source4/torture/rpc/samr.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    test suite for samr rpc operations
   4
   5    Copyright (C) Andrew Tridgell 2003
   6    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2003
   7    Copyright (C) Guenther Deschner 2008,2009
   8
   9    This program is free software; you can redistribute it and/or modify
  10    it under the terms of the GNU General Public License as published by
  11    the Free Software Foundation; either version 3 of the License, or
  12    (at your option) any later version.
  13
  14    This program is distributed in the hope that it will be useful,
  15    but WITHOUT ANY WARRANTY; without even the implied warranty of
  16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17    GNU General Public License for more details.
  18
  19    You should have received a copy of the GNU General Public License
  20    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  21 */
  22
  23 #include "includes.h"
  24 #include "torture/torture.h"
  25 #include "system/time.h"
  26 #include "librpc/gen_ndr/lsa.h"
  27 #include "librpc/gen_ndr/ndr_netlogon.h"
  28 #include "librpc/gen_ndr/ndr_netlogon_c.h"
  29 #include "librpc/gen_ndr/ndr_samr_c.h"
  30 #include "librpc/gen_ndr/ndr_lsa_c.h"
  31 #include "../lib/crypto/crypto.h"
  32 #include "libcli/auth/libcli_auth.h"
  33 #include "libcli/security/security.h"
  34 #include "torture/rpc/rpc.h"
  35 #include "param/param.h"
  36
  37 #include <unistd.h>
  38
  39 #define TEST_ACCOUNT_NAME "samrtorturetest"
  40 #define TEST_ACCOUNT_NAME_PWD "samrpwdlastset"
  41 #define TEST_ALIASNAME "samrtorturetestalias"
  42 #define TEST_GROUPNAME "samrtorturetestgroup"
  43 #define TEST_MACHINENAME "samrtestmach$"
  44 #define TEST_DOMAINNAME "samrtestdom$"
  45
  46 enum torture_samr_choice {
  47         TORTURE_SAMR_PASSWORDS,
  48         TORTURE_SAMR_PASSWORDS_PWDLASTSET,
  49         TORTURE_SAMR_USER_ATTRIBUTES,
  50         TORTURE_SAMR_USER_PRIVILEGES,
  51         TORTURE_SAMR_OTHER,
  52         TORTURE_SAMR_MANY_ACCOUNTS,
  53         TORTURE_SAMR_MANY_GROUPS,
  54         TORTURE_SAMR_MANY_ALIASES
  55 };
  56
  57 static bool test_QueryUserInfo(struct dcerpc_pipe *p,
  58                                struct torture_context *tctx,
  59                                struct policy_handle *handle);
  60
  61 static bool test_QueryUserInfo2(struct dcerpc_pipe *p,
  62                                 struct torture_context *tctx,
  63                                 struct policy_handle *handle);
  64
  65 static bool test_QueryAliasInfo(struct dcerpc_pipe *p,
  66                                 struct torture_context *tctx,
  67                                 struct policy_handle *handle);
  68
  69 static bool test_ChangePassword(struct dcerpc_pipe *p,
  70                                 struct torture_context *tctx,
  71                                 const char *acct_name,
  72                                 struct policy_handle *domain_handle, char **password);
  73
  74 static void init_lsa_String(struct lsa_String *string, const char *s)
  75 {
  76         string->string = s;
  77 }
  78
  79 static void init_lsa_StringLarge(struct lsa_StringLarge *string, const char *s)
  80 {
  81         string->string = s;
  82 }
  83
  84 static void init_lsa_BinaryString(struct lsa_BinaryString *string, const char *s, uint32_t length)
  85 {
  86         string->length = length;
  87         string->size = length;
  88         string->array = (uint16_t *)discard_const(s);
  89 }
  90
  91 bool test_samr_handle_Close(struct dcerpc_pipe *p, struct torture_context *tctx,
  92                                    struct policy_handle *handle)
  93 {
  94         NTSTATUS status;
  95         struct samr_Close r;
  96
  97         r.in.handle = handle;
  98         r.out.handle = handle;
  99
 100         status = dcerpc_samr_Close(p, tctx, &r);
 101         torture_assert_ntstatus_ok(tctx, status, "Close");
 102
 103         return true;
 104 }
 105
 106 static bool test_Shutdown(struct dcerpc_pipe *p, struct torture_context *tctx,
 107                        struct policy_handle *handle)
 108 {
 109         NTSTATUS status;
 110         struct samr_Shutdown r;
 111
 112         if (!torture_setting_bool(tctx, "dangerous", false)) {
 113                 torture_skip(tctx, "samr_Shutdown disabled - enable dangerous tests to use\n");
 114                 return true;
 115         }
 116
 117         r.in.connect_handle = handle;
 118
 119         torture_comment(tctx, "testing samr_Shutdown\n");
 120
 121         status = dcerpc_samr_Shutdown(p, tctx, &r);
 122         torture_assert_ntstatus_ok(tctx, status, "samr_Shutdown");
 123
 124         return true;
 125 }
 126
 127 static bool test_SetDsrmPassword(struct dcerpc_pipe *p, struct torture_context *tctx,
 128                                  struct policy_handle *handle)
 129 {
 130         NTSTATUS status;
 131         struct samr_SetDsrmPassword r;
 132         struct lsa_String string;
 133         struct samr_Password hash;
 134
 135         if (!torture_setting_bool(tctx, "dangerous", false)) {
 136                 torture_skip(tctx, "samr_SetDsrmPassword disabled - enable dangerous tests to use");
 137         }
 138
 139         E_md4hash("TeSTDSRM123", hash.hash);
 140
 141         init_lsa_String(&string, "Administrator");
 142
 143         r.in.name = &string;
 144         r.in.unknown = 0;
 145         r.in.hash = &hash;
 146
 147         torture_comment(tctx, "testing samr_SetDsrmPassword\n");
 148
 149         status = dcerpc_samr_SetDsrmPassword(p, tctx, &r);
 150         torture_assert_ntstatus_equal(tctx, status, NT_STATUS_NOT_SUPPORTED, "samr_SetDsrmPassword");
 151
 152         return true;
 153 }
 154
 155
 156 static bool test_QuerySecurity(struct dcerpc_pipe *p,
 157                                struct torture_context *tctx,
 158                                struct policy_handle *handle)
 159 {
 160         NTSTATUS status;
 161         struct samr_QuerySecurity r;
 162         struct samr_SetSecurity s;
 163         struct sec_desc_buf *sdbuf = NULL;
 164
 165         r.in.handle = handle;
 166         r.in.sec_info = 7;
 167         r.out.sdbuf = &sdbuf;
 168
 169         status = dcerpc_samr_QuerySecurity(p, tctx, &r);
 170         torture_assert_ntstatus_ok(tctx, status, "QuerySecurity");
 171
 172         torture_assert(tctx, sdbuf != NULL, "sdbuf is NULL");
 173
 174         s.in.handle = handle;
 175         s.in.sec_info = 7;
 176         s.in.sdbuf = sdbuf;
 177
 178         if (torture_setting_bool(tctx, "samba4", false)) {
 179                 torture_skip(tctx, "skipping SetSecurity test against Samba4\n");
 180         }
 181
 182         status = dcerpc_samr_SetSecurity(p, tctx, &s);
 183         torture_assert_ntstatus_ok(tctx, status, "SetSecurity");
 184
 185         status = dcerpc_samr_QuerySecurity(p, tctx, &r);
 186         torture_assert_ntstatus_ok(tctx, status, "QuerySecurity");
 187
 188         return true;
 189 }
 190
 191
 192 static bool test_SetUserInfo(struct dcerpc_pipe *p, struct torture_context *tctx,
 193                              struct policy_handle *handle, uint32_t base_acct_flags,
 194                              const char *base_account_name)
 195 {
 196         NTSTATUS status;
 197         struct samr_SetUserInfo s;
 198         struct samr_SetUserInfo2 s2;
 199         struct samr_QueryUserInfo q;
 200         struct samr_QueryUserInfo q0;
 201         union samr_UserInfo u;
 202         union samr_UserInfo *info;
 203         bool ret = true;
 204         const char *test_account_name;
 205
 206         uint32_t user_extra_flags = 0;
 207
 208         if (!torture_setting_bool(tctx, "samba3", false)) {
 209                 if (base_acct_flags == ACB_NORMAL) {
 210                         /* When created, accounts are expired by default */
 211                         user_extra_flags = ACB_PW_EXPIRED;
 212                 }
 213         }
 214
 215         s.in.user_handle = handle;
 216         s.in.info = &u;
 217
 218         s2.in.user_handle = handle;
 219         s2.in.info = &u;
 220
 221         q.in.user_handle = handle;
 222         q.out.info = &info;
 223         q0 = q;
 224
 225 #define TESTCALL(call, r) \
 226                 status = dcerpc_samr_ ##call(p, tctx, &r); \
 227                 if (!NT_STATUS_IS_OK(status)) { \
 228                         torture_comment(tctx, #call " level %u failed - %s (%s)\n", \
 229                                r.in.level, nt_errstr(status), __location__); \
 230                         ret = false; \
 231                         break; \
 232                 }
 233
 234 #define STRING_EQUAL(s1, s2, field) \
 235                 if ((s1 && !s2) || (s2 && !s1) || strcmp(s1, s2)) { \
 236                         torture_comment(tctx, "Failed to set %s to '%s' (%s)\n", \
 237                                #field, s2, __location__); \
 238                         ret = false; \
 239                         break; \
 240                 }
 241
 242 #define MEM_EQUAL(s1, s2, length, field) \
 243                 if ((s1 && !s2) || (s2 && !s1) || memcmp(s1, s2, length)) { \
 244                         torture_comment(tctx, "Failed to set %s to '%s' (%s)\n", \
 245                                #field, (const char *)s2, __location__); \
 246                         ret = false; \
 247                         break; \
 248                 }
 249
 250 #define INT_EQUAL(i1, i2, field) \
 251                 if (i1 != i2) { \
 252                         torture_comment(tctx, "Failed to set %s to 0x%llx - got 0x%llx (%s)\n", \
 253                                #field, (unsigned long long)i2, (unsigned long long)i1, __location__); \
 254                         ret = false; \
 255                         break; \
 256                 }
 257
 258 #define TEST_USERINFO_STRING(lvl1, field1, lvl2, field2, value, fpval) do { \
 259                 torture_comment(tctx, "field test %d/%s vs %d/%s\n", lvl1, #field1, lvl2, #field2); \
 260                 q.in.level = lvl1; \
 261                 TESTCALL(QueryUserInfo, q) \
 262                 s.in.level = lvl1; \
 263                 s2.in.level = lvl1; \
 264                 u = *info; \
 265                 if (lvl1 == 21) { \
 266                         ZERO_STRUCT(u.info21); \
 267                         u.info21.fields_present = fpval; \
 268                 } \
 269                 init_lsa_String(&u.info ## lvl1.field1, value); \
 270                 TESTCALL(SetUserInfo, s) \
 271                 TESTCALL(SetUserInfo2, s2) \
 272                 init_lsa_String(&u.info ## lvl1.field1, ""); \
 273                 TESTCALL(QueryUserInfo, q); \
 274                 u = *info; \
 275                 STRING_EQUAL(u.info ## lvl1.field1.string, value, field1); \
 276                 q.in.level = lvl2; \
 277                 TESTCALL(QueryUserInfo, q) \
 278                 u = *info; \
 279                 STRING_EQUAL(u.info ## lvl2.field2.string, value, field2); \
 280         } while (0)
 281
 282 #define TEST_USERINFO_BINARYSTRING(lvl1, field1, lvl2, field2, value, fpval) do { \
 283                 torture_comment(tctx, "field test %d/%s vs %d/%s\n", lvl1, #field1, lvl2, #field2); \
 284                 q.in.level = lvl1; \
 285                 TESTCALL(QueryUserInfo, q) \
 286                 s.in.level = lvl1; \
 287                 s2.in.level = lvl1; \
 288                 u = *info; \
 289                 if (lvl1 == 21) { \
 290                         ZERO_STRUCT(u.info21); \
 291                         u.info21.fields_present = fpval; \
 292                 } \
 293                 init_lsa_BinaryString(&u.info ## lvl1.field1, value, strlen(value)); \
 294                 TESTCALL(SetUserInfo, s) \
 295                 TESTCALL(SetUserInfo2, s2) \
 296                 init_lsa_BinaryString(&u.info ## lvl1.field1, "", 1); \
 297                 TESTCALL(QueryUserInfo, q); \
 298                 u = *info; \
 299                 MEM_EQUAL(u.info ## lvl1.field1.array, value, strlen(value), field1); \
 300                 q.in.level = lvl2; \
 301                 TESTCALL(QueryUserInfo, q) \
 302                 u = *info; \
 303                 MEM_EQUAL(u.info ## lvl2.field2.array, value, strlen(value), field2); \
 304         } while (0)
 305
 306 #define TEST_USERINFO_INT_EXP(lvl1, field1, lvl2, field2, value, exp_value, fpval) do { \
 307                 torture_comment(tctx, "field test %d/%s vs %d/%s\n", lvl1, #field1, lvl2, #field2); \
 308                 q.in.level = lvl1; \
 309                 TESTCALL(QueryUserInfo, q) \
