2 Unix SMB/CIFS implementation.
3 test suite for samr rpc operations
5 Copyright (C) Andrew Tridgell 2003
6 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2003
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25 #define TEST_USERNAME "samrtorturetest"
26 #define TEST_ALIASNAME "samrtorturetestalias"
27 #define TEST_GROUPNAME "samrtorturetestgroup"
28 #define TEST_MACHINENAME "samrtorturetestmach$"
29 #define TEST_DOMAINNAME "samrtorturetestdom$"
32 static BOOL test_QueryUserInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
33 struct policy_handle *handle);
35 static BOOL test_QueryAliasInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
36 struct policy_handle *handle);
38 static void init_samr_Name(struct samr_Name *name, const char *s)
43 static BOOL test_Close(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
44 struct policy_handle *handle)
50 r.out.handle = handle;
52 status = dcerpc_samr_Close(p, mem_ctx, &r);
53 if (!NT_STATUS_IS_OK(status)) {
54 printf("Close handle failed - %s\n", nt_errstr(status));
62 static BOOL test_QuerySecurity(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
63 struct policy_handle *handle)
66 struct samr_QuerySecurity r;
67 struct samr_SetSecurity s;
72 status = dcerpc_samr_QuerySecurity(p, mem_ctx, &r);
73 if (!NT_STATUS_IS_OK(status)) {
74 printf("QuerySecurity failed - %s\n", nt_errstr(status));
80 s.in.sdbuf = r.out.sdbuf;
82 status = dcerpc_samr_SetSecurity(p, mem_ctx, &s);
83 if (!NT_STATUS_IS_OK(status)) {
84 printf("SetSecurity failed - %s\n", nt_errstr(status));
88 status = dcerpc_samr_QuerySecurity(p, mem_ctx, &r);
89 if (!NT_STATUS_IS_OK(status)) {
90 printf("QuerySecurity failed - %s\n", nt_errstr(status));
98 static BOOL test_SetUserInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
99 struct policy_handle *handle)
102 struct samr_SetUserInfo s;
103 struct samr_QueryUserInfo q;
104 struct samr_QueryUserInfo q0;
105 union samr_UserInfo u;
108 s.in.handle = handle;
110 q.in.handle = handle;
114 #define TESTCALL(call, r) \
115 status = dcerpc_samr_ ##call(p, mem_ctx, &r); \
116 if (!NT_STATUS_IS_OK(status)) { \
117 printf(#call " level %u failed - %s (line %d)\n", \
118 r.in.level, nt_errstr(status), __LINE__); \
123 #define STRING_EQUAL(s1, s2, field) \
124 if ((s1 && !s2) || (s2 && !s1) || strcmp(s1, s2)) { \
125 printf("Failed to set %s to '%s' (line %d)\n", \
126 #field, s2, __LINE__); \
131 #define INT_EQUAL(i1, i2, field) \
133 printf("Failed to set %s to %u (line %d)\n", \
134 #field, i2, __LINE__); \
139 #define TEST_USERINFO_NAME(lvl1, field1, lvl2, field2, value, fpval) do { \
140 printf("field test %d/%s vs %d/%s\n", lvl1, #field1, lvl2, #field2); \
142 TESTCALL(QueryUserInfo, q) \
145 init_samr_Name(&u.info ## lvl1.field1, value); \
147 u.info21.fields_present = fpval; \
149 TESTCALL(SetUserInfo, s) \
150 init_samr_Name(&u.info ## lvl1.field1, ""); \
151 TESTCALL(QueryUserInfo, q); \
153 STRING_EQUAL(u.info ## lvl1.field1.name, value, field1); \
155 TESTCALL(QueryUserInfo, q) \
157 STRING_EQUAL(u.info ## lvl2.field2.name, value, field2); \
160 #define TEST_USERINFO_INT(lvl1, field1, lvl2, field2, value, fpval) do { \
161 printf("field test %d/%s vs %d/%s\n", lvl1, #field1, lvl2, #field2); \
163 TESTCALL(QueryUserInfo, q) \
166 u.info ## lvl1.field1 = value; \
168 u.info21.fields_present = fpval; \
170 TESTCALL(SetUserInfo, s) \
171 u.info ## lvl1.field1 = 0; \
172 TESTCALL(QueryUserInfo, q); \
174 INT_EQUAL(u.info ## lvl1.field1, value, field1); \
176 TESTCALL(QueryUserInfo, q) \
178 INT_EQUAL(u.info ## lvl2.field2, value, field1); \
182 do { TESTCALL(QueryUserInfo, q0) } while (0);
184 TEST_USERINFO_NAME(2, comment, 1, comment, "xx2-1 comment", 0);
185 TEST_USERINFO_NAME(2, comment, 21, comment, "xx2-21 comment", 0);
186 TEST_USERINFO_NAME(21, comment, 21, comment, "xx21-21 comment", 0x00000020);
188 TEST_USERINFO_NAME(6, full_name, 1, full_name, "xx6-1 full_name", 0);
189 TEST_USERINFO_NAME(6, full_name, 3, full_name, "xx6-3 full_name", 0);
190 TEST_USERINFO_NAME(6, full_name, 5, full_name, "xx6-5 full_name", 0);
191 TEST_USERINFO_NAME(6, full_name, 6, full_name, "xx6-6 full_name", 0);
192 TEST_USERINFO_NAME(6, full_name, 8, full_name, "xx6-8 full_name", 0);
193 TEST_USERINFO_NAME(6, full_name, 21, full_name, "xx6-21 full_name", 0);
194 TEST_USERINFO_NAME(8, full_name, 21, full_name, "xx8-21 full_name", 0);
195 TEST_USERINFO_NAME(21, full_name, 21, full_name, "xx21-21 full_name", 0x00000002);
197 TEST_USERINFO_NAME(11, logon_script, 3, logon_script, "xx11-3 logon_script", 0);
198 TEST_USERINFO_NAME(11, logon_script, 5, logon_script, "xx11-5 logon_script", 0);
199 TEST_USERINFO_NAME(11, logon_script, 21, logon_script, "xx11-21 logon_script", 0);
200 TEST_USERINFO_NAME(21, logon_script, 21, logon_script, "xx21-21 logon_script", 0x00000100);
