2 Unix SMB/CIFS implementation.
4 utility code to join/leave a domain
6 Copyright (C) Andrew Tridgell 2004
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 this code is used by other torture modules to join/leave a domain
25 as either a member, bdc or thru a trust relationship
32 struct dcerpc_pipe *p;
33 const char *machine_password;
34 struct policy_handle acct_handle;
38 static NTSTATUS DeleteUser_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
39 struct policy_handle *handle, const char *name)
42 struct samr_DeleteUser d;
43 struct policy_handle acct_handle;
45 struct samr_LookupNames n;
46 struct samr_Name sname;
47 struct samr_OpenUser r;
55 status = dcerpc_samr_LookupNames(p, mem_ctx, &n);
56 if (NT_STATUS_IS_OK(status)) {
57 rid = n.out.rids.ids[0];
63 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
65 r.out.acct_handle = &acct_handle;
67 status = dcerpc_samr_OpenUser(p, mem_ctx, &r);
68 if (!NT_STATUS_IS_OK(status)) {
69 printf("OpenUser(%s) failed - %s\n", name, nt_errstr(status));
73 d.in.handle = &acct_handle;
74 d.out.handle = &acct_handle;
75 status = dcerpc_samr_DeleteUser(p, mem_ctx, &d);
76 if (!NT_STATUS_IS_OK(status)) {
84 join the domain as a test machine
85 an opaque pointer is returned. Pass it to torture_leave_domain()
88 void *torture_join_domain(const char *machine_name,
91 const char **machine_password)
94 struct samr_Connect c;
95 struct samr_CreateUser2 r;
96 struct samr_OpenDomain o;
97 struct samr_LookupDomain l;
98 struct samr_GetUserPwInfo pwp;
99 struct samr_SetUserInfo s;
100 union samr_UserInfo u;
101 struct policy_handle handle;
102 struct policy_handle domain_handle;
103 uint32_t access_granted;
105 DATA_BLOB session_key;
106 struct samr_Name name;
107 int policy_min_pw_len = 0;
108 struct test_join *join;
111 mem_ctx = talloc_init("torture_join_domain");
116 join = talloc_p(mem_ctx, struct test_join);
118 talloc_destroy(mem_ctx);
124 join->mem_ctx = mem_ctx;
126 printf("Connecting to SAMR\n");
128 status = torture_rpc_connection(&join->p,
131 DCERPC_SAMR_VERSION);
132 if (!NT_STATUS_IS_OK(status)) {
136 c.in.system_name = NULL;
137 c.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
138 c.out.handle = &handle;
140 status = dcerpc_samr_Connect(join->p, mem_ctx, &c);
141 if (!NT_STATUS_IS_OK(status)) {
142 printf("samr_Connect failed - %s\n", nt_errstr(status));
146 printf("Opening domain %s\n", domain);
149 l.in.handle = &handle;
152 status = dcerpc_samr_LookupDomain(join->p, mem_ctx, &l);
153 if (!NT_STATUS_IS_OK(status)) {
154 printf("LookupDomain failed - %s\n", nt_errstr(status));
158 o.in.handle = &handle;
159 o.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
160 o.in.sid = l.out.sid;
161 o.out.domain_handle = &domain_handle;
163 status = dcerpc_samr_OpenDomain(join->p, mem_ctx, &o);
164 if (!NT_STATUS_IS_OK(status)) {
165 printf("OpenDomain failed - %s\n", nt_errstr(status));
169 printf("Creating machine account %s\n", machine_name);
172 name.name = talloc_asprintf(mem_ctx, "%s$", machine_name);
173 r.in.handle = &domain_handle;
174 r.in.account_name = &name;
175 r.in.acct_flags = acct_flags;
176 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
177 r.out.acct_handle = &join->acct_handle;
178 r.out.access_granted = &access_granted;
181 status = dcerpc_samr_CreateUser2(join->p, mem_ctx, &r);
183 if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
184 status = DeleteUser_byname(join->p, mem_ctx, &domain_handle, name.name);
185 if (NT_STATUS_IS_OK(status)) {
190 if (!NT_STATUS_IS_OK(status)) {
191 printf("CreateUser2 failed - %s\n", nt_errstr(status));
195 pwp.in.handle = &join->acct_handle;
197 status = dcerpc_samr_GetUserPwInfo(join->p, mem_ctx, &pwp);
198 if (NT_STATUS_IS_OK(status)) {
199 policy_min_pw_len = pwp.out.info.min_password_len;
202 join->machine_password = generate_random_str(mem_ctx, MAX(8, policy_min_pw_len));
204 printf("Setting machine account password '%s'\n", join->machine_password);
206 s.in.handle = &join->acct_handle;
210 encode_pw_buffer(u.info24.password.data, join->machine_password, STR_UNICODE);
211 u.info24.pw_len = strlen(join->machine_password);
213 status = dcerpc_fetch_session_key(join->p, &session_key);
214 if (!NT_STATUS_IS_OK(status)) {
215 printf("SetUserInfo level %u - no session key - %s\n",
216 s.in.level, nt_errstr(status));
217 torture_leave_domain(&join);
221 arcfour_crypt_blob(u.info24.password.data, 516, &session_key);
223 status = dcerpc_samr_SetUserInfo(join->p, mem_ctx, &s);
224 if (!NT_STATUS_IS_OK(status)) {
225 printf("SetUserInfo failed - %s\n", nt_errstr(status));
229 s.in.handle = &join->acct_handle;
233 u.info16.acct_flags = acct_flags;
235 printf("Resetting ACB flags\n");
237 status = dcerpc_samr_SetUserInfo(join->p, mem_ctx, &s);
238 if (!NT_STATUS_IS_OK(status)) {
239 printf("SetUserInfo failed - %s\n", nt_errstr(status));
243 *machine_password = join->machine_password;
248 torture_leave_domain(join);
254 leave the domain, deleting the machine acct
256 void torture_leave_domain(void *join_ctx)
258 struct test_join *join = join_ctx;
259 struct samr_DeleteUser d;
262 if (!uuid_all_zero(&join->acct_handle.uuid)) {
263 d.in.handle = &join->acct_handle;
264 d.out.handle = &join->acct_handle;
266 status = dcerpc_samr_DeleteUser(join->p, join->mem_ctx, &d);
267 if (!NT_STATUS_IS_OK(status)) {
268 printf("Delete of machine account failed\n");
273 torture_rpc_close(join->p);
276 talloc_destroy(join->mem_ctx);