2 Unix SMB/CIFS implementation.
3 test suite for samr rpc operations
5 Copyright (C) Andrew Tridgell 2003
6 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2003
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25 #define TEST_ACCOUNT_NAME "samrtorturetest"
26 #define TEST_ALIASNAME "samrtorturetestalias"
27 #define TEST_GROUPNAME "samrtorturetestgroup"
28 #define TEST_MACHINENAME "samrtorturetestmach$"
29 #define TEST_DOMAINNAME "samrtorturetestdom$"
32 static BOOL test_QueryUserInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
33 struct policy_handle *handle);
35 static BOOL test_QueryUserInfo2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
36 struct policy_handle *handle);
38 static BOOL test_QueryAliasInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
39 struct policy_handle *handle);
41 static void init_samr_Name(struct samr_Name *name, const char *s)
46 static BOOL test_Close(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
47 struct policy_handle *handle)
53 r.out.handle = handle;
55 status = dcerpc_samr_Close(p, mem_ctx, &r);
56 if (!NT_STATUS_IS_OK(status)) {
57 printf("Close handle failed - %s\n", nt_errstr(status));
64 static BOOL test_Shutdown(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
65 struct policy_handle *handle)
68 struct samr_Shutdown r;
70 if (lp_parm_int(-1, "torture", "dangerous") != 1) {
71 printf("samr_Shutdown disabled - enable dangerous tests to use\n");
75 r.in.connect_handle = handle;
77 printf("testing samr_Shutdown\n");
79 status = dcerpc_samr_Shutdown(p, mem_ctx, &r);
80 if (!NT_STATUS_IS_OK(status)) {
81 printf("samr_Shutdown failed - %s\n", nt_errstr(status));
88 static BOOL test_SetDsrmPassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
89 struct policy_handle *handle)
92 struct samr_SetDsrmPassword r;
93 struct samr_Name name;
94 struct samr_Password hash;
96 if (lp_parm_int(-1, "torture", "dangerous") != 1) {
97 printf("samr_SetDsrmPassword disabled - enable dangerous tests to use\n");
101 E_md4hash("TeSTDSRM123", hash.hash);
103 init_samr_Name(&name, "Administrator");
109 printf("testing samr_SetDsrmPassword\n");
111 status = dcerpc_samr_SetDsrmPassword(p, mem_ctx, &r);
112 if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
113 printf("samr_SetDsrmPassword failed - %s\n", nt_errstr(status));
121 static BOOL test_QuerySecurity(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
122 struct policy_handle *handle)
125 struct samr_QuerySecurity r;
126 struct samr_SetSecurity s;
128 r.in.handle = handle;
131 status = dcerpc_samr_QuerySecurity(p, mem_ctx, &r);
132 if (!NT_STATUS_IS_OK(status)) {
133 printf("QuerySecurity failed - %s\n", nt_errstr(status));
137 if (r.out.sdbuf == NULL) {
141 s.in.handle = handle;
143 s.in.sdbuf = r.out.sdbuf;
145 status = dcerpc_samr_SetSecurity(p, mem_ctx, &s);
146 if (!NT_STATUS_IS_OK(status)) {
147 printf("SetSecurity failed - %s\n", nt_errstr(status));
151 status = dcerpc_samr_QuerySecurity(p, mem_ctx, &r);
152 if (!NT_STATUS_IS_OK(status)) {
153 printf("QuerySecurity failed - %s\n", nt_errstr(status));
161 static BOOL test_SetUserInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
162 struct policy_handle *handle, uint32_t base_acct_flags)
165 struct samr_SetUserInfo s;
166 struct samr_SetUserInfo2 s2;
167 struct samr_QueryUserInfo q;
168 struct samr_QueryUserInfo q0;
169 union samr_UserInfo u;
172 uint32_t user_extra_flags = 0;
173 if (base_acct_flags == ACB_NORMAL) {
174 /* Don't know what this is, but it is always here for users - you can't get rid of it */
175 user_extra_flags = 0x20000;
178 s.in.user_handle = handle;
181 s2.in.user_handle = handle;
184 q.in.user_handle = handle;
188 #define TESTCALL(call, r) \
189 status = dcerpc_samr_ ##call(p, mem_ctx, &r); \
190 if (!NT_STATUS_IS_OK(status)) { \
191 printf(#call " level %u failed - %s (line %d)\n", \
192 r.in.level, nt_errstr(status), __LINE__); \
197 #define STRING_EQUAL(s1, s2, field) \
198 if ((s1 && !s2) || (s2 && !s1) || strcmp(s1, s2)) { \
199 printf("Failed to set %s to '%s' (line %d)\n", \
200 #field, s2, __LINE__); \
205 #define INT_EQUAL(i1, i2, field) \
207 printf("Failed to set %s to 0x%x - got 0x%x (line %d)\n", \
208 #field, i2, i1, __LINE__); \
213 #define TEST_USERINFO_NAME(lvl1, field1, lvl2, field2, value, fpval) do { \
214 printf("field test %d/%s vs %d/%s\n", lvl1, #field1, lvl2, #field2); \
216 TESTCALL(QueryUserInfo, q) \
218 s2.in.level = lvl1; \
221 ZERO_STRUCT(u.info21); \
222 u.info21.fields_present = fpval; \
224 init_samr_Name(&u.info ## lvl1.field1, value); \
225 TESTCALL(SetUserInfo, s) \
226 TESTCALL(SetUserInfo2, s2) \
227 init_samr_Name(&u.info ## lvl1.field1, ""); \
228 TESTCALL(QueryUserInfo, q); \
230 STRING_EQUAL(u.info ## lvl1.field1.name, value, field1); \
232 TESTCALL(QueryUserInfo, q) \
234 STRING_EQUAL(u.info ## lvl2.field2.name, value, field2); \
237 #define TEST_USERINFO_INT_EXP(lvl1, field1, lvl2, field2, value, exp_value, fpval) do { \
238 printf("field test %d/%s vs %d/%s\n", lvl1, #field1, lvl2, #field2); \
240 TESTCALL(QueryUserInfo, q) \
242 s2.in.level = lvl1; \
245 uint8_t *bitmap = u.info21.logon_hours.bitmap; \
246 ZERO_STRUCT(u.info21); \
247 if (fpval == SAMR_FIELD_LOGON_HOURS) { \
248 u.info21.logon_hours.units_per_week = 168; \
249 u.info21.logon_hours.bitmap = bitmap; \
251 u.info21.fields_present = fpval; \
253 u.info ## lvl1.field1 = value; \
254 TESTCALL(SetUserInfo, s) \
255 TESTCALL(SetUserInfo2, s2) \
256 u.info ## lvl1.field1 = 0; \
257 TESTCALL(QueryUserInfo, q); \
259 INT_EQUAL(u.info ## lvl1.field1, exp_value, field1); \
261 TESTCALL(QueryUserInfo, q) \
263 INT_EQUAL(u.info ## lvl2.field2, exp_value, field1); \
266 #define TEST_USERINFO_INT(lvl1, field1, lvl2, field2, value, fpval) do { \
267 TEST_USERINFO_INT_EXP(lvl1, field1, lvl2, field2, value, value, fpval); \
271 do { TESTCALL(QueryUserInfo, q0) } while (0);
273 TEST_USERINFO_NAME(2, comment, 1, comment, "xx2-1 comment", 0);
274 TEST_USERINFO_NAME(2, comment, 21, comment, "xx2-21 comment", 0);
275 TEST_USERINFO_NAME(21, comment, 21, comment, "xx21-21 comment",
278 TEST_USERINFO_NAME(6, full_name, 1, full_name, "xx6-1 full_name", 0);
279 TEST_USERINFO_NAME(6, full_name, 3, full_name, "xx6-3 full_name", 0);
280 TEST_USERINFO_NAME(6, full_name, 5, full_name, "xx6-5 full_name", 0);
281 TEST_USERINFO_NAME(6, full_name, 6, full_name, "xx6-6 full_name", 0);
282 TEST_USERINFO_NAME(6, full_name, 8, full_name, "xx6-8 full_name", 0);
283 TEST_USERINFO_NAME(6, full_name, 21, full_name, "xx6-21 full_name", 0);
284 TEST_USERINFO_NAME(8, full_name, 21, full_name, "xx8-21 full_name", 0);
285 TEST_USERINFO_NAME(21, full_name, 21, full_name, "xx21-21 full_name",
288 TEST_USERINFO_NAME(11, logon_script, 3, logon_script, "xx11-3 logon_script", 0);
289 TEST_USERINFO_NAME(11, logon_script, 5, logon_script, "xx11-5 logon_script", 0);
290 TEST_USERINFO_NAME(11, logon_script, 21, logon_script, "xx11-21 logon_script", 0);
291 TEST_USERINFO_NAME(21, logon_script, 21, logon_script, "xx21-21 logon_script",
292 SAMR_FIELD_LOGON_SCRIPT);
294 TEST_USERINFO_NAME(12, profile_path, 3, profile_path, "xx12-3 profile_path", 0);
295 TEST_USERINFO_NAME(12, profile_path, 5, profile_path, "xx12-5 profile_path", 0);
296 TEST_USERINFO_NAME(12, profile_path, 21, profile_path, "xx12-21 profile_path", 0);
297 TEST_USERINFO_NAME(21, profile_path, 21, profile_path, "xx21-21 profile_path",
298 SAMR_FIELD_PROFILE_PATH);
300 TEST_USERINFO_NAME(13, description, 1, description, "xx13-1 description", 0);
301 TEST_USERINFO_NAME(13, description, 5, description, "xx13-5 description", 0);
302 TEST_USERINFO_NAME(13, description, 21, description, "xx13-21 description", 0);
303 TEST_USERINFO_NAME(21, description, 21, description, "xx21-21 description",
304 SAMR_FIELD_DESCRIPTION);
306 TEST_USERINFO_NAME(14, workstations, 3, workstations, "14workstation3", 0);
307 TEST_USERINFO_NAME(14, workstations, 5, workstations, "14workstation4", 0);
308 TEST_USERINFO_NAME(14, workstations, 21, workstations, "14workstation21", 0);
309 TEST_USERINFO_NAME(21, workstations, 21, workstations, "21workstation21",
310 SAMR_FIELD_WORKSTATION);
312 TEST_USERINFO_NAME(20, callback, 21, callback, "xx20-21 callback", 0);
313 TEST_USERINFO_NAME(21, callback, 21, callback, "xx21-21 callback",
314 SAMR_FIELD_CALLBACK);
316 TEST_USERINFO_INT(2, country_code, 21, country_code, __LINE__, 0);
317 TEST_USERINFO_INT(21, country_code, 21, country_code, __LINE__,
318 SAMR_FIELD_COUNTRY_CODE);
320 TEST_USERINFO_INT(2, code_page, 21, code_page, __LINE__, 0);
321 TEST_USERINFO_INT(21, code_page, 21, code_page, __LINE__,
322 SAMR_FIELD_CODE_PAGE);
324 TEST_USERINFO_INT(4, logon_hours.bitmap[3], 3, logon_hours.bitmap[3], 1, 0);
325 TEST_USERINFO_INT(4, logon_hours.bitmap[3], 5, logon_hours.bitmap[3], 2, 0);
326 TEST_USERINFO_INT(4, logon_hours.bitmap[3], 21, logon_hours.bitmap[3], 3, 0);
327 TEST_USERINFO_INT(21, logon_hours.bitmap[3], 21, logon_hours.bitmap[3], 4,
328 SAMR_FIELD_LOGON_HOURS);
330 TEST_USERINFO_INT_EXP(16, acct_flags, 5, acct_flags,
331 (base_acct_flags | ACB_DISABLED | ACB_HOMDIRREQ),
332 (base_acct_flags | ACB_DISABLED | ACB_HOMDIRREQ | user_extra_flags),
334 TEST_USERINFO_INT_EXP(16, acct_flags, 5, acct_flags,
335 (base_acct_flags | ACB_DISABLED),
336 (base_acct_flags | ACB_DISABLED | user_extra_flags),
339 /* Setting PWNOEXP clears the magic 0x20000 flag */
340 TEST_USERINFO_INT_EXP(16, acct_flags, 5, acct_flags,
341 (base_acct_flags | ACB_DISABLED | ACB_PWNOEXP),
342 (base_acct_flags | ACB_DISABLED | ACB_PWNOEXP),
344 TEST_USERINFO_INT_EXP(16, acct_flags, 21, acct_flags,
345 (base_acct_flags | ACB_DISABLED | ACB_HOMDIRREQ),
346 (base_acct_flags | ACB_DISABLED | ACB_HOMDIRREQ | user_extra_flags),
349 /* The 'autolock' flag doesn't stick - check this */
350 TEST_USERINFO_INT_EXP(16, acct_flags, 21, acct_flags,
351 (base_acct_flags | ACB_DISABLED | ACB_AUTOLOCK),
352 (base_acct_flags | ACB_DISABLED | user_extra_flags),
354 TEST_USERINFO_INT_EXP(21, acct_flags, 21, acct_flags,
355 (base_acct_flags | ACB_DISABLED),
356 (base_acct_flags | ACB_DISABLED | user_extra_flags),
357 SAMR_FIELD_ACCT_FLAGS);
360 /* these fail with win2003 - it appears you can't set the primary gid?
