2 Unix SMB/CIFS implementation.
3 test suite for samr rpc operations
5 Copyright (C) Andrew Tridgell 2003
6 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2003
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 #include "librpc/gen_ndr/ndr_lsa.h"
25 #include "librpc/gen_ndr/ndr_samr.h"
26 #include "lib/crypto/crypto.h"
28 #define TEST_ACCOUNT_NAME "samrtorturetest"
29 #define TEST_ALIASNAME "samrtorturetestalias"
30 #define TEST_GROUPNAME "samrtorturetestgroup"
31 #define TEST_MACHINENAME "samrtorturetestmach$"
32 #define TEST_DOMAINNAME "samrtorturetestdom$"
35 static BOOL test_QueryUserInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
36 struct policy_handle *handle);
38 static BOOL test_QueryUserInfo2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
39 struct policy_handle *handle);
41 static BOOL test_QueryAliasInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
42 struct policy_handle *handle);
44 static void init_samr_String(struct samr_String *string, const char *s)
49 BOOL test_samr_handle_Close(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
50 struct policy_handle *handle)
56 r.out.handle = handle;
58 status = dcerpc_samr_Close(p, mem_ctx, &r);
59 if (!NT_STATUS_IS_OK(status)) {
60 printf("Close handle failed - %s\n", nt_errstr(status));
67 static BOOL test_Shutdown(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
68 struct policy_handle *handle)
71 struct samr_Shutdown r;
73 if (!lp_parm_bool(-1, "torture", "dangerous", False)) {
74 printf("samr_Shutdown disabled - enable dangerous tests to use\n");
78 r.in.connect_handle = handle;
80 printf("testing samr_Shutdown\n");
82 status = dcerpc_samr_Shutdown(p, mem_ctx, &r);
83 if (!NT_STATUS_IS_OK(status)) {
84 printf("samr_Shutdown failed - %s\n", nt_errstr(status));
91 static BOOL test_SetDsrmPassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
92 struct policy_handle *handle)
95 struct samr_SetDsrmPassword r;
96 struct samr_String string;
97 struct samr_Password hash;
99 if (!lp_parm_bool(-1, "torture", "dangerous", False)) {
100 printf("samr_SetDsrmPassword disabled - enable dangerous tests to use\n");
104 E_md4hash("TeSTDSRM123", hash.hash);
106 init_samr_String(&string, "Administrator");
112 printf("testing samr_SetDsrmPassword\n");
114 status = dcerpc_samr_SetDsrmPassword(p, mem_ctx, &r);
115 if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
116 printf("samr_SetDsrmPassword failed - %s\n", nt_errstr(status));
124 static BOOL test_QuerySecurity(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
125 struct policy_handle *handle)
128 struct samr_QuerySecurity r;
129 struct samr_SetSecurity s;
131 r.in.handle = handle;
134 status = dcerpc_samr_QuerySecurity(p, mem_ctx, &r);
135 if (!NT_STATUS_IS_OK(status)) {
136 printf("QuerySecurity failed - %s\n", nt_errstr(status));
140 if (r.out.sdbuf == NULL) {
144 s.in.handle = handle;
146 s.in.sdbuf = r.out.sdbuf;
148 status = dcerpc_samr_SetSecurity(p, mem_ctx, &s);
149 if (!NT_STATUS_IS_OK(status)) {
150 printf("SetSecurity failed - %s\n", nt_errstr(status));
154 status = dcerpc_samr_QuerySecurity(p, mem_ctx, &r);
155 if (!NT_STATUS_IS_OK(status)) {
156 printf("QuerySecurity failed - %s\n", nt_errstr(status));
164 static BOOL test_SetUserInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
165 struct policy_handle *handle, uint32_t base_acct_flags)
168 struct samr_SetUserInfo s;
169 struct samr_SetUserInfo2 s2;
170 struct samr_QueryUserInfo q;
171 struct samr_QueryUserInfo q0;
172 union samr_UserInfo u;
175 uint32_t user_extra_flags = 0;
176 if (base_acct_flags == ACB_NORMAL) {
177 /* Don't know what this is, but it is always here for users - you can't get rid of it */
178 user_extra_flags = 0x20000;
181 s.in.user_handle = handle;
184 s2.in.user_handle = handle;
187 q.in.user_handle = handle;
191 #define TESTCALL(call, r) \
192 status = dcerpc_samr_ ##call(p, mem_ctx, &r); \
193 if (!NT_STATUS_IS_OK(status)) { \
194 printf(#call " level %u failed - %s (line %d)\n", \
195 r.in.level, nt_errstr(status), __LINE__); \
200 #define STRING_EQUAL(s1, s2, field) \
201 if ((s1 && !s2) || (s2 && !s1) || strcmp(s1, s2)) { \
202 printf("Failed to set %s to '%s' (line %d)\n", \
203 #field, s2, __LINE__); \
208 #define INT_EQUAL(i1, i2, field) \
210 printf("Failed to set %s to 0x%x - got 0x%x (line %d)\n", \
211 #field, i2, i1, __LINE__); \
216 #define TEST_USERINFO_STRING(lvl1, field1, lvl2, field2, value, fpval) do { \
217 printf("field test %d/%s vs %d/%s\n", lvl1, #field1, lvl2, #field2); \
219 TESTCALL(QueryUserInfo, q) \
221 s2.in.level = lvl1; \
224 ZERO_STRUCT(u.info21); \
225 u.info21.fields_present = fpval; \
227 init_samr_String(&u.info ## lvl1.field1, value); \
228 TESTCALL(SetUserInfo, s) \
229 TESTCALL(SetUserInfo2, s2) \
230 init_samr_String(&u.info ## lvl1.field1, ""); \
231 TESTCALL(QueryUserInfo, q); \
233 STRING_EQUAL(u.info ## lvl1.field1.string, value, field1); \
235 TESTCALL(QueryUserInfo, q) \
237 STRING_EQUAL(u.info ## lvl2.field2.string, value, field2); \
240 #define TEST_USERINFO_INT_EXP(lvl1, field1, lvl2, field2, value, exp_value, fpval) do { \
241 printf("field test %d/%s vs %d/%s\n", lvl1, #field1, lvl2, #field2); \
243 TESTCALL(QueryUserInfo, q) \
245 s2.in.level = lvl1; \
248 uint8_t *bitmap = u.info21.logon_hours.bitmap; \
249 ZERO_STRUCT(u.info21); \
250 if (fpval == SAMR_FIELD_LOGON_HOURS) { \
251 u.info21.logon_hours.units_per_week = 168; \
252 u.info21.logon_hours.bitmap = bitmap; \
254 u.info21.fields_present = fpval; \
256 u.info ## lvl1.field1 = value; \
257 TESTCALL(SetUserInfo, s) \
258 TESTCALL(SetUserInfo2, s2) \
259 u.info ## lvl1.field1 = 0; \
260 TESTCALL(QueryUserInfo, q); \
262 INT_EQUAL(u.info ## lvl1.field1, exp_value, field1); \
264 TESTCALL(QueryUserInfo, q) \
266 INT_EQUAL(u.info ## lvl2.field2, exp_value, field1); \
269 #define TEST_USERINFO_INT(lvl1, field1, lvl2, field2, value, fpval) do { \
270 TEST_USERINFO_INT_EXP(lvl1, field1, lvl2, field2, value, value, fpval); \
274 do { TESTCALL(QueryUserInfo, q0) } while (0);
276 TEST_USERINFO_STRING(2, comment, 1, comment, "xx2-1 comment", 0);
277 TEST_USERINFO_STRING(2, comment, 21, comment, "xx2-21 comment", 0);
278 TEST_USERINFO_STRING(21, comment, 21, comment, "xx21-21 comment",
281 TEST_USERINFO_STRING(6, full_name, 1, full_name, "xx6-1 full_name", 0);
282 TEST_USERINFO_STRING(6, full_name, 3, full_name, "xx6-3 full_name", 0);
283 TEST_USERINFO_STRING(6, full_name, 5, full_name, "xx6-5 full_name", 0);
284 TEST_USERINFO_STRING(6, full_name, 6, full_name, "xx6-6 full_name", 0);
285 TEST_USERINFO_STRING(6, full_name, 8, full_name, "xx6-8 full_name", 0);
286 TEST_USERINFO_STRING(6, full_name, 21, full_name, "xx6-21 full_name", 0);
287 TEST_USERINFO_STRING(8, full_name, 21, full_name, "xx8-21 full_name", 0);
288 TEST_USERINFO_STRING(21, full_name, 21, full_name, "xx21-21 full_name",
291 TEST_USERINFO_STRING(11, logon_script, 3, logon_script, "xx11-3 logon_script", 0);
292 TEST_USERINFO_STRING(11, logon_script, 5, logon_script, "xx11-5 logon_script", 0);
293 TEST_USERINFO_STRING(11, logon_script, 21, logon_script, "xx11-21 logon_script", 0);
294 TEST_USERINFO_STRING(21, logon_script, 21, logon_script, "xx21-21 logon_script",
295 SAMR_FIELD_LOGON_SCRIPT);
297 TEST_USERINFO_STRING(12, profile_path, 3, profile_path, "xx12-3 profile_path", 0);
298 TEST_USERINFO_STRING(12, profile_path, 5, profile_path, "xx12-5 profile_path", 0);
299 TEST_USERINFO_STRING(12, profile_path, 21, profile_path, "xx12-21 profile_path", 0);
300 TEST_USERINFO_STRING(21, profile_path, 21, profile_path, "xx21-21 profile_path",
301 SAMR_FIELD_PROFILE_PATH);
303 TEST_USERINFO_STRING(13, description, 1, description, "xx13-1 description", 0);
304 TEST_USERINFO_STRING(13, description, 5, description, "xx13-5 description", 0);
305 TEST_USERINFO_STRING(13, description, 21, description, "xx13-21 description", 0);
306 TEST_USERINFO_STRING(21, description, 21, description, "xx21-21 description",
307 SAMR_FIELD_DESCRIPTION);
309 TEST_USERINFO_STRING(14, workstations, 3, workstations, "14workstation3", 0);
310 TEST_USERINFO_STRING(14, workstations, 5, workstations, "14workstation4", 0);
311 TEST_USERINFO_STRING(14, workstations, 21, workstations, "14workstation21", 0);
312 TEST_USERINFO_STRING(21, workstations, 21, workstations, "21workstation21",
313 SAMR_FIELD_WORKSTATION);
315 TEST_USERINFO_STRING(20, parameters, 21, parameters, "xx20-21 parameters", 0);
316 TEST_USERINFO_STRING(21, parameters, 21, parameters, "xx21-21 parameters",
317 SAMR_FIELD_PARAMETERS);
319 TEST_USERINFO_INT(2, country_code, 21, country_code, __LINE__, 0);
320 TEST_USERINFO_INT(21, country_code, 21, country_code, __LINE__,
321 SAMR_FIELD_COUNTRY_CODE);
323 TEST_USERINFO_INT(2, code_page, 21, code_page, __LINE__, 0);
324 TEST_USERINFO_INT(21, code_page, 21, code_page, __LINE__,
325 SAMR_FIELD_CODE_PAGE);
327 TEST_USERINFO_INT(4, logon_hours.bitmap[3], 3, logon_hours.bitmap[3], 1, 0);
328 TEST_USERINFO_INT(4, logon_hours.bitmap[3], 5, logon_hours.bitmap[3], 2, 0);
329 TEST_USERINFO_INT(4, logon_hours.bitmap[3], 21, logon_hours.bitmap[3], 3, 0);
330 TEST_USERINFO_INT(21, logon_hours.bitmap[3], 21, logon_hours.bitmap[3], 4,
331 SAMR_FIELD_LOGON_HOURS);
333 TEST_USERINFO_INT_EXP(16, acct_flags, 5, acct_flags,
334 (base_acct_flags | ACB_DISABLED | ACB_HOMDIRREQ),
335 (base_acct_flags | ACB_DISABLED | ACB_HOMDIRREQ | user_extra_flags),
337 TEST_USERINFO_INT_EXP(16, acct_flags, 5, acct_flags,
338 (base_acct_flags | ACB_DISABLED),
339 (base_acct_flags | ACB_DISABLED | user_extra_flags),
342 /* Setting PWNOEXP clears the magic 0x20000 flag */
343 TEST_USERINFO_INT_EXP(16, acct_flags, 5, acct_flags,
344 (base_acct_flags | ACB_DISABLED | ACB_PWNOEXP),
345 (base_acct_flags | ACB_DISABLED | ACB_PWNOEXP),
347 TEST_USERINFO_INT_EXP(16, acct_flags, 21, acct_flags,
348 (base_acct_flags | ACB_DISABLED | ACB_HOMDIRREQ),
349 (base_acct_flags | ACB_DISABLED | ACB_HOMDIRREQ | user_extra_flags),
352 /* The 'autolock' flag doesn't stick - check this */
353 TEST_USERINFO_INT_EXP(16, acct_flags, 21, acct_flags,
354 (base_acct_flags | ACB_DISABLED | ACB_AUTOLOCK),
355 (base_acct_flags | ACB_DISABLED | user_extra_flags),
357 TEST_USERINFO_INT_EXP(21, acct_flags, 21, acct_flags,
358 (base_acct_flags | ACB_DISABLED),
359 (base_acct_flags | ACB_DISABLED | user_extra_flags),
360 SAMR_FIELD_ACCT_FLAGS);
363 /* these fail with win2003 - it appears you can't set the primary gid?
