184125b493bdc7dc78b76e1c6790312ce52bc8de
[gd/samba-autobuild/.git] / source4 / torture / rpc / samba3rpc.c
1 /* 
2    Unix SMB/CIFS implementation.
3
4    dcerpc torture tests, designed to walk Samba3 code paths
5
6    Copyright (C) Volker Lendecke 2006
7
8    This program is free software; you can redistribute it and/or modify
9    it under the terms of the GNU General Public License as published by
10    the Free Software Foundation; either version 3 of the License, or
11    (at your option) any later version.
12    
13    This program is distributed in the hope that it will be useful,
14    but WITHOUT ANY WARRANTY; without even the implied warranty of
15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16    GNU General Public License for more details.
17    
18    You should have received a copy of the GNU General Public License
19    along with this program.  If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #include "includes.h"
23 #include "libcli/raw/libcliraw.h"
24 #include "libcli/rap/rap.h"
25 #include "torture/torture.h"
26 #include "torture/util.h"
27 #include "torture/rap/proto.h"
28 #include "librpc/gen_ndr/ndr_lsa.h"
29 #include "librpc/gen_ndr/ndr_lsa_c.h"
30 #include "librpc/gen_ndr/ndr_samr.h"
31 #include "librpc/gen_ndr/ndr_samr_c.h"
32 #include "librpc/gen_ndr/ndr_netlogon.h"
33 #include "librpc/gen_ndr/ndr_netlogon_c.h"
34 #include "librpc/gen_ndr/ndr_srvsvc.h"
35 #include "librpc/gen_ndr/ndr_srvsvc_c.h"
36 #include "librpc/gen_ndr/ndr_spoolss.h"
37 #include "librpc/gen_ndr/ndr_spoolss_c.h"
38 #include "librpc/gen_ndr/ndr_winreg.h"
39 #include "librpc/gen_ndr/ndr_winreg_c.h"
40 #include "librpc/gen_ndr/ndr_wkssvc.h"
41 #include "librpc/gen_ndr/ndr_wkssvc_c.h"
42 #include "lib/cmdline/popt_common.h"
43 #include "librpc/rpc/dcerpc.h"
44 #include "torture/rpc/rpc.h"
45 #include "libcli/libcli.h"
46 #include "libcli/composite/composite.h"
47 #include "libcli/smb_composite/smb_composite.h"
48 #include "libcli/auth/libcli_auth.h"
49 #include "lib/crypto/crypto.h"
50 #include "libcli/security/proto.h"
51 #include "param/param.h"
52 #include "lib/registry/registry.h"
53
54 static struct cli_credentials *create_anon_creds(TALLOC_CTX *mem_ctx)
55 {
56         struct cli_credentials *result;
57
58         if (!(result = cli_credentials_init(mem_ctx))) {
59                 return NULL;
60         }
61
62         cli_credentials_set_conf(result, global_loadparm);
63         cli_credentials_set_anonymous(result);
64
65         return result;
66 }
67
68 /*
69  * This tests a RPC call using an invalid vuid
70  */
71
72 bool torture_bind_authcontext(struct torture_context *torture) 
73 {
74         TALLOC_CTX *mem_ctx;
75         NTSTATUS status;
76         bool ret = false;
77         struct lsa_ObjectAttribute objectattr;
78         struct lsa_OpenPolicy2 openpolicy;
79         struct policy_handle handle;
80         struct lsa_Close close_handle;
81         struct smbcli_session *tmp;
82         struct smbcli_session *session2;
83         struct smbcli_state *cli;
84         struct dcerpc_pipe *lsa_pipe;
85         struct cli_credentials *anon_creds;
86         struct smb_composite_sesssetup setup;
87
88         mem_ctx = talloc_init("torture_bind_authcontext");
89
90         if (mem_ctx == NULL) {
91                 d_printf("talloc_init failed\n");
92                 return false;
93         }
94
95         status = smbcli_full_connection(mem_ctx, &cli,
96                                         torture_setting_string(torture, "host", NULL),
97                                         "IPC$", NULL, cmdline_credentials,
98                                         NULL);
99         if (!NT_STATUS_IS_OK(status)) {
100                 d_printf("smbcli_full_connection failed: %s\n",
101                          nt_errstr(status));
102                 goto done;
103         }
104
105         lsa_pipe = dcerpc_pipe_init(mem_ctx, cli->transport->socket->event.ctx);
106         if (lsa_pipe == NULL) {
107                 d_printf("dcerpc_pipe_init failed\n");
108                 goto done;
109         }
110
111         status = dcerpc_pipe_open_smb(lsa_pipe, cli->tree, "\\lsarpc");
112         if (!NT_STATUS_IS_OK(status)) {
113                 d_printf("dcerpc_pipe_open_smb failed: %s\n",
114                          nt_errstr(status));
115                 goto done;
116         }
117
118         status = dcerpc_bind_auth_none(lsa_pipe, &ndr_table_lsarpc);
119         if (!NT_STATUS_IS_OK(status)) {
120                 d_printf("dcerpc_bind_auth_none failed: %s\n",
121                          nt_errstr(status));
122                 goto done;
123         }
124
125         openpolicy.in.system_name =talloc_asprintf(
126                 mem_ctx, "\\\\%s", dcerpc_server_name(lsa_pipe));
127         ZERO_STRUCT(objectattr);
128         openpolicy.in.attr = &objectattr;
129         openpolicy.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
130         openpolicy.out.handle = &handle;
131
132         status = dcerpc_lsa_OpenPolicy2(lsa_pipe, mem_ctx, &openpolicy);
133
134         if (!NT_STATUS_IS_OK(status)) {
135                 d_printf("dcerpc_lsa_OpenPolicy2 failed: %s\n",
136                          nt_errstr(status));
137                 goto done;
138         }
139
140         close_handle.in.handle = &handle;
141         close_handle.out.handle = &handle;
142
143         status = dcerpc_lsa_Close(lsa_pipe, mem_ctx, &close_handle);
144         if (!NT_STATUS_IS_OK(status)) {
145                 d_printf("dcerpc_lsa_Close failed: %s\n",
146                          nt_errstr(status));
147                 goto done;
148         }
149
150         session2 = smbcli_session_init(cli->transport, mem_ctx, false);
151         if (session2 == NULL) {
152                 d_printf("smbcli_session_init failed\n");
153                 goto done;
154         }
155
156         if (!(anon_creds = create_anon_creds(mem_ctx))) {
157                 d_printf("create_anon_creds failed\n");
158                 goto done;
159         }
160
161         setup.in.sesskey = cli->transport->negotiate.sesskey;
162         setup.in.capabilities = cli->transport->negotiate.capabilities;
163         setup.in.workgroup = "";
164         setup.in.credentials = anon_creds;
165
166         status = smb_composite_sesssetup(session2, &setup);
167         if (!NT_STATUS_IS_OK(status)) {
168                 d_printf("anon session setup failed: %s\n",
169                          nt_errstr(status));
170                 goto done;
171         }
172         session2->vuid = setup.out.vuid;
173
174         tmp = cli->tree->session;
175         cli->tree->session = session2;
176
177         status = dcerpc_lsa_OpenPolicy2(lsa_pipe, mem_ctx, &openpolicy);
178
179         cli->tree->session = tmp;
180         talloc_free(lsa_pipe);
181         lsa_pipe = NULL;
182
183         if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_HANDLE)) {
184                 d_printf("dcerpc_lsa_OpenPolicy2 with wrong vuid gave %s, "
185                          "expected NT_STATUS_INVALID_HANDLE\n",
186                          nt_errstr(status));
187                 goto done;
188         }
189
190         ret = true;
191  done:
192         talloc_free(mem_ctx);
193         return ret;
194 }
195
196 /*
197  * Bind to lsa using a specific auth method
198  */
199
200 static bool bindtest(struct smbcli_state *cli,
201                      struct cli_credentials *credentials,
202                      uint8_t auth_type, uint8_t auth_level)
203 {
204         TALLOC_CTX *mem_ctx;
205         bool ret = false;
206         NTSTATUS status;
207
208         struct dcerpc_pipe *lsa_pipe;
209         struct lsa_ObjectAttribute objectattr;
210         struct lsa_OpenPolicy2 openpolicy;
211         struct lsa_QueryInfoPolicy query;
212         struct policy_handle handle;
213         struct lsa_Close close_handle;
214
215         if ((mem_ctx = talloc_init("bindtest")) == NULL) {
216                 d_printf("talloc_init failed\n");
217                 return false;
218         }
219
220         lsa_pipe = dcerpc_pipe_init(mem_ctx,
221                                     cli->transport->socket->event.ctx);
222         if (lsa_pipe == NULL) {
223                 d_printf("dcerpc_pipe_init failed\n");
224                 goto done;
225         }
226
227         status = dcerpc_pipe_open_smb(lsa_pipe, cli->tree, "\\lsarpc");
228         if (!NT_STATUS_IS_OK(status)) {
229                 d_printf("dcerpc_pipe_open_smb failed: %s\n",
230                          nt_errstr(status));
231                 goto done;
232         }
233
234         status = dcerpc_bind_auth(lsa_pipe, &ndr_table_lsarpc,
235                                   credentials, auth_type, auth_level,
236                                   NULL);
237         if (!NT_STATUS_IS_OK(status)) {
238                 d_printf("dcerpc_bind_auth failed: %s\n", nt_errstr(status));
239                 goto done;
240         }
241
242         openpolicy.in.system_name =talloc_asprintf(
243                 mem_ctx, "\\\\%s", dcerpc_server_name(lsa_pipe));
244         ZERO_STRUCT(objectattr);
245         openpolicy.in.attr = &objectattr;
246         openpolicy.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
247         openpolicy.out.handle = &handle;
248
249         status = dcerpc_lsa_OpenPolicy2(lsa_pipe, mem_ctx, &openpolicy);
250
251         if (!NT_STATUS_IS_OK(status)) {
252                 d_printf("dcerpc_lsa_OpenPolicy2 failed: %s\n",
253                          nt_errstr(status));
254                 goto done;
255         }
256
257         query.in.handle = &handle;
258         query.in.level = LSA_POLICY_INFO_DOMAIN;
259
260         status = dcerpc_lsa_QueryInfoPolicy(lsa_pipe, mem_ctx, &query);
261         if (!NT_STATUS_IS_OK(status)) {
262                 d_printf("dcerpc_lsa_QueryInfoPolicy failed: %s\n",
263                          nt_errstr(status));
264                 goto done;
265         }
266
267         close_handle.in.handle = &handle;
268         close_handle.out.handle = &handle;
269
270         status = dcerpc_lsa_Close(lsa_pipe, mem_ctx, &close_handle);
271         if (!NT_STATUS_IS_OK(status)) {
272                 d_printf("dcerpc_lsa_Close failed: %s\n",
273                          nt_errstr(status));
274                 goto done;
275         }
276
277         ret = true;
278  done:
279         talloc_free(mem_ctx);
280         return ret;
281 }
282
283 /*
284  * test authenticated RPC binds with the variants Samba3 does support
285  */
286
287 bool torture_bind_samba3(struct torture_context *torture) 
288 {
289         TALLOC_CTX *mem_ctx;
290         NTSTATUS status;
291         bool ret = false;
292         struct smbcli_state *cli;
293
294         mem_ctx = talloc_init("torture_bind_authcontext");
295
296         if (mem_ctx == NULL) {
297                 d_printf("talloc_init failed\n");
298                 return false;
299         }
300
301         status = smbcli_full_connection(mem_ctx, &cli,
302                                         torture_setting_string(torture, "host", NULL),
303                                         "IPC$", NULL, cmdline_credentials,
304                                         NULL);
305         if (!NT_STATUS_IS_OK(status)) {
306                 d_printf("smbcli_full_connection failed: %s\n",
307                          nt_errstr(status));
308                 goto done;
309         }
310
311         ret = true;
312
313         ret &= bindtest(cli, cmdline_credentials, DCERPC_AUTH_TYPE_NTLMSSP,
314                         DCERPC_AUTH_LEVEL_INTEGRITY);
315         ret &= bindtest(cli, cmdline_credentials, DCERPC_AUTH_TYPE_NTLMSSP,
316                         DCERPC_AUTH_LEVEL_PRIVACY);
317         ret &= bindtest(cli, cmdline_credentials, DCERPC_AUTH_TYPE_SPNEGO,
318                         DCERPC_AUTH_LEVEL_INTEGRITY);
319         ret &= bindtest(cli, cmdline_credentials, DCERPC_AUTH_TYPE_SPNEGO,
320                         DCERPC_AUTH_LEVEL_PRIVACY);
321
322  done:
323         talloc_free(mem_ctx);
324         return ret;
325 }
326
327 /*
328  * Lookup or create a user and return all necessary info
329  */
330
331 static NTSTATUS get_usr_handle(struct smbcli_state *cli,
332                                TALLOC_CTX *mem_ctx,
333                                struct cli_credentials *admin_creds,
334                                uint8_t auth_type,
335                                uint8_t auth_level,
336                                const char *username,
337                                char **domain,
338                                struct dcerpc_pipe **result_pipe,
339                                struct policy_handle **result_handle,
340                                struct dom_sid **sid)
341 {
342         struct dcerpc_pipe *samr_pipe;
343         NTSTATUS status;
344         struct policy_handle conn_handle;
345         struct policy_handle domain_handle;
346         struct policy_handle *user_handle;
347         struct samr_Connect2 conn;
348         struct samr_EnumDomains enumdom;
349         uint32_t resume_handle = 0;
350         struct samr_LookupDomain l;
351         int dom_idx;
352         struct lsa_String domain_name;
353         struct lsa_String user_name;
354         struct samr_OpenDomain o;
355         struct samr_CreateUser2 c;
356         uint32_t user_rid,access_granted;
357
358         samr_pipe = dcerpc_pipe_init(mem_ctx,
359                                      cli->transport->socket->event.ctx);
360         if (samr_pipe == NULL) {
361                 d_printf("dcerpc_pipe_init failed\n");
362                 status = NT_STATUS_NO_MEMORY;
363                 goto fail;
364         }
365
366         status = dcerpc_pipe_open_smb(samr_pipe, cli->tree, "\\samr");
367         if (!NT_STATUS_IS_OK(status)) {
368                 d_printf("dcerpc_pipe_open_smb failed: %s\n",
369                          nt_errstr(status));
370                 goto fail;
371         }
372
373         if (admin_creds != NULL) {
374                 status = dcerpc_bind_auth(samr_pipe, &ndr_table_samr,
375                                           admin_creds, auth_type, auth_level,
376                                           NULL);
377                 if (!NT_STATUS_IS_OK(status)) {
378                         d_printf("dcerpc_bind_auth failed: %s\n",
379                                  nt_errstr(status));
380                         goto fail;
381                 }
382         } else {
383                 /* We must have an authenticated SMB connection */
384                 status = dcerpc_bind_auth_none(samr_pipe, &ndr_table_samr);
385                 if (!NT_STATUS_IS_OK(status)) {
386                         d_printf("dcerpc_bind_auth_none failed: %s\n",
387                                  nt_errstr(status));
388                         goto fail;
389                 }
390         }
391
392         conn.in.system_name = talloc_asprintf(
393                 mem_ctx, "\\\\%s", dcerpc_server_name(samr_pipe));
394         conn.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
395         conn.out.connect_handle = &conn_handle;
396
397         status = dcerpc_samr_Connect2(samr_pipe, mem_ctx, &conn);
398         if (!NT_STATUS_IS_OK(status)) {
399                 d_printf("samr_Connect2 failed: %s\n", nt_errstr(status));
400                 goto fail;
401         }
402
403         enumdom.in.connect_handle = &conn_handle;
404         enumdom.in.resume_handle = &resume_handle;
405         enumdom.in.buf_size = (uint32_t)-1;
406         enumdom.out.resume_handle = &resume_handle;
407
408         status = dcerpc_samr_EnumDomains(samr_pipe, mem_ctx, &enumdom);
409         if (!NT_STATUS_IS_OK(status)) {
410                 d_printf("samr_EnumDomains failed: %s\n", nt_errstr(status));
411                 goto fail;
412         }
413
414         if (enumdom.out.num_entries != 2) {
415                 d_printf("samr_EnumDomains returned %d entries, expected 2\n",
416                          enumdom.out.num_entries);
417                 status = NT_STATUS_UNSUCCESSFUL;
418                 goto fail;
419         }
420
421         dom_idx = strequal(enumdom.out.sam->entries[0].name.string,
422                            "builtin") ? 1:0;
423
424         l.in.connect_handle = &conn_handle;
425         domain_name.string = enumdom.out.sam->entries[0].name.string;
426         *domain = talloc_strdup(mem_ctx, domain_name.string);
427         l.in.domain_name = &domain_name;
428
429         status = dcerpc_samr_LookupDomain(samr_pipe, mem_ctx, &l);
430         if (!NT_STATUS_IS_OK(status)) {
431                 d_printf("samr_LookupDomain failed: %s\n", nt_errstr(status));
432                 goto fail;
433         }
434
435         o.in.connect_handle = &conn_handle;
436         o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
437         o.in.sid = l.out.sid;
438         o.out.domain_handle = &domain_handle;
439
440         status = dcerpc_samr_OpenDomain(samr_pipe, mem_ctx, &o);
441         if (!NT_STATUS_IS_OK(status)) {