361 the set succeeds, but the gid isn't changed. Very weird! */
362 TEST_USERINFO_INT(9, primary_gid, 1, primary_gid, 513);
363 TEST_USERINFO_INT(9, primary_gid, 3, primary_gid, 513);
364 TEST_USERINFO_INT(9, primary_gid, 5, primary_gid, 513);
365 TEST_USERINFO_INT(9, primary_gid, 21, primary_gid, 513);
371 generate a random password for password change tests
373 static char *samr_rand_pass(TALLOC_CTX *mem_ctx, int min_len)
375 size_t len = MAX(8, min_len) + (random() % 6);
376 char *s = generate_random_str(mem_ctx, len);
377 printf("Generated password '%s'\n", s);
381 static BOOL test_SetUserPass(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
382 struct policy_handle *handle, char **password)
385 struct samr_SetUserInfo s;
386 union samr_UserInfo u;
388 DATA_BLOB session_key;
390 struct samr_GetUserPwInfo pwp;
391 int policy_min_pw_len = 0;
392 pwp.in.user_handle = handle;
394 status = dcerpc_samr_GetUserPwInfo(p, mem_ctx, &pwp);
395 if (NT_STATUS_IS_OK(status)) {
396 policy_min_pw_len = pwp.out.info.min_password_len;
398 newpass = samr_rand_pass(mem_ctx, policy_min_pw_len);
400 s.in.user_handle = handle;
404 encode_pw_buffer(u.info24.password.data, newpass, STR_UNICODE);
405 /* w2k3 ignores this length */
406 u.info24.pw_len = strlen_m(newpass) * 2;
408 status = dcerpc_fetch_session_key(p, &session_key);
409 if (!NT_STATUS_IS_OK(status)) {
410 printf("SetUserInfo level %u - no session key - %s\n",
411 s.in.level, nt_errstr(status));
415 arcfour_crypt_blob(u.info24.password.data, 516, &session_key);
417 printf("Testing SetUserInfo level 24 (set password)\n");
419 status = dcerpc_samr_SetUserInfo(p, mem_ctx, &s);
420 if (!NT_STATUS_IS_OK(status)) {
421 printf("SetUserInfo level %u failed - %s\n",
422 s.in.level, nt_errstr(status));
432 static BOOL test_SetUserPass_23(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
433 struct policy_handle *handle, uint32 fields_present,
437 struct samr_SetUserInfo s;
438 union samr_UserInfo u;
440 DATA_BLOB session_key;
442 struct samr_GetUserPwInfo pwp;
443 int policy_min_pw_len = 0;
444 pwp.in.user_handle = handle;
446 status = dcerpc_samr_GetUserPwInfo(p, mem_ctx, &pwp);
447 if (NT_STATUS_IS_OK(status)) {
448 policy_min_pw_len = pwp.out.info.min_password_len;
450 newpass = samr_rand_pass(mem_ctx, policy_min_pw_len);
452 s.in.user_handle = handle;
458 u.info23.info.fields_present = fields_present;
460 encode_pw_buffer(u.info23.password.data, newpass, STR_UNICODE);
462 status = dcerpc_fetch_session_key(p, &session_key);
463 if (!NT_STATUS_IS_OK(status)) {
464 printf("SetUserInfo level %u - no session key - %s\n",
465 s.in.level, nt_errstr(status));
469 arcfour_crypt_blob(u.info23.password.data, 516, &session_key);
471 printf("Testing SetUserInfo level 23 (set password)\n");
473 status = dcerpc_samr_SetUserInfo(p, mem_ctx, &s);
474 if (!NT_STATUS_IS_OK(status)) {
475 printf("SetUserInfo level %u failed - %s\n",
476 s.in.level, nt_errstr(status));
486 static BOOL test_SetUserPassEx(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
487 struct policy_handle *handle, char **password)
490 struct samr_SetUserInfo s;
491 union samr_UserInfo u;
493 DATA_BLOB session_key;
494 DATA_BLOB confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16);
495 uint8_t confounder[16];
497 struct MD5Context ctx;
498 struct samr_GetUserPwInfo pwp;
499 int policy_min_pw_len = 0;
500 pwp.in.user_handle = handle;
502 status = dcerpc_samr_GetUserPwInfo(p, mem_ctx, &pwp);
503 if (NT_STATUS_IS_OK(status)) {
504 policy_min_pw_len = pwp.out.info.min_password_len;
506 newpass = samr_rand_pass(mem_ctx, policy_min_pw_len);
508 s.in.user_handle = handle;
512 encode_pw_buffer(u.info26.password.data, newpass, STR_UNICODE);
513 u.info26.pw_len = strlen(newpass);
515 status = dcerpc_fetch_session_key(p, &session_key);
516 if (!NT_STATUS_IS_OK(status)) {
517 printf("SetUserInfo level %u - no session key - %s\n",
518 s.in.level, nt_errstr(status));
522 generate_random_buffer((uint8_t *)confounder, 16);
525 MD5Update(&ctx, confounder, 16);
526 MD5Update(&ctx, session_key.data, session_key.length);
527 MD5Final(confounded_session_key.data, &ctx);
529 arcfour_crypt_blob(u.info26.password.data, 516, &confounded_session_key);
530 memcpy(&u.info26.password.data[516], confounder, 16);
532 printf("Testing SetUserInfo level 26 (set password ex)\n");
534 status = dcerpc_samr_SetUserInfo(p, mem_ctx, &s);
535 if (!NT_STATUS_IS_OK(status)) {
536 printf("SetUserInfo level %u failed - %s\n",
537 s.in.level, nt_errstr(status));
546 static BOOL test_SetUserPass_25(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
547 struct policy_handle *handle, uint32 fields_present,
551 struct samr_SetUserInfo s;
552 union samr_UserInfo u;
554 DATA_BLOB session_key;
555 DATA_BLOB confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16);
556 struct MD5Context ctx;
557 uint8_t confounder[16];
559 struct samr_GetUserPwInfo pwp;
560 int policy_min_pw_len = 0;
561 pwp.in.user_handle = handle;
563 status = dcerpc_samr_GetUserPwInfo(p, mem_ctx, &pwp);
564 if (NT_STATUS_IS_OK(status)) {
565 policy_min_pw_len = pwp.out.info.min_password_len;
567 newpass = samr_rand_pass(mem_ctx, policy_min_pw_len);
569 s.in.user_handle = handle;
575 u.info25.info.fields_present = fields_present;
577 encode_pw_buffer(u.info25.password.data, newpass, STR_UNICODE);
579 status = dcerpc_fetch_session_key(p, &session_key);
580 if (!NT_STATUS_IS_OK(status)) {
581 printf("SetUserInfo level %u - no session key - %s\n",
582 s.in.level, nt_errstr(status));
586 generate_random_buffer((uint8_t *)confounder, 16);
589 MD5Update(&ctx, confounder, 16);
590 MD5Update(&ctx, session_key.data, session_key.length);
591 MD5Final(confounded_session_key.data, &ctx);
593 arcfour_crypt_blob(u.info25.password.data, 516, &confounded_session_key);
594 memcpy(&u.info25.password.data[516], confounder, 16);
596 printf("Testing SetUserInfo level 25 (set password ex)\n");
598 status = dcerpc_samr_SetUserInfo(p, mem_ctx, &s);
599 if (!NT_STATUS_IS_OK(status)) {
600 printf("SetUserInfo level %u failed - %s\n",
601 s.in.level, nt_errstr(status));
610 static BOOL test_SetAliasInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
611 struct policy_handle *handle)
614 struct samr_SetAliasInfo r;
615 struct samr_QueryAliasInfo q;
616 uint16_t levels[] = {2, 3};
620 /* Ignoring switch level 1, as that includes the number of members for the alias
621 * and setting this to a wrong value might have negative consequences
624 for (i=0;i<ARRAY_SIZE(levels);i++) {
625 printf("Testing SetAliasInfo level %u\n", levels[i]);
627 r.in.alias_handle = handle;
628 r.in.level = levels[i];
629 switch (r.in.level) {
630 case 2 : init_samr_Name(&r.in.info.name,TEST_ALIASNAME); break;
631 case 3 : init_samr_Name(&r.in.info.description,
632 "Test Description, should test I18N as well"); break;
635 status = dcerpc_samr_SetAliasInfo(p, mem_ctx, &r);
636 if (!NT_STATUS_IS_OK(status)) {
637 printf("SetAliasInfo level %u failed - %s\n",
638 levels[i], nt_errstr(status));
642 q.in.alias_handle = handle;
643 q.in.level = levels[i];
645 status = dcerpc_samr_QueryAliasInfo(p, mem_ctx, &q);
646 if (!NT_STATUS_IS_OK(status)) {
647 printf("QueryAliasInfo level %u failed - %s\n",
648 levels[i], nt_errstr(status));
656 static BOOL test_GetGroupsForUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
657 struct policy_handle *user_handle)
659 struct samr_GetGroupsForUser r;
663 printf("testing GetGroupsForUser\n");
665 r.in.user_handle = user_handle;
667 status = dcerpc_samr_GetGroupsForUser(p, mem_ctx, &r);
668 if (!NT_STATUS_IS_OK(status)) {
669 printf("GetGroupsForUser failed - %s\n",nt_errstr(status));
677 static BOOL test_GetDomPwInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
678 struct samr_Name *domain_name)
681 struct samr_GetDomPwInfo r;
684 r.in.name = domain_name;
685 printf("Testing GetDomPwInfo with name %s\n", r.in.name->name);
687 status = dcerpc_samr_GetDomPwInfo(p, mem_ctx, &r);
688 if (!NT_STATUS_IS_OK(status)) {
689 printf("GetDomPwInfo failed - %s\n", nt_errstr(status));
693 r.in.name->name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
694 printf("Testing GetDomPwInfo with name %s\n", r.in.name->name);
696 status = dcerpc_samr_GetDomPwInfo(p, mem_ctx, &r);
697 if (!NT_STATUS_IS_OK(status)) {
698 printf("GetDomPwInfo failed - %s\n", nt_errstr(status));
702 r.in.name->name = "\\\\__NONAME__";
703 printf("Testing GetDomPwInfo with name %s\n", r.in.name->name);
705 status = dcerpc_samr_GetDomPwInfo(p, mem_ctx, &r);
706 if (!NT_STATUS_IS_OK(status)) {
707 printf("GetDomPwInfo failed - %s\n", nt_errstr(status));
711 r.in.name->name = "\\\\Builtin";
712 printf("Testing GetDomPwInfo with name %s\n", r.in.name->name);
714 status = dcerpc_samr_GetDomPwInfo(p, mem_ctx, &r);
715 if (!NT_STATUS_IS_OK(status)) {
716 printf("GetDomPwInfo failed - %s\n", nt_errstr(status));
724 static BOOL test_GetUserPwInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
725 struct policy_handle *handle)
728 struct samr_GetUserPwInfo r;
731 printf("Testing GetUserPwInfo\n");
733 r.in.user_handle = handle;
735 status = dcerpc_samr_GetUserPwInfo(p, mem_ctx, &r);
736 if (!NT_STATUS_IS_OK(status)) {
737 printf("GetUserPwInfo failed - %s\n", nt_errstr(status));
744 static NTSTATUS test_LookupName(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
745 struct policy_handle *domain_handle, const char *name,
749 struct samr_LookupNames n;
750 struct samr_Name sname[2];
752 init_samr_Name(&sname[0], name);
754 n.in.domain_handle = domain_handle;
757 status = dcerpc_samr_LookupNames(p, mem_ctx, &n);
758 if (NT_STATUS_IS_OK(status)) {
759 *rid = n.out.rids.ids[0];
764 init_samr_Name(&sname[1], "xxNONAMExx");
766 status = dcerpc_samr_LookupNames(p, mem_ctx, &n);
767 if (!NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) {
768 printf("LookupNames[2] failed - %s\n", nt_errstr(status));