364 the set succeeds, but the gid isn't changed. Very weird! */
365 TEST_USERINFO_INT(9, primary_gid, 1, primary_gid, 513);
366 TEST_USERINFO_INT(9, primary_gid, 3, primary_gid, 513);
367 TEST_USERINFO_INT(9, primary_gid, 5, primary_gid, 513);
368 TEST_USERINFO_INT(9, primary_gid, 21, primary_gid, 513);
374 generate a random password for password change tests
376 static char *samr_rand_pass(TALLOC_CTX *mem_ctx, int min_len)
378 size_t len = MAX(8, min_len) + (random() % 6);
379 char *s = generate_random_str(mem_ctx, len);
380 printf("Generated password '%s'\n", s);
384 static BOOL test_SetUserPass(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
385 struct policy_handle *handle, char **password)
388 struct samr_SetUserInfo s;
389 union samr_UserInfo u;
391 DATA_BLOB session_key;
393 struct samr_GetUserPwInfo pwp;
394 int policy_min_pw_len = 0;
395 pwp.in.user_handle = handle;
397 status = dcerpc_samr_GetUserPwInfo(p, mem_ctx, &pwp);
398 if (NT_STATUS_IS_OK(status)) {
399 policy_min_pw_len = pwp.out.info.min_password_length;
401 newpass = samr_rand_pass(mem_ctx, policy_min_pw_len);
403 s.in.user_handle = handle;
407 encode_pw_buffer(u.info24.password.data, newpass, STR_UNICODE);
408 /* w2k3 ignores this length */
409 u.info24.pw_len = strlen_m(newpass) * 2;
411 status = dcerpc_fetch_session_key(p, &session_key);
412 if (!NT_STATUS_IS_OK(status)) {
413 printf("SetUserInfo level %u - no session key - %s\n",
414 s.in.level, nt_errstr(status));
418 arcfour_crypt_blob(u.info24.password.data, 516, &session_key);
420 printf("Testing SetUserInfo level 24 (set password)\n");
422 status = dcerpc_samr_SetUserInfo(p, mem_ctx, &s);
423 if (!NT_STATUS_IS_OK(status)) {
424 printf("SetUserInfo level %u failed - %s\n",
425 s.in.level, nt_errstr(status));
435 static BOOL test_SetUserPass_23(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
436 struct policy_handle *handle, uint32 fields_present,
440 struct samr_SetUserInfo s;
441 union samr_UserInfo u;
443 DATA_BLOB session_key;
445 struct samr_GetUserPwInfo pwp;
446 int policy_min_pw_len = 0;
447 pwp.in.user_handle = handle;
449 status = dcerpc_samr_GetUserPwInfo(p, mem_ctx, &pwp);
450 if (NT_STATUS_IS_OK(status)) {
451 policy_min_pw_len = pwp.out.info.min_password_length;
453 newpass = samr_rand_pass(mem_ctx, policy_min_pw_len);
455 s.in.user_handle = handle;
461 u.info23.info.fields_present = fields_present;
463 encode_pw_buffer(u.info23.password.data, newpass, STR_UNICODE);
465 status = dcerpc_fetch_session_key(p, &session_key);
466 if (!NT_STATUS_IS_OK(status)) {
467 printf("SetUserInfo level %u - no session key - %s\n",
468 s.in.level, nt_errstr(status));
472 arcfour_crypt_blob(u.info23.password.data, 516, &session_key);
474 printf("Testing SetUserInfo level 23 (set password)\n");
476 status = dcerpc_samr_SetUserInfo(p, mem_ctx, &s);
477 if (!NT_STATUS_IS_OK(status)) {
478 printf("SetUserInfo level %u failed - %s\n",
479 s.in.level, nt_errstr(status));
489 static BOOL test_SetUserPassEx(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
490 struct policy_handle *handle, char **password)
493 struct samr_SetUserInfo s;
494 union samr_UserInfo u;
496 DATA_BLOB session_key;
497 DATA_BLOB confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16);
498 uint8_t confounder[16];
500 struct MD5Context ctx;
501 struct samr_GetUserPwInfo pwp;
502 int policy_min_pw_len = 0;
503 pwp.in.user_handle = handle;
505 status = dcerpc_samr_GetUserPwInfo(p, mem_ctx, &pwp);
506 if (NT_STATUS_IS_OK(status)) {
507 policy_min_pw_len = pwp.out.info.min_password_length;
509 newpass = samr_rand_pass(mem_ctx, policy_min_pw_len);
511 s.in.user_handle = handle;
515 encode_pw_buffer(u.info26.password.data, newpass, STR_UNICODE);
516 u.info26.pw_len = strlen(newpass);
518 status = dcerpc_fetch_session_key(p, &session_key);
519 if (!NT_STATUS_IS_OK(status)) {
520 printf("SetUserInfo level %u - no session key - %s\n",
521 s.in.level, nt_errstr(status));
525 generate_random_buffer((uint8_t *)confounder, 16);
528 MD5Update(&ctx, confounder, 16);
529 MD5Update(&ctx, session_key.data, session_key.length);
530 MD5Final(confounded_session_key.data, &ctx);
532 arcfour_crypt_blob(u.info26.password.data, 516, &confounded_session_key);
533 memcpy(&u.info26.password.data[516], confounder, 16);
535 printf("Testing SetUserInfo level 26 (set password ex)\n");
537 status = dcerpc_samr_SetUserInfo(p, mem_ctx, &s);
538 if (!NT_STATUS_IS_OK(status)) {
539 printf("SetUserInfo level %u failed - %s\n",
540 s.in.level, nt_errstr(status));
549 static BOOL test_SetUserPass_25(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
550 struct policy_handle *handle, uint32 fields_present,
554 struct samr_SetUserInfo s;
555 union samr_UserInfo u;
557 DATA_BLOB session_key;
558 DATA_BLOB confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16);
559 struct MD5Context ctx;
560 uint8_t confounder[16];
562 struct samr_GetUserPwInfo pwp;
563 int policy_min_pw_len = 0;
564 pwp.in.user_handle = handle;
566 status = dcerpc_samr_GetUserPwInfo(p, mem_ctx, &pwp);
567 if (NT_STATUS_IS_OK(status)) {
568 policy_min_pw_len = pwp.out.info.min_password_length;
570 newpass = samr_rand_pass(mem_ctx, policy_min_pw_len);
572 s.in.user_handle = handle;
578 u.info25.info.fields_present = fields_present;
580 encode_pw_buffer(u.info25.password.data, newpass, STR_UNICODE);
582 status = dcerpc_fetch_session_key(p, &session_key);
583 if (!NT_STATUS_IS_OK(status)) {
584 printf("SetUserInfo level %u - no session key - %s\n",
585 s.in.level, nt_errstr(status));
589 generate_random_buffer((uint8_t *)confounder, 16);
592 MD5Update(&ctx, confounder, 16);
593 MD5Update(&ctx, session_key.data, session_key.length);
594 MD5Final(confounded_session_key.data, &ctx);
596 arcfour_crypt_blob(u.info25.password.data, 516, &confounded_session_key);
597 memcpy(&u.info25.password.data[516], confounder, 16);
599 printf("Testing SetUserInfo level 25 (set password ex)\n");
601 status = dcerpc_samr_SetUserInfo(p, mem_ctx, &s);
602 if (!NT_STATUS_IS_OK(status)) {
603 printf("SetUserInfo level %u failed - %s\n",
604 s.in.level, nt_errstr(status));
613 static BOOL test_SetAliasInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
614 struct policy_handle *handle)
617 struct samr_SetAliasInfo r;
618 struct samr_QueryAliasInfo q;
619 uint16_t levels[] = {2, 3};
623 /* Ignoring switch level 1, as that includes the number of members for the alias
624 * and setting this to a wrong value might have negative consequences
627 for (i=0;i<ARRAY_SIZE(levels);i++) {
628 printf("Testing SetAliasInfo level %u\n", levels[i]);
630 r.in.alias_handle = handle;
631 r.in.level = levels[i];
632 r.in.info = talloc_p(mem_ctx, union samr_AliasInfo);
633 switch (r.in.level) {
634 case 2 : init_samr_String(&r.in.info->name,TEST_ALIASNAME); break;
635 case 3 : init_samr_String(&r.in.info->description,
636 "Test Description, should test I18N as well"); break;
639 status = dcerpc_samr_SetAliasInfo(p, mem_ctx, &r);
640 if (!NT_STATUS_IS_OK(status)) {
641 printf("SetAliasInfo level %u failed - %s\n",
642 levels[i], nt_errstr(status));
646 q.in.alias_handle = handle;
647 q.in.level = levels[i];
649 status = dcerpc_samr_QueryAliasInfo(p, mem_ctx, &q);
650 if (!NT_STATUS_IS_OK(status)) {
651 printf("QueryAliasInfo level %u failed - %s\n",
652 levels[i], nt_errstr(status));
660 static BOOL test_GetGroupsForUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
661 struct policy_handle *user_handle)
663 struct samr_GetGroupsForUser r;
667 printf("testing GetGroupsForUser\n");
669 r.in.user_handle = user_handle;
671 status = dcerpc_samr_GetGroupsForUser(p, mem_ctx, &r);
672 if (!NT_STATUS_IS_OK(status)) {
673 printf("GetGroupsForUser failed - %s\n",nt_errstr(status));
681 static BOOL test_GetDomPwInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
682 struct samr_String *domain_name)
685 struct samr_GetDomPwInfo r;
688 r.in.name = domain_name;
689 printf("Testing GetDomPwInfo with name %s\n", r.in.name->string);
691 status = dcerpc_samr_GetDomPwInfo(p, mem_ctx, &r);
692 if (!NT_STATUS_IS_OK(status)) {
693 printf("GetDomPwInfo failed - %s\n", nt_errstr(status));
697 r.in.name->string = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
698 printf("Testing GetDomPwInfo with name %s\n", r.in.name->string);
700 status = dcerpc_samr_GetDomPwInfo(p, mem_ctx, &r);
701 if (!NT_STATUS_IS_OK(status)) {
702 printf("GetDomPwInfo failed - %s\n", nt_errstr(status));
706 r.in.name->string = "\\\\__NONAME__";
707 printf("Testing GetDomPwInfo with name %s\n", r.in.name->string);
709 status = dcerpc_samr_GetDomPwInfo(p, mem_ctx, &r);
710 if (!NT_STATUS_IS_OK(status)) {
711 printf("GetDomPwInfo failed - %s\n", nt_errstr(status));
715 r.in.name->string = "\\\\Builtin";
716 printf("Testing GetDomPwInfo with name %s\n", r.in.name->string);
718 status = dcerpc_samr_GetDomPwInfo(p, mem_ctx, &r);
719 if (!NT_STATUS_IS_OK(status)) {
720 printf("GetDomPwInfo failed - %s\n", nt_errstr(status));
728 static BOOL test_GetUserPwInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
729 struct policy_handle *handle)
732 struct samr_GetUserPwInfo r;
735 printf("Testing GetUserPwInfo\n");
737 r.in.user_handle = handle;
739 status = dcerpc_samr_GetUserPwInfo(p, mem_ctx, &r);
740 if (!NT_STATUS_IS_OK(status)) {
741 printf("GetUserPwInfo failed - %s\n", nt_errstr(status));
748 static NTSTATUS test_LookupName(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
749 struct policy_handle *domain_handle, const char *name,
753 struct samr_LookupNames n;
754 struct samr_String sname[2];
756 init_samr_String(&sname[0], name);
758 n.in.domain_handle = domain_handle;
761 status = dcerpc_samr_LookupNames(p, mem_ctx, &n);
762 if (NT_STATUS_IS_OK(status)) {
763 *rid = n.out.rids.ids[0];
768 init_samr_String(&sname[1], "xxNONAMExx");
770 status = dcerpc_samr_LookupNames(p, mem_ctx, &n);
771 if (!NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) {