 310                 s.in.level = lvl1; \
 311                 s2.in.level = lvl1; \
 312                 u = *info; \
 313                 if (lvl1 == 21) { \
 314                         uint8_t *bits = u.info21.logon_hours.bits; \
 315                         ZERO_STRUCT(u.info21); \
 316                         if (fpval == SAMR_FIELD_LOGON_HOURS) { \
 317                                 u.info21.logon_hours.units_per_week = 168; \
 318                                 u.info21.logon_hours.bits = bits; \
 319                         } \
 320                         u.info21.fields_present = fpval; \
 321                 } \
 322                 u.info ## lvl1.field1 = value; \
 323                 TESTCALL(SetUserInfo, s) \
 324                 TESTCALL(SetUserInfo2, s2) \
 325                 u.info ## lvl1.field1 = 0; \
 326                 TESTCALL(QueryUserInfo, q); \
 327                 u = *info; \
 328                 INT_EQUAL(u.info ## lvl1.field1, exp_value, field1); \
 329                 q.in.level = lvl2; \
 330                 TESTCALL(QueryUserInfo, q) \
 331                 u = *info; \
 332                 INT_EQUAL(u.info ## lvl2.field2, exp_value, field1); \
 333         } while (0)
 334
 335 #define TEST_USERINFO_INT(lvl1, field1, lvl2, field2, value, fpval) do { \
 336         TEST_USERINFO_INT_EXP(lvl1, field1, lvl2, field2, value, value, fpval); \
 337         } while (0)
 338
 339         q0.in.level = 12;
 340         do { TESTCALL(QueryUserInfo, q0) } while (0);
 341
 342         TEST_USERINFO_STRING(2, comment,  1, comment, "xx2-1 comment", 0);
 343         TEST_USERINFO_STRING(2, comment, 21, comment, "xx2-21 comment", 0);
 344         TEST_USERINFO_STRING(21, comment, 21, comment, "xx21-21 comment",
 345                            SAMR_FIELD_COMMENT);
 346
 347         test_account_name = talloc_asprintf(tctx, "%sxx7-1", base_account_name);
 348         TEST_USERINFO_STRING(7, account_name,  1, account_name, base_account_name, 0);
 349         test_account_name = talloc_asprintf(tctx, "%sxx7-3", base_account_name);
 350         TEST_USERINFO_STRING(7, account_name,  3, account_name, base_account_name, 0);
 351         test_account_name = talloc_asprintf(tctx, "%sxx7-5", base_account_name);
 352         TEST_USERINFO_STRING(7, account_name,  5, account_name, base_account_name, 0);
 353         test_account_name = talloc_asprintf(tctx, "%sxx7-6", base_account_name);
 354         TEST_USERINFO_STRING(7, account_name,  6, account_name, base_account_name, 0);
 355         test_account_name = talloc_asprintf(tctx, "%sxx7-7", base_account_name);
 356         TEST_USERINFO_STRING(7, account_name,  7, account_name, base_account_name, 0);
 357         test_account_name = talloc_asprintf(tctx, "%sxx7-21", base_account_name);
 358         TEST_USERINFO_STRING(7, account_name, 21, account_name, base_account_name, 0);
 359         test_account_name = base_account_name;
 360         TEST_USERINFO_STRING(21, account_name, 21, account_name, base_account_name,
 361                            SAMR_FIELD_ACCOUNT_NAME);
 362
 363         TEST_USERINFO_STRING(6, full_name,  1, full_name, "xx6-1 full_name", 0);
 364         TEST_USERINFO_STRING(6, full_name,  3, full_name, "xx6-3 full_name", 0);
 365         TEST_USERINFO_STRING(6, full_name,  5, full_name, "xx6-5 full_name", 0);
 366         TEST_USERINFO_STRING(6, full_name,  6, full_name, "xx6-6 full_name", 0);
 367         TEST_USERINFO_STRING(6, full_name,  8, full_name, "xx6-8 full_name", 0);
 368         TEST_USERINFO_STRING(6, full_name, 21, full_name, "xx6-21 full_name", 0);
 369         TEST_USERINFO_STRING(8, full_name, 21, full_name, "xx8-21 full_name", 0);
 370         TEST_USERINFO_STRING(21, full_name, 21, full_name, "xx21-21 full_name",
 371                            SAMR_FIELD_FULL_NAME);
 372
 373         TEST_USERINFO_STRING(6, full_name,  1, full_name, "", 0);
 374         TEST_USERINFO_STRING(6, full_name,  3, full_name, "", 0);
 375         TEST_USERINFO_STRING(6, full_name,  5, full_name, "", 0);
 376         TEST_USERINFO_STRING(6, full_name,  6, full_name, "", 0);
 377         TEST_USERINFO_STRING(6, full_name,  8, full_name, "", 0);
 378         TEST_USERINFO_STRING(6, full_name, 21, full_name, "", 0);
 379         TEST_USERINFO_STRING(8, full_name, 21, full_name, "", 0);
 380         TEST_USERINFO_STRING(21, full_name, 21, full_name, "",
 381                            SAMR_FIELD_FULL_NAME);
 382
 383         TEST_USERINFO_STRING(11, logon_script, 3, logon_script, "xx11-3 logon_script", 0);
 384         TEST_USERINFO_STRING(11, logon_script, 5, logon_script, "xx11-5 logon_script", 0);
 385         TEST_USERINFO_STRING(11, logon_script, 21, logon_script, "xx11-21 logon_script", 0);
 386         TEST_USERINFO_STRING(21, logon_script, 21, logon_script, "xx21-21 logon_script",
 387                            SAMR_FIELD_LOGON_SCRIPT);
 388
 389         TEST_USERINFO_STRING(12, profile_path,  3, profile_path, "xx12-3 profile_path", 0);
 390         TEST_USERINFO_STRING(12, profile_path,  5, profile_path, "xx12-5 profile_path", 0);
 391         TEST_USERINFO_STRING(12, profile_path, 21, profile_path, "xx12-21 profile_path", 0);
 392         TEST_USERINFO_STRING(21, profile_path, 21, profile_path, "xx21-21 profile_path",
 393                            SAMR_FIELD_PROFILE_PATH);
 394
 395         TEST_USERINFO_STRING(10, home_directory, 3, home_directory, "xx10-3 home_directory", 0);
 396         TEST_USERINFO_STRING(10, home_directory, 5, home_directory, "xx10-5 home_directory", 0);
 397         TEST_USERINFO_STRING(10, home_directory, 21, home_directory, "xx10-21 home_directory", 0);
 398         TEST_USERINFO_STRING(21, home_directory, 21, home_directory, "xx21-21 home_directory",
 399                              SAMR_FIELD_HOME_DIRECTORY);
 400         TEST_USERINFO_STRING(21, home_directory, 10, home_directory, "xx21-10 home_directory",
 401                              SAMR_FIELD_HOME_DIRECTORY);
 402
 403         TEST_USERINFO_STRING(10, home_drive, 3, home_drive, "xx10-3 home_drive", 0);
 404         TEST_USERINFO_STRING(10, home_drive, 5, home_drive, "xx10-5 home_drive", 0);
 405         TEST_USERINFO_STRING(10, home_drive, 21, home_drive, "xx10-21 home_drive", 0);
 406         TEST_USERINFO_STRING(21, home_drive, 21, home_drive, "xx21-21 home_drive",
 407                              SAMR_FIELD_HOME_DRIVE);
 408         TEST_USERINFO_STRING(21, home_drive, 10, home_drive, "xx21-10 home_drive",
 409                              SAMR_FIELD_HOME_DRIVE);
 410
 411         TEST_USERINFO_STRING(13, description,  1, description, "xx13-1 description", 0);
 412         TEST_USERINFO_STRING(13, description,  5, description, "xx13-5 description", 0);
 413         TEST_USERINFO_STRING(13, description, 21, description, "xx13-21 description", 0);
 414         TEST_USERINFO_STRING(21, description, 21, description, "xx21-21 description",
 415                            SAMR_FIELD_DESCRIPTION);
 416
 417         TEST_USERINFO_STRING(14, workstations,  3, workstations, "14workstation3", 0);
 418         TEST_USERINFO_STRING(14, workstations,  5, workstations, "14workstation4", 0);
 419         TEST_USERINFO_STRING(14, workstations, 21, workstations, "14workstation21", 0);
 420         TEST_USERINFO_STRING(21, workstations, 21, workstations, "21workstation21",
 421                            SAMR_FIELD_WORKSTATIONS);
 422         TEST_USERINFO_STRING(21, workstations, 3, workstations, "21workstation3",
 423                            SAMR_FIELD_WORKSTATIONS);
 424         TEST_USERINFO_STRING(21, workstations, 5, workstations, "21workstation5",
 425                            SAMR_FIELD_WORKSTATIONS);
 426         TEST_USERINFO_STRING(21, workstations, 14, workstations, "21workstation14",
 427                            SAMR_FIELD_WORKSTATIONS);
 428
 429         TEST_USERINFO_BINARYSTRING(20, parameters, 21, parameters, "xx20-21 parameters", 0);
 430         TEST_USERINFO_BINARYSTRING(21, parameters, 21, parameters, "xx21-21 parameters",
 431                            SAMR_FIELD_PARAMETERS);
 432         TEST_USERINFO_BINARYSTRING(21, parameters, 20, parameters, "xx21-20 parameters",
 433                            SAMR_FIELD_PARAMETERS);
 434         /* also empty user parameters are allowed */
 435         TEST_USERINFO_BINARYSTRING(20, parameters, 21, parameters, "", 0);
 436         TEST_USERINFO_BINARYSTRING(21, parameters, 21, parameters, "",
 437                            SAMR_FIELD_PARAMETERS);
 438         TEST_USERINFO_BINARYSTRING(21, parameters, 20, parameters, "",
 439                            SAMR_FIELD_PARAMETERS);
 440
 441         /* Samba 3 cannot store country_code and copy_page atm. - gd */
 442         if (!torture_setting_bool(tctx, "samba3", false)) {
 443                 TEST_USERINFO_INT(2, country_code, 2, country_code, __LINE__, 0);
 444                 TEST_USERINFO_INT(2, country_code, 21, country_code, __LINE__, 0);
 445                 TEST_USERINFO_INT(21, country_code, 21, country_code, __LINE__,
 446                                   SAMR_FIELD_COUNTRY_CODE);
 447                 TEST_USERINFO_INT(21, country_code, 2, country_code, __LINE__,
 448                                   SAMR_FIELD_COUNTRY_CODE);
 449
 450                 TEST_USERINFO_INT(2, code_page, 21, code_page, __LINE__, 0);
 451                 TEST_USERINFO_INT(21, code_page, 21, code_page, __LINE__,
 452                                   SAMR_FIELD_CODE_PAGE);
 453                 TEST_USERINFO_INT(21, code_page, 2, code_page, __LINE__,
 454                                   SAMR_FIELD_CODE_PAGE);
 455         }
 456
 457         if (!torture_setting_bool(tctx, "samba3", false)) {
 458                 TEST_USERINFO_INT(17, acct_expiry, 21, acct_expiry, __LINE__, 0);
 459                 TEST_USERINFO_INT(17, acct_expiry, 5, acct_expiry, __LINE__, 0);
 460                 TEST_USERINFO_INT(21, acct_expiry, 21, acct_expiry, __LINE__,
 461                                   SAMR_FIELD_ACCT_EXPIRY);
 462                 TEST_USERINFO_INT(21, acct_expiry, 5, acct_expiry, __LINE__,
 463                                   SAMR_FIELD_ACCT_EXPIRY);
 464                 TEST_USERINFO_INT(21, acct_expiry, 17, acct_expiry, __LINE__,
 465                                   SAMR_FIELD_ACCT_EXPIRY);
 466         } else {
 467                 /* Samba 3 can only store seconds / time_t in passdb - gd */
 468                 NTTIME nt;
 469                 unix_to_nt_time(&nt, time(NULL) + __LINE__);
 470                 TEST_USERINFO_INT(17, acct_expiry, 21, acct_expiry, nt, 0);
 471                 unix_to_nt_time(&nt, time(NULL) + __LINE__);
 472                 TEST_USERINFO_INT(17, acct_expiry, 5, acct_expiry, nt, 0);
 473                 unix_to_nt_time(&nt, time(NULL) + __LINE__);
 474                 TEST_USERINFO_INT(21, acct_expiry, 21, acct_expiry, nt, SAMR_FIELD_ACCT_EXPIRY);
 475                 unix_to_nt_time(&nt, time(NULL) + __LINE__);
 476                 TEST_USERINFO_INT(21, acct_expiry, 5, acct_expiry, nt, SAMR_FIELD_ACCT_EXPIRY);
 477                 unix_to_nt_time(&nt, time(NULL) + __LINE__);
 478                 TEST_USERINFO_INT(21, acct_expiry, 17, acct_expiry, nt, SAMR_FIELD_ACCT_EXPIRY);
 479         }
 480
 481         TEST_USERINFO_INT(4, logon_hours.bits[3],  3, logon_hours.bits[3], 1, 0);
 482         TEST_USERINFO_INT(4, logon_hours.bits[3],  5, logon_hours.bits[3], 2, 0);
 483         TEST_USERINFO_INT(4, logon_hours.bits[3], 21, logon_hours.bits[3], 3, 0);
 484         TEST_USERINFO_INT(21, logon_hours.bits[3], 21, logon_hours.bits[3], 4,
 485                           SAMR_FIELD_LOGON_HOURS);
 486
 487         TEST_USERINFO_INT_EXP(16, acct_flags, 5, acct_flags,
 488                               (base_acct_flags  | ACB_DISABLED | ACB_HOMDIRREQ),
 489                               (base_acct_flags  | ACB_DISABLED | ACB_HOMDIRREQ | user_extra_flags),
 490                               0);
 491         TEST_USERINFO_INT_EXP(16, acct_flags, 5, acct_flags,
 492                               (base_acct_flags  | ACB_DISABLED),
 493                               (base_acct_flags  | ACB_DISABLED | user_extra_flags),
 494                               0);
 495
 496         /* Setting PWNOEXP clears the magic ACB_PW_EXPIRED flag */
 497         TEST_USERINFO_INT_EXP(16, acct_flags, 5, acct_flags,
 498                               (base_acct_flags  | ACB_DISABLED | ACB_PWNOEXP),
 499                               (base_acct_flags  | ACB_DISABLED | ACB_PWNOEXP),
 500                               0);
 501         TEST_USERINFO_INT_EXP(16, acct_flags, 21, acct_flags,