772 init_samr_Name(&sname[1], "xxNONAMExx");
774 status = dcerpc_samr_LookupNames(p, mem_ctx, &n);
775 if (!NT_STATUS_IS_OK(status)) {
776 printf("LookupNames[0] failed - %s\n", nt_errstr(status));
782 static NTSTATUS test_OpenUser_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
783 struct policy_handle *domain_handle,
784 const char *name, struct policy_handle *user_handle)
787 struct samr_OpenUser r;
790 status = test_LookupName(p, mem_ctx, domain_handle, name, &rid);
791 if (!NT_STATUS_IS_OK(status)) {
795 r.in.domain_handle = domain_handle;
796 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
798 r.out.user_handle = user_handle;
799 status = dcerpc_samr_OpenUser(p, mem_ctx, &r);
800 if (!NT_STATUS_IS_OK(status)) {
801 printf("OpenUser_byname(%s) failed - %s\n", name, nt_errstr(status));
808 static BOOL test_ChangePasswordNT3(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
809 struct policy_handle *handle)
812 struct samr_ChangePasswordUser r;
814 struct samr_Password hash1, hash2, hash3, hash4, hash5, hash6;
815 struct policy_handle user_handle;
816 char *oldpass = "test";
817 char *newpass = "test2";
818 uint8_t old_nt_hash[16], new_nt_hash[16];
819 uint8_t old_lm_hash[16], new_lm_hash[16];
821 status = test_OpenUser_byname(p, mem_ctx, handle, "testuser", &user_handle);
822 if (!NT_STATUS_IS_OK(status)) {
826 printf("Testing ChangePasswordUser for user 'testuser'\n");
828 printf("old password: %s\n", oldpass);
829 printf("new password: %s\n", newpass);
831 E_md4hash(oldpass, old_nt_hash);
832 E_md4hash(newpass, new_nt_hash);
833 E_deshash(oldpass, old_lm_hash);
834 E_deshash(newpass, new_lm_hash);
836 E_old_pw_hash(new_lm_hash, old_lm_hash, hash1.hash);
837 E_old_pw_hash(old_lm_hash, new_lm_hash, hash2.hash);
838 E_old_pw_hash(new_nt_hash, old_nt_hash, hash3.hash);
839 E_old_pw_hash(old_nt_hash, new_nt_hash, hash4.hash);
840 E_old_pw_hash(old_lm_hash, new_nt_hash, hash5.hash);
841 E_old_pw_hash(old_nt_hash, new_lm_hash, hash6.hash);
843 r.in.handle = &user_handle;
845 r.in.old_lm_crypted = &hash1;
846 r.in.new_lm_crypted = &hash2;
848 r.in.old_nt_crypted = &hash3;
849 r.in.new_nt_crypted = &hash4;
850 r.in.cross1_present = 1;
851 r.in.nt_cross = &hash5;
852 r.in.cross2_present = 1;
853 r.in.lm_cross = &hash6;
855 status = dcerpc_samr_ChangePasswordUser(p, mem_ctx, &r);
856 if (!NT_STATUS_IS_OK(status)) {
857 printf("ChangePasswordUser failed - %s\n", nt_errstr(status));
861 if (!test_Close(p, mem_ctx, &user_handle)) {
869 static BOOL test_ChangePasswordUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
870 struct policy_handle *handle, char **password)
873 struct samr_ChangePasswordUser r;
875 struct samr_Password hash1, hash2, hash3, hash4, hash5, hash6;
876 struct policy_handle user_handle;
877 char *oldpass = *password;
878 uint8_t old_nt_hash[16], new_nt_hash[16];
879 uint8_t old_lm_hash[16], new_lm_hash[16];
882 struct samr_GetUserPwInfo pwp;
883 int policy_min_pw_len = 0;
885 status = test_OpenUser_byname(p, mem_ctx, handle, TEST_ACCOUNT_NAME, &user_handle);
886 if (!NT_STATUS_IS_OK(status)) {
889 pwp.in.user_handle = &user_handle;
891 status = dcerpc_samr_GetUserPwInfo(p, mem_ctx, &pwp);
892 if (NT_STATUS_IS_OK(status)) {
893 policy_min_pw_len = pwp.out.info.min_password_len;
895 newpass = samr_rand_pass(mem_ctx, policy_min_pw_len);
897 printf("Testing ChangePasswordUser\n");
899 E_md4hash(oldpass, old_nt_hash);
900 E_md4hash(newpass, new_nt_hash);
901 E_deshash(oldpass, old_lm_hash);
902 E_deshash(newpass, new_lm_hash);
904 E_old_pw_hash(new_lm_hash, old_lm_hash, hash1.hash);
905 E_old_pw_hash(old_lm_hash, new_lm_hash, hash2.hash);
906 E_old_pw_hash(new_nt_hash, old_nt_hash, hash3.hash);
907 E_old_pw_hash(old_nt_hash, new_nt_hash, hash4.hash);
908 E_old_pw_hash(old_lm_hash, new_nt_hash, hash5.hash);
909 E_old_pw_hash(old_nt_hash, new_lm_hash, hash6.hash);
911 r.in.user_handle = &user_handle;
913 r.in.old_lm_crypted = &hash1;
914 r.in.new_lm_crypted = &hash2;
916 r.in.old_nt_crypted = &hash3;
917 r.in.new_nt_crypted = &hash4;
918 r.in.cross1_present = 1;
919 r.in.nt_cross = &hash5;
920 r.in.cross2_present = 1;
921 r.in.lm_cross = &hash6;
923 status = dcerpc_samr_ChangePasswordUser(p, mem_ctx, &r);
924 if (!NT_STATUS_IS_OK(status)) {
925 printf("ChangePasswordUser failed - %s\n", nt_errstr(status));
931 if (!test_Close(p, mem_ctx, &user_handle)) {
939 static BOOL test_OemChangePasswordUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
940 struct policy_handle *handle, char **password)
943 struct samr_OemChangePasswordUser2 r;
945 struct samr_Password lm_verifier;
946 struct samr_CryptPassword lm_pass;
947 struct samr_AsciiName server, account;
948 char *oldpass = *password;
950 uint8_t old_lm_hash[16], new_lm_hash[16];
952 struct samr_GetDomPwInfo dom_pw_info;
953 int policy_min_pw_len = 0;
955 struct samr_Name domain_name;
956 domain_name.name = "";
957 dom_pw_info.in.name = &domain_name;
959 printf("Testing OemChangePasswordUser2\n");
961 status = dcerpc_samr_GetDomPwInfo(p, mem_ctx, &dom_pw_info);
962 if (NT_STATUS_IS_OK(status)) {
963 policy_min_pw_len = dom_pw_info.out.info.min_password_len;
966 newpass = samr_rand_pass(mem_ctx, policy_min_pw_len);
968 server.name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
969 account.name = TEST_ACCOUNT_NAME;
971 E_deshash(oldpass, old_lm_hash);
972 E_deshash(newpass, new_lm_hash);
974 encode_pw_buffer(lm_pass.data, newpass, STR_ASCII);
975 arcfour_crypt(lm_pass.data, old_lm_hash, 516);
976 E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash);
978 r.in.server = &server;
979 r.in.account = &account;
980 r.in.password = &lm_pass;
981 r.in.hash = &lm_verifier;
983 status = dcerpc_samr_OemChangePasswordUser2(p, mem_ctx, &r);
984 if (!NT_STATUS_IS_OK(status)) {
985 printf("OemChangePasswordUser2 failed - %s\n", nt_errstr(status));
995 static BOOL test_ChangePasswordUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
996 struct policy_handle *handle, char **password)
999 struct samr_ChangePasswordUser2 r;
1001 struct samr_Name server, account;
1002 struct samr_CryptPassword nt_pass, lm_pass;
1003 struct samr_Password nt_verifier, lm_verifier;
1004 char *oldpass = *password;
1006 uint8_t old_nt_hash[16], new_nt_hash[16];
1007 uint8_t old_lm_hash[16], new_lm_hash[16];
1009 struct samr_GetDomPwInfo dom_pw_info;
1010 int policy_min_pw_len = 0;
1012 struct samr_Name domain_name;
1013 domain_name.name = "";
1014 dom_pw_info.in.name = &domain_name;
1016 printf("Testing ChangePasswordUser2\n");
1018 status = dcerpc_samr_GetDomPwInfo(p, mem_ctx, &dom_pw_info);
1019 if (NT_STATUS_IS_OK(status)) {
1020 policy_min_pw_len = dom_pw_info.out.info.min_password_len;
1023 newpass = samr_rand_pass(mem_ctx, policy_min_pw_len);
1025 server.name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
1026 init_samr_Name(&account, TEST_ACCOUNT_NAME);
1028 E_md4hash(oldpass, old_nt_hash);
1029 E_md4hash(newpass, new_nt_hash);
1031 E_deshash(oldpass, old_lm_hash);
1032 E_deshash(newpass, new_lm_hash);
1034 encode_pw_buffer(lm_pass.data, newpass, STR_ASCII|STR_TERMINATE);
1035 arcfour_crypt(lm_pass.data, old_lm_hash, 516);
1036 E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash);
1038 encode_pw_buffer(nt_pass.data, newpass, STR_UNICODE);
1039 arcfour_crypt(nt_pass.data, old_nt_hash, 516);
1040 E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
1042 r.in.server = &server;
1043 r.in.account = &account;
1044 r.in.nt_password = &nt_pass;
1045 r.in.nt_verifier = &nt_verifier;
1047 r.in.lm_password = &lm_pass;
1048 r.in.lm_verifier = &lm_verifier;
1050 status = dcerpc_samr_ChangePasswordUser2(p, mem_ctx, &r);
1051 if (!NT_STATUS_IS_OK(status)) {
1052 printf("ChangePasswordUser2 failed - %s\n", nt_errstr(status));
1055 *password = newpass;
1062 static BOOL test_ChangePasswordUser3(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1063 struct policy_handle *handle,
1064 int policy_min_pw_len,
1068 struct samr_ChangePasswordUser3 r;
1070 struct samr_Name server, account;
1071 struct samr_CryptPassword nt_pass, lm_pass;
1072 struct samr_Password nt_verifier, lm_verifier;
1073 char *oldpass = *password;
1074 char *newpass = samr_rand_pass(mem_ctx, policy_min_pw_len);
1075 uint8_t old_nt_hash[16], new_nt_hash[16];
1076 uint8_t old_lm_hash[16], new_lm_hash[16];
1078 printf("Testing ChangePasswordUser3\n");
1080 server.name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
1081 init_samr_Name(&account, TEST_ACCOUNT_NAME);
1083 E_md4hash(oldpass, old_nt_hash);
1084 E_md4hash(newpass, new_nt_hash);
1086 E_deshash(oldpass, old_lm_hash);
1087 E_deshash(newpass, new_lm_hash);
1089 encode_pw_buffer(lm_pass.data, newpass, STR_UNICODE);
1090 arcfour_crypt(lm_pass.data, old_nt_hash, 516);
1091 E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash);
1093 encode_pw_buffer(nt_pass.data, newpass, STR_UNICODE);
1094 arcfour_crypt(nt_pass.data, old_nt_hash, 516);
1095 E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
1097 r.in.server = &server;
1098 r.in.account = &account;
1099 r.in.nt_password = &nt_pass;
1100 r.in.nt_verifier = &nt_verifier;
1102 r.in.lm_password = &lm_pass;
1103 r.in.lm_verifier = &lm_verifier;
1104 r.in.password3 = NULL;
1106 status = dcerpc_samr_ChangePasswordUser3(p, mem_ctx, &r);
1107 if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)
1108 && !policy_min_pw_len) {
1109 if (r.out.dominfo) {
1110 policy_min_pw_len = r.out.dominfo->min_password_len;
1112 if (policy_min_pw_len) /* try again with the right min password length */ {
1113 ret = test_ChangePasswordUser3(p, mem_ctx, handle, policy_min_pw_len, password);
1115 printf("ChangePasswordUser3 failed - %s\n", nt_errstr(status));
1118 } else if (!NT_STATUS_IS_OK(status)) {
1119 printf("ChangePasswordUser3 failed - %s\n", nt_errstr(status));
1122 *password = newpass;
