source4/torture/rap/sam.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    test suite for RAP sam operations
   4
   5    Copyright (C) Guenther Deschner 2010
   6
   7    This program is free software; you can redistribute it and/or modify
   8    it under the terms of the GNU General Public License as published by
   9    the Free Software Foundation; either version 3 of the License, or
  10    (at your option) any later version.
  11
  12    This program is distributed in the hope that it will be useful,
  13    but WITHOUT ANY WARRANTY; without even the implied warranty of
  14    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15    GNU General Public License for more details.
  16
  17    You should have received a copy of the GNU General Public License
  18    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  19 */
  20
  21 #include "includes.h"
  22 #include "libcli/libcli.h"
  23 #include "torture/torture.h"
  24 #include "torture/util.h"
  25 #include "torture/smbtorture.h"
  26 #include "torture/util.h"
  27 #include "../librpc/gen_ndr/rap.h"
  28 #include "torture/rap/proto.h"
  29 #include "param/param.h"
  30 #include "../lib/crypto/crypto.h"
  31 #include "../libcli/auth/libcli_auth.h"
  32 #include "torture/rpc/torture_rpc.h"
  33
  34 #define TEST_RAP_USER "torture_rap_user"
  35
  36 static char *samr_rand_pass(TALLOC_CTX *mem_ctx, int min_len)
  37 {
  38         size_t len = MAX(8, min_len);
  39         char *s = generate_random_password(mem_ctx, len, len+6);
  40         printf("Generated password '%s'\n", s);
  41         return s;
  42 }
  43
  44 static bool test_userpasswordset2_args(struct torture_context *tctx,
  45                                        struct smbcli_state *cli,
  46                                        const char *username,
  47                                        const char **password)
  48 {
  49         struct rap_NetUserPasswordSet2 r;
  50         char *newpass = samr_rand_pass(tctx, 8);
  51
  52         ZERO_STRUCT(r);
  53
  54         r.in.UserName = username;
  55
  56         memcpy(r.in.OldPassword, *password, MIN(strlen(*password), 16));
  57         memcpy(r.in.NewPassword, newpass, MIN(strlen(newpass), 16));
  58         r.in.EncryptedPassword = 0;
  59         r.in.RealPasswordLength = strlen(newpass);
  60
  61         torture_comment(tctx, "Testing rap_NetUserPasswordSet2(%s)\n", r.in.UserName);
  62
  63         torture_assert_ntstatus_ok(tctx,
  64                 smbcli_rap_netuserpasswordset2(cli->tree, lpcfg_iconv_convenience(tctx->lp_ctx), tctx, &r),
  65                 "smbcli_rap_netuserpasswordset2 failed");
  66         if (!W_ERROR_IS_OK(W_ERROR(r.out.status))) {
  67                 torture_warning(tctx, "RAP NetUserPasswordSet2 gave: %s\n",
  68                         win_errstr(W_ERROR(r.out.status)));
  69         } else {
  70                 *password = newpass;
  71         }
  72
  73         return true;
  74 }
  75
  76 static bool test_userpasswordset2_crypt_args(struct torture_context *tctx,
  77                                              struct smbcli_state *cli,
  78                                              const char *username,
  79                                              const char **password)
  80 {
  81         struct rap_NetUserPasswordSet2 r;
  82         char *newpass = samr_rand_pass(tctx, 8);
  83
  84         r.in.UserName = username;
  85
  86         E_deshash(*password, r.in.OldPassword);
  87         E_deshash(newpass, r.in.NewPassword);
  88
  89         r.in.RealPasswordLength = strlen(newpass);
  90         r.in.EncryptedPassword = 1;
  91
  92         torture_comment(tctx, "Testing rap_NetUserPasswordSet2(%s)\n", r.in.UserName);
  93
  94         torture_assert_ntstatus_ok(tctx,
  95                 smbcli_rap_netuserpasswordset2(cli->tree, lpcfg_iconv_convenience(tctx->lp_ctx), tctx, &r),
  96                 "smbcli_rap_netuserpasswordset2 failed");
  97         if (!W_ERROR_IS_OK(W_ERROR(r.out.status))) {
  98                 torture_warning(tctx, "RAP NetUserPasswordSet2 gave: %s\n",
  99                         win_errstr(W_ERROR(r.out.status)));
 100         } else {
 101                 *password = newpass;
 102         }
 103
 104         return true;
 105 }
 106
 107 static bool test_userpasswordset2(struct torture_context *tctx,
 108                                   struct smbcli_state *cli)
 109 {
 110         struct test_join *join_ctx;
 111         const char *password;
 112         bool ret = true;
 113
 114         join_ctx = torture_create_testuser_max_pwlen(tctx, TEST_RAP_USER,
 115                                                      torture_setting_string(tctx, "workgroup", NULL),
 116                                                      ACB_NORMAL,
 117                                                      &password, 14);
 118         if (join_ctx == NULL) {
 119                 torture_fail(tctx, "failed to create user\n");
 120         }
 121
 122         ret &= test_userpasswordset2_args(tctx, cli, TEST_RAP_USER, &password);