202 TEST_USERINFO_NAME(12, profile, 3, profile, "xx12-3 profile", 0);
203 TEST_USERINFO_NAME(12, profile, 5, profile, "xx12-5 profile", 0);
204 TEST_USERINFO_NAME(12, profile, 21, profile, "xx12-21 profile", 0);
205 TEST_USERINFO_NAME(21, profile, 21, profile, "xx21-21 profile", 0x00000200);
207 TEST_USERINFO_NAME(13, description, 1, description, "xx13-1 description", 0);
208 TEST_USERINFO_NAME(13, description, 5, description, "xx13-5 description", 0);
209 TEST_USERINFO_NAME(13, description, 21, description, "xx13-21 description", 0);
210 TEST_USERINFO_NAME(21, description, 21, description, "xx21-21 description", 0x00000010);
212 TEST_USERINFO_NAME(14, workstations, 3, workstations, "14workstation3", 0);
213 TEST_USERINFO_NAME(14, workstations, 5, workstations, "14workstation4", 0);
214 TEST_USERINFO_NAME(14, workstations, 21, workstations, "14workstation21", 0);
215 TEST_USERINFO_NAME(21, workstations, 21, workstations, "21workstation21", 0x00000400);
217 TEST_USERINFO_NAME(20, callback, 21, callback, "xx20-21 callback", 0);
218 TEST_USERINFO_NAME(21, callback, 21, callback, "xx21-21 callback", 0x00200000);
220 TEST_USERINFO_INT(2, country_code, 21, country_code, __LINE__, 0);
221 TEST_USERINFO_INT(21, country_code, 21, country_code, __LINE__, 0x00400000);
222 TEST_USERINFO_INT(2, code_page, 21, code_page, __LINE__, 0);
223 TEST_USERINFO_INT(21, code_page, 21, code_page, __LINE__, 0x00800000);
225 TEST_USERINFO_INT(4, logon_hours.bitmap[3], 3, logon_hours.bitmap[3], __LINE__, 0);
226 TEST_USERINFO_INT(4, logon_hours.bitmap[3], 5, logon_hours.bitmap[3], __LINE__, 0);
227 TEST_USERINFO_INT(4, logon_hours.bitmap[3], 21, logon_hours.bitmap[3], __LINE__, 0);
228 TEST_USERINFO_INT(21, logon_hours.bitmap[3], 21, logon_hours.bitmap[3], __LINE__, 0x00002000);
231 /* these fail with win2003 - it appears you can't set the primary gid?
232 the set succeeds, but the gid isn't changed. Very weird! */
233 TEST_USERINFO_INT(9, primary_gid, 1, primary_gid, 513);
234 TEST_USERINFO_INT(9, primary_gid, 3, primary_gid, 513);
235 TEST_USERINFO_INT(9, primary_gid, 5, primary_gid, 513);
236 TEST_USERINFO_INT(9, primary_gid, 21, primary_gid, 513);
241 static BOOL test_SetAliasInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
242 struct policy_handle *handle)
245 struct samr_SetAliasInfo r;
246 struct samr_QueryAliasInfo q;
247 uint16 levels[] = {2, 3};
251 /* Ignoring switch level 1, as that includes the number of members for the alias
252 * and setting this to a wrong value might have negative consequences
255 for (i=0;i<ARRAY_SIZE(levels);i++) {
256 printf("Testing SetAliasInfo level %u\n", levels[i]);
258 r.in.handle = handle;
259 r.in.level = levels[i];
260 switch (r.in.level) {
261 case 2 : init_samr_Name(&r.in.info.name,TEST_ALIASNAME); break;
262 case 3 : init_samr_Name(&r.in.info.description,
263 "Test Description, should test I18N as well"); break;
266 status = dcerpc_samr_SetAliasInfo(p, mem_ctx, &r);
267 if (!NT_STATUS_IS_OK(status)) {
268 printf("SetAliasInfo level %u failed - %s\n",
269 levels[i], nt_errstr(status));
273 q.in.handle = handle;
274 q.in.level = levels[i];
276 status = dcerpc_samr_QueryAliasInfo(p, mem_ctx, &q);
277 if (!NT_STATUS_IS_OK(status)) {
278 printf("QueryAliasInfo level %u failed - %s\n",
279 levels[i], nt_errstr(status));
287 static BOOL test_GetGroupsForUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
288 struct policy_handle *user_handle)
290 struct samr_GetGroupsForUser r;
294 printf("testing GetGroupsForUser\n");
296 r.in.handle = user_handle;
298 status = dcerpc_samr_GetGroupsForUser(p, mem_ctx, &r);
299 if (!NT_STATUS_IS_OK(status)) {
300 printf("GetGroupsForUser failed - %s\n",nt_errstr(status));
307 static BOOL test_GetUserPwInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
308 struct policy_handle *handle)
311 struct samr_GetUserPwInfo r;
314 printf("Testing GetUserPwInfo\n");
316 r.in.handle = handle;
318 status = dcerpc_samr_GetUserPwInfo(p, mem_ctx, &r);
319 if (!NT_STATUS_IS_OK(status)) {
320 printf("GetUserPwInfo failed - %s\n", nt_errstr(status));
327 static BOOL test_GetMembersInAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
328 struct policy_handle *alias_handle)
330 struct samr_GetMembersInAlias r;
331 struct lsa_SidArray sids;
335 printf("Testing GetMembersInAlias\n");
337 r.in.handle = alias_handle;
340 status = dcerpc_samr_GetMembersInAlias(p, mem_ctx, &r);
341 if (!NT_STATUS_IS_OK(status)) {
342 printf("GetMembersInAlias failed - %s\n",
350 static BOOL test_AddMemberToAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
351 struct policy_handle *alias_handle,
352 struct policy_handle *domain_handle,
353 const struct dom_sid *domain_sid)
355 struct samr_AddAliasMem r;
356 struct samr_DelAliasMem d;
361 sid = dom_sid_add_rid(mem_ctx, domain_sid, 512);
363 printf("testing AddAliasMem\n");
364 r.in.handle = alias_handle;