1129 static BOOL test_GetMembersInAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1130 struct policy_handle *alias_handle)
1132 struct samr_GetMembersInAlias r;
1133 struct lsa_SidArray sids;
1137 printf("Testing GetMembersInAlias\n");
1139 r.in.alias_handle = alias_handle;
1142 status = dcerpc_samr_GetMembersInAlias(p, mem_ctx, &r);
1143 if (!NT_STATUS_IS_OK(status)) {
1144 printf("GetMembersInAlias failed - %s\n",
1152 static BOOL test_AddMemberToAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1153 struct policy_handle *alias_handle,
1154 const struct dom_sid *domain_sid)
1156 struct samr_AddAliasMember r;
1157 struct samr_DeleteAliasMember d;
1160 struct dom_sid *sid;
1162 sid = dom_sid_add_rid(mem_ctx, domain_sid, 512);
1164 printf("testing AddAliasMember\n");
1165 r.in.alias_handle = alias_handle;
1168 status = dcerpc_samr_AddAliasMember(p, mem_ctx, &r);
1169 if (!NT_STATUS_IS_OK(status)) {
1170 printf("AddAliasMember failed - %s\n", nt_errstr(status));
1174 d.in.alias_handle = alias_handle;
1177 status = dcerpc_samr_DeleteAliasMember(p, mem_ctx, &d);
1178 if (!NT_STATUS_IS_OK(status)) {
1179 printf("DelAliasMember failed - %s\n", nt_errstr(status));
1186 static BOOL test_AddMultipleMembersToAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1187 struct policy_handle *alias_handle)
1189 struct samr_AddMultipleMembersToAlias a;
1190 struct samr_RemoveMultipleMembersFromAlias r;
1193 struct lsa_SidArray sids;
1195 printf("testing AddMultipleMembersToAlias\n");
1196 a.in.alias_handle = alias_handle;
1200 sids.sids = talloc_array_p(mem_ctx, struct lsa_SidPtr, 3);
1202 sids.sids[0].sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-1-2-3-1");
1203 sids.sids[1].sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-1-2-3-2");
1204 sids.sids[2].sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-1-2-3-3");
1206 status = dcerpc_samr_AddMultipleMembersToAlias(p, mem_ctx, &a);
1207 if (!NT_STATUS_IS_OK(status)) {
1208 printf("AddMultipleMembersToAlias failed - %s\n", nt_errstr(status));
1213 printf("testing RemoveMultipleMembersFromAlias\n");
1214 r.in.alias_handle = alias_handle;
1217 status = dcerpc_samr_RemoveMultipleMembersFromAlias(p, mem_ctx, &r);
1218 if (!NT_STATUS_IS_OK(status)) {
1219 printf("RemoveMultipleMembersFromAlias failed - %s\n", nt_errstr(status));
1223 /* strange! removing twice doesn't give any error */
1224 status = dcerpc_samr_RemoveMultipleMembersFromAlias(p, mem_ctx, &r);
1225 if (!NT_STATUS_IS_OK(status)) {
1226 printf("RemoveMultipleMembersFromAlias failed - %s\n", nt_errstr(status));
1230 /* but removing an alias that isn't there does */
1231 sids.sids[2].sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-1-2-3-4");
1233 status = dcerpc_samr_RemoveMultipleMembersFromAlias(p, mem_ctx, &r);
1234 if (!NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_NOT_FOUND, status)) {
1235 printf("RemoveMultipleMembersFromAlias failed - %s\n", nt_errstr(status));
1242 static BOOL test_TestPrivateFunctionsUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1243 struct policy_handle *user_handle)
1245 struct samr_TestPrivateFunctionsUser r;
1249 printf("Testing TestPrivateFunctionsUser\n");
1251 r.in.user_handle = user_handle;
1253 status = dcerpc_samr_TestPrivateFunctionsUser(p, mem_ctx, &r);
1254 if (!NT_STATUS_EQUAL(NT_STATUS_NOT_IMPLEMENTED, status)) {
1255 printf("TestPrivateFunctionsUser failed - %s\n", nt_errstr(status));
1263 static BOOL test_user_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1264 struct policy_handle *handle, uint32_t base_acct_flags)
1268 if (!test_QuerySecurity(p, mem_ctx, handle)) {
1272 if (!test_QueryUserInfo(p, mem_ctx, handle)) {
1276 if (!test_QueryUserInfo2(p, mem_ctx, handle)) {
1280 if (!test_SetUserInfo(p, mem_ctx, handle, base_acct_flags)) {
1284 if (!test_GetUserPwInfo(p, mem_ctx, handle)) {
1288 if (!test_TestPrivateFunctionsUser(p, mem_ctx, handle)) {
1295 static BOOL test_alias_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1296 struct policy_handle *alias_handle,
1297 const struct dom_sid *domain_sid)
1301 if (!test_QuerySecurity(p, mem_ctx, alias_handle)) {
1305 if (!test_QueryAliasInfo(p, mem_ctx, alias_handle)) {
1309 if (!test_SetAliasInfo(p, mem_ctx, alias_handle)) {
1313 if (!test_AddMemberToAlias(p, mem_ctx, alias_handle, domain_sid)) {
1317 if (!test_AddMultipleMembersToAlias(p, mem_ctx, alias_handle)) {
1325 BOOL test_DeleteUser_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1326 struct policy_handle *handle, const char *name)
1329 struct samr_DeleteUser d;
1330 struct policy_handle user_handle;
1333 status = test_LookupName(p, mem_ctx, handle, name, &rid);
1334 if (!NT_STATUS_IS_OK(status)) {
1338 status = test_OpenUser_byname(p, mem_ctx, handle, name, &user_handle);
1339 if (!NT_STATUS_IS_OK(status)) {
1343 d.in.user_handle = &user_handle;
1344 d.out.user_handle = &user_handle;
1345 status = dcerpc_samr_DeleteUser(p, mem_ctx, &d);
1346 if (!NT_STATUS_IS_OK(status)) {
1353 printf("DeleteUser_byname(%s) failed - %s\n", name, nt_errstr(status));
1358 static BOOL test_DeleteGroup_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1359 struct policy_handle *handle, const char *name)
1362 struct samr_OpenGroup r;
1363 struct samr_DeleteDomainGroup d;
1364 struct policy_handle group_handle;
1367 status = test_LookupName(p, mem_ctx, handle, name, &rid);
1368 if (!NT_STATUS_IS_OK(status)) {
1372 r.in.domain_handle = handle;
1373 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
1375 r.out.group_handle = &group_handle;
1376 status = dcerpc_samr_OpenGroup(p, mem_ctx, &r);
1377 if (!NT_STATUS_IS_OK(status)) {
1381 d.in.group_handle = &group_handle;
1382 d.out.group_handle = &group_handle;
1383 status = dcerpc_samr_DeleteDomainGroup(p, mem_ctx, &d);
1384 if (!NT_STATUS_IS_OK(status)) {
1391 printf("DeleteGroup_byname(%s) failed - %s\n", name, nt_errstr(status));
1396 static BOOL test_DeleteAlias_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1397 struct policy_handle *domain_handle, const char *name)
1400 struct samr_OpenAlias r;
1401 struct samr_DeleteDomAlias d;
1402 struct policy_handle alias_handle;
1405 printf("testing DeleteAlias_byname\n");
1407 status = test_LookupName(p, mem_ctx, domain_handle, name, &rid);
1408 if (!NT_STATUS_IS_OK(status)) {
1412 r.in.domain_handle = domain_handle;
1413 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
1415 r.out.alias_handle = &alias_handle;
1416 status = dcerpc_samr_OpenAlias(p, mem_ctx, &r);
1417 if (!NT_STATUS_IS_OK(status)) {
1421 d.in.alias_handle = &alias_handle;
1422 d.out.alias_handle = &alias_handle;
1423 status = dcerpc_samr_DeleteDomAlias(p, mem_ctx, &d);
1424 if (!NT_STATUS_IS_OK(status)) {
1431 printf("DeleteUser_byname(%s) failed - %s\n", name, nt_errstr(status));
1435 static BOOL test_DeleteAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1436 struct policy_handle *alias_handle)
1438 struct samr_DeleteDomAlias d;
1441 printf("Testing DeleteAlias\n");
1443 d.in.alias_handle = alias_handle;
1444 d.out.alias_handle = alias_handle;
1446 status = dcerpc_samr_DeleteDomAlias(p, mem_ctx, &d);
1447 if (!NT_STATUS_IS_OK(status)) {
1448 printf("DeleteAlias failed - %s\n", nt_errstr(status));
1455 static BOOL test_CreateAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1456 struct policy_handle *domain_handle,
1457 struct policy_handle *alias_handle,
1458 const struct dom_sid *domain_sid)
1461 struct samr_CreateDomAlias r;
1462 struct samr_Name name;
1466 init_samr_Name(&name, TEST_ALIASNAME);
1467 r.in.domain_handle = domain_handle;
1468 r.in.aliasname = &name;
1469 r.in.access_mask = SEC_RIGHT_MAXIMUM_ALLOWED;
1470 r.out.alias_handle = alias_handle;
1473 printf("Testing CreateAlias (%s)\n", r.in.aliasname->name);
1475 status = dcerpc_samr_CreateDomAlias(p, mem_ctx, &r);
1477 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
1478 printf("Server refused create of '%s'\n", r.in.aliasname->name);
1482 if (NT_STATUS_EQUAL(status, NT_STATUS_ALIAS_EXISTS)) {
1483 if (!test_DeleteAlias_byname(p, mem_ctx, domain_handle, r.in.aliasname->name)) {
1486 status = dcerpc_samr_CreateDomAlias(p, mem_ctx, &r);
1489 if (!NT_STATUS_IS_OK(status)) {
1490 printf("CreateAlias failed - %s\n", nt_errstr(status));
1494 if (!test_alias_ops(p, mem_ctx, alias_handle, domain_sid)) {
1501 static BOOL test_ChangePassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1502 struct policy_handle *domain_handle, char **password)
1510 if (!test_ChangePasswordUser(p, mem_ctx, domain_handle, password)) {
1514 if (!test_ChangePasswordUser2(p, mem_ctx, domain_handle, password)) {
1518 if (!test_OemChangePasswordUser2(p, mem_ctx, domain_handle, password)) {
1522 /* we change passwords twice - this has the effect of verifying
1523 they were changed correctly for the final call */
1524 if (!test_ChangePasswordUser3(p, mem_ctx, domain_handle, 0, password)) {
1528 if (!test_ChangePasswordUser3(p, mem_ctx, domain_handle, 0, password)) {
1535 static BOOL test_CreateUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1536 struct policy_handle *domain_handle, struct policy_handle *user_handle)
1539 struct samr_CreateUser r;
1540 struct samr_QueryUserInfo q;
1542 char *password = NULL;
1545 const uint32 password_fields[] = {
1546 SAMR_FIELD_PASSWORD,
1547 SAMR_FIELD_PASSWORD2,
1548 SAMR_FIELD_PASSWORD | SAMR_FIELD_PASSWORD2,
1552 /* This call creates a 'normal' account - check that it really does */
1553 const uint32_t acct_flags = ACB_NORMAL;
1554 struct samr_Name name;
1557 init_samr_Name(&name, TEST_ACCOUNT_NAME);
1559 r.in.domain_handle = domain_handle;
1560 r.in.account_name = &name;
1561 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
1562 r.out.user_handle = user_handle;
1565 printf("Testing CreateUser(%s)\n", r.in.account_name->name);
1567 status = dcerpc_samr_CreateUser(p, mem_ctx, &r);
1569 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