772 printf("LookupNames[2] failed - %s\n", nt_errstr(status));
776 init_samr_String(&sname[1], "xxNONAMExx");
778 status = dcerpc_samr_LookupNames(p, mem_ctx, &n);
779 if (!NT_STATUS_IS_OK(status)) {
780 printf("LookupNames[0] failed - %s\n", nt_errstr(status));
786 static NTSTATUS test_OpenUser_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
787 struct policy_handle *domain_handle,
788 const char *name, struct policy_handle *user_handle)
791 struct samr_OpenUser r;
794 status = test_LookupName(p, mem_ctx, domain_handle, name, &rid);
795 if (!NT_STATUS_IS_OK(status)) {
799 r.in.domain_handle = domain_handle;
800 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
802 r.out.user_handle = user_handle;
803 status = dcerpc_samr_OpenUser(p, mem_ctx, &r);
804 if (!NT_STATUS_IS_OK(status)) {
805 printf("OpenUser_byname(%s) failed - %s\n", name, nt_errstr(status));
812 static BOOL test_ChangePasswordNT3(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
813 struct policy_handle *handle)
816 struct samr_ChangePasswordUser r;
818 struct samr_Password hash1, hash2, hash3, hash4, hash5, hash6;
819 struct policy_handle user_handle;
820 char *oldpass = "test";
821 char *newpass = "test2";
822 uint8_t old_nt_hash[16], new_nt_hash[16];
823 uint8_t old_lm_hash[16], new_lm_hash[16];
825 status = test_OpenUser_byname(p, mem_ctx, handle, "testuser", &user_handle);
826 if (!NT_STATUS_IS_OK(status)) {
830 printf("Testing ChangePasswordUser for user 'testuser'\n");
832 printf("old password: %s\n", oldpass);
833 printf("new password: %s\n", newpass);
835 E_md4hash(oldpass, old_nt_hash);
836 E_md4hash(newpass, new_nt_hash);
837 E_deshash(oldpass, old_lm_hash);
838 E_deshash(newpass, new_lm_hash);
840 E_old_pw_hash(new_lm_hash, old_lm_hash, hash1.hash);
841 E_old_pw_hash(old_lm_hash, new_lm_hash, hash2.hash);
842 E_old_pw_hash(new_nt_hash, old_nt_hash, hash3.hash);
843 E_old_pw_hash(old_nt_hash, new_nt_hash, hash4.hash);
844 E_old_pw_hash(old_lm_hash, new_nt_hash, hash5.hash);
845 E_old_pw_hash(old_nt_hash, new_lm_hash, hash6.hash);
847 r.in.handle = &user_handle;
849 r.in.old_lm_crypted = &hash1;
850 r.in.new_lm_crypted = &hash2;
852 r.in.old_nt_crypted = &hash3;
853 r.in.new_nt_crypted = &hash4;
854 r.in.cross1_present = 1;
855 r.in.nt_cross = &hash5;
856 r.in.cross2_present = 1;
857 r.in.lm_cross = &hash6;
859 status = dcerpc_samr_ChangePasswordUser(p, mem_ctx, &r);
860 if (!NT_STATUS_IS_OK(status)) {
861 printf("ChangePasswordUser failed - %s\n", nt_errstr(status));
865 if (!test_samr_handle_Close(p, mem_ctx, &user_handle)) {
873 static BOOL test_ChangePasswordUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
874 struct policy_handle *handle, char **password)
877 struct samr_ChangePasswordUser r;
879 struct samr_Password hash1, hash2, hash3, hash4, hash5, hash6;
880 struct policy_handle user_handle;
881 char *oldpass = *password;
882 uint8_t old_nt_hash[16], new_nt_hash[16];
883 uint8_t old_lm_hash[16], new_lm_hash[16];
886 struct samr_GetUserPwInfo pwp;
887 int policy_min_pw_len = 0;
889 status = test_OpenUser_byname(p, mem_ctx, handle, TEST_ACCOUNT_NAME, &user_handle);
890 if (!NT_STATUS_IS_OK(status)) {
893 pwp.in.user_handle = &user_handle;
895 status = dcerpc_samr_GetUserPwInfo(p, mem_ctx, &pwp);
896 if (NT_STATUS_IS_OK(status)) {
897 policy_min_pw_len = pwp.out.info.min_password_length;
899 newpass = samr_rand_pass(mem_ctx, policy_min_pw_len);
901 printf("Testing ChangePasswordUser\n");
903 E_md4hash(oldpass, old_nt_hash);
904 E_md4hash(newpass, new_nt_hash);
905 E_deshash(oldpass, old_lm_hash);
906 E_deshash(newpass, new_lm_hash);
908 E_old_pw_hash(new_lm_hash, old_lm_hash, hash1.hash);
909 E_old_pw_hash(old_lm_hash, new_lm_hash, hash2.hash);
910 E_old_pw_hash(new_nt_hash, old_nt_hash, hash3.hash);
911 E_old_pw_hash(old_nt_hash, new_nt_hash, hash4.hash);
912 E_old_pw_hash(old_lm_hash, new_nt_hash, hash5.hash);
913 E_old_pw_hash(old_nt_hash, new_lm_hash, hash6.hash);
915 r.in.user_handle = &user_handle;
917 r.in.old_lm_crypted = &hash1;
918 r.in.new_lm_crypted = &hash2;
920 r.in.old_nt_crypted = &hash3;
921 r.in.new_nt_crypted = &hash4;
922 r.in.cross1_present = 1;
923 r.in.nt_cross = &hash5;
924 r.in.cross2_present = 1;
925 r.in.lm_cross = &hash6;
927 status = dcerpc_samr_ChangePasswordUser(p, mem_ctx, &r);
928 if (!NT_STATUS_IS_OK(status)) {
929 printf("ChangePasswordUser failed - %s\n", nt_errstr(status));
935 if (!test_samr_handle_Close(p, mem_ctx, &user_handle)) {
943 static BOOL test_OemChangePasswordUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
944 struct policy_handle *handle, char **password)
947 struct samr_OemChangePasswordUser2 r;
949 struct samr_Password lm_verifier;
950 struct samr_CryptPassword lm_pass;
951 struct samr_AsciiName server, account;
952 char *oldpass = *password;
954 uint8_t old_lm_hash[16], new_lm_hash[16];
956 struct samr_GetDomPwInfo dom_pw_info;
957 int policy_min_pw_len = 0;
959 struct samr_String domain_name;
960 domain_name.string = "";
961 dom_pw_info.in.name = &domain_name;
963 printf("Testing OemChangePasswordUser2\n");
965 status = dcerpc_samr_GetDomPwInfo(p, mem_ctx, &dom_pw_info);
966 if (NT_STATUS_IS_OK(status)) {
967 policy_min_pw_len = dom_pw_info.out.info.min_password_length;
970 newpass = samr_rand_pass(mem_ctx, policy_min_pw_len);
972 server.string = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
973 account.string = TEST_ACCOUNT_NAME;
975 E_deshash(oldpass, old_lm_hash);
976 E_deshash(newpass, new_lm_hash);
978 encode_pw_buffer(lm_pass.data, newpass, STR_ASCII);
979 arcfour_crypt(lm_pass.data, old_lm_hash, 516);
980 E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash);
982 r.in.server = &server;
983 r.in.account = &account;
984 r.in.password = &lm_pass;
985 r.in.hash = &lm_verifier;
987 status = dcerpc_samr_OemChangePasswordUser2(p, mem_ctx, &r);
988 if (!NT_STATUS_IS_OK(status)) {
989 printf("OemChangePasswordUser2 failed - %s\n", nt_errstr(status));
999 static BOOL test_ChangePasswordUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1000 struct policy_handle *handle, char **password)
1003 struct samr_ChangePasswordUser2 r;
1005 struct samr_String server, account;
1006 struct samr_CryptPassword nt_pass, lm_pass;
1007 struct samr_Password nt_verifier, lm_verifier;
1008 char *oldpass = *password;
1010 uint8_t old_nt_hash[16], new_nt_hash[16];
1011 uint8_t old_lm_hash[16], new_lm_hash[16];
1013 struct samr_GetDomPwInfo dom_pw_info;
1014 int policy_min_pw_len = 0;
1016 struct samr_String domain_name;
1017 domain_name.string = "";
1018 dom_pw_info.in.name = &domain_name;
1020 printf("Testing ChangePasswordUser2\n");
1022 status = dcerpc_samr_GetDomPwInfo(p, mem_ctx, &dom_pw_info);
1023 if (NT_STATUS_IS_OK(status)) {
1024 policy_min_pw_len = dom_pw_info.out.info.min_password_length;
1027 newpass = samr_rand_pass(mem_ctx, policy_min_pw_len);
1029 server.string = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
1030 init_samr_String(&account, TEST_ACCOUNT_NAME);
1032 E_md4hash(oldpass, old_nt_hash);
1033 E_md4hash(newpass, new_nt_hash);
1035 E_deshash(oldpass, old_lm_hash);
1036 E_deshash(newpass, new_lm_hash);
1038 encode_pw_buffer(lm_pass.data, newpass, STR_ASCII|STR_TERMINATE);
1039 arcfour_crypt(lm_pass.data, old_lm_hash, 516);
1040 E_old_pw_hash(new_nt_hash, old_lm_hash, lm_verifier.hash);
1042 encode_pw_buffer(nt_pass.data, newpass, STR_UNICODE);
1043 arcfour_crypt(nt_pass.data, old_nt_hash, 516);
1044 E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
1046 r.in.server = &server;
1047 r.in.account = &account;
1048 r.in.nt_password = &nt_pass;
1049 r.in.nt_verifier = &nt_verifier;
1051 r.in.lm_password = &lm_pass;
1052 r.in.lm_verifier = &lm_verifier;
1054 status = dcerpc_samr_ChangePasswordUser2(p, mem_ctx, &r);
1055 if (!NT_STATUS_IS_OK(status)) {
1056 printf("ChangePasswordUser2 failed - %s\n", nt_errstr(status));
1059 *password = newpass;
1066 static BOOL test_ChangePasswordUser3(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1067 struct policy_handle *handle,
1068 int policy_min_pw_len,
1072 struct samr_ChangePasswordUser3 r;
1074 struct samr_String server, account;
1075 struct samr_CryptPassword nt_pass, lm_pass;
1076 struct samr_Password nt_verifier, lm_verifier;
1077 char *oldpass = *password;
1078 char *newpass = samr_rand_pass(mem_ctx, policy_min_pw_len);
1079 uint8_t old_nt_hash[16], new_nt_hash[16];
1080 uint8_t old_lm_hash[16], new_lm_hash[16];
1082 printf("Testing ChangePasswordUser3\n");
1084 server.string = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
1085 init_samr_String(&account, TEST_ACCOUNT_NAME);
1087 E_md4hash(oldpass, old_nt_hash);
1088 E_md4hash(newpass, new_nt_hash);
1090 E_deshash(oldpass, old_lm_hash);
1091 E_deshash(newpass, new_lm_hash);
1093 encode_pw_buffer(lm_pass.data, newpass, STR_UNICODE);
1094 arcfour_crypt(lm_pass.data, old_nt_hash, 516);
1095 E_old_pw_hash(new_nt_hash, old_lm_hash, lm_verifier.hash);
1097 encode_pw_buffer(nt_pass.data, newpass, STR_UNICODE);
1098 arcfour_crypt(nt_pass.data, old_nt_hash, 516);
1099 E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
1101 r.in.server = &server;
1102 r.in.account = &account;
1103 r.in.nt_password = &nt_pass;
1104 r.in.nt_verifier = &nt_verifier;
1106 r.in.lm_password = &lm_pass;
1107 r.in.lm_verifier = &lm_verifier;
1108 r.in.password3 = NULL;
1110 status = dcerpc_samr_ChangePasswordUser3(p, mem_ctx, &r);
1111 if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)
1112 && !policy_min_pw_len) {
1113 if (r.out.dominfo) {
1114 policy_min_pw_len = r.out.dominfo->min_password_length;
1116 if (policy_min_pw_len) /* try again with the right min password length */ {
1117 ret = test_ChangePasswordUser3(p, mem_ctx, handle, policy_min_pw_len, password);
1119 printf("ChangePasswordUser3 failed - %s\n", nt_errstr(status));
1122 } else if (!NT_STATUS_IS_OK(status)) {
1123 printf("ChangePasswordUser3 failed - %s\n", nt_errstr(status));
