2 Unix SMB/CIFS implementation.
3 test suite for samr rpc operations
5 Copyright (C) Andrew Tridgell 2003
6 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2003
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 #include "librpc/gen_ndr/ndr_lsa.h"
25 #include "librpc/gen_ndr/ndr_samr.h"
26 #include "lib/crypto/crypto.h"
28 #define TEST_ACCOUNT_NAME "samrtorturetest"
29 #define TEST_ALIASNAME "samrtorturetestalias"
30 #define TEST_GROUPNAME "samrtorturetestgroup"
31 #define TEST_MACHINENAME "samrtorturetestmach$"
32 #define TEST_DOMAINNAME "samrtorturetestdom$"
35 static BOOL test_QueryUserInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
36 struct policy_handle *handle);
38 static BOOL test_QueryUserInfo2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
39 struct policy_handle *handle);
41 static BOOL test_QueryAliasInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
42 struct policy_handle *handle);
44 static void init_samr_String(struct samr_String *string, const char *s)
49 BOOL test_samr_handle_Close(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
50 struct policy_handle *handle)
56 r.out.handle = handle;
58 status = dcerpc_samr_Close(p, mem_ctx, &r);
59 if (!NT_STATUS_IS_OK(status)) {
60 printf("Close handle failed - %s\n", nt_errstr(status));
67 static BOOL test_Shutdown(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
68 struct policy_handle *handle)
71 struct samr_Shutdown r;
73 if (lp_parm_int(-1, "torture", "dangerous") != 1) {
74 printf("samr_Shutdown disabled - enable dangerous tests to use\n");
78 r.in.connect_handle = handle;
80 printf("testing samr_Shutdown\n");
82 status = dcerpc_samr_Shutdown(p, mem_ctx, &r);
83 if (!NT_STATUS_IS_OK(status)) {
84 printf("samr_Shutdown failed - %s\n", nt_errstr(status));
91 static BOOL test_SetDsrmPassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
92 struct policy_handle *handle)
95 struct samr_SetDsrmPassword r;
96 struct samr_String string;
97 struct samr_Password hash;
99 if (lp_parm_int(-1, "torture", "dangerous") != 1) {
100 printf("samr_SetDsrmPassword disabled - enable dangerous tests to use\n");
104 E_md4hash("TeSTDSRM123", hash.hash);
106 init_samr_String(&string, "Administrator");
112 printf("testing samr_SetDsrmPassword\n");
114 status = dcerpc_samr_SetDsrmPassword(p, mem_ctx, &r);
115 if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
116 printf("samr_SetDsrmPassword failed - %s\n", nt_errstr(status));
124 static BOOL test_QuerySecurity(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
125 struct policy_handle *handle)
128 struct samr_QuerySecurity r;
129 struct samr_SetSecurity s;
131 r.in.handle = handle;
134 status = dcerpc_samr_QuerySecurity(p, mem_ctx, &r);
135 if (!NT_STATUS_IS_OK(status)) {
136 printf("QuerySecurity failed - %s\n", nt_errstr(status));
140 if (r.out.sdbuf == NULL) {
144 s.in.handle = handle;
146 s.in.sdbuf = r.out.sdbuf;
148 status = dcerpc_samr_SetSecurity(p, mem_ctx, &s);
149 if (!NT_STATUS_IS_OK(status)) {
150 printf("SetSecurity failed - %s\n", nt_errstr(status));
154 status = dcerpc_samr_QuerySecurity(p, mem_ctx, &r);
155 if (!NT_STATUS_IS_OK(status)) {
156 printf("QuerySecurity failed - %s\n", nt_errstr(status));
164 static BOOL test_SetUserInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
165 struct policy_handle *handle, uint32_t base_acct_flags)
168 struct samr_SetUserInfo s;
169 struct samr_SetUserInfo2 s2;
170 struct samr_QueryUserInfo q;
171 struct samr_QueryUserInfo q0;
172 union samr_UserInfo u;
175 uint32_t user_extra_flags = 0;
176 if (base_acct_flags == ACB_NORMAL) {
177 /* Don't know what this is, but it is always here for users - you can't get rid of it */
178 user_extra_flags = 0x20000;
181 s.in.user_handle = handle;
184 s2.in.user_handle = handle;
187 q.in.user_handle = handle;
191 #define TESTCALL(call, r) \
192 status = dcerpc_samr_ ##call(p, mem_ctx, &r); \
193 if (!NT_STATUS_IS_OK(status)) { \
194 printf(#call " level %u failed - %s (line %d)\n", \
195 r.in.level, nt_errstr(status), __LINE__); \
200 #define STRING_EQUAL(s1, s2, field) \
201 if ((s1 && !s2) || (s2 && !s1) || strcmp(s1, s2)) { \
202 printf("Failed to set %s to '%s' (line %d)\n", \
203 #field, s2, __LINE__); \
208 #define INT_EQUAL(i1, i2, field) \
210 printf("Failed to set %s to 0x%x - got 0x%x (line %d)\n", \
211 #field, i2, i1, __LINE__); \
216 #define TEST_USERINFO_STRING(lvl1, field1, lvl2, field2, value, fpval) do { \
217 printf("field test %d/%s vs %d/%s\n", lvl1, #field1, lvl2, #field2); \
219 TESTCALL(QueryUserInfo, q) \
221 s2.in.level = lvl1; \
224 ZERO_STRUCT(u.info21); \
225 u.info21.fields_present = fpval; \
227 init_samr_String(&u.info ## lvl1.field1, value); \
228 TESTCALL(SetUserInfo, s) \
229 TESTCALL(SetUserInfo2, s2) \
230 init_samr_String(&u.info ## lvl1.field1, ""); \
231 TESTCALL(QueryUserInfo, q); \
233 STRING_EQUAL(u.info ## lvl1.field1.string, value, field1); \
235 TESTCALL(QueryUserInfo, q) \
237 STRING_EQUAL(u.info ## lvl2.field2.string, value, field2); \
240 #define TEST_USERINFO_INT_EXP(lvl1, field1, lvl2, field2, value, exp_value, fpval) do { \
241 printf("field test %d/%s vs %d/%s\n", lvl1, #field1, lvl2, #field2); \
243 TESTCALL(QueryUserInfo, q) \
245 s2.in.level = lvl1; \
248 uint8_t *bitmap = u.info21.logon_hours.bitmap; \
249 ZERO_STRUCT(u.info21); \
250 if (fpval == SAMR_FIELD_LOGON_HOURS) { \
251 u.info21.logon_hours.units_per_week = 168; \
252 u.info21.logon_hours.bitmap = bitmap; \
254 u.info21.fields_present = fpval; \
256 u.info ## lvl1.field1 = value; \
257 TESTCALL(SetUserInfo, s) \
258 TESTCALL(SetUserInfo2, s2) \
259 u.info ## lvl1.field1 = 0; \
260 TESTCALL(QueryUserInfo, q); \
262 INT_EQUAL(u.info ## lvl1.field1, exp_value, field1); \
264 TESTCALL(QueryUserInfo, q) \
266 INT_EQUAL(u.info ## lvl2.field2, exp_value, field1); \
269 #define TEST_USERINFO_INT(lvl1, field1, lvl2, field2, value, fpval) do { \
270 TEST_USERINFO_INT_EXP(lvl1, field1, lvl2, field2, value, value, fpval); \
274 do { TESTCALL(QueryUserInfo, q0) } while (0);
276 TEST_USERINFO_STRING(2, comment, 1, comment, "xx2-1 comment", 0);
277 TEST_USERINFO_STRING(2, comment, 21, comment, "xx2-21 comment", 0);
278 TEST_USERINFO_STRING(21, comment, 21, comment, "xx21-21 comment",
281 TEST_USERINFO_STRING(6, full_name, 1, full_name, "xx6-1 full_name", 0);
282 TEST_USERINFO_STRING(6, full_name, 3, full_name, "xx6-3 full_name", 0);
283 TEST_USERINFO_STRING(6, full_name, 5, full_name, "xx6-5 full_name", 0);
284 TEST_USERINFO_STRING(6, full_name, 6, full_name, "xx6-6 full_name", 0);
285 TEST_USERINFO_STRING(6, full_name, 8, full_name, "xx6-8 full_name", 0);
286 TEST_USERINFO_STRING(6, full_name, 21, full_name, "xx6-21 full_name", 0);
287 TEST_USERINFO_STRING(8, full_name, 21, full_name, "xx8-21 full_name", 0);
288 TEST_USERINFO_STRING(21, full_name, 21, full_name, "xx21-21 full_name",
291 TEST_USERINFO_STRING(11, logon_script, 3, logon_script, "xx11-3 logon_script", 0);
292 TEST_USERINFO_STRING(11, logon_script, 5, logon_script, "xx11-5 logon_script", 0);
293 TEST_USERINFO_STRING(11, logon_script, 21, logon_script, "xx11-21 logon_script", 0);
294 TEST_USERINFO_STRING(21, logon_script, 21, logon_script, "xx21-21 logon_script",
295 SAMR_FIELD_LOGON_SCRIPT);
297 TEST_USERINFO_STRING(12, profile_path, 3, profile_path, "xx12-3 profile_path", 0);
298 TEST_USERINFO_STRING(12, profile_path, 5, profile_path, "xx12-5 profile_path", 0);
299 TEST_USERINFO_STRING(12, profile_path, 21, profile_path, "xx12-21 profile_path", 0);
300 TEST_USERINFO_STRING(21, profile_path, 21, profile_path, "xx21-21 profile_path",
301 SAMR_FIELD_PROFILE_PATH);
303 TEST_USERINFO_STRING(13, description, 1, description, "xx13-1 description", 0);
304 TEST_USERINFO_STRING(13, description, 5, description, "xx13-5 description", 0);
305 TEST_USERINFO_STRING(13, description, 21, description, "xx13-21 description", 0);
306 TEST_USERINFO_STRING(21, description, 21, description, "xx21-21 description",
307 SAMR_FIELD_DESCRIPTION);
309 TEST_USERINFO_STRING(14, workstations, 3, workstations, "14workstation3", 0);
310 TEST_USERINFO_STRING(14, workstations, 5, workstations, "14workstation4", 0);
311 TEST_USERINFO_STRING(14, workstations, 21, workstations, "14workstation21", 0);
312 TEST_USERINFO_STRING(21, workstations, 21, workstations, "21workstation21",
313 SAMR_FIELD_WORKSTATION);
315 TEST_USERINFO_STRING(20, parameters, 21, parameters, "xx20-21 parameters", 0);
316 TEST_USERINFO_STRING(21, parameters, 21, parameters, "xx21-21 parameters",
317 SAMR_FIELD_PARAMETERS);
319 TEST_USERINFO_INT(2, country_code, 21, country_code, __LINE__, 0);
320 TEST_USERINFO_INT(21, country_code, 21, country_code, __LINE__,
321 SAMR_FIELD_COUNTRY_CODE);
323 TEST_USERINFO_INT(2, code_page, 21, code_page, __LINE__, 0);
324 TEST_USERINFO_INT(21, code_page, 21, code_page, __LINE__,
325 SAMR_FIELD_CODE_PAGE);
327 TEST_USERINFO_INT(4, logon_hours.bitmap[3], 3, logon_hours.bitmap[3], 1, 0);
328 TEST_USERINFO_INT(4, logon_hours.bitmap[3], 5, logon_hours.bitmap[3], 2, 0);
329 TEST_USERINFO_INT(4, logon_hours.bitmap[3], 21, logon_hours.bitmap[3], 3, 0);
330 TEST_USERINFO_INT(21, logon_hours.bitmap[3], 21, logon_hours.bitmap[3], 4,
331 SAMR_FIELD_LOGON_HOURS);
333 TEST_USERINFO_INT_EXP(16, acct_flags, 5, acct_flags,
334 (base_acct_flags | ACB_DISABLED | ACB_HOMDIRREQ),
335 (base_acct_flags | ACB_DISABLED | ACB_HOMDIRREQ | user_extra_flags),
337 TEST_USERINFO_INT_EXP(16, acct_flags, 5, acct_flags,
338 (base_acct_flags | ACB_DISABLED),
339 (base_acct_flags | ACB_DISABLED | user_extra_flags),
342 /* Setting PWNOEXP clears the magic 0x20000 flag */
343 TEST_USERINFO_INT_EXP(16, acct_flags, 5, acct_flags,
344 (base_acct_flags | ACB_DISABLED | ACB_PWNOEXP),
345 (base_acct_flags | ACB_DISABLED | ACB_PWNOEXP),
347 TEST_USERINFO_INT_EXP(16, acct_flags, 21, acct_flags,
348 (base_acct_flags | ACB_DISABLED | ACB_HOMDIRREQ),
349 (base_acct_flags | ACB_DISABLED | ACB_HOMDIRREQ | user_extra_flags),
352 /* The 'autolock' flag doesn't stick - check this */
353 TEST_USERINFO_INT_EXP(16, acct_flags, 21, acct_flags,
354 (base_acct_flags | ACB_DISABLED | ACB_AUTOLOCK),
355 (base_acct_flags | ACB_DISABLED | user_extra_flags),
357 TEST_USERINFO_INT_EXP(21, acct_flags, 21, acct_flags,
358 (base_acct_flags | ACB_DISABLED),
359 (base_acct_flags | ACB_DISABLED | user_extra_flags),
360 SAMR_FIELD_ACCT_FLAGS);
363 /* these fail with win2003 - it appears you can't set the primary gid?
