2 Unix SMB/CIFS implementation.
4 Copyright (C) Guenther Deschner 2009-2010
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 #include "lib/replace/replace.h"
21 #include "libcli/util/ntstatus.h"
22 #include "libcli/util/werror.h"
23 #include "lib/util/data_blob.h"
24 #include "lib/util/time.h"
25 #include "libcli/resolve/resolve.h"
26 #include "nsswitch/libwbclient/wbclient.h"
27 #include "torture/smbtorture.h"
28 #include "torture/winbind/proto.h"
29 #include "lib/util/util_net.h"
30 #include "lib/util/charset/charset.h"
31 #include "libcli/auth/libcli_auth.h"
32 #include "lib/param/param.h"
33 #include "lib/util/samba_util.h"
34 #include "lib/crypto/arcfour.h"
35 #include "auth/credentials/credentials.h"
36 #include "lib/cmdline/popt_common.h"
38 #define WBC_ERROR_EQUAL(x,y) (x == y)
40 #define torture_assert_wbc_equal(torture_ctx, got, expected, cmt, cmt_arg) \
41 do { wbcErr __got = got, __expected = expected; \
42 if (!WBC_ERROR_EQUAL(__got, __expected)) { \
43 torture_result(torture_ctx, TORTURE_FAIL, __location__": "#got" was %s, expected %s: " cmt, wbcErrorString(__got), wbcErrorString(__expected), cmt_arg); \
48 #define torture_assert_wbc_ok(torture_ctx,expr,cmt,cmt_arg) \
49 torture_assert_wbc_equal(torture_ctx,expr,WBC_ERR_SUCCESS,cmt,cmt_arg)
51 #define torture_assert_wbc_equal_goto_fail(torture_ctx, got, expected, cmt, cmt_arg) \
52 do { wbcErr __got = got, __expected = expected; \
53 if (!WBC_ERROR_EQUAL(__got, __expected)) { \
54 torture_result(torture_ctx, TORTURE_FAIL, __location__": "#got" was %s, expected %s: " cmt, wbcErrorString(__got), wbcErrorString(__expected), cmt_arg); \
59 #define torture_assert_wbc_ok_goto_fail(torture_ctx,expr,cmt,cmt_arg) \
60 torture_assert_wbc_equal_goto_fail(torture_ctx,expr,WBC_ERR_SUCCESS,cmt,cmt_arg)
62 #define torture_assert_str_equal_goto_fail(torture_ctx,got,expected,cmt)\
63 do { const char *__got = (got), *__expected = (expected); \
64 if (strcmp(__got, __expected) != 0) { \
65 torture_result(torture_ctx, TORTURE_FAIL, \
66 __location__": "#got" was %s, expected %s: %s", \
67 __got, __expected, cmt); \
72 static bool test_wbc_ping(struct torture_context *tctx)
74 torture_assert_wbc_ok(tctx, wbcPing(),
75 "%s", "wbcPing failed");
80 static bool test_wbc_pingdc(struct torture_context *tctx)
82 struct wbcInterfaceDetails *details = NULL;
85 torture_assert_wbc_equal_goto_fail(tctx,
86 wbcPingDc("random_string", NULL),
87 WBC_ERR_DOMAIN_NOT_FOUND,
90 torture_assert_wbc_ok_goto_fail(tctx, wbcPingDc(NULL, NULL),
91 "%s", "wbcPingDc failed");
93 torture_assert_wbc_ok_goto_fail(tctx, wbcInterfaceDetails(&details),
94 "%s", "wbcInterfaceDetails failed");
95 torture_assert_goto(tctx, details, ret, fail,
96 "wbcInterfaceDetails returned NULL pointer");
97 torture_assert_goto(tctx, details->netbios_domain, ret, fail,
98 "wbcInterfaceDetails returned NULL netbios_domain");
100 torture_assert_wbc_ok_goto_fail(tctx,
101 wbcPingDc(details->netbios_domain, NULL),
102 "wbcPingDc(%s) failed",
103 details->netbios_domain);
105 torture_assert_wbc_ok_goto_fail(tctx,
106 wbcPingDc("BUILTIN", NULL),
108 "wbcPingDc(BUILTIN) failed");
112 wbcFreeMemory(details);
116 static bool test_wbc_pingdc2(struct torture_context *tctx)
118 struct wbcInterfaceDetails *details = NULL;