 502                               (base_acct_flags | ACB_DISABLED | ACB_HOMDIRREQ),
 503                               (base_acct_flags | ACB_DISABLED | ACB_HOMDIRREQ | user_extra_flags),
 504                               0);
 505
 506
 507         /* The 'autolock' flag doesn't stick - check this */
 508         TEST_USERINFO_INT_EXP(16, acct_flags, 21, acct_flags,
 509                               (base_acct_flags | ACB_DISABLED | ACB_AUTOLOCK),
 510                               (base_acct_flags | ACB_DISABLED | user_extra_flags),
 511                               0);
 512 #if 0
 513         /* Removing the 'disabled' flag doesn't stick - check this */
 514         TEST_USERINFO_INT_EXP(16, acct_flags, 21, acct_flags,
 515                               (base_acct_flags),
 516                               (base_acct_flags | ACB_DISABLED | user_extra_flags),
 517                               0);
 518 #endif
 519
 520         /* Samba3 cannot store these atm */
 521         if (!torture_setting_bool(tctx, "samba3", false)) {
 522         /* The 'store plaintext' flag does stick */
 523         TEST_USERINFO_INT_EXP(16, acct_flags, 21, acct_flags,
 524                               (base_acct_flags | ACB_DISABLED | ACB_ENC_TXT_PWD_ALLOWED),
 525                               (base_acct_flags | ACB_DISABLED | ACB_ENC_TXT_PWD_ALLOWED | user_extra_flags),
 526                               0);
 527         /* The 'use DES' flag does stick */
 528         TEST_USERINFO_INT_EXP(16, acct_flags, 21, acct_flags,
 529                               (base_acct_flags | ACB_DISABLED | ACB_USE_DES_KEY_ONLY),
 530                               (base_acct_flags | ACB_DISABLED | ACB_USE_DES_KEY_ONLY | user_extra_flags),
 531                               0);
 532         /* The 'don't require kerberos pre-authentication flag does stick */
 533         TEST_USERINFO_INT_EXP(16, acct_flags, 21, acct_flags,
 534                               (base_acct_flags | ACB_DISABLED | ACB_DONT_REQUIRE_PREAUTH),
 535                               (base_acct_flags | ACB_DISABLED | ACB_DONT_REQUIRE_PREAUTH | user_extra_flags),
 536                               0);
 537         /* The 'no kerberos PAC required' flag sticks */
 538         TEST_USERINFO_INT_EXP(16, acct_flags, 21, acct_flags,
 539                               (base_acct_flags | ACB_DISABLED | ACB_NO_AUTH_DATA_REQD),
 540                               (base_acct_flags | ACB_DISABLED | ACB_NO_AUTH_DATA_REQD | user_extra_flags),
 541                               0);
 542         }
 543         TEST_USERINFO_INT_EXP(21, acct_flags, 21, acct_flags,
 544                               (base_acct_flags | ACB_DISABLED),
 545                               (base_acct_flags | ACB_DISABLED | user_extra_flags),
 546                               SAMR_FIELD_ACCT_FLAGS);
 547
 548 #if 0
 549         /* these fail with win2003 - it appears you can't set the primary gid?
 550            the set succeeds, but the gid isn't changed. Very weird! */
 551         TEST_USERINFO_INT(9, primary_gid,  1, primary_gid, 513);
 552         TEST_USERINFO_INT(9, primary_gid,  3, primary_gid, 513);
 553         TEST_USERINFO_INT(9, primary_gid,  5, primary_gid, 513);
 554         TEST_USERINFO_INT(9, primary_gid, 21, primary_gid, 513);
 555 #endif
 556
 557         return ret;
 558 }
 559
 560 /*
 561   generate a random password for password change tests
 562 */
 563 static char *samr_rand_pass_silent(TALLOC_CTX *mem_ctx, int min_len)
 564 {
 565         size_t len = MAX(8, min_len) + (random() % 6);
 566         char *s = generate_random_str(mem_ctx, len);
 567         return s;
 568 }
 569
 570 static char *samr_rand_pass(TALLOC_CTX *mem_ctx, int min_len)
 571 {
 572         char *s = samr_rand_pass_silent(mem_ctx, min_len);
 573         printf("Generated password '%s'\n", s);
 574         return s;
 575
 576 }
 577
 578 /*
 579   generate a random password for password change tests
 580 */
 581 static DATA_BLOB samr_very_rand_pass(TALLOC_CTX *mem_ctx, int len)
 582 {
 583         int i;
 584         DATA_BLOB password = data_blob_talloc(mem_ctx, NULL, len * 2 /* number of unicode chars */);
 585         generate_random_buffer(password.data, password.length);
 586
 587         for (i=0; i < len; i++) {
 588                 if (((uint16_t *)password.data)[i] == 0) {
 589                         ((uint16_t *)password.data)[i] = 1;
 590                 }
 591         }
 592
 593         return password;
 594 }
 595
 596 /*
 597   generate a random password for password change tests (fixed length)
 598 */
 599 static char *samr_rand_pass_fixed_len(TALLOC_CTX *mem_ctx, int len)
 600 {
 601         char *s = generate_random_str(mem_ctx, len);
 602         printf("Generated password '%s'\n", s);
 603         return s;
 604 }
 605
 606 static bool test_SetUserPass(struct dcerpc_pipe *p, struct torture_context *tctx,
 607                              struct policy_handle *handle, char **password)
 608 {
 609         NTSTATUS status;
 610         struct samr_SetUserInfo s;
 611         union samr_UserInfo u;
 612         bool ret = true;
 613         DATA_BLOB session_key;
 614         char *newpass;
 615         struct samr_GetUserPwInfo pwp;
 616         struct samr_PwInfo info;
 617         int policy_min_pw_len = 0;
 618         pwp.in.user_handle = handle;
 619         pwp.out.info = &info;
 620
 621         status = dcerpc_samr_GetUserPwInfo(p, tctx, &pwp);
 622         if (NT_STATUS_IS_OK(status)) {
 623                 policy_min_pw_len = pwp.out.info->min_password_length;
 624         }
 625         newpass = samr_rand_pass(tctx, policy_min_pw_len);
 626
 627         s.in.user_handle = handle;
 628         s.in.info = &u;
 629         s.in.level = 24;
 630
 631         encode_pw_buffer(u.info24.password.data, newpass, STR_UNICODE);
 632         u.info24.password_expired = 0;
 633
 634         status = dcerpc_fetch_session_key(p, &session_key);
 635         if (!NT_STATUS_IS_OK(status)) {
 636                 torture_warning(tctx, "SetUserInfo level %u - no session key - %s\n",
 637                        s.in.level, nt_errstr(status));
 638                 return false;
 639         }
 640
 641         arcfour_crypt_blob(u.info24.password.data, 516, &session_key);
 642
 643         torture_comment(tctx, "Testing SetUserInfo level 24 (set password)\n");
 644
 645         status = dcerpc_samr_SetUserInfo(p, tctx, &s);
 646         if (!NT_STATUS_IS_OK(status)) {
 647                 torture_warning(tctx, "SetUserInfo level %u failed - %s\n",
 648                        s.in.level, nt_errstr(status));
 649                 ret = false;
 650         } else {
 651                 *password = newpass;
 652         }
 653
 654         return ret;
 655 }
 656
 657
 658 static bool test_SetUserPass_23(struct dcerpc_pipe *p, struct torture_context *tctx,
 659                                 struct policy_handle *handle, uint32_t fields_present,
 660                                 char **password)
 661 {
 662         NTSTATUS status;
 663         struct samr_SetUserInfo s;
 664         union samr_UserInfo u;
 665         bool ret = true;
 666         DATA_BLOB session_key;
 667         char *newpass;
 668         struct samr_GetUserPwInfo pwp;
 669         struct samr_PwInfo info;
 670         int policy_min_pw_len = 0;
 671         pwp.in.user_handle = handle;
 672         pwp.out.info = &info;
 673
 674         status = dcerpc_samr_GetUserPwInfo(p, tctx, &pwp);
 675         if (NT_STATUS_IS_OK(status)) {
 676                 policy_min_pw_len = pwp.out.info->min_password_length;
 677         }
 678         newpass = samr_rand_pass(tctx, policy_min_pw_len);
 679
 680         s.in.user_handle = handle;
 681         s.in.info = &u;
 682         s.in.level = 23;
 683
 684         ZERO_STRUCT(u);
 685
 686         u.info23.info.fields_present = fields_present;
 687
 688         encode_pw_buffer(u.info23.password.data, newpass, STR_UNICODE);
 689
 690         status = dcerpc_fetch_session_key(p, &session_key);
 691         if (!NT_STATUS_IS_OK(status)) {
 692                 torture_warning(tctx, "SetUserInfo level %u - no session key - %s\n",
 693                        s.in.level, nt_errstr(status));
 694                 return false;
 695         }
 696
 697         arcfour_crypt_blob(u.info23.password.data, 516, &session_key);
 698
 699         torture_comment(tctx, "Testing SetUserInfo level 23 (set password)\n");
 700
 701         status = dcerpc_samr_SetUserInfo(p, tctx, &s);
 702         if (!NT_STATUS_IS_OK(status)) {
 703                 torture_warning(tctx, "SetUserInfo level %u failed - %s\n",
 704                        s.in.level, nt_errstr(status));
 705                 ret = false;
 706         } else {
 707                 *password = newpass;
 708         }
 709
 710         encode_pw_buffer(u.info23.password.data, newpass, STR_UNICODE);
 711
 712         status = dcerpc_fetch_session_key(p, &session_key);
 713         if (!NT_STATUS_IS_OK(status)) {
 714                 torture_warning(tctx, "SetUserInfo level %u - no session key - %s\n",
 715                        s.in.level, nt_errstr(status));
 716                 return false;
 717         }
 718
 719         /* This should break the key nicely */
 720         session_key.length--;
 721         arcfour_crypt_blob(u.info23.password.data, 516, &session_key);
 722
 723         torture_comment(tctx, "Testing SetUserInfo level 23 (set password) with wrong password\n");
 724
 725         status = dcerpc_samr_SetUserInfo(p, tctx, &s);
 726         if (!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
 727                 torture_warning(tctx, "SetUserInfo level %u should have failed with WRONG_PASSWORD- %s\n",
 728                        s.in.level, nt_errstr(status));
 729                 ret = false;
 730         }
 731
 732         return ret;
 733 }
 734
 735
 736 static bool test_SetUserPassEx(struct dcerpc_pipe *p, struct torture_context *tctx,
 737                                struct policy_handle *handle, bool makeshort,
 738                                char **password)
 739 {
 740         NTSTATUS status;
 741         struct samr_SetUserInfo s;
 742         union samr_UserInfo u;
 743         bool ret = true;
 744         DATA_BLOB session_key;
 745         DATA_BLOB confounded_session_key = data_blob_talloc(tctx, NULL, 16);
 746         uint8_t confounder[16];
 747         char *newpass;
 748         struct MD5Context ctx;
 749         struct samr_GetUserPwInfo pwp;
 750         struct samr_PwInfo info;
 751         int policy_min_pw_len = 0;
 752         pwp.in.user_handle = handle;
 753         pwp.out.info = &info;
 754
 755         status = dcerpc_samr_GetUserPwInfo(p, tctx, &pwp);
 756         if (NT_STATUS_IS_OK(status)) {
 757                 policy_min_pw_len = pwp.out.info->min_password_length;
 758         }
 759         if (makeshort && policy_min_pw_len) {
 760                 newpass = samr_rand_pass_fixed_len(tctx, policy_min_pw_len - 1);
 761         } else {
 762                 newpass = samr_rand_pass(tctx, policy_min_pw_len);
 763         }
 764
 765         s.in.user_handle = handle;
 766         s.in.info = &u;
 767         s.in.level = 26;
 768
 769         encode_pw_buffer(u.info26.password.data, newpass, STR_UNICODE);
 770         u.info26.password_expired = 0;
 771
 772         status = dcerpc_fetch_session_key(p, &session_key);
 773         if (!NT_STATUS_IS_OK(status)) {
 774                 torture_warning(tctx, "SetUserInfo level %u - no session key - %s\n",
 775                        s.in.level, nt_errstr(status));
 776                 return false;
 777         }
 778
 779         generate_random_buffer((uint8_t *)confounder, 16);
 780
 781         MD5Init(&ctx);
 782         MD5Update(&ctx, confounder, 16);
 783         MD5Update(&ctx, session_key.data, session_key.length);
 784         MD5Final(confounded_session_key.data, &ctx);
 785
 786         arcfour_crypt_blob(u.info26.password.data, 516, &confounded_session_key);
 787         memcpy(&u.info26.password.data[516], confounder, 16);
 788
 789         torture_comment(tctx, "Testing SetUserInfo level 26 (set password ex)\n");
 790
 791         status = dcerpc_samr_SetUserInfo(p, tctx, &s);
 792         if (!NT_STATUS_IS_OK(status)) {
 793                 torture_warning(tctx, "SetUserInfo level %u failed - %s\n",
 794                        s.in.level, nt_errstr(status));
 795                 ret = false;
 796         } else {
 797                 *password = newpass;
 798         }
 799
 800         /* This should break the key nicely */
 801         confounded_session_key.data[0]++;
 802