364 the set succeeds, but the gid isn't changed. Very weird! */
365 TEST_USERINFO_INT(9, primary_gid, 1, primary_gid, 513);
366 TEST_USERINFO_INT(9, primary_gid, 3, primary_gid, 513);
367 TEST_USERINFO_INT(9, primary_gid, 5, primary_gid, 513);
368 TEST_USERINFO_INT(9, primary_gid, 21, primary_gid, 513);
374 generate a random password for password change tests
376 static char *samr_rand_pass(TALLOC_CTX *mem_ctx, int min_len)
378 size_t len = MAX(8, min_len) + (random() % 6);
379 char *s = generate_random_str(mem_ctx, len);
380 printf("Generated password '%s'\n", s);
384 static BOOL test_SetUserPass(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
385 struct policy_handle *handle, char **password)
388 struct samr_SetUserInfo s;
389 union samr_UserInfo u;
391 DATA_BLOB session_key;
393 struct samr_GetUserPwInfo pwp;
394 int policy_min_pw_len = 0;
395 pwp.in.user_handle = handle;
397 status = dcerpc_samr_GetUserPwInfo(p, mem_ctx, &pwp);
398 if (NT_STATUS_IS_OK(status)) {
399 policy_min_pw_len = pwp.out.info.min_password_length;
401 newpass = samr_rand_pass(mem_ctx, policy_min_pw_len);
403 s.in.user_handle = handle;
407 encode_pw_buffer(u.info24.password.data, newpass, STR_UNICODE);
408 /* w2k3 ignores this length */
409 u.info24.pw_len = strlen_m(newpass) * 2;
411 status = dcerpc_fetch_session_key(p, &session_key);
412 if (!NT_STATUS_IS_OK(status)) {
413 printf("SetUserInfo level %u - no session key - %s\n",
414 s.in.level, nt_errstr(status));
418 arcfour_crypt_blob(u.info24.password.data, 516, &session_key);
420 printf("Testing SetUserInfo level 24 (set password)\n");
422 status = dcerpc_samr_SetUserInfo(p, mem_ctx, &s);
423 if (!NT_STATUS_IS_OK(status)) {
424 printf("SetUserInfo level %u failed - %s\n",
425 s.in.level, nt_errstr(status));
435 static BOOL test_SetUserPass_23(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
436 struct policy_handle *handle, uint32 fields_present,
440 struct samr_SetUserInfo s;
441 union samr_UserInfo u;
443 DATA_BLOB session_key;
445 struct samr_GetUserPwInfo pwp;
446 int policy_min_pw_len = 0;
447 pwp.in.user_handle = handle;
449 status = dcerpc_samr_GetUserPwInfo(p, mem_ctx, &pwp);
450 if (NT_STATUS_IS_OK(status)) {
451 policy_min_pw_len = pwp.out.info.min_password_length;
453 newpass = samr_rand_pass(mem_ctx, policy_min_pw_len);
455 s.in.user_handle = handle;
461 u.info23.info.fields_present = fields_present;
463 encode_pw_buffer(u.info23.password.data, newpass, STR_UNICODE);
465 status = dcerpc_fetch_session_key(p, &session_key);
466 if (!NT_STATUS_IS_OK(status)) {
467 printf("SetUserInfo level %u - no session key - %s\n",
468 s.in.level, nt_errstr(status));
472 arcfour_crypt_blob(u.info23.password.data, 516, &session_key);
474 printf("Testing SetUserInfo level 23 (set password)\n");
476 status = dcerpc_samr_SetUserInfo(p, mem_ctx, &s);
477 if (!NT_STATUS_IS_OK(status)) {
478 printf("SetUserInfo level %u failed - %s\n",
479 s.in.level, nt_errstr(status));
489 static BOOL test_SetUserPassEx(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
490 struct policy_handle *handle, char **password)
493 struct samr_SetUserInfo s;
494 union samr_UserInfo u;
496 DATA_BLOB session_key;
497 DATA_BLOB confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16);
498 uint8_t confounder[16];
500 struct MD5Context ctx;
501 struct samr_GetUserPwInfo pwp;
502 int policy_min_pw_len = 0;
503 pwp.in.user_handle = handle;
505 status = dcerpc_samr_GetUserPwInfo(p, mem_ctx, &pwp);
506 if (NT_STATUS_IS_OK(status)) {
507 policy_min_pw_len = pwp.out.info.min_password_length;
509 newpass = samr_rand_pass(mem_ctx, policy_min_pw_len);
511 s.in.user_handle = handle;
515 encode_pw_buffer(u.info26.password.data, newpass, STR_UNICODE);
516 u.info26.pw_len = strlen(newpass);
518 status = dcerpc_fetch_session_key(p, &session_key);
519 if (!NT_STATUS_IS_OK(status)) {
520 printf("SetUserInfo level %u - no session key - %s\n",
521 s.in.level, nt_errstr(status));
525 generate_random_buffer((uint8_t *)confounder, 16);
528 MD5Update(&ctx, confounder, 16);
529 MD5Update(&ctx, session_key.data, session_key.length);
530 MD5Final(confounded_session_key.data, &ctx);
532 arcfour_crypt_blob(u.info26.password.data, 516, &confounded_session_key);
533 memcpy(&u.info26.password.data[516], confounder, 16);
535 printf("Testing SetUserInfo level 26 (set password ex)\n");
537 status = dcerpc_samr_SetUserInfo(p, mem_ctx, &s);
538 if (!NT_STATUS_IS_OK(status)) {
539 printf("SetUserInfo level %u failed - %s\n",
540 s.in.level, nt_errstr(status));
549 static BOOL test_SetUserPass_25(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
550 struct policy_handle *handle, uint32 fields_present,
554 struct samr_SetUserInfo s;
555 union samr_UserInfo u;
557 DATA_BLOB session_key;
558 DATA_BLOB confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16);
559 struct MD5Context ctx;
560 uint8_t confounder[16];
562 struct samr_GetUserPwInfo pwp;
563 int policy_min_pw_len = 0;
564 pwp.in.user_handle = handle;
566 status = dcerpc_samr_GetUserPwInfo(p, mem_ctx, &pwp);
567 if (NT_STATUS_IS_OK(status)) {
568 policy_min_pw_len = pwp.out.info.min_password_length;
570 newpass = samr_rand_pass(mem_ctx, policy_min_pw_len);
572 s.in.user_handle = handle;
578 u.info25.info.fields_present = fields_present;
580 encode_pw_buffer(u.info25.password.data, newpass, STR_UNICODE);
582 status = dcerpc_fetch_session_key(p, &session_key);
583 if (!NT_STATUS_IS_OK(status)) {
584 printf("SetUserInfo level %u - no session key - %s\n",
585 s.in.level, nt_errstr(status));
589 generate_random_buffer((uint8_t *)confounder, 16);
592 MD5Update(&ctx, confounder, 16);
593 MD5Update(&ctx, session_key.data, session_key.length);
594 MD5Final(confounded_session_key.data, &ctx);
596 arcfour_crypt_blob(u.info25.password.data, 516, &confounded_session_key);
597 memcpy(&u.info25.password.data[516], confounder, 16);
599 printf("Testing SetUserInfo level 25 (set password ex)\n");
601 status = dcerpc_samr_SetUserInfo(p, mem_ctx, &s);
602 if (!NT_STATUS_IS_OK(status)) {
603 printf("SetUserInfo level %u failed - %s\n",
604 s.in.level, nt_errstr(status));
613 static BOOL test_SetAliasInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
614 struct policy_handle *handle)
617 struct samr_SetAliasInfo r;
618 struct samr_QueryAliasInfo q;
619 uint16_t levels[] = {2, 3};
623 /* Ignoring switch level 1, as that includes the number of members for the alias
624 * and setting this to a wrong value might have negative consequences
627 for (i=0;i<ARRAY_SIZE(levels);i++) {
628 printf("Testing SetAliasInfo level %u\n", levels[i]);
630 r.in.alias_handle = handle;
631 r.in.level = levels[i];
632 switch (r.in.level) {
633 case 2 : init_samr_String(&r.in.info.name,TEST_ALIASNAME); break;
634 case 3 : init_samr_String(&r.in.info.description,
635 "Test Description, should test I18N as well"); break;
638 status = dcerpc_samr_SetAliasInfo(p, mem_ctx, &r);
639 if (!NT_STATUS_IS_OK(status)) {
640 printf("SetAliasInfo level %u failed - %s\n",
641 levels[i], nt_errstr(status));
645 q.in.alias_handle = handle;
646 q.in.level = levels[i];
648 status = dcerpc_samr_QueryAliasInfo(p, mem_ctx, &q);
649 if (!NT_STATUS_IS_OK(status)) {
650 printf("QueryAliasInfo level %u failed - %s\n",
651 levels[i], nt_errstr(status));
659 static BOOL test_GetGroupsForUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
660 struct policy_handle *user_handle)
662 struct samr_GetGroupsForUser r;
666 printf("testing GetGroupsForUser\n");
668 r.in.user_handle = user_handle;
670 status = dcerpc_samr_GetGroupsForUser(p, mem_ctx, &r);
671 if (!NT_STATUS_IS_OK(status)) {
672 printf("GetGroupsForUser failed - %s\n",nt_errstr(status));
680 static BOOL test_GetDomPwInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
681 struct samr_String *domain_name)
684 struct samr_GetDomPwInfo r;
687 r.in.name = domain_name;
688 printf("Testing GetDomPwInfo with name %s\n", r.in.name->string);
690 status = dcerpc_samr_GetDomPwInfo(p, mem_ctx, &r);
691 if (!NT_STATUS_IS_OK(status)) {
692 printf("GetDomPwInfo failed - %s\n", nt_errstr(status));
696 r.in.name->string = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
697 printf("Testing GetDomPwInfo with name %s\n", r.in.name->string);
699 status = dcerpc_samr_GetDomPwInfo(p, mem_ctx, &r);
700 if (!NT_STATUS_IS_OK(status)) {
701 printf("GetDomPwInfo failed - %s\n", nt_errstr(status));
705 r.in.name->string = "\\\\__NONAME__";
706 printf("Testing GetDomPwInfo with name %s\n", r.in.name->string);
708 status = dcerpc_samr_GetDomPwInfo(p, mem_ctx, &r);
709 if (!NT_STATUS_IS_OK(status)) {
710 printf("GetDomPwInfo failed - %s\n", nt_errstr(status));
714 r.in.name->string = "\\\\Builtin";
715 printf("Testing GetDomPwInfo with name %s\n", r.in.name->string);
717 status = dcerpc_samr_GetDomPwInfo(p, mem_ctx, &r);
718 if (!NT_STATUS_IS_OK(status)) {
719 printf("GetDomPwInfo failed - %s\n", nt_errstr(status));
727 static BOOL test_GetUserPwInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
728 struct policy_handle *handle)
731 struct samr_GetUserPwInfo r;
734 printf("Testing GetUserPwInfo\n");
736 r.in.user_handle = handle;
738 status = dcerpc_samr_GetUserPwInfo(p, mem_ctx, &r);
739 if (!NT_STATUS_IS_OK(status)) {
740 printf("GetUserPwInfo failed - %s\n", nt_errstr(status));
747 static NTSTATUS test_LookupName(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
748 struct policy_handle *domain_handle, const char *name,
752 struct samr_LookupNames n;
753 struct samr_String sname[2];
755 init_samr_String(&sname[0], name);
757 n.in.domain_handle = domain_handle;
760 status = dcerpc_samr_LookupNames(p, mem_ctx, &n);
761 if (NT_STATUS_IS_OK(status)) {
762 *rid = n.out.rids.ids[0];
767 init_samr_String(&sname[1], "xxNONAMExx");
769 status = dcerpc_samr_LookupNames(p, mem_ctx, &n);
770 if (!NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) {
771 printf("LookupNames[2] failed - %s\n", nt_errstr(status));