122 torture_assert_wbc_equal_goto_fail(tctx,
123 wbcPingDc2("random_string", NULL, &name),
124 WBC_ERR_DOMAIN_NOT_FOUND,
126 "wbcPingDc2 failed");
127 torture_assert_wbc_ok_goto_fail(tctx,
128 wbcPingDc2(NULL, NULL, &name),
130 "wbcPingDc2 failed");
134 torture_assert_wbc_ok_goto_fail(tctx,
135 wbcInterfaceDetails(&details),
137 "wbcInterfaceDetails failed");
138 torture_assert_goto(tctx,
142 "wbcInterfaceDetails returned NULL pointer");
143 torture_assert_goto(tctx,
144 details->netbios_domain,
147 "wbcInterfaceDetails returned NULL netbios_domain");
149 torture_assert_wbc_ok_goto_fail(tctx,
150 wbcPingDc2(details->netbios_domain, NULL, &name),
151 "wbcPingDc2(%s) failed",
152 details->netbios_domain);
156 torture_assert_wbc_ok_goto_fail(tctx,
157 wbcPingDc2("BUILTIN", NULL, &name),
159 "wbcPingDc2(BUILTIN) failed");
164 wbcFreeMemory(details);
169 static bool test_wbc_library_details(struct torture_context *tctx)
171 struct wbcLibraryDetails *details;
173 torture_assert_wbc_ok(tctx, wbcLibraryDetails(&details),
174 "%s", "wbcLibraryDetails failed");
175 torture_assert(tctx, details,
176 "wbcLibraryDetails returned NULL pointer");
178 wbcFreeMemory(details);
183 static bool test_wbc_interface_details(struct torture_context *tctx)
185 struct wbcInterfaceDetails *details;
187 torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details),
188 "%s", "wbcInterfaceDetails failed");
189 torture_assert(tctx, details,
190 "wbcInterfaceDetails returned NULL pointer");
192 wbcFreeMemory(details);
197 static bool test_wbc_sidtypestring(struct torture_context *tctx)
199 torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_USE_NONE),
200 "SID_NONE", "SID_NONE failed");
201 torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_USER),
202 "SID_USER", "SID_USER failed");
203 torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_DOM_GRP),
204 "SID_DOM_GROUP", "SID_DOM_GROUP failed");
205 torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_DOMAIN),
206 "SID_DOMAIN", "SID_DOMAIN failed");
207 torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_ALIAS),
208 "SID_ALIAS", "SID_ALIAS failed");
209 torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_WKN_GRP),
210 "SID_WKN_GROUP", "SID_WKN_GROUP failed");
211 torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_DELETED),
212 "SID_DELETED", "SID_DELETED failed");
213 torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_INVALID),
214 "SID_INVALID", "SID_INVALID failed");
215 torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_UNKNOWN),
216 "SID_UNKNOWN", "SID_UNKNOWN failed");
217 torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_COMPUTER),
218 "SID_COMPUTER", "SID_COMPUTER failed");
219 torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_LABEL),
220 "SID_LABEL", "SID_LABEL failed");
224 static bool test_wbc_sidtostring(struct torture_context *tctx)
226 struct wbcDomainSid sid;
227 const char *sid_string = "S-1-5-32";
230 torture_assert_wbc_ok(tctx, wbcStringToSid(sid_string, &sid),
231 "wbcStringToSid of %s failed", sid_string);
232 torture_assert_wbc_ok(tctx, wbcSidToString(&sid, &sid_string2),
233 "wbcSidToString of %s failed", sid_string);
234 torture_assert_str_equal(tctx, sid_string, sid_string2,
235 "sid strings differ");