367 status = dcerpc_samr_AddAliasMem(p, mem_ctx, &r);
368 if (!NT_STATUS_IS_OK(status)) {
369 printf("AddAliasMem failed - %s\n", nt_errstr(status));
373 d.in.handle = alias_handle;
376 status = dcerpc_samr_DelAliasMem(p, mem_ctx, &d);
377 if (!NT_STATUS_IS_OK(status)) {
378 printf("DelAliasMem failed - %s\n", nt_errstr(status));
385 static BOOL test_user_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
386 struct policy_handle *handle)
390 if (!test_QuerySecurity(p, mem_ctx, handle)) {
394 if (!test_QueryUserInfo(p, mem_ctx, handle)) {
398 if (!test_SetUserInfo(p, mem_ctx, handle)) {
402 if (!test_GetUserPwInfo(p, mem_ctx, handle)) {
409 static BOOL test_alias_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
410 struct policy_handle *alias_handle,
411 struct policy_handle *domain_handle,
412 const struct dom_sid *domain_sid)
416 if (!test_QuerySecurity(p, mem_ctx, alias_handle)) {
420 if (!test_QueryAliasInfo(p, mem_ctx, alias_handle)) {
424 if (!test_SetAliasInfo(p, mem_ctx, alias_handle)) {
428 if (!test_AddMemberToAlias(p, mem_ctx, alias_handle,
429 domain_handle, domain_sid)) {
436 static BOOL test_DeleteUser_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
437 struct policy_handle *handle, const char *name)
440 struct samr_LookupNames n;
441 struct samr_OpenUser r;
442 struct samr_DeleteUser d;
443 struct policy_handle acct_handle;
444 struct samr_Name sname;
446 init_samr_Name(&sname, name);
448 n.in.handle = handle;
451 status = dcerpc_samr_LookupNames(p, mem_ctx, &n);
452 if (!NT_STATUS_IS_OK(status)) {
456 r.in.handle = handle;
457 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
458 r.in.rid = n.out.rids.ids[0];
459 r.out.acct_handle = &acct_handle;
460 status = dcerpc_samr_OpenUser(p, mem_ctx, &r);
461 if (!NT_STATUS_IS_OK(status)) {
465 d.in.handle = &acct_handle;
466 d.out.handle = &acct_handle;
467 status = dcerpc_samr_DeleteUser(p, mem_ctx, &d);
468 if (!NT_STATUS_IS_OK(status)) {
475 printf("DeleteUser_byname(%s) failed - %s\n", name, nt_errstr(status));
480 static BOOL test_DeleteGroup_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
481 struct policy_handle *handle, const char *name)
484 struct samr_LookupNames n;
485 struct samr_OpenGroup r;
486 struct samr_DeleteDomainGroup d;
487 struct policy_handle group_handle;
488 struct samr_Name sname;
490 init_samr_Name(&sname, name);
492 n.in.handle = handle;
495 status = dcerpc_samr_LookupNames(p, mem_ctx, &n);
496 if (!NT_STATUS_IS_OK(status)) {
500 r.in.handle = handle;
501 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
502 r.in.rid = n.out.rids.ids[0];
503 r.out.acct_handle = &group_handle;
504 status = dcerpc_samr_OpenGroup(p, mem_ctx, &r);
505 if (!NT_STATUS_IS_OK(status)) {
509 d.in.handle = &group_handle;
510 d.out.handle = &group_handle;
511 status = dcerpc_samr_DeleteDomainGroup(p, mem_ctx, &d);
512 if (!NT_STATUS_IS_OK(status)) {
519 printf("DeleteGroup_byname(%s) failed - %s\n", name, nt_errstr(status));
524 static BOOL test_DeleteAlias_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
525 struct policy_handle *domain_handle, const char *name)
528 struct samr_LookupNames n;
529 struct samr_OpenAlias r;
530 struct samr_DeleteDomAlias d;
531 struct policy_handle alias_handle;
532 struct samr_Name sname;
534 printf("testing DeleteAlias_byname\n");
535 init_samr_Name(&sname, name);
537 n.in.handle = domain_handle;
540 status = dcerpc_samr_LookupNames(p, mem_ctx, &n);
541 if (!NT_STATUS_IS_OK(status)) {
545 r.in.handle = domain_handle;
546 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
547 r.in.rid = n.out.rids.ids[0];
548 r.out.acct_handle = &alias_handle;
549 status = dcerpc_samr_OpenAlias(p, mem_ctx, &r);
550 if (!NT_STATUS_IS_OK(status)) {
554 d.in.handle = &alias_handle;
555 d.out.handle = &alias_handle;
556 status = dcerpc_samr_DeleteDomAlias(p, mem_ctx, &d);
557 if (!NT_STATUS_IS_OK(status)) {
564 printf("DeleteUser_byname(%s) failed - %s\n", name, nt_errstr(status));
568 static BOOL test_DeleteAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
569 struct policy_handle *alias_handle)
571 struct samr_DeleteDomAlias d;
574 printf("Testing DeleteAlias\n");
576 d.in.handle = alias_handle;
577 d.out.handle = alias_handle;
579 status = dcerpc_samr_DeleteDomAlias(p, mem_ctx, &d);
580 if (!NT_STATUS_IS_OK(status)) {
581 printf("DeleteAlias failed - %s\n", nt_errstr(status));
588 static BOOL test_CreateAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
589 struct policy_handle *domain_handle,
590 struct policy_handle *alias_handle,
591 const struct dom_sid *domain_sid)
594 struct samr_CreateDomAlias r;
595 struct samr_Name name;
599 init_samr_Name(&name, TEST_ALIASNAME);
600 r.in.handle = domain_handle;
601 r.in.aliasname = &name;
602 r.in.access_mask = SEC_RIGHT_MAXIMUM_ALLOWED;
603 r.out.acct_handle = alias_handle;