 803         arcfour_crypt_blob(u.info26.password.data, 516, &confounded_session_key);
 804         memcpy(&u.info26.password.data[516], confounder, 16);
 805
 806         torture_comment(tctx, "Testing SetUserInfo level 26 (set password ex) with wrong session key\n");
 807
 808         status = dcerpc_samr_SetUserInfo(p, tctx, &s);
 809         if (!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
 810                 torture_warning(tctx, "SetUserInfo level %u should have failed with WRONG_PASSWORD: %s\n",
 811                        s.in.level, nt_errstr(status));
 812                 ret = false;
 813         } else {
 814                 *password = newpass;
 815         }
 816
 817         return ret;
 818 }
 819
 820 static bool test_SetUserPass_25(struct dcerpc_pipe *p, struct torture_context *tctx,
 821                                 struct policy_handle *handle, uint32_t fields_present,
 822                                 char **password)
 823 {
 824         NTSTATUS status;
 825         struct samr_SetUserInfo s;
 826         union samr_UserInfo u;
 827         bool ret = true;
 828         DATA_BLOB session_key;
 829         DATA_BLOB confounded_session_key = data_blob_talloc(tctx, NULL, 16);
 830         struct MD5Context ctx;
 831         uint8_t confounder[16];
 832         char *newpass;
 833         struct samr_GetUserPwInfo pwp;
 834         struct samr_PwInfo info;
 835         int policy_min_pw_len = 0;
 836         pwp.in.user_handle = handle;
 837         pwp.out.info = &info;
 838
 839         status = dcerpc_samr_GetUserPwInfo(p, tctx, &pwp);
 840         if (NT_STATUS_IS_OK(status)) {
 841                 policy_min_pw_len = pwp.out.info->min_password_length;
 842         }
 843         newpass = samr_rand_pass(tctx, policy_min_pw_len);
 844
 845         s.in.user_handle = handle;
 846         s.in.info = &u;
 847         s.in.level = 25;
 848
 849         ZERO_STRUCT(u);
 850
 851         u.info25.info.fields_present = fields_present;
 852
 853         encode_pw_buffer(u.info25.password.data, newpass, STR_UNICODE);
 854
 855         status = dcerpc_fetch_session_key(p, &session_key);
 856         if (!NT_STATUS_IS_OK(status)) {
 857                 torture_warning(tctx, "SetUserInfo level %u - no session key - %s\n",
 858                        s.in.level, nt_errstr(status));
 859                 return false;
 860         }
 861
 862         generate_random_buffer((uint8_t *)confounder, 16);
 863
 864         MD5Init(&ctx);
 865         MD5Update(&ctx, confounder, 16);
 866         MD5Update(&ctx, session_key.data, session_key.length);
 867         MD5Final(confounded_session_key.data, &ctx);
 868
 869         arcfour_crypt_blob(u.info25.password.data, 516, &confounded_session_key);
 870         memcpy(&u.info25.password.data[516], confounder, 16);
 871
 872         torture_comment(tctx, "Testing SetUserInfo level 25 (set password ex)\n");
 873
 874         status = dcerpc_samr_SetUserInfo(p, tctx, &s);
 875         if (!NT_STATUS_IS_OK(status)) {
 876                 torture_warning(tctx, "SetUserInfo level %u failed - %s\n",
 877                        s.in.level, nt_errstr(status));
 878                 ret = false;
 879         } else {
 880                 *password = newpass;
 881         }
 882
 883         /* This should break the key nicely */
 884         confounded_session_key.data[0]++;
 885
 886         arcfour_crypt_blob(u.info25.password.data, 516, &confounded_session_key);
 887         memcpy(&u.info25.password.data[516], confounder, 16);
 888
 889         torture_comment(tctx, "Testing SetUserInfo level 25 (set password ex) with wrong session key\n");
 890
 891         status = dcerpc_samr_SetUserInfo(p, tctx, &s);
 892         if (!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
 893                 torture_warning(tctx, "SetUserInfo level %u should have failed with WRONG_PASSWORD- %s\n",
 894                        s.in.level, nt_errstr(status));
 895                 ret = false;
 896         }
 897
 898         return ret;
 899 }
 900
 901 static bool test_SetUserPass_18(struct dcerpc_pipe *p, struct torture_context *tctx,
 902                                 struct policy_handle *handle, char **password)
 903 {
 904         NTSTATUS status;
 905         struct samr_SetUserInfo s;
 906         union samr_UserInfo u;
 907         bool ret = true;
 908         DATA_BLOB session_key;
 909         char *newpass;
 910         struct samr_GetUserPwInfo pwp;
 911         struct samr_PwInfo info;
 912         int policy_min_pw_len = 0;
 913         uint8_t lm_hash[16], nt_hash[16];
 914
 915         pwp.in.user_handle = handle;
 916         pwp.out.info = &info;
 917
 918         status = dcerpc_samr_GetUserPwInfo(p, tctx, &pwp);
 919         if (NT_STATUS_IS_OK(status)) {
 920                 policy_min_pw_len = pwp.out.info->min_password_length;
 921         }
 922         newpass = samr_rand_pass(tctx, policy_min_pw_len);
 923
 924         s.in.user_handle = handle;
 925         s.in.info = &u;
 926         s.in.level = 18;
 927
 928         ZERO_STRUCT(u);
 929
 930         u.info18.nt_pwd_active = true;
 931         u.info18.lm_pwd_active = true;
 932
 933         E_md4hash(newpass, nt_hash);
 934         E_deshash(newpass, lm_hash);
 935
 936         status = dcerpc_fetch_session_key(p, &session_key);
 937         if (!NT_STATUS_IS_OK(status)) {
 938                 torture_warning(tctx, "SetUserInfo level %u - no session key - %s\n",
 939                        s.in.level, nt_errstr(status));
 940                 return false;
 941         }
 942
 943         {
 944                 DATA_BLOB in,out;
 945                 in = data_blob_const(nt_hash, 16);
 946                 out = data_blob_talloc_zero(tctx, 16);
 947                 sess_crypt_blob(&out, &in, &session_key, true);
 948                 memcpy(u.info18.nt_pwd.hash, out.data, out.length);
 949         }
 950         {
 951                 DATA_BLOB in,out;
 952                 in = data_blob_const(lm_hash, 16);
 953                 out = data_blob_talloc_zero(tctx, 16);
 954                 sess_crypt_blob(&out, &in, &session_key, true);
 955                 memcpy(u.info18.lm_pwd.hash, out.data, out.length);
 956         }
 957
 958         torture_comment(tctx, "Testing SetUserInfo level 18 (set password hash)\n");
 959
 960         status = dcerpc_samr_SetUserInfo(p, tctx, &s);
 961         if (!NT_STATUS_IS_OK(status)) {
 962                 torture_warning(tctx, "SetUserInfo level %u failed - %s\n",
 963                        s.in.level, nt_errstr(status));
 964                 ret = false;
 965         } else {
 966                 *password = newpass;
 967         }
 968
 969         return ret;
 970 }
 971
 972 static bool test_SetUserPass_21(struct dcerpc_pipe *p, struct torture_context *tctx,
 973                                 struct policy_handle *handle, uint32_t fields_present,
 974                                 char **password)
 975 {
 976         NTSTATUS status;
 977         struct samr_SetUserInfo s;
 978         union samr_UserInfo u;
 979         bool ret = true;
 980         DATA_BLOB session_key;
 981         char *newpass;
 982         struct samr_GetUserPwInfo pwp;
 983         struct samr_PwInfo info;
 984         int policy_min_pw_len = 0;
 985         uint8_t lm_hash[16], nt_hash[16];
 986
 987         pwp.in.user_handle = handle;
 988         pwp.out.info = &info;
 989
 990         status = dcerpc_samr_GetUserPwInfo(p, tctx, &pwp);
 991         if (NT_STATUS_IS_OK(status)) {
 992                 policy_min_pw_len = pwp.out.info->min_password_length;
 993         }
 994         newpass = samr_rand_pass(tctx, policy_min_pw_len);
 995
 996         s.in.user_handle = handle;
 997         s.in.info = &u;
 998         s.in.level = 21;
 999
1000         E_md4hash(newpass, nt_hash);
1001         E_deshash(newpass, lm_hash);
1002
1003         ZERO_STRUCT(u);
1004
1005         u.info21.fields_present = fields_present;
1006
1007         if (fields_present & SAMR_FIELD_LM_PASSWORD_PRESENT) {
1008                 u.info21.lm_owf_password.length = 16;
1009                 u.info21.lm_owf_password.size = 16;
1010                 u.info21.lm_owf_password.array = (uint16_t *)lm_hash;
1011                 u.info21.lm_password_set = true;
1012         }
1013
1014         if (fields_present & SAMR_FIELD_NT_PASSWORD_PRESENT) {
1015                 u.info21.nt_owf_password.length = 16;
1016                 u.info21.nt_owf_password.size = 16;
1017                 u.info21.nt_owf_password.array = (uint16_t *)nt_hash;
1018                 u.info21.nt_password_set = true;
1019         }
1020
1021         status = dcerpc_fetch_session_key(p, &session_key);
1022         if (!NT_STATUS_IS_OK(status)) {
1023                 torture_warning(tctx, "SetUserInfo level %u - no session key - %s\n",
1024                        s.in.level, nt_errstr(status));
1025                 return false;
1026         }
1027
1028         if (fields_present & SAMR_FIELD_LM_PASSWORD_PRESENT) {
1029                 DATA_BLOB in,out;
1030                 in = data_blob_const(u.info21.lm_owf_password.array,
1031                                      u.info21.lm_owf_password.length);
1032                 out = data_blob_talloc_zero(tctx, 16);
1033                 sess_crypt_blob(&out, &in, &session_key, true);
1034                 u.info21.lm_owf_password.array = (uint16_t *)out.data;
1035         }
1036
1037         if (fields_present & SAMR_FIELD_NT_PASSWORD_PRESENT) {
1038                 DATA_BLOB in,out;
1039                 in = data_blob_const(u.info21.nt_owf_password.array,
1040                                      u.info21.nt_owf_password.length);
1041                 out = data_blob_talloc_zero(tctx, 16);
1042                 sess_crypt_blob(&out, &in, &session_key, true);
1043                 u.info21.nt_owf_password.array = (uint16_t *)out.data;
1044         }
1045
1046         torture_comment(tctx, "Testing SetUserInfo level 21 (set password hash)\n");
1047
1048         status = dcerpc_samr_SetUserInfo(p, tctx, &s);
1049         if (!NT_STATUS_IS_OK(status)) {
1050                 torture_warning(tctx, "SetUserInfo level %u failed - %s\n",
1051                        s.in.level, nt_errstr(status));
1052                 ret = false;
1053         } else {
1054                 *password = newpass;
1055         }
1056
1057         /* try invalid length */
1058         if (fields_present & SAMR_FIELD_NT_PASSWORD_PRESENT) {
1059
1060                 u.info21.nt_owf_password.length++;
1061
1062                 status = dcerpc_samr_SetUserInfo(p, tctx, &s);
1063
1064                 if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
1065                         torture_warning(tctx, "SetUserInfo level %u should have failed with NT_STATUS_INVALID_PARAMETER - %s\n",
1066                                s.in.level, nt_errstr(status));
1067                         ret = false;
1068                 }
1069         }
1070
1071         if (fields_present & SAMR_FIELD_LM_PASSWORD_PRESENT) {
1072
1073                 u.info21.lm_owf_password.length++;
1074
1075                 status = dcerpc_samr_SetUserInfo(p, tctx, &s);
1076
1077                 if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
1078                         torture_warning(tctx, "SetUserInfo level %u should have failed with NT_STATUS_INVALID_PARAMETER - %s\n",
1079                                s.in.level, nt_errstr(status));
1080                         ret = false;
1081                 }
1082         }
1083
1084         return ret;
1085 }
1086
1087 static bool test_SetUserPass_level_ex(struct dcerpc_pipe *p,
1088                                       struct torture_context *tctx,
1089                                       struct policy_handle *handle,
1090                                       uint16_t level,
1091                                       uint32_t fields_present,
1092                                       char **password, uint8_t password_expired,
1093                                       bool use_setinfo2,
1094                                       bool *matched_expected_error)
1095 {
1096         NTSTATUS status;
1097         NTSTATUS expected_error = NT_STATUS_OK;
1098         struct samr_SetUserInfo s;
1099         struct samr_SetUserInfo2 s2;
1100         union samr_UserInfo u;
1101         bool ret = true;
1102         DATA_BLOB session_key;
1103         DATA_BLOB confounded_session_key = data_blob_talloc(tctx, NULL, 16);
1104         struct MD5Context ctx;
1105         uint8_t confounder[16];
1106         char *newpass;
1107         struct samr_GetUserPwInfo pwp;