236 wbcFreeMemory(sid_string2);
241 static bool test_wbc_guidtostring(struct torture_context *tctx)
244 const char *guid_string = "f7cf07b4-1487-45c7-824d-8b18cc580811";
247 torture_assert_wbc_ok(tctx, wbcStringToGuid(guid_string, &guid),
248 "wbcStringToGuid of %s failed", guid_string);
249 torture_assert_wbc_ok(tctx, wbcGuidToString(&guid, &guid_string2),
250 "wbcGuidToString of %s failed", guid_string);
251 torture_assert_str_equal(tctx, guid_string, guid_string2,
252 "guid strings differ");
253 wbcFreeMemory(guid_string2);
258 static bool test_wbc_domain_info(struct torture_context *tctx)
260 struct wbcDomainInfo *info = NULL;
261 struct wbcInterfaceDetails *details = NULL;
264 torture_assert_wbc_ok_goto_fail(tctx,
265 wbcInterfaceDetails(&details),
267 "wbcInterfaceDetails failed");
268 torture_assert_wbc_ok_goto_fail(tctx,
269 wbcDomainInfo(details->netbios_domain, &info),
271 "wbcDomainInfo failed");
273 torture_assert_goto(tctx,
277 "wbcDomainInfo returned NULL pointer");
281 wbcFreeMemory(details);
287 static bool test_wbc_users(struct torture_context *tctx)
289 const char *domain_name = NULL;
291 const char **users = NULL;
293 struct wbcInterfaceDetails *details = NULL;
294 struct wbcDomainSid *sids = NULL;
297 char *sid_string = NULL;
300 torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details),
301 "%s", "wbcInterfaceDetails failed");
303 domain_name = talloc_strdup(tctx, details->netbios_domain);
304 torture_assert_goto(tctx,
308 "Failed to allocate domain_name");
309 wbcFreeMemory(details);
312 torture_assert_wbc_ok_goto_fail(tctx,
313 wbcListUsers(domain_name, &num_users, &users),
315 "wbcListUsers failed");
316 torture_assert_goto(tctx,
317 !(num_users > 0 && !users),
320 "wbcListUsers returned invalid results");
322 for (i = 0; i < MIN(num_users, 100); i++) {
323 struct wbcDomainSid sid;
324 enum wbcSidType name_type;
327 torture_assert_wbc_ok_goto_fail(tctx,
328 wbcLookupName(domain_name, users[i], &sid, &name_type),
329 "wbcLookupName of %s failed",
331 torture_assert_int_equal_goto(tctx,
332 name_type, WBC_SID_NAME_USER,
335 "wbcLookupName expected WBC_SID_NAME_USER");
336 wbcSidToString(&sid, &sid_string);
337 torture_assert_wbc_ok_goto_fail(tctx,
342 "wbcLookupSid of %s failed",
344 torture_assert_int_equal_goto(tctx,
345 name_type, WBC_SID_NAME_USER,
348 "wbcLookupSid of expected WBC_SID_NAME_USER");
349 torture_assert_goto(tctx,
353 "wbcLookupSid returned no name");
354 wbcFreeMemory(domain);
359 torture_assert_wbc_ok_goto_fail(tctx,
360 wbcLookupUserSids(&sid, true, &num_sids, &sids),
361 "wbcLookupUserSids of %s failed", sid_string);
362 torture_assert_wbc_ok_goto_fail(tctx,
363 wbcGetDisplayName(&sid,
367 "wbcGetDisplayName of %s failed",
369 wbcFreeMemory(domain);
375 wbcFreeMemory(sid_string);
381 wbcFreeMemory(details);
382 wbcFreeMemory(users);
383 wbcFreeMemory(domain);
386 wbcFreeMemory(sid_string);
391 static bool test_wbc_groups(struct torture_context *tctx)
394 const char *domain_name = NULL;
396 const char **groups = NULL;
398 struct wbcInterfaceDetails *details = NULL;
401 char *sid_string = NULL;
403 torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details),
404 "%s", "wbcInterfaceDetails failed");
406 domain_name = talloc_strdup(tctx, details->netbios_domain);
