));
2207 status = dcerpc_samr_QueryDomainInfo(p, mem_ctx, &r);
2208 if (!NT_STATUS_IS_OK(status)) {
2209 printf("QueryDomainInfo level %u failed - %s\n",
2210 r.in.level, nt_errstr(status));
2220 static BOOL test_QueryDomainInfo2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2221 struct policy_handle *handle)
2224 struct samr_QueryDomainInfo2 r;
2225 uint16_t levels[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 11, 12, 13};
2229 for (i=0;i<ARRAY_SIZE(levels);i++) {
2230 printf("Testing QueryDomainInfo2 level %u\n", levels[i]);
2232 r.in.handle = handle;
2233 r.in.level = levels[i];
2235 status = dcerpc_samr_QueryDomainInfo2(p, mem_ctx, &r);
2236 if (!NT_STATUS_IS_OK(status)) {
2237 printf("QueryDomainInfo2 level %u failed - %s\n",
2238 r.in.level, nt_errstr(status));
2247 void add_string_to_array(TALLOC_CTX *mem_ctx,
2248 const char *str, const char ***strings, int *num)
2250 *strings = talloc_realloc(mem_ctx, *strings,
2251 ((*num)+1) * sizeof(**strings));
2253 if (*strings == NULL)
2256 (*strings)[*num] = str;
2262 /* Test whether querydispinfo level 5 and enumdomgroups return the same
2263 set of group names. */
2264 static BOOL test_GroupList(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2265 struct policy_handle *handle)
2267 struct samr_EnumDomainGroups q1;
2268 struct samr_QueryDisplayInfo q2;
2270 uint32_t resume_handle=0;
2275 const char **names = NULL;
2277 printf("Testing coherency of querydispinfo vs enumdomgroups\n");
2279 q1.in.handle = handle;
2280 q1.in.resume_handle = &resume_handle;
2282 q1.out.resume_handle = &resume_handle;
2284 status = STATUS_MORE_ENTRIES;
2285 while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
2286 status = dcerpc_samr_EnumDomainGroups(p, mem_ctx, &q1);
2288 if (!NT_STATUS_IS_OK(status) &&
2289 !NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES))
2292 for (i=0; i<q1.out.sam->count; i++) {
2293 add_string_to_array(mem_ctx,
2294 q1.out.sam->entries[i].name.name,
2295 &names, &num_names);
2299 if (!NT_STATUS_IS_OK(status)) {
2300 printf("EnumDomainGroups failed - %s\n", nt_errstr(status));
2308 q2.in.handle = handle;
2310 q2.in.start_idx = 0;
2311 q2.in.max_entries = 5;
2312 q2.in.buf_size = (uint32_t)-1;
2314 status = STATUS_MORE_ENTRIES;
2315 while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
2316 status = dcerpc_samr_QueryDisplayInfo(p, mem_ctx, &q2);
2318 if (!NT_STATUS_IS_OK(status) &&
2319 !NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES))
2322 for (i=0; i<q2.out.info.info5.count; i++) {
2328 /* Querydisplayinfo returns ascii -- convert */
2330 namelen = convert_string_allocate(CH_DISPLAY, CH_UNIX,
2331 q2.out.info.info5.entries[i].account_name.name,
2332 q2.out.info.info5.entries[i].account_name.name_len,
2334 name = realloc(name, namelen+1);
2337 for (j=0; j<num_names; j++) {
2338 if (names[j] == NULL)
2340 /* Hmm. No strequal in samba4 */
2341 if (strequal(names[j], name)) {
2349 printf("QueryDisplayInfo gave name [%s] that EnumDomainGroups did not\n",
2354 q2.in.start_idx += q2.out.info.info5.count;
2357 if (!NT_STATUS_IS_OK(status)) {
2358 printf("QueryDisplayInfo level 5 failed - %s\n",
2363 for (i=0; i<num_names; i++) {