442                 d_printf("samr_OpenDomain failed: %s\n", nt_errstr(status));
443                 goto fail;
444         }
445
446         c.in.domain_handle = &domain_handle;
447         user_name.string = username;
448         c.in.account_name = &user_name;
449         c.in.acct_flags = ACB_NORMAL;
450         c.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
451         user_handle = talloc(mem_ctx, struct policy_handle);
452         c.out.user_handle = user_handle;
453         c.out.access_granted = &access_granted;
454         c.out.rid = &user_rid;
455
456         status = dcerpc_samr_CreateUser2(samr_pipe, mem_ctx, &c);
457
458         if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
459                 struct samr_LookupNames ln;
460                 struct samr_OpenUser ou;
461
462                 ln.in.domain_handle = &domain_handle;
463                 ln.in.num_names = 1;
464                 ln.in.names = &user_name;
465
466                 status = dcerpc_samr_LookupNames(samr_pipe, mem_ctx, &ln);
467                 if (!NT_STATUS_IS_OK(status)) {
468                         d_printf("samr_LookupNames failed: %s\n",
469                                  nt_errstr(status));
470                         goto fail;
471                 }
472
473                 ou.in.domain_handle = &domain_handle;
474                 ou.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
475                 user_rid = ou.in.rid = ln.out.rids.ids[0];
476                 ou.out.user_handle = user_handle;
477
478                 status = dcerpc_samr_OpenUser(samr_pipe, mem_ctx, &ou);
479                 if (!NT_STATUS_IS_OK(status)) {
480                         d_printf("samr_OpenUser failed: %s\n",
481                                  nt_errstr(status));
482                         goto fail;
483                 }
484         }
485
486         if (!NT_STATUS_IS_OK(status)) {
487                 d_printf("samr_CreateUser failed: %s\n", nt_errstr(status));
488                 goto fail;
489         }
490
491         *result_pipe = samr_pipe;
492         *result_handle = user_handle;
493         if (sid != NULL) {
494                 *sid = dom_sid_add_rid(mem_ctx, l.out.sid, user_rid);
495         }
496         return NT_STATUS_OK;
497
498  fail:
499         return status;
500 }
501
502 /*
503  * Create a test user
504  */
505
506 static bool create_user(TALLOC_CTX *mem_ctx, struct smbcli_state *cli,
507                         struct cli_credentials *admin_creds,
508                         const char *username, const char *password,
509                         char **domain_name,
510                         struct dom_sid **user_sid)
511 {
512         TALLOC_CTX *tmp_ctx;
513         NTSTATUS status;
514         struct dcerpc_pipe *samr_pipe;
515         struct policy_handle *wks_handle;
516         bool ret = false;
517
518         if (!(tmp_ctx = talloc_new(mem_ctx))) {
519                 d_printf("talloc_init failed\n");
520                 return false;
521         }
522
523         status = get_usr_handle(cli, tmp_ctx, admin_creds,
524                                 DCERPC_AUTH_TYPE_NTLMSSP,
525                                 DCERPC_AUTH_LEVEL_INTEGRITY,
526                                 username, domain_name, &samr_pipe, &wks_handle,
527                                 user_sid);
528         if (!NT_STATUS_IS_OK(status)) {
529                 d_printf("get_wks_handle failed: %s\n", nt_errstr(status));
530                 goto done;
531         }
532
533         {
534                 struct samr_SetUserInfo2 sui2;
535                 struct samr_SetUserInfo sui;
536                 struct samr_QueryUserInfo qui;
537                 union samr_UserInfo u_info;
538                 DATA_BLOB session_key;
539
540
541                 ZERO_STRUCT(u_info);
542                 encode_pw_buffer(u_info.info23.password.data, password,
543                                  STR_UNICODE);
544
545                 status = dcerpc_fetch_session_key(samr_pipe, &session_key);
546                 if (!NT_STATUS_IS_OK(status)) {
547                         d_printf("dcerpc_fetch_session_key failed\n");
548                         goto done;
549                 }
550                 arcfour_crypt_blob(u_info.info23.password.data, 516,
551                                    &session_key);
552                 u_info.info23.info.password_expired = 0;
553                 u_info.info23.info.fields_present = SAMR_FIELD_PASSWORD | 
554                                                     SAMR_FIELD_PASSWORD2 |
555                                                     SAMR_FIELD_EXPIRED_FLAG;
556                 sui2.in.user_handle = wks_handle;
557                 sui2.in.info = &u_info;
558                 sui2.in.level = 23;
559
560                 status = dcerpc_samr_SetUserInfo2(samr_pipe, tmp_ctx, &sui2);
561                 if (!NT_STATUS_IS_OK(status)) {
562                         d_printf("samr_SetUserInfo(23) failed: %s\n",
563                                  nt_errstr(status));
564                         goto done;
565                 }
566
567                 u_info.info16.acct_flags = ACB_NORMAL;
568                 sui.in.user_handle = wks_handle;
569                 sui.in.info = &u_info;
570                 sui.in.level = 16;
571
572                 status = dcerpc_samr_SetUserInfo(samr_pipe, tmp_ctx, &sui);
573                 if (!NT_STATUS_IS_OK(status)) {
574                         d_printf("samr_SetUserInfo(16) failed\n");
575                         goto done;
576                 }
577
578                 qui.in.user_handle = wks_handle;
579                 qui.in.level = 21;
580
581                 status = dcerpc_samr_QueryUserInfo(samr_pipe, tmp_ctx, &qui);
582                 if (!NT_STATUS_IS_OK(status)) {
583                         d_printf("samr_QueryUserInfo(21) failed\n");
584                         goto done;
585                 }
586
587                 qui.out.info->info21.allow_password_change = 0;
588                 qui.out.info->info21.force_password_change = 0;
589                 qui.out.info->info21.account_name.string = NULL;
590                 qui.out.info->info21.rid = 0;
591                 qui.out.info->info21.acct_expiry = 0;
592                 qui.out.info->info21.fields_present = 0x81827fa; /* copy usrmgr.exe */
593
594                 u_info.info21 = qui.out.info->info21;
595                 sui.in.user_handle = wks_handle;
596                 sui.in.info = &u_info;
597                 sui.in.level = 21;
598
599                 status = dcerpc_samr_SetUserInfo(samr_pipe, tmp_ctx, &sui);
600                 if (!NT_STATUS_IS_OK(status)) {
601                         d_printf("samr_SetUserInfo(21) failed\n");
602                         goto done;
603                 }
604         }
605
606         *domain_name= talloc_steal(mem_ctx, *domain_name);
607         *user_sid = talloc_steal(mem_ctx, *user_sid);
608         ret = true;
609  done:
610         talloc_free(tmp_ctx);
611         return ret;
612 }
613
614 /*
615  * Delete a test user
616  */
617
618 static bool delete_user(struct smbcli_state *cli,
619                         struct cli_credentials *admin_creds,
620                         const char *username)
621 {
622         TALLOC_CTX *mem_ctx;
623         NTSTATUS status;
624         char *dom_name;
625         struct dcerpc_pipe *samr_pipe;
626         struct policy_handle *user_handle;
627         bool ret = false;
628
629         if ((mem_ctx = talloc_init("leave")) == NULL) {
630                 d_printf("talloc_init failed\n");
631                 return false;
632         }
633
634         status = get_usr_handle(cli, mem_ctx, admin_creds,
635                                 DCERPC_AUTH_TYPE_NTLMSSP,
636                                 DCERPC_AUTH_LEVEL_INTEGRITY,
637                                 username, &dom_name, &samr_pipe,
638                                 &user_handle, NULL);
639
640         if (!NT_STATUS_IS_OK(status)) {
641                 d_printf("get_wks_handle failed: %s\n", nt_errstr(status));
642                 goto done;
643         }
644
645         {
646                 struct samr_DeleteUser d;
647
648                 d.in.user_handle = user_handle;
649                 d.out.user_handle = user_handle;
650
651                 status = dcerpc_samr_DeleteUser(samr_pipe, mem_ctx, &d);
652                 if (!NT_STATUS_IS_OK(status)) {
653                         d_printf("samr_DeleteUser failed %s\n", nt_errstr(status));
654                         goto done;
655                 }
656         }
657
658         ret = true;
659
660  done:
661         talloc_free(mem_ctx);
662         return ret;
663 }
664
665 /*
666  * Do a Samba3-style join
667  */
668
669 static bool join3(struct smbcli_state *cli,
670                   bool use_level25,
671                   struct cli_credentials *admin_creds,
672                   struct cli_credentials *wks_creds)
673 {
674         TALLOC_CTX *mem_ctx;
675         NTSTATUS status;
676         char *dom_name;
677         struct dcerpc_pipe *samr_pipe;
678         struct policy_handle *wks_handle;
679         bool ret = false;
680
681         if ((mem_ctx = talloc_init("join3")) == NULL) {
682                 d_printf("talloc_init failed\n");
683                 return false;
684         }
685
686         status = get_usr_handle(
687                 cli, mem_ctx, admin_creds,
688                 DCERPC_AUTH_TYPE_NTLMSSP,
689                 DCERPC_AUTH_LEVEL_PRIVACY,
690                 talloc_asprintf(mem_ctx, "%s$",
691                                 cli_credentials_get_workstation(wks_creds)),
692                 &dom_name, &samr_pipe, &wks_handle, NULL);
693
694         if (!NT_STATUS_IS_OK(status)) {
695                 d_printf("get_wks_handle failed: %s\n", nt_errstr(status));
696                 goto done;
697         }
698
699         cli_credentials_set_domain(wks_creds, dom_name, CRED_SPECIFIED);
700
701         if (use_level25) {
702                 struct samr_SetUserInfo2 sui2;
703                 union samr_UserInfo u_info;
704                 struct samr_UserInfo21 *i21 = &u_info.info25.info;
705                 DATA_BLOB session_key;
706                 DATA_BLOB confounded_session_key = data_blob_talloc(
707                         mem_ctx, NULL, 16);
708                 struct MD5Context ctx;
709                 uint8_t confounder[16];
710
711                 ZERO_STRUCT(u_info);
712
713                 i21->full_name.string = talloc_asprintf(
714                         mem_ctx, "%s$",
715                         cli_credentials_get_workstation(wks_creds));
716                 i21->acct_flags = ACB_WSTRUST;
717                 i21->fields_present = SAMR_FIELD_FULL_NAME |
718                         SAMR_FIELD_ACCT_FLAGS | SAMR_FIELD_PASSWORD;
719
720                 encode_pw_buffer(u_info.info25.password.data,
721                                  cli_credentials_get_password(wks_creds),
722                                  STR_UNICODE);
723                 status = dcerpc_fetch_session_key(samr_pipe, &session_key);
724                 if (!NT_STATUS_IS_OK(status)) {
725                         d_printf("dcerpc_fetch_session_key failed: %s\n",
726                                  nt_errstr(status));
727                         goto done;
728                 }
729                 generate_random_buffer((uint8_t *)confounder, 16);
730
731                 MD5Init(&ctx);
732                 MD5Update(&ctx, confounder, 16);
733                 MD5Update(&ctx, session_key.data, session_key.length);
734                 MD5Final(confounded_session_key.data, &ctx);
735
736                 arcfour_crypt_blob(u_info.info25.password.data, 516,
737                                    &confounded_session_key);
738                 memcpy(&u_info.info25.password.data[516], confounder, 16);
739
740                 sui2.in.user_handle = wks_handle;
741                 sui2.in.level = 25;
742                 sui2.in.info = &u_info;
743
744                 status = dcerpc_samr_SetUserInfo2(samr_pipe, mem_ctx, &sui2);
745                 if (!NT_STATUS_IS_OK(status)) {
746                         d_printf("samr_SetUserInfo2(25) failed: %s\n",
747                                  nt_errstr(status));
748                         goto done;
749                 }
750         } else {
751                 struct samr_SetUserInfo2 sui2;
752                 struct samr_SetUserInfo sui;
753                 union samr_UserInfo u_info;
754                 DATA_BLOB session_key;
755
756                 encode_pw_buffer(u_info.info24.password.data,
757                                  cli_credentials_get_password(wks_creds),
758                                  STR_UNICODE);
759                 u_info.info24.pw_len =
760                         strlen_m(cli_credentials_get_password(wks_creds))*2;
761
762                 status = dcerpc_fetch_session_key(samr_pipe, &session_key);
763                 if (!NT_STATUS_IS_OK(status)) {
764                         d_printf("dcerpc_fetch_session_key failed\n");
765                         goto done;
766                 }
767                 arcfour_crypt_blob(u_info.info24.password.data, 516,
768                                    &session_key);
769                 sui2.in.user_handle = wks_handle;
770                 sui2.in.info = &u_info;
771                 sui2.in.level = 24;
772
773                 status = dcerpc_samr_SetUserInfo2(samr_pipe, mem_ctx, &sui2);
774                 if (!NT_STATUS_IS_OK(status)) {
775                         d_printf("samr_SetUserInfo(24) failed: %s\n",
776                                  nt_errstr(status));
777                         goto done;
778                 }
779
780                 u_info.info16.acct_flags = ACB_WSTRUST;
781                 sui.in.user_handle = wks_handle;
782                 sui.in.info = &u_info;
783                 sui.in.level = 16;
784
785                 status = dcerpc_samr_SetUserInfo(samr_pipe, mem_ctx, &sui);
786                 if (!NT_STATUS_IS_OK(status)) {
787                         d_printf("samr_SetUserInfo(16) failed\n");
788                         goto done;
789                 }
790         }
791
792         ret = true;
793
794  done:
795         talloc_free(mem_ctx);
796         return ret;
797 }
798
799 /*
800  * Do a ReqChallenge/Auth2 and get the wks creds
801  */
802
803 static bool auth2(struct smbcli_state *cli,
804                   struct cli_credentials *wks_cred)
805 {
806         TALLOC_CTX *mem_ctx;
807         struct dcerpc_pipe *net_pipe;
808         bool result = false;
809         NTSTATUS status;
810         struct netr_ServerReqChallenge r;
811         struct netr_Credential netr_cli_creds;
812         struct netr_Credential netr_srv_creds;
813         uint32_t negotiate_flags;
814         struct netr_ServerAuthenticate2 a;
815         struct creds_CredentialState *creds_state;
816         struct netr_Credential netr_cred;
817         struct samr_Password mach_pw;
818
819         mem_ctx = talloc_new(NULL);
820         if (mem_ctx == NULL) {
821                 d_printf("talloc_new failed\n");
822                 return false;
823         }
824
825         net_pipe = dcerpc_pipe_init(mem_ctx,
826                                     cli->transport->socket->event.ctx);
827         if (net_pipe == NULL) {
828                 d_printf("dcerpc_pipe_init failed\n");
829                 goto done;
830         }
831
832         status = dcerpc_pipe_open_smb(net_pipe, cli->tree, "\\netlogon");
833         if (!NT_STATUS_IS_OK(status)) {
834                 d_printf("dcerpc_pipe_open_smb failed: %s\n",
835                          nt_errstr(status));
836                 goto done;
837         }
838
839         status = dcerpc_bind_auth_none(net_pipe, &ndr_table_netlogon);
840         if (!NT_STATUS_IS_OK(status)) {
841                 d_printf("dcerpc_bind_auth_none failed: %s\n",
842                          nt_errstr(status));
843                 goto done;
844         }
845
846         r.in.computer_name = cli_credentials_get_workstation(wks_cred);
847         r.in.server_name = talloc_asprintf(
848                 mem_ctx, "\\\\%s", dcerpc_server_name(net_pipe));
849         if (r.in.server_name == NULL) {
850                 d_printf("talloc_asprintf failed\n");
851                 goto done;
852         }
853         generate_random_buffer(netr_cli_creds.data,
854                                sizeof(netr_cli_creds.data));
855         r.in.credentials = &netr_cli_creds;
856         r.out.credentials = &netr_srv_creds;
857
858         status = dcerpc_netr_ServerReqChallenge(net_pipe, mem_ctx, &r);
859         if (!NT_STATUS_IS_OK(status)) {
860                 d_printf("netr_ServerReqChallenge failed: %s\n",
861                          nt_errstr(status));
862                 goto done;
863         }
864
865         negotiate_flags = NETLOGON_NEG_AUTH2_FLAGS;
866         E_md4hash(cli_credentials_get_password(wks_cred), mach_pw.hash);
867
868         creds_state = talloc(mem_ctx, struct creds_CredentialState);