1108         struct samr_PwInfo info;
1109         int policy_min_pw_len = 0;
1110         const char *comment = NULL;
1111         uint8_t lm_hash[16], nt_hash[16];
1112
1113         pwp.in.user_handle = handle;
1114         pwp.out.info = &info;
1115
1116         status = dcerpc_samr_GetUserPwInfo(p, tctx, &pwp);
1117         if (NT_STATUS_IS_OK(status)) {
1118                 policy_min_pw_len = pwp.out.info->min_password_length;
1119         }
1120         newpass = samr_rand_pass_silent(tctx, policy_min_pw_len);
1121
1122         if (use_setinfo2) {
1123                 s2.in.user_handle = handle;
1124                 s2.in.info = &u;
1125                 s2.in.level = level;
1126         } else {
1127                 s.in.user_handle = handle;
1128                 s.in.info = &u;
1129                 s.in.level = level;
1130         }
1131
1132         if (fields_present & SAMR_FIELD_COMMENT) {
1133                 comment = talloc_asprintf(tctx, "comment: %ld\n", time(NULL));
1134         }
1135
1136         ZERO_STRUCT(u);
1137
1138         switch (level) {
1139         case 18:
1140                 E_md4hash(newpass, nt_hash);
1141                 E_deshash(newpass, lm_hash);
1142
1143                 u.info18.nt_pwd_active = true;
1144                 u.info18.lm_pwd_active = true;
1145                 u.info18.password_expired = password_expired;
1146
1147                 memcpy(u.info18.lm_pwd.hash, lm_hash, 16);
1148                 memcpy(u.info18.nt_pwd.hash, nt_hash, 16);
1149
1150                 break;
1151         case 21:
1152                 E_md4hash(newpass, nt_hash);
1153                 E_deshash(newpass, lm_hash);
1154
1155                 u.info21.fields_present = fields_present;
1156                 u.info21.password_expired = password_expired;
1157                 u.info21.comment.string = comment;
1158
1159                 if (fields_present & SAMR_FIELD_LM_PASSWORD_PRESENT) {
1160                         u.info21.lm_owf_password.length = 16;
1161                         u.info21.lm_owf_password.size = 16;
1162                         u.info21.lm_owf_password.array = (uint16_t *)lm_hash;
1163                         u.info21.lm_password_set = true;
1164                 }
1165
1166                 if (fields_present & SAMR_FIELD_NT_PASSWORD_PRESENT) {
1167                         u.info21.nt_owf_password.length = 16;
1168                         u.info21.nt_owf_password.size = 16;
1169                         u.info21.nt_owf_password.array = (uint16_t *)nt_hash;
1170                         u.info21.nt_password_set = true;
1171                 }
1172
1173                 break;
1174         case 23:
1175                 u.info23.info.fields_present = fields_present;
1176                 u.info23.info.password_expired = password_expired;
1177                 u.info23.info.comment.string = comment;
1178
1179                 encode_pw_buffer(u.info23.password.data, newpass, STR_UNICODE);
1180
1181                 break;
1182         case 24:
1183                 u.info24.password_expired = password_expired;
1184
1185                 encode_pw_buffer(u.info24.password.data, newpass, STR_UNICODE);
1186
1187                 break;
1188         case 25:
1189                 u.info25.info.fields_present = fields_present;
1190                 u.info25.info.password_expired = password_expired;
1191                 u.info25.info.comment.string = comment;
1192
1193                 encode_pw_buffer(u.info25.password.data, newpass, STR_UNICODE);
1194
1195                 break;
1196         case 26:
1197                 u.info26.password_expired = password_expired;
1198
1199                 encode_pw_buffer(u.info26.password.data, newpass, STR_UNICODE);
1200
1201                 break;
1202         }
1203
1204         status = dcerpc_fetch_session_key(p, &session_key);
1205         if (!NT_STATUS_IS_OK(status)) {
1206                 torture_warning(tctx, "SetUserInfo level %u - no session key - %s\n",
1207                        s.in.level, nt_errstr(status));
1208                 return false;
1209         }
1210
1211         generate_random_buffer((uint8_t *)confounder, 16);
1212
1213         MD5Init(&ctx);
1214         MD5Update(&ctx, confounder, 16);
1215         MD5Update(&ctx, session_key.data, session_key.length);
1216         MD5Final(confounded_session_key.data, &ctx);
1217
1218         switch (level) {
1219         case 18:
1220                 {
1221                         DATA_BLOB in,out;
1222                         in = data_blob_const(u.info18.nt_pwd.hash, 16);
1223                         out = data_blob_talloc_zero(tctx, 16);
1224                         sess_crypt_blob(&out, &in, &session_key, true);
1225                         memcpy(u.info18.nt_pwd.hash, out.data, out.length);
1226                 }
1227                 {
1228                         DATA_BLOB in,out;
1229                         in = data_blob_const(u.info18.lm_pwd.hash, 16);
1230                         out = data_blob_talloc_zero(tctx, 16);
1231                         sess_crypt_blob(&out, &in, &session_key, true);
1232                         memcpy(u.info18.lm_pwd.hash, out.data, out.length);
1233                 }
1234
1235                 break;
1236         case 21:
1237                 if (fields_present & SAMR_FIELD_LM_PASSWORD_PRESENT) {
1238                         DATA_BLOB in,out;
1239                         in = data_blob_const(u.info21.lm_owf_password.array,
1240                                              u.info21.lm_owf_password.length);
1241                         out = data_blob_talloc_zero(tctx, 16);
1242                         sess_crypt_blob(&out, &in, &session_key, true);
1243                         u.info21.lm_owf_password.array = (uint16_t *)out.data;
1244                 }
1245                 if (fields_present & SAMR_FIELD_NT_PASSWORD_PRESENT) {
1246                         DATA_BLOB in,out;
1247                         in = data_blob_const(u.info21.nt_owf_password.array,
1248                                              u.info21.nt_owf_password.length);
1249                         out = data_blob_talloc_zero(tctx, 16);
1250                         sess_crypt_blob(&out, &in, &session_key, true);
1251                         u.info21.nt_owf_password.array = (uint16_t *)out.data;
1252                 }
1253                 break;
1254         case 23:
1255                 arcfour_crypt_blob(u.info23.password.data, 516, &session_key);
1256                 break;
1257         case 24:
1258                 arcfour_crypt_blob(u.info24.password.data, 516, &session_key);
1259                 break;
1260         case 25:
1261                 arcfour_crypt_blob(u.info25.password.data, 516, &confounded_session_key);
1262                 memcpy(&u.info25.password.data[516], confounder, 16);
1263                 break;
1264         case 26:
1265                 arcfour_crypt_blob(u.info26.password.data, 516, &confounded_session_key);
1266                 memcpy(&u.info26.password.data[516], confounder, 16);
1267                 break;
1268         }
1269
1270         if (use_setinfo2) {
1271                 status = dcerpc_samr_SetUserInfo2(p, tctx, &s2);
1272         } else {
1273                 status = dcerpc_samr_SetUserInfo(p, tctx, &s);
1274         }
1275
1276         if (!NT_STATUS_IS_OK(status)) {
1277                 if (fields_present == 0) {
1278                         expected_error = NT_STATUS_INVALID_PARAMETER;
1279                 }
1280                 if (fields_present & SAMR_FIELD_LAST_PWD_CHANGE) {
1281                         expected_error = NT_STATUS_ACCESS_DENIED;
1282                 }
1283         }
1284
1285         if (!NT_STATUS_IS_OK(expected_error)) {
1286                 if (use_setinfo2) {
1287                         torture_assert_ntstatus_equal(tctx,
1288                                 s2.out.result,
1289                                 expected_error, "SetUserInfo2 failed");
1290                 } else {
1291                         torture_assert_ntstatus_equal(tctx,
1292                                 s.out.result,
1293                                 expected_error, "SetUserInfo failed");
1294                 }
1295                 *matched_expected_error = true;
1296                 return true;
1297         }
1298
1299         if (!NT_STATUS_IS_OK(status)) {
1300                 torture_warning(tctx, "SetUserInfo%s level %u failed - %s\n",
1301                        use_setinfo2 ? "2":"", level, nt_errstr(status));
1302                 ret = false;
1303         } else {
1304                 *password = newpass;
1305         }
1306
1307         return ret;
1308 }
1309
1310 static bool test_SetAliasInfo(struct dcerpc_pipe *p, struct torture_context *tctx,
1311                                struct policy_handle *handle)
1312 {
1313         NTSTATUS status;
1314         struct samr_SetAliasInfo r;
1315         struct samr_QueryAliasInfo q;
1316         union samr_AliasInfo *info;
1317         uint16_t levels[] = {2, 3};
1318         int i;
1319         bool ret = true;
1320
1321         /* Ignoring switch level 1, as that includes the number of members for the alias
1322          * and setting this to a wrong value might have negative consequences
1323          */
1324
1325         for (i=0;i<ARRAY_SIZE(levels);i++) {
1326                 torture_comment(tctx, "Testing SetAliasInfo level %u\n", levels[i]);
1327
1328                 r.in.alias_handle = handle;
1329                 r.in.level = levels[i];
1330                 r.in.info  = talloc(tctx, union samr_AliasInfo);
1331                 switch (r.in.level) {
1332                     case ALIASINFONAME: init_lsa_String(&r.in.info->name,TEST_ALIASNAME); break;
1333                     case ALIASINFODESCRIPTION: init_lsa_String(&r.in.info->description,
1334                                 "Test Description, should test I18N as well"); break;
1335                     case ALIASINFOALL: torture_comment(tctx, "ALIASINFOALL ignored\n"); break;
1336                 }
1337
1338                 status = dcerpc_samr_SetAliasInfo(p, tctx, &r);
1339                 if (!NT_STATUS_IS_OK(status)) {
1340                         torture_warning(tctx, "SetAliasInfo level %u failed - %s\n",
1341                                levels[i], nt_errstr(status));
1342                         ret = false;
1343                 }
1344
1345                 q.in.alias_handle = handle;
1346                 q.in.level = levels[i];
1347                 q.out.info = &info;
1348
1349                 status = dcerpc_samr_QueryAliasInfo(p, tctx, &q);
1350                 if (!NT_STATUS_IS_OK(status)) {
1351                         torture_warning(tctx, "QueryAliasInfo level %u failed - %s\n",
1352                                levels[i], nt_errstr(status));
1353                         ret = false;
1354                 }
1355         }
1356
1357         return ret;
1358 }
1359
1360 static bool test_GetGroupsForUser(struct dcerpc_pipe *p, struct torture_context *tctx,
1361                                   struct policy_handle *user_handle)
1362 {
1363         struct samr_GetGroupsForUser r;
1364         struct samr_RidWithAttributeArray *rids = NULL;
1365         NTSTATUS status;
1366
1367         torture_comment(tctx, "testing GetGroupsForUser\n");
1368
1369         r.in.user_handle = user_handle;
1370         r.out.rids = &rids;
1371
1372         status = dcerpc_samr_GetGroupsForUser(p, tctx, &r);
1373         torture_assert_ntstatus_ok(tctx, status, "GetGroupsForUser");
1374
1375         return true;
1376
1377 }
1378
1379 static bool test_GetDomPwInfo(struct dcerpc_pipe *p, struct torture_context *tctx,
1380                               struct lsa_String *domain_name)
1381 {
1382         NTSTATUS status;
1383         struct samr_GetDomPwInfo r;
1384         struct samr_PwInfo info;
1385
1386         r.in.domain_name = domain_name;
1387         r.out.info = &info;
1388
1389         torture_comment(tctx, "Testing GetDomPwInfo with name %s\n", r.in.domain_name->string);
1390
1391         status = dcerpc_samr_GetDomPwInfo(p, tctx, &r);
1392         torture_assert_ntstatus_ok(tctx, status, "GetDomPwInfo");
1393
1394         r.in.domain_name->string = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1395         torture_comment(tctx, "Testing GetDomPwInfo with name %s\n", r.in.domain_name->string);
1396
1397         status = dcerpc_samr_GetDomPwInfo(p, tctx, &r);
1398         torture_assert_ntstatus_ok(tctx, status, "GetDomPwInfo");
1399
1400         r.in.domain_name->string = "\\\\__NONAME__";
1401         torture_comment(tctx, "Testing GetDomPwInfo with name %s\n", r.in.domain_name->string);
