2 Unix SMB/CIFS implementation.
3 test suite for samr rpc operations
5 Copyright (C) Andrew Tridgell 2003
6 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2003
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25 #define TEST_USERNAME "samrtorturetest"
26 #define TEST_ALIASNAME "samrtorturetestalias"
27 #define TEST_GROUPNAME "samrtorturetestgroup"
28 #define TEST_MACHINENAME "samrtorturetestmach$"
29 #define TEST_DOMAINNAME "samrtorturetestdom$"
32 static BOOL test_QueryUserInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
33 struct policy_handle *handle);
35 static BOOL test_QueryUserInfo2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
36 struct policy_handle *handle);
38 static BOOL test_QueryAliasInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
39 struct policy_handle *handle);
41 static void init_samr_Name(struct samr_Name *name, const char *s)
46 static BOOL test_Close(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
47 struct policy_handle *handle)
53 r.out.handle = handle;
55 status = dcerpc_samr_Close(p, mem_ctx, &r);
56 if (!NT_STATUS_IS_OK(status)) {
57 printf("Close handle failed - %s\n", nt_errstr(status));
64 static BOOL test_Shutdown(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
65 struct policy_handle *handle)
68 struct samr_Shutdown r;
70 if (lp_parm_int(-1, "torture", "dangerous") != 1) {
71 printf("samr_Shutdown disabled - enable dangerous tests to use\n");
77 printf("testing samr_Shutdown\n");
79 status = dcerpc_samr_Shutdown(p, mem_ctx, &r);
80 if (!NT_STATUS_IS_OK(status)) {
81 printf("samr_Shutdown failed - %s\n", nt_errstr(status));
88 static BOOL test_SetDsrmPassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
89 struct policy_handle *handle)
92 struct samr_SetDsrmPassword r;
93 struct samr_Name name;
94 struct samr_Hash hash;
96 if (lp_parm_int(-1, "torture", "dangerous") != 1) {
97 printf("samr_SetDsrmPassword disabled - enable dangerous tests to use\n");
101 E_md4hash("TeSTDSRM123", hash.hash);
103 init_samr_Name(&name, "Administrator");
109 printf("testing samr_SetDsrmPassword\n");
111 status = dcerpc_samr_SetDsrmPassword(p, mem_ctx, &r);
112 if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
113 printf("samr_SetDsrmPassword failed - %s\n", nt_errstr(status));
121 static BOOL test_QuerySecurity(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
122 struct policy_handle *handle)
125 struct samr_QuerySecurity r;
126 struct samr_SetSecurity s;
128 r.in.handle = handle;
131 status = dcerpc_samr_QuerySecurity(p, mem_ctx, &r);
132 if (!NT_STATUS_IS_OK(status)) {
133 printf("QuerySecurity failed - %s\n", nt_errstr(status));
137 s.in.handle = handle;
139 s.in.sdbuf = r.out.sdbuf;
141 status = dcerpc_samr_SetSecurity(p, mem_ctx, &s);
142 if (!NT_STATUS_IS_OK(status)) {
143 printf("SetSecurity failed - %s\n", nt_errstr(status));
147 status = dcerpc_samr_QuerySecurity(p, mem_ctx, &r);
148 if (!NT_STATUS_IS_OK(status)) {
149 printf("QuerySecurity failed - %s\n", nt_errstr(status));
157 static BOOL test_SetUserInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
158 struct policy_handle *handle)
161 struct samr_SetUserInfo s;
162 struct samr_SetUserInfo2 s2;
163 struct samr_QueryUserInfo q;
164 struct samr_QueryUserInfo q0;
165 union samr_UserInfo u;
168 s.in.handle = handle;
171 s2.in.handle = handle;
174 q.in.handle = handle;
178 #define TESTCALL(call, r) \
179 status = dcerpc_samr_ ##call(p, mem_ctx, &r); \
180 if (!NT_STATUS_IS_OK(status)) { \
181 printf(#call " level %u failed - %s (line %d)\n", \
182 r.in.level, nt_errstr(status), __LINE__); \
187 #define STRING_EQUAL(s1, s2, field) \
188 if ((s1 && !s2) || (s2 && !s1) || strcmp(s1, s2)) { \
189 printf("Failed to set %s to '%s' (line %d)\n", \
190 #field, s2, __LINE__); \
195 #define INT_EQUAL(i1, i2, field) \
197 printf("Failed to set %s to %u (line %d)\n", \
198 #field, i2, __LINE__); \
203 #define TEST_USERINFO_NAME(lvl1, field1, lvl2, field2, value, fpval) do { \
204 printf("field test %d/%s vs %d/%s\n", lvl1, #field1, lvl2, #field2); \
206 TESTCALL(QueryUserInfo, q) \
208 s2.in.level = lvl1; \
211 ZERO_STRUCT(u.info21); \
212 u.info21.fields_present = fpval; \
214 init_samr_Name(&u.info ## lvl1.field1, value); \
215 TESTCALL(SetUserInfo, s) \
216 TESTCALL(SetUserInfo2, s2) \
217 init_samr_Name(&u.info ## lvl1.field1, ""); \
218 TESTCALL(QueryUserInfo, q); \
220 STRING_EQUAL(u.info ## lvl1.field1.name, value, field1); \
222 TESTCALL(QueryUserInfo, q) \
224 STRING_EQUAL(u.info ## lvl2.field2.name, value, field2); \
227 #define TEST_USERINFO_INT(lvl1, field1, lvl2, field2, value, fpval) do { \
228 printf("field test %d/%s vs %d/%s\n", lvl1, #field1, lvl2, #field2); \
230 TESTCALL(QueryUserInfo, q) \
232 s2.in.level = lvl1; \
235 uint8 *bitmap = u.info21.logon_hours.bitmap; \
236 ZERO_STRUCT(u.info21); \
237 if (fpval == SAMR_FIELD_LOGON_HOURS) { \
238 u.info21.logon_hours.units_per_week = 168; \
239 u.info21.logon_hours.bitmap = bitmap; \
241 u.info21.fields_present = fpval; \
243 u.info ## lvl1.field1 = value; \
244 TESTCALL(SetUserInfo, s) \
245 TESTCALL(SetUserInfo2, s2) \
246 u.info ## lvl1.field1 = 0; \
247 TESTCALL(QueryUserInfo, q); \
249 INT_EQUAL(u.info ## lvl1.field1, value, field1); \
251 TESTCALL(QueryUserInfo, q) \
253 INT_EQUAL(u.info ## lvl2.field2, value, field1); \
257 do { TESTCALL(QueryUserInfo, q0) } while (0);
259 TEST_USERINFO_NAME(2, comment, 1, comment, "xx2-1 comment", 0);
260 TEST_USERINFO_NAME(2, comment, 21, comment, "xx2-21 comment", 0);
261 TEST_USERINFO_NAME(21, comment, 21, comment, "xx21-21 comment",
264 TEST_USERINFO_NAME(6, full_name, 1, full_name, "xx6-1 full_name", 0);
265 TEST_USERINFO_NAME(6, full_name, 3, full_name, "xx6-3 full_name", 0);
266 TEST_USERINFO_NAME(6, full_name, 5, full_name, "xx6-5 full_name", 0);
267 TEST_USERINFO_NAME(6, full_name, 6, full_name, "xx6-6 full_name", 0);
268 TEST_USERINFO_NAME(6, full_name, 8, full_name, "xx6-8 full_name", 0);
269 TEST_USERINFO_NAME(6, full_name, 21, full_name, "xx6-21 full_name", 0);
270 TEST_USERINFO_NAME(8, full_name, 21, full_name, "xx8-21 full_name", 0);
271 TEST_USERINFO_NAME(21, full_name, 21, full_name, "xx21-21 full_name",
274 TEST_USERINFO_NAME(11, logon_script, 3, logon_script, "xx11-3 logon_script", 0);
275 TEST_USERINFO_NAME(11, logon_script, 5, logon_script, "xx11-5 logon_script", 0);
276 TEST_USERINFO_NAME(11, logon_script, 21, logon_script, "xx11-21 logon_script", 0);
277 TEST_USERINFO_NAME(21, logon_script, 21, logon_script, "xx21-21 logon_script",
278 SAMR_FIELD_LOGON_SCRIPT);
280 TEST_USERINFO_NAME(12, profile, 3, profile, "xx12-3 profile", 0);
281 TEST_USERINFO_NAME(12, profile, 5, profile, "xx12-5 profile", 0);
282 TEST_USERINFO_NAME(12, profile, 21, profile, "xx12-21 profile", 0);
283 TEST_USERINFO_NAME(21, profile, 21, profile, "xx21-21 profile",
286 TEST_USERINFO_NAME(13, description, 1, description, "xx13-1 description", 0);
287 TEST_USERINFO_NAME(13, description, 5, description, "xx13-5 description", 0);
288 TEST_USERINFO_NAME(13, description, 21, description, "xx13-21 description", 0);
289 TEST_USERINFO_NAME(21, description, 21, description, "xx21-21 description",
290 SAMR_FIELD_DESCRIPTION);
292 TEST_USERINFO_NAME(14, workstations, 3, workstations, "14workstation3", 0);
293 TEST_USERINFO_NAME(14, workstations, 5, workstations, "14workstation4", 0);
294 TEST_USERINFO_NAME(14, workstations, 21, workstations, "14workstation21", 0);
295 TEST_USERINFO_NAME(21, workstations, 21, workstations, "21workstation21",
296 SAMR_FIELD_WORKSTATION);
298 TEST_USERINFO_NAME(20, callback, 21, callback, "xx20-21 callback", 0);
299 TEST_USERINFO_NAME(21, callback, 21, callback, "xx21-21 callback",
300 SAMR_FIELD_CALLBACK);
302 TEST_USERINFO_INT(2, country_code, 21, country_code, __LINE__, 0);
303 TEST_USERINFO_INT(21, country_code, 21, country_code, __LINE__,
304 SAMR_FIELD_COUNTRY_CODE);
306 TEST_USERINFO_INT(2, code_page, 21, code_page, __LINE__, 0);
307 TEST_USERINFO_INT(21, code_page, 21, code_page, __LINE__,
308 SAMR_FIELD_CODE_PAGE);
310 TEST_USERINFO_INT(4, logon_hours.bitmap[3], 3, logon_hours.bitmap[3], 1, 0);
311 TEST_USERINFO_INT(4, logon_hours.bitmap[3], 5, logon_hours.bitmap[3], 2, 0);
312 TEST_USERINFO_INT(4, logon_hours.bitmap[3], 21, logon_hours.bitmap[3], 3, 0);
313 TEST_USERINFO_INT(21, logon_hours.bitmap[3], 21, logon_hours.bitmap[3], 4,
314 SAMR_FIELD_LOGON_HOURS);
317 /* these fail with win2003 - it appears you can't set the primary gid?