407 torture_assert_goto(tctx,
411 "Failed to allocate domain_name");
412 wbcFreeMemory(details);
415 torture_assert_wbc_ok_goto_fail(tctx,
416 wbcListGroups(domain_name, &num_groups, &groups),
417 "wbcListGroups in %s failed",
419 torture_assert_goto(tctx,
420 !(num_groups > 0 && !groups),
423 "wbcListGroups returned invalid results");
425 for (i=0; i < MIN(num_groups,100); i++) {
426 struct wbcDomainSid sid;
427 enum wbcSidType name_type;
429 torture_assert_wbc_ok_goto_fail(tctx,
430 wbcLookupName(domain_name,
434 "wbcLookupName for %s failed",
436 wbcSidToString(&sid, &sid_string);
437 torture_assert_wbc_ok_goto_fail(tctx,
442 "wbcLookupSid of %s failed",
444 torture_assert_goto(tctx,
448 "wbcLookupSid returned no name");
450 wbcFreeMemory(domain);
454 wbcFreeMemory(sid_string);
460 wbcFreeMemory(details);
461 wbcFreeMemory(groups);
462 wbcFreeMemory(domain);
464 wbcFreeMemory(sid_string);
469 static bool test_wbc_trusts(struct torture_context *tctx)
471 struct wbcDomainInfo *domains = NULL;
472 struct wbcAuthErrorInfo *error = NULL;
477 torture_assert_wbc_ok_goto_fail(tctx,
478 wbcListTrusts(&domains, &num_domains),
480 "wbcListTrusts failed");
481 torture_assert_goto(tctx,
482 !(num_domains > 0 && !domains),
485 "wbcListTrusts returned invalid results");
487 for (i=0; i < MIN(num_domains,100); i++) {
490 struct wbcDomainSid sid;
491 enum wbcSidType name_type;
495 torture_assert_wbc_ok_goto_fail(tctx,
496 wbcCheckTrustCredentials(domains[i].short_name,
499 "wbcCheckTrustCredentials failed");
501 torture_assert_wbc_ok(tctx, wbcLookupName(domains[i].short_name, NULL, &sid, &name_type),
502 "wbcLookupName failed");
503 torture_assert_int_equal(tctx, name_type, WBC_SID_NAME_DOMAIN,
504 "wbcLookupName expected WBC_SID_NAME_DOMAIN");
505 torture_assert_wbc_ok(tctx, wbcLookupSid(&sid, &domain, &name, &name_type),
506 "wbcLookupSid failed");
507 torture_assert_int_equal(tctx, name_type, WBC_SID_NAME_DOMAIN,
508 "wbcLookupSid expected WBC_SID_NAME_DOMAIN");
509 torture_assert(tctx, name,
510 "wbcLookupSid returned no name");
512 wbcFreeMemory(error);
518 wbcFreeMemory(domains);
519 wbcFreeMemory(error);
524 static bool test_wbc_lookupdc(struct torture_context *tctx)
526 const char *domain_name = NULL;
527 struct wbcInterfaceDetails *details;
528 struct wbcDomainControllerInfo *dc_info;
530 torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details),
531 "%s", "wbcInterfaceDetails failed");
533 domain_name = talloc_strdup(tctx, details->netbios_domain);
534 wbcFreeMemory(details);
536 torture_assert_wbc_ok(tctx, wbcLookupDomainController(domain_name, 0, &dc_info),
537 "wbcLookupDomainController for %s failed", domain_name);
538 wbcFreeMemory(dc_info);
543 static bool test_wbc_lookupdcex(struct torture_context *tctx)
545 const char *domain_name = NULL;
546 struct wbcInterfaceDetails *details;
547 struct wbcDomainControllerInfoEx *dc_info;
549 torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details),
550 "%s", "wbcInterfaceDetails failed");
552 domain_name = talloc_strdup(tctx, details->netbios_domain);
553 wbcFreeMemory(details);
555 torture_assert_wbc_ok(tctx, wbcLookupDomainControllerEx(domain_name, NULL, NULL, 0, &dc_info),
556 "wbcLookupDomainControllerEx for %s failed", domain_name);