1402
1403         status = dcerpc_samr_GetDomPwInfo(p, tctx, &r);
1404         torture_assert_ntstatus_ok(tctx, status, "GetDomPwInfo");
1405
1406         r.in.domain_name->string = "\\\\Builtin";
1407         torture_comment(tctx, "Testing GetDomPwInfo with name %s\n", r.in.domain_name->string);
1408
1409         status = dcerpc_samr_GetDomPwInfo(p, tctx, &r);
1410         torture_assert_ntstatus_ok(tctx, status, "GetDomPwInfo");
1411
1412         return true;
1413 }
1414
1415 static bool test_GetUserPwInfo(struct dcerpc_pipe *p, struct torture_context *tctx,
1416                                struct policy_handle *handle)
1417 {
1418         NTSTATUS status;
1419         struct samr_GetUserPwInfo r;
1420         struct samr_PwInfo info;
1421
1422         torture_comment(tctx, "Testing GetUserPwInfo\n");
1423
1424         r.in.user_handle = handle;
1425         r.out.info = &info;
1426
1427         status = dcerpc_samr_GetUserPwInfo(p, tctx, &r);
1428         torture_assert_ntstatus_ok(tctx, status, "GetUserPwInfo");
1429
1430         return true;
1431 }
1432
1433 static NTSTATUS test_LookupName(struct dcerpc_pipe *p, struct torture_context *tctx,
1434                                 struct policy_handle *domain_handle, const char *name,
1435                                 uint32_t *rid)
1436 {
1437         NTSTATUS status;
1438         struct samr_LookupNames n;
1439         struct lsa_String sname[2];
1440         struct samr_Ids rids, types;
1441
1442         init_lsa_String(&sname[0], name);
1443
1444         n.in.domain_handle = domain_handle;
1445         n.in.num_names = 1;
1446         n.in.names = sname;
1447         n.out.rids = &rids;
1448         n.out.types = &types;
1449         status = dcerpc_samr_LookupNames(p, tctx, &n);
1450         if (NT_STATUS_IS_OK(status)) {
1451                 *rid = n.out.rids->ids[0];
1452         } else {
1453                 return status;
1454         }
1455
1456         init_lsa_String(&sname[1], "xxNONAMExx");
1457         n.in.num_names = 2;
1458         status = dcerpc_samr_LookupNames(p, tctx, &n);
1459         if (!NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) {
1460                 torture_warning(tctx, "LookupNames[2] failed - %s\n", nt_errstr(status));
1461                 if (NT_STATUS_IS_OK(status)) {
1462                         return NT_STATUS_UNSUCCESSFUL;
1463                 }
1464                 return status;
1465         }
1466
1467         n.in.num_names = 0;
1468         status = dcerpc_samr_LookupNames(p, tctx, &n);
1469         if (!NT_STATUS_IS_OK(status)) {
1470                 torture_warning(tctx, "LookupNames[0] failed - %s\n", nt_errstr(status));
1471                 return status;
1472         }
1473
1474         init_lsa_String(&sname[0], "xxNONAMExx");
1475         n.in.num_names = 1;
1476         status = dcerpc_samr_LookupNames(p, tctx, &n);
1477         if (!NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)) {
1478                 torture_warning(tctx, "LookupNames[1 bad name] failed - %s\n", nt_errstr(status));
1479                 if (NT_STATUS_IS_OK(status)) {
1480                         return NT_STATUS_UNSUCCESSFUL;
1481                 }
1482                 return status;
1483         }
1484
1485         init_lsa_String(&sname[0], "xxNONAMExx");
1486         init_lsa_String(&sname[1], "xxNONAME2xx");
1487         n.in.num_names = 2;
1488         status = dcerpc_samr_LookupNames(p, tctx, &n);
1489         if (!NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)) {
1490                 torture_warning(tctx, "LookupNames[2 bad names] failed - %s\n", nt_errstr(status));
1491                 if (NT_STATUS_IS_OK(status)) {
1492                         return NT_STATUS_UNSUCCESSFUL;
1493                 }
1494                 return status;
1495         }
1496
1497         return NT_STATUS_OK;
1498 }
1499
1500 static NTSTATUS test_OpenUser_byname(struct dcerpc_pipe *p,
1501                                      struct torture_context *tctx,
1502                                      struct policy_handle *domain_handle,
1503                                      const char *name, struct policy_handle *user_handle)
1504 {
1505         NTSTATUS status;
1506         struct samr_OpenUser r;
1507         uint32_t rid;
1508
1509         status = test_LookupName(p, tctx, domain_handle, name, &rid);
1510         if (!NT_STATUS_IS_OK(status)) {
1511                 return status;
1512         }
1513
1514         r.in.domain_handle = domain_handle;
1515         r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
1516         r.in.rid = rid;
1517         r.out.user_handle = user_handle;
1518         status = dcerpc_samr_OpenUser(p, tctx, &r);
1519         if (!NT_STATUS_IS_OK(status)) {
1520                 torture_warning(tctx, "OpenUser_byname(%s -> %d) failed - %s\n", name, rid, nt_errstr(status));
1521         }
1522
1523         return status;
1524 }
1525
1526 #if 0
1527 static bool test_ChangePasswordNT3(struct dcerpc_pipe *p,
1528                                    struct torture_context *tctx,
1529                                    struct policy_handle *handle)
1530 {
1531         NTSTATUS status;
1532         struct samr_ChangePasswordUser r;
1533         bool ret = true;
1534         struct samr_Password hash1, hash2, hash3, hash4, hash5, hash6;
1535         struct policy_handle user_handle;
1536         char *oldpass = "test";
1537         char *newpass = "test2";
1538         uint8_t old_nt_hash[16], new_nt_hash[16];
1539         uint8_t old_lm_hash[16], new_lm_hash[16];
1540
1541         status = test_OpenUser_byname(p, tctx, handle, "testuser", &user_handle);
1542         if (!NT_STATUS_IS_OK(status)) {
1543                 return false;
1544         }
1545
1546         torture_comment(tctx, "Testing ChangePasswordUser for user 'testuser'\n");
1547
1548         torture_comment(tctx, "old password: %s\n", oldpass);
1549         torture_comment(tctx, "new password: %s\n", newpass);
1550
1551         E_md4hash(oldpass, old_nt_hash);
1552         E_md4hash(newpass, new_nt_hash);
1553         E_deshash(oldpass, old_lm_hash);
1554         E_deshash(newpass, new_lm_hash);
1555
1556         E_old_pw_hash(new_lm_hash, old_lm_hash, hash1.hash);
1557         E_old_pw_hash(old_lm_hash, new_lm_hash, hash2.hash);
1558         E_old_pw_hash(new_nt_hash, old_nt_hash, hash3.hash);
1559         E_old_pw_hash(old_nt_hash, new_nt_hash, hash4.hash);
1560         E_old_pw_hash(old_lm_hash, new_nt_hash, hash5.hash);
1561         E_old_pw_hash(old_nt_hash, new_lm_hash, hash6.hash);
1562
1563         r.in.handle = &user_handle;
1564         r.in.lm_present = 1;
1565         r.in.old_lm_crypted = &hash1;
1566         r.in.new_lm_crypted = &hash2;
1567         r.in.nt_present = 1;
1568         r.in.old_nt_crypted = &hash3;
1569         r.in.new_nt_crypted = &hash4;
1570         r.in.cross1_present = 1;
1571         r.in.nt_cross = &hash5;
1572         r.in.cross2_present = 1;
1573         r.in.lm_cross = &hash6;
1574
1575         status = dcerpc_samr_ChangePasswordUser(p, tctx, &r);
1576         if (!NT_STATUS_IS_OK(status)) {
1577                 torture_warning(tctx, "ChangePasswordUser failed - %s\n", nt_errstr(status));
1578                 ret = false;
1579         }
1580
1581         if (!test_samr_handle_Close(p, tctx, &user_handle)) {
1582                 ret = false;
1583         }
1584
1585         return ret;
1586 }
1587 #endif
1588
1589 static bool test_ChangePasswordUser(struct dcerpc_pipe *p, struct torture_context *tctx,
1590                                     const char *acct_name,
1591                                     struct policy_handle *handle, char **password)
1592 {
1593         NTSTATUS status;
1594         struct samr_ChangePasswordUser r;
1595         bool ret = true;
1596         struct samr_Password hash1, hash2, hash3, hash4, hash5, hash6;
1597         struct policy_handle user_handle;
1598         char *oldpass;
1599         uint8_t old_nt_hash[16], new_nt_hash[16];
1600         uint8_t old_lm_hash[16], new_lm_hash[16];
1601         bool changed = true;
1602
1603         char *newpass;
1604         struct samr_GetUserPwInfo pwp;
1605         struct samr_PwInfo info;
1606         int policy_min_pw_len = 0;
1607
1608         status = test_OpenUser_byname(p, tctx, handle, acct_name, &user_handle);
1609         if (!NT_STATUS_IS_OK(status)) {
1610                 return false;
1611         }
1612         pwp.in.user_handle = &user_handle;
1613         pwp.out.info = &info;
1614
1615         status = dcerpc_samr_GetUserPwInfo(p, tctx, &pwp);
1616         if (NT_STATUS_IS_OK(status)) {
1617                 policy_min_pw_len = pwp.out.info->min_password_length;
1618         }
1619         newpass = samr_rand_pass(tctx, policy_min_pw_len);
1620
1621         torture_comment(tctx, "Testing ChangePasswordUser\n");
1622
1623         torture_assert(tctx, *password != NULL,
1624                                    "Failing ChangePasswordUser as old password was NULL.  Previous test failed?");
1625
1626         oldpass = *password;
1627
1628         E_md4hash(oldpass, old_nt_hash);
1629         E_md4hash(newpass, new_nt_hash);
1630         E_deshash(oldpass, old_lm_hash);
1631         E_deshash(newpass, new_lm_hash);
1632
1633         E_old_pw_hash(new_lm_hash, old_lm_hash, hash1.hash);
1634         E_old_pw_hash(old_lm_hash, new_lm_hash, hash2.hash);
1635         E_old_pw_hash(new_nt_hash, old_nt_hash, hash3.hash);
1636         E_old_pw_hash(old_nt_hash, new_nt_hash, hash4.hash);
1637         E_old_pw_hash(old_lm_hash, new_nt_hash, hash5.hash);
1638         E_old_pw_hash(old_nt_hash, new_lm_hash, hash6.hash);
1639
1640         r.in.user_handle = &user_handle;
1641         r.in.lm_present = 1;
1642         /* Break the LM hash */
1643         hash1.hash[0]++;
1644         r.in.old_lm_crypted = &hash1;
1645         r.in.new_lm_crypted = &hash2;
1646         r.in.nt_present = 1;
1647         r.in.old_nt_crypted = &hash3;
1648         r.in.new_nt_crypted = &hash4;
1649         r.in.cross1_present = 1;
1650         r.in.nt_cross = &hash5;
1651         r.in.cross2_present = 1;
1652         r.in.lm_cross = &hash6;
1653
1654         status = dcerpc_samr_ChangePasswordUser(p, tctx, &r);
1655         torture_assert_ntstatus_equal(tctx, status, NT_STATUS_WRONG_PASSWORD,
1656                 "ChangePasswordUser failed: expected NT_STATUS_WRONG_PASSWORD because we broke the LM hash");
1657
1658         /* Unbreak the LM hash */
1659         hash1.hash[0]--;
1660
1661         r.in.user_handle = &user_handle;
1662         r.in.lm_present = 1;
1663         r.in.old_lm_crypted = &hash1;
1664         r.in.new_lm_crypted = &hash2;
1665         /* Break the NT hash */
1666         hash3.hash[0]--;
1667         r.in.nt_present = 1;
1668         r.in.old_nt_crypted = &hash3;
1669         r.in.new_nt_crypted = &hash4;
1670         r.in.cross1_present = 1;
1671         r.in.nt_cross = &hash5;
1672         r.in.cross2_present = 1;
1673         r.in.lm_cross = &hash6;
1674
1675         status = dcerpc_samr_ChangePasswordUser(p, tctx, &r);
1676         torture_assert_ntstatus_equal(tctx, status, NT_STATUS_WRONG_PASSWORD,
1677                 "expected NT_STATUS_WRONG_PASSWORD because we broke the NT hash");
1678
1679         /* Unbreak the NT hash */
1680         hash3.hash[0]--;
1681
1682         r.in.user_handle = &user_handle;
1683         r.in.lm_present = 1;
1684         r.in.old_lm_crypted = &hash1;
1685         r.in.new_lm_crypted = &hash2;
1686         r.in.nt_present = 1;
1687         r.in.old_nt_crypted = &hash3;
1688         r.in.new_nt_crypted = &hash4;
1689         r.in.cross1_present = 1;
1690         r.in.nt_cross = &hash5;
1691         r.in.cross2_present = 1;
1692         /* Break the LM cross */
1693         hash6.hash[0]++;
1694         r.in.lm_cross = &hash6;
1695
1696         status = dcerpc_samr_ChangePasswordUser(p, tctx, &r);
1697         if (!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
1698                 torture_warning(tctx, "ChangePasswordUser failed: expected NT_STATUS_WRONG_PASSWORD because we broke the LM cross-hash, got %s\n", nt_errstr(status));
1699                 ret = false;
1700         }
1701
1702         /* Unbreak the LM cross */
1703         hash6.hash[0]--;
1704
1705         r.in.user_handle = &user_handle;
1706         r.in.lm_present = 1;
1707         r.in.old_lm_crypted = &hash1;
1708         r.in.new_lm_crypted = &hash2;
1709         r.in.nt_present = 1;
1710         r.in.old_nt_crypted = &hash3;
1711         r.in.new_nt_crypted = &hash4;
1712         r.in.cross1_present = 1;
1713         /* Break the NT cross */