318 the set succeeds, but the gid isn't changed. Very weird! */
319 TEST_USERINFO_INT(9, primary_gid, 1, primary_gid, 513);
320 TEST_USERINFO_INT(9, primary_gid, 3, primary_gid, 513);
321 TEST_USERINFO_INT(9, primary_gid, 5, primary_gid, 513);
322 TEST_USERINFO_INT(9, primary_gid, 21, primary_gid, 513);
328 generate a random password for password change tests
330 static char *samr_rand_pass(TALLOC_CTX *mem_ctx)
332 size_t len = 8 + (random() % 6);
333 char *s = generate_random_str(mem_ctx, len);
334 printf("Generated password '%s'\n", s);
338 static BOOL test_SetUserPass(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
339 struct policy_handle *handle, char **password)
342 struct samr_SetUserInfo s;
343 union samr_UserInfo u;
345 DATA_BLOB session_key;
346 char *newpass = samr_rand_pass(mem_ctx);
348 s.in.handle = handle;
352 encode_pw_buffer(u.info24.password.data, newpass, STR_UNICODE);
353 /* w2k3 ignores this length */
354 u.info24.pw_len = str_charnum(newpass)*2;
356 status = dcerpc_fetch_session_key(p, &session_key);
357 if (!NT_STATUS_IS_OK(status)) {
358 printf("SetUserInfo level %u - no session key - %s\n",
359 s.in.level, nt_errstr(status));
363 SamOEMhashBlob(u.info24.password.data, 516, &session_key);
365 printf("Testing SetUserInfo level 24 (set password)\n");
367 status = dcerpc_samr_SetUserInfo(p, mem_ctx, &s);
368 if (!NT_STATUS_IS_OK(status)) {
369 printf("SetUserInfo level %u failed - %s\n",
370 s.in.level, nt_errstr(status));
380 static BOOL test_SetUserPass_23(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
381 struct policy_handle *handle, char **password)
384 struct samr_SetUserInfo s;
385 union samr_UserInfo u;
387 DATA_BLOB session_key;
388 char *newpass = samr_rand_pass(mem_ctx);
390 s.in.handle = handle;
396 u.info23.info.fields_present = SAMR_FIELD_PASSWORD;
398 encode_pw_buffer(u.info23.password.data, newpass, STR_UNICODE);
400 status = dcerpc_fetch_session_key(p, &session_key);
401 if (!NT_STATUS_IS_OK(status)) {
402 printf("SetUserInfo level %u - no session key - %s\n",
403 s.in.level, nt_errstr(status));
407 SamOEMhashBlob(u.info23.password.data, 516, &session_key);
409 printf("Testing SetUserInfo level 23 (set password)\n");
411 status = dcerpc_samr_SetUserInfo(p, mem_ctx, &s);
412 if (!NT_STATUS_IS_OK(status)) {
413 printf("SetUserInfo level %u failed - %s\n",
414 s.in.level, nt_errstr(status));
424 static BOOL test_SetUserPassEx(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
425 struct policy_handle *handle, char **password)
428 struct samr_SetUserInfo s;
429 union samr_UserInfo u;
431 DATA_BLOB session_key;
432 DATA_BLOB confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16);
433 uint8 confounder[16];
434 char *newpass = samr_rand_pass(mem_ctx);
435 struct MD5Context ctx;
437 s.in.handle = handle;
441 encode_pw_buffer(u.info26.password.data, newpass, STR_UNICODE);
442 u.info26.pw_len = strlen(newpass);
444 status = dcerpc_fetch_session_key(p, &session_key);
445 if (!NT_STATUS_IS_OK(status)) {
446 printf("SetUserInfo level %u - no session key - %s\n",
447 s.in.level, nt_errstr(status));
451 generate_random_buffer((unsigned char *)confounder, 16, False);
454 MD5Update(&ctx, confounder, 16);
455 MD5Update(&ctx, session_key.data, session_key.length);
456 MD5Final(confounded_session_key.data, &ctx);
458 SamOEMhashBlob(u.info26.password.data, 516, &confounded_session_key);
459 memcpy(&u.info26.password.data[516], confounder, 16);
461 printf("Testing SetUserInfo level 26 (set password ex)\n");
463 status = dcerpc_samr_SetUserInfo(p, mem_ctx, &s);
464 if (!NT_STATUS_IS_OK(status)) {
465 printf("SetUserInfo level %u failed - %s\n",
466 s.in.level, nt_errstr(status));
475 static BOOL test_SetUserPass_25(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
476 struct policy_handle *handle, char **password)
479 struct samr_SetUserInfo s;
480 union samr_UserInfo u;
482 DATA_BLOB session_key;
483 DATA_BLOB confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16);
484 uint8 confounder[16];
485 char *newpass = samr_rand_pass(mem_ctx);
486 struct MD5Context ctx;
488 s.in.handle = handle;
494 u.info25.info.fields_present = SAMR_FIELD_PASSWORD;
496 encode_pw_buffer(u.info25.password.data, newpass, STR_UNICODE);
498 status = dcerpc_fetch_session_key(p, &session_key);
499 if (!NT_STATUS_IS_OK(status)) {
500 printf("SetUserInfo level %u - no session key - %s\n",
501 s.in.level, nt_errstr(status));
505 generate_random_buffer((unsigned char *)confounder, 16, False);
508 MD5Update(&ctx, confounder, 16);
509 MD5Update(&ctx, session_key.data, session_key.length);
510 MD5Final(confounded_session_key.data, &ctx);
512 SamOEMhashBlob(u.info25.password.data, 516, &confounded_session_key);
513 memcpy(&u.info25.password.data[516], confounder, 16);
515 printf("Testing SetUserInfo level 25 (set password ex)\n");
517 status = dcerpc_samr_SetUserInfo(p, mem_ctx, &s);
518 if (!NT_STATUS_IS_OK(status)) {
519 printf("SetUserInfo level %u failed - %s\n",
520 s.in.level, nt_errstr(status));
529 static BOOL test_SetAliasInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
530 struct policy_handle *handle)
533 struct samr_SetAliasInfo r;
534 struct samr_QueryAliasInfo q;
535 uint16 levels[] = {2, 3};
539 /* Ignoring switch level 1, as that includes the number of members for the alias
540 * and setting this to a wrong value might have negative consequences
543 for (i=0;i<ARRAY_SIZE(levels);i++) {
544 printf("Testing SetAliasInfo level %u\n", levels[i]);
546 r.in.handle = handle;
547 r.in.level = levels[i];
548 switch (r.in.level) {
549 case 2 : init_samr_Name(&r.in.info.name,TEST_ALIASNAME); break;
550 case 3 : init_samr_Name(&r.in.info.description,
551 "Test Description, should test I18N as well"); break;
554 status = dcerpc_samr_SetAliasInfo(p, mem_ctx, &r);
555 if (!NT_STATUS_IS_OK(status)) {
556 printf("SetAliasInfo level %u failed - %s\n",
557 levels[i], nt_errstr(status));
561 q.in.handle = handle;
562 q.in.level = levels[i];
564 status = dcerpc_samr_QueryAliasInfo(p, mem_ctx, &q);
565 if (!NT_STATUS_IS_OK(status)) {
566 printf("QueryAliasInfo level %u failed - %s\n",
567 levels[i], nt_errstr(status));
575 static BOOL test_GetGroupsForUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
576 struct policy_handle *user_handle)
578 struct samr_GetGroupsForUser r;
582 printf("testing GetGroupsForUser\n");
584 r.in.handle = user_handle;
586 status = dcerpc_samr_GetGroupsForUser(p, mem_ctx, &r);
587 if (!NT_STATUS_IS_OK(status)) {
588 printf("GetGroupsForUser failed - %s\n",nt_errstr(status));
596 static BOOL test_GetDomPwInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
597 struct samr_Name *domain_name)
600 struct samr_GetDomPwInfo r;
603 printf("Testing GetDomPwInfo\n");
605 r.in.name = domain_name;
607 status = dcerpc_samr_GetDomPwInfo(p, mem_ctx, &r);
608 if (!NT_STATUS_IS_OK(status)) {
609 printf("GetDomPwInfo failed - %s\n", nt_errstr(status));
616 static BOOL test_GetUserPwInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
617 struct policy_handle *handle)
620 struct samr_GetUserPwInfo r;
623 printf("Testing GetUserPwInfo\n");
625 r.in.handle = handle;
627 status = dcerpc_samr_GetUserPwInfo(p, mem_ctx, &r);
628 if (!NT_STATUS_IS_OK(status)) {
629 printf("GetUserPwInfo failed - %s\n", nt_errstr(status));
636 static NTSTATUS test_LookupName(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
637 struct policy_handle *domain_handle, const char *name,
641 struct samr_LookupNames n;
642 struct samr_Name sname[2];
644 init_samr_Name(&sname[0], name);
646 n.in.handle = domain_handle;
649 status = dcerpc_samr_LookupNames(p, mem_ctx, &n);
650 if (NT_STATUS_IS_OK(status)) {
651 *rid = n.out.rids.ids[0];
656 init_samr_Name(&sname[1], "xxNONAMExx");
658 status = dcerpc_samr_LookupNames(p, mem_ctx, &n);
659 if (!NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) {
660 printf("LookupNames[2] failed - %s\n", nt_errstr(status));
664 init_samr_Name(&sname[1], "xxNONAMExx");
666 status = dcerpc_samr_LookupNames(p, mem_ctx, &n);
667 if (!NT_STATUS_IS_OK(status)) {
668 printf("LookupNames[0] failed - %s\n", nt_errstr(status));
674 static NTSTATUS test_OpenUser_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
675 struct policy_handle *domain_handle,
676 const char *name, struct policy_handle *user_handle)
679 struct samr_OpenUser r;
682 status = test_LookupName(p, mem_ctx, domain_handle, name, &rid);
683 if (!NT_STATUS_IS_OK(status)) {
687 r.in.handle = domain_handle;
688 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
690 r.out.acct_handle = user_handle;