775 init_samr_String(&sname[1], "xxNONAMExx");
777 status = dcerpc_samr_LookupNames(p, mem_ctx, &n);
778 if (!NT_STATUS_IS_OK(status)) {
779 printf("LookupNames[0] failed - %s\n", nt_errstr(status));
785 static NTSTATUS test_OpenUser_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
786 struct policy_handle *domain_handle,
787 const char *name, struct policy_handle *user_handle)
790 struct samr_OpenUser r;
793 status = test_LookupName(p, mem_ctx, domain_handle, name, &rid);
794 if (!NT_STATUS_IS_OK(status)) {
798 r.in.domain_handle = domain_handle;
799 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
801 r.out.user_handle = user_handle;
802 status = dcerpc_samr_OpenUser(p, mem_ctx, &r);
803 if (!NT_STATUS_IS_OK(status)) {
804 printf("OpenUser_byname(%s) failed - %s\n", name, nt_errstr(status));
811 static BOOL test_ChangePasswordNT3(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
812 struct policy_handle *handle)
815 struct samr_ChangePasswordUser r;
817 struct samr_Password hash1, hash2, hash3, hash4, hash5, hash6;
818 struct policy_handle user_handle;
819 char *oldpass = "test";
820 char *newpass = "test2";
821 uint8_t old_nt_hash[16], new_nt_hash[16];
822 uint8_t old_lm_hash[16], new_lm_hash[16];
824 status = test_OpenUser_byname(p, mem_ctx, handle, "testuser", &user_handle);
825 if (!NT_STATUS_IS_OK(status)) {
829 printf("Testing ChangePasswordUser for user 'testuser'\n");
831 printf("old password: %s\n", oldpass);
832 printf("new password: %s\n", newpass);
834 E_md4hash(oldpass, old_nt_hash);
835 E_md4hash(newpass, new_nt_hash);
836 E_deshash(oldpass, old_lm_hash);
837 E_deshash(newpass, new_lm_hash);
839 E_old_pw_hash(new_lm_hash, old_lm_hash, hash1.hash);
840 E_old_pw_hash(old_lm_hash, new_lm_hash, hash2.hash);
841 E_old_pw_hash(new_nt_hash, old_nt_hash, hash3.hash);
842 E_old_pw_hash(old_nt_hash, new_nt_hash, hash4.hash);
843 E_old_pw_hash(old_lm_hash, new_nt_hash, hash5.hash);
844 E_old_pw_hash(old_nt_hash, new_lm_hash, hash6.hash);
846 r.in.handle = &user_handle;
848 r.in.old_lm_crypted = &hash1;
849 r.in.new_lm_crypted = &hash2;
851 r.in.old_nt_crypted = &hash3;
852 r.in.new_nt_crypted = &hash4;
853 r.in.cross1_present = 1;
854 r.in.nt_cross = &hash5;
855 r.in.cross2_present = 1;
856 r.in.lm_cross = &hash6;
858 status = dcerpc_samr_ChangePasswordUser(p, mem_ctx, &r);
859 if (!NT_STATUS_IS_OK(status)) {
860 printf("ChangePasswordUser failed - %s\n", nt_errstr(status));
864 if (!test_samr_handle_Close(p, mem_ctx, &user_handle)) {
872 static BOOL test_ChangePasswordUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
873 struct policy_handle *handle, char **password)
876 struct samr_ChangePasswordUser r;
878 struct samr_Password hash1, hash2, hash3, hash4, hash5, hash6;
879 struct policy_handle user_handle;
880 char *oldpass = *password;
881 uint8_t old_nt_hash[16], new_nt_hash[16];
882 uint8_t old_lm_hash[16], new_lm_hash[16];
885 struct samr_GetUserPwInfo pwp;
886 int policy_min_pw_len = 0;
888 status = test_OpenUser_byname(p, mem_ctx, handle, TEST_ACCOUNT_NAME, &user_handle);
889 if (!NT_STATUS_IS_OK(status)) {
892 pwp.in.user_handle = &user_handle;
894 status = dcerpc_samr_GetUserPwInfo(p, mem_ctx, &pwp);
895 if (NT_STATUS_IS_OK(status)) {
896 policy_min_pw_len = pwp.out.info.min_password_length;
898 newpass = samr_rand_pass(mem_ctx, policy_min_pw_len);
900 printf("Testing ChangePasswordUser\n");
902 E_md4hash(oldpass, old_nt_hash);
903 E_md4hash(newpass, new_nt_hash);
904 E_deshash(oldpass, old_lm_hash);
905 E_deshash(newpass, new_lm_hash);
907 E_old_pw_hash(new_lm_hash, old_lm_hash, hash1.hash);
908 E_old_pw_hash(old_lm_hash, new_lm_hash, hash2.hash);
909 E_old_pw_hash(new_nt_hash, old_nt_hash, hash3.hash);
910 E_old_pw_hash(old_nt_hash, new_nt_hash, hash4.hash);
911 E_old_pw_hash(old_lm_hash, new_nt_hash, hash5.hash);
912 E_old_pw_hash(old_nt_hash, new_lm_hash, hash6.hash);
914 r.in.user_handle = &user_handle;
916 r.in.old_lm_crypted = &hash1;
917 r.in.new_lm_crypted = &hash2;
919 r.in.old_nt_crypted = &hash3;
920 r.in.new_nt_crypted = &hash4;
921 r.in.cross1_present = 1;
922 r.in.nt_cross = &hash5;
923 r.in.cross2_present = 1;
924 r.in.lm_cross = &hash6;
926 status = dcerpc_samr_ChangePasswordUser(p, mem_ctx, &r);
927 if (!NT_STATUS_IS_OK(status)) {
928 printf("ChangePasswordUser failed - %s\n", nt_errstr(status));
934 if (!test_samr_handle_Close(p, mem_ctx, &user_handle)) {
942 static BOOL test_OemChangePasswordUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
943 struct policy_handle *handle, char **password)
946 struct samr_OemChangePasswordUser2 r;
948 struct samr_Password lm_verifier;
949 struct samr_CryptPassword lm_pass;
950 struct samr_AsciiName server, account;
951 char *oldpass = *password;
953 uint8_t old_lm_hash[16], new_lm_hash[16];
955 struct samr_GetDomPwInfo dom_pw_info;
956 int policy_min_pw_len = 0;
958 struct samr_String domain_name;
959 domain_name.string = "";
960 dom_pw_info.in.name = &domain_name;
962 printf("Testing OemChangePasswordUser2\n");
964 status = dcerpc_samr_GetDomPwInfo(p, mem_ctx, &dom_pw_info);
965 if (NT_STATUS_IS_OK(status)) {
966 policy_min_pw_len = dom_pw_info.out.info.min_password_length;
969 newpass = samr_rand_pass(mem_ctx, policy_min_pw_len);
971 server.string = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
972 account.string = TEST_ACCOUNT_NAME;
974 E_deshash(oldpass, old_lm_hash);
975 E_deshash(newpass, new_lm_hash);
977 encode_pw_buffer(lm_pass.data, newpass, STR_ASCII);
978 arcfour_crypt(lm_pass.data, old_lm_hash, 516);
979 E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash);
981 r.in.server = &server;
982 r.in.account = &account;
983 r.in.password = &lm_pass;
984 r.in.hash = &lm_verifier;
986 status = dcerpc_samr_OemChangePasswordUser2(p, mem_ctx, &r);
987 if (!NT_STATUS_IS_OK(status)) {
988 printf("OemChangePasswordUser2 failed - %s\n", nt_errstr(status));
998 static BOOL test_ChangePasswordUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
999 struct policy_handle *handle, char **password)
1002 struct samr_ChangePasswordUser2 r;
1004 struct samr_String server, account;
1005 struct samr_CryptPassword nt_pass, lm_pass;
1006 struct samr_Password nt_verifier, lm_verifier;
1007 char *oldpass = *password;
1009 uint8_t old_nt_hash[16], new_nt_hash[16];
1010 uint8_t old_lm_hash[16], new_lm_hash[16];
1012 struct samr_GetDomPwInfo dom_pw_info;
1013 int policy_min_pw_len = 0;
1015 struct samr_String domain_name;
1016 domain_name.string = "";
1017 dom_pw_info.in.name = &domain_name;
1019 printf("Testing ChangePasswordUser2\n");
1021 status = dcerpc_samr_GetDomPwInfo(p, mem_ctx, &dom_pw_info);
1022 if (NT_STATUS_IS_OK(status)) {
1023 policy_min_pw_len = dom_pw_info.out.info.min_password_length;
1026 newpass = samr_rand_pass(mem_ctx, policy_min_pw_len);
1028 server.string = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
1029 init_samr_String(&account, TEST_ACCOUNT_NAME);
1031 E_md4hash(oldpass, old_nt_hash);
1032 E_md4hash(newpass, new_nt_hash);
1034 E_deshash(oldpass, old_lm_hash);
1035 E_deshash(newpass, new_lm_hash);
1037 encode_pw_buffer(lm_pass.data, newpass, STR_ASCII|STR_TERMINATE);
1038 arcfour_crypt(lm_pass.data, old_lm_hash, 516);
1039 E_old_pw_hash(new_nt_hash, old_lm_hash, lm_verifier.hash);
1041 encode_pw_buffer(nt_pass.data, newpass, STR_UNICODE);
1042 arcfour_crypt(nt_pass.data, old_nt_hash, 516);
1043 E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
1045 r.in.server = &server;
1046 r.in.account = &account;
1047 r.in.nt_password = &nt_pass;
1048 r.in.nt_verifier = &nt_verifier;
1050 r.in.lm_password = &lm_pass;
1051 r.in.lm_verifier = &lm_verifier;
1053 status = dcerpc_samr_ChangePasswordUser2(p, mem_ctx, &r);
1054 if (!NT_STATUS_IS_OK(status)) {
1055 printf("ChangePasswordUser2 failed - %s\n", nt_errstr(status));
1058 *password = newpass;
1065 static BOOL test_ChangePasswordUser3(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1066 struct policy_handle *handle,
1067 int policy_min_pw_len,
1071 struct samr_ChangePasswordUser3 r;
1073 struct samr_String server, account;
1074 struct samr_CryptPassword nt_pass, lm_pass;
1075 struct samr_Password nt_verifier, lm_verifier;
1076 char *oldpass = *password;
1077 char *newpass = samr_rand_pass(mem_ctx, policy_min_pw_len);
1078 uint8_t old_nt_hash[16], new_nt_hash[16];
1079 uint8_t old_lm_hash[16], new_lm_hash[16];
1081 printf("Testing ChangePasswordUser3\n");
1083 server.string = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
1084 init_samr_String(&account, TEST_ACCOUNT_NAME);
1086 E_md4hash(oldpass, old_nt_hash);
1087 E_md4hash(newpass, new_nt_hash);
1089 E_deshash(oldpass, old_lm_hash);
1090 E_deshash(newpass, new_lm_hash);
1092 encode_pw_buffer(lm_pass.data, newpass, STR_UNICODE);
1093 arcfour_crypt(lm_pass.data, old_nt_hash, 516);
1094 E_old_pw_hash(new_nt_hash, old_lm_hash, lm_verifier.hash);
1096 encode_pw_buffer(nt_pass.data, newpass, STR_UNICODE);
1097 arcfour_crypt(nt_pass.data, old_nt_hash, 516);
1098 E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
1100 r.in.server = &server;
1101 r.in.account = &account;
1102 r.in.nt_password = &nt_pass;
1103 r.in.nt_verifier = &nt_verifier;
1105 r.in.lm_password = &lm_pass;
1106 r.in.lm_verifier = &lm_verifier;
1107 r.in.password3 = NULL;
1109 status = dcerpc_samr_ChangePasswordUser3(p, mem_ctx, &r);
1110 if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)
1111 && !policy_min_pw_len) {
1112 if (r.out.dominfo) {
1113 policy_min_pw_len = r.out.dominfo->min_password_length;
1115 if (policy_min_pw_len) /* try again with the right min password length */ {
1116 ret = test_ChangePasswordUser3(p, mem_ctx, handle, policy_min_pw_len, password);
1118 printf("ChangePasswordUser3 failed - %s\n", nt_errstr(status));
1121 } else if (!NT_STATUS_IS_OK(status)) {
1122 printf("ChangePasswordUser3 failed - %s\n", nt_errstr(status));
1125 *password = newpass;