869         creds_client_init(creds_state, r.in.credentials,
870                           r.out.credentials, &mach_pw,
871                           &netr_cred, negotiate_flags);
872
873         a.in.server_name = talloc_asprintf(
874                 mem_ctx, "\\\\%s", dcerpc_server_name(net_pipe));
875         a.in.account_name = talloc_asprintf(
876                 mem_ctx, "%s$", cli_credentials_get_workstation(wks_cred));
877         a.in.computer_name = cli_credentials_get_workstation(wks_cred);
878         a.in.secure_channel_type = SEC_CHAN_WKSTA;
879         a.in.negotiate_flags = &negotiate_flags;
880         a.out.negotiate_flags = &negotiate_flags;
881         a.in.credentials = &netr_cred;
882         a.out.credentials = &netr_cred;
883
884         status = dcerpc_netr_ServerAuthenticate2(net_pipe, mem_ctx, &a);
885         if (!NT_STATUS_IS_OK(status)) {
886                 d_printf("netr_ServerServerAuthenticate2 failed: %s\n",
887                          nt_errstr(status));
888                 goto done;
889         }
890
891         if (!creds_client_check(creds_state, a.out.credentials)) {
892                 d_printf("creds_client_check failed\n");
893                 goto done;
894         }
895
896         cli_credentials_set_netlogon_creds(wks_cred, creds_state);
897
898         result = true;
899
900  done:
901         talloc_free(mem_ctx);
902         return result;
903 }
904
905 /*
906  * Do a couple of schannel protected Netlogon ops: Interactive and Network
907  * login, and change the wks password
908  */
909
910 static bool schan(struct smbcli_state *cli,
911                   struct cli_credentials *wks_creds,
912                   struct cli_credentials *user_creds)
913 {
914         TALLOC_CTX *mem_ctx;
915         NTSTATUS status;
916         bool ret = false;
917         struct dcerpc_pipe *net_pipe;
918         int i;
919         
920         mem_ctx = talloc_new(NULL);
921         if (mem_ctx == NULL) {
922                 d_printf("talloc_new failed\n");
923                 return false;
924         }
925
926         net_pipe = dcerpc_pipe_init(mem_ctx,
927                                     cli->transport->socket->event.ctx);
928         if (net_pipe == NULL) {
929                 d_printf("dcerpc_pipe_init failed\n");
930                 goto done;
931         }
932
933         status = dcerpc_pipe_open_smb(net_pipe, cli->tree, "\\netlogon");
934         if (!NT_STATUS_IS_OK(status)) {
935                 d_printf("dcerpc_pipe_open_smb failed: %s\n",
936                          nt_errstr(status));
937                 goto done;
938         }
939
940 #if 0
941         net_pipe->conn->flags |= DCERPC_DEBUG_PRINT_IN |
942                 DCERPC_DEBUG_PRINT_OUT;
943 #endif
944 #if 1
945         net_pipe->conn->flags |= (DCERPC_SIGN | DCERPC_SEAL);
946         status = dcerpc_bind_auth(net_pipe, &ndr_table_netlogon,
947                                   wks_creds, DCERPC_AUTH_TYPE_SCHANNEL,
948                                   DCERPC_AUTH_LEVEL_PRIVACY,
949                                   NULL);
950 #else
951         status = dcerpc_bind_auth_none(net_pipe, &ndr_table_netlogon);
952 #endif
953         if (!NT_STATUS_IS_OK(status)) {
954                 d_printf("schannel bind failed: %s\n", nt_errstr(status));
955                 goto done;
956         }
957
958
959         for (i=2; i<4; i++) {
960                 int flags;
961                 DATA_BLOB chal, nt_resp, lm_resp, names_blob, session_key;
962                 struct creds_CredentialState *creds_state;
963                 struct netr_Authenticator netr_auth, netr_auth2;
964                 struct netr_NetworkInfo ninfo;
965                 struct netr_PasswordInfo pinfo;
966                 struct netr_LogonSamLogon r;
967
968                 flags = CLI_CRED_LANMAN_AUTH | CLI_CRED_NTLM_AUTH |
969                         CLI_CRED_NTLMv2_AUTH;
970
971                 chal = data_blob_talloc(mem_ctx, NULL, 8);
972                 if (chal.data == NULL) {
973                         d_printf("data_blob_talloc failed\n");
974                         goto done;
975                 }
976
977                 generate_random_buffer(chal.data, chal.length);
978                 names_blob = NTLMv2_generate_names_blob(
979                         mem_ctx, cli_credentials_get_workstation(user_creds),
980                         cli_credentials_get_domain(user_creds));
981                 status = cli_credentials_get_ntlm_response(
982                         user_creds, mem_ctx, &flags, chal, names_blob,
983                         &lm_resp, &nt_resp, NULL, NULL);
984                 if (!NT_STATUS_IS_OK(status)) {
985                         d_printf("cli_credentials_get_ntlm_response failed:"
986                                  " %s\n", nt_errstr(status));
987                         goto done;
988                 }
989
990                 creds_state = cli_credentials_get_netlogon_creds(wks_creds);
991                 creds_client_authenticator(creds_state, &netr_auth);
992
993                 ninfo.identity_info.account_name.string =
994                         cli_credentials_get_username(user_creds);
995                 ninfo.identity_info.domain_name.string =
996                         cli_credentials_get_domain(user_creds);
997                 ninfo.identity_info.parameter_control = 0;
998                 ninfo.identity_info.logon_id_low = 0;
999                 ninfo.identity_info.logon_id_high = 0;
1000                 ninfo.identity_info.workstation.string =
1001                         cli_credentials_get_workstation(user_creds);
1002                 memcpy(ninfo.challenge, chal.data, sizeof(ninfo.challenge));
1003                 ninfo.nt.length = nt_resp.length;
1004                 ninfo.nt.data = nt_resp.data;
1005                 ninfo.lm.length = lm_resp.length;
1006                 ninfo.lm.data = lm_resp.data;
1007
1008                 r.in.server_name = talloc_asprintf(
1009                         mem_ctx, "\\\\%s", dcerpc_server_name(net_pipe));
1010                 ZERO_STRUCT(netr_auth2);
1011                 r.in.computer_name =
1012                         cli_credentials_get_workstation(wks_creds);
1013                 r.in.credential = &netr_auth;
1014                 r.in.return_authenticator = &netr_auth2;
1015                 r.in.logon_level = 2;
1016                 r.in.validation_level = i;
1017                 r.in.logon.network = &ninfo;
1018                 r.out.return_authenticator = NULL;
1019
1020                 status = dcerpc_netr_LogonSamLogon(net_pipe, mem_ctx, &r);
1021                 if (!NT_STATUS_IS_OK(status)) {
1022                         d_printf("netr_LogonSamLogon failed: %s\n",
1023                                  nt_errstr(status));
1024                         goto done;
1025                 }
1026
1027                 if ((r.out.return_authenticator == NULL) ||
1028                     (!creds_client_check(creds_state,
1029                                          &r.out.return_authenticator->cred))) {
1030                         d_printf("Credentials check failed!\n");
1031                         goto done;
1032                 }
1033
1034                 creds_client_authenticator(creds_state, &netr_auth);
1035
1036                 pinfo.identity_info = ninfo.identity_info;
1037                 ZERO_STRUCT(pinfo.lmpassword.hash);
1038                 E_md4hash(cli_credentials_get_password(user_creds),
1039                           pinfo.ntpassword.hash);
1040                 session_key = data_blob_talloc(mem_ctx,
1041                                                creds_state->session_key, 16);
1042                 arcfour_crypt_blob(pinfo.ntpassword.hash,
1043                                    sizeof(pinfo.ntpassword.hash),
1044                                    &session_key);
1045
1046                 r.in.logon_level = 1;
1047                 r.in.logon.password = &pinfo;
1048                 r.out.return_authenticator = NULL;
1049
1050                 status = dcerpc_netr_LogonSamLogon(net_pipe, mem_ctx, &r);
1051                 if (!NT_STATUS_IS_OK(status)) {
1052                         d_printf("netr_LogonSamLogon failed: %s\n",
1053                                  nt_errstr(status));
1054                         goto done;
1055                 }
1056
1057                 if ((r.out.return_authenticator == NULL) ||
1058                     (!creds_client_check(creds_state,
1059                                          &r.out.return_authenticator->cred))) {
1060                         d_printf("Credentials check failed!\n");
1061                         goto done;
1062                 }
1063         }
1064
1065         {
1066                 struct netr_ServerPasswordSet s;
1067                 char *password = generate_random_str(wks_creds, 8);
1068                 struct creds_CredentialState *creds_state;
1069
1070                 s.in.server_name = talloc_asprintf(
1071                         mem_ctx, "\\\\%s", dcerpc_server_name(net_pipe));
1072                 s.in.computer_name = cli_credentials_get_workstation(wks_creds);
1073                 s.in.account_name = talloc_asprintf(
1074                         mem_ctx, "%s$", s.in.computer_name);
1075                 s.in.secure_channel_type = SEC_CHAN_WKSTA;
1076                 E_md4hash(password, s.in.new_password.hash);
1077
1078                 creds_state = cli_credentials_get_netlogon_creds(wks_creds);
1079                 creds_des_encrypt(creds_state, &s.in.new_password);
1080                 creds_client_authenticator(creds_state, &s.in.credential);
1081
1082                 status = dcerpc_netr_ServerPasswordSet(net_pipe, mem_ctx, &s);
1083                 if (!NT_STATUS_IS_OK(status)) {
1084                         printf("ServerPasswordSet - %s\n", nt_errstr(status));
1085                         goto done;
1086                 }
1087
1088                 if (!creds_client_check(creds_state,
1089                                         &s.out.return_authenticator.cred)) {
1090                         printf("Credential chaining failed\n");
1091                 }
1092
1093                 cli_credentials_set_password(wks_creds, password,
1094                                              CRED_SPECIFIED);
1095         }
1096
1097         ret = true;
1098  done:
1099         talloc_free(mem_ctx);
1100         return ret;
1101 }
1102
1103 /*
1104  * Delete the wks account again
1105  */
1106
1107 static bool leave(struct smbcli_state *cli,
1108                   struct cli_credentials *admin_creds,
1109                   struct cli_credentials *wks_creds)
1110 {
1111         char *wks_name = talloc_asprintf(
1112                 NULL, "%s$", cli_credentials_get_workstation(wks_creds));
1113         bool ret;
1114
1115         ret = delete_user(cli, admin_creds, wks_name);
1116         talloc_free(wks_name);
1117         return ret;
1118 }
1119
1120 /*
1121  * Test the Samba3 DC code a bit. Join, do some schan netlogon ops, leave
1122  */
1123
1124 bool torture_netlogon_samba3(struct torture_context *torture)
1125 {
1126         TALLOC_CTX *mem_ctx;
1127         NTSTATUS status;
1128         bool ret = false;
1129         struct smbcli_state *cli;
1130         struct cli_credentials *anon_creds;
1131         struct cli_credentials *wks_creds;
1132         const char *wks_name;
1133         int i;
1134
1135         wks_name = torture_setting_string(torture, "wksname", NULL);
1136         if (wks_name == NULL) {
1137                 wks_name = get_myname();
1138         }
1139
1140         mem_ctx = talloc_init("torture_netlogon_samba3");
1141
1142         if (mem_ctx == NULL) {
1143                 d_printf("talloc_init failed\n");
1144                 return false;
1145         }
1146
1147         if (!(anon_creds = create_anon_creds(mem_ctx))) {
1148                 d_printf("create_anon_creds failed\n");
1149                 goto done;
1150         }
1151
1152         status = smbcli_full_connection(mem_ctx, &cli,
1153                                         torture_setting_string(torture, "host", NULL),
1154                                         "IPC$", NULL, anon_creds, NULL);
1155         if (!NT_STATUS_IS_OK(status)) {
1156                 d_printf("smbcli_full_connection failed: %s\n",
1157                          nt_errstr(status));
1158                 goto done;
1159         }
1160
1161         wks_creds = cli_credentials_init(mem_ctx);
1162         if (wks_creds == NULL) {
1163                 d_printf("cli_credentials_init failed\n");
1164                 goto done;
1165         }
1166
1167         cli_credentials_set_conf(wks_creds, torture->lp_ctx);
1168         cli_credentials_set_secure_channel_type(wks_creds, SEC_CHAN_WKSTA);
1169         cli_credentials_set_username(wks_creds, wks_name, CRED_SPECIFIED);
1170         cli_credentials_set_workstation(wks_creds, wks_name, CRED_SPECIFIED);
1171         cli_credentials_set_password(wks_creds,
1172                                      generate_random_str(wks_creds, 8),
1173                                      CRED_SPECIFIED);
1174
1175         if (!join3(cli, false, cmdline_credentials, wks_creds)) {
1176                 d_printf("join failed\n");
1177                 goto done;
1178         }
1179
1180         cli_credentials_set_domain(
1181                 cmdline_credentials, cli_credentials_get_domain(wks_creds),
1182                 CRED_SPECIFIED);
1183
1184         for (i=0; i<2; i++) {
1185
1186                 /* Do this more than once, the routine "schan" changes
1187                  * the workstation password using the netlogon
1188                  * password change routine */
1189
1190                 int j;
1191
1192                 if (!auth2(cli, wks_creds)) {
1193                         d_printf("auth2 failed\n");
1194                         goto done;
1195                 }
1196
1197                 for (j=0; j<2; j++) {
1198                         if (!schan(cli, wks_creds, cmdline_credentials)) {
1199                                 d_printf("schan failed\n");
1200                                 goto done;
1201                         }
1202                 }
1203         }
1204
1205         if (!leave(cli, cmdline_credentials, wks_creds)) {
1206                 d_printf("leave failed\n");
1207                 goto done;
1208         }
1209
1210         ret = true;
1211
1212  done:
1213         talloc_free(mem_ctx);
1214         return ret;
1215 }
1216
1217 /*
1218  * Do a simple join, testjoin and leave using specified smb and samr
1219  * credentials
1220  */
1221
1222 static bool test_join3(struct torture_context *tctx,
1223                        bool use_level25,
1224                        struct cli_credentials *smb_creds,
1225                        struct cli_credentials *samr_creds,
1226                        const char *wks_name)
1227 {
1228         NTSTATUS status;
1229         bool ret = false;
1230         struct smbcli_state *cli;
1231         struct cli_credentials *wks_creds;
1232
1233         status = smbcli_full_connection(tctx, &cli,
1234                                         torture_setting_string(tctx, "host", NULL),
1235                                         "IPC$", NULL, smb_creds, NULL);
1236         if (!NT_STATUS_IS_OK(status)) {
1237                 d_printf("smbcli_full_connection failed: %s\n",
1238                          nt_errstr(status));
1239                 goto done;
1240         }
1241
1242         wks_creds = cli_credentials_init(cli);
1243         if (wks_creds == NULL) {
1244                 d_printf("cli_credentials_init failed\n");
1245                 goto done;
1246         }
1247
1248         cli_credentials_set_conf(wks_creds, tctx->lp_ctx);
1249         cli_credentials_set_secure_channel_type(wks_creds, SEC_CHAN_WKSTA);
1250         cli_credentials_set_username(wks_creds, wks_name, CRED_SPECIFIED);
1251         cli_credentials_set_workstation(wks_creds, wks_name, CRED_SPECIFIED);
1252         cli_credentials_set_password(wks_creds,
1253                                      generate_random_str(wks_creds, 8),
1254                                      CRED_SPECIFIED);
1255
1256         if (!join3(cli, use_level25, samr_creds, wks_creds)) {
1257                 d_printf("join failed\n");
1258                 goto done;
1259         }
1260
1261         cli_credentials_set_domain(
1262                 cmdline_credentials, cli_credentials_get_domain(wks_creds),
1263                 CRED_SPECIFIED);
1264
1265         if (!auth2(cli, wks_creds)) {
1266                 d_printf("auth2 failed\n");
1267                 goto done;
1268         }
1269
1270         if (!leave(cli, samr_creds, wks_creds)) {
1271                 d_printf("leave failed\n");
1272                 goto done;
1273         }
1274
1275         talloc_free(cli);
1276
1277         ret = true;
1278
1279  done:
1280         return ret;
1281 }
1282
1283 /*
1284  * Test the different session key variants. Do it by joining, this uses the
1285  * session key in the setpassword routine. Test the join by doing the auth2.