691 status = dcerpc_samr_OpenUser(p, mem_ctx, &r);
692 if (!NT_STATUS_IS_OK(status)) {
693 printf("OpenUser_byname(%s) failed - %s\n", name, nt_errstr(status));
700 static BOOL test_ChangePasswordUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
701 struct policy_handle *handle, char **password)
704 struct samr_ChangePasswordUser r;
706 struct samr_Hash hash1, hash2, hash3, hash4, hash5, hash6;
707 struct policy_handle user_handle;
708 char *oldpass = *password;
709 char *newpass = samr_rand_pass(mem_ctx);
710 uint8 old_nt_hash[16], new_nt_hash[16];
711 uint8 old_lm_hash[16], new_lm_hash[16];
713 status = test_OpenUser_byname(p, mem_ctx, handle, TEST_USERNAME, &user_handle);
714 if (!NT_STATUS_IS_OK(status)) {
718 printf("Testing ChangePasswordUser\n");
720 E_md4hash(oldpass, old_nt_hash);
721 E_md4hash(newpass, new_nt_hash);
722 E_deshash(oldpass, old_lm_hash);
723 E_deshash(newpass, new_lm_hash);
725 E_old_pw_hash(new_lm_hash, old_lm_hash, hash1.hash);
726 E_old_pw_hash(old_lm_hash, new_lm_hash, hash2.hash);
727 E_old_pw_hash(new_nt_hash, old_nt_hash, hash3.hash);
728 E_old_pw_hash(old_nt_hash, new_nt_hash, hash4.hash);
729 E_old_pw_hash(old_lm_hash, new_nt_hash, hash5.hash);
730 E_old_pw_hash(old_nt_hash, new_lm_hash, hash6.hash);
732 r.in.handle = &user_handle;
734 r.in.old_lm_crypted = &hash1;
735 r.in.new_lm_crypted = &hash2;
737 r.in.old_nt_crypted = &hash3;
738 r.in.new_nt_crypted = &hash4;
739 r.in.cross1_present = 1;
740 r.in.nt_cross = &hash5;
741 r.in.cross2_present = 1;
742 r.in.lm_cross = &hash6;
744 status = dcerpc_samr_ChangePasswordUser(p, mem_ctx, &r);
745 if (!NT_STATUS_IS_OK(status)) {
746 printf("ChangePasswordUser failed - %s\n", nt_errstr(status));
752 if (!test_Close(p, mem_ctx, &user_handle)) {
760 static BOOL test_OemChangePasswordUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
761 struct policy_handle *handle, char **password)
764 struct samr_OemChangePasswordUser2 r;
766 struct samr_Hash lm_verifier;
767 struct samr_CryptPassword lm_pass;
768 struct samr_AsciiName server, account;
769 char *oldpass = *password;
770 char *newpass = samr_rand_pass(mem_ctx);
771 uint8 old_lm_hash[16], new_lm_hash[16];
773 printf("Testing OemChangePasswordUser2\n");
775 server.name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
776 account.name = TEST_USERNAME;
778 E_deshash(oldpass, old_lm_hash);
779 E_deshash(newpass, new_lm_hash);
781 encode_pw_buffer(lm_pass.data, newpass, STR_ASCII);
782 SamOEMhash(lm_pass.data, old_lm_hash, 516);
783 E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash);
785 r.in.server = &server;
786 r.in.account = &account;
787 r.in.password = &lm_pass;
788 r.in.hash = &lm_verifier;
790 status = dcerpc_samr_OemChangePasswordUser2(p, mem_ctx, &r);
791 if (!NT_STATUS_IS_OK(status)) {
792 printf("OemChangePasswordUser2 failed - %s\n", nt_errstr(status));
802 static BOOL test_ChangePasswordUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
803 struct policy_handle *handle, char **password)
806 struct samr_ChangePasswordUser2 r;
808 struct samr_Name server, account;
809 struct samr_CryptPassword nt_pass, lm_pass;
810 struct samr_Hash nt_verifier, lm_verifier;
811 char *oldpass = *password;
812 char *newpass = samr_rand_pass(mem_ctx);
813 uint8 old_nt_hash[16], new_nt_hash[16];
814 uint8 old_lm_hash[16], new_lm_hash[16];
816 printf("Testing ChangePasswordUser2\n");
818 server.name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
819 init_samr_Name(&account, TEST_USERNAME);
821 E_md4hash(oldpass, old_nt_hash);
822 E_md4hash(newpass, new_nt_hash);
824 E_deshash(oldpass, old_lm_hash);
825 E_deshash(newpass, new_lm_hash);
827 encode_pw_buffer(lm_pass.data, newpass, STR_ASCII|STR_TERMINATE);
828 SamOEMhash(lm_pass.data, old_lm_hash, 516);
829 E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash);
831 encode_pw_buffer(nt_pass.data, newpass, STR_UNICODE);
832 SamOEMhash(nt_pass.data, old_nt_hash, 516);
833 E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
835 r.in.server = &server;
836 r.in.account = &account;
837 r.in.nt_password = &nt_pass;
838 r.in.nt_verifier = &nt_verifier;
840 r.in.lm_password = &lm_pass;
841 r.in.lm_verifier = &lm_verifier;
843 status = dcerpc_samr_ChangePasswordUser2(p, mem_ctx, &r);
844 if (!NT_STATUS_IS_OK(status)) {
845 printf("ChangePasswordUser2 failed - %s\n", nt_errstr(status));
855 static BOOL test_ChangePasswordUser3(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
856 struct policy_handle *handle, char **password)
859 struct samr_ChangePasswordUser3 r;
861 struct samr_Name server, account;
862 struct samr_CryptPassword nt_pass, lm_pass;
863 struct samr_Hash nt_verifier, lm_verifier;
864 char *oldpass = *password;
865 char *newpass = samr_rand_pass(mem_ctx);
866 uint8 old_nt_hash[16], new_nt_hash[16];
867 uint8 old_lm_hash[16], new_lm_hash[16];
869 printf("Testing ChangePasswordUser3\n");
871 server.name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
872 init_samr_Name(&account, TEST_USERNAME);
874 E_md4hash(oldpass, old_nt_hash);
875 E_md4hash(newpass, new_nt_hash);
877 E_deshash(oldpass, old_lm_hash);
878 E_deshash(newpass, new_lm_hash);
880 encode_pw_buffer(lm_pass.data, newpass, STR_UNICODE);
881 SamOEMhash(lm_pass.data, old_lm_hash, 516);
882 E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash);
884 encode_pw_buffer(nt_pass.data, newpass, STR_UNICODE);
885 SamOEMhash(nt_pass.data, old_nt_hash, 516);
886 E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
888 r.in.server = &server;
889 r.in.account = &account;
890 r.in.nt_password = &nt_pass;
891 r.in.nt_verifier = &nt_verifier;
893 r.in.lm_password = &lm_pass;
894 r.in.lm_verifier = &lm_verifier;
895 r.in.password3 = NULL;
897 status = dcerpc_samr_ChangePasswordUser3(p, mem_ctx, &r);
898 if (!NT_STATUS_IS_OK(status)) {
899 printf("ChangePasswordUser3 failed - %s\n", nt_errstr(status));
909 static BOOL test_GetMembersInAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
910 struct policy_handle *alias_handle)
912 struct samr_GetMembersInAlias r;
913 struct lsa_SidArray sids;
917 printf("Testing GetMembersInAlias\n");
919 r.in.handle = alias_handle;
922 status = dcerpc_samr_GetMembersInAlias(p, mem_ctx, &r);
923 if (!NT_STATUS_IS_OK(status)) {
924 printf("GetMembersInAlias failed - %s\n",
932 static BOOL test_AddMemberToAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
933 struct policy_handle *alias_handle,
934 struct policy_handle *domain_handle,
935 const struct dom_sid *domain_sid)
937 struct samr_AddAliasMember r;
938 struct samr_DeleteAliasMember d;
943 sid = dom_sid_add_rid(mem_ctx, domain_sid, 512);
945 printf("testing AddAliasMember\n");
946 r.in.handle = alias_handle;
949 status = dcerpc_samr_AddAliasMember(p, mem_ctx, &r);
950 if (!NT_STATUS_IS_OK(status)) {
951 printf("AddAliasMember failed - %s\n", nt_errstr(status));
955 d.in.handle = alias_handle;
958 status = dcerpc_samr_DeleteAliasMember(p, mem_ctx, &d);
959 if (!NT_STATUS_IS_OK(status)) {
960 printf("DelAliasMember failed - %s\n", nt_errstr(status));
967 static BOOL test_AddMultipleMembersToAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
968 struct policy_handle *alias_handle)
970 struct samr_AddMultipleMembersToAlias a;
971 struct samr_RemoveMultipleMembersFromAlias r;
974 struct lsa_SidArray sids;
976 printf("testing AddMultipleMembersToAlias\n");
977 a.in.handle = alias_handle;
981 sids.sids = talloc_array_p(mem_ctx, struct lsa_SidPtr, 3);
983 sids.sids[0].sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-1-2-3-1");
984 sids.sids[1].sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-1-2-3-2");
985 sids.sids[2].sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-1-2-3-3");
987 status = dcerpc_samr_AddMultipleMembersToAlias(p, mem_ctx, &a);
988 if (!NT_STATUS_IS_OK(status)) {
989 printf("AddMultipleMembersToAlias failed - %s\n", nt_errstr(status));
994 printf("testing RemoveMultipleMembersFromAlias\n");
995 r.in.handle = alias_handle;
998 status = dcerpc_samr_RemoveMultipleMembersFromAlias(p, mem_ctx, &r);
999 if (!NT_STATUS_IS_OK(status)) {
1000 printf("RemoveMultipleMembersFromAlias failed - %s\n", nt_errstr(status));
1004 /* strange! removing twice doesn't give any error */
1005 status = dcerpc_samr_RemoveMultipleMembersFromAlias(p, mem_ctx, &r);
1006 if (!NT_STATUS_IS_OK(status)) {
1007 printf("RemoveMultipleMembersFromAlias failed - %s\n", nt_errstr(status));
1011 /* but removing an alias that isn't there does */
1012 sids.sids[2].sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-1-2-3-4");
1014 status = dcerpc_samr_RemoveMultipleMembersFromAlias(p, mem_ctx, &r);