1126 *password = newpass;
1133 static BOOL test_GetMembersInAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1134 struct policy_handle *alias_handle)
1136 struct samr_GetMembersInAlias r;
1137 struct lsa_SidArray sids;
1141 printf("Testing GetMembersInAlias\n");
1143 r.in.alias_handle = alias_handle;
1146 status = dcerpc_samr_GetMembersInAlias(p, mem_ctx, &r);
1147 if (!NT_STATUS_IS_OK(status)) {
1148 printf("GetMembersInAlias failed - %s\n",
1156 static BOOL test_AddMemberToAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1157 struct policy_handle *alias_handle,
1158 const struct dom_sid *domain_sid)
1160 struct samr_AddAliasMember r;
1161 struct samr_DeleteAliasMember d;
1164 struct dom_sid *sid;
1166 sid = dom_sid_add_rid(mem_ctx, domain_sid, 512);
1168 printf("testing AddAliasMember\n");
1169 r.in.alias_handle = alias_handle;
1172 status = dcerpc_samr_AddAliasMember(p, mem_ctx, &r);
1173 if (!NT_STATUS_IS_OK(status)) {
1174 printf("AddAliasMember failed - %s\n", nt_errstr(status));
1178 d.in.alias_handle = alias_handle;
1181 status = dcerpc_samr_DeleteAliasMember(p, mem_ctx, &d);
1182 if (!NT_STATUS_IS_OK(status)) {
1183 printf("DelAliasMember failed - %s\n", nt_errstr(status));
1190 static BOOL test_AddMultipleMembersToAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1191 struct policy_handle *alias_handle)
1193 struct samr_AddMultipleMembersToAlias a;
1194 struct samr_RemoveMultipleMembersFromAlias r;
1197 struct lsa_SidArray sids;
1199 printf("testing AddMultipleMembersToAlias\n");
1200 a.in.alias_handle = alias_handle;
1204 sids.sids = talloc_array_p(mem_ctx, struct lsa_SidPtr, 3);
1206 sids.sids[0].sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-1-2-3-1");
1207 sids.sids[1].sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-1-2-3-2");
1208 sids.sids[2].sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-1-2-3-3");
1210 status = dcerpc_samr_AddMultipleMembersToAlias(p, mem_ctx, &a);
1211 if (!NT_STATUS_IS_OK(status)) {
1212 printf("AddMultipleMembersToAlias failed - %s\n", nt_errstr(status));
1217 printf("testing RemoveMultipleMembersFromAlias\n");
1218 r.in.alias_handle = alias_handle;
1221 status = dcerpc_samr_RemoveMultipleMembersFromAlias(p, mem_ctx, &r);
1222 if (!NT_STATUS_IS_OK(status)) {
1223 printf("RemoveMultipleMembersFromAlias failed - %s\n", nt_errstr(status));
1227 /* strange! removing twice doesn't give any error */
1228 status = dcerpc_samr_RemoveMultipleMembersFromAlias(p, mem_ctx, &r);
1229 if (!NT_STATUS_IS_OK(status)) {
1230 printf("RemoveMultipleMembersFromAlias failed - %s\n", nt_errstr(status));
1234 /* but removing an alias that isn't there does */
1235 sids.sids[2].sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-1-2-3-4");
1237 status = dcerpc_samr_RemoveMultipleMembersFromAlias(p, mem_ctx, &r);
1238 if (!NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_NOT_FOUND, status)) {
1239 printf("RemoveMultipleMembersFromAlias failed - %s\n", nt_errstr(status));
1246 static BOOL test_TestPrivateFunctionsUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1247 struct policy_handle *user_handle)
1249 struct samr_TestPrivateFunctionsUser r;
1253 printf("Testing TestPrivateFunctionsUser\n");
1255 r.in.user_handle = user_handle;
1257 status = dcerpc_samr_TestPrivateFunctionsUser(p, mem_ctx, &r);
1258 if (!NT_STATUS_EQUAL(NT_STATUS_NOT_IMPLEMENTED, status)) {
1259 printf("TestPrivateFunctionsUser failed - %s\n", nt_errstr(status));
1267 static BOOL test_user_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1268 struct policy_handle *handle, uint32_t base_acct_flags)
1272 if (!test_QuerySecurity(p, mem_ctx, handle)) {
1276 if (!test_QueryUserInfo(p, mem_ctx, handle)) {
1280 if (!test_QueryUserInfo2(p, mem_ctx, handle)) {
1284 if (!test_SetUserInfo(p, mem_ctx, handle, base_acct_flags)) {
1288 if (!test_GetUserPwInfo(p, mem_ctx, handle)) {
1292 if (!test_TestPrivateFunctionsUser(p, mem_ctx, handle)) {
1299 static BOOL test_alias_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1300 struct policy_handle *alias_handle,
1301 const struct dom_sid *domain_sid)
1305 if (!test_QuerySecurity(p, mem_ctx, alias_handle)) {
1309 if (!test_QueryAliasInfo(p, mem_ctx, alias_handle)) {
1313 if (!test_SetAliasInfo(p, mem_ctx, alias_handle)) {
1317 if (!test_AddMemberToAlias(p, mem_ctx, alias_handle, domain_sid)) {
1321 if (!test_AddMultipleMembersToAlias(p, mem_ctx, alias_handle)) {
1329 BOOL test_DeleteUser_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1330 struct policy_handle *handle, const char *name)
1333 struct samr_DeleteUser d;
1334 struct policy_handle user_handle;
1337 status = test_LookupName(p, mem_ctx, handle, name, &rid);
1338 if (!NT_STATUS_IS_OK(status)) {
1342 status = test_OpenUser_byname(p, mem_ctx, handle, name, &user_handle);
1343 if (!NT_STATUS_IS_OK(status)) {
1347 d.in.user_handle = &user_handle;
1348 d.out.user_handle = &user_handle;
1349 status = dcerpc_samr_DeleteUser(p, mem_ctx, &d);
1350 if (!NT_STATUS_IS_OK(status)) {
1357 printf("DeleteUser_byname(%s) failed - %s\n", name, nt_errstr(status));
1362 static BOOL test_DeleteGroup_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1363 struct policy_handle *handle, const char *name)
1366 struct samr_OpenGroup r;
1367 struct samr_DeleteDomainGroup d;
1368 struct policy_handle group_handle;
1371 status = test_LookupName(p, mem_ctx, handle, name, &rid);
1372 if (!NT_STATUS_IS_OK(status)) {
1376 r.in.domain_handle = handle;
1377 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
1379 r.out.group_handle = &group_handle;
1380 status = dcerpc_samr_OpenGroup(p, mem_ctx, &r);
1381 if (!NT_STATUS_IS_OK(status)) {
1385 d.in.group_handle = &group_handle;
1386 d.out.group_handle = &group_handle;
1387 status = dcerpc_samr_DeleteDomainGroup(p, mem_ctx, &d);
1388 if (!NT_STATUS_IS_OK(status)) {
1395 printf("DeleteGroup_byname(%s) failed - %s\n", name, nt_errstr(status));
1400 static BOOL test_DeleteAlias_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1401 struct policy_handle *domain_handle, const char *name)
1404 struct samr_OpenAlias r;
1405 struct samr_DeleteDomAlias d;
1406 struct policy_handle alias_handle;
1409 printf("testing DeleteAlias_byname\n");
1411 status = test_LookupName(p, mem_ctx, domain_handle, name, &rid);
1412 if (!NT_STATUS_IS_OK(status)) {
1416 r.in.domain_handle = domain_handle;
1417 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
1419 r.out.alias_handle = &alias_handle;
1420 status = dcerpc_samr_OpenAlias(p, mem_ctx, &r);
1421 if (!NT_STATUS_IS_OK(status)) {
1425 d.in.alias_handle = &alias_handle;
1426 d.out.alias_handle = &alias_handle;
1427 status = dcerpc_samr_DeleteDomAlias(p, mem_ctx, &d);
1428 if (!NT_STATUS_IS_OK(status)) {
1435 printf("DeleteUser_byname(%s) failed - %s\n", name, nt_errstr(status));
1439 static BOOL test_DeleteAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1440 struct policy_handle *alias_handle)
1442 struct samr_DeleteDomAlias d;
1445 printf("Testing DeleteAlias\n");
1447 d.in.alias_handle = alias_handle;
1448 d.out.alias_handle = alias_handle;
1450 status = dcerpc_samr_DeleteDomAlias(p, mem_ctx, &d);
1451 if (!NT_STATUS_IS_OK(status)) {
1452 printf("DeleteAlias failed - %s\n", nt_errstr(status));
1459 static BOOL test_CreateAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1460 struct policy_handle *domain_handle,
1461 struct policy_handle *alias_handle,
1462 const struct dom_sid *domain_sid)
1465 struct samr_CreateDomAlias r;
1466 struct samr_String name;
1470 init_samr_String(&name, TEST_ALIASNAME);
1471 r.in.domain_handle = domain_handle;
1472 r.in.aliasname = &name;
1473 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
1474 r.out.alias_handle = alias_handle;
1477 printf("Testing CreateAlias (%s)\n", r.in.aliasname->string);
1479 status = dcerpc_samr_CreateDomAlias(p, mem_ctx, &r);
1481 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
1482 printf("Server refused create of '%s'\n", r.in.aliasname->string);
1486 if (NT_STATUS_EQUAL(status, NT_STATUS_ALIAS_EXISTS)) {
1487 if (!test_DeleteAlias_byname(p, mem_ctx, domain_handle, r.in.aliasname->string)) {
1490 status = dcerpc_samr_CreateDomAlias(p, mem_ctx, &r);
1493 if (!NT_STATUS_IS_OK(status)) {
1494 printf("CreateAlias failed - %s\n", nt_errstr(status));
1498 if (!test_alias_ops(p, mem_ctx, alias_handle, domain_sid)) {
1505 static BOOL test_ChangePassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1506 struct policy_handle *domain_handle, char **password)
1514 if (!test_ChangePasswordUser(p, mem_ctx, domain_handle, password)) {
1518 if (!test_ChangePasswordUser2(p, mem_ctx, domain_handle, password)) {
1522 if (!test_OemChangePasswordUser2(p, mem_ctx, domain_handle, password)) {
1526 /* we change passwords twice - this has the effect of verifying
1527 they were changed correctly for the final call */
1528 if (!test_ChangePasswordUser3(p, mem_ctx, domain_handle, 0, password)) {
1532 if (!test_ChangePasswordUser3(p, mem_ctx, domain_handle, 0, password)) {
1539 static BOOL test_CreateUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1540 struct policy_handle *domain_handle, struct policy_handle *user_handle)
1543 struct samr_CreateUser r;
1544 struct samr_QueryUserInfo q;
1546 char *password = NULL;
1549 const uint32 password_fields[] = {
1550 SAMR_FIELD_PASSWORD,
1551 SAMR_FIELD_PASSWORD2,
1552 SAMR_FIELD_PASSWORD | SAMR_FIELD_PASSWORD2,
1556 /* This call creates a 'normal' account - check that it really does */
1557 const uint32_t acct_flags = ACB_NORMAL;
1558 struct samr_String name;
1561 init_samr_String(&name, TEST_ACCOUNT_NAME);
1563 r.in.domain_handle = domain_handle;
1564 r.in.account_name = &name;
1565 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
1566 r.out.user_handle = user_handle;
1569 printf("Testing CreateUser(%s)\n", r.in.account_name->string);
1571 status = dcerpc_samr_CreateUser(p, mem_ctx, &r);