1286  */
1287
1288 bool torture_samba3_sessionkey(struct torture_context *torture)
1289 {
1290         bool ret = false;
1291         struct cli_credentials *anon_creds;
1292         const char *wks_name;
1293
1294         wks_name = torture_setting_string(torture, "wksname", get_myname());
1295
1296         if (!(anon_creds = create_anon_creds(torture))) {
1297                 d_printf("create_anon_creds failed\n");
1298                 goto done;
1299         }
1300
1301         ret = true;
1302
1303         if (!torture_setting_bool(torture, "samba3", false)) {
1304
1305                 /* Samba3 in the build farm right now does this happily. Need
1306                  * to fix :-) */
1307
1308                 if (test_join3(torture, false, anon_creds, NULL, wks_name)) {
1309                         d_printf("join using anonymous bind on an anonymous smb "
1310                                  "connection succeeded -- HUH??\n");
1311                         ret = false;
1312                 }
1313         }
1314
1315         if (!test_join3(torture, false, anon_creds, cmdline_credentials,
1316                         wks_name)) {
1317                 d_printf("join using ntlmssp bind on an anonymous smb "
1318                          "connection failed\n");
1319                 ret = false;
1320         }
1321
1322         if (!test_join3(torture, false, cmdline_credentials, NULL, wks_name)) {
1323                 d_printf("join using anonymous bind on an authenticated smb "
1324                          "connection failed\n");
1325                 ret = false;
1326         }
1327
1328         if (!test_join3(torture, false, cmdline_credentials,
1329                         cmdline_credentials,
1330                         wks_name)) {
1331                 d_printf("join using ntlmssp bind on an authenticated smb "
1332                          "connection failed\n");
1333                 ret = false;
1334         }
1335
1336         /*
1337          * The following two are tests for setuserinfolevel 25
1338          */
1339
1340         if (!test_join3(torture, true, anon_creds, cmdline_credentials,
1341                         wks_name)) {
1342                 d_printf("join using ntlmssp bind on an anonymous smb "
1343                          "connection failed\n");
1344                 ret = false;
1345         }
1346
1347         if (!test_join3(torture, true, cmdline_credentials, NULL, wks_name)) {
1348                 d_printf("join using anonymous bind on an authenticated smb "
1349                          "connection failed\n");
1350                 ret = false;
1351         }
1352
1353  done:
1354
1355         return ret;
1356 }
1357
1358 /*
1359  * open pipe and bind, given an IPC$ context
1360  */
1361
1362 static NTSTATUS pipe_bind_smb(TALLOC_CTX *mem_ctx,
1363                               struct smbcli_tree *tree,
1364                               const char *pipe_name,
1365                               const struct ndr_interface_table *iface,
1366                               struct dcerpc_pipe **p)
1367 {
1368         struct dcerpc_pipe *result;
1369         NTSTATUS status;
1370
1371         if (!(result = dcerpc_pipe_init(
1372                       mem_ctx, tree->session->transport->socket->event.ctx))) {
1373                 return NT_STATUS_NO_MEMORY;
1374         }
1375
1376         status = dcerpc_pipe_open_smb(result, tree, pipe_name);
1377         if (!NT_STATUS_IS_OK(status)) {
1378                 d_printf("dcerpc_pipe_open_smb failed: %s\n",
1379                          nt_errstr(status));
1380                 talloc_free(result);
1381                 return status;
1382         }
1383
1384         status = dcerpc_bind_auth_none(result, iface);
1385         if (!NT_STATUS_IS_OK(status)) {
1386                 d_printf("schannel bind failed: %s\n", nt_errstr(status));
1387                 talloc_free(result);
1388                 return status;
1389         }
1390
1391         *p = result;
1392         return NT_STATUS_OK;
1393 }
1394
1395 /*
1396  * Sane wrapper around lsa_LookupNames
1397  */
1398
1399 static struct dom_sid *name2sid(TALLOC_CTX *mem_ctx,
1400                                 struct dcerpc_pipe *p,
1401                                 const char *name,
1402                                 const char *domain)
1403 {
1404         struct lsa_ObjectAttribute attr;
1405         struct lsa_QosInfo qos;
1406         struct lsa_OpenPolicy2 r;
1407         struct lsa_Close c;
1408         NTSTATUS status;
1409         struct policy_handle handle;
1410         struct lsa_LookupNames l;
1411         struct lsa_TransSidArray sids;
1412         struct lsa_String lsa_name;
1413         uint32_t count = 0;
1414         struct dom_sid *result;
1415         TALLOC_CTX *tmp_ctx;
1416
1417         if (!(tmp_ctx = talloc_new(mem_ctx))) {
1418                 return NULL;
1419         }
1420
1421         qos.len = 0;
1422         qos.impersonation_level = 2;
1423         qos.context_mode = 1;
1424         qos.effective_only = 0;
1425
1426         attr.len = 0;
1427         attr.root_dir = NULL;
1428         attr.object_name = NULL;
1429         attr.attributes = 0;
1430         attr.sec_desc = NULL;
1431         attr.sec_qos = &qos;
1432
1433         r.in.system_name = "\\";
1434         r.in.attr = &attr;
1435         r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
1436         r.out.handle = &handle;
1437
1438         status = dcerpc_lsa_OpenPolicy2(p, tmp_ctx, &r);
1439         if (!NT_STATUS_IS_OK(status)) {
1440                 printf("OpenPolicy2 failed - %s\n", nt_errstr(status));
1441                 talloc_free(tmp_ctx);
1442                 return NULL;
1443         }
1444
1445         sids.count = 0;
1446         sids.sids = NULL;
1447
1448         lsa_name.string = talloc_asprintf(tmp_ctx, "%s\\%s", domain, name);
1449
1450         l.in.handle = &handle;
1451         l.in.num_names = 1;
1452         l.in.names = &lsa_name;
1453         l.in.sids = &sids;
1454         l.in.level = 1;
1455         l.in.count = &count;
1456         l.out.count = &count;
1457         l.out.sids = &sids;
1458
1459         status = dcerpc_lsa_LookupNames(p, tmp_ctx, &l);
1460         if (!NT_STATUS_IS_OK(status)) {
1461                 printf("LookupNames of %s failed - %s\n", lsa_name.string, 
1462                        nt_errstr(status));
1463                 talloc_free(tmp_ctx);
1464                 return NULL;
1465         }
1466
1467         result = dom_sid_add_rid(mem_ctx, l.out.domains->domains[0].sid,
1468                                  l.out.sids->sids[0].rid);
1469
1470         c.in.handle = &handle;
1471         c.out.handle = &handle;
1472
1473         status = dcerpc_lsa_Close(p, tmp_ctx, &c);
1474         if (!NT_STATUS_IS_OK(status)) {
1475                 printf("dcerpc_lsa_Close failed - %s\n", nt_errstr(status));
1476                 talloc_free(tmp_ctx);
1477                 return NULL;
1478         }
1479         
1480         talloc_free(tmp_ctx);
1481         return result;
1482 }
1483
1484 /*
1485  * Find out the user SID on this connection
1486  */
1487
1488 static struct dom_sid *whoami(TALLOC_CTX *mem_ctx, struct smbcli_tree *tree)
1489 {
1490         struct dcerpc_pipe *lsa;
1491         struct lsa_GetUserName r;
1492         NTSTATUS status;
1493         struct lsa_StringPointer authority_name_p;
1494         struct dom_sid *result;
1495
1496         status = pipe_bind_smb(mem_ctx, tree, "\\pipe\\lsarpc",
1497                                &ndr_table_lsarpc, &lsa);
1498         if (!NT_STATUS_IS_OK(status)) {
1499                 d_printf("(%s) Could not bind to LSA: %s\n",
1500                          __location__, nt_errstr(status));
1501                 return NULL;
1502         }
1503
1504         r.in.system_name = "\\";
1505         r.in.account_name = NULL;
1506         authority_name_p.string = NULL;
1507         r.in.authority_name = &authority_name_p;
1508
1509         status = dcerpc_lsa_GetUserName(lsa, mem_ctx, &r);
1510
1511         if (!NT_STATUS_IS_OK(status)) {
1512                 printf("(%s) GetUserName failed - %s\n",
1513                        __location__, nt_errstr(status));
1514                 talloc_free(lsa);
1515                 return NULL;
1516         }
1517
1518         result = name2sid(mem_ctx, lsa, r.out.account_name->string,
1519                           r.out.authority_name->string->string);
1520
1521         talloc_free(lsa);
1522         return result;
1523 }
1524
1525 static int destroy_tree(struct smbcli_tree *tree)
1526 {
1527         smb_tree_disconnect(tree);
1528         return 0;
1529 }
1530
1531 /*
1532  * Do a tcon, given a session
1533  */
1534
1535 NTSTATUS secondary_tcon(TALLOC_CTX *mem_ctx,
1536                         struct smbcli_session *session,
1537                         const char *sharename,
1538                         struct smbcli_tree **res)
1539 {
1540         struct smbcli_tree *result;
1541         TALLOC_CTX *tmp_ctx;
1542         union smb_tcon tcon;
1543         NTSTATUS status;
1544
1545         if (!(tmp_ctx = talloc_new(mem_ctx))) {
1546                 return NT_STATUS_NO_MEMORY;
1547         }
1548
1549         if (!(result = smbcli_tree_init(session, mem_ctx, false))) {
1550                 talloc_free(tmp_ctx);
1551                 return NT_STATUS_NO_MEMORY;
1552         }
1553
1554         tcon.generic.level = RAW_TCON_TCONX;
1555         tcon.tconx.in.flags = 0;
1556         tcon.tconx.in.password = data_blob(NULL, 0);
1557         tcon.tconx.in.path = sharename;
1558         tcon.tconx.in.device = "?????";
1559
1560         status = smb_raw_tcon(result, tmp_ctx, &tcon);
1561         if (!NT_STATUS_IS_OK(status)) {
1562                 d_printf("(%s) smb_raw_tcon failed: %s\n", __location__,
1563                          nt_errstr(status));
1564                 talloc_free(tmp_ctx);
1565                 return status;
1566         }
1567
1568         result->tid = tcon.tconx.out.tid;
1569         result = talloc_steal(mem_ctx, result);
1570         talloc_set_destructor(result, destroy_tree);
1571         talloc_free(tmp_ctx);
1572         *res = result;
1573         return NT_STATUS_OK;
1574 }
1575
1576 /*
1577  * Test the getusername behaviour
1578  */
1579
1580 bool torture_samba3_rpc_getusername(struct torture_context *torture)
1581 {
1582         NTSTATUS status;
1583         struct smbcli_state *cli;
1584         TALLOC_CTX *mem_ctx;
1585         bool ret = true;
1586         struct dom_sid *user_sid;
1587         struct dom_sid *created_sid;
1588         struct cli_credentials *anon_creds;
1589         struct cli_credentials *user_creds;
1590         char *domain_name;
1591
1592         if (!(mem_ctx = talloc_new(torture))) {
1593                 return false;
1594         }
1595
1596         status = smbcli_full_connection(
1597                 mem_ctx, &cli, torture_setting_string(torture, "host", NULL),
1598                 "IPC$", NULL, cmdline_credentials, NULL);
1599         if (!NT_STATUS_IS_OK(status)) {
1600                 d_printf("(%s) smbcli_full_connection failed: %s\n",
1601                          __location__, nt_errstr(status));
1602                 ret = false;
1603                 goto done;
1604         }
1605
1606         if (!(user_sid = whoami(mem_ctx, cli->tree))) {
1607                 d_printf("(%s) whoami on auth'ed connection failed\n",
1608                          __location__);
1609                 ret = false;
1610         }
1611
1612         talloc_free(cli);
1613
1614         if (!(anon_creds = create_anon_creds(mem_ctx))) {
1615                 d_printf("(%s) create_anon_creds failed\n", __location__);
1616                 ret = false;
1617                 goto done;
1618         }
1619
1620         status = smbcli_full_connection(
1621                 mem_ctx, &cli, torture_setting_string(torture, "host", NULL),
1622                 "IPC$", NULL, anon_creds, NULL);
1623         if (!NT_STATUS_IS_OK(status)) {
1624                 d_printf("(%s) anon smbcli_full_connection failed: %s\n",
1625                          __location__, nt_errstr(status));
1626                 ret = false;
1627                 goto done;
1628         }
1629
1630         if (!(user_sid = whoami(mem_ctx, cli->tree))) {
1631                 d_printf("(%s) whoami on anon connection failed\n",
1632                          __location__);
1633                 ret = false;
1634                 goto done;
1635         }
1636
1637         if (!dom_sid_equal(user_sid,
1638                            dom_sid_parse_talloc(mem_ctx, "s-1-5-7"))) {
1639                 d_printf("(%s) Anon lsa_GetUserName returned %s, expected "
1640                          "S-1-5-7", __location__,
1641                          dom_sid_string(mem_ctx, user_sid));
1642                 ret = false;
1643         }
1644
1645         if (!(user_creds = cli_credentials_init(mem_ctx))) {
1646                 d_printf("(%s) cli_credentials_init failed\n", __location__);
1647                 ret = false;
1648                 goto done;
1649         }
1650
1651         cli_credentials_set_conf(user_creds, torture->lp_ctx);
1652         cli_credentials_set_username(user_creds, "torture_username",
1653                                      CRED_SPECIFIED);
1654         cli_credentials_set_password(user_creds,
1655                                      generate_random_str(user_creds, 8),
1656                                      CRED_SPECIFIED);
1657
1658         if (!create_user(mem_ctx, cli, cmdline_credentials,
1659                          cli_credentials_get_username(user_creds),
1660                          cli_credentials_get_password(user_creds),
1661                          &domain_name, &created_sid)) {
1662                 d_printf("(%s) create_user failed\n", __location__);
1663                 ret = false;
1664                 goto done;
1665         }
1666
1667         cli_credentials_set_domain(user_creds, domain_name,
1668                                    CRED_SPECIFIED);
1669
1670         {
1671                 struct smbcli_session *session2;
1672                 struct smb_composite_sesssetup setup;
1673                 struct smbcli_tree *tree;
1674
1675                 session2 = smbcli_session_init(cli->transport, mem_ctx, false);
1676                 if (session2 == NULL) {
1677                         d_printf("(%s) smbcli_session_init failed\n",
1678                                  __location__);
1679                         goto done;
1680                 }
1681
1682                 setup.in.sesskey = cli->transport->negotiate.sesskey;
1683                 setup.in.capabilities = cli->transport->negotiate.capabilities;
1684                 setup.in.workgroup = "";
1685                 setup.in.credentials = user_creds;
1686
1687                 status = smb_composite_sesssetup(session2, &setup);
1688                 if (!NT_STATUS_IS_OK(status)) {
1689                         d_printf("(%s) session setup with new user failed: "
1690                                  "%s\n", __location__, nt_errstr(status));
1691                         ret = false;
1692                         goto done;
1693                 }
1694                 session2->vuid = setup.out.vuid;
1695
1696                 if (!NT_STATUS_IS_OK(secondary_tcon(mem_ctx, session2,
1697                                                     "IPC$", &tree))) {
1698                         d_printf("(%s) secondary_tcon failed\n",
1699                                  __location__);