606 printf("Testing CreateAlias (%s)\n", r.in.aliasname->name);
608 status = dcerpc_samr_CreateDomAlias(p, mem_ctx, &r);
610 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
611 printf("Server refused create of '%s'\n", r.in.aliasname->name);
615 if (NT_STATUS_EQUAL(status, NT_STATUS_ALIAS_EXISTS)) {
616 if (!test_DeleteAlias_byname(p, mem_ctx, domain_handle, r.in.aliasname->name)) {
619 status = dcerpc_samr_CreateDomAlias(p, mem_ctx, &r);
622 if (!NT_STATUS_IS_OK(status)) {
623 printf("CreateAlias failed - %s\n", nt_errstr(status));
627 if (!test_alias_ops(p, mem_ctx, alias_handle, domain_handle, domain_sid)) {
634 static BOOL test_CreateUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
635 struct policy_handle *domain_handle, struct policy_handle *user_handle)
638 struct samr_CreateUser r;
639 struct samr_QueryUserInfo q;
642 /* This call creates a 'normal' account - check that it really does */
643 const uint32 acct_flags = ACB_NORMAL;
644 struct samr_Name name;
647 init_samr_Name(&name, TEST_USERNAME);
649 r.in.handle = domain_handle;
650 r.in.username = &name;
651 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
652 r.out.acct_handle = user_handle;
655 printf("Testing CreateUser(%s)\n", r.in.username->name);
657 status = dcerpc_samr_CreateUser(p, mem_ctx, &r);
659 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
660 printf("Server refused create of '%s'\n", r.in.username->name);
661 ZERO_STRUCTP(user_handle);
665 if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
666 if (!test_DeleteUser_byname(p, mem_ctx, domain_handle, r.in.username->name)) {
669 status = dcerpc_samr_CreateUser(p, mem_ctx, &r);
671 if (!NT_STATUS_IS_OK(status)) {
672 printf("CreateUser failed - %s\n", nt_errstr(status));
677 q.in.handle = user_handle;
680 status = dcerpc_samr_QueryUserInfo(p, mem_ctx, &q);
681 if (!NT_STATUS_IS_OK(status)) {
682 printf("QueryUserInfo level %u failed - %s\n",
683 q.in.level, nt_errstr(status));
686 if ((q.out.info->info16.acct_flags & acct_flags) != acct_flags) {
687 printf("QuerUserInfo level 16 failed, it returned 0x%08x (%u) when we expected flags of 0x%08x (%u)\n",
688 q.out.info->info16.acct_flags, q.out.info->info16.acct_flags,
689 acct_flags, acct_flags);
694 if (!test_user_ops(p, mem_ctx, user_handle)) {
702 static BOOL test_DeleteUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
703 struct policy_handle *user_handle)
705 struct samr_DeleteUser d;
709 printf("Testing DeleteUser\n");
711 d.in.handle = user_handle;
712 d.out.handle = user_handle;
714 status = dcerpc_samr_DeleteUser(p, mem_ctx, &d);
715 if (!NT_STATUS_IS_OK(status)) {
716 printf("DeleteUser failed - %s\n", nt_errstr(status));
723 static BOOL test_CreateUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
724 struct policy_handle *handle)
727 struct samr_CreateUser2 r;
728 struct samr_QueryUserInfo q;
729 struct samr_DeleteUser d;
730 struct policy_handle acct_handle;
732 struct samr_Name name;
738 const char *account_name;
740 } account_types[] = {
741 { ACB_NORMAL, TEST_USERNAME, NT_STATUS_OK },
742 { ACB_NORMAL | ACB_DISABLED, TEST_USERNAME, NT_STATUS_INVALID_PARAMETER },
743 { ACB_NORMAL | ACB_PWNOEXP, TEST_USERNAME, NT_STATUS_INVALID_PARAMETER },
744 { ACB_WSTRUST, TEST_MACHINENAME, NT_STATUS_OK },
745 { ACB_WSTRUST | ACB_DISABLED, TEST_MACHINENAME, NT_STATUS_INVALID_PARAMETER },
746 { ACB_WSTRUST | ACB_PWNOEXP, TEST_MACHINENAME, NT_STATUS_INVALID_PARAMETER },
747 { ACB_SVRTRUST, TEST_MACHINENAME, NT_STATUS_OK },
748 { ACB_SVRTRUST | ACB_DISABLED, TEST_MACHINENAME, NT_STATUS_INVALID_PARAMETER },
749 { ACB_SVRTRUST | ACB_PWNOEXP, TEST_MACHINENAME, NT_STATUS_INVALID_PARAMETER },
750 { ACB_DOMTRUST, TEST_DOMAINNAME, NT_STATUS_OK },
751 { ACB_DOMTRUST | ACB_DISABLED, TEST_DOMAINNAME, NT_STATUS_INVALID_PARAMETER },
752 { ACB_DOMTRUST | ACB_PWNOEXP, TEST_DOMAINNAME, NT_STATUS_INVALID_PARAMETER },
753 { 0, TEST_USERNAME, NT_STATUS_INVALID_PARAMETER },
754 { ACB_DISABLED, TEST_USERNAME, NT_STATUS_INVALID_PARAMETER },
755 { 0, NULL, NT_STATUS_INVALID_PARAMETER }
758 for (i = 0; account_types[i].account_name; i++) {
759 uint32 acct_flags = account_types[i].acct_flags;
760 uint32 access_granted;
762 init_samr_Name(&name, account_types[i].account_name);
764 r.in.handle = handle;
765 r.in.username = &name;
766 r.in.acct_flags = acct_flags;
767 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
768 r.out.acct_handle = &acct_handle;
769 r.out.access_granted = &access_granted;
772 printf("Testing CreateUser2(%s)\n", r.in.username->name);
774 status = dcerpc_samr_CreateUser2(p, mem_ctx, &r);
776 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
777 printf("Server refused create of '%s'\n", r.in.username->name);
780 } else if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
781 if (!test_DeleteUser_byname(p, mem_ctx, handle, r.in.username->name)) {