1573 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
1574 printf("Server refused create of '%s'\n", r.in.account_name->string);
1575 ZERO_STRUCTP(user_handle);
1579 if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
1580 if (!test_DeleteUser_byname(p, mem_ctx, domain_handle, r.in.account_name->string)) {
1583 status = dcerpc_samr_CreateUser(p, mem_ctx, &r);
1585 if (!NT_STATUS_IS_OK(status)) {
1586 printf("CreateUser failed - %s\n", nt_errstr(status));
1590 q.in.user_handle = user_handle;
1593 status = dcerpc_samr_QueryUserInfo(p, mem_ctx, &q);
1594 if (!NT_STATUS_IS_OK(status)) {
1595 printf("QueryUserInfo level %u failed - %s\n",
1596 q.in.level, nt_errstr(status));
1599 if ((q.out.info->info16.acct_flags & acct_flags) != acct_flags) {
1600 printf("QuerUserInfo level 16 failed, it returned 0x%08x (%u) when we expected flags of 0x%08x (%u)\n",
1601 q.out.info->info16.acct_flags, q.out.info->info16.acct_flags,
1602 acct_flags, acct_flags);
1607 if (!test_user_ops(p, mem_ctx, user_handle, acct_flags)) {
1611 if (!test_SetUserPass(p, mem_ctx, user_handle, &password)) {
1615 for (i = 0; password_fields[i]; i++) {
1616 if (!test_SetUserPass_23(p, mem_ctx, user_handle, password_fields[i], &password)) {
1620 /* check it was set right */
1621 if (!test_ChangePasswordUser3(p, mem_ctx, domain_handle, 0, &password)) {
1626 for (i = 0; password_fields[i]; i++) {
1627 if (!test_SetUserPass_25(p, mem_ctx, user_handle, password_fields[i], &password)) {
1631 /* check it was set right */
1632 if (!test_ChangePasswordUser3(p, mem_ctx, domain_handle, 0, &password)) {
1637 if (!test_SetUserPassEx(p, mem_ctx, user_handle, &password)) {
1641 if (!test_ChangePassword(p, mem_ctx, domain_handle, &password)) {
1649 static BOOL test_DeleteUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1650 struct policy_handle *user_handle)
1652 struct samr_DeleteUser d;
1656 printf("Testing DeleteUser\n");
1658 d.in.user_handle = user_handle;
1659 d.out.user_handle = user_handle;
1661 status = dcerpc_samr_DeleteUser(p, mem_ctx, &d);
1662 if (!NT_STATUS_IS_OK(status)) {
1663 printf("DeleteUser failed - %s\n", nt_errstr(status));
1670 static BOOL test_CreateUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1671 struct policy_handle *handle)
1674 struct samr_CreateUser2 r;
1675 struct samr_QueryUserInfo q;
1676 struct samr_DeleteUser d;
1677 struct policy_handle user_handle;
1679 struct samr_String name;
1684 uint32_t acct_flags;
1685 const char *account_name;
1687 } account_types[] = {
1688 { ACB_NORMAL, TEST_ACCOUNT_NAME, NT_STATUS_OK },
1689 { ACB_NORMAL | ACB_DISABLED, TEST_ACCOUNT_NAME, NT_STATUS_INVALID_PARAMETER },
1690 { ACB_NORMAL | ACB_PWNOEXP, TEST_ACCOUNT_NAME, NT_STATUS_INVALID_PARAMETER },
1691 { ACB_WSTRUST, TEST_MACHINENAME, NT_STATUS_OK },
1692 { ACB_WSTRUST | ACB_DISABLED, TEST_MACHINENAME, NT_STATUS_INVALID_PARAMETER },
1693 { ACB_WSTRUST | ACB_PWNOEXP, TEST_MACHINENAME, NT_STATUS_INVALID_PARAMETER },
1694 { ACB_SVRTRUST, TEST_MACHINENAME, NT_STATUS_OK },
1695 { ACB_SVRTRUST | ACB_DISABLED, TEST_MACHINENAME, NT_STATUS_INVALID_PARAMETER },
1696 { ACB_SVRTRUST | ACB_PWNOEXP, TEST_MACHINENAME, NT_STATUS_INVALID_PARAMETER },
1697 { ACB_DOMTRUST, TEST_DOMAINNAME, NT_STATUS_OK },
1698 { ACB_DOMTRUST | ACB_DISABLED, TEST_DOMAINNAME, NT_STATUS_INVALID_PARAMETER },
1699 { ACB_DOMTRUST | ACB_PWNOEXP, TEST_DOMAINNAME, NT_STATUS_INVALID_PARAMETER },
1700 { 0, TEST_ACCOUNT_NAME, NT_STATUS_INVALID_PARAMETER },
1701 { ACB_DISABLED, TEST_ACCOUNT_NAME, NT_STATUS_INVALID_PARAMETER },
1702 { 0, NULL, NT_STATUS_INVALID_PARAMETER }
1705 for (i = 0; account_types[i].account_name; i++) {
1706 uint32_t acct_flags = account_types[i].acct_flags;
1707 uint32_t access_granted;
1709 init_samr_String(&name, account_types[i].account_name);
1711 r.in.domain_handle = handle;
1712 r.in.account_name = &name;
1713 r.in.acct_flags = acct_flags;
1714 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
1715 r.out.user_handle = &user_handle;
1716 r.out.access_granted = &access_granted;
1719 printf("Testing CreateUser2(%s, 0x%x)\n", r.in.account_name->string, acct_flags);
1721 status = dcerpc_samr_CreateUser2(p, mem_ctx, &r);
1723 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
1724 printf("Server refused create of '%s'\n", r.in.account_name->string);
1727 } else if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
1728 if (!test_DeleteUser_byname(p, mem_ctx, handle, r.in.account_name->string)) {
1731 status = dcerpc_samr_CreateUser2(p, mem_ctx, &r);
1734 if (!NT_STATUS_EQUAL(status, account_types[i].nt_status)) {
1735 printf("CreateUser2 failed gave incorrect error return - %s (should be %s)\n",
1736 nt_errstr(status), nt_errstr(account_types[i].nt_status));
1740 if (NT_STATUS_IS_OK(status)) {
1741 q.in.user_handle = &user_handle;
1744 status = dcerpc_samr_QueryUserInfo(p, mem_ctx, &q);
1745 if (!NT_STATUS_IS_OK(status)) {
1746 printf("QueryUserInfo level %u failed - %s\n",
1747 q.in.level, nt_errstr(status));
1750 if ((q.out.info->info16.acct_flags & acct_flags) != acct_flags) {
1751 printf("QuerUserInfo level 16 failed, it returned 0x%08x when we expected flags of 0x%08x\n",
1752 q.out.info->info16.acct_flags,
1758 if (!test_user_ops(p, mem_ctx, &user_handle, acct_flags)) {
1762 printf("Testing DeleteUser (createuser2 test)\n");
1764 d.in.user_handle = &user_handle;
1765 d.out.user_handle = &user_handle;
1767 status = dcerpc_samr_DeleteUser(p, mem_ctx, &d);
1768 if (!NT_STATUS_IS_OK(status)) {
1769 printf("DeleteUser failed - %s\n", nt_errstr(status));
1778 static BOOL test_QueryAliasInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1779 struct policy_handle *handle)
1782 struct samr_QueryAliasInfo r;
1783 uint16_t levels[] = {1, 2, 3};
1787 for (i=0;i<ARRAY_SIZE(levels);i++) {
1788 printf("Testing QueryAliasInfo level %u\n", levels[i]);
1790 r.in.alias_handle = handle;
1791 r.in.level = levels[i];
1793 status = dcerpc_samr_QueryAliasInfo(p, mem_ctx, &r);
1794 if (!NT_STATUS_IS_OK(status)) {
1795 printf("QueryAliasInfo level %u failed - %s\n",
1796 levels[i], nt_errstr(status));
1804 static BOOL test_QueryGroupInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1805 struct policy_handle *handle)
1808 struct samr_QueryGroupInfo r;
1809 uint16_t levels[] = {1, 2, 3, 4, 5};
1813 for (i=0;i<ARRAY_SIZE(levels);i++) {
1814 printf("Testing QueryGroupInfo level %u\n", levels[i]);
1816 r.in.group_handle = handle;
1817 r.in.level = levels[i];
1819 status = dcerpc_samr_QueryGroupInfo(p, mem_ctx, &r);
1820 if (!NT_STATUS_IS_OK(status)) {
1821 printf("QueryGroupInfo level %u failed - %s\n",
1822 levels[i], nt_errstr(status));
1830 static BOOL test_QueryGroupMember(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1831 struct policy_handle *handle)
1834 struct samr_QueryGroupMember r;
1837 printf("Testing QueryGroupMember\n");
1839 r.in.group_handle = handle;
1841 status = dcerpc_samr_QueryGroupMember(p, mem_ctx, &r);
1842 if (!NT_STATUS_IS_OK(status)) {
1843 printf("QueryGroupInfo failed - %s\n", nt_errstr(status));
1851 static BOOL test_SetGroupInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1852 struct policy_handle *handle)
1855 struct samr_QueryGroupInfo r;
1856 struct samr_SetGroupInfo s;
1857 uint16_t levels[] = {1, 2, 3, 4};
1858 uint16_t set_ok[] = {0, 1, 1, 1};
1862 for (i=0;i<ARRAY_SIZE(levels);i++) {
1863 printf("Testing QueryGroupInfo level %u\n", levels[i]);
1865 r.in.group_handle = handle;
1866 r.in.level = levels[i];
1868 status = dcerpc_samr_QueryGroupInfo(p, mem_ctx, &r);
1869 if (!NT_STATUS_IS_OK(status)) {
1870 printf("QueryGroupInfo level %u failed - %s\n",
1871 levels[i], nt_errstr(status));
1875 printf("Testing SetGroupInfo level %u\n", levels[i]);
1877 s.in.group_handle = handle;
1878 s.in.level = levels[i];
1879 s.in.info = r.out.info;
1882 /* disabled this, as it changes the name only from the point of view of samr,
1883 but leaves the name from the point of view of w2k3 internals (and ldap). This means
1884 the name is still reserved, so creating the old name fails, but deleting by the old name
1886 if (s.in.level == 2) {
1887 init_samr_String(&s.in.info->string, "NewName");
1891 if (s.in.level == 4) {
1892 init_samr_String(&s.in.info->description, "test description");
1895 status = dcerpc_samr_SetGroupInfo(p, mem_ctx, &s);
1897 if (!NT_STATUS_IS_OK(status)) {
1898 printf("SetGroupInfo level %u failed - %s\n",
1899 r.in.level, nt_errstr(status));
1904 if (!NT_STATUS_EQUAL(NT_STATUS_INVALID_INFO_CLASS, status)) {
1905 printf("SetGroupInfo level %u gave %s - should have been NT_STATUS_INVALID_INFO_CLASS\n",
1906 r.in.level, nt_errstr(status));
1916 static BOOL test_QueryUserInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1917 struct policy_handle *handle)
1920 struct samr_QueryUserInfo r;
1921 uint16_t levels[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
1922 11, 12, 13, 14, 16, 17, 20, 21};
1926 for (i=0;i<ARRAY_SIZE(levels);i++) {
1927 printf("Testing QueryUserInfo level %u\n", levels[i]);
1929 r.in.user_handle = handle;
1930 r.in.level = levels[i];
1932 status = dcerpc_samr_QueryUserInfo(p, mem_ctx, &r);
1933 if (!NT_STATUS_IS_OK(status)) {
1934 printf("QueryUserInfo level %u failed - %s\n",
1935 levels[i], nt_errstr(status));
1943 static BOOL test_QueryUserInfo2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1944 struct policy_handle *handle)
1947 struct samr_QueryUserInfo2 r;
1948 uint16_t levels[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
1949 11, 12, 13, 14, 16, 17, 20, 21};
1953 for (i=0;i<ARRAY_SIZE(levels);i++) {
1954 printf("Testing QueryUserInfo2 level %u\n", levels[i]);
1956 r.in.user_handle = handle;
1957 r.in.level = levels[i];
1959 status = dcerpc_samr_QueryUserInfo2(p, mem_ctx, &r);
1960 if (!NT_STATUS_IS_OK(status)) {
1961 printf("QueryUserInfo2 level %u failed - %s\n",
1962 levels[i], nt_errstr(status));
1970 static BOOL test_OpenUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1971 struct policy_handle *handle, uint32_t rid)