557 wbcFreeMemory(dc_info);
562 static bool test_wbc_resolve_winsbyname(struct torture_context *tctx)
568 name = torture_setting_string(tctx, "host", NULL);
570 torture_comment(tctx, "test-WinsByName: host='%s'\n", name);
572 ret = wbcResolveWinsByName(name, &ip);
574 if (is_ipaddress(name)) {
575 torture_assert_wbc_equal(tctx, ret, WBC_ERR_DOMAIN_NOT_FOUND, "wbcResolveWinsByName of %s failed", name);
577 torture_assert_wbc_ok(tctx, ret, "wbcResolveWinsByName for %s failed", name);
583 static bool test_wbc_resolve_winsbyip(struct torture_context *tctx)
587 struct nbt_name nbt_name;
592 host = torture_setting_string(tctx, "host", NULL);
594 torture_comment(tctx, "test-WinsByIp: host='%s'\n", host);
596 make_nbt_name_server(&nbt_name, host);
598 status = resolve_name_ex(lpcfg_resolve_context(tctx->lp_ctx),
599 0, 0, &nbt_name, tctx, &ip, tctx->ev);
600 torture_assert_ntstatus_ok(tctx, status,
601 talloc_asprintf(tctx,"Failed to resolve %s: %s",
602 nbt_name.name, nt_errstr(status)));
604 torture_comment(tctx, "test-WinsByIp: ip='%s'\n", ip);
606 ret = wbcResolveWinsByIP(ip, &name);
608 torture_assert_wbc_ok(tctx, ret, "wbcResolveWinsByIP for %s failed", ip);
615 static bool test_wbc_lookup_rids(struct torture_context *tctx)
617 struct wbcDomainSid builtin;
618 uint32_t rids[2] = { 544, 545 };
619 const char *domain_name = NULL;
620 const char **names = NULL;
621 enum wbcSidType *types;
624 wbcStringToSid("S-1-5-32", &builtin);
626 ret = wbcLookupRids(&builtin, 2, rids, &domain_name, &names,
628 torture_assert_wbc_ok_goto_fail(
629 tctx, ret, "%s", "wbcLookupRids for 544 and 545 failed");
631 torture_assert_str_equal(
632 tctx, names[0], "Administrators",
633 "S-1-5-32-544 not mapped to 'Administrators'");
634 torture_assert_str_equal_goto_fail(
635 tctx, names[1], "Users", "S-1-5-32-545 not mapped to 'Users'");
639 wbcFreeMemory(discard_const_p(char ,domain_name));
640 wbcFreeMemory(names);
641 wbcFreeMemory(types);
645 static bool test_wbc_get_sidaliases(struct torture_context *tctx)
647 struct wbcDomainSid builtin;
648 struct wbcDomainInfo *info = NULL;
649 struct wbcInterfaceDetails *details = NULL;
650 struct wbcDomainSid sids[2];
651 uint32_t *rids = NULL;
655 torture_assert_wbc_ok_goto_fail(tctx,
656 wbcInterfaceDetails(&details),
658 "wbcInterfaceDetails failed");
659 torture_assert_wbc_ok_goto_fail(tctx,
660 wbcDomainInfo(details->netbios_domain, &info),
661 "wbcDomainInfo of %s failed",
662 details->netbios_domain);
665 sids[0].sub_auths[sids[0].num_auths++] = 500;
667 sids[1].sub_auths[sids[1].num_auths++] = 512;
669 torture_assert_wbc_ok_goto_fail(tctx,
670 wbcStringToSid("S-1-5-32", &builtin),
671 "wbcStringToSid of %s failed",
674 ret = wbcGetSidAliases(&builtin, sids, 2, &rids, &num_rids);
675 torture_assert_wbc_ok_goto_fail(tctx,
678 "wbcGetSidAliases failed");
682 wbcFreeMemory(details);
688 static bool test_wbc_authenticate_user_int(struct torture_context *tctx,
689 const char *correct_password)
691 struct wbcAuthUserParams params;
692 struct wbcAuthUserInfo *info = NULL;
693 struct wbcAuthErrorInfo *error = NULL;
696 ret = wbcAuthenticateUser(cli_credentials_get_username(
697 popt_get_cmdline_credentials()), correct_password);
698 torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