784 status = dcerpc_samr_CreateUser2(p, mem_ctx, &r);
787 if (!NT_STATUS_EQUAL(status, account_types[i].nt_status)) {
788 printf("CreateUser2 failed gave incorrect error return - %s (should be %s)\n",
789 nt_errstr(status), nt_errstr(account_types[i].nt_status));
793 if (NT_STATUS_IS_OK(status)) {
794 q.in.handle = &acct_handle;
797 status = dcerpc_samr_QueryUserInfo(p, mem_ctx, &q);
798 if (!NT_STATUS_IS_OK(status)) {
799 printf("QueryUserInfo level %u failed - %s\n",
800 q.in.level, nt_errstr(status));
803 if ((q.out.info->info16.acct_flags & acct_flags) != acct_flags) {
804 printf("QuerUserInfo level 16 failed, it returned 0x%08x when we expected flags of 0x%08x\n",
805 q.out.info->info16.acct_flags,
811 if (!test_user_ops(p, mem_ctx, &acct_handle)) {
815 printf("Testing DeleteUser (createuser2 test)\n");
817 d.in.handle = &acct_handle;
818 d.out.handle = &acct_handle;
820 status = dcerpc_samr_DeleteUser(p, mem_ctx, &d);
821 if (!NT_STATUS_IS_OK(status)) {
822 printf("DeleteUser failed - %s\n", nt_errstr(status));
831 static BOOL test_QueryAliasInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
832 struct policy_handle *handle)
835 struct samr_QueryAliasInfo r;
836 uint16 levels[] = {1, 2, 3};
840 for (i=0;i<ARRAY_SIZE(levels);i++) {
841 printf("Testing QueryAliasInfo level %u\n", levels[i]);
843 r.in.handle = handle;
844 r.in.level = levels[i];
846 status = dcerpc_samr_QueryAliasInfo(p, mem_ctx, &r);
847 if (!NT_STATUS_IS_OK(status)) {
848 printf("QueryAliasInfo level %u failed - %s\n",
849 levels[i], nt_errstr(status));
857 static BOOL test_QueryGroupInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
858 struct policy_handle *handle)
861 struct samr_QueryGroupInfo r;
862 struct samr_SetGroupInfo s;
863 uint16 levels[] = {1, 2, 3, 4};
864 uint16 set_ok[] = {0, 1, 1, 1};
868 for (i=0;i<ARRAY_SIZE(levels);i++) {
869 printf("Testing QueryGroupInfo level %u\n", levels[i]);
871 r.in.handle = handle;
872 r.in.level = levels[i];
874 status = dcerpc_samr_QueryGroupInfo(p, mem_ctx, &r);
875 if (!NT_STATUS_IS_OK(status)) {
876 printf("QueryGroupInfo level %u failed - %s\n",
877 levels[i], nt_errstr(status));
881 printf("Testing SetGroupInfo level %u\n", levels[i]);
883 s.in.handle = handle;
884 s.in.level = levels[i];
885 s.in.info = r.out.info;
887 status = dcerpc_samr_SetGroupInfo(p, mem_ctx, &s);
889 if (!NT_STATUS_IS_OK(status)) {
890 printf("SetGroupInfo level %u failed - %s\n",
891 r.in.level, nt_errstr(status));
896 if (!NT_STATUS_EQUAL(NT_STATUS_INVALID_INFO_CLASS, status)) {
897 printf("SetGroupInfo level %u gave %s - should have been NT_STATUS_INVALID_INFO_CLASS\n",
898 r.in.level, nt_errstr(status));
908 static BOOL test_QueryUserInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
909 struct policy_handle *handle)
912 struct samr_QueryUserInfo r;
913 uint16 levels[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
914 11, 12, 13, 14, 16, 17, 20, 21};
918 for (i=0;i<ARRAY_SIZE(levels);i++) {
919 printf("Testing QueryUserInfo level %u\n", levels[i]);
921 r.in.handle = handle;
922 r.in.level = levels[i];
924 status = dcerpc_samr_QueryUserInfo(p, mem_ctx, &r);
925 if (!NT_STATUS_IS_OK(status)) {
926 printf("QueryUserInfo level %u failed - %s\n",
927 levels[i], nt_errstr(status));
935 static BOOL test_OpenUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
936 struct policy_handle *handle, uint32 rid)
939 struct samr_OpenUser r;
940 struct policy_handle acct_handle;
943 printf("Testing OpenUser(%u)\n", rid);
945 r.in.handle = handle;
946 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
948 r.out.acct_handle = &acct_handle;
950 status = dcerpc_samr_OpenUser(p, mem_ctx, &r);
951 if (!NT_STATUS_IS_OK(status)) {
952 printf("OpenUser(%u) failed - %s\n", rid, nt_errstr(status));
956 if (!test_QuerySecurity(p, mem_ctx, &acct_handle)) {
960 if (!test_QueryUserInfo(p, mem_ctx, &acct_handle)) {
964 if (!test_GetUserPwInfo(p, mem_ctx, &acct_handle)) {
968 if (!test_GetGroupsForUser(p,mem_ctx, &acct_handle)) {
972 if (!test_Close(p, mem_ctx, &acct_handle)) {
979 static BOOL test_OpenGroup(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
980 struct policy_handle *handle, uint32 rid)
983 struct samr_OpenGroup r;
984 struct policy_handle acct_handle;
987 printf("Testing OpenGroup(%u)\n", rid);
989 r.in.handle = handle;
990 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
992 r.out.acct_handle = &acct_handle;
994 status = dcerpc_samr_OpenGroup(p, mem_ctx, &r);
995 if (!NT_STATUS_IS_OK(status)) {
996 printf("OpenGroup(%u) failed - %s\n", rid, nt_errstr(status));
1000 if (!test_QuerySecurity(p, mem_ctx, &acct_handle)) {
1004 if (!test_QueryGroupInfo(p, mem_ctx, &acct_handle)) {
1008 if (!test_Close(p, mem_ctx, &acct_handle)) {
1015 static BOOL test_OpenAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1016 struct policy_handle *handle, uint32 rid)