1570 printf("Server refused create of '%s'\n", r.in.account_name->name);
1571 ZERO_STRUCTP(user_handle);
1575 if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
1576 if (!test_DeleteUser_byname(p, mem_ctx, domain_handle, r.in.account_name->name)) {
1579 status = dcerpc_samr_CreateUser(p, mem_ctx, &r);
1581 if (!NT_STATUS_IS_OK(status)) {
1582 printf("CreateUser failed - %s\n", nt_errstr(status));
1586 q.in.user_handle = user_handle;
1589 status = dcerpc_samr_QueryUserInfo(p, mem_ctx, &q);
1590 if (!NT_STATUS_IS_OK(status)) {
1591 printf("QueryUserInfo level %u failed - %s\n",
1592 q.in.level, nt_errstr(status));
1595 if ((q.out.info->info16.acct_flags & acct_flags) != acct_flags) {
1596 printf("QuerUserInfo level 16 failed, it returned 0x%08x (%u) when we expected flags of 0x%08x (%u)\n",
1597 q.out.info->info16.acct_flags, q.out.info->info16.acct_flags,
1598 acct_flags, acct_flags);
1603 if (!test_user_ops(p, mem_ctx, user_handle, acct_flags)) {
1607 if (!test_SetUserPass(p, mem_ctx, user_handle, &password)) {
1611 for (i = 0; password_fields[i]; i++) {
1612 if (!test_SetUserPass_23(p, mem_ctx, user_handle, password_fields[i], &password)) {
1616 /* check it was set right */
1617 if (!test_ChangePasswordUser3(p, mem_ctx, domain_handle, 0, &password)) {
1622 for (i = 0; password_fields[i]; i++) {
1623 if (!test_SetUserPass_25(p, mem_ctx, user_handle, password_fields[i], &password)) {
1627 /* check it was set right */
1628 if (!test_ChangePasswordUser3(p, mem_ctx, domain_handle, 0, &password)) {
1633 if (!test_SetUserPassEx(p, mem_ctx, user_handle, &password)) {
1637 if (!test_ChangePassword(p, mem_ctx, domain_handle, &password)) {
1645 static BOOL test_DeleteUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1646 struct policy_handle *user_handle)
1648 struct samr_DeleteUser d;
1652 printf("Testing DeleteUser\n");
1654 d.in.user_handle = user_handle;
1655 d.out.user_handle = user_handle;
1657 status = dcerpc_samr_DeleteUser(p, mem_ctx, &d);
1658 if (!NT_STATUS_IS_OK(status)) {
1659 printf("DeleteUser failed - %s\n", nt_errstr(status));
1666 static BOOL test_CreateUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1667 struct policy_handle *handle)
1670 struct samr_CreateUser2 r;
1671 struct samr_QueryUserInfo q;
1672 struct samr_DeleteUser d;
1673 struct policy_handle user_handle;
1675 struct samr_Name name;
1680 uint32_t acct_flags;
1681 const char *account_name;
1683 } account_types[] = {
1684 { ACB_NORMAL, TEST_ACCOUNT_NAME, NT_STATUS_OK },
1685 { ACB_NORMAL | ACB_DISABLED, TEST_ACCOUNT_NAME, NT_STATUS_INVALID_PARAMETER },
1686 { ACB_NORMAL | ACB_PWNOEXP, TEST_ACCOUNT_NAME, NT_STATUS_INVALID_PARAMETER },
1687 { ACB_WSTRUST, TEST_MACHINENAME, NT_STATUS_OK },
1688 { ACB_WSTRUST | ACB_DISABLED, TEST_MACHINENAME, NT_STATUS_INVALID_PARAMETER },
1689 { ACB_WSTRUST | ACB_PWNOEXP, TEST_MACHINENAME, NT_STATUS_INVALID_PARAMETER },
1690 { ACB_SVRTRUST, TEST_MACHINENAME, NT_STATUS_OK },
1691 { ACB_SVRTRUST | ACB_DISABLED, TEST_MACHINENAME, NT_STATUS_INVALID_PARAMETER },
1692 { ACB_SVRTRUST | ACB_PWNOEXP, TEST_MACHINENAME, NT_STATUS_INVALID_PARAMETER },
1693 { ACB_DOMTRUST, TEST_DOMAINNAME, NT_STATUS_OK },
1694 { ACB_DOMTRUST | ACB_DISABLED, TEST_DOMAINNAME, NT_STATUS_INVALID_PARAMETER },
1695 { ACB_DOMTRUST | ACB_PWNOEXP, TEST_DOMAINNAME, NT_STATUS_INVALID_PARAMETER },
1696 { 0, TEST_ACCOUNT_NAME, NT_STATUS_INVALID_PARAMETER },
1697 { ACB_DISABLED, TEST_ACCOUNT_NAME, NT_STATUS_INVALID_PARAMETER },
1698 { 0, NULL, NT_STATUS_INVALID_PARAMETER }
1701 for (i = 0; account_types[i].account_name; i++) {
1702 uint32_t acct_flags = account_types[i].acct_flags;
1703 uint32_t access_granted;
1705 init_samr_Name(&name, account_types[i].account_name);
1707 r.in.domain_handle = handle;
1708 r.in.account_name = &name;
1709 r.in.acct_flags = acct_flags;
1710 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
1711 r.out.user_handle = &user_handle;
1712 r.out.access_granted = &access_granted;
1715 printf("Testing CreateUser2(%s, 0x%x)\n", r.in.account_name->name, acct_flags);
1717 status = dcerpc_samr_CreateUser2(p, mem_ctx, &r);
1719 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
1720 printf("Server refused create of '%s'\n", r.in.account_name->name);
1723 } else if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
1724 if (!test_DeleteUser_byname(p, mem_ctx, handle, r.in.account_name->name)) {
1727 status = dcerpc_samr_CreateUser2(p, mem_ctx, &r);
1730 if (!NT_STATUS_EQUAL(status, account_types[i].nt_status)) {
1731 printf("CreateUser2 failed gave incorrect error return - %s (should be %s)\n",
1732 nt_errstr(status), nt_errstr(account_types[i].nt_status));
1736 if (NT_STATUS_IS_OK(status)) {
1737 q.in.user_handle = &user_handle;
1740 status = dcerpc_samr_QueryUserInfo(p, mem_ctx, &q);
1741 if (!NT_STATUS_IS_OK(status)) {
1742 printf("QueryUserInfo level %u failed - %s\n",
1743 q.in.level, nt_errstr(status));
1746 if ((q.out.info->info16.acct_flags & acct_flags) != acct_flags) {
1747 printf("QuerUserInfo level 16 failed, it returned 0x%08x when we expected flags of 0x%08x\n",
1748 q.out.info->info16.acct_flags,
1754 if (!test_user_ops(p, mem_ctx, &user_handle, acct_flags)) {
1758 printf("Testing DeleteUser (createuser2 test)\n");
1760 d.in.user_handle = &user_handle;
1761 d.out.user_handle = &user_handle;
1763 status = dcerpc_samr_DeleteUser(p, mem_ctx, &d);
1764 if (!NT_STATUS_IS_OK(status)) {
1765 printf("DeleteUser failed - %s\n", nt_errstr(status));
1774 static BOOL test_QueryAliasInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1775 struct policy_handle *handle)
1778 struct samr_QueryAliasInfo r;
1779 uint16_t levels[] = {1, 2, 3};
1783 for (i=0;i<ARRAY_SIZE(levels);i++) {
1784 printf("Testing QueryAliasInfo level %u\n", levels[i]);
1786 r.in.alias_handle = handle;
1787 r.in.level = levels[i];
1789 status = dcerpc_samr_QueryAliasInfo(p, mem_ctx, &r);
1790 if (!NT_STATUS_IS_OK(status)) {
1791 printf("QueryAliasInfo level %u failed - %s\n",
1792 levels[i], nt_errstr(status));
1800 static BOOL test_QueryGroupInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1801 struct policy_handle *handle)
1804 struct samr_QueryGroupInfo r;
1805 uint16_t levels[] = {1, 2, 3, 4, 5};
1809 for (i=0;i<ARRAY_SIZE(levels);i++) {
1810 printf("Testing QueryGroupInfo level %u\n", levels[i]);
1812 r.in.group_handle = handle;
1813 r.in.level = levels[i];
1815 status = dcerpc_samr_QueryGroupInfo(p, mem_ctx, &r);
1816 if (!NT_STATUS_IS_OK(status)) {
1817 printf("QueryGroupInfo level %u failed - %s\n",
1818 levels[i], nt_errstr(status));
1826 static BOOL test_QueryGroupMember(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1827 struct policy_handle *handle)
1830 struct samr_QueryGroupMember r;
1833 printf("Testing QueryGroupMember\n");
1835 r.in.group_handle = handle;
1837 status = dcerpc_samr_QueryGroupMember(p, mem_ctx, &r);
1838 if (!NT_STATUS_IS_OK(status)) {
1839 printf("QueryGroupInfo failed - %s\n", nt_errstr(status));
1847 static BOOL test_SetGroupInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1848 struct policy_handle *handle)
1851 struct samr_QueryGroupInfo r;
1852 struct samr_SetGroupInfo s;
1853 uint16_t levels[] = {1, 2, 3, 4};
1854 uint16_t set_ok[] = {0, 1, 1, 1};
1858 for (i=0;i<ARRAY_SIZE(levels);i++) {
1859 printf("Testing QueryGroupInfo level %u\n", levels[i]);
1861 r.in.group_handle = handle;
1862 r.in.level = levels[i];
1864 status = dcerpc_samr_QueryGroupInfo(p, mem_ctx, &r);
1865 if (!NT_STATUS_IS_OK(status)) {
1866 printf("QueryGroupInfo level %u failed - %s\n",
1867 levels[i], nt_errstr(status));
1871 printf("Testing SetGroupInfo level %u\n", levels[i]);
1873 s.in.group_handle = handle;
1874 s.in.level = levels[i];
1875 s.in.info = r.out.info;
1878 /* disabled this, as it changes the name only from the point of view of samr,
1879 but leaves the name from the point of view of w2k3 internals (and ldap). This means
1880 the name is still reserved, so creating the old name fails, but deleting by the old name
1882 if (s.in.level == 2) {
1883 init_samr_Name(&s.in.info->name, "NewName");
1887 if (s.in.level == 4) {
1888 init_samr_Name(&s.in.info->description, "test description");
1891 status = dcerpc_samr_SetGroupInfo(p, mem_ctx, &s);
1893 if (!NT_STATUS_IS_OK(status)) {
1894 printf("SetGroupInfo level %u failed - %s\n",
1895 r.in.level, nt_errstr(status));
1900 if (!NT_STATUS_EQUAL(NT_STATUS_INVALID_INFO_CLASS, status)) {
1901 printf("SetGroupInfo level %u gave %s - should have been NT_STATUS_INVALID_INFO_CLASS\n",
1902 r.in.level, nt_errstr(status));
1912 static BOOL test_QueryUserInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1913 struct policy_handle *handle)
1916 struct samr_QueryUserInfo r;
1917 uint16_t levels[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
1918 11, 12, 13, 14, 16, 17, 20, 21};
1922 for (i=0;i<ARRAY_SIZE(levels);i++) {
1923 printf("Testing QueryUserInfo level %u\n", levels[i]);
1925 r.in.user_handle = handle;
1926 r.in.level = levels[i];
1928 status = dcerpc_samr_QueryUserInfo(p, mem_ctx, &r);
1929 if (!NT_STATUS_IS_OK(status)) {
1930 printf("QueryUserInfo level %u failed - %s\n",
1931 levels[i], nt_errstr(status));
1939 static BOOL test_QueryUserInfo2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1940 struct policy_handle *handle)
1943 struct samr_QueryUserInfo2 r;
1944 uint16_t levels[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
1945 11, 12, 13, 14, 16, 17, 20, 21};
1949 for (i=0;i<ARRAY_SIZE(levels);i++) {
1950 printf("Testing QueryUserInfo2 level %u\n", levels[i]);
1952 r.in.user_handle = handle;
1953 r.in.level = levels[i];
1955 status = dcerpc_samr_QueryUserInfo2(p, mem_ctx, &r);
1956 if (!NT_STATUS_IS_OK(status)) {
1957 printf("QueryUserInfo2 level %u failed - %s\n",
1958 levels[i], nt_errstr(status));
1966 static BOOL test_OpenUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1967 struct policy_handle *handle, uint32_t rid)