699 "wbcAuthenticateUser of %s failed",
700 cli_credentials_get_username(popt_get_cmdline_credentials()));
703 params.account_name =
704 cli_credentials_get_username(popt_get_cmdline_credentials());
705 params.level = WBC_AUTH_USER_LEVEL_PLAIN;
706 params.password.plaintext = correct_password;
708 ret = wbcAuthenticateUserEx(¶ms, &info, &error);
709 torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
710 "wbcAuthenticateUserEx of %s failed", params.account_name);
714 wbcFreeMemory(error);
717 params.password.plaintext = "wrong";
718 ret = wbcAuthenticateUserEx(¶ms, &info, &error);
719 torture_assert_wbc_equal(tctx, ret, WBC_ERR_AUTH_ERROR,
720 "wbcAuthenticateUserEx for %s succeeded where it "
721 "should have failed", params.account_name);
725 wbcFreeMemory(error);
731 static bool test_wbc_authenticate_user(struct torture_context *tctx)
733 return test_wbc_authenticate_user_int(tctx,
734 cli_credentials_get_password(popt_get_cmdline_credentials()));
737 static bool test_wbc_change_password(struct torture_context *tctx)
740 const char *oldpass =
741 cli_credentials_get_password(popt_get_cmdline_credentials());
742 const char *newpass = "Koo8irei%$";
744 struct samr_CryptPassword new_nt_password;
745 struct samr_CryptPassword new_lm_password;
746 struct samr_Password old_nt_hash_enc;
747 struct samr_Password old_lanman_hash_enc;
749 uint8_t old_nt_hash[16];
750 uint8_t old_lanman_hash[16];
751 uint8_t new_nt_hash[16];
752 uint8_t new_lanman_hash[16];
754 struct wbcChangePasswordParams params;
756 if (oldpass == NULL) {
758 "skipping wbcChangeUserPassword test as old password cannot be retrieved\n");
763 E_md4hash(oldpass, old_nt_hash);
764 E_md4hash(newpass, new_nt_hash);
766 if (lpcfg_client_lanman_auth(tctx->lp_ctx) &&
767 E_deshash(newpass, new_lanman_hash) &&
768 E_deshash(oldpass, old_lanman_hash)) {
770 /* E_deshash returns false for 'long' passwords (> 14
771 DOS chars). This allows us to match Win2k, which
772 does not store a LM hash for these passwords (which
773 would reduce the effective password length to 14) */
775 encode_pw_buffer(new_lm_password.data, newpass, STR_UNICODE);
776 arcfour_crypt(new_lm_password.data, old_nt_hash, 516);
777 E_old_pw_hash(new_nt_hash, old_lanman_hash,
778 old_lanman_hash_enc.hash);
780 params.old_password.response.old_lm_hash_enc_length =
781 sizeof(old_lanman_hash_enc.hash);
782 params.old_password.response.old_lm_hash_enc_data =
783 old_lanman_hash_enc.hash;
784 params.new_password.response.lm_length =
785 sizeof(new_lm_password.data);
786 params.new_password.response.lm_data =
787 new_lm_password.data;
789 ZERO_STRUCT(new_lm_password);
790 ZERO_STRUCT(old_lanman_hash_enc);
793 encode_pw_buffer(new_nt_password.data, newpass, STR_UNICODE);
795 arcfour_crypt(new_nt_password.data, old_nt_hash, 516);
796 E_old_pw_hash(new_nt_hash, old_nt_hash, old_nt_hash_enc.hash);
798 params.old_password.response.old_nt_hash_enc_length =
799 sizeof(old_nt_hash_enc.hash);
800 params.old_password.response.old_nt_hash_enc_data =
801 old_nt_hash_enc.hash;
802 params.new_password.response.nt_length = sizeof(new_nt_password.data);
803 params.new_password.response.nt_data = new_nt_password.data;
805 params.level = WBC_CHANGE_PASSWORD_LEVEL_RESPONSE;