1132 static BOOL test_GetMembersInAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1133 struct policy_handle *alias_handle)
1135 struct samr_GetMembersInAlias r;
1136 struct lsa_SidArray sids;
1140 printf("Testing GetMembersInAlias\n");
1142 r.in.alias_handle = alias_handle;
1145 status = dcerpc_samr_GetMembersInAlias(p, mem_ctx, &r);
1146 if (!NT_STATUS_IS_OK(status)) {
1147 printf("GetMembersInAlias failed - %s\n",
1155 static BOOL test_AddMemberToAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1156 struct policy_handle *alias_handle,
1157 const struct dom_sid *domain_sid)
1159 struct samr_AddAliasMember r;
1160 struct samr_DeleteAliasMember d;
1163 struct dom_sid *sid;
1165 sid = dom_sid_add_rid(mem_ctx, domain_sid, 512);
1167 printf("testing AddAliasMember\n");
1168 r.in.alias_handle = alias_handle;
1171 status = dcerpc_samr_AddAliasMember(p, mem_ctx, &r);
1172 if (!NT_STATUS_IS_OK(status)) {
1173 printf("AddAliasMember failed - %s\n", nt_errstr(status));
1177 d.in.alias_handle = alias_handle;
1180 status = dcerpc_samr_DeleteAliasMember(p, mem_ctx, &d);
1181 if (!NT_STATUS_IS_OK(status)) {
1182 printf("DelAliasMember failed - %s\n", nt_errstr(status));
1189 static BOOL test_AddMultipleMembersToAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1190 struct policy_handle *alias_handle)
1192 struct samr_AddMultipleMembersToAlias a;
1193 struct samr_RemoveMultipleMembersFromAlias r;
1196 struct lsa_SidArray sids;
1198 printf("testing AddMultipleMembersToAlias\n");
1199 a.in.alias_handle = alias_handle;
1203 sids.sids = talloc_array_p(mem_ctx, struct lsa_SidPtr, 3);
1205 sids.sids[0].sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-1-2-3-1");
1206 sids.sids[1].sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-1-2-3-2");
1207 sids.sids[2].sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-1-2-3-3");
1209 status = dcerpc_samr_AddMultipleMembersToAlias(p, mem_ctx, &a);
1210 if (!NT_STATUS_IS_OK(status)) {
1211 printf("AddMultipleMembersToAlias failed - %s\n", nt_errstr(status));
1216 printf("testing RemoveMultipleMembersFromAlias\n");
1217 r.in.alias_handle = alias_handle;
1220 status = dcerpc_samr_RemoveMultipleMembersFromAlias(p, mem_ctx, &r);
1221 if (!NT_STATUS_IS_OK(status)) {
1222 printf("RemoveMultipleMembersFromAlias failed - %s\n", nt_errstr(status));
1226 /* strange! removing twice doesn't give any error */
1227 status = dcerpc_samr_RemoveMultipleMembersFromAlias(p, mem_ctx, &r);
1228 if (!NT_STATUS_IS_OK(status)) {
1229 printf("RemoveMultipleMembersFromAlias failed - %s\n", nt_errstr(status));
1233 /* but removing an alias that isn't there does */
1234 sids.sids[2].sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-1-2-3-4");
1236 status = dcerpc_samr_RemoveMultipleMembersFromAlias(p, mem_ctx, &r);
1237 if (!NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_NOT_FOUND, status)) {
1238 printf("RemoveMultipleMembersFromAlias failed - %s\n", nt_errstr(status));
1245 static BOOL test_TestPrivateFunctionsUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1246 struct policy_handle *user_handle)
1248 struct samr_TestPrivateFunctionsUser r;
1252 printf("Testing TestPrivateFunctionsUser\n");
1254 r.in.user_handle = user_handle;
1256 status = dcerpc_samr_TestPrivateFunctionsUser(p, mem_ctx, &r);
1257 if (!NT_STATUS_EQUAL(NT_STATUS_NOT_IMPLEMENTED, status)) {
1258 printf("TestPrivateFunctionsUser failed - %s\n", nt_errstr(status));
1266 static BOOL test_user_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1267 struct policy_handle *handle, uint32_t base_acct_flags)
1271 if (!test_QuerySecurity(p, mem_ctx, handle)) {
1275 if (!test_QueryUserInfo(p, mem_ctx, handle)) {
1279 if (!test_QueryUserInfo2(p, mem_ctx, handle)) {
1283 if (!test_SetUserInfo(p, mem_ctx, handle, base_acct_flags)) {
1287 if (!test_GetUserPwInfo(p, mem_ctx, handle)) {
1291 if (!test_TestPrivateFunctionsUser(p, mem_ctx, handle)) {
1298 static BOOL test_alias_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1299 struct policy_handle *alias_handle,
1300 const struct dom_sid *domain_sid)
1304 if (!test_QuerySecurity(p, mem_ctx, alias_handle)) {
1308 if (!test_QueryAliasInfo(p, mem_ctx, alias_handle)) {
1312 if (!test_SetAliasInfo(p, mem_ctx, alias_handle)) {
1316 if (!test_AddMemberToAlias(p, mem_ctx, alias_handle, domain_sid)) {
1320 if (!test_AddMultipleMembersToAlias(p, mem_ctx, alias_handle)) {
1328 BOOL test_DeleteUser_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1329 struct policy_handle *handle, const char *name)
1332 struct samr_DeleteUser d;
1333 struct policy_handle user_handle;
1336 status = test_LookupName(p, mem_ctx, handle, name, &rid);
1337 if (!NT_STATUS_IS_OK(status)) {
1341 status = test_OpenUser_byname(p, mem_ctx, handle, name, &user_handle);
1342 if (!NT_STATUS_IS_OK(status)) {
1346 d.in.user_handle = &user_handle;
1347 d.out.user_handle = &user_handle;
1348 status = dcerpc_samr_DeleteUser(p, mem_ctx, &d);
1349 if (!NT_STATUS_IS_OK(status)) {
1356 printf("DeleteUser_byname(%s) failed - %s\n", name, nt_errstr(status));
1361 static BOOL test_DeleteGroup_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1362 struct policy_handle *handle, const char *name)
1365 struct samr_OpenGroup r;
1366 struct samr_DeleteDomainGroup d;
1367 struct policy_handle group_handle;
1370 status = test_LookupName(p, mem_ctx, handle, name, &rid);
1371 if (!NT_STATUS_IS_OK(status)) {
1375 r.in.domain_handle = handle;
1376 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
1378 r.out.group_handle = &group_handle;
1379 status = dcerpc_samr_OpenGroup(p, mem_ctx, &r);
1380 if (!NT_STATUS_IS_OK(status)) {
1384 d.in.group_handle = &group_handle;
1385 d.out.group_handle = &group_handle;
1386 status = dcerpc_samr_DeleteDomainGroup(p, mem_ctx, &d);
1387 if (!NT_STATUS_IS_OK(status)) {
1394 printf("DeleteGroup_byname(%s) failed - %s\n", name, nt_errstr(status));
1399 static BOOL test_DeleteAlias_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1400 struct policy_handle *domain_handle, const char *name)
1403 struct samr_OpenAlias r;
1404 struct samr_DeleteDomAlias d;
1405 struct policy_handle alias_handle;
1408 printf("testing DeleteAlias_byname\n");
1410 status = test_LookupName(p, mem_ctx, domain_handle, name, &rid);
1411 if (!NT_STATUS_IS_OK(status)) {
1415 r.in.domain_handle = domain_handle;
1416 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
1418 r.out.alias_handle = &alias_handle;
1419 status = dcerpc_samr_OpenAlias(p, mem_ctx, &r);
1420 if (!NT_STATUS_IS_OK(status)) {
1424 d.in.alias_handle = &alias_handle;
1425 d.out.alias_handle = &alias_handle;
1426 status = dcerpc_samr_DeleteDomAlias(p, mem_ctx, &d);
1427 if (!NT_STATUS_IS_OK(status)) {
1434 printf("DeleteUser_byname(%s) failed - %s\n", name, nt_errstr(status));
1438 static BOOL test_DeleteAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1439 struct policy_handle *alias_handle)
1441 struct samr_DeleteDomAlias d;
1444 printf("Testing DeleteAlias\n");
1446 d.in.alias_handle = alias_handle;
1447 d.out.alias_handle = alias_handle;
1449 status = dcerpc_samr_DeleteDomAlias(p, mem_ctx, &d);
1450 if (!NT_STATUS_IS_OK(status)) {
1451 printf("DeleteAlias failed - %s\n", nt_errstr(status));
1458 static BOOL test_CreateAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1459 struct policy_handle *domain_handle,
1460 struct policy_handle *alias_handle,
1461 const struct dom_sid *domain_sid)
1464 struct samr_CreateDomAlias r;
1465 struct samr_String name;
1469 init_samr_String(&name, TEST_ALIASNAME);
1470 r.in.domain_handle = domain_handle;
1471 r.in.aliasname = &name;
1472 r.in.access_mask = SEC_RIGHT_MAXIMUM_ALLOWED;
1473 r.out.alias_handle = alias_handle;
1476 printf("Testing CreateAlias (%s)\n", r.in.aliasname->string);
1478 status = dcerpc_samr_CreateDomAlias(p, mem_ctx, &r);
1480 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
1481 printf("Server refused create of '%s'\n", r.in.aliasname->string);
1485 if (NT_STATUS_EQUAL(status, NT_STATUS_ALIAS_EXISTS)) {
1486 if (!test_DeleteAlias_byname(p, mem_ctx, domain_handle, r.in.aliasname->string)) {
1489 status = dcerpc_samr_CreateDomAlias(p, mem_ctx, &r);
1492 if (!NT_STATUS_IS_OK(status)) {
1493 printf("CreateAlias failed - %s\n", nt_errstr(status));
1497 if (!test_alias_ops(p, mem_ctx, alias_handle, domain_sid)) {
1504 static BOOL test_ChangePassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1505 struct policy_handle *domain_handle, char **password)
1513 if (!test_ChangePasswordUser(p, mem_ctx, domain_handle, password)) {
1517 if (!test_ChangePasswordUser2(p, mem_ctx, domain_handle, password)) {
1521 if (!test_OemChangePasswordUser2(p, mem_ctx, domain_handle, password)) {
1525 /* we change passwords twice - this has the effect of verifying
1526 they were changed correctly for the final call */
1527 if (!test_ChangePasswordUser3(p, mem_ctx, domain_handle, 0, password)) {
1531 if (!test_ChangePasswordUser3(p, mem_ctx, domain_handle, 0, password)) {
1538 static BOOL test_CreateUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1539 struct policy_handle *domain_handle, struct policy_handle *user_handle)
1542 struct samr_CreateUser r;
1543 struct samr_QueryUserInfo q;
1545 char *password = NULL;
1548 const uint32 password_fields[] = {
1549 SAMR_FIELD_PASSWORD,
1550 SAMR_FIELD_PASSWORD2,
1551 SAMR_FIELD_PASSWORD | SAMR_FIELD_PASSWORD2,
1555 /* This call creates a 'normal' account - check that it really does */
1556 const uint32_t acct_flags = ACB_NORMAL;
1557 struct samr_String name;
1560 init_samr_String(&name, TEST_ACCOUNT_NAME);
1562 r.in.domain_handle = domain_handle;
1563 r.in.account_name = &name;
1564 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
1565 r.out.user_handle = user_handle;
1568 printf("Testing CreateUser(%s)\n", r.in.account_name->string);
1570 status = dcerpc_samr_CreateUser(p, mem_ctx, &r);
1572 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