2364 if (names[i] != NULL) {
2365 printf("EnumDomainGroups gave name [%s] that QueryDisplayInfo did not\n",
2374 static BOOL test_DeleteDomainGroup(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2375 struct policy_handle *group_handle)
2377 struct samr_DeleteDomainGroup d;
2381 printf("Testing DeleteDomainGroup\n");
2383 d.in.handle = group_handle;
2384 d.out.handle = group_handle;
2386 status = dcerpc_samr_DeleteDomainGroup(p, mem_ctx, &d);
2387 if (!NT_STATUS_IS_OK(status)) {
2388 printf("DeleteDomainGroup failed - %s\n", nt_errstr(status));
2395 static BOOL test_TestPrivateFunctionsDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2396 struct policy_handle *domain_handle)
2398 struct samr_TestPrivateFunctionsDomain r;
2402 printf("Testing TestPrivateFunctionsDomain\n");
2404 r.in.handle = domain_handle;
2406 status = dcerpc_samr_TestPrivateFunctionsDomain(p, mem_ctx, &r);
2407 if (!NT_STATUS_EQUAL(NT_STATUS_NOT_IMPLEMENTED, status)) {
2408 printf("TestPrivateFunctionsDomain failed - %s\n", nt_errstr(status));
2415 static BOOL test_RidToSid(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2416 struct policy_handle *domain_handle)
2418 struct samr_RidToSid r;
2422 printf("Testing RidToSid\n");
2424 r.in.handle = domain_handle;
2427 status = dcerpc_samr_RidToSid(p, mem_ctx, &r);
2428 if (!NT_STATUS_IS_OK(status)) {
2429 printf("RidToSid failed - %s\n", nt_errstr(status));
2436 static BOOL test_GetBootKeyInformation(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2437 struct policy_handle *domain_handle)
2439 struct samr_GetBootKeyInformation r;
2443 printf("Testing GetBootKeyInformation\n");
2445 r.in.handle = domain_handle;
2447 status = dcerpc_samr_GetBootKeyInformation(p, mem_ctx, &r);
2448 if (!NT_STATUS_IS_OK(status)) {
2449 /* w2k3 seems to fail this sometimes and pass it sometimes */
2450 printf("GetBootKeyInformation (ignored) - %s\n", nt_errstr(status));
2456 static BOOL test_AddGroupMember(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2457 struct policy_handle *domain_handle,
2458 struct policy_handle *group_handle)
2461 struct samr_AddGroupMember r;
2462 struct samr_DeleteGroupMember d;
2463 struct samr_QueryGroupMember q;
2464 struct samr_SetMemberAttributesOfGroup s;
2468 status = test_LookupName(p, mem_ctx, domain_handle, TEST_USERNAME, &rid);
2469 if (!NT_STATUS_IS_OK(status)) {
2473 r.in.handle = group_handle;
2475 r.in.flags = 0; /* ??? */
2477 printf("Testing AddGroupMember and DeleteGroupMember\n");
2479 d.in.handle = group_handle;
2482 status = dcerpc_samr_DeleteGroupMember(p, mem_ctx, &d);
2483 if (!NT_STATUS_EQUAL(NT_STATUS_MEMBER_NOT_IN_GROUP, status)) {
2484 printf("DeleteGroupMember gave %s - should be NT_STATUS_MEMBER_NOT_IN_GROUP\n",
2489 status = dcerpc_samr_AddGroupMember(p, mem_ctx, &r);
2490 if (!NT_STATUS_IS_OK(status)) {
2491 printf("AddGroupMember failed - %s\n", nt_errstr(status));
2495 status = dcerpc_samr_AddGroupMember(p, mem_ctx, &r);
2496 if (!NT_STATUS_EQUAL(NT_STATUS_MEMBER_IN_GROUP, status)) {
2497 printf("AddGroupMember gave %s - should be NT_STATUS_MEMBER_IN_GROUP\n",
2502 /* this one is quite strange. I am using random inputs in the