806 params.account_name =
807 cli_credentials_get_username(popt_get_cmdline_credentials());
809 cli_credentials_get_domain(popt_get_cmdline_credentials());
811 ret = wbcChangeUserPasswordEx(¶ms, NULL, NULL, NULL);
812 torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
813 "wbcChangeUserPassword for %s failed", params.account_name);
815 if (!test_wbc_authenticate_user_int(tctx, newpass)) {
819 ret = wbcChangeUserPassword(
820 cli_credentials_get_username(popt_get_cmdline_credentials()),
822 cli_credentials_get_password(popt_get_cmdline_credentials()));
823 torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
824 "wbcChangeUserPassword for %s failed", params.account_name);
826 return test_wbc_authenticate_user_int(tctx,
827 cli_credentials_get_password(popt_get_cmdline_credentials()));
830 static bool test_wbc_logon_user(struct torture_context *tctx)
832 struct wbcLogonUserParams params;
833 struct wbcLogonUserInfo *info = NULL;
834 struct wbcAuthErrorInfo *error = NULL;
835 struct wbcUserPasswordPolicyInfo *policy = NULL;
836 struct wbcInterfaceDetails *iface;
837 struct wbcDomainSid sid;
838 enum wbcSidType sidtype;
844 ret = wbcLogonUser(¶ms, &info, &error, &policy);
845 torture_assert_wbc_equal(tctx, ret, WBC_ERR_INVALID_PARAM,
846 "%s", "wbcLogonUser succeeded for NULL where it should "
850 cli_credentials_get_username(popt_get_cmdline_credentials());
852 cli_credentials_get_password(popt_get_cmdline_credentials());
854 ret = wbcAddNamedBlob(¶ms.num_blobs, ¶ms.blobs,
855 "foo", 0, discard_const_p(uint8_t, "bar"), 4);
856 torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
857 "%s", "wbcAddNamedBlob failed");
859 ret = wbcLogonUser(¶ms, &info, &error, &policy);
860 torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
861 "wbcLogonUser for %s failed", params.username);
862 wbcFreeMemory(info); info = NULL;
863 wbcFreeMemory(error); error = NULL;
864 wbcFreeMemory(policy); policy = NULL;
866 params.password = "wrong";
868 ret = wbcLogonUser(¶ms, &info, &error, &policy);
869 torture_assert_wbc_equal(tctx, ret, WBC_ERR_AUTH_ERROR,
870 "wbcLogonUser for %s should have failed with "
871 "WBC_ERR_AUTH_ERROR", params.username);
872 wbcFreeMemory(info); info = NULL;
873 wbcFreeMemory(error); error = NULL;
874 wbcFreeMemory(policy); policy = NULL;
876 ret = wbcAddNamedBlob(¶ms.num_blobs, ¶ms.blobs,
878 discard_const_p(uint8_t, "S-1-2-3-4"),
879 strlen("S-1-2-3-4")+1);
880 torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
881 "%s", "wbcAddNamedBlob failed");
883 cli_credentials_get_password(popt_get_cmdline_credentials());
884 ret = wbcLogonUser(¶ms, &info, &error, &policy);
885 torture_assert_wbc_equal(tctx, ret, WBC_ERR_AUTH_ERROR,
886 "wbcLogonUser for %s should have failed with "
887 "WBC_ERR_AUTH_ERROR", params.username);
888 wbcFreeMemory(info); info = NULL;
889 wbcFreeMemory(error); error = NULL;
890 wbcFreeMemory(policy); policy = NULL;
891 wbcFreeMemory(params.blobs);
892 params.blobs = NULL; params.num_blobs = 0;
894 ret = wbcInterfaceDetails(&iface);
895 torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
896 "%s", "wbcInterfaceDetails failed");
898 ret = wbcLookupName(iface->netbios_domain,
899 cli_credentials_get_username(popt_get_cmdline_credentials()),
