source4/torture/rpc/testjoin.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3
   4    utility code to join/leave a domain
   5
   6    Copyright (C) Andrew Tridgell 2004
   7
   8    This program is free software; you can redistribute it and/or modify
   9    it under the terms of the GNU General Public License as published by
  10    the Free Software Foundation; either version 2 of the License, or
  11    (at your option) any later version.
  12
  13    This program is distributed in the hope that it will be useful,
  14    but WITHOUT ANY WARRANTY; without even the implied warranty of
  15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16    GNU General Public License for more details.
  17
  18    You should have received a copy of the GNU General Public License
  19    along with this program; if not, write to the Free Software
  20    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  21 */
  22
  23 /*
  24   this code is used by other torture modules to join/leave a domain
  25   as either a member, bdc or thru a trust relationship
  26 */
  27
  28 #include "includes.h"
  29
  30 struct test_join {
  31         TALLOC_CTX *mem_ctx;
  32         struct dcerpc_pipe *p;
  33         const char *machine_password;
  34         struct policy_handle acct_handle;
  35 };
  36
  37
  38 static NTSTATUS DeleteUser_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
  39                                   struct policy_handle *handle, const char *name)
  40 {
  41         NTSTATUS status;
  42         struct samr_DeleteUser d;
  43         struct policy_handle acct_handle;
  44         uint32_t rid;
  45         struct samr_LookupNames n;
  46         struct samr_Name sname;
  47         struct samr_OpenUser r;
  48
  49         sname.name = name;
  50
  51         n.in.handle = handle;
  52         n.in.num_names = 1;
  53         n.in.names = &sname;
  54
  55         status = dcerpc_samr_LookupNames(p, mem_ctx, &n);
  56         if (NT_STATUS_IS_OK(status)) {
  57                 rid = n.out.rids.ids[0];
  58         } else {
  59                 return status;
  60         }
  61
  62         r.in.handle = handle;
  63         r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
  64         r.in.rid = rid;
  65         r.out.acct_handle = &acct_handle;
  66
  67         status = dcerpc_samr_OpenUser(p, mem_ctx, &r);
  68         if (!NT_STATUS_IS_OK(status)) {
  69                 printf("OpenUser(%s) failed - %s\n", name, nt_errstr(status));
  70                 return status;
  71         }
  72
  73         d.in.handle = &acct_handle;
  74         d.out.handle = &acct_handle;
  75         status = dcerpc_samr_DeleteUser(p, mem_ctx, &d);
  76         if (!NT_STATUS_IS_OK(status)) {
  77                 return status;
  78         }
  79
  80         return NT_STATUS_OK;
  81 }
  82
  83 /*
  84   join the domain as a test machine
  85   an opaque pointer is returned. Pass it to torture_leave_domain()
  86   when finished
  87 */
  88 void *torture_join_domain(const char *machine_name,
  89                           const char *domain,
  90                           uint16 acct_flags,
  91                           const char **machine_password)
  92 {
  93         NTSTATUS status;
  94         struct samr_Connect c;
  95         struct samr_CreateUser2 r;
  96         struct samr_OpenDomain o;
  97         struct samr_LookupDomain l;
  98         struct samr_GetUserPwInfo pwp;
  99         struct samr_SetUserInfo s;
 100         union samr_UserInfo u;
 101         struct policy_handle handle;
 102         struct policy_handle domain_handle;
 103         uint32_t access_granted;
 104         uint32_t rid;
 105         DATA_BLOB session_key;
 106         struct samr_Name name;
 107         int policy_min_pw_len = 0;
 108         struct test_join *join;
 109         TALLOC_CTX *mem_ctx;
 110
 111         mem_ctx = talloc_init("torture_join_domain");
 112         if (!mem_ctx) {
 113                 return NULL;
 114         }
 115
 116         join = talloc_p(mem_ctx, struct test_join);
 117         if (join == NULL) {
 118                 talloc_destroy(mem_ctx);
 119                 return NULL;
 120         }
 121
 122         ZERO_STRUCTP(join);
 123
 124         join->mem_ctx = mem_ctx;
 125
 126         printf("Connecting to SAMR\n");
 127
 128         status = torture_rpc_connection(&join->p,
 129                                         DCERPC_SAMR_NAME,
 130                                         DCERPC_SAMR_UUID,
 131                                         DCERPC_SAMR_VERSION);
 132         if (!NT_STATUS_IS_OK(status)) {
 133                 goto failed;
 134         }
 135
 136         c.in.system_name = NULL;
 137         c.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
 138         c.out.handle = &handle;
 139
 140         status = dcerpc_samr_Connect(join->p, mem_ctx, &c);
 141         if (!NT_STATUS_IS_OK(status)) {
 142                 const char *errstr = nt_errstr(status);