2503 hope of triggering an error that might give us a clue */
2504 s.in.handle = group_handle;
2505 s.in.unknown1 = random();
2506 s.in.unknown2 = random();
2508 status = dcerpc_samr_SetMemberAttributesOfGroup(p, mem_ctx, &s);
2509 if (!NT_STATUS_IS_OK(status)) {
2510 printf("SetMemberAttributesOfGroup failed - %s\n", nt_errstr(status));
2514 q.in.handle = group_handle;
2516 status = dcerpc_samr_QueryGroupMember(p, mem_ctx, &q);
2517 if (!NT_STATUS_IS_OK(status)) {
2518 printf("QueryGroupMember failed - %s\n", nt_errstr(status));
2522 status = dcerpc_samr_DeleteGroupMember(p, mem_ctx, &d);
2523 if (!NT_STATUS_IS_OK(status)) {
2524 printf("DeleteGroupMember failed - %s\n", nt_errstr(status));
2528 status = dcerpc_samr_AddGroupMember(p, mem_ctx, &r);
2529 if (!NT_STATUS_IS_OK(status)) {
2530 printf("AddGroupMember failed - %s\n", nt_errstr(status));
2538 static BOOL test_CreateDomainGroup(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2539 struct policy_handle *domain_handle, struct policy_handle *group_handle)
2542 struct samr_CreateDomainGroup r;
2544 struct samr_Name name;
2547 init_samr_Name(&name, TEST_GROUPNAME);
2549 r.in.handle = domain_handle;
2551 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
2552 r.out.group_handle = group_handle;
2555 printf("Testing CreateDomainGroup(%s)\n", r.in.name->name);
2557 status = dcerpc_samr_CreateDomainGroup(p, mem_ctx, &r);
2559 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
2560 printf("Server refused create of '%s'\n", r.in.name->name);
2561 ZERO_STRUCTP(group_handle);
2565 if (NT_STATUS_EQUAL(status, NT_STATUS_GROUP_EXISTS) ||
2566 NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
2567 if (!test_DeleteGroup_byname(p, mem_ctx, domain_handle, r.in.name->name)) {
2570 status = dcerpc_samr_CreateDomainGroup(p, mem_ctx, &r);
2572 if (!NT_STATUS_IS_OK(status)) {
2573 printf("CreateDomainGroup failed - %s\n", nt_errstr(status));
2577 if (!test_AddGroupMember(p, mem_ctx, domain_handle, group_handle)) {
2581 if (!test_SetGroupInfo(p, mem_ctx, group_handle)) {
2590 its not totally clear what this does. It seems to accept any sid you like.
2592 static BOOL test_RemoveMemberFromForeignDomain(struct dcerpc_pipe *p,
2593 TALLOC_CTX *mem_ctx,
2594 struct policy_handle *domain_handle)
2597 struct samr_RemoveMemberFromForeignDomain r;
2599 r.in.handle = domain_handle;
2600 r.in.sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-12-34-56-78-9");
2602 status = dcerpc_samr_RemoveMemberFromForeignDomain(p, mem_ctx, &r);
2603 if (!NT_STATUS_IS_OK(status)) {
2604 printf("RemoveMemberFromForeignDomain failed - %s\n", nt_errstr(status));
2614 static BOOL test_OpenDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2615 struct policy_handle *handle, struct dom_sid *sid)
2618 struct samr_OpenDomain r;
2619 struct policy_handle domain_handle;
2620 struct policy_handle user_handle;
2621 struct policy_handle alias_handle;
2622 struct policy_handle group_handle;
2625 ZERO_STRUCT(user_handle);
2626 ZERO_STRUCT(alias_handle);
2627 ZERO_STRUCT(group_handle);
2628 ZERO_STRUCT(domain_handle);
2630 printf("Testing OpenDomain\n");
2632 r.in.handle = handle;