1015 if (!NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_NOT_FOUND, status)) {
1016 printf("RemoveMultipleMembersFromAlias failed - %s\n", nt_errstr(status));
1023 static BOOL test_TestPrivateFunctionsUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1024 struct policy_handle *user_handle)
1026 struct samr_TestPrivateFunctionsUser r;
1030 printf("Testing TestPrivateFunctionsUser\n");
1032 r.in.handle = user_handle;
1034 status = dcerpc_samr_TestPrivateFunctionsUser(p, mem_ctx, &r);
1035 if (!NT_STATUS_EQUAL(NT_STATUS_NOT_IMPLEMENTED, status)) {
1036 printf("TestPrivateFunctionsUser failed - %s\n", nt_errstr(status));
1044 static BOOL test_user_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1045 struct policy_handle *handle)
1049 if (!test_QuerySecurity(p, mem_ctx, handle)) {
1053 if (!test_QueryUserInfo(p, mem_ctx, handle)) {
1057 if (!test_QueryUserInfo2(p, mem_ctx, handle)) {
1061 if (!test_SetUserInfo(p, mem_ctx, handle)) {
1065 if (!test_GetUserPwInfo(p, mem_ctx, handle)) {
1069 if (!test_TestPrivateFunctionsUser(p, mem_ctx, handle)) {
1076 static BOOL test_alias_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1077 struct policy_handle *alias_handle,
1078 struct policy_handle *domain_handle,
1079 const struct dom_sid *domain_sid)
1083 if (!test_QuerySecurity(p, mem_ctx, alias_handle)) {
1087 if (!test_QueryAliasInfo(p, mem_ctx, alias_handle)) {
1091 if (!test_SetAliasInfo(p, mem_ctx, alias_handle)) {
1095 if (!test_AddMemberToAlias(p, mem_ctx, alias_handle,
1096 domain_handle, domain_sid)) {
1100 if (!test_AddMultipleMembersToAlias(p, mem_ctx, alias_handle)) {
1108 BOOL test_DeleteUser_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1109 struct policy_handle *handle, const char *name)
1112 struct samr_DeleteUser d;
1113 struct policy_handle acct_handle;
1116 status = test_LookupName(p, mem_ctx, handle, name, &rid);
1117 if (!NT_STATUS_IS_OK(status)) {
1121 status = test_OpenUser_byname(p, mem_ctx, handle, name, &acct_handle);
1122 if (!NT_STATUS_IS_OK(status)) {
1126 d.in.handle = &acct_handle;
1127 d.out.handle = &acct_handle;
1128 status = dcerpc_samr_DeleteUser(p, mem_ctx, &d);
1129 if (!NT_STATUS_IS_OK(status)) {
1136 printf("DeleteUser_byname(%s) failed - %s\n", name, nt_errstr(status));
1141 static BOOL test_DeleteGroup_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1142 struct policy_handle *handle, const char *name)
1145 struct samr_OpenGroup r;
1146 struct samr_DeleteDomainGroup d;
1147 struct policy_handle group_handle;
1150 status = test_LookupName(p, mem_ctx, handle, name, &rid);
1151 if (!NT_STATUS_IS_OK(status)) {
1155 r.in.handle = handle;
1156 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
1158 r.out.acct_handle = &group_handle;
1159 status = dcerpc_samr_OpenGroup(p, mem_ctx, &r);
1160 if (!NT_STATUS_IS_OK(status)) {
1164 d.in.handle = &group_handle;
1165 d.out.handle = &group_handle;
1166 status = dcerpc_samr_DeleteDomainGroup(p, mem_ctx, &d);
1167 if (!NT_STATUS_IS_OK(status)) {
1174 printf("DeleteGroup_byname(%s) failed - %s\n", name, nt_errstr(status));
1179 static BOOL test_DeleteAlias_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1180 struct policy_handle *domain_handle, const char *name)
1183 struct samr_OpenAlias r;
1184 struct samr_DeleteDomAlias d;
1185 struct policy_handle alias_handle;
1188 printf("testing DeleteAlias_byname\n");
1190 status = test_LookupName(p, mem_ctx, domain_handle, name, &rid);
1191 if (!NT_STATUS_IS_OK(status)) {
1195 r.in.handle = domain_handle;
1196 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
1198 r.out.acct_handle = &alias_handle;
1199 status = dcerpc_samr_OpenAlias(p, mem_ctx, &r);
1200 if (!NT_STATUS_IS_OK(status)) {
1204 d.in.handle = &alias_handle;
1205 d.out.handle = &alias_handle;
1206 status = dcerpc_samr_DeleteDomAlias(p, mem_ctx, &d);
1207 if (!NT_STATUS_IS_OK(status)) {
1214 printf("DeleteUser_byname(%s) failed - %s\n", name, nt_errstr(status));
1218 static BOOL test_DeleteAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1219 struct policy_handle *alias_handle)
1221 struct samr_DeleteDomAlias d;
1224 printf("Testing DeleteAlias\n");
1226 d.in.handle = alias_handle;
1227 d.out.handle = alias_handle;
1229 status = dcerpc_samr_DeleteDomAlias(p, mem_ctx, &d);
1230 if (!NT_STATUS_IS_OK(status)) {
1231 printf("DeleteAlias failed - %s\n", nt_errstr(status));
1238 static BOOL test_CreateAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1239 struct policy_handle *domain_handle,
1240 struct policy_handle *alias_handle,
1241 const struct dom_sid *domain_sid)
1244 struct samr_CreateDomAlias r;
1245 struct samr_Name name;
1249 init_samr_Name(&name, TEST_ALIASNAME);
1250 r.in.handle = domain_handle;
1251 r.in.aliasname = &name;
1252 r.in.access_mask = SEC_RIGHT_MAXIMUM_ALLOWED;
1253 r.out.acct_handle = alias_handle;
1256 printf("Testing CreateAlias (%s)\n", r.in.aliasname->name);
1258 status = dcerpc_samr_CreateDomAlias(p, mem_ctx, &r);
1260 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
1261 printf("Server refused create of '%s'\n", r.in.aliasname->name);
1265 if (NT_STATUS_EQUAL(status, NT_STATUS_ALIAS_EXISTS)) {
1266 if (!test_DeleteAlias_byname(p, mem_ctx, domain_handle, r.in.aliasname->name)) {
1269 status = dcerpc_samr_CreateDomAlias(p, mem_ctx, &r);
1272 if (!NT_STATUS_IS_OK(status)) {
1273 printf("CreateAlias failed - %s\n", nt_errstr(status));
1277 if (!test_alias_ops(p, mem_ctx, alias_handle, domain_handle, domain_sid)) {
1284 static BOOL test_ChangePassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1285 struct policy_handle *domain_handle, char **password)
1293 if (!test_ChangePasswordUser(p, mem_ctx, domain_handle, password)) {
1297 if (!test_ChangePasswordUser2(p, mem_ctx, domain_handle, password)) {
1301 if (!test_OemChangePasswordUser2(p, mem_ctx, domain_handle, password)) {
1305 if (!test_ChangePasswordUser3(p, mem_ctx, domain_handle, password)) {
1312 static BOOL test_CreateUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1313 struct policy_handle *domain_handle, struct policy_handle *user_handle)
1316 struct samr_CreateUser r;
1317 struct samr_QueryUserInfo q;
1319 char *password = NULL;
1321 /* This call creates a 'normal' account - check that it really does */
1322 const uint32 acct_flags = ACB_NORMAL;
1323 struct samr_Name name;
1326 init_samr_Name(&name, TEST_USERNAME);
1328 r.in.handle = domain_handle;
1329 r.in.username = &name;
1330 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
1331 r.out.acct_handle = user_handle;
1334 printf("Testing CreateUser(%s)\n", r.in.username->name);
1336 status = dcerpc_samr_CreateUser(p, mem_ctx, &r);
1338 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
1339 printf("Server refused create of '%s'\n", r.in.username->name);
1340 ZERO_STRUCTP(user_handle);
1344 if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
1345 if (!test_DeleteUser_byname(p, mem_ctx, domain_handle, r.in.username->name)) {
1348 status = dcerpc_samr_CreateUser(p, mem_ctx, &r);
1350 if (!NT_STATUS_IS_OK(status)) {
1351 printf("CreateUser failed - %s\n", nt_errstr(status));
1355 q.in.handle = user_handle;
1358 status = dcerpc_samr_QueryUserInfo(p, mem_ctx, &q);
1359 if (!NT_STATUS_IS_OK(status)) {
1360 printf("QueryUserInfo level %u failed - %s\n",
1361 q.in.level, nt_errstr(status));
1364 if ((q.out.info->info16.acct_flags & acct_flags) != acct_flags) {
1365 printf("QuerUserInfo level 16 failed, it returned 0x%08x (%u) when we expected flags of 0x%08x (%u)\n",
1366 q.out.info->info16.acct_flags, q.out.info->info16.acct_flags,
1367 acct_flags, acct_flags);
1372 if (!test_user_ops(p, mem_ctx, user_handle)) {
1376 if (!test_SetUserPass(p, mem_ctx, user_handle, &password)) {
1380 if (!test_SetUserPass_23(p, mem_ctx, user_handle, &password)) {
1384 if (!test_SetUserPassEx(p, mem_ctx, user_handle, &password)) {
1388 if (!test_SetUserPass_25(p, mem_ctx, user_handle, &password)) {
1392 /* we change passwords twice - this has the effect of verifying
1393 they were changed correctly */
1394 if (!test_ChangePassword(p, mem_ctx, domain_handle, &password)) {
1398 if (!test_ChangePassword(p, mem_ctx, domain_handle, &password)) {
1407 static BOOL test_DeleteUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1408 struct policy_handle *user_handle)
1410 struct samr_DeleteUser d;
1414 printf("Testing DeleteUser\n");
1416 d.in.handle = user_handle;
1417 d.out.handle = user_handle;
1419 status = dcerpc_samr_DeleteUser(p, mem_ctx, &d);
1420 if (!NT_STATUS_IS_OK(status)) {
1421 printf("DeleteUser failed - %s\n", nt_errstr(status));