1974 struct samr_OpenUser r;
1975 struct policy_handle user_handle;
1978 printf("Testing OpenUser(%u)\n", rid);
1980 r.in.domain_handle = handle;
1981 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
1983 r.out.user_handle = &user_handle;
1985 status = dcerpc_samr_OpenUser(p, mem_ctx, &r);
1986 if (!NT_STATUS_IS_OK(status)) {
1987 printf("OpenUser(%u) failed - %s\n", rid, nt_errstr(status));
1991 if (!test_QuerySecurity(p, mem_ctx, &user_handle)) {
1995 if (!test_QueryUserInfo(p, mem_ctx, &user_handle)) {
1999 if (!test_QueryUserInfo2(p, mem_ctx, &user_handle)) {
2003 if (!test_GetUserPwInfo(p, mem_ctx, &user_handle)) {
2007 if (!test_GetGroupsForUser(p,mem_ctx, &user_handle)) {
2011 if (!test_samr_handle_Close(p, mem_ctx, &user_handle)) {
2018 static BOOL test_OpenGroup(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2019 struct policy_handle *handle, uint32_t rid)
2022 struct samr_OpenGroup r;
2023 struct policy_handle group_handle;
2026 printf("Testing OpenGroup(%u)\n", rid);
2028 r.in.domain_handle = handle;
2029 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
2031 r.out.group_handle = &group_handle;
2033 status = dcerpc_samr_OpenGroup(p, mem_ctx, &r);
2034 if (!NT_STATUS_IS_OK(status)) {
2035 printf("OpenGroup(%u) failed - %s\n", rid, nt_errstr(status));
2039 if (!test_QuerySecurity(p, mem_ctx, &group_handle)) {
2043 if (!test_QueryGroupInfo(p, mem_ctx, &group_handle)) {
2047 if (!test_QueryGroupMember(p, mem_ctx, &group_handle)) {
2051 if (!test_samr_handle_Close(p, mem_ctx, &group_handle)) {
2058 static BOOL test_OpenAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2059 struct policy_handle *handle, uint32_t rid)
2062 struct samr_OpenAlias r;
2063 struct policy_handle alias_handle;
2066 printf("Testing OpenAlias(%u)\n", rid);
2068 r.in.domain_handle = handle;
2069 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
2071 r.out.alias_handle = &alias_handle;
2073 status = dcerpc_samr_OpenAlias(p, mem_ctx, &r);
2074 if (!NT_STATUS_IS_OK(status)) {
2075 printf("OpenAlias(%u) failed - %s\n", rid, nt_errstr(status));
2079 if (!test_QuerySecurity(p, mem_ctx, &alias_handle)) {
2083 if (!test_QueryAliasInfo(p, mem_ctx, &alias_handle)) {
2087 if (!test_GetMembersInAlias(p, mem_ctx, &alias_handle)) {
2091 if (!test_samr_handle_Close(p, mem_ctx, &alias_handle)) {
2098 static BOOL test_EnumDomainUsers(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2099 struct policy_handle *handle)
2102 struct samr_EnumDomainUsers r;
2103 uint32_t resume_handle=0;
2106 struct samr_LookupNames n;
2107 struct samr_LookupRids lr ;
2109 printf("Testing EnumDomainUsers\n");
2111 r.in.domain_handle = handle;
2112 r.in.resume_handle = &resume_handle;
2113 r.in.acct_flags = 0;
2114 r.in.max_size = (uint32_t)-1;
2115 r.out.resume_handle = &resume_handle;
2117 status = dcerpc_samr_EnumDomainUsers(p, mem_ctx, &r);
2118 if (!NT_STATUS_IS_OK(status)) {
2119 printf("EnumDomainUsers failed - %s\n", nt_errstr(status));
2127 if (r.out.sam->count == 0) {
2131 for (i=0;i<r.out.sam->count;i++) {
2132 if (!test_OpenUser(p, mem_ctx, handle, r.out.sam->entries[i].idx)) {
2137 printf("Testing LookupNames\n");
2138 n.in.domain_handle = handle;
2139 n.in.num_names = r.out.sam->count;
2140 n.in.names = talloc_array_p(mem_ctx, struct samr_String, r.out.sam->count);
2141 for (i=0;i<r.out.sam->count;i++) {
2142 n.in.names[i] = r.out.sam->entries[i].name;
2144 status = dcerpc_samr_LookupNames(p, mem_ctx, &n);
2145 if (!NT_STATUS_IS_OK(status)) {
2146 printf("LookupNames failed - %s\n", nt_errstr(status));
2151 printf("Testing LookupRids\n");
2152 lr.in.domain_handle = handle;
2153 lr.in.num_rids = r.out.sam->count;
2154 lr.in.rids = talloc_array_p(mem_ctx, uint32_t, r.out.sam->count);
2155 for (i=0;i<r.out.sam->count;i++) {
2156 lr.in.rids[i] = r.out.sam->entries[i].idx;
2158 status = dcerpc_samr_LookupRids(p, mem_ctx, &lr);
2159 if (!NT_STATUS_IS_OK(status)) {
2160 printf("LookupRids failed - %s\n", nt_errstr(status));
2168 try blasting the server with a bunch of sync requests
2170 static BOOL test_EnumDomainUsers_async(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2171 struct policy_handle *handle)
2174 struct samr_EnumDomainUsers r;
2175 uint32_t resume_handle=0;
2177 #define ASYNC_COUNT 100
2178 struct rpc_request *req[ASYNC_COUNT];
2180 if (!lp_parm_bool(-1, "torture", "dangerous", False)) {
2181 printf("samr async test disabled - enable dangerous tests to use\n");
2185 printf("Testing EnumDomainUsers_async\n");
2187 r.in.domain_handle = handle;
2188 r.in.resume_handle = &resume_handle;
2189 r.in.acct_flags = 0;
2190 r.in.max_size = (uint32_t)-1;
2191 r.out.resume_handle = &resume_handle;
2193 for (i=0;i<ASYNC_COUNT;i++) {
2194 req[i] = dcerpc_samr_EnumDomainUsers_send(p, mem_ctx, &r);
2197 for (i=0;i<ASYNC_COUNT;i++) {
2198 status = dcerpc_ndr_request_recv(req[i]);
2199 if (!NT_STATUS_IS_OK(status)) {
2200 printf("EnumDomainUsers[%d] failed - %s\n",
2201 i, nt_errstr(status));
2206 printf("%d async requests OK\n", i);
2211 static BOOL test_EnumDomainGroups(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2212 struct policy_handle *handle)
2215 struct samr_EnumDomainGroups r;
2216 uint32_t resume_handle=0;
2220 printf("Testing EnumDomainGroups\n");
2222 r.in.domain_handle = handle;
2223 r.in.resume_handle = &resume_handle;
2224 r.in.max_size = (uint32_t)-1;
2225 r.out.resume_handle = &resume_handle;
2227 status = dcerpc_samr_EnumDomainGroups(p, mem_ctx, &r);
2228 if (!NT_STATUS_IS_OK(status)) {
2229 printf("EnumDomainGroups failed - %s\n", nt_errstr(status));
2237 for (i=0;i<r.out.sam->count;i++) {
2238 if (!test_OpenGroup(p, mem_ctx, handle, r.out.sam->entries[i].idx)) {
2246 static BOOL test_EnumDomainAliases(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2247 struct policy_handle *handle)
2250 struct samr_EnumDomainAliases r;
2251 uint32_t resume_handle=0;
2255 printf("Testing EnumDomainAliases\n");
2257 r.in.domain_handle = handle;
2258 r.in.resume_handle = &resume_handle;
2259 r.in.acct_flags = (uint32_t)-1;
2260 r.out.resume_handle = &resume_handle;
2262 status = dcerpc_samr_EnumDomainAliases(p, mem_ctx, &r);
2263 if (!NT_STATUS_IS_OK(status)) {
2264 printf("EnumDomainAliases failed - %s\n", nt_errstr(status));
2272 for (i=0;i<r.out.sam->count;i++) {
2273 if (!test_OpenAlias(p, mem_ctx, handle, r.out.sam->entries[i].idx)) {
2281 static BOOL test_GetDisplayEnumerationIndex(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2282 struct policy_handle *handle)
2285 struct samr_GetDisplayEnumerationIndex r;
2287 uint16_t levels[] = {1, 2, 3, 4, 5};
2288 uint16_t ok_lvl[] = {1, 1, 1, 0, 0};
2291 for (i=0;i<ARRAY_SIZE(levels);i++) {
2292 printf("Testing GetDisplayEnumerationIndex level %u\n", levels[i]);
2294 r.in.domain_handle = handle;
2295 r.in.level = levels[i];
2296 init_samr_String(&r.in.name, TEST_ACCOUNT_NAME);
2298 status = dcerpc_samr_GetDisplayEnumerationIndex(p, mem_ctx, &r);
2301 !NT_STATUS_IS_OK(status) &&
2302 !NT_STATUS_EQUAL(NT_STATUS_NO_MORE_ENTRIES, status)) {
2303 printf("GetDisplayEnumerationIndex level %u failed - %s\n",
2304 levels[i], nt_errstr(status));
2308 init_samr_String(&r.in.name, "zzzzzzzz");
2310 status = dcerpc_samr_GetDisplayEnumerationIndex(p, mem_ctx, &r);
2312 if (ok_lvl[i] && !NT_STATUS_EQUAL(NT_STATUS_NO_MORE_ENTRIES, status)) {
2313 printf("GetDisplayEnumerationIndex level %u failed - %s\n",
2314 levels[i], nt_errstr(status));
2322 static BOOL test_GetDisplayEnumerationIndex2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2323 struct policy_handle *handle)
2326 struct samr_GetDisplayEnumerationIndex2 r;
2328 uint16_t levels[] = {1, 2, 3, 4, 5};
2329 uint16_t ok_lvl[] = {1, 1, 1, 0, 0};
2332 for (i=0;i<ARRAY_SIZE(levels);i++) {
2333 printf("Testing GetDisplayEnumerationIndex2 level %u\n", levels[i]);
2335 r.in.domain_handle = handle;
2336 r.in.level = levels[i];
2337 init_samr_String(&r.in.name, TEST_ACCOUNT_NAME);
2339 status = dcerpc_samr_GetDisplayEnumerationIndex2(p, mem_ctx, &r);
2341 !NT_STATUS_IS_OK(status) &&
2342 !NT_STATUS_EQUAL(NT_STATUS_NO_MORE_ENTRIES, status)) {
2343 printf("GetDisplayEnumerationIndex2 level %u failed - %s\n",
2344 levels[i], nt_errstr(status));
2348 init_samr_String(&r.in.name, "zzzzzzzz");
2350 status = dcerpc_samr_GetDisplayEnumerationIndex2(p, mem_ctx, &r);
2351 if (ok_lvl[i] && !NT_STATUS_EQUAL(NT_STATUS_NO_MORE_ENTRIES, status)) {
2352 printf("GetDisplayEnumerationIndex2 level %u failed - %s\n",
2353 levels[i], nt_errstr(status));
2361 static BOOL test_QueryDisplayInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2362 struct policy_handle *handle)
2365 struct samr_QueryDisplayInfo r;
2367 uint16_t levels[] = {1, 2, 3, 4, 5};
2370 for (i=0;i<ARRAY_SIZE(levels);i++) {
2371 printf("Testing QueryDisplayInfo level %u\n", levels[i]);
2373 r.in.domain_handle = handle;
2374 r.in.level = levels[i];
2376 r.in.max_entries = 1000;
2377 r.in.buf_size = (uint32_t)-1;
2379 status = dcerpc_samr_QueryDisplayInfo(p, mem_ctx, &r);
2380 if (!NT_STATUS_IS_OK(status)) {
2381 printf("QueryDisplayInfo level %u failed - %s\n",
2382 levels[i], nt_errstr(status));
2390 static BOOL test_QueryDisplayInfo2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2391 struct policy_handle *handle)
2394 struct samr_QueryDisplayInfo2 r;
2396 uint16_t levels[] = {1, 2, 3, 4, 5};
2399 for (i=0;i<ARRAY_SIZE(levels);i++) {
2400 printf("Testing QueryDisplayInfo2 level %u\n", levels[i]);
2402 r.in.domain_handle = handle;
2403 r.in.level = levels[i];
2405 r.in.max_entries = 1000;
2406 r.in.buf_size = (uint32_t)-1;
2408 status = dcerpc_samr_QueryDisplayInfo2(p, mem_ctx, &r);
2409 if (!NT_STATUS_IS_OK(status)) {
2410 printf("QueryDisplayInfo2 level %u failed - %s\n",
2411 levels[i], nt_errstr(status));
2419 static BOOL test_QueryDisplayInfo3(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2420 struct policy_handle *handle)