1970 struct samr_OpenUser r;
1971 struct policy_handle user_handle;
1974 printf("Testing OpenUser(%u)\n", rid);
1976 r.in.domain_handle = handle;
1977 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
1979 r.out.user_handle = &user_handle;
1981 status = dcerpc_samr_OpenUser(p, mem_ctx, &r);
1982 if (!NT_STATUS_IS_OK(status)) {
1983 printf("OpenUser(%u) failed - %s\n", rid, nt_errstr(status));
1987 if (!test_QuerySecurity(p, mem_ctx, &user_handle)) {
1991 if (!test_QueryUserInfo(p, mem_ctx, &user_handle)) {
1995 if (!test_QueryUserInfo2(p, mem_ctx, &user_handle)) {
1999 if (!test_GetUserPwInfo(p, mem_ctx, &user_handle)) {
2003 if (!test_GetGroupsForUser(p,mem_ctx, &user_handle)) {
2007 if (!test_Close(p, mem_ctx, &user_handle)) {
2014 static BOOL test_OpenGroup(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2015 struct policy_handle *handle, uint32_t rid)
2018 struct samr_OpenGroup r;
2019 struct policy_handle group_handle;
2022 printf("Testing OpenGroup(%u)\n", rid);
2024 r.in.domain_handle = handle;
2025 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
2027 r.out.group_handle = &group_handle;
2029 status = dcerpc_samr_OpenGroup(p, mem_ctx, &r);
2030 if (!NT_STATUS_IS_OK(status)) {
2031 printf("OpenGroup(%u) failed - %s\n", rid, nt_errstr(status));
2035 if (!test_QuerySecurity(p, mem_ctx, &group_handle)) {
2039 if (!test_QueryGroupInfo(p, mem_ctx, &group_handle)) {
2043 if (!test_QueryGroupMember(p, mem_ctx, &group_handle)) {
2047 if (!test_Close(p, mem_ctx, &group_handle)) {
2054 static BOOL test_OpenAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2055 struct policy_handle *handle, uint32_t rid)
2058 struct samr_OpenAlias r;
2059 struct policy_handle alias_handle;
2062 printf("Testing OpenAlias(%u)\n", rid);
2064 r.in.domain_handle = handle;
2065 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
2067 r.out.alias_handle = &alias_handle;
2069 status = dcerpc_samr_OpenAlias(p, mem_ctx, &r);
2070 if (!NT_STATUS_IS_OK(status)) {
2071 printf("OpenAlias(%u) failed - %s\n", rid, nt_errstr(status));
2075 if (!test_QuerySecurity(p, mem_ctx, &alias_handle)) {
2079 if (!test_QueryAliasInfo(p, mem_ctx, &alias_handle)) {
2083 if (!test_GetMembersInAlias(p, mem_ctx, &alias_handle)) {
2087 if (!test_Close(p, mem_ctx, &alias_handle)) {
2094 static BOOL test_EnumDomainUsers(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2095 struct policy_handle *handle)
2098 struct samr_EnumDomainUsers r;
2099 uint32_t resume_handle=0;
2102 struct samr_LookupNames n;
2103 struct samr_LookupRids lr ;
2105 printf("Testing EnumDomainUsers\n");
2107 r.in.domain_handle = handle;
2108 r.in.resume_handle = &resume_handle;
2109 r.in.acct_flags = 0;
2110 r.in.max_size = (uint32_t)-1;
2111 r.out.resume_handle = &resume_handle;
2113 status = dcerpc_samr_EnumDomainUsers(p, mem_ctx, &r);
2114 if (!NT_STATUS_IS_OK(status)) {
2115 printf("EnumDomainUsers failed - %s\n", nt_errstr(status));
2123 if (r.out.sam->count == 0) {
2127 for (i=0;i<r.out.sam->count;i++) {
2128 if (!test_OpenUser(p, mem_ctx, handle, r.out.sam->entries[i].idx)) {
2133 printf("Testing LookupNames\n");
2134 n.in.domain_handle = handle;
2135 n.in.num_names = r.out.sam->count;
2136 n.in.names = talloc(mem_ctx, r.out.sam->count * sizeof(struct samr_Name));
2137 for (i=0;i<r.out.sam->count;i++) {
2138 n.in.names[i] = r.out.sam->entries[i].name;
2140 status = dcerpc_samr_LookupNames(p, mem_ctx, &n);
2141 if (!NT_STATUS_IS_OK(status)) {
2142 printf("LookupNames failed - %s\n", nt_errstr(status));
2147 printf("Testing LookupRids\n");
2148 lr.in.domain_handle = handle;
2149 lr.in.num_rids = r.out.sam->count;
2150 lr.in.rids = talloc(mem_ctx, r.out.sam->count * sizeof(uint32_t));
2151 for (i=0;i<r.out.sam->count;i++) {
2152 lr.in.rids[i] = r.out.sam->entries[i].idx;
2154 status = dcerpc_samr_LookupRids(p, mem_ctx, &lr);
2155 if (!NT_STATUS_IS_OK(status)) {
2156 printf("LookupRids failed - %s\n", nt_errstr(status));
2164 try blasting the server with a bunch of sync requests
2166 static BOOL test_EnumDomainUsers_async(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2167 struct policy_handle *handle)
2170 struct samr_EnumDomainUsers r;
2171 uint32_t resume_handle=0;
2173 #define ASYNC_COUNT 100
2174 struct rpc_request *req[ASYNC_COUNT];
2176 if (lp_parm_int(-1, "torture", "dangerous") != 1) {
2177 printf("samr async test disabled - enable dangerous tests to use\n");
2181 printf("Testing EnumDomainUsers_async\n");
2183 r.in.domain_handle = handle;
2184 r.in.resume_handle = &resume_handle;
2185 r.in.acct_flags = 0;
2186 r.in.max_size = (uint32_t)-1;
2187 r.out.resume_handle = &resume_handle;
2189 for (i=0;i<ASYNC_COUNT;i++) {
2190 req[i] = dcerpc_samr_EnumDomainUsers_send(p, mem_ctx, &r);
2193 for (i=0;i<ASYNC_COUNT;i++) {
2194 status = dcerpc_ndr_request_recv(req[i]);
2195 if (!NT_STATUS_IS_OK(status)) {
2196 printf("EnumDomainUsers[%d] failed - %s\n",
2197 i, nt_errstr(status));
2202 printf("%d async requests OK\n", i);
2207 static BOOL test_EnumDomainGroups(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2208 struct policy_handle *handle)
2211 struct samr_EnumDomainGroups r;
2212 uint32_t resume_handle=0;
2216 printf("Testing EnumDomainGroups\n");
2218 r.in.domain_handle = handle;
2219 r.in.resume_handle = &resume_handle;
2220 r.in.max_size = (uint32_t)-1;
2221 r.out.resume_handle = &resume_handle;
2223 status = dcerpc_samr_EnumDomainGroups(p, mem_ctx, &r);
2224 if (!NT_STATUS_IS_OK(status)) {
2225 printf("EnumDomainGroups failed - %s\n", nt_errstr(status));
2233 for (i=0;i<r.out.sam->count;i++) {
2234 if (!test_OpenGroup(p, mem_ctx, handle, r.out.sam->entries[i].idx)) {
2242 static BOOL test_EnumDomainAliases(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2243 struct policy_handle *handle)
2246 struct samr_EnumDomainAliases r;
2247 uint32_t resume_handle=0;
2251 printf("Testing EnumDomainAliases\n");
2253 r.in.domain_handle = handle;
2254 r.in.resume_handle = &resume_handle;
2255 r.in.acct_flags = (uint32_t)-1;
2256 r.out.resume_handle = &resume_handle;
2258 status = dcerpc_samr_EnumDomainAliases(p, mem_ctx, &r);
2259 if (!NT_STATUS_IS_OK(status)) {
2260 printf("EnumDomainAliases failed - %s\n", nt_errstr(status));
2268 for (i=0;i<r.out.sam->count;i++) {
2269 if (!test_OpenAlias(p, mem_ctx, handle, r.out.sam->entries[i].idx)) {
2277 static BOOL test_GetDisplayEnumerationIndex(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2278 struct policy_handle *handle)
2281 struct samr_GetDisplayEnumerationIndex r;
2283 uint16_t levels[] = {1, 2, 3, 4, 5};
2284 uint16_t ok_lvl[] = {1, 1, 1, 0, 0};
2287 for (i=0;i<ARRAY_SIZE(levels);i++) {
2288 printf("Testing GetDisplayEnumerationIndex level %u\n", levels[i]);
2290 r.in.domain_handle = handle;
2291 r.in.level = levels[i];
2292 init_samr_Name(&r.in.name, TEST_ACCOUNT_NAME);
2294 status = dcerpc_samr_GetDisplayEnumerationIndex(p, mem_ctx, &r);
2297 !NT_STATUS_IS_OK(status) &&
2298 !NT_STATUS_EQUAL(NT_STATUS_NO_MORE_ENTRIES, status)) {
2299 printf("GetDisplayEnumerationIndex level %u failed - %s\n",
2300 levels[i], nt_errstr(status));
2304 init_samr_Name(&r.in.name, "zzzzzzzz");
2306 status = dcerpc_samr_GetDisplayEnumerationIndex(p, mem_ctx, &r);
2308 if (ok_lvl[i] && !NT_STATUS_EQUAL(NT_STATUS_NO_MORE_ENTRIES, status)) {
2309 printf("GetDisplayEnumerationIndex level %u failed - %s\n",
2310 levels[i], nt_errstr(status));
2318 static BOOL test_GetDisplayEnumerationIndex2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2319 struct policy_handle *handle)
2322 struct samr_GetDisplayEnumerationIndex2 r;
2324 uint16_t levels[] = {1, 2, 3, 4, 5};
2325 uint16_t ok_lvl[] = {1, 1, 1, 0, 0};
2328 for (i=0;i<ARRAY_SIZE(levels);i++) {
2329 printf("Testing GetDisplayEnumerationIndex2 level %u\n", levels[i]);
2331 r.in.domain_handle = handle;
2332 r.in.level = levels[i];
2333 init_samr_Name(&r.in.name, TEST_ACCOUNT_NAME);
2335 status = dcerpc_samr_GetDisplayEnumerationIndex2(p, mem_ctx, &r);
2337 !NT_STATUS_IS_OK(status) &&
2338 !NT_STATUS_EQUAL(NT_STATUS_NO_MORE_ENTRIES, status)) {
2339 printf("GetDisplayEnumerationIndex2 level %u failed - %s\n",
2340 levels[i], nt_errstr(status));
2344 init_samr_Name(&r.in.name, "zzzzzzzz");
2346 status = dcerpc_samr_GetDisplayEnumerationIndex2(p, mem_ctx, &r);
2347 if (ok_lvl[i] && !NT_STATUS_EQUAL(NT_STATUS_NO_MORE_ENTRIES, status)) {
2348 printf("GetDisplayEnumerationIndex2 level %u failed - %s\n",
2349 levels[i], nt_errstr(status));
2357 static BOOL test_QueryDisplayInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2358 struct policy_handle *handle)
2361 struct samr_QueryDisplayInfo r;
2363 uint16_t levels[] = {1, 2, 3, 4, 5};
2366 for (i=0;i<ARRAY_SIZE(levels);i++) {
2367 printf("Testing QueryDisplayInfo level %u\n", levels[i]);
2369 r.in.domain_handle = handle;
2370 r.in.level = levels[i];
2372 r.in.max_entries = 1000;
2373 r.in.buf_size = (uint32_t)-1;
2375 status = dcerpc_samr_QueryDisplayInfo(p, mem_ctx, &r);
2376 if (!NT_STATUS_IS_OK(status)) {
2377 printf("QueryDisplayInfo level %u failed - %s\n",
2378 levels[i], nt_errstr(status));
2386 static BOOL test_QueryDisplayInfo2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2387 struct policy_handle *handle)
2390 struct samr_QueryDisplayInfo2 r;
2392 uint16_t levels[] = {1, 2, 3, 4, 5};
2395 for (i=0;i<ARRAY_SIZE(levels);i++) {
2396 printf("Testing QueryDisplayInfo2 level %u\n", levels[i]);
2398 r.in.domain_handle = handle;
2399 r.in.level = levels[i];
2401 r.in.max_entries = 1000;
2402 r.in.buf_size = (uint32_t)-1;
2404 status = dcerpc_samr_QueryDisplayInfo2(p, mem_ctx, &r);
2405 if (!NT_STATUS_IS_OK(status)) {
2406 printf("QueryDisplayInfo2 level %u failed - %s\n",
2407 levels[i], nt_errstr(status));
2415 static BOOL test_QueryDisplayInfo3(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2416 struct policy_handle *handle)