1428 static BOOL test_CreateUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1429 struct policy_handle *handle)
1432 struct samr_CreateUser2 r;
1433 struct samr_QueryUserInfo q;
1434 struct samr_DeleteUser d;
1435 struct policy_handle acct_handle;
1437 struct samr_Name name;
1443 const char *account_name;
1445 } account_types[] = {
1446 { ACB_NORMAL, TEST_USERNAME, NT_STATUS_OK },
1447 { ACB_NORMAL | ACB_DISABLED, TEST_USERNAME, NT_STATUS_INVALID_PARAMETER },
1448 { ACB_NORMAL | ACB_PWNOEXP, TEST_USERNAME, NT_STATUS_INVALID_PARAMETER },
1449 { ACB_WSTRUST, TEST_MACHINENAME, NT_STATUS_OK },
1450 { ACB_WSTRUST | ACB_DISABLED, TEST_MACHINENAME, NT_STATUS_INVALID_PARAMETER },
1451 { ACB_WSTRUST | ACB_PWNOEXP, TEST_MACHINENAME, NT_STATUS_INVALID_PARAMETER },
1452 { ACB_SVRTRUST, TEST_MACHINENAME, NT_STATUS_OK },
1453 { ACB_SVRTRUST | ACB_DISABLED, TEST_MACHINENAME, NT_STATUS_INVALID_PARAMETER },
1454 { ACB_SVRTRUST | ACB_PWNOEXP, TEST_MACHINENAME, NT_STATUS_INVALID_PARAMETER },
1455 { ACB_DOMTRUST, TEST_DOMAINNAME, NT_STATUS_OK },
1456 { ACB_DOMTRUST | ACB_DISABLED, TEST_DOMAINNAME, NT_STATUS_INVALID_PARAMETER },
1457 { ACB_DOMTRUST | ACB_PWNOEXP, TEST_DOMAINNAME, NT_STATUS_INVALID_PARAMETER },
1458 { 0, TEST_USERNAME, NT_STATUS_INVALID_PARAMETER },
1459 { ACB_DISABLED, TEST_USERNAME, NT_STATUS_INVALID_PARAMETER },
1460 { 0, NULL, NT_STATUS_INVALID_PARAMETER }
1463 for (i = 0; account_types[i].account_name; i++) {
1464 uint32 acct_flags = account_types[i].acct_flags;
1465 uint32 access_granted;
1467 init_samr_Name(&name, account_types[i].account_name);
1469 r.in.handle = handle;
1470 r.in.username = &name;
1471 r.in.acct_flags = acct_flags;
1472 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
1473 r.out.acct_handle = &acct_handle;
1474 r.out.access_granted = &access_granted;
1477 printf("Testing CreateUser2(%s)\n", r.in.username->name);
1479 status = dcerpc_samr_CreateUser2(p, mem_ctx, &r);
1481 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
1482 printf("Server refused create of '%s'\n", r.in.username->name);
1485 } else if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
1486 if (!test_DeleteUser_byname(p, mem_ctx, handle, r.in.username->name)) {
1489 status = dcerpc_samr_CreateUser2(p, mem_ctx, &r);
1492 if (!NT_STATUS_EQUAL(status, account_types[i].nt_status)) {
1493 printf("CreateUser2 failed gave incorrect error return - %s (should be %s)\n",
1494 nt_errstr(status), nt_errstr(account_types[i].nt_status));
1498 if (NT_STATUS_IS_OK(status)) {
1499 q.in.handle = &acct_handle;
1502 status = dcerpc_samr_QueryUserInfo(p, mem_ctx, &q);
1503 if (!NT_STATUS_IS_OK(status)) {
1504 printf("QueryUserInfo level %u failed - %s\n",
1505 q.in.level, nt_errstr(status));
1508 if ((q.out.info->info16.acct_flags & acct_flags) != acct_flags) {
1509 printf("QuerUserInfo level 16 failed, it returned 0x%08x when we expected flags of 0x%08x\n",
1510 q.out.info->info16.acct_flags,
1516 if (!test_user_ops(p, mem_ctx, &acct_handle)) {
1520 printf("Testing DeleteUser (createuser2 test)\n");
1522 d.in.handle = &acct_handle;
1523 d.out.handle = &acct_handle;
1525 status = dcerpc_samr_DeleteUser(p, mem_ctx, &d);
1526 if (!NT_STATUS_IS_OK(status)) {
1527 printf("DeleteUser failed - %s\n", nt_errstr(status));
1536 static BOOL test_QueryAliasInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1537 struct policy_handle *handle)
1540 struct samr_QueryAliasInfo r;
1541 uint16 levels[] = {1, 2, 3};
1545 for (i=0;i<ARRAY_SIZE(levels);i++) {
1546 printf("Testing QueryAliasInfo level %u\n", levels[i]);
1548 r.in.handle = handle;
1549 r.in.level = levels[i];
1551 status = dcerpc_samr_QueryAliasInfo(p, mem_ctx, &r);
1552 if (!NT_STATUS_IS_OK(status)) {
1553 printf("QueryAliasInfo level %u failed - %s\n",
1554 levels[i], nt_errstr(status));
1562 static BOOL test_QueryGroupInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1563 struct policy_handle *handle)
1566 struct samr_QueryGroupInfo r;
1567 uint16 levels[] = {1, 2, 3, 4};
1571 for (i=0;i<ARRAY_SIZE(levels);i++) {
1572 printf("Testing QueryGroupInfo level %u\n", levels[i]);
1574 r.in.handle = handle;
1575 r.in.level = levels[i];
1577 status = dcerpc_samr_QueryGroupInfo(p, mem_ctx, &r);
1578 if (!NT_STATUS_IS_OK(status)) {
1579 printf("QueryGroupInfo level %u failed - %s\n",
1580 levels[i], nt_errstr(status));
1589 static BOOL test_SetGroupInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1590 struct policy_handle *handle)
1593 struct samr_QueryGroupInfo r;
1594 struct samr_SetGroupInfo s;
1595 uint16 levels[] = {1, 2, 3, 4};
1596 uint16 set_ok[] = {0, 1, 1, 1};
1600 for (i=0;i<ARRAY_SIZE(levels);i++) {
1601 printf("Testing QueryGroupInfo level %u\n", levels[i]);
1603 r.in.handle = handle;
1604 r.in.level = levels[i];
1606 status = dcerpc_samr_QueryGroupInfo(p, mem_ctx, &r);
1607 if (!NT_STATUS_IS_OK(status)) {
1608 printf("QueryGroupInfo level %u failed - %s\n",
1609 levels[i], nt_errstr(status));
1613 printf("Testing SetGroupInfo level %u\n", levels[i]);
1615 s.in.handle = handle;
1616 s.in.level = levels[i];
1617 s.in.info = r.out.info;
1619 if (s.in.level == 2) {
1620 init_samr_Name(&s.in.info->name, "NewName");
1623 if (s.in.level == 4) {
1624 init_samr_Name(&s.in.info->description, "test description");
1627 status = dcerpc_samr_SetGroupInfo(p, mem_ctx, &s);
1629 if (!NT_STATUS_IS_OK(status)) {
1630 printf("SetGroupInfo level %u failed - %s\n",
1631 r.in.level, nt_errstr(status));
1636 if (!NT_STATUS_EQUAL(NT_STATUS_INVALID_INFO_CLASS, status)) {
1637 printf("SetGroupInfo level %u gave %s - should have been NT_STATUS_INVALID_INFO_CLASS\n",
1638 r.in.level, nt_errstr(status));
1648 static BOOL test_QueryUserInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1649 struct policy_handle *handle)
1652 struct samr_QueryUserInfo r;
1653 uint16 levels[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
1654 11, 12, 13, 14, 16, 17, 20, 21};
1658 for (i=0;i<ARRAY_SIZE(levels);i++) {
1659 printf("Testing QueryUserInfo level %u\n", levels[i]);
1661 r.in.handle = handle;
1662 r.in.level = levels[i];
1664 status = dcerpc_samr_QueryUserInfo(p, mem_ctx, &r);
1665 if (!NT_STATUS_IS_OK(status)) {
1666 printf("QueryUserInfo level %u failed - %s\n",
1667 levels[i], nt_errstr(status));
1675 static BOOL test_QueryUserInfo2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1676 struct policy_handle *handle)
1679 struct samr_QueryUserInfo2 r;
1680 uint16 levels[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
1681 11, 12, 13, 14, 16, 17, 20, 21};
1685 for (i=0;i<ARRAY_SIZE(levels);i++) {
1686 printf("Testing QueryUserInfo2 level %u\n", levels[i]);
1688 r.in.handle = handle;
1689 r.in.level = levels[i];
1691 status = dcerpc_samr_QueryUserInfo2(p, mem_ctx, &r);
1692 if (!NT_STATUS_IS_OK(status)) {
1693 printf("QueryUserInfo2 level %u failed - %s\n",
1694 levels[i], nt_errstr(status));
1702 static BOOL test_OpenUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1703 struct policy_handle *handle, uint32 rid)
1706 struct samr_OpenUser r;
1707 struct policy_handle acct_handle;
1710 printf("Testing OpenUser(%u)\n", rid);
1712 r.in.handle = handle;
1713 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
1715 r.out.acct_handle = &acct_handle;
1717 status = dcerpc_samr_OpenUser(p, mem_ctx, &r);
1718 if (!NT_STATUS_IS_OK(status)) {
1719 printf("OpenUser(%u) failed - %s\n", rid, nt_errstr(status));
1723 if (!test_QuerySecurity(p, mem_ctx, &acct_handle)) {
1727 if (!test_QueryUserInfo(p, mem_ctx, &acct_handle)) {
1731 if (!test_QueryUserInfo2(p, mem_ctx, &acct_handle)) {
1735 if (!test_GetUserPwInfo(p, mem_ctx, &acct_handle)) {
1739 if (!test_GetGroupsForUser(p,mem_ctx, &acct_handle)) {
1743 if (!test_Close(p, mem_ctx, &acct_handle)) {
1750 static BOOL test_OpenGroup(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1751 struct policy_handle *handle, uint32 rid)
1754 struct samr_OpenGroup r;
1755 struct policy_handle acct_handle;
1758 printf("Testing OpenGroup(%u)\n", rid);
1760 r.in.handle = handle;
1761 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
1763 r.out.acct_handle = &acct_handle;
1765 status = dcerpc_samr_OpenGroup(p, mem_ctx, &r);
1766 if (!NT_STATUS_IS_OK(status)) {
1767 printf("OpenGroup(%u) failed - %s\n", rid, nt_errstr(status));
1771 if (!test_QuerySecurity(p, mem_ctx, &acct_handle)) {
1775 if (!test_QueryGroupInfo(p, mem_ctx, &acct_handle)) {
1779 if (!test_Close(p, mem_ctx, &acct_handle)) {
1786 static BOOL test_OpenAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1787 struct policy_handle *handle, uint32 rid)