2633 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
2635 r.out.domain_handle = &domain_handle;
2637 status = dcerpc_samr_OpenDomain(p, mem_ctx, &r);
2638 if (!NT_STATUS_IS_OK(status)) {
2639 printf("OpenDomain failed - %s\n", nt_errstr(status));
2643 if (!test_QuerySecurity(p, mem_ctx, &domain_handle)) {
2647 if (!test_RemoveMemberFromForeignDomain(p, mem_ctx, &domain_handle)) {
2651 if (!test_CreateUser2(p, mem_ctx, &domain_handle)) {
2655 if (!test_CreateUser(p, mem_ctx, &domain_handle, &user_handle)) {
2659 if (!test_CreateAlias(p, mem_ctx, &domain_handle, &alias_handle, sid)) {
2663 if (!test_CreateDomainGroup(p, mem_ctx, &domain_handle, &group_handle)) {
2667 if (!test_QueryDomainInfo(p, mem_ctx, &domain_handle)) {
2671 if (!test_QueryDomainInfo2(p, mem_ctx, &domain_handle)) {
2675 if (!test_EnumDomainUsers(p, mem_ctx, &domain_handle)) {
2679 if (!test_EnumDomainGroups(p, mem_ctx, &domain_handle)) {
2683 if (!test_EnumDomainAliases(p, mem_ctx, &domain_handle)) {
2687 if (!test_QueryDisplayInfo(p, mem_ctx, &domain_handle)) {
2691 if (!test_QueryDisplayInfo2(p, mem_ctx, &domain_handle)) {
2695 if (!test_QueryDisplayInfo3(p, mem_ctx, &domain_handle)) {
2699 if (!test_GetDisplayEnumerationIndex(p, mem_ctx, &domain_handle)) {
2703 if (!test_GetDisplayEnumerationIndex2(p, mem_ctx, &domain_handle)) {
2707 if (!test_GroupList(p, mem_ctx, &domain_handle)) {
2711 if (!test_TestPrivateFunctionsDomain(p, mem_ctx, &domain_handle)) {
2715 if (!test_RidToSid(p, mem_ctx, &domain_handle)) {
2719 if (!test_GetBootKeyInformation(p, mem_ctx, &domain_handle)) {
2723 if (!policy_handle_empty(&user_handle) &&
2724 !test_DeleteUser(p, mem_ctx, &user_handle)) {
2728 if (!policy_handle_empty(&alias_handle) &&
2729 !test_DeleteAlias(p, mem_ctx, &alias_handle)) {
2733 if (!policy_handle_empty(&group_handle) &&
2734 !test_DeleteDomainGroup(p, mem_ctx, &group_handle)) {
2738 if (!test_Close(p, mem_ctx, &domain_handle)) {
2745 static BOOL test_LookupDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2746 struct policy_handle *handle, struct samr_Name *domain)
2749 struct samr_LookupDomain r;
2750 struct samr_Name n2;
2753 printf("Testing LookupDomain(%s)\n", domain->name);
2755 /* check for correct error codes */
2756 r.in.handle = handle;
2760 status = dcerpc_samr_LookupDomain(p, mem_ctx, &r);
2761 if (!NT_STATUS_EQUAL(NT_STATUS_INVALID_PARAMETER, status)) {
2762 printf("failed: LookupDomain expected NT_STATUS_INVALID_PARAMETER - %s\n", nt_errstr(status));
2766 n2.name = "xxNODOMAINxx";
2768 status = dcerpc_samr_LookupDomain(p, mem_ctx, &r);
2769 if (!NT_STATUS_EQUAL(NT_STATUS_NO_SUCH_DOMAIN, status)) {
2770 printf("failed: LookupDomain expected NT_STATUS_NO_SUCH_DOMAIN - %s\n", nt_errstr(status));
2774 r.in.handle = handle;
2775 r.in.domain = domain;
2777 status = dcerpc_samr_LookupDomain(p, mem_ctx, &r);
2778 if (!NT_STATUS_IS_OK(status)) {
2779 printf("LookupDomain failed - %s\n", nt_errstr(status));
2783 if (!test_GetDomPwInfo(p, mem_ctx, domain)) {
2787 if (!test_OpenDomain(p, mem_ctx, handle, r.out.sid)) {
2795 static BOOL test_EnumDomains(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2796 struct policy_handle *handle)
2799 struct samr_EnumDomains r;