 123         ret &= test_userpasswordset2_crypt_args(tctx, cli, TEST_RAP_USER, &password);
 124
 125         torture_leave_domain(tctx, join_ctx);
 126
 127         return ret;
 128 }
 129
 130 static bool test_oemchangepassword_args(struct torture_context *tctx,
 131                                         struct smbcli_state *cli,
 132                                         const char *username,
 133                                         const char **password)
 134 {
 135         struct rap_NetOEMChangePassword r;
 136
 137         const char *oldpass = *password;
 138         char *newpass = samr_rand_pass(tctx, 9);
 139         uint8_t old_pw_hash[16];
 140         uint8_t new_pw_hash[16];
 141
 142         r.in.UserName = username;
 143
 144         E_deshash(oldpass, old_pw_hash);
 145         E_deshash(newpass, new_pw_hash);
 146
 147         encode_pw_buffer(r.in.crypt_password, newpass, STR_ASCII);
 148         arcfour_crypt(r.in.crypt_password, old_pw_hash, 516);
 149         E_old_pw_hash(new_pw_hash, old_pw_hash, r.in.password_hash);
 150
 151         torture_comment(tctx, "Testing rap_NetOEMChangePassword(%s)\n", r.in.UserName);
 152
 153         torture_assert_ntstatus_ok(tctx,
 154                 smbcli_rap_netoemchangepassword(cli->tree, lpcfg_iconv_convenience(tctx->lp_ctx), tctx, &r),
 155                 "smbcli_rap_netoemchangepassword failed");
 156         if (!W_ERROR_IS_OK(W_ERROR(r.out.status))) {
 157                 torture_warning(tctx, "RAP NetOEMChangePassword gave: %s\n",
 158                         win_errstr(W_ERROR(r.out.status)));
 159         } else {
 160                 *password = newpass;
 161         }
 162
 163         return true;
 164 }
 165
 166 static bool test_oemchangepassword(struct torture_context *tctx,
 167                                    struct smbcli_state *cli)
 168 {
 169
 170         struct test_join *join_ctx;
 171         const char *password;
 172         bool ret;
 173
 174         join_ctx = torture_create_testuser_max_pwlen(tctx, TEST_RAP_USER,
 175                                                      torture_setting_string(tctx, "workgroup", NULL),
 176                                                      ACB_NORMAL,
 177                                                      &password, 14);
 178         if (join_ctx == NULL) {
 179                 torture_fail(tctx, "failed to create user\n");
 180         }
 181
 182         ret = test_oemchangepassword_args(tctx, cli, TEST_RAP_USER, &password);
 183
 184         torture_leave_domain(tctx, join_ctx);
 185
 186         return ret;
 187 }
 188
 189 static bool test_usergetinfo_byname(struct torture_context *tctx,
 190                                     struct smbcli_state *cli,
 191                                     const char *UserName)
 192 {
 193         struct rap_NetUserGetInfo r;
 194         int i;
 195         uint16_t levels[] = { 0, 1, 2, 10, 11 };
 196
 197         for (i=0; i < ARRAY_SIZE(levels); i++) {
 198
 199                 r.in.UserName = UserName;
 200                 r.in.level = levels[i];
 201                 r.in.bufsize = 8192;
 202
 203                 torture_comment(tctx,
 204                         "Testing rap_NetUserGetInfo(%s) level %d\n", r.in.UserName, r.in.level);
 205
 206                 torture_assert_ntstatus_ok(tctx,
 207                         smbcli_rap_netusergetinfo(cli->tree, tctx, &r),
 208                         "smbcli_rap_netusergetinfo failed");
 209                 torture_assert_werr_ok(tctx, W_ERROR(r.out.status),
 210                         "smbcli_rap_netusergetinfo failed");
 211         }
 212
 213         return true;
 214 }
 215
 216 static bool test_usergetinfo(struct torture_context *tctx,
 217                              struct smbcli_state *cli)
 218 {
 219
 220         struct test_join *join_ctx;
 221         const char *password;
 222         bool ret;
 223
 224         join_ctx = torture_create_testuser_max_pwlen(tctx, TEST_RAP_USER,
 225                                                      torture_setting_string(tctx, "workgroup", NULL),
 226                                                      ACB_NORMAL,
 227                                                      &password, 14);
 228         if (join_ctx == NULL) {
 229                 torture_fail(tctx, "failed to create user\n");
 230         }
 231
 232         ret = test_usergetinfo_byname(tctx, cli, TEST_RAP_USER);
 233
 234         torture_leave_domain(tctx, join_ctx);
 235
 236         return ret;
 237 }
 238
 239 struct torture_suite *torture_rap_sam(TALLOC_CTX *mem_ctx)
 240 {
 241         struct torture_suite *suite = torture_suite_create(mem_ctx, "SAM");
 242
 243         torture_suite_add_1smb_test(suite, "userpasswordset2", test_userpasswordset2);
 244         torture_suite_add_1smb_test(suite, "oemchangepassword", test_oemchangepassword);
 245         torture_suite_add_1smb_test(suite, "usergetinfo", test_usergetinfo);
 246
 247         return suite;
 248 }