1790 struct samr_OpenAlias r;
1791 struct policy_handle acct_handle;
1794 printf("Testing OpenAlias(%u)\n", rid);
1796 r.in.handle = handle;
1797 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
1799 r.out.acct_handle = &acct_handle;
1801 status = dcerpc_samr_OpenAlias(p, mem_ctx, &r);
1802 if (!NT_STATUS_IS_OK(status)) {
1803 printf("OpenAlias(%u) failed - %s\n", rid, nt_errstr(status));
1807 if (!test_QuerySecurity(p, mem_ctx, &acct_handle)) {
1811 if (!test_QueryAliasInfo(p, mem_ctx, &acct_handle)) {
1815 if (!test_GetMembersInAlias(p, mem_ctx, &acct_handle)) {
1819 if (!test_Close(p, mem_ctx, &acct_handle)) {
1826 static BOOL test_EnumDomainUsers(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1827 struct policy_handle *handle)
1830 struct samr_EnumDomainUsers r;
1831 uint32 resume_handle=0;
1834 struct samr_LookupNames n;
1835 struct samr_LookupRids lr ;
1837 printf("Testing EnumDomainUsers\n");
1839 r.in.handle = handle;
1840 r.in.resume_handle = &resume_handle;
1841 r.in.acct_flags = 0;
1842 r.in.max_size = (uint32)-1;
1843 r.out.resume_handle = &resume_handle;
1845 status = dcerpc_samr_EnumDomainUsers(p, mem_ctx, &r);
1846 if (!NT_STATUS_IS_OK(status)) {
1847 printf("EnumDomainUsers failed - %s\n", nt_errstr(status));
1855 if (r.out.sam->count == 0) {
1859 for (i=0;i<r.out.sam->count;i++) {
1860 if (!test_OpenUser(p, mem_ctx, handle, r.out.sam->entries[i].idx)) {
1865 printf("Testing LookupNames\n");
1866 n.in.handle = handle;
1867 n.in.num_names = r.out.sam->count;
1868 n.in.names = talloc(mem_ctx, r.out.sam->count * sizeof(struct samr_Name));
1869 for (i=0;i<r.out.sam->count;i++) {
1870 n.in.names[i] = r.out.sam->entries[i].name;
1872 status = dcerpc_samr_LookupNames(p, mem_ctx, &n);
1873 if (!NT_STATUS_IS_OK(status)) {
1874 printf("LookupNames failed - %s\n", nt_errstr(status));
1879 printf("Testing LookupRids\n");
1880 lr.in.handle = handle;
1881 lr.in.num_rids = r.out.sam->count;
1882 lr.in.rids = talloc(mem_ctx, r.out.sam->count * sizeof(uint32));
1883 for (i=0;i<r.out.sam->count;i++) {
1884 lr.in.rids[i] = r.out.sam->entries[i].idx;
1886 status = dcerpc_samr_LookupRids(p, mem_ctx, &lr);
1887 if (!NT_STATUS_IS_OK(status)) {
1888 printf("LookupRids failed - %s\n", nt_errstr(status));
1895 static BOOL test_EnumDomainGroups(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1896 struct policy_handle *handle)
1899 struct samr_EnumDomainGroups r;
1900 uint32 resume_handle=0;
1904 printf("Testing EnumDomainGroups\n");
1906 r.in.handle = handle;
1907 r.in.resume_handle = &resume_handle;
1908 r.in.max_size = (uint32)-1;
1909 r.out.resume_handle = &resume_handle;
1911 status = dcerpc_samr_EnumDomainGroups(p, mem_ctx, &r);
1912 if (!NT_STATUS_IS_OK(status)) {
1913 printf("EnumDomainGroups failed - %s\n", nt_errstr(status));
1921 for (i=0;i<r.out.sam->count;i++) {
1922 if (!test_OpenGroup(p, mem_ctx, handle, r.out.sam->entries[i].idx)) {
1930 static BOOL test_EnumDomainAliases(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1931 struct policy_handle *handle)
1934 struct samr_EnumDomainAliases r;
1935 uint32 resume_handle=0;
1939 printf("Testing EnumDomainAliases\n");
1941 r.in.handle = handle;
1942 r.in.resume_handle = &resume_handle;
1943 r.in.max_size = (uint32)-1;
1944 r.out.resume_handle = &resume_handle;
1946 status = dcerpc_samr_EnumDomainAliases(p, mem_ctx, &r);
1947 if (!NT_STATUS_IS_OK(status)) {
1948 printf("EnumDomainAliases failed - %s\n", nt_errstr(status));
1956 for (i=0;i<r.out.sam->count;i++) {
1957 if (!test_OpenAlias(p, mem_ctx, handle, r.out.sam->entries[i].idx)) {
1965 static BOOL test_GetDisplayEnumerationIndex(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1966 struct policy_handle *handle)
1969 struct samr_GetDisplayEnumerationIndex r;
1971 uint16 levels[] = {1, 2, 3, 4, 5};
1972 uint16 ok_lvl[] = {1, 1, 1, 0, 0};
1975 for (i=0;i<ARRAY_SIZE(levels);i++) {
1976 printf("Testing GetDisplayEnumerationIndex level %u\n", levels[i]);
1978 r.in.handle = handle;
1979 r.in.level = levels[i];
1980 init_samr_Name(&r.in.name, TEST_USERNAME);
1982 status = dcerpc_samr_GetDisplayEnumerationIndex(p, mem_ctx, &r);
1985 !NT_STATUS_IS_OK(status) &&
1986 !NT_STATUS_EQUAL(NT_STATUS_NO_MORE_ENTRIES, status)) {
1987 printf("GetDisplayEnumerationIndex level %u failed - %s\n",
1988 levels[i], nt_errstr(status));
1992 init_samr_Name(&r.in.name, "zzzzzzzz");
1994 status = dcerpc_samr_GetDisplayEnumerationIndex(p, mem_ctx, &r);
1996 if (ok_lvl[i] && !NT_STATUS_EQUAL(NT_STATUS_NO_MORE_ENTRIES, status)) {
1997 printf("GetDisplayEnumerationIndex level %u failed - %s\n",
1998 levels[i], nt_errstr(status));
2006 static BOOL test_GetDisplayEnumerationIndex2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2007 struct policy_handle *handle)
2010 struct samr_GetDisplayEnumerationIndex2 r;
2012 uint16 levels[] = {1, 2, 3, 4, 5};
2013 uint16 ok_lvl[] = {1, 1, 1, 0, 0};
2016 for (i=0;i<ARRAY_SIZE(levels);i++) {
2017 printf("Testing GetDisplayEnumerationIndex2 level %u\n", levels[i]);
2019 r.in.handle = handle;
2020 r.in.level = levels[i];
2021 init_samr_Name(&r.in.name, TEST_USERNAME);
2023 status = dcerpc_samr_GetDisplayEnumerationIndex2(p, mem_ctx, &r);
2025 !NT_STATUS_IS_OK(status) &&
2026 !NT_STATUS_EQUAL(NT_STATUS_NO_MORE_ENTRIES, status)) {
2027 printf("GetDisplayEnumerationIndex2 level %u failed - %s\n",
2028 levels[i], nt_errstr(status));
2032 init_samr_Name(&r.in.name, "zzzzzzzz");
2034 status = dcerpc_samr_GetDisplayEnumerationIndex2(p, mem_ctx, &r);
2035 if (ok_lvl[i] && !NT_STATUS_EQUAL(NT_STATUS_NO_MORE_ENTRIES, status)) {
2036 printf("GetDisplayEnumerationIndex2 level %u failed - %s\n",
2037 levels[i], nt_errstr(status));
2045 static BOOL test_QueryDisplayInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2046 struct policy_handle *handle)
2049 struct samr_QueryDisplayInfo r;
2051 uint16 levels[] = {1, 2, 3, 4, 5};
2054 for (i=0;i<ARRAY_SIZE(levels);i++) {
2055 printf("Testing QueryDisplayInfo level %u\n", levels[i]);
2057 r.in.handle = handle;
2058 r.in.level = levels[i];
2060 r.in.max_entries = 1000;
2061 r.in.buf_size = (uint32)-1;
2063 status = dcerpc_samr_QueryDisplayInfo(p, mem_ctx, &r);
2064 if (!NT_STATUS_IS_OK(status)) {
2065 printf("QueryDisplayInfo level %u failed - %s\n",
2066 levels[i], nt_errstr(status));
2074 static BOOL test_QueryDisplayInfo2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2075 struct policy_handle *handle)
2078 struct samr_QueryDisplayInfo2 r;
2080 uint16 levels[] = {1, 2, 3, 4, 5};
2083 for (i=0;i<ARRAY_SIZE(levels);i++) {
2084 printf("Testing QueryDisplayInfo2 level %u\n", levels[i]);
2086 r.in.handle = handle;
2087 r.in.level = levels[i];
2089 r.in.max_entries = 1000;
2090 r.in.buf_size = (uint32)-1;
2092 status = dcerpc_samr_QueryDisplayInfo2(p, mem_ctx, &r);
2093 if (!NT_STATUS_IS_OK(status)) {
2094 printf("QueryDisplayInfo2 level %u failed - %s\n",
2095 levels[i], nt_errstr(status));
2103 static BOOL test_QueryDisplayInfo3(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2104 struct policy_handle *handle)
2107 struct samr_QueryDisplayInfo3 r;
2109 uint16 levels[] = {1, 2, 3, 4, 5};
2112 for (i=0;i<ARRAY_SIZE(levels);i++) {
2113 printf("Testing QueryDisplayInfo3 level %u\n", levels[i]);
2115 r.in.handle = handle;
2116 r.in.level = levels[i];
2118 r.in.max_entries = 1000;
2119 r.in.buf_size = (uint32)-1;
2121 status = dcerpc_samr_QueryDisplayInfo3(p, mem_ctx, &r);
2122 if (!NT_STATUS_IS_OK(status)) {
2123 printf("QueryDisplayInfo3 level %u failed - %s\n",
2124 levels[i], nt_errstr(status));
2132 static BOOL test_QueryDomainInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2133 struct policy_handle *handle)
2136 struct samr_QueryDomainInfo r;
2137 struct samr_SetDomainInfo s;
2138 uint16 levels[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 11, 12, 13};
2139 uint16 set_ok[] = {1, 0, 1, 1, 0, 1, 1, 0, 1, 0, 1, 0};
2143 for (i=0;i<ARRAY_SIZE(levels);i++) {
2144 printf("Testing QueryDomainInfo level %u\n", levels[i]);
2146 r.in.handle = handle;
2147 r.in.level = levels[i];
2149 status = dcerpc_samr_QueryDomainInfo(p, mem_ctx, &r);
2150 if (!NT_STATUS_IS_OK(status)) {
2151 printf("QueryDomainInfo level %u failed - %s\n",
2152 r.in.level, nt_errstr(status));
2157 printf("Testing SetDomainInfo level %u\n", levels[i]);
2159 s.in.handle = handle;
2160 s.in.level = levels[i];
2161 s.in.info = r.out.info;
2163 status = dcerpc_samr_SetDomainInfo(p, mem_ctx, &s);
2165 if (!NT_STATUS_IS_OK(status)) {
2166 printf("SetDomainInfo level %u failed - %s\n",
2167 r.in.level, nt_errstr(status));
2172 if (!NT_STATUS_EQUAL(NT_STATUS_INVALID_INFO_CLASS, status)) {