1700                         ret = false;
1701                         goto done;
1702                 }
1703
1704                 if (!(user_sid = whoami(mem_ctx, tree))) {
1705                         d_printf("(%s) whoami on user connection failed\n",
1706                                  __location__);
1707                         ret = false;
1708                         goto delete;
1709                 }
1710
1711                 talloc_free(tree);
1712         }
1713
1714         d_printf("Created %s, found %s\n",
1715                  dom_sid_string(mem_ctx, created_sid),
1716                  dom_sid_string(mem_ctx, user_sid));
1717
1718         if (!dom_sid_equal(created_sid, user_sid)) {
1719                 ret = false;
1720         }
1721
1722  delete:
1723         if (!delete_user(cli, cmdline_credentials,
1724                          cli_credentials_get_username(user_creds))) {
1725                 d_printf("(%s) delete_user failed\n", __location__);
1726                 ret = false;
1727         }
1728
1729  done:
1730         talloc_free(mem_ctx);
1731         return ret;
1732 }
1733
1734 static bool test_NetShareGetInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1735                                  const char *sharename)
1736 {
1737         NTSTATUS status;
1738         struct srvsvc_NetShareGetInfo r;
1739         uint32_t levels[] = { 0, 1, 2, 501, 502, 1004, 1005, 1006, 1007, 1501 };
1740         int i;
1741         bool ret = true;
1742
1743         r.in.server_unc = talloc_asprintf(mem_ctx, "\\\\%s",
1744                                           dcerpc_server_name(p));
1745         r.in.share_name = sharename;
1746
1747         for (i=0;i<ARRAY_SIZE(levels);i++) {
1748                 r.in.level = levels[i];
1749
1750                 ZERO_STRUCT(r.out);
1751
1752                 printf("testing NetShareGetInfo level %u on share '%s'\n", 
1753                        r.in.level, r.in.share_name);
1754
1755                 status = dcerpc_srvsvc_NetShareGetInfo(p, mem_ctx, &r);
1756                 if (!NT_STATUS_IS_OK(status)) {
1757                         printf("NetShareGetInfo level %u on share '%s' failed"
1758                                " - %s\n", r.in.level, r.in.share_name,
1759                                nt_errstr(status));
1760                         ret = false;
1761                         continue;
1762                 }
1763                 if (!W_ERROR_IS_OK(r.out.result)) {
1764                         printf("NetShareGetInfo level %u on share '%s' failed "
1765                                "- %s\n", r.in.level, r.in.share_name,
1766                                win_errstr(r.out.result));
1767                         ret = false;
1768                         continue;
1769                 }
1770         }
1771
1772         return ret;
1773 }
1774
1775 static bool test_NetShareEnum(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1776                               const char **one_sharename)
1777 {
1778         NTSTATUS status;
1779         struct srvsvc_NetShareEnum r;
1780         struct srvsvc_NetShareCtr0 c0;
1781         uint32_t levels[] = { 0, 1, 2, 501, 502, 1004, 1005, 1006, 1007 };
1782         int i;
1783         bool ret = true;
1784
1785         r.in.server_unc = talloc_asprintf(mem_ctx,"\\\\%s",dcerpc_server_name(p));
1786         r.in.ctr.ctr0 = &c0;
1787         r.in.ctr.ctr0->count = 0;
1788         r.in.ctr.ctr0->array = NULL;
1789         r.in.max_buffer = (uint32_t)-1;
1790         r.in.resume_handle = NULL;
1791
1792         for (i=0;i<ARRAY_SIZE(levels);i++) {
1793                 r.in.level = levels[i];
1794
1795                 ZERO_STRUCT(r.out);
1796
1797                 printf("testing NetShareEnum level %u\n", r.in.level);
1798                 status = dcerpc_srvsvc_NetShareEnum(p, mem_ctx, &r);
1799                 if (!NT_STATUS_IS_OK(status)) {
1800                         printf("NetShareEnum level %u failed - %s\n",
1801                                r.in.level, nt_errstr(status));
1802                         ret = false;
1803                         continue;
1804                 }
1805                 if (!W_ERROR_IS_OK(r.out.result)) {
1806                         printf("NetShareEnum level %u failed - %s\n",
1807                                r.in.level, win_errstr(r.out.result));
1808                         continue;
1809                 }
1810                 if (r.in.level == 0) {
1811                         struct srvsvc_NetShareCtr0 *ctr = r.out.ctr.ctr0;
1812                         if (ctr->count > 0) {
1813                                 *one_sharename = ctr->array[0].name;
1814                         }
1815                 }
1816         }
1817
1818         return ret;
1819 }
1820
1821 bool torture_samba3_rpc_srvsvc(struct torture_context *torture)
1822 {
1823         struct dcerpc_pipe *p;
1824         TALLOC_CTX *mem_ctx;
1825         bool ret = true;
1826         const char *sharename = NULL;
1827         struct smbcli_state *cli;
1828         NTSTATUS status;
1829
1830         if (!(mem_ctx = talloc_new(torture))) {
1831                 return false;
1832         }
1833
1834         if (!(torture_open_connection_share(
1835                       mem_ctx, &cli, torture, torture_setting_string(torture, "host", NULL),
1836                       "IPC$", NULL))) {
1837                 talloc_free(mem_ctx);
1838                 return false;
1839         }
1840
1841         status = pipe_bind_smb(mem_ctx, cli->tree, "\\pipe\\srvsvc",
1842                                &ndr_table_srvsvc, &p);
1843         if (!NT_STATUS_IS_OK(status)) {
1844                 d_printf("(%s) could not bind to srvsvc pipe: %s\n",
1845                          __location__, nt_errstr(status));
1846                 ret = false;
1847                 goto done;
1848         }
1849
1850         ret &= test_NetShareEnum(p, mem_ctx, &sharename);
1851         if (sharename == NULL) {
1852                 printf("did not get sharename\n");
1853         } else {
1854                 ret &= test_NetShareGetInfo(p, mem_ctx, sharename);
1855         }
1856
1857  done:
1858         talloc_free(mem_ctx);
1859         return ret;
1860 }
1861
1862 /*
1863  * Do a ReqChallenge/Auth2 with a random wks name, make sure it returns
1864  * NT_STATUS_NO_SAM_ACCOUNT
1865  */
1866
1867 bool torture_samba3_rpc_randomauth2(struct torture_context *torture)
1868 {
1869         TALLOC_CTX *mem_ctx;
1870         struct dcerpc_pipe *net_pipe;
1871         char *wksname;
1872         bool result = false;
1873         NTSTATUS status;
1874         struct netr_ServerReqChallenge r;
1875         struct netr_Credential netr_cli_creds;
1876         struct netr_Credential netr_srv_creds;
1877         uint32_t negotiate_flags;
1878         struct netr_ServerAuthenticate2 a;
1879         struct creds_CredentialState *creds_state;
1880         struct netr_Credential netr_cred;
1881         struct samr_Password mach_pw;
1882         struct smbcli_state *cli;
1883
1884         if (!(mem_ctx = talloc_new(torture))) {
1885                 d_printf("talloc_new failed\n");
1886                 return false;
1887         }
1888
1889         if (!(wksname = generate_random_str_list(
1890                       mem_ctx, 14, "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"))) {
1891                 d_printf("generate_random_str_list failed\n");
1892                 goto done;
1893         }
1894
1895         if (!(torture_open_connection_share(
1896                       mem_ctx, &cli,
1897                       torture, torture_setting_string(torture, "host", NULL),
1898                       "IPC$", NULL))) {
1899                 d_printf("IPC$ connection failed\n");
1900                 goto done;
1901         }
1902
1903         if (!(net_pipe = dcerpc_pipe_init(
1904                       mem_ctx, cli->transport->socket->event.ctx))) {
1905                 d_printf("dcerpc_pipe_init failed\n");
1906                 goto done;
1907         }
1908
1909         status = dcerpc_pipe_open_smb(net_pipe, cli->tree, "\\netlogon");
1910         if (!NT_STATUS_IS_OK(status)) {
1911                 d_printf("dcerpc_pipe_open_smb failed: %s\n",
1912                          nt_errstr(status));
1913                 goto done;
1914         }
1915
1916         status = dcerpc_bind_auth_none(net_pipe, &ndr_table_netlogon);
1917         if (!NT_STATUS_IS_OK(status)) {
1918                 d_printf("dcerpc_bind_auth_none failed: %s\n",
1919                          nt_errstr(status));
1920                 goto done;
1921         }
1922
1923         r.in.computer_name = wksname;
1924         r.in.server_name = talloc_asprintf(
1925                 mem_ctx, "\\\\%s", dcerpc_server_name(net_pipe));
1926         if (r.in.server_name == NULL) {
1927                 d_printf("talloc_asprintf failed\n");
1928                 goto done;
1929         }
1930         generate_random_buffer(netr_cli_creds.data,
1931                                sizeof(netr_cli_creds.data));
1932         r.in.credentials = &netr_cli_creds;
1933         r.out.credentials = &netr_srv_creds;
1934
1935         status = dcerpc_netr_ServerReqChallenge(net_pipe, mem_ctx, &r);
1936         if (!NT_STATUS_IS_OK(status)) {
1937                 d_printf("netr_ServerReqChallenge failed: %s\n",
1938                          nt_errstr(status));
1939                 goto done;
1940         }
1941
1942         negotiate_flags = NETLOGON_NEG_AUTH2_FLAGS;
1943         E_md4hash("foobar", mach_pw.hash);
1944
1945         creds_state = talloc(mem_ctx, struct creds_CredentialState);
1946         creds_client_init(creds_state, r.in.credentials,
1947                           r.out.credentials, &mach_pw,
1948                           &netr_cred, negotiate_flags);
1949
1950         a.in.server_name = talloc_asprintf(
1951                 mem_ctx, "\\\\%s", dcerpc_server_name(net_pipe));
1952         a.in.account_name = talloc_asprintf(
1953                 mem_ctx, "%s$", wksname);
1954         a.in.computer_name = wksname;
1955         a.in.secure_channel_type = SEC_CHAN_WKSTA;
1956         a.in.negotiate_flags = &negotiate_flags;
1957         a.out.negotiate_flags = &negotiate_flags;
1958         a.in.credentials = &netr_cred;
1959         a.out.credentials = &netr_cred;
1960
1961         status = dcerpc_netr_ServerAuthenticate2(net_pipe, mem_ctx, &a);
1962
1963         if (!NT_STATUS_EQUAL(status, NT_STATUS_NO_TRUST_SAM_ACCOUNT)) {
1964                 d_printf("dcerpc_netr_ServerAuthenticate2 returned %s, "
1965                          "expected NT_STATUS_NO_TRUST_SAM_ACCOUNT\n",
1966                          nt_errstr(status));
1967                 goto done;
1968         }
1969
1970         result = true;
1971  done:
1972         talloc_free(mem_ctx);
1973         return result;
1974 }
1975
1976 static struct security_descriptor *get_sharesec(TALLOC_CTX *mem_ctx,
1977                                                 struct smbcli_session *sess,
1978                                                 const char *sharename)
1979 {
1980         struct smbcli_tree *tree;
1981         TALLOC_CTX *tmp_ctx;
1982         struct dcerpc_pipe *p;
1983         NTSTATUS status;
1984         struct srvsvc_NetShareGetInfo r;
1985         struct security_descriptor *result;
1986
1987         if (!(tmp_ctx = talloc_new(mem_ctx))) {
1988                 d_printf("talloc_new failed\n");
1989                 return NULL;
1990         }
1991
1992         if (!NT_STATUS_IS_OK(secondary_tcon(tmp_ctx, sess, "IPC$", &tree))) {
1993                 d_printf("secondary_tcon failed\n");
1994                 talloc_free(tmp_ctx);
1995                 return NULL;
1996         }
1997
1998         status = pipe_bind_smb(mem_ctx, tree, "\\pipe\\srvsvc",
1999                                &ndr_table_srvsvc, &p);
2000         if (!NT_STATUS_IS_OK(status)) {
2001                 d_printf("(%s) could not bind to srvsvc pipe: %s\n",
2002                          __location__, nt_errstr(status));
2003                 talloc_free(tmp_ctx);
2004                 return NULL;
2005         }
2006
2007 #if 0
2008         p->conn->flags |= DCERPC_DEBUG_PRINT_IN | DCERPC_DEBUG_PRINT_OUT;
2009 #endif
2010
2011         r.in.server_unc = talloc_asprintf(tmp_ctx, "\\\\%s",
2012                                           dcerpc_server_name(p));
2013         r.in.share_name = sharename;
2014         r.in.level = 502;
2015
2016         status = dcerpc_srvsvc_NetShareGetInfo(p, tmp_ctx, &r);
2017         if (!NT_STATUS_IS_OK(status)) {
2018                 d_printf("srvsvc_NetShareGetInfo failed: %s\n",
2019                          nt_errstr(status));
2020                 talloc_free(tmp_ctx);
2021                 return NULL;
2022         }
2023
2024         result = talloc_steal(mem_ctx, r.out.info.info502->sd);
2025         talloc_free(tmp_ctx);
2026         return result;
2027 }
2028
2029 static NTSTATUS set_sharesec(TALLOC_CTX *mem_ctx,
2030                              struct smbcli_session *sess,
2031                              const char *sharename,
2032                              struct security_descriptor *sd)
2033 {
2034         struct smbcli_tree *tree;
2035         TALLOC_CTX *tmp_ctx;
2036         struct dcerpc_pipe *p;
2037         NTSTATUS status;
2038         struct sec_desc_buf i;
2039         struct srvsvc_NetShareSetInfo r;
2040         uint32_t error = 0;
2041
2042         if (!(tmp_ctx = talloc_new(mem_ctx))) {
2043                 d_printf("talloc_new failed\n");
2044                 return NT_STATUS_NO_MEMORY;
2045         }
2046
2047         if (!NT_STATUS_IS_OK(secondary_tcon(tmp_ctx, sess, "IPC$", &tree))) {
2048                 d_printf("secondary_tcon failed\n");
2049                 talloc_free(tmp_ctx);
2050                 return NT_STATUS_UNSUCCESSFUL;
2051         }
2052
2053         status = pipe_bind_smb(mem_ctx, tree, "\\pipe\\srvsvc",
2054                                &ndr_table_srvsvc, &p);
2055         if (!NT_STATUS_IS_OK(status)) {
2056                 d_printf("(%s) could not bind to srvsvc pipe: %s\n",
2057                          __location__, nt_errstr(status));
2058                 talloc_free(tmp_ctx);
2059                 return NT_STATUS_UNSUCCESSFUL;
2060         }
2061
2062 #if 0
2063         p->conn->flags |= DCERPC_DEBUG_PRINT_IN | DCERPC_DEBUG_PRINT_OUT;
2064 #endif
2065
2066         r.in.server_unc = talloc_asprintf(tmp_ctx, "\\\\%s",
2067                                           dcerpc_server_name(p));
2068         r.in.share_name = sharename;
2069         r.in.level = 1501;
2070         i.sd = sd;
2071         r.in.info.info1501 = &i;
2072         r.in.parm_error = &error;
2073
2074         status = dcerpc_srvsvc_NetShareSetInfo(p, tmp_ctx, &r);
2075         if (!NT_STATUS_IS_OK(status)) {
2076                 d_printf("srvsvc_NetShareGetInfo failed: %s\n",
2077                          nt_errstr(status));
2078         }
2079
2080         talloc_free(tmp_ctx);
2081         return status;
2082 }
2083
2084 bool try_tcon(TALLOC_CTX *mem_ctx,
2085               struct security_descriptor *orig_sd,
2086               struct smbcli_session *session,
2087               const char *sharename, const struct dom_sid *user_sid,
2088               unsigned int access_mask, NTSTATUS expected_tcon,
2089               NTSTATUS expected_mkdir)
2090 {
2091         TALLOC_CTX *tmp_ctx;
2092         struct smbcli_tree *rmdir_tree, *tree;
2093         struct dom_sid *domain_sid;
2094         uint32_t rid;