1714         hash5.hash[0]++;
1715         r.in.nt_cross = &hash5;
1716         r.in.cross2_present = 1;
1717         r.in.lm_cross = &hash6;
1718
1719         status = dcerpc_samr_ChangePasswordUser(p, tctx, &r);
1720         if (!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
1721                 torture_warning(tctx, "ChangePasswordUser failed: expected NT_STATUS_WRONG_PASSWORD because we broke the NT cross-hash, got %s\n", nt_errstr(status));
1722                 ret = false;
1723         }
1724
1725         /* Unbreak the NT cross */
1726         hash5.hash[0]--;
1727
1728
1729         /* Reset the hashes to not broken values */
1730         E_old_pw_hash(new_lm_hash, old_lm_hash, hash1.hash);
1731         E_old_pw_hash(old_lm_hash, new_lm_hash, hash2.hash);
1732         E_old_pw_hash(new_nt_hash, old_nt_hash, hash3.hash);
1733         E_old_pw_hash(old_nt_hash, new_nt_hash, hash4.hash);
1734         E_old_pw_hash(old_lm_hash, new_nt_hash, hash5.hash);
1735         E_old_pw_hash(old_nt_hash, new_lm_hash, hash6.hash);
1736
1737         r.in.user_handle = &user_handle;
1738         r.in.lm_present = 1;
1739         r.in.old_lm_crypted = &hash1;
1740         r.in.new_lm_crypted = &hash2;
1741         r.in.nt_present = 1;
1742         r.in.old_nt_crypted = &hash3;
1743         r.in.new_nt_crypted = &hash4;
1744         r.in.cross1_present = 1;
1745         r.in.nt_cross = &hash5;
1746         r.in.cross2_present = 0;
1747         r.in.lm_cross = NULL;
1748
1749         status = dcerpc_samr_ChangePasswordUser(p, tctx, &r);
1750         if (NT_STATUS_IS_OK(status)) {
1751                 changed = true;
1752                 *password = newpass;
1753         } else if (!NT_STATUS_EQUAL(NT_STATUS_PASSWORD_RESTRICTION, status)) {
1754                 torture_warning(tctx, "ChangePasswordUser failed: expected NT_STATUS_OK, or at least NT_STATUS_PASSWORD_RESTRICTION, got %s\n", nt_errstr(status));
1755                 ret = false;
1756         }
1757
1758         oldpass = newpass;
1759         newpass = samr_rand_pass(tctx, policy_min_pw_len);
1760
1761         E_md4hash(oldpass, old_nt_hash);
1762         E_md4hash(newpass, new_nt_hash);
1763         E_deshash(oldpass, old_lm_hash);
1764         E_deshash(newpass, new_lm_hash);
1765
1766
1767         /* Reset the hashes to not broken values */
1768         E_old_pw_hash(new_lm_hash, old_lm_hash, hash1.hash);
1769         E_old_pw_hash(old_lm_hash, new_lm_hash, hash2.hash);
1770         E_old_pw_hash(new_nt_hash, old_nt_hash, hash3.hash);
1771         E_old_pw_hash(old_nt_hash, new_nt_hash, hash4.hash);
1772         E_old_pw_hash(old_lm_hash, new_nt_hash, hash5.hash);
1773         E_old_pw_hash(old_nt_hash, new_lm_hash, hash6.hash);
1774
1775         r.in.user_handle = &user_handle;
1776         r.in.lm_present = 1;
1777         r.in.old_lm_crypted = &hash1;
1778         r.in.new_lm_crypted = &hash2;
1779         r.in.nt_present = 1;
1780         r.in.old_nt_crypted = &hash3;
1781         r.in.new_nt_crypted = &hash4;
1782         r.in.cross1_present = 0;
1783         r.in.nt_cross = NULL;
1784         r.in.cross2_present = 1;
1785         r.in.lm_cross = &hash6;
1786
1787         status = dcerpc_samr_ChangePasswordUser(p, tctx, &r);
1788         if (NT_STATUS_IS_OK(status)) {
1789                 changed = true;
1790                 *password = newpass;
1791         } else if (!NT_STATUS_EQUAL(NT_STATUS_PASSWORD_RESTRICTION, status)) {
1792                 torture_warning(tctx, "ChangePasswordUser failed: expected NT_STATUS_NT_CROSS_ENCRYPTION_REQUIRED, got %s\n", nt_errstr(status));
1793                 ret = false;
1794         }
1795
1796         oldpass = newpass;
1797         newpass = samr_rand_pass(tctx, policy_min_pw_len);
1798
1799         E_md4hash(oldpass, old_nt_hash);
1800         E_md4hash(newpass, new_nt_hash);
1801         E_deshash(oldpass, old_lm_hash);
1802         E_deshash(newpass, new_lm_hash);
1803
1804
1805         /* Reset the hashes to not broken values */
1806         E_old_pw_hash(new_lm_hash, old_lm_hash, hash1.hash);
1807         E_old_pw_hash(old_lm_hash, new_lm_hash, hash2.hash);
1808         E_old_pw_hash(new_nt_hash, old_nt_hash, hash3.hash);
1809         E_old_pw_hash(old_nt_hash, new_nt_hash, hash4.hash);
1810         E_old_pw_hash(old_lm_hash, new_nt_hash, hash5.hash);
1811         E_old_pw_hash(old_nt_hash, new_lm_hash, hash6.hash);
1812
1813         r.in.user_handle = &user_handle;
1814         r.in.lm_present = 1;
1815         r.in.old_lm_crypted = &hash1;
1816         r.in.new_lm_crypted = &hash2;
1817         r.in.nt_present = 1;
1818         r.in.old_nt_crypted = &hash3;
1819         r.in.new_nt_crypted = &hash4;
1820         r.in.cross1_present = 1;
1821         r.in.nt_cross = &hash5;
1822         r.in.cross2_present = 1;
1823         r.in.lm_cross = &hash6;
1824
1825         status = dcerpc_samr_ChangePasswordUser(p, tctx, &r);
1826         if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) {
1827                 torture_comment(tctx, "ChangePasswordUser returned: %s perhaps min password age? (not fatal)\n", nt_errstr(status));
1828         } else  if (!NT_STATUS_IS_OK(status)) {
1829                 torture_warning(tctx, "ChangePasswordUser failed - %s\n", nt_errstr(status));
1830                 ret = false;
1831         } else {
1832                 changed = true;
1833                 *password = newpass;
1834         }
1835
1836         r.in.user_handle = &user_handle;
1837         r.in.lm_present = 1;
1838         r.in.old_lm_crypted = &hash1;
1839         r.in.new_lm_crypted = &hash2;
1840         r.in.nt_present = 1;
1841         r.in.old_nt_crypted = &hash3;
1842         r.in.new_nt_crypted = &hash4;
1843         r.in.cross1_present = 1;
1844         r.in.nt_cross = &hash5;
1845         r.in.cross2_present = 1;
1846         r.in.lm_cross = &hash6;
1847
1848         if (changed) {
1849                 status = dcerpc_samr_ChangePasswordUser(p, tctx, &r);
1850                 if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) {
1851                         torture_comment(tctx, "ChangePasswordUser returned: %s perhaps min password age? (not fatal)\n", nt_errstr(status));
1852                 } else if (!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
1853                         torture_warning(tctx, "ChangePasswordUser failed: expected NT_STATUS_WRONG_PASSWORD because we already changed the password, got %s\n", nt_errstr(status));
1854                         ret = false;
1855                 }
1856         }
1857
1858
1859         if (!test_samr_handle_Close(p, tctx, &user_handle)) {
1860                 ret = false;
1861         }
1862
1863         return ret;
1864 }
1865
1866
1867 static bool test_OemChangePasswordUser2(struct dcerpc_pipe *p, struct torture_context *tctx,
1868                                         const char *acct_name,
1869                                         struct policy_handle *handle, char **password)
1870 {
1871         NTSTATUS status;
1872         struct samr_OemChangePasswordUser2 r;
1873         bool ret = true;
1874         struct samr_Password lm_verifier;
1875         struct samr_CryptPassword lm_pass;
1876         struct lsa_AsciiString server, account, account_bad;
1877         char *oldpass;
1878         char *newpass;
1879         uint8_t old_lm_hash[16], new_lm_hash[16];
1880
1881         struct samr_GetDomPwInfo dom_pw_info;
1882         struct samr_PwInfo info;
1883         int policy_min_pw_len = 0;
1884
1885         struct lsa_String domain_name;
1886
1887         domain_name.string = "";
1888         dom_pw_info.in.domain_name = &domain_name;
1889         dom_pw_info.out.info = &info;
1890
1891         torture_comment(tctx, "Testing OemChangePasswordUser2\n");
1892
1893         torture_assert(tctx, *password != NULL,
1894                                    "Failing OemChangePasswordUser2 as old password was NULL.  Previous test failed?");
1895
1896         oldpass = *password;
1897
1898         status = dcerpc_samr_GetDomPwInfo(p, tctx, &dom_pw_info);
1899         if (NT_STATUS_IS_OK(status)) {
1900                 policy_min_pw_len = dom_pw_info.out.info->min_password_length;
1901         }
1902
1903         newpass = samr_rand_pass(tctx, policy_min_pw_len);
1904
1905         server.string = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1906         account.string = acct_name;
1907
1908         E_deshash(oldpass, old_lm_hash);
1909         E_deshash(newpass, new_lm_hash);
1910
1911         encode_pw_buffer(lm_pass.data, newpass, STR_ASCII);
1912         arcfour_crypt(lm_pass.data, old_lm_hash, 516);
1913         E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash);
1914
1915         r.in.server = &server;
1916         r.in.account = &account;
1917         r.in.password = &lm_pass;
1918         r.in.hash = &lm_verifier;
1919
1920         /* Break the verification */
1921         lm_verifier.hash[0]++;
1922
1923         status = dcerpc_samr_OemChangePasswordUser2(p, tctx, &r);
1924
1925         if (!NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)
1926             && !NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
1927                 torture_warning(tctx, "OemChangePasswordUser2 failed, should have returned WRONG_PASSWORD (or at least 'PASSWORD_RESTRICTON') for invalid password verifier - %s\n",
1928                         nt_errstr(status));
1929                 ret = false;
1930         }
1931
1932         encode_pw_buffer(lm_pass.data, newpass, STR_ASCII);
1933         /* Break the old password */
1934         old_lm_hash[0]++;
1935         arcfour_crypt(lm_pass.data, old_lm_hash, 516);
1936         /* unbreak it for the next operation */
1937         old_lm_hash[0]--;
1938         E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash);
1939
1940         r.in.server = &server;
1941         r.in.account = &account;
1942         r.in.password = &lm_pass;
1943         r.in.hash = &lm_verifier;
1944
1945         status = dcerpc_samr_OemChangePasswordUser2(p, tctx, &r);
1946
1947         if (!NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)
1948             && !NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
1949                 torture_warning(tctx, "OemChangePasswordUser2 failed, should have returned WRONG_PASSWORD (or at least 'PASSWORD_RESTRICTON') for invalidly encrpted password - %s\n",
1950                         nt_errstr(status));
1951                 ret = false;
1952         }
1953
1954         encode_pw_buffer(lm_pass.data, newpass, STR_ASCII);
1955         arcfour_crypt(lm_pass.data, old_lm_hash, 516);
1956
1957         r.in.server = &server;
1958         r.in.account = &account;
1959         r.in.password = &lm_pass;
1960         r.in.hash = NULL;
1961
1962         status = dcerpc_samr_OemChangePasswordUser2(p, tctx, &r);
1963
1964         if (!NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)
1965             && !NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
1966                 torture_warning(tctx, "OemChangePasswordUser2 failed, should have returned INVALID_PARAMETER (or at least 'PASSWORD_RESTRICTON') for no supplied validation hash - %s\n",
1967                         nt_errstr(status));
1968                 ret = false;
1969         }
1970
1971         /* This shouldn't be a valid name */
1972         account_bad.string = TEST_ACCOUNT_NAME "XX";
1973         r.in.account = &account_bad;
1974
1975         status = dcerpc_samr_OemChangePasswordUser2(p, tctx, &r);
1976
1977         if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
1978                 torture_warning(tctx, "OemChangePasswordUser2 failed, should have returned INVALID_PARAMETER for no supplied validation hash and invalid user - %s\n",
1979                         nt_errstr(status));
1980                 ret = false;
1981         }
1982
1983         /* This shouldn't be a valid name */
1984         account_bad.string = TEST_ACCOUNT_NAME "XX";
1985         r.in.account = &account_bad;
1986         r.in.password = &lm_pass;
1987         r.in.hash = &lm_verifier;
1988
1989         status = dcerpc_samr_OemChangePasswordUser2(p, tctx, &r);
1990
1991         if (!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
1992                 torture_warning(tctx, "OemChangePasswordUser2 failed, should have returned WRONG_PASSWORD for invalid user - %s\n",
1993                         nt_errstr(status));
1994                 ret = false;
1995         }
1996
1997         /* This shouldn't be a valid name */
1998         account_bad.string = TEST_ACCOUNT_NAME "XX";
1999         r.in.account = &account_bad;
2000         r.in.password = NULL;