2423 struct samr_QueryDisplayInfo3 r;
2425 uint16_t levels[] = {1, 2, 3, 4, 5};
2428 for (i=0;i<ARRAY_SIZE(levels);i++) {
2429 printf("Testing QueryDisplayInfo3 level %u\n", levels[i]);
2431 r.in.domain_handle = handle;
2432 r.in.level = levels[i];
2434 r.in.max_entries = 1000;
2435 r.in.buf_size = (uint32_t)-1;
2437 status = dcerpc_samr_QueryDisplayInfo3(p, mem_ctx, &r);
2438 if (!NT_STATUS_IS_OK(status)) {
2439 printf("QueryDisplayInfo3 level %u failed - %s\n",
2440 levels[i], nt_errstr(status));
2448 static BOOL test_QueryDomainInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2449 struct policy_handle *handle)
2452 struct samr_QueryDomainInfo r;
2453 struct samr_SetDomainInfo s;
2454 uint16_t levels[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 11, 12, 13};
2455 uint16_t set_ok[] = {1, 0, 1, 1, 0, 1, 1, 0, 1, 0, 1, 0};
2459 for (i=0;i<ARRAY_SIZE(levels);i++) {
2460 printf("Testing QueryDomainInfo level %u\n", levels[i]);
2462 r.in.domain_handle = handle;
2463 r.in.level = levels[i];
2465 status = dcerpc_samr_QueryDomainInfo(p, mem_ctx, &r);
2466 if (!NT_STATUS_IS_OK(status)) {
2467 printf("QueryDomainInfo level %u failed - %s\n",
2468 r.in.level, nt_errstr(status));
2473 printf("Testing SetDomainInfo level %u\n", levels[i]);
2475 s.in.domain_handle = handle;
2476 s.in.level = levels[i];
2477 s.in.info = r.out.info;
2479 status = dcerpc_samr_SetDomainInfo(p, mem_ctx, &s);
2481 if (!NT_STATUS_IS_OK(status)) {
2482 printf("SetDomainInfo level %u failed - %s\n",
2483 r.in.level, nt_errstr(status));
2488 if (!NT_STATUS_EQUAL(NT_STATUS_INVALID_INFO_CLASS, status)) {
2489 printf("SetDomainInfo level %u gave %s - should have been NT_STATUS_INVALID_INFO_CLASS\n",
2490 r.in.level, nt_errstr(status));
2496 status = dcerpc_samr_QueryDomainInfo(p, mem_ctx, &r);
2497 if (!NT_STATUS_IS_OK(status)) {
2498 printf("QueryDomainInfo level %u failed - %s\n",
2499 r.in.level, nt_errstr(status));
2509 static BOOL test_QueryDomainInfo2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2510 struct policy_handle *handle)
2513 struct samr_QueryDomainInfo2 r;
2514 uint16_t levels[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 11, 12, 13};
2518 for (i=0;i<ARRAY_SIZE(levels);i++) {
2519 printf("Testing QueryDomainInfo2 level %u\n", levels[i]);
2521 r.in.domain_handle = handle;
2522 r.in.level = levels[i];
2524 status = dcerpc_samr_QueryDomainInfo2(p, mem_ctx, &r);
2525 if (!NT_STATUS_IS_OK(status)) {
2526 printf("QueryDomainInfo2 level %u failed - %s\n",
2527 r.in.level, nt_errstr(status));
2536 /* Test whether querydispinfo level 5 and enumdomgroups return the same
2537 set of group names. */
2538 static BOOL test_GroupList(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2539 struct policy_handle *handle)
2541 struct samr_EnumDomainGroups q1;
2542 struct samr_QueryDisplayInfo q2;
2544 uint32_t resume_handle=0;
2549 const char **names = NULL;
2551 printf("Testing coherency of querydispinfo vs enumdomgroups\n");
2553 q1.in.domain_handle = handle;
2554 q1.in.resume_handle = &resume_handle;
2556 q1.out.resume_handle = &resume_handle;
2558 status = STATUS_MORE_ENTRIES;
2559 while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
2560 status = dcerpc_samr_EnumDomainGroups(p, mem_ctx, &q1);
2562 if (!NT_STATUS_IS_OK(status) &&
2563 !NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES))
2566 for (i=0; i<q1.out.num_entries; i++) {
2567 add_string_to_array(mem_ctx,
2568 q1.out.sam->entries[i].name.string,
2569 &names, &num_names);
2573 if (!NT_STATUS_IS_OK(status)) {
2574 printf("EnumDomainGroups failed - %s\n", nt_errstr(status));
2582 q2.in.domain_handle = handle;
2584 q2.in.start_idx = 0;
2585 q2.in.max_entries = 5;
2586 q2.in.buf_size = (uint32_t)-1;
2588 status = STATUS_MORE_ENTRIES;
2589 while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
2590 status = dcerpc_samr_QueryDisplayInfo(p, mem_ctx, &q2);
2592 if (!NT_STATUS_IS_OK(status) &&
2593 !NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES))
2596 for (i=0; i<q2.out.info.info5.count; i++) {
2598 const char *name = q2.out.info.info5.entries[i].account_name.string;
2600 for (j=0; j<num_names; j++) {
2601 if (names[j] == NULL)
2603 /* Hmm. No strequal in samba4 */
2604 if (strequal(names[j], name)) {
2612 printf("QueryDisplayInfo gave name [%s] that EnumDomainGroups did not\n",
2617 q2.in.start_idx += q2.out.info.info5.count;
2620 if (!NT_STATUS_IS_OK(status)) {
2621 printf("QueryDisplayInfo level 5 failed - %s\n",
2626 for (i=0; i<num_names; i++) {
2627 if (names[i] != NULL) {
2628 printf("EnumDomainGroups gave name [%s] that QueryDisplayInfo did not\n",
2637 static BOOL test_DeleteDomainGroup(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2638 struct policy_handle *group_handle)
2640 struct samr_DeleteDomainGroup d;
2644 printf("Testing DeleteDomainGroup\n");
2646 d.in.group_handle = group_handle;
2647 d.out.group_handle = group_handle;
2649 status = dcerpc_samr_DeleteDomainGroup(p, mem_ctx, &d);
2650 if (!NT_STATUS_IS_OK(status)) {
2651 printf("DeleteDomainGroup failed - %s\n", nt_errstr(status));
2658 static BOOL test_TestPrivateFunctionsDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2659 struct policy_handle *domain_handle)
2661 struct samr_TestPrivateFunctionsDomain r;
2665 printf("Testing TestPrivateFunctionsDomain\n");
2667 r.in.domain_handle = domain_handle;
2669 status = dcerpc_samr_TestPrivateFunctionsDomain(p, mem_ctx, &r);
2670 if (!NT_STATUS_EQUAL(NT_STATUS_NOT_IMPLEMENTED, status)) {
2671 printf("TestPrivateFunctionsDomain failed - %s\n", nt_errstr(status));
2678 static BOOL test_RidToSid(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2679 struct policy_handle *domain_handle)
2681 struct samr_RidToSid r;
2685 printf("Testing RidToSid\n");
2687 r.in.domain_handle = domain_handle;
2690 status = dcerpc_samr_RidToSid(p, mem_ctx, &r);
2691 if (!NT_STATUS_IS_OK(status)) {
2692 printf("RidToSid failed - %s\n", nt_errstr(status));
2699 static BOOL test_GetBootKeyInformation(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2700 struct policy_handle *domain_handle)
2702 struct samr_GetBootKeyInformation r;
2706 printf("Testing GetBootKeyInformation\n");
2708 r.in.domain_handle = domain_handle;
2710 status = dcerpc_samr_GetBootKeyInformation(p, mem_ctx, &r);
2711 if (!NT_STATUS_IS_OK(status)) {
2712 /* w2k3 seems to fail this sometimes and pass it sometimes */
2713 printf("GetBootKeyInformation (ignored) - %s\n", nt_errstr(status));
2719 static BOOL test_AddGroupMember(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2720 struct policy_handle *domain_handle,
2721 struct policy_handle *group_handle)
2724 struct samr_AddGroupMember r;
2725 struct samr_DeleteGroupMember d;
2726 struct samr_QueryGroupMember q;
2727 struct samr_SetMemberAttributesOfGroup s;
2731 status = test_LookupName(p, mem_ctx, domain_handle, TEST_ACCOUNT_NAME, &rid);
2732 if (!NT_STATUS_IS_OK(status)) {
2736 r.in.group_handle = group_handle;
2738 r.in.flags = 0; /* ??? */
2740 printf("Testing AddGroupMember and DeleteGroupMember\n");
2742 d.in.group_handle = group_handle;
2745 status = dcerpc_samr_DeleteGroupMember(p, mem_ctx, &d);
2746 if (!NT_STATUS_EQUAL(NT_STATUS_MEMBER_NOT_IN_GROUP, status)) {
2747 printf("DeleteGroupMember gave %s - should be NT_STATUS_MEMBER_NOT_IN_GROUP\n",
2752 status = dcerpc_samr_AddGroupMember(p, mem_ctx, &r);
2753 if (!NT_STATUS_IS_OK(status)) {
2754 printf("AddGroupMember failed - %s\n", nt_errstr(status));
2758 status = dcerpc_samr_AddGroupMember(p, mem_ctx, &r);
2759 if (!NT_STATUS_EQUAL(NT_STATUS_MEMBER_IN_GROUP, status)) {
2760 printf("AddGroupMember gave %s - should be NT_STATUS_MEMBER_IN_GROUP\n",
2765 /* this one is quite strange. I am using random inputs in the
2766 hope of triggering an error that might give us a clue */
2767 s.in.group_handle = group_handle;
2768 s.in.unknown1 = random();
2769 s.in.unknown2 = random();
2771 status = dcerpc_samr_SetMemberAttributesOfGroup(p, mem_ctx, &s);
2772 if (!NT_STATUS_IS_OK(status)) {
2773 printf("SetMemberAttributesOfGroup failed - %s\n", nt_errstr(status));
2777 q.in.group_handle = group_handle;
2779 status = dcerpc_samr_QueryGroupMember(p, mem_ctx, &q);
2780 if (!NT_STATUS_IS_OK(status)) {
2781 printf("QueryGroupMember failed - %s\n", nt_errstr(status));
2785 status = dcerpc_samr_DeleteGroupMember(p, mem_ctx, &d);
2786 if (!NT_STATUS_IS_OK(status)) {
2787 printf("DeleteGroupMember failed - %s\n", nt_errstr(status));
2791 status = dcerpc_samr_AddGroupMember(p, mem_ctx, &r);
2792 if (!NT_STATUS_IS_OK(status)) {
2793 printf("AddGroupMember failed - %s\n", nt_errstr(status));
2801 static BOOL test_CreateDomainGroup(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2802 struct policy_handle *domain_handle, struct policy_handle *group_handle)
2805 struct samr_CreateDomainGroup r;
2807 struct samr_String name;
2810 init_samr_String(&name, TEST_GROUPNAME);
2812 r.in.domain_handle = domain_handle;
2814 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
2815 r.out.group_handle = group_handle;
2818 printf("Testing CreateDomainGroup(%s)\n", r.in.name->string);
2820 status = dcerpc_samr_CreateDomainGroup(p, mem_ctx, &r);
2822 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
2823 printf("Server refused create of '%s'\n", r.in.name->string);
2824 ZERO_STRUCTP(group_handle);
2828 if (NT_STATUS_EQUAL(status, NT_STATUS_GROUP_EXISTS) ||
2829 NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
2830 if (!test_DeleteGroup_byname(p, mem_ctx, domain_handle, r.in.name->string)) {
2833 status = dcerpc_samr_CreateDomainGroup(p, mem_ctx, &r);
2835 if (!NT_STATUS_IS_OK(status)) {
2836 printf("CreateDomainGroup failed - %s\n", nt_errstr(status));
2840 if (!test_AddGroupMember(p, mem_ctx, domain_handle, group_handle)) {
2844 if (!test_SetGroupInfo(p, mem_ctx, group_handle)) {
2853 its not totally clear what this does. It seems to accept any sid you like.