1019 struct samr_OpenAlias r;
1020 struct policy_handle acct_handle;
1023 printf("Testing OpenAlias(%u)\n", rid);
1025 r.in.handle = handle;
1026 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
1028 r.out.acct_handle = &acct_handle;
1030 status = dcerpc_samr_OpenAlias(p, mem_ctx, &r);
1031 if (!NT_STATUS_IS_OK(status)) {
1032 printf("OpenAlias(%u) failed - %s\n", rid, nt_errstr(status));
1036 if (!test_QuerySecurity(p, mem_ctx, &acct_handle)) {
1040 if (!test_QueryAliasInfo(p, mem_ctx, &acct_handle)) {
1044 if (!test_GetMembersInAlias(p, mem_ctx, &acct_handle)) {
1048 if (!test_Close(p, mem_ctx, &acct_handle)) {
1055 static BOOL test_EnumDomainUsers(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1056 struct policy_handle *handle)
1059 struct samr_EnumDomainUsers r;
1060 uint32 resume_handle=0;
1063 struct samr_LookupNames n;
1064 struct samr_LookupRids lr ;
1066 printf("Testing EnumDomainUsers\n");
1068 r.in.handle = handle;
1069 r.in.resume_handle = &resume_handle;
1070 r.in.acct_flags = 0;
1071 r.in.max_size = (uint32)-1;
1072 r.out.resume_handle = &resume_handle;
1074 status = dcerpc_samr_EnumDomainUsers(p, mem_ctx, &r);
1075 if (!NT_STATUS_IS_OK(status)) {
1076 printf("EnumDomainUsers failed - %s\n", nt_errstr(status));
1084 if (r.out.sam->count == 0) {
1088 for (i=0;i<r.out.sam->count;i++) {
1089 if (!test_OpenUser(p, mem_ctx, handle, r.out.sam->entries[i].idx)) {
1094 printf("Testing LookupNames\n");
1095 n.in.handle = handle;
1096 n.in.num_names = r.out.sam->count;
1097 n.in.names = talloc(mem_ctx, r.out.sam->count * sizeof(struct samr_Name));
1098 for (i=0;i<r.out.sam->count;i++) {
1099 n.in.names[i] = r.out.sam->entries[i].name;
1101 status = dcerpc_samr_LookupNames(p, mem_ctx, &n);
1102 if (!NT_STATUS_IS_OK(status)) {
1103 printf("LookupNames failed - %s\n", nt_errstr(status));
1108 printf("Testing LookupRids\n");
1109 lr.in.handle = handle;
1110 lr.in.num_rids = r.out.sam->count;
1111 lr.in.rids = talloc(mem_ctx, r.out.sam->count * sizeof(uint32));
1112 for (i=0;i<r.out.sam->count;i++) {
1113 lr.in.rids[i] = r.out.sam->entries[i].idx;
1115 status = dcerpc_samr_LookupRids(p, mem_ctx, &lr);
1116 if (!NT_STATUS_IS_OK(status)) {
1117 printf("LookupRids failed - %s\n", nt_errstr(status));
1124 static BOOL test_EnumDomainGroups(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1125 struct policy_handle *handle)
1128 struct samr_EnumDomainGroups r;
1129 uint32 resume_handle=0;
1133 printf("Testing EnumDomainGroups\n");
1135 r.in.handle = handle;
1136 r.in.resume_handle = &resume_handle;
1137 r.in.max_size = (uint32)-1;
1138 r.out.resume_handle = &resume_handle;
1140 status = dcerpc_samr_EnumDomainGroups(p, mem_ctx, &r);
1141 if (!NT_STATUS_IS_OK(status)) {
1142 printf("EnumDomainGroups failed - %s\n", nt_errstr(status));
1150 for (i=0;i<r.out.sam->count;i++) {
1151 if (!test_OpenGroup(p, mem_ctx, handle, r.out.sam->entries[i].idx)) {
1159 static BOOL test_EnumDomainAliases(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1160 struct policy_handle *handle)
1163 struct samr_EnumDomainAliases r;
1164 uint32 resume_handle=0;
1168 printf("Testing EnumDomainAliases\n");
1170 r.in.handle = handle;
1171 r.in.resume_handle = &resume_handle;
1172 r.in.max_size = (uint32)-1;
1173 r.out.resume_handle = &resume_handle;
1175 status = dcerpc_samr_EnumDomainAliases(p, mem_ctx, &r);
1176 if (!NT_STATUS_IS_OK(status)) {
1177 printf("EnumDomainAliases failed - %s\n", nt_errstr(status));
1185 for (i=0;i<r.out.sam->count;i++) {
1186 if (!test_OpenAlias(p, mem_ctx, handle, r.out.sam->entries[i].idx)) {
1194 static BOOL test_QueryDisplayInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1195 struct policy_handle *handle)
1198 struct samr_QueryDisplayInfo r;
1200 uint16 levels[] = {1, 2, 3, 4, 5};
1203 for (i=0;i<ARRAY_SIZE(levels);i++) {
1204 printf("Testing QueryDisplayInfo level %u\n", levels[i]);
1206 r.in.handle = handle;
1207 r.in.level = levels[i];
1209 r.in.max_entries = 1000;
1210 r.in.buf_size = (uint32)-1;
1212 status = dcerpc_samr_QueryDisplayInfo(p, mem_ctx, &r);
1213 if (!NT_STATUS_IS_OK(status)) {
1214 printf("QueryDisplayInfo level %u failed - %s\n",
1215 levels[i], nt_errstr(status));
1223 static BOOL test_QueryDomainInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1224 struct policy_handle *handle)
1227 struct samr_QueryDomainInfo r;
1228 struct samr_SetDomainInfo s;
1229 uint16 levels[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 11, 12, 13};
1230 uint16 set_ok[] = {1, 0, 1, 1, 0, 1, 1, 0, 1, 0, 1, 0};
1234 for (i=0;i<ARRAY_SIZE(levels);i++) {
1235 printf("Testing QueryDomainInfo level %u\n", levels[i]);
1237 r.in.handle = handle;
1238 r.in.level = levels[i];
1240 status = dcerpc_samr_QueryDomainInfo(p, mem_ctx, &r);
1241 if (!NT_STATUS_IS_OK(status)) {
1242 printf("QueryDomainInfo level %u failed - %s\n",