1573 printf("Server refused create of '%s'\n", r.in.account_name->string);
1574 ZERO_STRUCTP(user_handle);
1578 if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
1579 if (!test_DeleteUser_byname(p, mem_ctx, domain_handle, r.in.account_name->string)) {
1582 status = dcerpc_samr_CreateUser(p, mem_ctx, &r);
1584 if (!NT_STATUS_IS_OK(status)) {
1585 printf("CreateUser failed - %s\n", nt_errstr(status));
1589 q.in.user_handle = user_handle;
1592 status = dcerpc_samr_QueryUserInfo(p, mem_ctx, &q);
1593 if (!NT_STATUS_IS_OK(status)) {
1594 printf("QueryUserInfo level %u failed - %s\n",
1595 q.in.level, nt_errstr(status));
1598 if ((q.out.info->info16.acct_flags & acct_flags) != acct_flags) {
1599 printf("QuerUserInfo level 16 failed, it returned 0x%08x (%u) when we expected flags of 0x%08x (%u)\n",
1600 q.out.info->info16.acct_flags, q.out.info->info16.acct_flags,
1601 acct_flags, acct_flags);
1606 if (!test_user_ops(p, mem_ctx, user_handle, acct_flags)) {
1610 if (!test_SetUserPass(p, mem_ctx, user_handle, &password)) {
1614 for (i = 0; password_fields[i]; i++) {
1615 if (!test_SetUserPass_23(p, mem_ctx, user_handle, password_fields[i], &password)) {
1619 /* check it was set right */
1620 if (!test_ChangePasswordUser3(p, mem_ctx, domain_handle, 0, &password)) {
1625 for (i = 0; password_fields[i]; i++) {
1626 if (!test_SetUserPass_25(p, mem_ctx, user_handle, password_fields[i], &password)) {
1630 /* check it was set right */
1631 if (!test_ChangePasswordUser3(p, mem_ctx, domain_handle, 0, &password)) {
1636 if (!test_SetUserPassEx(p, mem_ctx, user_handle, &password)) {
1640 if (!test_ChangePassword(p, mem_ctx, domain_handle, &password)) {
1648 static BOOL test_DeleteUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1649 struct policy_handle *user_handle)
1651 struct samr_DeleteUser d;
1655 printf("Testing DeleteUser\n");
1657 d.in.user_handle = user_handle;
1658 d.out.user_handle = user_handle;
1660 status = dcerpc_samr_DeleteUser(p, mem_ctx, &d);
1661 if (!NT_STATUS_IS_OK(status)) {
1662 printf("DeleteUser failed - %s\n", nt_errstr(status));
1669 static BOOL test_CreateUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1670 struct policy_handle *handle)
1673 struct samr_CreateUser2 r;
1674 struct samr_QueryUserInfo q;
1675 struct samr_DeleteUser d;
1676 struct policy_handle user_handle;
1678 struct samr_String name;
1683 uint32_t acct_flags;
1684 const char *account_name;
1686 } account_types[] = {
1687 { ACB_NORMAL, TEST_ACCOUNT_NAME, NT_STATUS_OK },
1688 { ACB_NORMAL | ACB_DISABLED, TEST_ACCOUNT_NAME, NT_STATUS_INVALID_PARAMETER },
1689 { ACB_NORMAL | ACB_PWNOEXP, TEST_ACCOUNT_NAME, NT_STATUS_INVALID_PARAMETER },
1690 { ACB_WSTRUST, TEST_MACHINENAME, NT_STATUS_OK },
1691 { ACB_WSTRUST | ACB_DISABLED, TEST_MACHINENAME, NT_STATUS_INVALID_PARAMETER },
1692 { ACB_WSTRUST | ACB_PWNOEXP, TEST_MACHINENAME, NT_STATUS_INVALID_PARAMETER },
1693 { ACB_SVRTRUST, TEST_MACHINENAME, NT_STATUS_OK },
1694 { ACB_SVRTRUST | ACB_DISABLED, TEST_MACHINENAME, NT_STATUS_INVALID_PARAMETER },
1695 { ACB_SVRTRUST | ACB_PWNOEXP, TEST_MACHINENAME, NT_STATUS_INVALID_PARAMETER },
1696 { ACB_DOMTRUST, TEST_DOMAINNAME, NT_STATUS_OK },
1697 { ACB_DOMTRUST | ACB_DISABLED, TEST_DOMAINNAME, NT_STATUS_INVALID_PARAMETER },
1698 { ACB_DOMTRUST | ACB_PWNOEXP, TEST_DOMAINNAME, NT_STATUS_INVALID_PARAMETER },
1699 { 0, TEST_ACCOUNT_NAME, NT_STATUS_INVALID_PARAMETER },
1700 { ACB_DISABLED, TEST_ACCOUNT_NAME, NT_STATUS_INVALID_PARAMETER },
1701 { 0, NULL, NT_STATUS_INVALID_PARAMETER }
1704 for (i = 0; account_types[i].account_name; i++) {
1705 uint32_t acct_flags = account_types[i].acct_flags;
1706 uint32_t access_granted;
1708 init_samr_String(&name, account_types[i].account_name);
1710 r.in.domain_handle = handle;
1711 r.in.account_name = &name;
1712 r.in.acct_flags = acct_flags;
1713 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
1714 r.out.user_handle = &user_handle;
1715 r.out.access_granted = &access_granted;
1718 printf("Testing CreateUser2(%s, 0x%x)\n", r.in.account_name->string, acct_flags);
1720 status = dcerpc_samr_CreateUser2(p, mem_ctx, &r);
1722 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
1723 printf("Server refused create of '%s'\n", r.in.account_name->string);
1726 } else if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
1727 if (!test_DeleteUser_byname(p, mem_ctx, handle, r.in.account_name->string)) {
1730 status = dcerpc_samr_CreateUser2(p, mem_ctx, &r);
1733 if (!NT_STATUS_EQUAL(status, account_types[i].nt_status)) {
1734 printf("CreateUser2 failed gave incorrect error return - %s (should be %s)\n",
1735 nt_errstr(status), nt_errstr(account_types[i].nt_status));
1739 if (NT_STATUS_IS_OK(status)) {
1740 q.in.user_handle = &user_handle;
1743 status = dcerpc_samr_QueryUserInfo(p, mem_ctx, &q);
1744 if (!NT_STATUS_IS_OK(status)) {
1745 printf("QueryUserInfo level %u failed - %s\n",
1746 q.in.level, nt_errstr(status));
1749 if ((q.out.info->info16.acct_flags & acct_flags) != acct_flags) {
1750 printf("QuerUserInfo level 16 failed, it returned 0x%08x when we expected flags of 0x%08x\n",
1751 q.out.info->info16.acct_flags,
1757 if (!test_user_ops(p, mem_ctx, &user_handle, acct_flags)) {
1761 printf("Testing DeleteUser (createuser2 test)\n");
1763 d.in.user_handle = &user_handle;
1764 d.out.user_handle = &user_handle;
1766 status = dcerpc_samr_DeleteUser(p, mem_ctx, &d);
1767 if (!NT_STATUS_IS_OK(status)) {
1768 printf("DeleteUser failed - %s\n", nt_errstr(status));
1777 static BOOL test_QueryAliasInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1778 struct policy_handle *handle)
1781 struct samr_QueryAliasInfo r;
1782 uint16_t levels[] = {1, 2, 3};
1786 for (i=0;i<ARRAY_SIZE(levels);i++) {
1787 printf("Testing QueryAliasInfo level %u\n", levels[i]);
1789 r.in.alias_handle = handle;
1790 r.in.level = levels[i];
1792 status = dcerpc_samr_QueryAliasInfo(p, mem_ctx, &r);
1793 if (!NT_STATUS_IS_OK(status)) {
1794 printf("QueryAliasInfo level %u failed - %s\n",
1795 levels[i], nt_errstr(status));
1803 static BOOL test_QueryGroupInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1804 struct policy_handle *handle)
1807 struct samr_QueryGroupInfo r;
1808 uint16_t levels[] = {1, 2, 3, 4, 5};
1812 for (i=0;i<ARRAY_SIZE(levels);i++) {
1813 printf("Testing QueryGroupInfo level %u\n", levels[i]);
1815 r.in.group_handle = handle;
1816 r.in.level = levels[i];
1818 status = dcerpc_samr_QueryGroupInfo(p, mem_ctx, &r);
1819 if (!NT_STATUS_IS_OK(status)) {
1820 printf("QueryGroupInfo level %u failed - %s\n",
1821 levels[i], nt_errstr(status));
1829 static BOOL test_QueryGroupMember(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1830 struct policy_handle *handle)
1833 struct samr_QueryGroupMember r;
1836 printf("Testing QueryGroupMember\n");
1838 r.in.group_handle = handle;
1840 status = dcerpc_samr_QueryGroupMember(p, mem_ctx, &r);
1841 if (!NT_STATUS_IS_OK(status)) {
1842 printf("QueryGroupInfo failed - %s\n", nt_errstr(status));
1850 static BOOL test_SetGroupInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1851 struct policy_handle *handle)
1854 struct samr_QueryGroupInfo r;
1855 struct samr_SetGroupInfo s;
1856 uint16_t levels[] = {1, 2, 3, 4};
1857 uint16_t set_ok[] = {0, 1, 1, 1};
1861 for (i=0;i<ARRAY_SIZE(levels);i++) {
1862 printf("Testing QueryGroupInfo level %u\n", levels[i]);
1864 r.in.group_handle = handle;
1865 r.in.level = levels[i];
1867 status = dcerpc_samr_QueryGroupInfo(p, mem_ctx, &r);
1868 if (!NT_STATUS_IS_OK(status)) {
1869 printf("QueryGroupInfo level %u failed - %s\n",
1870 levels[i], nt_errstr(status));
1874 printf("Testing SetGroupInfo level %u\n", levels[i]);
1876 s.in.group_handle = handle;
1877 s.in.level = levels[i];
1878 s.in.info = r.out.info;
1881 /* disabled this, as it changes the name only from the point of view of samr,
1882 but leaves the name from the point of view of w2k3 internals (and ldap). This means
1883 the name is still reserved, so creating the old name fails, but deleting by the old name
1885 if (s.in.level == 2) {
1886 init_samr_String(&s.in.info->string, "NewName");
1890 if (s.in.level == 4) {
1891 init_samr_String(&s.in.info->description, "test description");
1894 status = dcerpc_samr_SetGroupInfo(p, mem_ctx, &s);
1896 if (!NT_STATUS_IS_OK(status)) {
1897 printf("SetGroupInfo level %u failed - %s\n",
1898 r.in.level, nt_errstr(status));
1903 if (!NT_STATUS_EQUAL(NT_STATUS_INVALID_INFO_CLASS, status)) {
1904 printf("SetGroupInfo level %u gave %s - should have been NT_STATUS_INVALID_INFO_CLASS\n",
1905 r.in.level, nt_errstr(status));
1915 static BOOL test_QueryUserInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1916 struct policy_handle *handle)
1919 struct samr_QueryUserInfo r;
1920 uint16_t levels[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
1921 11, 12, 13, 14, 16, 17, 20, 21};
1925 for (i=0;i<ARRAY_SIZE(levels);i++) {
1926 printf("Testing QueryUserInfo level %u\n", levels[i]);
1928 r.in.user_handle = handle;
1929 r.in.level = levels[i];
1931 status = dcerpc_samr_QueryUserInfo(p, mem_ctx, &r);
1932 if (!NT_STATUS_IS_OK(status)) {
1933 printf("QueryUserInfo level %u failed - %s\n",
1934 levels[i], nt_errstr(status));
1942 static BOOL test_QueryUserInfo2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1943 struct policy_handle *handle)
1946 struct samr_QueryUserInfo2 r;
1947 uint16_t levels[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
1948 11, 12, 13, 14, 16, 17, 20, 21};
1952 for (i=0;i<ARRAY_SIZE(levels);i++) {
1953 printf("Testing QueryUserInfo2 level %u\n", levels[i]);
1955 r.in.user_handle = handle;
1956 r.in.level = levels[i];
1958 status = dcerpc_samr_QueryUserInfo2(p, mem_ctx, &r);
1959 if (!NT_STATUS_IS_OK(status)) {
1960 printf("QueryUserInfo2 level %u failed - %s\n",
1961 levels[i], nt_errstr(status));
1969 static BOOL test_OpenUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1970 struct policy_handle *handle, uint32_t rid)