2855 static BOOL test_RemoveMemberFromForeignDomain(struct dcerpc_pipe *p,
2856 TALLOC_CTX *mem_ctx,
2857 struct policy_handle *domain_handle)
2860 struct samr_RemoveMemberFromForeignDomain r;
2862 r.in.domain_handle = domain_handle;
2863 r.in.sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-12-34-56-78-9");
2865 status = dcerpc_samr_RemoveMemberFromForeignDomain(p, mem_ctx, &r);
2866 if (!NT_STATUS_IS_OK(status)) {
2867 printf("RemoveMemberFromForeignDomain failed - %s\n", nt_errstr(status));
2876 static BOOL test_Connect(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2877 struct policy_handle *handle);
2879 static BOOL test_OpenDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2880 struct policy_handle *handle, struct dom_sid *sid)
2883 struct samr_OpenDomain r;
2884 struct policy_handle domain_handle;
2885 struct policy_handle user_handle;
2886 struct policy_handle alias_handle;
2887 struct policy_handle group_handle;
2890 ZERO_STRUCT(user_handle);
2891 ZERO_STRUCT(alias_handle);
2892 ZERO_STRUCT(group_handle);
2893 ZERO_STRUCT(domain_handle);
2895 printf("Testing OpenDomain\n");
2897 r.in.connect_handle = handle;
2898 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
2900 r.out.domain_handle = &domain_handle;
2902 status = dcerpc_samr_OpenDomain(p, mem_ctx, &r);
2903 if (!NT_STATUS_IS_OK(status)) {
2904 printf("OpenDomain failed - %s\n", nt_errstr(status));
2908 /* run the domain tests with the main handle closed - this tests
2909 the servers reference counting */
2910 ret &= test_samr_handle_Close(p, mem_ctx, handle);
2912 ret &= test_QuerySecurity(p, mem_ctx, &domain_handle);
2913 ret &= test_RemoveMemberFromForeignDomain(p, mem_ctx, &domain_handle);
2914 ret &= test_CreateUser2(p, mem_ctx, &domain_handle);
2915 ret &= test_CreateUser(p, mem_ctx, &domain_handle, &user_handle);
2916 ret &= test_CreateAlias(p, mem_ctx, &domain_handle, &alias_handle, sid);
2917 ret &= test_CreateDomainGroup(p, mem_ctx, &domain_handle, &group_handle);
2918 ret &= test_QueryDomainInfo(p, mem_ctx, &domain_handle);
2919 ret &= test_QueryDomainInfo2(p, mem_ctx, &domain_handle);
2920 ret &= test_EnumDomainUsers(p, mem_ctx, &domain_handle);
2921 ret &= test_EnumDomainUsers_async(p, mem_ctx, &domain_handle);
2922 ret &= test_EnumDomainGroups(p, mem_ctx, &domain_handle);
2923 ret &= test_EnumDomainAliases(p, mem_ctx, &domain_handle);
2924 ret &= test_QueryDisplayInfo(p, mem_ctx, &domain_handle);
2925 ret &= test_QueryDisplayInfo2(p, mem_ctx, &domain_handle);
2926 ret &= test_QueryDisplayInfo3(p, mem_ctx, &domain_handle);
2927 ret &= test_GetDisplayEnumerationIndex(p, mem_ctx, &domain_handle);
2928 ret &= test_GetDisplayEnumerationIndex2(p, mem_ctx, &domain_handle);
2929 ret &= test_GroupList(p, mem_ctx, &domain_handle);
2930 ret &= test_TestPrivateFunctionsDomain(p, mem_ctx, &domain_handle);
2931 ret &= test_RidToSid(p, mem_ctx, &domain_handle);
2932 ret &= test_GetBootKeyInformation(p, mem_ctx, &domain_handle);
2934 if (!policy_handle_empty(&user_handle) &&
2935 !test_DeleteUser(p, mem_ctx, &user_handle)) {
2939 if (!policy_handle_empty(&alias_handle) &&
2940 !test_DeleteAlias(p, mem_ctx, &alias_handle)) {
2944 if (!policy_handle_empty(&group_handle) &&
2945 !test_DeleteDomainGroup(p, mem_ctx, &group_handle)) {
2949 ret &= test_samr_handle_Close(p, mem_ctx, &domain_handle);
2951 /* reconnect the main handle */
2952 ret &= test_Connect(p, mem_ctx, handle);
2957 static BOOL test_LookupDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2958 struct policy_handle *handle, struct samr_String *domain)
2961 struct samr_LookupDomain r;
2962 struct samr_String n2;
2965 printf("Testing LookupDomain(%s)\n", domain->string);
2967 /* check for correct error codes */
2968 r.in.connect_handle = handle;
2972 status = dcerpc_samr_LookupDomain(p, mem_ctx, &r);
2973 if (!NT_STATUS_EQUAL(NT_STATUS_INVALID_PARAMETER, status)) {
2974 printf("failed: LookupDomain expected NT_STATUS_INVALID_PARAMETER - %s\n", nt_errstr(status));
2978 n2.string = "xxNODOMAINxx";
2980 status = dcerpc_samr_LookupDomain(p, mem_ctx, &r);
2981 if (!NT_STATUS_EQUAL(NT_STATUS_NO_SUCH_DOMAIN, status)) {
2982 printf("failed: LookupDomain expected NT_STATUS_NO_SUCH_DOMAIN - %s\n", nt_errstr(status));
2986 r.in.connect_handle = handle;
2987 r.in.domain = domain;
2989 status = dcerpc_samr_LookupDomain(p, mem_ctx, &r);
2990 if (!NT_STATUS_IS_OK(status)) {
2991 printf("LookupDomain failed - %s\n", nt_errstr(status));
2995 if (!test_GetDomPwInfo(p, mem_ctx, domain)) {
2999 if (!test_OpenDomain(p, mem_ctx, handle, r.out.sid)) {
3007 static BOOL test_EnumDomains(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
3008 struct policy_handle *handle)
3011 struct samr_EnumDomains r;
3012 uint32_t resume_handle = 0;
3016 r.in.connect_handle = handle;
3017 r.in.resume_handle = &resume_handle;
3018 r.in.buf_size = (uint32_t)-1;
3019 r.out.resume_handle = &resume_handle;
3021 status = dcerpc_samr_EnumDomains(p, mem_ctx, &r);
3022 if (!NT_STATUS_IS_OK(status)) {
3023 printf("EnumDomains failed - %s\n", nt_errstr(status));
3031 for (i=0;i<r.out.sam->count;i++) {
3032 if (!test_LookupDomain(p, mem_ctx, handle,
3033 &r.out.sam->entries[i].name)) {
3038 status = dcerpc_samr_EnumDomains(p, mem_ctx, &r);
3039 if (!NT_STATUS_IS_OK(status)) {
3040 printf("EnumDomains failed - %s\n", nt_errstr(status));
3048 static BOOL test_Connect(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
3049 struct policy_handle *handle)
3052 struct samr_Connect r;
3053 struct samr_Connect2 r2;
3054 struct samr_Connect3 r3;
3055 struct samr_Connect4 r4;
3056 struct samr_Connect5 r5;
3057 union samr_ConnectInfo info;
3058 struct policy_handle h;
3059 BOOL ret = True, got_handle = False;
3061 printf("testing samr_Connect\n");
3063 r.in.system_name = 0;
3064 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
3065 r.out.connect_handle = &h;
3067 status = dcerpc_samr_Connect(p, mem_ctx, &r);
3068 if (!NT_STATUS_IS_OK(status)) {
3069 printf("Connect failed - %s\n", nt_errstr(status));
3076 printf("testing samr_Connect2\n");
3078 r2.in.system_name = NULL;
3079 r2.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
3080 r2.out.connect_handle = &h;
3082 status = dcerpc_samr_Connect2(p, mem_ctx, &r2);
3083 if (!NT_STATUS_IS_OK(status)) {
3084 printf("Connect2 failed - %s\n", nt_errstr(status));
3088 test_samr_handle_Close(p, mem_ctx, handle);
3094 printf("testing samr_Connect3\n");
3096 r3.in.system_name = NULL;
3098 r3.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
3099 r3.out.connect_handle = &h;
3101 status = dcerpc_samr_Connect3(p, mem_ctx, &r3);
3102 if (!NT_STATUS_IS_OK(status)) {
3103 printf("Connect3 failed - %s\n", nt_errstr(status));
3107 test_samr_handle_Close(p, mem_ctx, handle);
3113 printf("testing samr_Connect4\n");
3115 r4.in.system_name = "";
3117 r4.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
3118 r4.out.connect_handle = &h;
3120 status = dcerpc_samr_Connect4(p, mem_ctx, &r4);
3121 if (!NT_STATUS_IS_OK(status)) {
3122 printf("Connect4 failed - %s\n", nt_errstr(status));
3126 test_samr_handle_Close(p, mem_ctx, handle);
3132 printf("testing samr_Connect5\n");
3134 info.info1.unknown1 = 0;
3135 info.info1.unknown2 = 0;
3137 r5.in.system_name = "";
3138 r5.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
3141 r5.out.info = &info;
3142 r5.out.connect_handle = &h;
3144 status = dcerpc_samr_Connect5(p, mem_ctx, &r5);
3145 if (!NT_STATUS_IS_OK(status)) {
3146 printf("Connect5 failed - %s\n", nt_errstr(status));
3150 test_samr_handle_Close(p, mem_ctx, handle);
3160 BOOL torture_rpc_samr(void)
3163 struct dcerpc_pipe *p;
3164 TALLOC_CTX *mem_ctx;
3166 struct policy_handle handle;
3168 mem_ctx = talloc_init("torture_rpc_samr");
3170 status = torture_rpc_connection(&p,
3173 DCERPC_SAMR_VERSION);
3174 if (!NT_STATUS_IS_OK(status)) {
3178 if (!test_Connect(p, mem_ctx, &handle)) {
3182 if (!test_QuerySecurity(p, mem_ctx, &handle)) {
3186 if (!test_EnumDomains(p, mem_ctx, &handle)) {
3190 if (!test_SetDsrmPassword(p, mem_ctx, &handle)) {
3194 if (!test_Shutdown(p, mem_ctx, &handle)) {
3198 if (!test_samr_handle_Close(p, mem_ctx, &handle)) {
3202 talloc_destroy(mem_ctx);
3204 torture_rpc_close(p);