1243 r.in.level, nt_errstr(status));
1248 printf("Testing SetDomainInfo level %u\n", levels[i]);
1250 s.in.handle = handle;
1251 s.in.level = levels[i];
1252 s.in.info = r.out.info;
1254 status = dcerpc_samr_SetDomainInfo(p, mem_ctx, &s);
1256 if (!NT_STATUS_IS_OK(status)) {
1257 printf("SetDomainInfo level %u failed - %s\n",
1258 r.in.level, nt_errstr(status));
1263 if (!NT_STATUS_EQUAL(NT_STATUS_INVALID_INFO_CLASS, status)) {
1264 printf("SetDomainInfo level %u gave %s - should have been NT_STATUS_INVALID_INFO_CLASS\n",
1265 r.in.level, nt_errstr(status));
1275 void add_string_to_array(TALLOC_CTX *mem_ctx,
1276 const char *str, const char ***strings, int *num)
1278 *strings = talloc_realloc(mem_ctx, *strings,
1279 ((*num)+1) * sizeof(**strings));
1281 if (*strings == NULL)
1284 (*strings)[*num] = str;
1290 /* Test whether querydispinfo level 5 and enumdomgroups return the same
1291 set of group names. */
1293 static BOOL test_GroupList(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1294 struct policy_handle *handle)
1296 struct samr_EnumDomainGroups q1;
1297 struct samr_QueryDisplayInfo q2;
1299 uint32 resume_handle=0;
1304 const char **names = NULL;
1306 printf("Testing coherency of querydispinfo vs enumdomgroups\n");
1308 q1.in.handle = handle;
1309 q1.in.resume_handle = &resume_handle;
1311 q1.out.resume_handle = &resume_handle;
1313 status = STATUS_MORE_ENTRIES;
1314 while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
1315 status = dcerpc_samr_EnumDomainGroups(p, mem_ctx, &q1);
1317 if (!NT_STATUS_IS_OK(status) &&
1318 !NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES))
1321 for (i=0; i<q1.out.sam->count; i++) {
1322 add_string_to_array(mem_ctx,
1323 q1.out.sam->entries[i].name.name,
1324 &names, &num_names);
1328 if (!NT_STATUS_IS_OK(status)) {
1329 printf("EnumDomainGroups failed - %s\n", nt_errstr(status));
1337 q2.in.handle = handle;
1339 q2.in.start_idx = 0;
1340 q2.in.max_entries = 5;
1341 q2.in.buf_size = (uint32)-1;
1343 status = STATUS_MORE_ENTRIES;
1344 while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
1345 status = dcerpc_samr_QueryDisplayInfo(p, mem_ctx, &q2);
1347 if (!NT_STATUS_IS_OK(status) &&
1348 !NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES))
1351 for (i=0; i<q2.out.info.info5.count; i++) {
1357 /* Querydisplayinfo returns ascii -- convert */
1359 namelen = convert_string_allocate(CH_DISPLAY, CH_UNIX,
1360 q2.out.info.info5.entries[i].account_name.name,
1361 q2.out.info.info5.entries[i].account_name.name_len,
1363 name = realloc(name, namelen+1);
1366 for (j=0; j<num_names; j++) {
1367 if (names[j] == NULL)
1369 /* Hmm. No strequal in samba4 */
1370 if (strequal(names[j], name)) {
1378 printf("QueryDisplayInfo gave name [%s] that EnumDomainGroups did not\n",
1383 q2.in.start_idx += q2.out.info.info5.count;
1386 if (!NT_STATUS_IS_OK(status)) {
1387 printf("QueryDisplayInfo level 5 failed - %s\n",
1392 for (i=0; i<num_names; i++) {
1393 if (names[i] != NULL) {
1394 printf("EnumDomainGroups gave name [%s] that QueryDisplayInfo did not\n",
1403 static BOOL test_DeleteDomainGroup(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1404 struct policy_handle *group_handle)
1406 struct samr_DeleteDomainGroup d;
1410 printf("Testing DeleteDomainGroup\n");
1412 d.in.handle = group_handle;
1413 d.out.handle = group_handle;
1415 status = dcerpc_samr_DeleteDomainGroup(p, mem_ctx, &d);
1416 if (!NT_STATUS_IS_OK(status)) {
1417 printf("DeleteDomainGroup failed - %s\n", nt_errstr(status));
1425 static BOOL test_CreateDomainGroup(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1426 struct policy_handle *domain_handle, struct policy_handle *group_handle)
1429 struct samr_CreateDomainGroup r;
1431 struct samr_Name name;
1434 init_samr_Name(&name, TEST_GROUPNAME);
1436 r.in.handle = domain_handle;
1438 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
1439 r.out.group_handle = group_handle;
1442 printf("Testing CreateDomainGroup(%s)\n", r.in.name->name);
1444 status = dcerpc_samr_CreateDomainGroup(p, mem_ctx, &r);
1446 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
1447 printf("Server refused create of '%s'\n", r.in.name->name);
1448 ZERO_STRUCTP(group_handle);
1452 if (NT_STATUS_EQUAL(status, NT_STATUS_GROUP_EXISTS)) {
1453 if (!test_DeleteGroup_byname(p, mem_ctx, domain_handle, r.in.name->name)) {
1456 status = dcerpc_samr_CreateDomainGroup(p, mem_ctx, &r);
1458 if (!NT_STATUS_IS_OK(status)) {
1459 printf("CreateDomainGroup failed - %s\n", nt_errstr(status));
1467 static BOOL test_OpenDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1468 struct policy_handle *handle, struct dom_sid *sid)
1471 struct samr_OpenDomain r;
1472 struct policy_handle domain_handle;
1473 struct policy_handle user_handle;
1474 struct policy_handle alias_handle;
1475 struct policy_handle group_handle;