 143                 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
 144                         errstr = dcerpc_errstr(join->p->last_fault_code);
 145                 }
 146                 printf("samr_Connect failed - %s\n", errstr);
 147                 goto failed;
 148         }
 149
 150         printf("Opening domain %s\n", domain);
 151
 152         name.name = domain;
 153         l.in.handle = &handle;
 154         l.in.domain = &name;
 155
 156         status = dcerpc_samr_LookupDomain(join->p, mem_ctx, &l);
 157         if (!NT_STATUS_IS_OK(status)) {
 158                 printf("LookupDomain failed - %s\n", nt_errstr(status));
 159                 goto failed;
 160         }
 161
 162         o.in.handle = &handle;
 163         o.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
 164         o.in.sid = l.out.sid;
 165         o.out.domain_handle = &domain_handle;
 166
 167         status = dcerpc_samr_OpenDomain(join->p, mem_ctx, &o);
 168         if (!NT_STATUS_IS_OK(status)) {
 169                 printf("OpenDomain failed - %s\n", nt_errstr(status));
 170                 goto failed;
 171         }
 172
 173         printf("Creating machine account %s\n", machine_name);
 174
 175 again:
 176         name.name = talloc_asprintf(mem_ctx, "%s$", machine_name);
 177         r.in.handle = &domain_handle;
 178         r.in.account_name = &name;
 179         r.in.acct_flags = acct_flags;
 180         r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
 181         r.out.acct_handle = &join->acct_handle;
 182         r.out.access_granted = &access_granted;
 183         r.out.rid = &rid;
 184
 185         status = dcerpc_samr_CreateUser2(join->p, mem_ctx, &r);
 186
 187         if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
 188                 status = DeleteUser_byname(join->p, mem_ctx, &domain_handle, name.name);
 189                 if (NT_STATUS_IS_OK(status)) {
 190                         goto again;
 191                 }
 192         }
 193
 194         if (!NT_STATUS_IS_OK(status)) {
 195                 printf("CreateUser2 failed - %s\n", nt_errstr(status));
 196                 goto failed;
 197         }
 198
 199         pwp.in.handle = &join->acct_handle;
 200
 201         status = dcerpc_samr_GetUserPwInfo(join->p, mem_ctx, &pwp);
 202         if (NT_STATUS_IS_OK(status)) {
 203                 policy_min_pw_len = pwp.out.info.min_password_len;
 204         }
 205
 206         join->machine_password = generate_random_str(mem_ctx, MAX(8, policy_min_pw_len));
 207
 208         printf("Setting machine account password '%s'\n", join->machine_password);
 209
 210         s.in.handle = &join->acct_handle;
 211         s.in.info = &u;
 212         s.in.level = 24;
 213
 214         encode_pw_buffer(u.info24.password.data, join->machine_password, STR_UNICODE);
 215         u.info24.pw_len = strlen(join->machine_password);
 216
 217         status = dcerpc_fetch_session_key(join->p, &session_key);
 218         if (!NT_STATUS_IS_OK(status)) {
 219                 printf("SetUserInfo level %u - no session key - %s\n",
 220                        s.in.level, nt_errstr(status));
 221                 torture_leave_domain(&join);
 222                 goto failed;
 223         }
 224
 225         arcfour_crypt_blob(u.info24.password.data, 516, &session_key);
 226
 227         status = dcerpc_samr_SetUserInfo(join->p, mem_ctx, &s);
 228         if (!NT_STATUS_IS_OK(status)) {
 229                 printf("SetUserInfo failed - %s\n", nt_errstr(status));
 230                 goto failed;
 231         }
 232
 233         s.in.handle = &join->acct_handle;
 234         s.in.info = &u;
 235         s.in.level = 16;
 236
 237         u.info16.acct_flags = acct_flags;
 238
 239         printf("Resetting ACB flags\n");
 240
 241         status = dcerpc_samr_SetUserInfo(join->p, mem_ctx, &s);
 242         if (!NT_STATUS_IS_OK(status)) {
 243                 printf("SetUserInfo failed - %s\n", nt_errstr(status));
 244                 goto failed;
 245         }
 246
 247         *machine_password = join->machine_password;
 248
 249         return join;
 250
 251 failed:
 252         torture_leave_domain(join);
 253         return NULL;
 254 }
 255
 256
 257 /*
 258   leave the domain, deleting the machine acct
 259 */
 260 void torture_leave_domain(void *join_ctx)
 261 {
 262         struct test_join *join = join_ctx;
 263         struct samr_DeleteUser d;
 264         NTSTATUS status;
 265
 266         if (!uuid_all_zero(&join->acct_handle.uuid)) {
 267                 d.in.handle = &join->acct_handle;
 268                 d.out.handle = &join->acct_handle;
 269
 270                 status = dcerpc_samr_DeleteUser(join->p, join->mem_ctx, &d);
 271                 if (!NT_STATUS_IS_OK(status)) {
 272                         printf("Delete of machine account failed\n");
 273                 }
 274         }
 275
 276         if (join->p) {
 277                 torture_rpc_close(join->p);
 278         }
 279
 280         talloc_destroy(join->mem_ctx);
 281 }