2419 struct samr_QueryDisplayInfo3 r;
2421 uint16_t levels[] = {1, 2, 3, 4, 5};
2424 for (i=0;i<ARRAY_SIZE(levels);i++) {
2425 printf("Testing QueryDisplayInfo3 level %u\n", levels[i]);
2427 r.in.domain_handle = handle;
2428 r.in.level = levels[i];
2430 r.in.max_entries = 1000;
2431 r.in.buf_size = (uint32_t)-1;
2433 status = dcerpc_samr_QueryDisplayInfo3(p, mem_ctx, &r);
2434 if (!NT_STATUS_IS_OK(status)) {
2435 printf("QueryDisplayInfo3 level %u failed - %s\n",
2436 levels[i], nt_errstr(status));
2444 static BOOL test_QueryDomainInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2445 struct policy_handle *handle)
2448 struct samr_QueryDomainInfo r;
2449 struct samr_SetDomainInfo s;
2450 uint16_t levels[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 11, 12, 13};
2451 uint16_t set_ok[] = {1, 0, 1, 1, 0, 1, 1, 0, 1, 0, 1, 0};
2455 for (i=0;i<ARRAY_SIZE(levels);i++) {
2456 printf("Testing QueryDomainInfo level %u\n", levels[i]);
2458 r.in.domain_handle = handle;
2459 r.in.level = levels[i];
2461 status = dcerpc_samr_QueryDomainInfo(p, mem_ctx, &r);
2462 if (!NT_STATUS_IS_OK(status)) {
2463 printf("QueryDomainInfo level %u failed - %s\n",
2464 r.in.level, nt_errstr(status));
2469 printf("Testing SetDomainInfo level %u\n", levels[i]);
2471 s.in.domain_handle = handle;
2472 s.in.level = levels[i];
2473 s.in.info = r.out.info;
2475 status = dcerpc_samr_SetDomainInfo(p, mem_ctx, &s);
2477 if (!NT_STATUS_IS_OK(status)) {
2478 printf("SetDomainInfo level %u failed - %s\n",
2479 r.in.level, nt_errstr(status));
2484 if (!NT_STATUS_EQUAL(NT_STATUS_INVALID_INFO_CLASS, status)) {
2485 printf("SetDomainInfo level %u gave %s - should have been NT_STATUS_INVALID_INFO_CLASS\n",
2486 r.in.level, nt_errstr(status));
2492 status = dcerpc_samr_QueryDomainInfo(p, mem_ctx, &r);
2493 if (!NT_STATUS_IS_OK(status)) {
2494 printf("QueryDomainInfo level %u failed - %s\n",
2495 r.in.level, nt_errstr(status));
2505 static BOOL test_QueryDomainInfo2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2506 struct policy_handle *handle)
2509 struct samr_QueryDomainInfo2 r;
2510 uint16_t levels[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 11, 12, 13};
2514 for (i=0;i<ARRAY_SIZE(levels);i++) {
2515 printf("Testing QueryDomainInfo2 level %u\n", levels[i]);
2517 r.in.domain_handle = handle;
2518 r.in.level = levels[i];
2520 status = dcerpc_samr_QueryDomainInfo2(p, mem_ctx, &r);
2521 if (!NT_STATUS_IS_OK(status)) {
2522 printf("QueryDomainInfo2 level %u failed - %s\n",
2523 r.in.level, nt_errstr(status));
2532 /* Test whether querydispinfo level 5 and enumdomgroups return the same
2533 set of group names. */
2534 static BOOL test_GroupList(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2535 struct policy_handle *handle)
2537 struct samr_EnumDomainGroups q1;
2538 struct samr_QueryDisplayInfo q2;
2540 uint32_t resume_handle=0;
2545 const char **names = NULL;
2547 printf("Testing coherency of querydispinfo vs enumdomgroups\n");
2549 q1.in.domain_handle = handle;
2550 q1.in.resume_handle = &resume_handle;
2552 q1.out.resume_handle = &resume_handle;
2554 status = STATUS_MORE_ENTRIES;
2555 while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
2556 status = dcerpc_samr_EnumDomainGroups(p, mem_ctx, &q1);
2558 if (!NT_STATUS_IS_OK(status) &&
2559 !NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES))
2562 for (i=0; i<q1.out.sam->count; i++) {
2563 add_string_to_array(mem_ctx,
2564 q1.out.sam->entries[i].name.name,
2565 &names, &num_names);
2569 if (!NT_STATUS_IS_OK(status)) {
2570 printf("EnumDomainGroups failed - %s\n", nt_errstr(status));
2578 q2.in.domain_handle = handle;
2580 q2.in.start_idx = 0;
2581 q2.in.max_entries = 5;
2582 q2.in.buf_size = (uint32_t)-1;
2584 status = STATUS_MORE_ENTRIES;
2585 while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
2586 status = dcerpc_samr_QueryDisplayInfo(p, mem_ctx, &q2);
2588 if (!NT_STATUS_IS_OK(status) &&
2589 !NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES))
2592 for (i=0; i<q2.out.info.info5.count; i++) {
2594 const char *name = q2.out.info.info5.entries[i].account_name.name;
2596 for (j=0; j<num_names; j++) {
2597 if (names[j] == NULL)
2599 /* Hmm. No strequal in samba4 */
2600 if (strequal(names[j], name)) {
2608 printf("QueryDisplayInfo gave name [%s] that EnumDomainGroups did not\n",
2613 q2.in.start_idx += q2.out.info.info5.count;
2616 if (!NT_STATUS_IS_OK(status)) {
2617 printf("QueryDisplayInfo level 5 failed - %s\n",
2622 for (i=0; i<num_names; i++) {
2623 if (names[i] != NULL) {
2624 printf("EnumDomainGroups gave name [%s] that QueryDisplayInfo did not\n",
2633 static BOOL test_DeleteDomainGroup(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2634 struct policy_handle *group_handle)
2636 struct samr_DeleteDomainGroup d;
2640 printf("Testing DeleteDomainGroup\n");
2642 d.in.group_handle = group_handle;
2643 d.out.group_handle = group_handle;
2645 status = dcerpc_samr_DeleteDomainGroup(p, mem_ctx, &d);
2646 if (!NT_STATUS_IS_OK(status)) {
2647 printf("DeleteDomainGroup failed - %s\n", nt_errstr(status));
2654 static BOOL test_TestPrivateFunctionsDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2655 struct policy_handle *domain_handle)
2657 struct samr_TestPrivateFunctionsDomain r;
2661 printf("Testing TestPrivateFunctionsDomain\n");
2663 r.in.domain_handle = domain_handle;
2665 status = dcerpc_samr_TestPrivateFunctionsDomain(p, mem_ctx, &r);
2666 if (!NT_STATUS_EQUAL(NT_STATUS_NOT_IMPLEMENTED, status)) {
2667 printf("TestPrivateFunctionsDomain failed - %s\n", nt_errstr(status));
2674 static BOOL test_RidToSid(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2675 struct policy_handle *domain_handle)
2677 struct samr_RidToSid r;
2681 printf("Testing RidToSid\n");
2683 r.in.domain_handle = domain_handle;
2686 status = dcerpc_samr_RidToSid(p, mem_ctx, &r);
2687 if (!NT_STATUS_IS_OK(status)) {
2688 printf("RidToSid failed - %s\n", nt_errstr(status));
2695 static BOOL test_GetBootKeyInformation(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2696 struct policy_handle *domain_handle)
2698 struct samr_GetBootKeyInformation r;
2702 printf("Testing GetBootKeyInformation\n");
2704 r.in.domain_handle = domain_handle;
2706 status = dcerpc_samr_GetBootKeyInformation(p, mem_ctx, &r);
2707 if (!NT_STATUS_IS_OK(status)) {
2708 /* w2k3 seems to fail this sometimes and pass it sometimes */
2709 printf("GetBootKeyInformation (ignored) - %s\n", nt_errstr(status));
2715 static BOOL test_AddGroupMember(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2716 struct policy_handle *domain_handle,
2717 struct policy_handle *group_handle)
2720 struct samr_AddGroupMember r;
2721 struct samr_DeleteGroupMember d;
2722 struct samr_QueryGroupMember q;
2723 struct samr_SetMemberAttributesOfGroup s;
2727 status = test_LookupName(p, mem_ctx, domain_handle, TEST_ACCOUNT_NAME, &rid);
2728 if (!NT_STATUS_IS_OK(status)) {
2732 r.in.group_handle = group_handle;
2734 r.in.flags = 0; /* ??? */
2736 printf("Testing AddGroupMember and DeleteGroupMember\n");
2738 d.in.group_handle = group_handle;
2741 status = dcerpc_samr_DeleteGroupMember(p, mem_ctx, &d);
2742 if (!NT_STATUS_EQUAL(NT_STATUS_MEMBER_NOT_IN_GROUP, status)) {
2743 printf("DeleteGroupMember gave %s - should be NT_STATUS_MEMBER_NOT_IN_GROUP\n",
2748 status = dcerpc_samr_AddGroupMember(p, mem_ctx, &r);
2749 if (!NT_STATUS_IS_OK(status)) {
2750 printf("AddGroupMember failed - %s\n", nt_errstr(status));
2754 status = dcerpc_samr_AddGroupMember(p, mem_ctx, &r);
2755 if (!NT_STATUS_EQUAL(NT_STATUS_MEMBER_IN_GROUP, status)) {
2756 printf("AddGroupMember gave %s - should be NT_STATUS_MEMBER_IN_GROUP\n",
2761 /* this one is quite strange. I am using random inputs in the
2762 hope of triggering an error that might give us a clue */
2763 s.in.group_handle = group_handle;
2764 s.in.unknown1 = random();
2765 s.in.unknown2 = random();
2767 status = dcerpc_samr_SetMemberAttributesOfGroup(p, mem_ctx, &s);
2768 if (!NT_STATUS_IS_OK(status)) {
2769 printf("SetMemberAttributesOfGroup failed - %s\n", nt_errstr(status));
2773 q.in.group_handle = group_handle;
2775 status = dcerpc_samr_QueryGroupMember(p, mem_ctx, &q);
2776 if (!NT_STATUS_IS_OK(status)) {
2777 printf("QueryGroupMember failed - %s\n", nt_errstr(status));
2781 status = dcerpc_samr_DeleteGroupMember(p, mem_ctx, &d);
2782 if (!NT_STATUS_IS_OK(status)) {
2783 printf("DeleteGroupMember failed - %s\n", nt_errstr(status));
2787 status = dcerpc_samr_AddGroupMember(p, mem_ctx, &r);
2788 if (!NT_STATUS_IS_OK(status)) {
2789 printf("AddGroupMember failed - %s\n", nt_errstr(status));
2797 static BOOL test_CreateDomainGroup(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2798 struct policy_handle *domain_handle, struct policy_handle *group_handle)
2801 struct samr_CreateDomainGroup r;
2803 struct samr_Name name;
2806 init_samr_Name(&name, TEST_GROUPNAME);
2808 r.in.domain_handle = domain_handle;
2810 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
2811 r.out.group_handle = group_handle;
2814 printf("Testing CreateDomainGroup(%s)\n", r.in.name->name);
2816 status = dcerpc_samr_CreateDomainGroup(p, mem_ctx, &r);
2818 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
2819 printf("Server refused create of '%s'\n", r.in.name->name);
2820 ZERO_STRUCTP(group_handle);
2824 if (NT_STATUS_EQUAL(status, NT_STATUS_GROUP_EXISTS) ||
2825 NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
2826 if (!test_DeleteGroup_byname(p, mem_ctx, domain_handle, r.in.name->name)) {
2829 status = dcerpc_samr_CreateDomainGroup(p, mem_ctx, &r);
2831 if (!NT_STATUS_IS_OK(status)) {
2832 printf("CreateDomainGroup failed - %s\n", nt_errstr(status));
2836 if (!test_AddGroupMember(p, mem_ctx, domain_handle, group_handle)) {
2840 if (!test_SetGroupInfo(p, mem_ctx, group_handle)) {
2849 its not totally clear what this does. It seems to accept any sid you like.