1973 struct samr_OpenUser r;
1974 struct policy_handle user_handle;
1977 printf("Testing OpenUser(%u)\n", rid);
1979 r.in.domain_handle = handle;
1980 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
1982 r.out.user_handle = &user_handle;
1984 status = dcerpc_samr_OpenUser(p, mem_ctx, &r);
1985 if (!NT_STATUS_IS_OK(status)) {
1986 printf("OpenUser(%u) failed - %s\n", rid, nt_errstr(status));
1990 if (!test_QuerySecurity(p, mem_ctx, &user_handle)) {
1994 if (!test_QueryUserInfo(p, mem_ctx, &user_handle)) {
1998 if (!test_QueryUserInfo2(p, mem_ctx, &user_handle)) {
2002 if (!test_GetUserPwInfo(p, mem_ctx, &user_handle)) {
2006 if (!test_GetGroupsForUser(p,mem_ctx, &user_handle)) {
2010 if (!test_samr_handle_Close(p, mem_ctx, &user_handle)) {
2017 static BOOL test_OpenGroup(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2018 struct policy_handle *handle, uint32_t rid)
2021 struct samr_OpenGroup r;
2022 struct policy_handle group_handle;
2025 printf("Testing OpenGroup(%u)\n", rid);
2027 r.in.domain_handle = handle;
2028 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
2030 r.out.group_handle = &group_handle;
2032 status = dcerpc_samr_OpenGroup(p, mem_ctx, &r);
2033 if (!NT_STATUS_IS_OK(status)) {
2034 printf("OpenGroup(%u) failed - %s\n", rid, nt_errstr(status));
2038 if (!test_QuerySecurity(p, mem_ctx, &group_handle)) {
2042 if (!test_QueryGroupInfo(p, mem_ctx, &group_handle)) {
2046 if (!test_QueryGroupMember(p, mem_ctx, &group_handle)) {
2050 if (!test_samr_handle_Close(p, mem_ctx, &group_handle)) {
2057 static BOOL test_OpenAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2058 struct policy_handle *handle, uint32_t rid)
2061 struct samr_OpenAlias r;
2062 struct policy_handle alias_handle;
2065 printf("Testing OpenAlias(%u)\n", rid);
2067 r.in.domain_handle = handle;
2068 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
2070 r.out.alias_handle = &alias_handle;
2072 status = dcerpc_samr_OpenAlias(p, mem_ctx, &r);
2073 if (!NT_STATUS_IS_OK(status)) {
2074 printf("OpenAlias(%u) failed - %s\n", rid, nt_errstr(status));
2078 if (!test_QuerySecurity(p, mem_ctx, &alias_handle)) {
2082 if (!test_QueryAliasInfo(p, mem_ctx, &alias_handle)) {
2086 if (!test_GetMembersInAlias(p, mem_ctx, &alias_handle)) {
2090 if (!test_samr_handle_Close(p, mem_ctx, &alias_handle)) {
2097 static BOOL test_EnumDomainUsers(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2098 struct policy_handle *handle)
2101 struct samr_EnumDomainUsers r;
2102 uint32_t resume_handle=0;
2105 struct samr_LookupNames n;
2106 struct samr_LookupRids lr ;
2108 printf("Testing EnumDomainUsers\n");
2110 r.in.domain_handle = handle;
2111 r.in.resume_handle = &resume_handle;
2112 r.in.acct_flags = 0;
2113 r.in.max_size = (uint32_t)-1;
2114 r.out.resume_handle = &resume_handle;
2116 status = dcerpc_samr_EnumDomainUsers(p, mem_ctx, &r);
2117 if (!NT_STATUS_IS_OK(status)) {
2118 printf("EnumDomainUsers failed - %s\n", nt_errstr(status));
2126 if (r.out.sam->count == 0) {
2130 for (i=0;i<r.out.sam->count;i++) {
2131 if (!test_OpenUser(p, mem_ctx, handle, r.out.sam->entries[i].idx)) {
2136 printf("Testing LookupNames\n");
2137 n.in.domain_handle = handle;
2138 n.in.num_names = r.out.sam->count;
2139 n.in.names = talloc(mem_ctx, r.out.sam->count * sizeof(struct samr_String));
2140 for (i=0;i<r.out.sam->count;i++) {
2141 n.in.names[i] = r.out.sam->entries[i].name;
2143 status = dcerpc_samr_LookupNames(p, mem_ctx, &n);
2144 if (!NT_STATUS_IS_OK(status)) {
2145 printf("LookupNames failed - %s\n", nt_errstr(status));
2150 printf("Testing LookupRids\n");
2151 lr.in.domain_handle = handle;
2152 lr.in.num_rids = r.out.sam->count;
2153 lr.in.rids = talloc(mem_ctx, r.out.sam->count * sizeof(uint32_t));
2154 for (i=0;i<r.out.sam->count;i++) {
2155 lr.in.rids[i] = r.out.sam->entries[i].idx;
2157 status = dcerpc_samr_LookupRids(p, mem_ctx, &lr);
2158 if (!NT_STATUS_IS_OK(status)) {
2159 printf("LookupRids failed - %s\n", nt_errstr(status));
2167 try blasting the server with a bunch of sync requests
2169 static BOOL test_EnumDomainUsers_async(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2170 struct policy_handle *handle)
2173 struct samr_EnumDomainUsers r;
2174 uint32_t resume_handle=0;
2176 #define ASYNC_COUNT 100
2177 struct rpc_request *req[ASYNC_COUNT];
2179 if (lp_parm_int(-1, "torture", "dangerous") != 1) {
2180 printf("samr async test disabled - enable dangerous tests to use\n");
2184 printf("Testing EnumDomainUsers_async\n");
2186 r.in.domain_handle = handle;
2187 r.in.resume_handle = &resume_handle;
2188 r.in.acct_flags = 0;
2189 r.in.max_size = (uint32_t)-1;
2190 r.out.resume_handle = &resume_handle;
2192 for (i=0;i<ASYNC_COUNT;i++) {
2193 req[i] = dcerpc_samr_EnumDomainUsers_send(p, mem_ctx, &r);
2196 for (i=0;i<ASYNC_COUNT;i++) {
2197 status = dcerpc_ndr_request_recv(req[i]);
2198 if (!NT_STATUS_IS_OK(status)) {
2199 printf("EnumDomainUsers[%d] failed - %s\n",
2200 i, nt_errstr(status));
2205 printf("%d async requests OK\n", i);
2210 static BOOL test_EnumDomainGroups(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2211 struct policy_handle *handle)
2214 struct samr_EnumDomainGroups r;
2215 uint32_t resume_handle=0;
2219 printf("Testing EnumDomainGroups\n");
2221 r.in.domain_handle = handle;
2222 r.in.resume_handle = &resume_handle;
2223 r.in.max_size = (uint32_t)-1;
2224 r.out.resume_handle = &resume_handle;
2226 status = dcerpc_samr_EnumDomainGroups(p, mem_ctx, &r);
2227 if (!NT_STATUS_IS_OK(status)) {
2228 printf("EnumDomainGroups failed - %s\n", nt_errstr(status));
2236 for (i=0;i<r.out.sam->count;i++) {
2237 if (!test_OpenGroup(p, mem_ctx, handle, r.out.sam->entries[i].idx)) {
2245 static BOOL test_EnumDomainAliases(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2246 struct policy_handle *handle)
2249 struct samr_EnumDomainAliases r;
2250 uint32_t resume_handle=0;
2254 printf("Testing EnumDomainAliases\n");
2256 r.in.domain_handle = handle;
2257 r.in.resume_handle = &resume_handle;
2258 r.in.acct_flags = (uint32_t)-1;
2259 r.out.resume_handle = &resume_handle;
2261 status = dcerpc_samr_EnumDomainAliases(p, mem_ctx, &r);
2262 if (!NT_STATUS_IS_OK(status)) {
2263 printf("EnumDomainAliases failed - %s\n", nt_errstr(status));
2271 for (i=0;i<r.out.sam->count;i++) {
2272 if (!test_OpenAlias(p, mem_ctx, handle, r.out.sam->entries[i].idx)) {
2280 static BOOL test_GetDisplayEnumerationIndex(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2281 struct policy_handle *handle)
2284 struct samr_GetDisplayEnumerationIndex r;
2286 uint16_t levels[] = {1, 2, 3, 4, 5};
2287 uint16_t ok_lvl[] = {1, 1, 1, 0, 0};
2290 for (i=0;i<ARRAY_SIZE(levels);i++) {
2291 printf("Testing GetDisplayEnumerationIndex level %u\n", levels[i]);
2293 r.in.domain_handle = handle;
2294 r.in.level = levels[i];
2295 init_samr_String(&r.in.name, TEST_ACCOUNT_NAME);
2297 status = dcerpc_samr_GetDisplayEnumerationIndex(p, mem_ctx, &r);
2300 !NT_STATUS_IS_OK(status) &&
2301 !NT_STATUS_EQUAL(NT_STATUS_NO_MORE_ENTRIES, status)) {
2302 printf("GetDisplayEnumerationIndex level %u failed - %s\n",
2303 levels[i], nt_errstr(status));
2307 init_samr_String(&r.in.name, "zzzzzzzz");
2309 status = dcerpc_samr_GetDisplayEnumerationIndex(p, mem_ctx, &r);
2311 if (ok_lvl[i] && !NT_STATUS_EQUAL(NT_STATUS_NO_MORE_ENTRIES, status)) {
2312 printf("GetDisplayEnumerationIndex level %u failed - %s\n",
2313 levels[i], nt_errstr(status));
2321 static BOOL test_GetDisplayEnumerationIndex2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2322 struct policy_handle *handle)
2325 struct samr_GetDisplayEnumerationIndex2 r;
2327 uint16_t levels[] = {1, 2, 3, 4, 5};
2328 uint16_t ok_lvl[] = {1, 1, 1, 0, 0};
2331 for (i=0;i<ARRAY_SIZE(levels);i++) {
2332 printf("Testing GetDisplayEnumerationIndex2 level %u\n", levels[i]);
2334 r.in.domain_handle = handle;
2335 r.in.level = levels[i];
2336 init_samr_String(&r.in.name, TEST_ACCOUNT_NAME);
2338 status = dcerpc_samr_GetDisplayEnumerationIndex2(p, mem_ctx, &r);
2340 !NT_STATUS_IS_OK(status) &&
2341 !NT_STATUS_EQUAL(NT_STATUS_NO_MORE_ENTRIES, status)) {
2342 printf("GetDisplayEnumerationIndex2 level %u failed - %s\n",
2343 levels[i], nt_errstr(status));
2347 init_samr_String(&r.in.name, "zzzzzzzz");
2349 status = dcerpc_samr_GetDisplayEnumerationIndex2(p, mem_ctx, &r);
2350 if (ok_lvl[i] && !NT_STATUS_EQUAL(NT_STATUS_NO_MORE_ENTRIES, status)) {
2351 printf("GetDisplayEnumerationIndex2 level %u failed - %s\n",
2352 levels[i], nt_errstr(status));
2360 static BOOL test_QueryDisplayInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2361 struct policy_handle *handle)
2364 struct samr_QueryDisplayInfo r;
2366 uint16_t levels[] = {1, 2, 3, 4, 5};
2369 for (i=0;i<ARRAY_SIZE(levels);i++) {
2370 printf("Testing QueryDisplayInfo level %u\n", levels[i]);
2372 r.in.domain_handle = handle;
2373 r.in.level = levels[i];
2375 r.in.max_entries = 1000;
2376 r.in.buf_size = (uint32_t)-1;
2378 status = dcerpc_samr_QueryDisplayInfo(p, mem_ctx, &r);
2379 if (!NT_STATUS_IS_OK(status)) {
2380 printf("QueryDisplayInfo level %u failed - %s\n",
2381 levels[i], nt_errstr(status));
2389 static BOOL test_QueryDisplayInfo2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2390 struct policy_handle *handle)
2393 struct samr_QueryDisplayInfo2 r;
2395 uint16_t levels[] = {1, 2, 3, 4, 5};
2398 for (i=0;i<ARRAY_SIZE(levels);i++) {
2399 printf("Testing QueryDisplayInfo2 level %u\n", levels[i]);
2401 r.in.domain_handle = handle;
2402 r.in.level = levels[i];
2404 r.in.max_entries = 1000;
2405 r.in.buf_size = (uint32_t)-1;
2407 status = dcerpc_samr_QueryDisplayInfo2(p, mem_ctx, &r);
2408 if (!NT_STATUS_IS_OK(status)) {
2409 printf("QueryDisplayInfo2 level %u failed - %s\n",
2410 levels[i], nt_errstr(status));
2418 static BOOL test_QueryDisplayInfo3(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2419 struct policy_handle *handle)