902 wbcFreeMemory(iface);
903 torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
904 "wbcLookupName for %s failed",
905 cli_credentials_get_username(popt_get_cmdline_credentials()));
907 ret = wbcSidToString(&sid, &sidstr);
908 torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
909 "%s", "wbcSidToString failed");
911 ret = wbcAddNamedBlob(¶ms.num_blobs, ¶ms.blobs,
913 (uint8_t *)sidstr, strlen(sidstr)+1);
914 torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
915 "%s", "wbcAddNamedBlob failed");
916 wbcFreeMemory(sidstr);
918 cli_credentials_get_password(popt_get_cmdline_credentials());
919 ret = wbcLogonUser(¶ms, &info, &error, &policy);
920 torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
921 "wbcLogonUser for %s failed", params.username);
922 wbcFreeMemory(info); info = NULL;
923 wbcFreeMemory(error); error = NULL;
924 wbcFreeMemory(policy); policy = NULL;
925 wbcFreeMemory(params.blobs);
926 params.blobs = NULL; params.num_blobs = 0;
931 static bool test_wbc_getgroups(struct torture_context *tctx)
938 cli_credentials_get_username(popt_get_cmdline_credentials()),
941 torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
942 "wbcGetGroups for %s failed",
943 cli_credentials_get_username(popt_get_cmdline_credentials()));
944 wbcFreeMemory(groups);
948 struct torture_suite *torture_wbclient(TALLOC_CTX *ctx)
950 struct torture_suite *suite = torture_suite_create(ctx, "wbclient");
952 torture_suite_add_simple_test(suite, "wbcPing", test_wbc_ping);
953 torture_suite_add_simple_test(suite, "wbcPingDc", test_wbc_pingdc);
954 torture_suite_add_simple_test(suite, "wbcPingDc2", test_wbc_pingdc2);
955 torture_suite_add_simple_test(suite, "wbcLibraryDetails", test_wbc_library_details);
956 torture_suite_add_simple_test(suite, "wbcInterfaceDetails", test_wbc_interface_details);
957 torture_suite_add_simple_test(suite, "wbcSidTypeString", test_wbc_sidtypestring);
958 torture_suite_add_simple_test(suite, "wbcSidToString", test_wbc_sidtostring);
959 torture_suite_add_simple_test(suite, "wbcGuidToString", test_wbc_guidtostring);
960 torture_suite_add_simple_test(suite, "wbcDomainInfo", test_wbc_domain_info);
961 torture_suite_add_simple_test(suite, "wbcListUsers", test_wbc_users);
962 torture_suite_add_simple_test(suite, "wbcListGroups", test_wbc_groups);
963 torture_suite_add_simple_test(suite, "wbcListTrusts", test_wbc_trusts);
964 torture_suite_add_simple_test(suite, "wbcLookupDomainController", test_wbc_lookupdc);
965 torture_suite_add_simple_test(suite, "wbcLookupDomainControllerEx", test_wbc_lookupdcex);
966 torture_suite_add_simple_test(suite, "wbcResolveWinsByName", test_wbc_resolve_winsbyname);
967 torture_suite_add_simple_test(suite, "wbcResolveWinsByIP", test_wbc_resolve_winsbyip);
968 torture_suite_add_simple_test(suite, "wbcLookupRids",
969 test_wbc_lookup_rids);
970 torture_suite_add_simple_test(suite, "wbcGetSidAliases",
971 test_wbc_get_sidaliases);
972 torture_suite_add_simple_test(suite, "wbcAuthenticateUser",
973 test_wbc_authenticate_user);
974 torture_suite_add_simple_test(suite, "wbcLogonUser",
975 test_wbc_logon_user);
976 torture_suite_add_simple_test(suite, "wbcChangeUserPassword",
977 test_wbc_change_password);
978 torture_suite_add_simple_test(suite, "wbcGetGroups",