2095         struct security_descriptor *sd;
2096         NTSTATUS status;
2097         bool ret = true;
2098
2099         if (!(tmp_ctx = talloc_new(mem_ctx))) {
2100                 d_printf("talloc_new failed\n");
2101                 return false;
2102         }
2103
2104         status = secondary_tcon(tmp_ctx, session, sharename, &rmdir_tree);
2105         if (!NT_STATUS_IS_OK(status)) {
2106                 d_printf("first tcon to delete dir failed\n");
2107                 talloc_free(tmp_ctx);
2108                 return false;
2109         }
2110
2111         smbcli_rmdir(rmdir_tree, "sharesec_testdir");
2112
2113         if (!NT_STATUS_IS_OK(dom_sid_split_rid(tmp_ctx, user_sid,
2114                                                &domain_sid, &rid))) {
2115                 d_printf("dom_sid_split_rid failed\n");
2116                 talloc_free(tmp_ctx);
2117                 return false;
2118         }
2119
2120         sd = security_descriptor_dacl_create(
2121                 tmp_ctx, 0, "S-1-5-32-544",
2122                 dom_sid_string(mem_ctx, dom_sid_add_rid(mem_ctx, domain_sid,
2123                                                         DOMAIN_RID_USERS)),
2124                 dom_sid_string(mem_ctx, user_sid),
2125                 SEC_ACE_TYPE_ACCESS_ALLOWED, access_mask, 0, NULL);
2126         if (sd == NULL) {
2127                 d_printf("security_descriptor_dacl_create failed\n");
2128                 talloc_free(tmp_ctx);
2129                 return false;
2130         }
2131
2132         status = set_sharesec(mem_ctx, session, sharename, sd);
2133         if (!NT_STATUS_IS_OK(status)) {
2134                 d_printf("custom set_sharesec failed: %s\n",
2135                          nt_errstr(status));
2136                 talloc_free(tmp_ctx);
2137                 return false;
2138         }
2139
2140         status = secondary_tcon(tmp_ctx, session, sharename, &tree);
2141         if (!NT_STATUS_EQUAL(status, expected_tcon)) {
2142                 d_printf("Expected %s, got %s\n", nt_errstr(expected_tcon),
2143                          nt_errstr(status));
2144                 ret = false;
2145                 goto done;
2146         }
2147
2148         if (!NT_STATUS_IS_OK(status)) {
2149                 /* An expected non-access, no point in trying to write */
2150                 goto done;
2151         }
2152
2153         status = smbcli_mkdir(tree, "sharesec_testdir");
2154         if (!NT_STATUS_EQUAL(status, expected_mkdir)) {
2155                 d_printf("(%s) Expected %s, got %s\n", __location__,
2156                          nt_errstr(expected_mkdir), nt_errstr(status));
2157                 ret = false;
2158         }
2159
2160  done:
2161         smbcli_rmdir(rmdir_tree, "sharesec_testdir");
2162
2163         status = set_sharesec(mem_ctx, session, sharename, orig_sd);
2164         if (!NT_STATUS_IS_OK(status)) {
2165                 d_printf("custom set_sharesec failed: %s\n",
2166                          nt_errstr(status));
2167                 talloc_free(tmp_ctx);
2168                 return false;
2169         }
2170
2171         talloc_free(tmp_ctx);
2172         return ret;
2173 }
2174
2175 bool torture_samba3_rpc_sharesec(struct torture_context *torture)
2176 {
2177         TALLOC_CTX *mem_ctx;
2178         bool ret = true;
2179         struct smbcli_state *cli;
2180         struct security_descriptor *sd;
2181         struct dom_sid *user_sid;
2182
2183         if (!(mem_ctx = talloc_new(torture))) {
2184                 return false;
2185         }
2186
2187         if (!(torture_open_connection_share(
2188                       mem_ctx, &cli, torture, torture_setting_string(torture, "host", NULL),
2189                       "IPC$", NULL))) {
2190                 d_printf("IPC$ connection failed\n");
2191                 talloc_free(mem_ctx);
2192                 return false;
2193         }
2194
2195         if (!(user_sid = whoami(mem_ctx, cli->tree))) {
2196                 d_printf("whoami failed\n");
2197                 talloc_free(mem_ctx);
2198                 return false;
2199         }
2200
2201         sd = get_sharesec(mem_ctx, cli->session, torture_setting_string(torture,
2202                                                                 "share", NULL));
2203
2204         ret &= try_tcon(mem_ctx, sd, cli->session,
2205                         torture_setting_string(torture, "share", NULL),
2206                         user_sid, 0, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK);
2207
2208         ret &= try_tcon(mem_ctx, sd, cli->session,
2209                         torture_setting_string(torture, "share", NULL),
2210                         user_sid, SEC_FILE_READ_DATA, NT_STATUS_OK,
2211                         NT_STATUS_MEDIA_WRITE_PROTECTED);
2212
2213         ret &= try_tcon(mem_ctx, sd, cli->session,
2214                         torture_setting_string(torture, "share", NULL),
2215                         user_sid, SEC_FILE_ALL, NT_STATUS_OK, NT_STATUS_OK);
2216
2217         talloc_free(mem_ctx);
2218         return ret;
2219 }
2220
2221 bool torture_samba3_rpc_lsa(struct torture_context *torture)
2222 {
2223         TALLOC_CTX *mem_ctx;
2224         bool ret = true;
2225         struct smbcli_state *cli;
2226         struct dcerpc_pipe *p;
2227         struct policy_handle lsa_handle;
2228         NTSTATUS status;
2229         struct dom_sid *domain_sid;
2230
2231         if (!(mem_ctx = talloc_new(torture))) {
2232                 return false;
2233         }
2234
2235         if (!(torture_open_connection_share(
2236                       mem_ctx, &cli, torture, torture_setting_string(torture, "host", NULL),
2237                       "IPC$", NULL))) {
2238                 d_printf("IPC$ connection failed\n");
2239                 talloc_free(mem_ctx);
2240                 return false;
2241         }
2242
2243         status = pipe_bind_smb(mem_ctx, cli->tree, "\\lsarpc",
2244                                &ndr_table_lsarpc, &p);
2245         if (!NT_STATUS_IS_OK(status)) {
2246                 d_printf("(%s) pipe_bind_smb failed: %s\n", __location__,
2247                          nt_errstr(status));
2248                 talloc_free(mem_ctx);
2249                 return false;
2250         }
2251
2252         {
2253                 struct lsa_ObjectAttribute attr;
2254                 struct lsa_OpenPolicy2 o;
2255                 o.in.system_name = talloc_asprintf(
2256                         mem_ctx, "\\\\%s", dcerpc_server_name(p));
2257                 ZERO_STRUCT(attr);
2258                 o.in.attr = &attr;
2259                 o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
2260                 o.out.handle = &lsa_handle;
2261                 status = dcerpc_lsa_OpenPolicy2(p, mem_ctx, &o);
2262                 if (!NT_STATUS_IS_OK(status)) {
2263                         d_printf("(%s) dcerpc_lsa_OpenPolicy2 failed: %s\n",
2264                                  __location__, nt_errstr(status));
2265                         talloc_free(mem_ctx);
2266                         return false;
2267                 }
2268         }
2269
2270 #if 0
2271         p->conn->flags |= DCERPC_DEBUG_PRINT_IN | DCERPC_DEBUG_PRINT_OUT;
2272 #endif
2273
2274         {
2275                 int i;
2276                 int levels[] = { 2,3,5,6 };
2277
2278                 for (i=0; i<ARRAY_SIZE(levels); i++) {
2279                         struct lsa_QueryInfoPolicy r;
2280                         r.in.handle = &lsa_handle;
2281                         r.in.level = levels[i];
2282                         status = dcerpc_lsa_QueryInfoPolicy(p, mem_ctx, &r);
2283                         if (!NT_STATUS_IS_OK(status)) {
2284                                 d_printf("(%s) dcerpc_lsa_QueryInfoPolicy %d "
2285                                          "failed: %s\n", __location__,
2286                                          levels[i], nt_errstr(status));
2287                                 talloc_free(mem_ctx);
2288                                 return false;
2289                         }
2290                         if (levels[i] == 5) {
2291                                 domain_sid = r.out.info->account_domain.sid;
2292                         }
2293                 }
2294         }
2295
2296         return ret;
2297 }
2298
2299 static NTSTATUS get_servername(TALLOC_CTX *mem_ctx, struct smbcli_tree *tree,
2300                                char **name)
2301 {
2302         struct rap_WserverGetInfo r;
2303         NTSTATUS status;
2304         char servername[17];
2305
2306         r.in.level = 0;
2307         r.in.bufsize = 0xffff;
2308
2309         status = smbcli_rap_netservergetinfo(tree, mem_ctx, &r);
2310         if (!NT_STATUS_IS_OK(status)) {
2311                 return status;
2312         }
2313
2314         memcpy(servername, r.out.info.info0.name, 16);
2315         servername[16] = '\0';
2316
2317         if (pull_ascii_talloc(mem_ctx, global_smb_iconv_convenience, 
2318                               name, servername) < 0) {
2319                 return NT_STATUS_NO_MEMORY;
2320         }
2321
2322         return NT_STATUS_OK;
2323 }
2324
2325
2326 static NTSTATUS find_printers(TALLOC_CTX *ctx, struct smbcli_tree *tree,
2327                               const char ***printers, int *num_printers)
2328 {
2329         TALLOC_CTX *mem_ctx;
2330         NTSTATUS status;
2331         struct dcerpc_pipe *p;
2332         struct srvsvc_NetShareEnum r;
2333         struct srvsvc_NetShareCtr1 c1_in;
2334         struct srvsvc_NetShareCtr1 *c1;
2335         int i;
2336
2337         mem_ctx = talloc_new(ctx);
2338         if (mem_ctx == NULL) {
2339                 return NT_STATUS_NO_MEMORY;
2340         }
2341
2342         status = pipe_bind_smb(mem_ctx, tree, "\\srvsvc", &ndr_table_srvsvc,
2343                                &p);
2344         if (!NT_STATUS_IS_OK(status)) {
2345                 d_printf("could not bind to srvsvc pipe\n");
2346                 talloc_free(mem_ctx);
2347                 return status;
2348         }
2349
2350         r.in.server_unc = talloc_asprintf(
2351                 mem_ctx, "\\\\%s", dcerpc_server_name(p));
2352         r.in.level = 1;
2353         ZERO_STRUCT(c1_in);
2354         r.in.ctr.ctr1 = &c1_in;
2355         r.in.max_buffer = (uint32_t)-1;
2356         r.in.resume_handle = NULL;
2357
2358         status = dcerpc_srvsvc_NetShareEnum(p, mem_ctx, &r);
2359         if (!NT_STATUS_IS_OK(status)) {
2360                 d_printf("NetShareEnum level %u failed - %s\n",
2361                          r.in.level, nt_errstr(status));
2362                 talloc_free(mem_ctx);
2363                 return status;
2364         }
2365
2366         *printers = NULL;
2367         *num_printers = 0;
2368         c1 = r.out.ctr.ctr1;
2369         for (i=0; i<c1->count; i++) {
2370                 if (c1->array[i].type != STYPE_PRINTQ) {
2371                         continue;
2372                 }
2373                 if (!add_string_to_array(ctx, c1->array[i].name,
2374                                          printers, num_printers)) {
2375                         talloc_free(ctx);
2376                         return NT_STATUS_NO_MEMORY;
2377                 }
2378         }
2379
2380         talloc_free(mem_ctx);
2381         return NT_STATUS_OK;
2382 }
2383
2384 static bool enumprinters(TALLOC_CTX *mem_ctx, struct dcerpc_pipe *pipe,
2385                          const char *servername, int level, int *num_printers)
2386 {
2387         struct spoolss_EnumPrinters r;
2388         NTSTATUS status;
2389         DATA_BLOB blob;
2390
2391         r.in.flags = PRINTER_ENUM_LOCAL;
2392         r.in.server = talloc_asprintf(mem_ctx, "\\\\%s", servername);
2393         r.in.level = level;
2394         r.in.buffer = NULL;
2395         r.in.offered = 0;
2396
2397         status = dcerpc_spoolss_EnumPrinters(pipe, mem_ctx, &r);
2398         if (!NT_STATUS_IS_OK(status)) {
2399                 d_printf("(%s) dcerpc_spoolss_EnumPrinters failed: %s\n",
2400                          __location__, nt_errstr(status));
2401                 return false;
2402         }
2403
2404         if (!W_ERROR_EQUAL(r.out.result, WERR_INSUFFICIENT_BUFFER)) {
2405                 d_printf("(%s) EnumPrinters unexpected return code %s, should "
2406                          "be WERR_INSUFFICIENT_BUFFER\n", __location__,
2407                          win_errstr(r.out.result));
2408                 return false;
2409         }
2410
2411         blob = data_blob_talloc_zero(mem_ctx, r.out.needed);
2412         if (blob.data == NULL) {
2413                 d_printf("(%s) data_blob_talloc failed\n", __location__);
2414                 return false;
2415         }
2416
2417         r.in.buffer = &blob;
2418         r.in.offered = r.out.needed;
2419
2420         status = dcerpc_spoolss_EnumPrinters(pipe, mem_ctx, &r);
2421         if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(r.out.result)) {
2422                 d_printf("(%s) dcerpc_spoolss_EnumPrinters failed: %s, "
2423                          "%s\n", __location__, nt_errstr(status),
2424                          win_errstr(r.out.result));
2425                 return false;
2426         }
2427
2428         *num_printers = r.out.count;
2429
2430         return true;
2431 }
2432
2433 static NTSTATUS getprinterinfo(TALLOC_CTX *ctx, struct dcerpc_pipe *pipe,
2434                                struct policy_handle *handle, int level,
2435                                union spoolss_PrinterInfo **res)
2436 {
2437         TALLOC_CTX *mem_ctx;
2438         struct spoolss_GetPrinter r;
2439         DATA_BLOB blob;
2440         NTSTATUS status;
2441
2442         mem_ctx = talloc_new(ctx);
2443         if (mem_ctx == NULL) {
2444                 return NT_STATUS_NO_MEMORY;
2445         }
2446
2447         r.in.handle = handle;
2448         r.in.level = level;
2449         r.in.buffer = NULL;
2450         r.in.offered = 0;
2451
2452         status = dcerpc_spoolss_GetPrinter(pipe, mem_ctx, &r);
2453         if (!NT_STATUS_IS_OK(status)) {
2454                 d_printf("(%s) dcerpc_spoolss_GetPrinter failed: %s\n",
2455                          __location__, nt_errstr(status));
2456                 talloc_free(mem_ctx);
2457                 return status;
2458         }
2459
2460         if (!W_ERROR_EQUAL(r.out.result, WERR_INSUFFICIENT_BUFFER)) {
2461                 printf("GetPrinter unexpected return code %s, should "
2462                        "be WERR_INSUFFICIENT_BUFFER\n",
2463                        win_errstr(r.out.result));
2464                 talloc_free(mem_ctx);
2465                 return NT_STATUS_UNSUCCESSFUL;
2466         }
2467
2468         r.in.handle = handle;
2469         r.in.level = level;
2470         blob = data_blob_talloc(mem_ctx, NULL, r.out.needed);
2471         if (blob.data == NULL) {
2472                 talloc_free(mem_ctx);
2473                 return NT_STATUS_NO_MEMORY;
2474         }
2475         memset(blob.data, 0, blob.length);
2476         r.in.buffer = &blob;
2477         r.in.offered = r.out.needed;
2478
2479         status = dcerpc_spoolss_GetPrinter(pipe, mem_ctx, &r);
2480         if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(r.out.result)) {
2481                 d_printf("(%s) dcerpc_spoolss_GetPrinter failed: %s, "
2482                          "%s\n", __location__, nt_errstr(status),
2483                          win_errstr(r.out.result));
2484                 talloc_free(mem_ctx);
2485                 return NT_STATUS_IS_OK(status) ?