2422 struct samr_QueryDisplayInfo3 r;
2424 uint16_t levels[] = {1, 2, 3, 4, 5};
2427 for (i=0;i<ARRAY_SIZE(levels);i++) {
2428 printf("Testing QueryDisplayInfo3 level %u\n", levels[i]);
2430 r.in.domain_handle = handle;
2431 r.in.level = levels[i];
2433 r.in.max_entries = 1000;
2434 r.in.buf_size = (uint32_t)-1;
2436 status = dcerpc_samr_QueryDisplayInfo3(p, mem_ctx, &r);
2437 if (!NT_STATUS_IS_OK(status)) {
2438 printf("QueryDisplayInfo3 level %u failed - %s\n",
2439 levels[i], nt_errstr(status));
2447 static BOOL test_QueryDomainInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2448 struct policy_handle *handle)
2451 struct samr_QueryDomainInfo r;
2452 struct samr_SetDomainInfo s;
2453 uint16_t levels[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 11, 12, 13};
2454 uint16_t set_ok[] = {1, 0, 1, 1, 0, 1, 1, 0, 1, 0, 1, 0};
2458 for (i=0;i<ARRAY_SIZE(levels);i++) {
2459 printf("Testing QueryDomainInfo level %u\n", levels[i]);
2461 r.in.domain_handle = handle;
2462 r.in.level = levels[i];
2464 status = dcerpc_samr_QueryDomainInfo(p, mem_ctx, &r);
2465 if (!NT_STATUS_IS_OK(status)) {
2466 printf("QueryDomainInfo level %u failed - %s\n",
2467 r.in.level, nt_errstr(status));
2472 printf("Testing SetDomainInfo level %u\n", levels[i]);
2474 s.in.domain_handle = handle;
2475 s.in.level = levels[i];
2476 s.in.info = r.out.info;
2478 status = dcerpc_samr_SetDomainInfo(p, mem_ctx, &s);
2480 if (!NT_STATUS_IS_OK(status)) {
2481 printf("SetDomainInfo level %u failed - %s\n",
2482 r.in.level, nt_errstr(status));
2487 if (!NT_STATUS_EQUAL(NT_STATUS_INVALID_INFO_CLASS, status)) {
2488 printf("SetDomainInfo level %u gave %s - should have been NT_STATUS_INVALID_INFO_CLASS\n",
2489 r.in.level, nt_errstr(status));
2495 status = dcerpc_samr_QueryDomainInfo(p, mem_ctx, &r);
2496 if (!NT_STATUS_IS_OK(status)) {
2497 printf("QueryDomainInfo level %u failed - %s\n",
2498 r.in.level, nt_errstr(status));
2508 static BOOL test_QueryDomainInfo2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2509 struct policy_handle *handle)
2512 struct samr_QueryDomainInfo2 r;
2513 uint16_t levels[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 11, 12, 13};
2517 for (i=0;i<ARRAY_SIZE(levels);i++) {
2518 printf("Testing QueryDomainInfo2 level %u\n", levels[i]);
2520 r.in.domain_handle = handle;
2521 r.in.level = levels[i];
2523 status = dcerpc_samr_QueryDomainInfo2(p, mem_ctx, &r);
2524 if (!NT_STATUS_IS_OK(status)) {
2525 printf("QueryDomainInfo2 level %u failed - %s\n",
2526 r.in.level, nt_errstr(status));
2535 /* Test whether querydispinfo level 5 and enumdomgroups return the same
2536 set of group names. */
2537 static BOOL test_GroupList(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2538 struct policy_handle *handle)
2540 struct samr_EnumDomainGroups q1;
2541 struct samr_QueryDisplayInfo q2;
2543 uint32_t resume_handle=0;
2548 const char **names = NULL;
2550 printf("Testing coherency of querydispinfo vs enumdomgroups\n");
2552 q1.in.domain_handle = handle;
2553 q1.in.resume_handle = &resume_handle;
2555 q1.out.resume_handle = &resume_handle;
2557 status = STATUS_MORE_ENTRIES;
2558 while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
2559 status = dcerpc_samr_EnumDomainGroups(p, mem_ctx, &q1);
2561 if (!NT_STATUS_IS_OK(status) &&
2562 !NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES))
2565 for (i=0; i<q1.out.sam->count; i++) {
2566 add_string_to_array(mem_ctx,
2567 q1.out.sam->entries[i].name.string,
2568 &names, &num_names);
2572 if (!NT_STATUS_IS_OK(status)) {
2573 printf("EnumDomainGroups failed - %s\n", nt_errstr(status));
2581 q2.in.domain_handle = handle;
2583 q2.in.start_idx = 0;
2584 q2.in.max_entries = 5;
2585 q2.in.buf_size = (uint32_t)-1;
2587 status = STATUS_MORE_ENTRIES;
2588 while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
2589 status = dcerpc_samr_QueryDisplayInfo(p, mem_ctx, &q2);
2591 if (!NT_STATUS_IS_OK(status) &&
2592 !NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES))
2595 for (i=0; i<q2.out.info.info5.count; i++) {
2597 const char *name = q2.out.info.info5.entries[i].account_name.string;
2599 for (j=0; j<num_names; j++) {
2600 if (names[j] == NULL)
2602 /* Hmm. No strequal in samba4 */
2603 if (strequal(names[j], name)) {
2611 printf("QueryDisplayInfo gave name [%s] that EnumDomainGroups did not\n",
2616 q2.in.start_idx += q2.out.info.info5.count;
2619 if (!NT_STATUS_IS_OK(status)) {
2620 printf("QueryDisplayInfo level 5 failed - %s\n",
2625 for (i=0; i<num_names; i++) {
2626 if (names[i] != NULL) {
2627 printf("EnumDomainGroups gave name [%s] that QueryDisplayInfo did not\n",
2636 static BOOL test_DeleteDomainGroup(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2637 struct policy_handle *group_handle)
2639 struct samr_DeleteDomainGroup d;
2643 printf("Testing DeleteDomainGroup\n");
2645 d.in.group_handle = group_handle;
2646 d.out.group_handle = group_handle;
2648 status = dcerpc_samr_DeleteDomainGroup(p, mem_ctx, &d);
2649 if (!NT_STATUS_IS_OK(status)) {
2650 printf("DeleteDomainGroup failed - %s\n", nt_errstr(status));
2657 static BOOL test_TestPrivateFunctionsDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2658 struct policy_handle *domain_handle)
2660 struct samr_TestPrivateFunctionsDomain r;
2664 printf("Testing TestPrivateFunctionsDomain\n");
2666 r.in.domain_handle = domain_handle;
2668 status = dcerpc_samr_TestPrivateFunctionsDomain(p, mem_ctx, &r);
2669 if (!NT_STATUS_EQUAL(NT_STATUS_NOT_IMPLEMENTED, status)) {
2670 printf("TestPrivateFunctionsDomain failed - %s\n", nt_errstr(status));
2677 static BOOL test_RidToSid(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2678 struct policy_handle *domain_handle)
2680 struct samr_RidToSid r;
2684 printf("Testing RidToSid\n");
2686 r.in.domain_handle = domain_handle;
2689 status = dcerpc_samr_RidToSid(p, mem_ctx, &r);
2690 if (!NT_STATUS_IS_OK(status)) {
2691 printf("RidToSid failed - %s\n", nt_errstr(status));
2698 static BOOL test_GetBootKeyInformation(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2699 struct policy_handle *domain_handle)
2701 struct samr_GetBootKeyInformation r;
2705 printf("Testing GetBootKeyInformation\n");
2707 r.in.domain_handle = domain_handle;
2709 status = dcerpc_samr_GetBootKeyInformation(p, mem_ctx, &r);
2710 if (!NT_STATUS_IS_OK(status)) {
2711 /* w2k3 seems to fail this sometimes and pass it sometimes */
2712 printf("GetBootKeyInformation (ignored) - %s\n", nt_errstr(status));
2718 static BOOL test_AddGroupMember(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2719 struct policy_handle *domain_handle,
2720 struct policy_handle *group_handle)
2723 struct samr_AddGroupMember r;
2724 struct samr_DeleteGroupMember d;
2725 struct samr_QueryGroupMember q;
2726 struct samr_SetMemberAttributesOfGroup s;
2730 status = test_LookupName(p, mem_ctx, domain_handle, TEST_ACCOUNT_NAME, &rid);
2731 if (!NT_STATUS_IS_OK(status)) {
2735 r.in.group_handle = group_handle;
2737 r.in.flags = 0; /* ??? */
2739 printf("Testing AddGroupMember and DeleteGroupMember\n");
2741 d.in.group_handle = group_handle;
2744 status = dcerpc_samr_DeleteGroupMember(p, mem_ctx, &d);
2745 if (!NT_STATUS_EQUAL(NT_STATUS_MEMBER_NOT_IN_GROUP, status)) {
2746 printf("DeleteGroupMember gave %s - should be NT_STATUS_MEMBER_NOT_IN_GROUP\n",
2751 status = dcerpc_samr_AddGroupMember(p, mem_ctx, &r);
2752 if (!NT_STATUS_IS_OK(status)) {
2753 printf("AddGroupMember failed - %s\n", nt_errstr(status));
2757 status = dcerpc_samr_AddGroupMember(p, mem_ctx, &r);
2758 if (!NT_STATUS_EQUAL(NT_STATUS_MEMBER_IN_GROUP, status)) {
2759 printf("AddGroupMember gave %s - should be NT_STATUS_MEMBER_IN_GROUP\n",
2764 /* this one is quite strange. I am using random inputs in the
2765 hope of triggering an error that might give us a clue */
2766 s.in.group_handle = group_handle;
2767 s.in.unknown1 = random();
2768 s.in.unknown2 = random();
2770 status = dcerpc_samr_SetMemberAttributesOfGroup(p, mem_ctx, &s);
2771 if (!NT_STATUS_IS_OK(status)) {
2772 printf("SetMemberAttributesOfGroup failed - %s\n", nt_errstr(status));
2776 q.in.group_handle = group_handle;
2778 status = dcerpc_samr_QueryGroupMember(p, mem_ctx, &q);
2779 if (!NT_STATUS_IS_OK(status)) {
2780 printf("QueryGroupMember failed - %s\n", nt_errstr(status));
2784 status = dcerpc_samr_DeleteGroupMember(p, mem_ctx, &d);
2785 if (!NT_STATUS_IS_OK(status)) {
2786 printf("DeleteGroupMember failed - %s\n", nt_errstr(status));
2790 status = dcerpc_samr_AddGroupMember(p, mem_ctx, &r);
2791 if (!NT_STATUS_IS_OK(status)) {
2792 printf("AddGroupMember failed - %s\n", nt_errstr(status));
2800 static BOOL test_CreateDomainGroup(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2801 struct policy_handle *domain_handle, struct policy_handle *group_handle)
2804 struct samr_CreateDomainGroup r;
2806 struct samr_String name;
2809 init_samr_String(&name, TEST_GROUPNAME);
2811 r.in.domain_handle = domain_handle;
2813 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
2814 r.out.group_handle = group_handle;
2817 printf("Testing CreateDomainGroup(%s)\n", r.in.name->string);
2819 status = dcerpc_samr_CreateDomainGroup(p, mem_ctx, &r);
2821 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
2822 printf("Server refused create of '%s'\n", r.in.name->string);
2823 ZERO_STRUCTP(group_handle);
2827 if (NT_STATUS_EQUAL(status, NT_STATUS_GROUP_EXISTS) ||
2828 NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
2829 if (!test_DeleteGroup_byname(p, mem_ctx, domain_handle, r.in.name->string)) {
2832 status = dcerpc_samr_CreateDomainGroup(p, mem_ctx, &r);
2834 if (!NT_STATUS_IS_OK(status)) {
2835 printf("CreateDomainGroup failed - %s\n", nt_errstr(status));
2839 if (!test_AddGroupMember(p, mem_ctx, domain_handle, group_handle)) {
2843 if (!test_SetGroupInfo(p, mem_ctx, group_handle)) {
2852 its not totally clear what this does. It seems to accept any sid you like.