2173 printf("SetDomainInfo level %u gave %s - should have been NT_STATUS_INVALID_INFO_CLASS\n",
2174 r.in.level, nt_errstr(status));
2180 status = dcerpc_samr_QueryDomainInfo(p, mem_ctx, &r);
2181 if (!NT_STATUS_IS_OK(status)) {
2182 printf("QueryDomainInfo level %u failed - %s\n",
2183 r.in.level, nt_errstr(status));
2193 static BOOL test_QueryDomainInfo2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2194 struct policy_handle *handle)
2197 struct samr_QueryDomainInfo2 r;
2198 uint16 levels[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 11, 12, 13};
2202 for (i=0;i<ARRAY_SIZE(levels);i++) {
2203 printf("Testing QueryDomainInfo2 level %u\n", levels[i]);
2205 r.in.handle = handle;
2206 r.in.level = levels[i];
2208 status = dcerpc_samr_QueryDomainInfo2(p, mem_ctx, &r);
2209 if (!NT_STATUS_IS_OK(status)) {
2210 printf("QueryDomainInfo2 level %u failed - %s\n",
2211 r.in.level, nt_errstr(status));
2220 void add_string_to_array(TALLOC_CTX *mem_ctx,
2221 const char *str, const char ***strings, int *num)
2223 *strings = talloc_realloc(mem_ctx, *strings,
2224 ((*num)+1) * sizeof(**strings));
2226 if (*strings == NULL)
2229 (*strings)[*num] = str;
2235 /* Test whether querydispinfo level 5 and enumdomgroups return the same
2236 set of group names. */
2237 static BOOL test_GroupList(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2238 struct policy_handle *handle)
2240 struct samr_EnumDomainGroups q1;
2241 struct samr_QueryDisplayInfo q2;
2243 uint32 resume_handle=0;
2248 const char **names = NULL;
2250 printf("Testing coherency of querydispinfo vs enumdomgroups\n");
2252 q1.in.handle = handle;
2253 q1.in.resume_handle = &resume_handle;
2255 q1.out.resume_handle = &resume_handle;
2257 status = STATUS_MORE_ENTRIES;
2258 while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
2259 status = dcerpc_samr_EnumDomainGroups(p, mem_ctx, &q1);
2261 if (!NT_STATUS_IS_OK(status) &&
2262 !NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES))
2265 for (i=0; i<q1.out.sam->count; i++) {
2266 add_string_to_array(mem_ctx,
2267 q1.out.sam->entries[i].name.name,
2268 &names, &num_names);
2272 if (!NT_STATUS_IS_OK(status)) {
2273 printf("EnumDomainGroups failed - %s\n", nt_errstr(status));
2281 q2.in.handle = handle;
2283 q2.in.start_idx = 0;
2284 q2.in.max_entries = 5;
2285 q2.in.buf_size = (uint32)-1;
2287 status = STATUS_MORE_ENTRIES;
2288 while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
2289 status = dcerpc_samr_QueryDisplayInfo(p, mem_ctx, &q2);
2291 if (!NT_STATUS_IS_OK(status) &&
2292 !NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES))
2295 for (i=0; i<q2.out.info.info5.count; i++) {
2301 /* Querydisplayinfo returns ascii -- convert */
2303 namelen = convert_string_allocate(CH_DISPLAY, CH_UNIX,
2304 q2.out.info.info5.entries[i].account_name.name,
2305 q2.out.info.info5.entries[i].account_name.name_len,
2307 name = realloc(name, namelen+1);
2310 for (j=0; j<num_names; j++) {
2311 if (names[j] == NULL)
2313 /* Hmm. No strequal in samba4 */
2314 if (strequal(names[j], name)) {
2322 printf("QueryDisplayInfo gave name [%s] that EnumDomainGroups did not\n",
2327 q2.in.start_idx += q2.out.info.info5.count;
2330 if (!NT_STATUS_IS_OK(status)) {
2331 printf("QueryDisplayInfo level 5 failed - %s\n",
2336 for (i=0; i<num_names; i++) {
2337 if (names[i] != NULL) {
2338 printf("EnumDomainGroups gave name [%s] that QueryDisplayInfo did not\n",
2347 static BOOL test_DeleteDomainGroup(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2348 struct policy_handle *group_handle)
2350 struct samr_DeleteDomainGroup d;
2354 printf("Testing DeleteDomainGroup\n");
2356 d.in.handle = group_handle;
2357 d.out.handle = group_handle;
2359 status = dcerpc_samr_DeleteDomainGroup(p, mem_ctx, &d);
2360 if (!NT_STATUS_IS_OK(status)) {
2361 printf("DeleteDomainGroup failed - %s\n", nt_errstr(status));
2368 static BOOL test_TestPrivateFunctionsDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2369 struct policy_handle *domain_handle)
2371 struct samr_TestPrivateFunctionsDomain r;
2375 printf("Testing TestPrivateFunctionsDomain\n");
2377 r.in.handle = domain_handle;
2379 status = dcerpc_samr_TestPrivateFunctionsDomain(p, mem_ctx, &r);
2380 if (!NT_STATUS_EQUAL(NT_STATUS_NOT_IMPLEMENTED, status)) {
2381 printf("TestPrivateFunctionsDomain failed - %s\n", nt_errstr(status));
2388 static BOOL test_RidToSid(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2389 struct policy_handle *domain_handle)
2391 struct samr_RidToSid r;
2395 printf("Testing RidToSid\n");
2397 r.in.handle = domain_handle;
2400 status = dcerpc_samr_RidToSid(p, mem_ctx, &r);
2401 if (!NT_STATUS_IS_OK(status)) {
2402 printf("RidToSid failed - %s\n", nt_errstr(status));
2409 static BOOL test_GetBootKeyInformation(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2410 struct policy_handle *domain_handle)
2412 struct samr_GetBootKeyInformation r;
2416 printf("Testing GetBootKeyInformation\n");
2418 r.in.handle = domain_handle;
2420 status = dcerpc_samr_GetBootKeyInformation(p, mem_ctx, &r);
2421 if (!NT_STATUS_IS_OK(status)) {
2422 /* w2k3 seems to fail this sometimes and pass it sometimes */
2423 printf("GetBootKeyInformation (ignored) - %s\n", nt_errstr(status));
2429 static BOOL test_AddGroupMember(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2430 struct policy_handle *domain_handle,
2431 struct policy_handle *group_handle)
2434 struct samr_AddGroupMember r;
2435 struct samr_DeleteGroupMember d;
2436 struct samr_QueryGroupMember q;
2437 struct samr_SetMemberAttributesOfGroup s;
2441 status = test_LookupName(p, mem_ctx, domain_handle, TEST_USERNAME, &rid);
2442 if (!NT_STATUS_IS_OK(status)) {
2446 r.in.handle = group_handle;
2448 r.in.flags = 0; /* ??? */
2450 printf("Testing AddGroupMember and DeleteGroupMember\n");
2452 d.in.handle = group_handle;
2455 status = dcerpc_samr_DeleteGroupMember(p, mem_ctx, &d);
2456 if (!NT_STATUS_EQUAL(NT_STATUS_MEMBER_NOT_IN_GROUP, status)) {
2457 printf("DeleteGroupMember gave %s - should be NT_STATUS_MEMBER_NOT_IN_GROUP\n",
2462 status = dcerpc_samr_AddGroupMember(p, mem_ctx, &r);
2463 if (!NT_STATUS_IS_OK(status)) {
2464 printf("AddGroupMember failed - %s\n", nt_errstr(status));
2468 status = dcerpc_samr_AddGroupMember(p, mem_ctx, &r);
2469 if (!NT_STATUS_EQUAL(NT_STATUS_MEMBER_IN_GROUP, status)) {
2470 printf("AddGroupMember gave %s - should be NT_STATUS_MEMBER_IN_GROUP\n",
2475 /* this one is quite strange. I am using random inputs in the
2476 hope of triggering an error that might give us a clue */
2477 s.in.handle = group_handle;
2478 s.in.unknown1 = random();
2479 s.in.unknown2 = random();
2481 status = dcerpc_samr_SetMemberAttributesOfGroup(p, mem_ctx, &s);
2482 if (!NT_STATUS_IS_OK(status)) {
2483 printf("SetMemberAttributesOfGroup failed - %s\n", nt_errstr(status));
2487 q.in.handle = group_handle;
2489 status = dcerpc_samr_QueryGroupMember(p, mem_ctx, &q);
2490 if (!NT_STATUS_IS_OK(status)) {
2491 printf("QueryGroupMember failed - %s\n", nt_errstr(status));
2495 status = dcerpc_samr_DeleteGroupMember(p, mem_ctx, &d);
2496 if (!NT_STATUS_IS_OK(status)) {
2497 printf("DeleteGroupMember failed - %s\n", nt_errstr(status));
2501 status = dcerpc_samr_AddGroupMember(p, mem_ctx, &r);
2502 if (!NT_STATUS_IS_OK(status)) {
2503 printf("AddGroupMember failed - %s\n", nt_errstr(status));
2511 static BOOL test_CreateDomainGroup(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2512 struct policy_handle *domain_handle, struct policy_handle *group_handle)
2515 struct samr_CreateDomainGroup r;
2517 struct samr_Name name;
2520 init_samr_Name(&name, TEST_GROUPNAME);
2522 r.in.handle = domain_handle;
2524 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
2525 r.out.group_handle = group_handle;
2528 printf("Testing CreateDomainGroup(%s)\n", r.in.name->name);
2530 status = dcerpc_samr_CreateDomainGroup(p, mem_ctx, &r);
2532 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
2533 printf("Server refused create of '%s'\n", r.in.name->name);
2534 ZERO_STRUCTP(group_handle);
2538 if (NT_STATUS_EQUAL(status, NT_STATUS_GROUP_EXISTS)) {
2539 if (!test_DeleteGroup_byname(p, mem_ctx, domain_handle, r.in.name->name)) {
2542 status = dcerpc_samr_CreateDomainGroup(p, mem_ctx, &r);
2544 if (!NT_STATUS_IS_OK(status)) {
2545 printf("CreateDomainGroup failed - %s\n", nt_errstr(status));
2549 if (!test_AddGroupMember(p, mem_ctx, domain_handle, group_handle)) {
2553 if (!test_SetGroupInfo(p, mem_ctx, group_handle)) {
2562 its not totally clear what this does. It seems to accept any sid you like.