1478 ZERO_STRUCT(user_handle);
1479 ZERO_STRUCT(alias_handle);
1481 printf("Testing OpenDomain\n");
1483 r.in.handle = handle;
1484 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
1486 r.out.domain_handle = &domain_handle;
1488 status = dcerpc_samr_OpenDomain(p, mem_ctx, &r);
1489 if (!NT_STATUS_IS_OK(status)) {
1490 printf("OpenDomain failed - %s\n", nt_errstr(status));
1494 if (!test_CreateUser2(p, mem_ctx, &domain_handle)) {
1498 if (!test_CreateUser(p, mem_ctx, &domain_handle, &user_handle)) {
1502 if (!test_CreateAlias(p, mem_ctx, &domain_handle, &alias_handle, sid)) {
1506 if (!test_CreateDomainGroup(p, mem_ctx, &domain_handle, &group_handle)) {
1510 if (!test_QuerySecurity(p, mem_ctx, &domain_handle)) {
1514 if (!test_QueryDomainInfo(p, mem_ctx, &domain_handle)) {
1518 if (!test_EnumDomainUsers(p, mem_ctx, &domain_handle)) {
1522 if (!test_EnumDomainGroups(p, mem_ctx, &domain_handle)) {
1526 if (!test_EnumDomainAliases(p, mem_ctx, &domain_handle)) {
1530 if (!test_QueryDisplayInfo(p, mem_ctx, &domain_handle)) {
1534 if (!test_GroupList(p, mem_ctx, &domain_handle)) {
1538 if (!policy_handle_empty(&user_handle) &&
1539 !test_DeleteUser(p, mem_ctx, &user_handle)) {
1543 if (!policy_handle_empty(&alias_handle) &&
1544 !test_DeleteAlias(p, mem_ctx, &alias_handle)) {
1548 if (!policy_handle_empty(&group_handle) &&
1549 !test_DeleteDomainGroup(p, mem_ctx, &group_handle)) {
1553 if (!test_Close(p, mem_ctx, &domain_handle)) {
1560 static BOOL test_LookupDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1561 struct policy_handle *handle, struct samr_Name *domain)
1564 struct samr_LookupDomain r;
1566 printf("Testing LookupDomain(%s)\n", domain->name);
1568 r.in.handle = handle;
1569 r.in.domain = domain;
1571 status = dcerpc_samr_LookupDomain(p, mem_ctx, &r);
1572 if (!NT_STATUS_IS_OK(status)) {
1573 printf("LookupDomain failed - %s\n", nt_errstr(status));
1577 if (!test_OpenDomain(p, mem_ctx, handle, r.out.sid)) {
1585 static BOOL test_EnumDomains(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1586 struct policy_handle *handle)
1589 struct samr_EnumDomains r;
1590 uint32 resume_handle = 0;
1594 r.in.handle = handle;
1595 r.in.resume_handle = &resume_handle;
1596 r.in.buf_size = (uint32)-1;
1597 r.out.resume_handle = &resume_handle;
1599 status = dcerpc_samr_EnumDomains(p, mem_ctx, &r);
1600 if (!NT_STATUS_IS_OK(status)) {
1601 printf("EnumDomains failed - %s\n", nt_errstr(status));
1609 for (i=0;i<r.out.sam->count;i++) {
1610 if (!test_LookupDomain(p, mem_ctx, handle,
1611 &r.out.sam->entries[i].name)) {
1620 static BOOL test_Connect(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1621 struct policy_handle *handle)
1624 struct samr_Connect r;
1625 struct samr_Connect2 r2;
1626 struct samr_Connect4 r4;
1627 struct samr_Connect5 r5;
1630 r.in.system_name = 0;
1631 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
1632 r.out.handle = handle;
1634 status = dcerpc_samr_Connect(p, mem_ctx, &r);
1635 if (!NT_STATUS_IS_OK(status)) {
1636 printf("Connect failed - %s\n", nt_errstr(status));
1640 r2.in.system_name = "";
1641 r2.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
1642 r2.out.handle = handle;
1644 status = dcerpc_samr_Connect2(p, mem_ctx, &r2);
1645 if (!NT_STATUS_IS_OK(status)) {
1646 printf("Connect2 failed - %s\n", nt_errstr(status));
1650 r4.in.system_name = "";
1652 r4.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
1653 r4.out.handle = handle;
1655 status = dcerpc_samr_Connect4(p, mem_ctx, &r4);
1656 if (!NT_STATUS_IS_OK(status)) {
1657 printf("Connect4 failed - %s\n", nt_errstr(status));
1661 r5.in.system_name = "";
1662 r5.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
1663 r5.in.unknown0 = 1; /*Magic values I took from a WinXP pro workstation */
1664 r5.in.unknown1 = 1; /*tests failed with NT_STATUS_NET_WRITE_FAULT if */
1665 r5.in.unknown2 = 3; /*unknown0 and unknown1 where something other than 1 */
1666 r5.in.unknown3 = 0; /*unkown2 and unknown3 could be varied and had no effect */
1667 r5.out.handle = handle;
1669 status = dcerpc_samr_Connect5(p, mem_ctx, &r5);
1670 if (!NT_STATUS_IS_OK(status)) {
1671 /*This fails for a Win2000pro machine, but succeeds for
1674 printf("Connect5 failed - %s\n", nt_errstr(status));
1675 /*ret = False; Should this test fail? */
1682 BOOL torture_rpc_samr(int dummy)
1685 struct dcerpc_pipe *p;
1686 TALLOC_CTX *mem_ctx;
1688 struct policy_handle handle;
1690 mem_ctx = talloc_init("torture_rpc_samr");
1692 status = torture_rpc_connection(&p,
1695 DCERPC_SAMR_VERSION);
1696 if (!NT_STATUS_IS_OK(status)) {
1700 if (!test_Connect(p, mem_ctx, &handle)) {
1704 if (!test_QuerySecurity(p, mem_ctx, &handle)) {
1708 if (!test_EnumDomains(p, mem_ctx, &handle)) {
1712 if (!test_Close(p, mem_ctx, &handle)) {
1716 talloc_destroy(mem_ctx);
1718 torture_rpc_close(p);