2854 static BOOL test_RemoveMemberFromForeignDomain(struct dcerpc_pipe *p,
2855 TALLOC_CTX *mem_ctx,
2856 struct policy_handle *domain_handle)
2859 struct samr_RemoveMemberFromForeignDomain r;
2861 r.in.domain_handle = domain_handle;
2862 r.in.sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-12-34-56-78-9");
2864 status = dcerpc_samr_RemoveMemberFromForeignDomain(p, mem_ctx, &r);
2865 if (!NT_STATUS_IS_OK(status)) {
2866 printf("RemoveMemberFromForeignDomain failed - %s\n", nt_errstr(status));
2875 static BOOL test_Connect(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2876 struct policy_handle *handle);
2878 static BOOL test_OpenDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2879 struct policy_handle *handle, struct dom_sid *sid)
2882 struct samr_OpenDomain r;
2883 struct policy_handle domain_handle;
2884 struct policy_handle user_handle;
2885 struct policy_handle alias_handle;
2886 struct policy_handle group_handle;
2889 ZERO_STRUCT(user_handle);
2890 ZERO_STRUCT(alias_handle);
2891 ZERO_STRUCT(group_handle);
2892 ZERO_STRUCT(domain_handle);
2894 printf("Testing OpenDomain\n");
2896 r.in.connect_handle = handle;
2897 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
2899 r.out.domain_handle = &domain_handle;
2901 status = dcerpc_samr_OpenDomain(p, mem_ctx, &r);
2902 if (!NT_STATUS_IS_OK(status)) {
2903 printf("OpenDomain failed - %s\n", nt_errstr(status));
2907 /* run the domain tests with the main handle closed - this tests
2908 the servers reference counting */
2909 ret &= test_samr_handle_Close(p, mem_ctx, handle);
2911 ret &= test_QuerySecurity(p, mem_ctx, &domain_handle);
2912 ret &= test_RemoveMemberFromForeignDomain(p, mem_ctx, &domain_handle);
2913 ret &= test_CreateUser2(p, mem_ctx, &domain_handle);
2914 ret &= test_CreateUser(p, mem_ctx, &domain_handle, &user_handle);
2915 ret &= test_CreateAlias(p, mem_ctx, &domain_handle, &alias_handle, sid);
2916 ret &= test_CreateDomainGroup(p, mem_ctx, &domain_handle, &group_handle);
2917 ret &= test_QueryDomainInfo(p, mem_ctx, &domain_handle);
2918 ret &= test_QueryDomainInfo2(p, mem_ctx, &domain_handle);
2919 ret &= test_EnumDomainUsers(p, mem_ctx, &domain_handle);
2920 ret &= test_EnumDomainUsers_async(p, mem_ctx, &domain_handle);
2921 ret &= test_EnumDomainGroups(p, mem_ctx, &domain_handle);
2922 ret &= test_EnumDomainAliases(p, mem_ctx, &domain_handle);
2923 ret &= test_QueryDisplayInfo(p, mem_ctx, &domain_handle);
2924 ret &= test_QueryDisplayInfo2(p, mem_ctx, &domain_handle);
2925 ret &= test_QueryDisplayInfo3(p, mem_ctx, &domain_handle);
2926 ret &= test_GetDisplayEnumerationIndex(p, mem_ctx, &domain_handle);
2927 ret &= test_GetDisplayEnumerationIndex2(p, mem_ctx, &domain_handle);
2928 ret &= test_GroupList(p, mem_ctx, &domain_handle);
2929 ret &= test_TestPrivateFunctionsDomain(p, mem_ctx, &domain_handle);
2930 ret &= test_RidToSid(p, mem_ctx, &domain_handle);
2931 ret &= test_GetBootKeyInformation(p, mem_ctx, &domain_handle);
2933 if (!policy_handle_empty(&user_handle) &&
2934 !test_DeleteUser(p, mem_ctx, &user_handle)) {
2938 if (!policy_handle_empty(&alias_handle) &&
2939 !test_DeleteAlias(p, mem_ctx, &alias_handle)) {
2943 if (!policy_handle_empty(&group_handle) &&
2944 !test_DeleteDomainGroup(p, mem_ctx, &group_handle)) {
2948 ret &= test_samr_handle_Close(p, mem_ctx, &domain_handle);
2950 /* reconnect the main handle */
2951 ret &= test_Connect(p, mem_ctx, handle);
2956 static BOOL test_LookupDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2957 struct policy_handle *handle, struct samr_String *domain)
2960 struct samr_LookupDomain r;
2961 struct samr_String n2;
2964 printf("Testing LookupDomain(%s)\n", domain->string);
2966 /* check for correct error codes */
2967 r.in.connect_handle = handle;
2971 status = dcerpc_samr_LookupDomain(p, mem_ctx, &r);
2972 if (!NT_STATUS_EQUAL(NT_STATUS_INVALID_PARAMETER, status)) {
2973 printf("failed: LookupDomain expected NT_STATUS_INVALID_PARAMETER - %s\n", nt_errstr(status));
2977 n2.string = "xxNODOMAINxx";
2979 status = dcerpc_samr_LookupDomain(p, mem_ctx, &r);
2980 if (!NT_STATUS_EQUAL(NT_STATUS_NO_SUCH_DOMAIN, status)) {
2981 printf("failed: LookupDomain expected NT_STATUS_NO_SUCH_DOMAIN - %s\n", nt_errstr(status));
2985 r.in.connect_handle = handle;
2986 r.in.domain = domain;
2988 status = dcerpc_samr_LookupDomain(p, mem_ctx, &r);
2989 if (!NT_STATUS_IS_OK(status)) {
2990 printf("LookupDomain failed - %s\n", nt_errstr(status));
2994 if (!test_GetDomPwInfo(p, mem_ctx, domain)) {
2998 if (!test_OpenDomain(p, mem_ctx, handle, r.out.sid)) {
3006 static BOOL test_EnumDomains(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
3007 struct policy_handle *handle)
3010 struct samr_EnumDomains r;
3011 uint32_t resume_handle = 0;
3015 r.in.connect_handle = handle;
3016 r.in.resume_handle = &resume_handle;
3017 r.in.buf_size = (uint32_t)-1;
3018 r.out.resume_handle = &resume_handle;
3020 status = dcerpc_samr_EnumDomains(p, mem_ctx, &r);
3021 if (!NT_STATUS_IS_OK(status)) {
3022 printf("EnumDomains failed - %s\n", nt_errstr(status));
3030 for (i=0;i<r.out.sam->count;i++) {
3031 if (!test_LookupDomain(p, mem_ctx, handle,
3032 &r.out.sam->entries[i].name)) {
3037 status = dcerpc_samr_EnumDomains(p, mem_ctx, &r);
3038 if (!NT_STATUS_IS_OK(status)) {
3039 printf("EnumDomains failed - %s\n", nt_errstr(status));
3047 static BOOL test_Connect(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
3048 struct policy_handle *handle)
3051 struct samr_Connect r;
3052 struct samr_Connect2 r2;
3053 struct samr_Connect3 r3;
3054 struct samr_Connect4 r4;
3055 struct samr_Connect5 r5;
3056 union samr_ConnectInfo info;
3057 struct policy_handle h;
3058 BOOL ret = True, got_handle = False;
3060 printf("testing samr_Connect\n");
3062 r.in.system_name = 0;
3063 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
3064 r.out.connect_handle = &h;
3066 status = dcerpc_samr_Connect(p, mem_ctx, &r);
3067 if (!NT_STATUS_IS_OK(status)) {
3068 printf("Connect failed - %s\n", nt_errstr(status));
3075 printf("testing samr_Connect2\n");
3077 r2.in.system_name = NULL;
3078 r2.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
3079 r2.out.connect_handle = &h;
3081 status = dcerpc_samr_Connect2(p, mem_ctx, &r2);
3082 if (!NT_STATUS_IS_OK(status)) {
3083 printf("Connect2 failed - %s\n", nt_errstr(status));
3087 test_samr_handle_Close(p, mem_ctx, handle);
3093 printf("testing samr_Connect3\n");
3095 r3.in.system_name = NULL;
3097 r3.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
3098 r3.out.connect_handle = &h;
3100 status = dcerpc_samr_Connect3(p, mem_ctx, &r3);
3101 if (!NT_STATUS_IS_OK(status)) {
3102 printf("Connect3 failed - %s\n", nt_errstr(status));
3106 test_samr_handle_Close(p, mem_ctx, handle);
3112 printf("testing samr_Connect4\n");
3114 r4.in.system_name = "";
3116 r4.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
3117 r4.out.connect_handle = &h;
3119 status = dcerpc_samr_Connect4(p, mem_ctx, &r4);
3120 if (!NT_STATUS_IS_OK(status)) {
3121 printf("Connect4 failed - %s\n", nt_errstr(status));
3125 test_samr_handle_Close(p, mem_ctx, handle);
3131 printf("testing samr_Connect5\n");
3133 info.info1.unknown1 = 0;
3134 info.info1.unknown2 = 0;
3136 r5.in.system_name = "";
3137 r5.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
3140 r5.out.info = &info;
3141 r5.out.connect_handle = &h;
3143 status = dcerpc_samr_Connect5(p, mem_ctx, &r5);
3144 if (!NT_STATUS_IS_OK(status)) {
3145 printf("Connect5 failed - %s\n", nt_errstr(status));
3149 test_samr_handle_Close(p, mem_ctx, handle);
3159 BOOL torture_rpc_samr(void)
3162 struct dcerpc_pipe *p;
3163 TALLOC_CTX *mem_ctx;
3165 struct policy_handle handle;
3167 mem_ctx = talloc_init("torture_rpc_samr");
3169 status = torture_rpc_connection(&p,
3172 DCERPC_SAMR_VERSION);
3173 if (!NT_STATUS_IS_OK(status)) {
3177 if (!test_Connect(p, mem_ctx, &handle)) {
3181 if (!test_QuerySecurity(p, mem_ctx, &handle)) {
3185 if (!test_EnumDomains(p, mem_ctx, &handle)) {
3189 if (!test_SetDsrmPassword(p, mem_ctx, &handle)) {
3193 if (!test_Shutdown(p, mem_ctx, &handle)) {
3197 if (!test_samr_handle_Close(p, mem_ctx, &handle)) {
3201 talloc_destroy(mem_ctx);
3203 torture_rpc_close(p);