2564 static BOOL test_RemoveMemberFromForeignDomain(struct dcerpc_pipe *p,
2565 TALLOC_CTX *mem_ctx,
2566 struct policy_handle *domain_handle)
2569 struct samr_RemoveMemberFromForeignDomain r;
2571 r.in.handle = domain_handle;
2572 r.in.sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-12-34-56-78-9");
2574 status = dcerpc_samr_RemoveMemberFromForeignDomain(p, mem_ctx, &r);
2575 if (!NT_STATUS_IS_OK(status)) {
2576 printf("RemoveMemberFromForeignDomain failed - %s\n", nt_errstr(status));
2586 static BOOL test_OpenDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2587 struct policy_handle *handle, struct dom_sid *sid)
2590 struct samr_OpenDomain r;
2591 struct policy_handle domain_handle;
2592 struct policy_handle user_handle;
2593 struct policy_handle alias_handle;
2594 struct policy_handle group_handle;
2597 ZERO_STRUCT(user_handle);
2598 ZERO_STRUCT(alias_handle);
2599 ZERO_STRUCT(group_handle);
2600 ZERO_STRUCT(domain_handle);
2602 printf("Testing OpenDomain\n");
2604 r.in.handle = handle;
2605 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
2607 r.out.domain_handle = &domain_handle;
2609 status = dcerpc_samr_OpenDomain(p, mem_ctx, &r);
2610 if (!NT_STATUS_IS_OK(status)) {
2611 printf("OpenDomain failed - %s\n", nt_errstr(status));
2615 if (!test_RemoveMemberFromForeignDomain(p, mem_ctx, &domain_handle)) {
2619 if (!test_CreateUser2(p, mem_ctx, &domain_handle)) {
2623 if (!test_CreateUser(p, mem_ctx, &domain_handle, &user_handle)) {
2627 if (!test_CreateAlias(p, mem_ctx, &domain_handle, &alias_handle, sid)) {
2631 if (!test_CreateDomainGroup(p, mem_ctx, &domain_handle, &group_handle)) {
2635 if (!test_QuerySecurity(p, mem_ctx, &domain_handle)) {
2639 if (!test_QueryDomainInfo(p, mem_ctx, &domain_handle)) {
2643 if (!test_QueryDomainInfo2(p, mem_ctx, &domain_handle)) {
2647 if (!test_EnumDomainUsers(p, mem_ctx, &domain_handle)) {
2651 if (!test_EnumDomainGroups(p, mem_ctx, &domain_handle)) {
2655 if (!test_EnumDomainAliases(p, mem_ctx, &domain_handle)) {
2659 if (!test_QueryDisplayInfo(p, mem_ctx, &domain_handle)) {
2663 if (!test_QueryDisplayInfo2(p, mem_ctx, &domain_handle)) {
2667 if (!test_QueryDisplayInfo3(p, mem_ctx, &domain_handle)) {
2671 if (!test_GetDisplayEnumerationIndex(p, mem_ctx, &domain_handle)) {
2675 if (!test_GetDisplayEnumerationIndex2(p, mem_ctx, &domain_handle)) {
2679 if (!test_GroupList(p, mem_ctx, &domain_handle)) {
2683 if (!test_TestPrivateFunctionsDomain(p, mem_ctx, &domain_handle)) {
2687 if (!test_RidToSid(p, mem_ctx, &domain_handle)) {
2691 if (!test_GetBootKeyInformation(p, mem_ctx, &domain_handle)) {
2695 if (!policy_handle_empty(&user_handle) &&
2696 !test_DeleteUser(p, mem_ctx, &user_handle)) {
2700 if (!policy_handle_empty(&alias_handle) &&
2701 !test_DeleteAlias(p, mem_ctx, &alias_handle)) {
2705 if (!policy_handle_empty(&group_handle) &&
2706 !test_DeleteDomainGroup(p, mem_ctx, &group_handle)) {
2710 if (!test_Close(p, mem_ctx, &domain_handle)) {
2717 static BOOL test_LookupDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2718 struct policy_handle *handle, struct samr_Name *domain)
2721 struct samr_LookupDomain r;
2722 struct samr_Name n2;
2725 printf("Testing LookupDomain(%s)\n", domain->name);
2727 /* check for correct error codes */
2728 r.in.handle = handle;
2732 status = dcerpc_samr_LookupDomain(p, mem_ctx, &r);
2733 if (!NT_STATUS_EQUAL(NT_STATUS_INVALID_PARAMETER, status)) {
2734 printf("failed: LookupDomain expected NT_STATUS_INVALID_PARAMETER - %s\n", nt_errstr(status));
2738 n2.name = "xxNODOMAINxx";
2740 status = dcerpc_samr_LookupDomain(p, mem_ctx, &r);
2741 if (!NT_STATUS_EQUAL(NT_STATUS_NO_SUCH_DOMAIN, status)) {
2742 printf("failed: LookupDomain expected NT_STATUS_NO_SUCH_DOMAIN - %s\n", nt_errstr(status));
2746 r.in.handle = handle;
2747 r.in.domain = domain;
2749 status = dcerpc_samr_LookupDomain(p, mem_ctx, &r);
2750 if (!NT_STATUS_IS_OK(status)) {
2751 printf("LookupDomain failed - %s\n", nt_errstr(status));
2755 if (!test_GetDomPwInfo(p, mem_ctx, domain)) {
2759 if (!test_OpenDomain(p, mem_ctx, handle, r.out.sid)) {
2767 static BOOL test_EnumDomains(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2768 struct policy_handle *handle)
2771 struct samr_EnumDomains r;
2772 uint32 resume_handle = 0;
2776 r.in.handle = handle;
2777 r.in.resume_handle = &resume_handle;
2778 r.in.buf_size = (uint32)-1;
2779 r.out.resume_handle = &resume_handle;
2781 status = dcerpc_samr_EnumDomains(p, mem_ctx, &r);
2782 if (!NT_STATUS_IS_OK(status)) {
2783 printf("EnumDomains failed - %s\n", nt_errstr(status));
2791 for (i=0;i<r.out.sam->count;i++) {
2792 if (!test_LookupDomain(p, mem_ctx, handle,
2793 &r.out.sam->entries[i].name)) {
2798 status = dcerpc_samr_EnumDomains(p, mem_ctx, &r);
2799 if (!NT_STATUS_IS_OK(status)) {
2800 printf("EnumDomains failed - %s\n", nt_errstr(status));
2808 static BOOL test_Connect(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2809 struct policy_handle *handle)
2812 struct samr_Connect r;
2813 struct samr_Connect2 r2;
2814 struct samr_Connect3 r3;
2815 struct samr_Connect4 r4;
2816 struct samr_Connect5 r5;
2817 union samr_ConnectInfo info;
2820 printf("testing samr_Connect\n");
2822 r.in.system_name = 0;
2823 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
2824 r.out.handle = handle;
2826 status = dcerpc_samr_Connect(p, mem_ctx, &r);
2827 if (!NT_STATUS_IS_OK(status)) {
2828 printf("Connect failed - %s\n", nt_errstr(status));
2832 printf("testing samr_Connect2\n");
2834 r2.in.system_name = NULL;
2835 r2.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
2836 r2.out.handle = handle;
2838 status = dcerpc_samr_Connect2(p, mem_ctx, &r2);
2839 if (!NT_STATUS_IS_OK(status)) {
2840 printf("Connect2 failed - %s\n", nt_errstr(status));
2844 printf("testing samr_Connect3\n");
2846 r3.in.system_name = NULL;
2848 r3.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
2849 r3.out.handle = handle;
2851 status = dcerpc_samr_Connect3(p, mem_ctx, &r3);
2852 if (!NT_STATUS_IS_OK(status)) {
2853 printf("Connect3 failed - %s\n", nt_errstr(status));
2857 printf("testing samr_Connect4\n");
2859 r4.in.system_name = "";
2861 r4.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
2862 r4.out.handle = handle;
2864 status = dcerpc_samr_Connect4(p, mem_ctx, &r4);
2865 if (!NT_STATUS_IS_OK(status)) {
2866 printf("Connect4 failed - %s\n", nt_errstr(status));
2870 printf("testing samr_Connect5\n");
2872 info.info1.unknown1 = 0;
2873 info.info1.unknown2 = 0;
2875 r5.in.system_name = "";
2876 r5.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
2879 r5.out.info = &info;
2880 r5.out.handle = handle;
2882 status = dcerpc_samr_Connect5(p, mem_ctx, &r5);
2883 if (!NT_STATUS_IS_OK(status)) {
2884 printf("Connect5 failed - %s\n", nt_errstr(status));
2892 BOOL torture_rpc_samr(int dummy)
2895 struct dcerpc_pipe *p;
2896 TALLOC_CTX *mem_ctx;
2898 struct policy_handle handle;
2900 mem_ctx = talloc_init("torture_rpc_samr");
2902 status = torture_rpc_connection(&p,
2905 DCERPC_SAMR_VERSION);
2906 if (!NT_STATUS_IS_OK(status)) {
2910 if (!test_Connect(p, mem_ctx, &handle)) {
2914 if (!test_QuerySecurity(p, mem_ctx, &handle)) {
2918 if (!test_EnumDomains(p, mem_ctx, &handle)) {
2922 if (!test_SetDsrmPassword(p, mem_ctx, &handle)) {
2926 if (!test_Shutdown(p, mem_ctx, &handle)) {
2930 if (!test_Close(p, mem_ctx, &handle)) {
2934 talloc_destroy(mem_ctx);
2936 torture_rpc_close(p);