2851 static BOOL test_RemoveMemberFromForeignDomain(struct dcerpc_pipe *p,
2852 TALLOC_CTX *mem_ctx,
2853 struct policy_handle *domain_handle)
2856 struct samr_RemoveMemberFromForeignDomain r;
2858 r.in.domain_handle = domain_handle;
2859 r.in.sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-12-34-56-78-9");
2861 status = dcerpc_samr_RemoveMemberFromForeignDomain(p, mem_ctx, &r);
2862 if (!NT_STATUS_IS_OK(status)) {
2863 printf("RemoveMemberFromForeignDomain failed - %s\n", nt_errstr(status));
2872 static BOOL test_Connect(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2873 struct policy_handle *handle);
2875 static BOOL test_OpenDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2876 struct policy_handle *handle, struct dom_sid *sid)
2879 struct samr_OpenDomain r;
2880 struct policy_handle domain_handle;
2881 struct policy_handle user_handle;
2882 struct policy_handle alias_handle;
2883 struct policy_handle group_handle;
2886 ZERO_STRUCT(user_handle);
2887 ZERO_STRUCT(alias_handle);
2888 ZERO_STRUCT(group_handle);
2889 ZERO_STRUCT(domain_handle);
2891 printf("Testing OpenDomain\n");
2893 r.in.connect_handle = handle;
2894 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
2896 r.out.domain_handle = &domain_handle;
2898 status = dcerpc_samr_OpenDomain(p, mem_ctx, &r);
2899 if (!NT_STATUS_IS_OK(status)) {
2900 printf("OpenDomain failed - %s\n", nt_errstr(status));
2904 /* run the domain tests with the main handle closed - this tests
2905 the servers reference counting */
2906 ret &= test_Close(p, mem_ctx, handle);
2908 ret &= test_QuerySecurity(p, mem_ctx, &domain_handle);
2909 ret &= test_RemoveMemberFromForeignDomain(p, mem_ctx, &domain_handle);
2910 ret &= test_CreateUser2(p, mem_ctx, &domain_handle);
2911 ret &= test_CreateUser(p, mem_ctx, &domain_handle, &user_handle);
2912 ret &= test_CreateAlias(p, mem_ctx, &domain_handle, &alias_handle, sid);
2913 ret &= test_CreateDomainGroup(p, mem_ctx, &domain_handle, &group_handle);
2914 ret &= test_QueryDomainInfo(p, mem_ctx, &domain_handle);
2915 ret &= test_QueryDomainInfo2(p, mem_ctx, &domain_handle);
2916 ret &= test_EnumDomainUsers(p, mem_ctx, &domain_handle);
2917 ret &= test_EnumDomainUsers_async(p, mem_ctx, &domain_handle);
2918 ret &= test_EnumDomainGroups(p, mem_ctx, &domain_handle);
2919 ret &= test_EnumDomainAliases(p, mem_ctx, &domain_handle);
2920 ret &= test_QueryDisplayInfo(p, mem_ctx, &domain_handle);
2921 ret &= test_QueryDisplayInfo2(p, mem_ctx, &domain_handle);
2922 ret &= test_QueryDisplayInfo3(p, mem_ctx, &domain_handle);
2923 ret &= test_GetDisplayEnumerationIndex(p, mem_ctx, &domain_handle);
2924 ret &= test_GetDisplayEnumerationIndex2(p, mem_ctx, &domain_handle);
2925 ret &= test_GroupList(p, mem_ctx, &domain_handle);
2926 ret &= test_TestPrivateFunctionsDomain(p, mem_ctx, &domain_handle);
2927 ret &= test_RidToSid(p, mem_ctx, &domain_handle);
2928 ret &= test_GetBootKeyInformation(p, mem_ctx, &domain_handle);
2930 if (!policy_handle_empty(&user_handle) &&
2931 !test_DeleteUser(p, mem_ctx, &user_handle)) {
2935 if (!policy_handle_empty(&alias_handle) &&
2936 !test_DeleteAlias(p, mem_ctx, &alias_handle)) {
2940 if (!policy_handle_empty(&group_handle) &&
2941 !test_DeleteDomainGroup(p, mem_ctx, &group_handle)) {
2945 ret &= test_Close(p, mem_ctx, &domain_handle);
2947 /* reconnect the main handle */
2948 ret &= test_Connect(p, mem_ctx, handle);
2953 static BOOL test_LookupDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2954 struct policy_handle *handle, struct samr_Name *domain)
2957 struct samr_LookupDomain r;
2958 struct samr_Name n2;
2961 printf("Testing LookupDomain(%s)\n", domain->name);
2963 /* check for correct error codes */
2964 r.in.connect_handle = handle;
2968 status = dcerpc_samr_LookupDomain(p, mem_ctx, &r);
2969 if (!NT_STATUS_EQUAL(NT_STATUS_INVALID_PARAMETER, status)) {
2970 printf("failed: LookupDomain expected NT_STATUS_INVALID_PARAMETER - %s\n", nt_errstr(status));
2974 n2.name = "xxNODOMAINxx";
2976 status = dcerpc_samr_LookupDomain(p, mem_ctx, &r);
2977 if (!NT_STATUS_EQUAL(NT_STATUS_NO_SUCH_DOMAIN, status)) {
2978 printf("failed: LookupDomain expected NT_STATUS_NO_SUCH_DOMAIN - %s\n", nt_errstr(status));
2982 r.in.connect_handle = handle;
2983 r.in.domain = domain;
2985 status = dcerpc_samr_LookupDomain(p, mem_ctx, &r);
2986 if (!NT_STATUS_IS_OK(status)) {
2987 printf("LookupDomain failed - %s\n", nt_errstr(status));
2991 if (!test_GetDomPwInfo(p, mem_ctx, domain)) {
2995 if (!test_OpenDomain(p, mem_ctx, handle, r.out.sid)) {
3003 static BOOL test_EnumDomains(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
3004 struct policy_handle *handle)
3007 struct samr_EnumDomains r;
3008 uint32_t resume_handle = 0;
3012 r.in.connect_handle = handle;
3013 r.in.resume_handle = &resume_handle;
3014 r.in.buf_size = (uint32_t)-1;
3015 r.out.resume_handle = &resume_handle;
3017 status = dcerpc_samr_EnumDomains(p, mem_ctx, &r);
3018 if (!NT_STATUS_IS_OK(status)) {
3019 printf("EnumDomains failed - %s\n", nt_errstr(status));
3027 for (i=0;i<r.out.sam->count;i++) {
3028 if (!test_LookupDomain(p, mem_ctx, handle,
3029 &r.out.sam->entries[i].name)) {
3034 status = dcerpc_samr_EnumDomains(p, mem_ctx, &r);
3035 if (!NT_STATUS_IS_OK(status)) {
3036 printf("EnumDomains failed - %s\n", nt_errstr(status));
3044 static BOOL test_Connect(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
3045 struct policy_handle *handle)
3048 struct samr_Connect r;
3049 struct samr_Connect2 r2;
3050 struct samr_Connect3 r3;
3051 struct samr_Connect4 r4;
3052 struct samr_Connect5 r5;
3053 union samr_ConnectInfo info;
3054 struct policy_handle h;
3055 BOOL ret = True, got_handle = False;
3057 printf("testing samr_Connect\n");
3059 r.in.system_name = 0;
3060 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
3061 r.out.connect_handle = &h;
3063 status = dcerpc_samr_Connect(p, mem_ctx, &r);
3064 if (!NT_STATUS_IS_OK(status)) {
3065 printf("Connect failed - %s\n", nt_errstr(status));
3072 printf("testing samr_Connect2\n");
3074 r2.in.system_name = NULL;
3075 r2.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
3076 r2.out.connect_handle = &h;
3078 status = dcerpc_samr_Connect2(p, mem_ctx, &r2);
3079 if (!NT_STATUS_IS_OK(status)) {
3080 printf("Connect2 failed - %s\n", nt_errstr(status));
3084 test_Close(p, mem_ctx, handle);
3090 printf("testing samr_Connect3\n");
3092 r3.in.system_name = NULL;
3094 r3.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
3095 r3.out.connect_handle = &h;
3097 status = dcerpc_samr_Connect3(p, mem_ctx, &r3);
3098 if (!NT_STATUS_IS_OK(status)) {
3099 printf("Connect3 failed - %s\n", nt_errstr(status));
3103 test_Close(p, mem_ctx, handle);
3109 printf("testing samr_Connect4\n");
3111 r4.in.system_name = "";
3113 r4.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
3114 r4.out.connect_handle = &h;
3116 status = dcerpc_samr_Connect4(p, mem_ctx, &r4);
3117 if (!NT_STATUS_IS_OK(status)) {
3118 printf("Connect4 failed - %s\n", nt_errstr(status));
3122 test_Close(p, mem_ctx, handle);
3128 printf("testing samr_Connect5\n");
3130 info.info1.unknown1 = 0;
3131 info.info1.unknown2 = 0;
3133 r5.in.system_name = "";
3134 r5.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
3137 r5.out.info = &info;
3138 r5.out.connect_handle = &h;
3140 status = dcerpc_samr_Connect5(p, mem_ctx, &r5);
3141 if (!NT_STATUS_IS_OK(status)) {
3142 printf("Connect5 failed - %s\n", nt_errstr(status));
3146 test_Close(p, mem_ctx, handle);
3156 BOOL torture_rpc_samr(void)
3159 struct dcerpc_pipe *p;
3160 TALLOC_CTX *mem_ctx;
3162 struct policy_handle handle;
3164 mem_ctx = talloc_init("torture_rpc_samr");
3166 status = torture_rpc_connection(&p,
3169 DCERPC_SAMR_VERSION);
3170 if (!NT_STATUS_IS_OK(status)) {
3174 if (!test_Connect(p, mem_ctx, &handle)) {
3178 if (!test_QuerySecurity(p, mem_ctx, &handle)) {
3182 if (!test_EnumDomains(p, mem_ctx, &handle)) {
3186 if (!test_SetDsrmPassword(p, mem_ctx, &handle)) {
3190 if (!test_Shutdown(p, mem_ctx, &handle)) {
3194 if (!test_Close(p, mem_ctx, &handle)) {
3198 talloc_destroy(mem_ctx);
3200 torture_rpc_close(p);