2800 uint32_t resume_handle = 0;
2804 r.in.handle = handle;
2805 r.in.resume_handle = &resume_handle;
2806 r.in.buf_size = (uint32_t)-1;
2807 r.out.resume_handle = &resume_handle;
2809 status = dcerpc_samr_EnumDomains(p, mem_ctx, &r);
2810 if (!NT_STATUS_IS_OK(status)) {
2811 printf("EnumDomains failed - %s\n", nt_errstr(status));
2819 for (i=0;i<r.out.sam->count;i++) {
2820 if (!test_LookupDomain(p, mem_ctx, handle,
2821 &r.out.sam->entries[i].name)) {
2826 status = dcerpc_samr_EnumDomains(p, mem_ctx, &r);
2827 if (!NT_STATUS_IS_OK(status)) {
2828 printf("EnumDomains failed - %s\n", nt_errstr(status));
2836 static BOOL test_Connect(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2837 struct policy_handle *handle)
2840 struct samr_Connect r;
2841 struct samr_Connect2 r2;
2842 struct samr_Connect3 r3;
2843 struct samr_Connect4 r4;
2844 struct samr_Connect5 r5;
2845 union samr_ConnectInfo info;
2848 printf("testing samr_Connect\n");
2850 r.in.system_name = 0;
2851 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
2852 r.out.handle = handle;
2854 status = dcerpc_samr_Connect(p, mem_ctx, &r);
2855 if (!NT_STATUS_IS_OK(status)) {
2856 printf("Connect failed - %s\n", nt_errstr(status));
2860 printf("testing samr_Connect2\n");
2862 r2.in.system_name = NULL;
2863 r2.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
2864 r2.out.handle = handle;
2866 status = dcerpc_samr_Connect2(p, mem_ctx, &r2);
2867 if (!NT_STATUS_IS_OK(status)) {
2868 printf("Connect2 failed - %s\n", nt_errstr(status));
2872 printf("testing samr_Connect3\n");
2874 r3.in.system_name = NULL;
2876 r3.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
2877 r3.out.handle = handle;
2879 status = dcerpc_samr_Connect3(p, mem_ctx, &r3);
2880 if (!NT_STATUS_IS_OK(status)) {
2881 printf("Connect3 failed - %s\n", nt_errstr(status));
2885 printf("testing samr_Connect4\n");
2887 r4.in.system_name = "";
2889 r4.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
2890 r4.out.handle = handle;
2892 status = dcerpc_samr_Connect4(p, mem_ctx, &r4);
2893 if (!NT_STATUS_IS_OK(status)) {
2894 printf("Connect4 failed - %s\n", nt_errstr(status));
2898 printf("testing samr_Connect5\n");
2900 info.info1.unknown1 = 0;
2901 info.info1.unknown2 = 0;
2903 r5.in.system_name = "";
2904 r5.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
2907 r5.out.info = &info;
2908 r5.out.handle = handle;
2910 status = dcerpc_samr_Connect5(p, mem_ctx, &r5);
2911 if (!NT_STATUS_IS_OK(status)) {
2912 printf("Connect5 failed - %s\n", nt_errstr(status));
2920 BOOL torture_rpc_samr(int dummy)
2923 struct dcerpc_pipe *p;
2924 TALLOC_CTX *mem_ctx;
2926 struct policy_handle handle;
2928 mem_ctx = talloc_init("torture_rpc_samr");
2930 status = torture_rpc_connection(&p,
2933 DCERPC_SAMR_VERSION);
2934 if (!NT_STATUS_IS_OK(status)) {
2938 if (!test_Connect(p, mem_ctx, &handle)) {
2942 if (!test_QuerySecurity(p, mem_ctx, &handle)) {
2946 if (!test_EnumDomains(p, mem_ctx, &handle)) {
2950 if (!test_SetDsrmPassword(p, mem_ctx, &handle)) {
2954 if (!test_Shutdown(p, mem_ctx, &handle)) {
2958 if (!test_Close(p, mem_ctx, &handle)) {
2962 talloc_destroy(mem_ctx);
2964 torture_rpc_close(p);