2486                         NT_STATUS_UNSUCCESSFUL : status;
2487         }
2488
2489         if (res != NULL) {
2490                 *res = talloc_steal(ctx, r.out.info);
2491         }
2492
2493         talloc_free(mem_ctx);
2494         return NT_STATUS_OK;
2495 }
2496
2497 bool torture_samba3_rpc_spoolss(struct torture_context *torture)
2498 {
2499         TALLOC_CTX *mem_ctx;
2500         bool ret = true;
2501         struct smbcli_state *cli;
2502         struct dcerpc_pipe *p;
2503         NTSTATUS status;
2504         struct policy_handle server_handle, printer_handle;
2505         const char **printers;
2506         int num_printers;
2507         struct spoolss_UserLevel1 userlevel1;
2508         char *servername;
2509
2510         if (!(mem_ctx = talloc_new(torture))) {
2511                 return false;
2512         }
2513
2514         if (!(torture_open_connection_share(
2515                       mem_ctx, &cli, torture, torture_setting_string(torture, "host", NULL),
2516                       "IPC$", NULL))) {
2517                 d_printf("IPC$ connection failed\n");
2518                 talloc_free(mem_ctx);
2519                 return false;
2520         }
2521
2522         status = get_servername(mem_ctx, cli->tree, &servername);
2523         if (!NT_STATUS_IS_OK(status)) {
2524                 d_fprintf(stderr, "(%s) get_servername returned %s\n",
2525                           __location__, nt_errstr(status));
2526                 talloc_free(mem_ctx);
2527                 return false;
2528         }
2529
2530         if (!NT_STATUS_IS_OK(find_printers(mem_ctx, cli->tree,
2531                                            &printers, &num_printers))) {
2532                 talloc_free(mem_ctx);
2533                 return false;
2534         }
2535
2536         if (num_printers == 0) {
2537                 d_printf("Did not find printers\n");
2538                 talloc_free(mem_ctx);
2539                 return true;
2540         }
2541
2542         status = pipe_bind_smb(mem_ctx, cli->tree, "\\spoolss",
2543                                &ndr_table_spoolss, &p);
2544         if (!NT_STATUS_IS_OK(status)) {
2545                 d_printf("(%s) pipe_bind_smb failed: %s\n", __location__,
2546                          nt_errstr(status));
2547                 talloc_free(mem_ctx);
2548                 return false;
2549         }
2550
2551         ZERO_STRUCT(userlevel1);
2552         userlevel1.client = talloc_asprintf(
2553                 mem_ctx, "\\\\%s", lp_netbios_name(torture->lp_ctx));
2554         userlevel1.user = cli_credentials_get_username(cmdline_credentials);
2555         userlevel1.build = 2600;
2556         userlevel1.major = 3;
2557         userlevel1.minor = 0;
2558         userlevel1.processor = 0;
2559
2560         {
2561                 struct spoolss_OpenPrinterEx r;
2562
2563                 ZERO_STRUCT(r);
2564                 r.in.printername = talloc_asprintf(mem_ctx, "\\\\%s",
2565                                                    servername);
2566                 r.in.datatype = NULL;
2567                 r.in.access_mask = 0;
2568                 r.in.level = 1;
2569                 r.in.userlevel.level1 = &userlevel1;
2570                 r.out.handle = &server_handle;
2571
2572                 status = dcerpc_spoolss_OpenPrinterEx(p, mem_ctx, &r);
2573                 if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(r.out.result)) {
2574                         d_printf("(%s) dcerpc_spoolss_OpenPrinterEx failed: "
2575                                  "%s, %s\n", __location__, nt_errstr(status),
2576                                  win_errstr(r.out.result));
2577                         talloc_free(mem_ctx);
2578                         return false;
2579                 }
2580         }
2581
2582         {
2583                 struct spoolss_ClosePrinter r;
2584
2585                 r.in.handle = &server_handle;
2586                 r.out.handle = &server_handle;
2587
2588                 status = dcerpc_spoolss_ClosePrinter(p, mem_ctx, &r);
2589                 if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(r.out.result)) {
2590                         d_printf("(%s) dcerpc_spoolss_ClosePrinter failed: "
2591                                  "%s, %s\n", __location__, nt_errstr(status),
2592                                  win_errstr(r.out.result));
2593                         talloc_free(mem_ctx);
2594                         return false;
2595                 }
2596         }
2597
2598         {
2599                 struct spoolss_OpenPrinterEx r;
2600
2601                 ZERO_STRUCT(r);
2602                 r.in.printername = talloc_asprintf(
2603                         mem_ctx, "\\\\%s\\%s", servername, printers[0]);
2604                 r.in.datatype = NULL;
2605                 r.in.access_mask = 0;
2606                 r.in.level = 1;
2607                 r.in.userlevel.level1 = &userlevel1;
2608                 r.out.handle = &printer_handle;
2609
2610                 status = dcerpc_spoolss_OpenPrinterEx(p, mem_ctx, &r);
2611                 if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(r.out.result)) {
2612                         d_printf("(%s) dcerpc_spoolss_OpenPrinterEx failed: "
2613                                  "%s, %s\n", __location__, nt_errstr(status),
2614                                  win_errstr(r.out.result));
2615                         talloc_free(mem_ctx);
2616                         return false;
2617                 }
2618         }
2619
2620         {
2621                 int i;
2622
2623                 for (i=0; i<8; i++) {
2624                         status = getprinterinfo(mem_ctx, p, &printer_handle,
2625                                                 i, NULL);
2626                         if (!NT_STATUS_IS_OK(status)) {
2627                                 d_printf("(%s) getprinterinfo %d failed: %s\n",
2628                                          __location__, i, nt_errstr(status));
2629                                 ret = false;
2630                         }
2631                 }
2632         }
2633
2634         {
2635                 struct spoolss_ClosePrinter r;
2636
2637                 r.in.handle = &printer_handle;
2638                 r.out.handle = &printer_handle;
2639
2640                 status = dcerpc_spoolss_ClosePrinter(p, mem_ctx, &r);
2641                 if (!NT_STATUS_IS_OK(status)) {
2642                         d_printf("(%s) dcerpc_spoolss_ClosePrinter failed: "
2643                                  "%s\n", __location__, nt_errstr(status));
2644                         talloc_free(mem_ctx);
2645                         return false;
2646                 }
2647         }
2648
2649         {
2650                 int num_enumerated;
2651                 if (!enumprinters(mem_ctx, p, servername, 1,
2652                                   &num_enumerated)) {
2653                         d_printf("(%s) enumprinters failed\n", __location__);
2654                         talloc_free(mem_ctx);
2655                         return false;
2656                 }
2657                 if (num_printers != num_enumerated) {
2658                         d_printf("(%s) netshareenum gave %d printers, "
2659                                  "enumprinters lvl 1 gave %d\n", __location__,
2660                                  num_printers, num_enumerated);
2661                         talloc_free(mem_ctx);
2662                         return false;
2663                 }
2664         }
2665
2666         {
2667                 int num_enumerated;
2668                 if (!enumprinters(mem_ctx, p, servername, 2,
2669                                   &num_enumerated)) {
2670                         d_printf("(%s) enumprinters failed\n", __location__);
2671                         talloc_free(mem_ctx);
2672                         return false;
2673                 }
2674                 if (num_printers != num_enumerated) {
2675                         d_printf("(%s) netshareenum gave %d printers, "
2676                                  "enumprinters lvl 2 gave %d\n", __location__,
2677                                  num_printers, num_enumerated);
2678                         talloc_free(mem_ctx);
2679                         return false;
2680                 }
2681         }
2682
2683         talloc_free(mem_ctx);
2684
2685         return ret;
2686 }
2687
2688 bool torture_samba3_rpc_wkssvc(struct torture_context *torture)
2689 {
2690         TALLOC_CTX *mem_ctx;
2691         struct smbcli_state *cli;
2692         struct dcerpc_pipe *p;
2693         NTSTATUS status;
2694         char *servername;
2695
2696         if (!(mem_ctx = talloc_new(torture))) {
2697                 return false;
2698         }
2699
2700         if (!(torture_open_connection_share(
2701                       mem_ctx, &cli, torture, torture_setting_string(torture, "host", NULL),
2702                       "IPC$", NULL))) {
2703                 d_printf("IPC$ connection failed\n");
2704                 talloc_free(mem_ctx);
2705                 return false;
2706         }
2707
2708         status = get_servername(mem_ctx, cli->tree, &servername);
2709         if (!NT_STATUS_IS_OK(status)) {
2710                 d_fprintf(stderr, "(%s) get_servername returned %s\n",
2711                           __location__, nt_errstr(status));
2712                 talloc_free(mem_ctx);
2713                 return false;
2714         }
2715
2716         status = pipe_bind_smb(mem_ctx, cli->tree, "\\wkssvc",
2717                                &ndr_table_wkssvc, &p);
2718         if (!NT_STATUS_IS_OK(status)) {
2719                 d_printf("(%s) pipe_bind_smb failed: %s\n", __location__,
2720                          nt_errstr(status));
2721                 talloc_free(mem_ctx);
2722                 return false;
2723         }
2724
2725         {
2726                 struct wkssvc_NetWkstaInfo100 wks100;
2727                 union wkssvc_NetWkstaInfo info;
2728                 struct wkssvc_NetWkstaGetInfo r;
2729
2730                 r.in.server_name = "\\foo";
2731                 r.in.level = 100;
2732                 info.info100 = &wks100;
2733                 r.out.info = &info;
2734
2735                 status = dcerpc_wkssvc_NetWkstaGetInfo(p, mem_ctx, &r);
2736                 if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(r.out.result)) {
2737                         d_printf("(%s) dcerpc_wkssvc_NetWksGetInfo failed: "
2738                                  "%s, %s\n", __location__, nt_errstr(status),
2739                                  win_errstr(r.out.result));
2740                         talloc_free(mem_ctx);
2741                         return false;
2742                 }
2743
2744                 if (strcmp(servername,
2745                            r.out.info->info100->server_name) != 0) {
2746                         d_printf("(%s) servername inconsistency: RAP=%s, "
2747                                  "dcerpc_wkssvc_NetWksGetInfo=%s",
2748                                  __location__, servername,
2749                                  r.out.info->info100->server_name);
2750                         talloc_free(mem_ctx);
2751                         return false;
2752                 }
2753         }
2754
2755         talloc_free(mem_ctx);
2756         return true;
2757 }
2758
2759 static NTSTATUS winreg_close(struct dcerpc_pipe *p,
2760                              struct policy_handle *handle)
2761 {
2762         struct winreg_CloseKey c;
2763         NTSTATUS status;
2764         TALLOC_CTX *mem_ctx;
2765
2766         c.in.handle = c.out.handle = handle;
2767
2768         if (!(mem_ctx = talloc_new(p))) {
2769                 return NT_STATUS_NO_MEMORY;
2770         }
2771
2772         status = dcerpc_winreg_CloseKey(p, mem_ctx, &c);
2773         talloc_free(mem_ctx);
2774
2775         if (!NT_STATUS_IS_OK(status)) {
2776                 return status;
2777         }
2778
2779         if (!W_ERROR_IS_OK(c.out.result)) {
2780                 return werror_to_ntstatus(c.out.result);
2781         }
2782
2783         return NT_STATUS_OK;
2784 }
2785
2786 static NTSTATUS enumvalues(struct dcerpc_pipe *p, struct policy_handle *handle,
2787                            TALLOC_CTX *mem_ctx)
2788 {
2789         uint32_t enum_index = 0;
2790
2791         while (1) {
2792                 struct winreg_EnumValue r;
2793                 struct winreg_StringBuf name;
2794                 enum winreg_Type type = 0;
2795                 uint8_t buf8[1024];
2796                 NTSTATUS status;
2797                 uint32_t size, length;
2798                 
2799                 r.in.handle = handle;
2800                 r.in.enum_index = enum_index;
2801                 name.name = "";
2802                 name.size = 1024;
2803                 r.in.name = r.out.name = &name;
2804                 size = 1024;
2805                 length = 5;
2806                 r.in.type = &type;
2807                 r.in.value = buf8;
2808                 r.in.size = &size;
2809                 r.in.length = &length;
2810
2811                 status = dcerpc_winreg_EnumValue(p, mem_ctx, &r);
2812                 if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(r.out.result)) {
2813                         return NT_STATUS_OK;
2814                 }
2815                 enum_index += 1;
2816         }
2817 }
2818
2819 static NTSTATUS enumkeys(struct dcerpc_pipe *p, struct policy_handle *handle, 
2820                          TALLOC_CTX *mem_ctx, int depth)
2821 {
2822         struct winreg_EnumKey r;
2823         struct winreg_StringBuf class, name;
2824         NTSTATUS status;
2825         NTTIME t = 0;
2826
2827         if (depth <= 0) {
2828                 return NT_STATUS_OK;
2829         }
2830
2831         class.name   = "";
2832         class.size   = 1024;
2833
2834         r.in.handle = handle;
2835         r.in.enum_index = 0;
2836         r.in.name = &name;
2837         r.in.keyclass = &class;
2838         r.out.name = &name;
2839         r.in.last_changed_time = &t;
2840
2841         do {
2842                 TALLOC_CTX *tmp_ctx;
2843                 struct winreg_OpenKey o;
2844                 struct policy_handle key_handle;
2845                 int i;
2846
2847                 if (!(tmp_ctx = talloc_new(mem_ctx))) {
2848                         return NT_STATUS_NO_MEMORY;
2849                 }
2850
2851                 name.name = NULL;
2852                 name.size = 1024;
2853
2854                 status = dcerpc_winreg_EnumKey(p, tmp_ctx, &r);
2855                 if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(r.out.result)) {
2856                         /* We're done enumerating */
2857                         talloc_free(tmp_ctx);
2858                         return NT_STATUS_OK;
2859                 }
2860
2861                 for (i=0; i<10-depth; i++)
2862                         printf(" ");
2863                 printf("%s\n", r.out.name->name);
2864                         
2865
2866                 o.in.parent_handle = handle;
2867                 o.in.keyname.name = r.out.name->name;
2868                 o.in.unknown = 0;
2869                 o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
2870                 o.out.handle = &key_handle;
2871
2872                 status = dcerpc_winreg_OpenKey(p, tmp_ctx, &o);
2873                 if (NT_STATUS_IS_OK(status) && W_ERROR_IS_OK(o.out.result)) {
2874                         enumkeys(p, &key_handle, tmp_ctx, depth-1);
2875                         enumvalues(p, &key_handle, tmp_ctx);
2876                         status = winreg_close(p, &key_handle);
2877                         if (!NT_STATUS_IS_OK(status)) {
2878                                 return status;
2879                         }
2880                 }
2881
2882                 talloc_free(tmp_ctx);
2883
2884                 r.in.enum_index += 1;
2885         } while(true);
2886
2887         return NT_STATUS_OK;
2888 }
2889
2890 typedef NTSTATUS (*winreg_open_fn)(struct dcerpc_pipe *, TALLOC_CTX *, void *);
2891
2892 static bool test_Open3(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, 
2893                        const char *name, winreg_open_fn open_fn)
2894 {
2895         struct policy_handle handle;
2896         struct winreg_OpenHKLM r;
2897         NTSTATUS status;
2898
2899         r.in.system_name = 0;
2900         r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
2901         r.out.handle = &handle;
2902         
2903         status = open_fn(p, mem_ctx, &r);
2904         if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(r.out.result)) {
2905                 d_printf("(%s) %s failed: %s, %s\n", __location__, name,
2906                          nt_errstr(status), win_errstr(r.out.result));
2907                 return false;
2908         }
2909
2910         enumkeys(p, &handle, mem_ctx, 4);
2911
2912         status = winreg_close(p, &handle);
2913         if (!NT_STATUS_IS_OK(status)) {
2914                 d_printf("(%s) dcerpc_CloseKey failed: %s\n",
2915                          __location__, nt_errstr(status));
2916                 return false;
2917         }
2918
2919         return true;
2920 }
2921
2922 bool torture_samba3_rpc_winreg(struct torture_context *torture)
2923 {
2924         NTSTATUS status;
2925         struct dcerpc_pipe *p;
2926         TALLOC_CTX *mem_ctx;
2927         bool ret = true;
2928         struct {
2929                 const char *name;
2930                 winreg_open_fn fn;
2931         } open_fns[] = {
2932                 {"OpenHKLM", (winreg_open_fn)dcerpc_winreg_OpenHKLM },
2933                 {"OpenHKU",  (winreg_open_fn)dcerpc_winreg_OpenHKU },
2934                 {"OpenHKPD", (winreg_open_fn)dcerpc_winreg_OpenHKPD },
2935                 {"OpenHKPT", (winreg_open_fn)dcerpc_winreg_OpenHKPT },
2936                 {"OpenHKCR", (winreg_open_fn)dcerpc_winreg_OpenHKCR }};
2937 #if 0
2938         int i;
2939 #endif
2940
2941         mem_ctx = talloc_init("torture_rpc_winreg");
2942
2943         status = torture_rpc_connection(torture, &p, &ndr_table_winreg);
2944
2945         if (!NT_STATUS_IS_OK(status)) {
2946                 talloc_free(mem_ctx);
2947                 return false;
2948         }
2949
2950 #if 1
2951         ret = test_Open3(p, mem_ctx, open_fns[0].name, open_fns[0].fn);
2952 #else
2953         for (i = 0; i < ARRAY_SIZE(open_fns); i++) {
2954                 if (!test_Open3(p, mem_ctx, open_fns[i].name, open_fns[i].fn))
2955                         ret = false;
2956         }
2957 #endif
2958
2959         talloc_free(mem_ctx);
2960
2961         return ret;
2962 }
2963
2964 static NTSTATUS get_shareinfo(TALLOC_CTX *mem_ctx,
2965                               struct smbcli_state *cli,
2966                               const char *share,
2967                               struct srvsvc_NetShareInfo502 **info)
2968 {
2969         struct smbcli_tree *ipc;
2970         struct dcerpc_pipe *p;
2971         struct srvsvc_NetShareGetInfo r;
2972         NTSTATUS status;
2973
2974         if (!(p = dcerpc_pipe_init(cli,
2975                                    cli->transport->socket->event.ctx))) {
2976                 status = NT_STATUS_NO_MEMORY;
2977                 goto fail;
2978         }
2979
2980         status = secondary_tcon(p, cli->session, "IPC$", &ipc);
2981         if (!NT_STATUS_IS_OK(status)) {
2982                 goto fail;
2983         }
2984
2985         status = dcerpc_pipe_open_smb(p, ipc, "\\pipe\\srvsvc");
2986         if (!NT_STATUS_IS_OK(status)) {
2987                 d_printf("dcerpc_pipe_open_smb failed: %s\n",
2988                          nt_errstr(status));
2989                 goto fail;
2990         }
2991
2992         status = dcerpc_bind_auth_none(p, &ndr_table_srvsvc);
2993         if (!NT_STATUS_IS_OK(status)) {
2994                 d_printf("dcerpc_bind_auth_none failed: %s\n",
2995                          nt_errstr(status));
2996                 goto fail;
2997         }
2998
2999         r.in.server_unc = talloc_asprintf(mem_ctx, "\\\\%s",
3000                                           dcerpc_server_name(p));
3001         r.in.share_name = share;
3002         r.in.level = 502;
3003
3004         status = dcerpc_srvsvc_NetShareGetInfo(p, p, &r);
3005         if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(r.out.result)) {
3006                 d_printf("(%s) OpenHKLM failed: %s, %s\n", __location__,
3007                          nt_errstr(status), win_errstr(r.out.result));
3008                 goto fail;
3009         }
3010
3011         *info = talloc_move(mem_ctx, &r.out.info.info502);
3012         return NT_STATUS_OK;
3013
3014  fail:
3015         talloc_free(p);
3016         return status;
3017 }
3018
3019 /*
3020  * Get us a handle on HKLM\
3021  */
3022
3023 static NTSTATUS get_hklm_handle(TALLOC_CTX *mem_ctx,
3024                                 struct smbcli_state *cli,
3025                                 struct dcerpc_pipe **pipe_p,
3026                                 struct policy_handle **handle)
3027 {
3028         struct smbcli_tree *ipc;
3029         struct dcerpc_pipe *p;
3030         struct winreg_OpenHKLM r;
3031         NTSTATUS status;
3032         struct policy_handle *result;
3033
3034         result = talloc(mem_ctx, struct policy_handle);
3035
3036         if (result == NULL) {
3037                 return NT_STATUS_NO_MEMORY;
3038         }
3039
3040         if (!(p = dcerpc_pipe_init(result,
3041                                    cli->transport->socket->event.ctx))) {
3042                 status = NT_STATUS_NO_MEMORY;
3043                 goto fail;
3044         }
3045
3046         status = secondary_tcon(p, cli->session, "IPC$", &ipc);
3047         if (!NT_STATUS_IS_OK(status)) {
3048                 goto fail;
3049         }
3050
3051         status = dcerpc_pipe_open_smb(p, ipc, "\\winreg");
3052         if (!NT_STATUS_IS_OK(status)) {
3053                 d_printf("dcerpc_pipe_open_smb failed: %s\n",
3054                          nt_errstr(status));
3055                 goto fail;
3056         }
3057
3058         status = dcerpc_bind_auth_none(p, &ndr_table_winreg);
3059         if (!NT_STATUS_IS_OK(status)) {
3060                 d_printf("dcerpc_bind_auth_none failed: %s\n",
3061                          nt_errstr(status));
3062                 goto fail;
3063         }
3064
3065         r.in.system_name = 0;
3066         r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
3067         r.out.handle = result;
3068
3069         status = dcerpc_winreg_OpenHKLM(p, p, &r);
3070         if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(r.out.result)) {
3071                 d_printf("(%s) OpenHKLM failed: %s, %s\n", __location__,
3072                          nt_errstr(status), win_errstr(r.out.result));
3073                 goto fail;
3074         }
3075
3076         *pipe_p = p;
3077         *handle = result;
3078         return NT_STATUS_OK;
3079
3080  fail:
3081         talloc_free(result);
3082         return status;
3083 }
3084
3085 static NTSTATUS torture_samba3_createshare(struct smbcli_state *cli,
3086                                            const char *sharename)
3087 {
3088         struct dcerpc_pipe *p;
3089         struct policy_handle *hklm = NULL;
3090         struct policy_handle new_handle;
3091         struct winreg_CreateKey c;
3092         struct winreg_CloseKey cl;
3093         enum winreg_CreateAction action_taken;
3094         NTSTATUS status;
3095         TALLOC_CTX *mem_ctx;
3096
3097         mem_ctx = talloc_new(cli);
3098         NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
3099
3100         status = get_hklm_handle(mem_ctx, cli, &p, &hklm);
3101         if (!NT_STATUS_IS_OK(status)) {
3102                 d_printf("get_hklm_handle failed: %s\n", nt_errstr(status));
3103                 goto fail;
3104         }
3105
3106         c.in.handle = hklm;
3107         c.in.name.name = talloc_asprintf(
3108                 mem_ctx, "software\\samba\\smbconf\\%s", sharename);
3109         if (c.in.name.name == NULL) {
3110                 d_printf("talloc_asprintf failed\n");
3111                 status = NT_STATUS_NO_MEMORY;
3112                 goto fail;
3113         }
3114         c.in.keyclass.name = "";
3115         c.in.options = 0;
3116         c.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
3117         c.in.secdesc = NULL;
3118         c.in.action_taken = &action_taken;
3119         c.out.new_handle = &new_handle;
3120         c.out.action_taken = &action_taken;
3121
3122         status = dcerpc_winreg_CreateKey(p, p, &c);
3123         if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(c.out.result)) {
3124                 d_printf("(%s) OpenKey failed: %s, %s\n", __location__,
3125                          nt_errstr(status), win_errstr(c.out.result));
3126                 goto fail;
3127         }
3128
3129         cl.in.handle = &new_handle;
3130         cl.out.handle = &new_handle;
3131         status = dcerpc_winreg_CloseKey(p, p, &cl);
3132         if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(cl.out.result)) {
3133                 d_printf("(%s) OpenKey failed: %s, %s\n", __location__,
3134                          nt_errstr(status), win_errstr(cl.out.result));
3135                 goto fail;
3136         }
3137
3138
3139  fail:
3140         talloc_free(mem_ctx);
3141         return status;
3142 }
3143
3144 static NTSTATUS torture_samba3_deleteshare(struct smbcli_state *cli,
3145                                            const char *sharename)
3146 {
3147         struct dcerpc_pipe *p;
3148         struct policy_handle *hklm = NULL;
3149         struct winreg_DeleteKey d;
3150         NTSTATUS status;
3151         TALLOC_CTX *mem_ctx;
3152
3153         mem_ctx = talloc_new(cli);
3154         NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
3155
3156         status = get_hklm_handle(cli, cli, &p, &hklm);
3157         if (!NT_STATUS_IS_OK(status)) {
3158                 d_printf("get_hklm_handle failed: %s\n", nt_errstr(status));
3159                 goto fail;
3160         }
3161
3162         d.in.handle = hklm;
3163         d.in.key.name = talloc_asprintf(
3164                 mem_ctx, "software\\samba\\smbconf\\%s", sharename);
3165         if (d.in.key.name == NULL) {
3166                 d_printf("talloc_asprintf failed\n");
3167                 status = NT_STATUS_NO_MEMORY;
3168                 goto fail;
3169         }
3170         status = dcerpc_winreg_DeleteKey(p, p, &d);
3171         if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(d.out.result)) {
3172                 d_printf("(%s) OpenKey failed: %s, %s\n", __location__,
3173                          nt_errstr(status), win_errstr(d.out.result));
3174                 goto fail;
3175         }
3176
3177  fail:
3178         talloc_free(mem_ctx);
3179         return status;
3180 }
3181
3182 static NTSTATUS torture_samba3_setconfig(struct smbcli_state *cli,
3183                                          const char *sharename,
3184                                          const char *parameter,
3185                                          const char *value)
3186 {
3187         struct dcerpc_pipe *p = NULL;
3188         struct policy_handle *hklm = NULL, key_handle;
3189         struct winreg_OpenKey o;
3190         struct winreg_SetValue s;
3191         uint32_t type;
3192         DATA_BLOB val;
3193         NTSTATUS status;
3194
3195         status = get_hklm_handle(cli, cli, &p, &hklm);
3196         if (!NT_STATUS_IS_OK(status)) {
3197                 d_printf("get_hklm_handle failed: %s\n", nt_errstr(status));
3198                 return status;;
3199         }
3200
3201         o.in.parent_handle = hklm;
3202         o.in.keyname.name = talloc_asprintf(
3203                 hklm, "software\\samba\\smbconf\\%s", sharename);
3204         if (o.in.keyname.name == NULL) {
3205                 d_printf("talloc_asprintf failed\n");
3206                 status = NT_STATUS_NO_MEMORY;
3207                 goto done;
3208         }
3209         o.in.unknown = 0;
3210         o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
3211         o.out.handle = &key_handle;
3212
3213         status = dcerpc_winreg_OpenKey(p, p, &o);
3214         if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(o.out.result)) {
3215                 d_printf("(%s) OpenKey failed: %s, %s\n", __location__,
3216                          nt_errstr(status), win_errstr(o.out.result));
3217                 goto done;
3218         }
3219
3220         if (!reg_string_to_val(hklm, "REG_SZ", value, &type, &val)) {
3221                 d_printf("(%s) reg_string_to_val failed\n", __location__);
3222                 goto done;
3223         }
3224
3225         s.in.handle = &key_handle;
3226         s.in.name.name = parameter;
3227         s.in.type = type;
3228         s.in.data = val.data;
3229         s.in.size = val.length;
3230
3231         status = dcerpc_winreg_SetValue(p, p, &s);
3232         if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(s.out.result)) {
3233                 d_printf("(%s) SetValue failed: %s, %s\n", __location__,
3234                          nt_errstr(status), win_errstr(s.out.result));
3235                 goto done;
3236         }
3237
3238  done:
3239         talloc_free(hklm);
3240         return status;
3241 }
3242
3243 bool torture_samba3_regconfig(struct torture_context *torture)
3244 {
3245         struct smbcli_state *cli;
3246         struct srvsvc_NetShareInfo502 *i = NULL;
3247         NTSTATUS status;
3248         bool ret = false;
3249         const char *comment = "Dummer Kommentar";
3250
3251         if (!(torture_open_connection(&cli, torture, 0))) {
3252                 return false;
3253         }
3254
3255         status = torture_samba3_createshare(cli, "blubber");
3256         if (!NT_STATUS_IS_OK(status)) {
3257                 torture_warning(torture, "torture_samba3_createshare failed: "
3258                                 "%s\n", nt_errstr(status));
3259                 goto done;
3260         }
3261
3262         status = torture_samba3_setconfig(cli, "blubber", "comment", comment);
3263         if (!NT_STATUS_IS_OK(status)) {
3264                 torture_warning(torture, "torture_samba3_setconfig failed: "
3265                                 "%s\n", nt_errstr(status));
3266                 goto done;
3267         }
3268
3269         status = get_shareinfo(torture, cli, "blubber", &i);
3270         if (!NT_STATUS_IS_OK(status)) {
3271                 torture_warning(torture, "get_shareinfo failed: "
3272                                 "%s\n", nt_errstr(status));
3273                 goto done;
3274         }
3275
3276         if (strcmp(comment, i->comment) != 0) {
3277                 torture_warning(torture, "Expected comment [%s], got [%s]\n",
3278                                 comment, i->comment);
3279                 goto done;
3280         }
3281
3282         status = torture_samba3_deleteshare(cli, "blubber");
3283         if (!NT_STATUS_IS_OK(status)) {
3284                 torture_warning(torture, "torture_samba3_deleteshare failed: "
3285                                 "%s\n", nt_errstr(status));
3286                 goto done;
3287         }
3288
3289         ret = true;
3290  done:
3291         talloc_free(cli);
3292         return ret;
3293 }