2001         r.in.hash = &lm_verifier;
2002
2003         status = dcerpc_samr_OemChangePasswordUser2(p, tctx, &r);
2004
2005         if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
2006                 torture_warning(tctx, "OemChangePasswordUser2 failed, should have returned INVALID_PARAMETER for no supplied password and invalid user - %s\n",
2007                         nt_errstr(status));
2008                 ret = false;
2009         }
2010
2011         E_deshash(oldpass, old_lm_hash);
2012         E_deshash(newpass, new_lm_hash);
2013
2014         encode_pw_buffer(lm_pass.data, newpass, STR_ASCII);
2015         arcfour_crypt(lm_pass.data, old_lm_hash, 516);
2016         E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash);
2017
2018         r.in.server = &server;
2019         r.in.account = &account;
2020         r.in.password = &lm_pass;
2021         r.in.hash = &lm_verifier;
2022
2023         status = dcerpc_samr_OemChangePasswordUser2(p, tctx, &r);
2024         if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) {
2025                 torture_comment(tctx, "OemChangePasswordUser2 returned: %s perhaps min password age? (not fatal)\n", nt_errstr(status));
2026         } else if (!NT_STATUS_IS_OK(status)) {
2027                 torture_warning(tctx, "OemChangePasswordUser2 failed - %s\n", nt_errstr(status));
2028                 ret = false;
2029         } else {
2030                 *password = newpass;
2031         }
2032
2033         return ret;
2034 }
2035
2036
2037 static bool test_ChangePasswordUser2(struct dcerpc_pipe *p, struct torture_context *tctx,
2038                                      const char *acct_name,
2039                                      char **password,
2040                                      char *newpass, bool allow_password_restriction)
2041 {
2042         NTSTATUS status;
2043         struct samr_ChangePasswordUser2 r;
2044         bool ret = true;
2045         struct lsa_String server, account;
2046         struct samr_CryptPassword nt_pass, lm_pass;
2047         struct samr_Password nt_verifier, lm_verifier;
2048         char *oldpass;
2049         uint8_t old_nt_hash[16], new_nt_hash[16];
2050         uint8_t old_lm_hash[16], new_lm_hash[16];
2051
2052         struct samr_GetDomPwInfo dom_pw_info;
2053         struct samr_PwInfo info;
2054
2055         struct lsa_String domain_name;
2056
2057         domain_name.string = "";
2058         dom_pw_info.in.domain_name = &domain_name;
2059         dom_pw_info.out.info = &info;
2060
2061         torture_comment(tctx, "Testing ChangePasswordUser2 on %s\n", acct_name);
2062
2063         torture_assert(tctx, *password != NULL,
2064                                    "Failing ChangePasswordUser2 as old password was NULL.  Previous test failed?");
2065         oldpass = *password;
2066
2067         if (!newpass) {
2068                 int policy_min_pw_len = 0;
2069                 status = dcerpc_samr_GetDomPwInfo(p, tctx, &dom_pw_info);
2070                 if (NT_STATUS_IS_OK(status)) {
2071                         policy_min_pw_len = dom_pw_info.out.info->min_password_length;
2072                 }
2073
2074                 newpass = samr_rand_pass(tctx, policy_min_pw_len);
2075         }
2076
2077         server.string = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
2078         init_lsa_String(&account, acct_name);
2079
2080         E_md4hash(oldpass, old_nt_hash);
2081         E_md4hash(newpass, new_nt_hash);
2082
2083         E_deshash(oldpass, old_lm_hash);
2084         E_deshash(newpass, new_lm_hash);
2085
2086         encode_pw_buffer(lm_pass.data, newpass, STR_ASCII|STR_TERMINATE);
2087         arcfour_crypt(lm_pass.data, old_lm_hash, 516);
2088         E_old_pw_hash(new_nt_hash, old_lm_hash, lm_verifier.hash);
2089
2090         encode_pw_buffer(nt_pass.data, newpass, STR_UNICODE);
2091         arcfour_crypt(nt_pass.data, old_nt_hash, 516);
2092         E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
2093
2094         r.in.server = &server;
2095         r.in.account = &account;
2096         r.in.nt_password = &nt_pass;
2097         r.in.nt_verifier = &nt_verifier;
2098         r.in.lm_change = 1;
2099         r.in.lm_password = &lm_pass;
2100         r.in.lm_verifier = &lm_verifier;
2101
2102         status = dcerpc_samr_ChangePasswordUser2(p, tctx, &r);
2103         if (allow_password_restriction && NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) {
2104                 torture_comment(tctx, "ChangePasswordUser2 returned: %s perhaps min password age? (not fatal)\n", nt_errstr(status));
2105         } else if (!NT_STATUS_IS_OK(status)) {
2106                 torture_warning(tctx, "ChangePasswordUser2 failed - %s\n", nt_errstr(status));
2107                 ret = false;
2108         } else {
2109                 *password = newpass;
2110         }
2111
2112         return ret;
2113 }
2114
2115
2116 bool test_ChangePasswordUser3(struct dcerpc_pipe *p, struct torture_context *tctx,
2117                               const char *account_string,
2118                               int policy_min_pw_len,
2119                               char **password,
2120                               const char *newpass,
2121                               NTTIME last_password_change,
2122                               bool handle_reject_reason)
2123 {
2124         NTSTATUS status;
2125         struct samr_ChangePasswordUser3 r;
2126         bool ret = true;
2127         struct lsa_String server, account, account_bad;
2128         struct samr_CryptPassword nt_pass, lm_pass;
2129         struct samr_Password nt_verifier, lm_verifier;
2130         char *oldpass;
2131         uint8_t old_nt_hash[16], new_nt_hash[16];
2132         uint8_t old_lm_hash[16], new_lm_hash[16];
2133         NTTIME t;
2134         struct samr_DomInfo1 *dominfo = NULL;
2135         struct userPwdChangeFailureInformation *reject = NULL;
2136
2137         torture_comment(tctx, "Testing ChangePasswordUser3\n");
2138
2139         if (newpass == NULL) {
2140                 do {
2141                         if (policy_min_pw_len == 0) {
2142                                 newpass = samr_rand_pass(tctx, policy_min_pw_len);
2143                         } else {
2144                                 newpass = samr_rand_pass_fixed_len(tctx, policy_min_pw_len);
2145                         }
2146                 } while (check_password_quality(newpass) == false);
2147         } else {
2148                 torture_comment(tctx, "Using password '%s'\n", newpass);
2149         }
2150
2151         torture_assert(tctx, *password != NULL,
2152                                    "Failing ChangePasswordUser3 as old password was NULL.  Previous test failed?");
2153
2154         oldpass = *password;
2155         server.string = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
2156         init_lsa_String(&account, account_string);
2157
2158         E_md4hash(oldpass, old_nt_hash);
2159         E_md4hash(newpass, new_nt_hash);
2160
2161         E_deshash(oldpass, old_lm_hash);
2162         E_deshash(newpass, new_lm_hash);
2163
2164         encode_pw_buffer(lm_pass.data, newpass, STR_UNICODE);
2165         arcfour_crypt(lm_pass.data, old_nt_hash, 516);
2166         E_old_pw_hash(new_nt_hash, old_lm_hash, lm_verifier.hash);
2167
2168         encode_pw_buffer(nt_pass.data, newpass, STR_UNICODE);
2169         arcfour_crypt(nt_pass.data, old_nt_hash, 516);
2170         E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
2171
2172         /* Break the verification */
2173         nt_verifier.hash[0]++;
2174
2175         r.in.server = &server;
2176         r.in.account = &account;
2177         r.in.nt_password = &nt_pass;
2178         r.in.nt_verifier = &nt_verifier;
2179         r.in.lm_change = 1;
2180         r.in.lm_password = &lm_pass;
2181         r.in.lm_verifier = &lm_verifier;
2182         r.in.password3 = NULL;
2183         r.out.dominfo = &dominfo;
2184         r.out.reject = &reject;
2185
2186         status = dcerpc_samr_ChangePasswordUser3(p, tctx, &r);
2187         if (!NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION) &&
2188             (!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD))) {
2189                 torture_warning(tctx, "ChangePasswordUser3 failed, should have returned WRONG_PASSWORD (or at least 'PASSWORD_RESTRICTON') for invalid password verifier - %s\n",
2190                         nt_errstr(status));
2191                 ret = false;
2192         }
2193
2194         encode_pw_buffer(lm_pass.data, newpass, STR_UNICODE);
2195         arcfour_crypt(lm_pass.data, old_nt_hash, 516);
2196         E_old_pw_hash(new_nt_hash, old_lm_hash, lm_verifier.hash);
2197
2198         encode_pw_buffer(nt_pass.data, newpass, STR_UNICODE);
2199         /* Break the NT hash */
2200         old_nt_hash[0]++;
2201         arcfour_crypt(nt_pass.data, old_nt_hash, 516);
2202         /* Unbreak it again */
2203         old_nt_hash[0]--;
2204         E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
2205
2206         r.in.server = &server;
2207         r.in.account = &account;
2208         r.in.nt_password = &nt_pass;
2209         r.in.nt_verifier = &nt_verifier;
2210         r.in.lm_change = 1;
2211         r.in.lm_password = &lm_pass;
2212         r.in.lm_verifier = &lm_verifier;
2213         r.in.password3 = NULL;
2214         r.out.dominfo = &dominfo;
2215         r.out.reject = &reject;
2216
2217         status = dcerpc_samr_ChangePasswordUser3(p, tctx, &r);
2218         if (!NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION) &&
2219             (!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD))) {
2220                 torture_warning(tctx, "ChangePasswordUser3 failed, should have returned WRONG_PASSWORD (or at least 'PASSWORD_RESTRICTON') for invalidly encrpted password - %s\n",
2221                         nt_errstr(status));
2222                 ret = false;
2223         }
2224
2225         /* This shouldn't be a valid name */
2226         init_lsa_String(&account_bad, talloc_asprintf(tctx, "%sXX", account_string));
2227
2228         r.in.account = &account_bad;
2229         status = dcerpc_samr_ChangePasswordUser3(p, tctx, &r);
2230         if (!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
2231                 torture_warning(tctx, "ChangePasswordUser3 failed, should have returned WRONG_PASSWORD for invalid username - %s\n",
2232                         nt_errstr(status));
2233                 ret = false;
2234         }
2235
2236         E_md4hash(oldpass, old_nt_hash);
2237         E_md4hash(newpass, new_nt_hash);
2238
2239         E_deshash(oldpass, old_lm_hash);
2240         E_deshash(newpass, new_lm_hash);
2241
2242         encode_pw_buffer(lm_pass.data, newpass, STR_UNICODE);
2243         arcfour_crypt(lm_pass.data, old_nt_hash, 516);
2244         E_old_pw_hash(new_nt_hash, old_lm_hash, lm_verifier.hash);
2245
2246         encode_pw_buffer(nt_pass.data, newpass, STR_UNICODE);
2247         arcfour_crypt(nt_pass.data, old_nt_hash, 516);
2248         E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
2249
2250         r.in.server = &server;
2251         r.in.account = &account;
2252         r.in.nt_password = &nt_pass;
2253         r.in.nt_verifier = &nt_verifier;
2254         r.in.lm_change = 1;
2255         r.in.lm_password = &lm_pass;
2256         r.in.lm_verifier = &lm_verifier;
2257         r.in.password3 = NULL;
2258         r.out.dominfo = &dominfo;
2259         r.out.reject = &reject;
2260
2261         unix_to_nt_time(&t, time(NULL));
2262
2263         status = dcerpc_samr_ChangePasswordUser3(p, tctx, &r);
2264
2265         if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)
2266             && dominfo
2267             && reject
2268             && handle_reject_reason
2269             && (!null_nttime(last_password_change) || !dominfo->min_password_age)) {
2270                 if (dominfo->password_properties & DOMAIN_REFUSE_PASSWORD_CHANGE ) {
2271
2272                         if (reject && (reject->extendedFailureReason != SAM_PWD_CHANGE_NO_ERROR)) {
2273                                 torture_warning(tctx, "expected SAM_PWD_CHANGE_NO_ERROR (%d), got %d\n",
2274                                         SAM_PWD_CHANGE_NO_ERROR, reject->extendedFailureReason);
2275                                 return false;
2276                         }
2277                 }
2278
2279                 /* We tested the order of precendence which is as follows:
2280
2281                 * pwd min_age
2282                 * pwd length
2283                 * pwd complexity
2284                 * pwd history
2285
2286                 Guenther */
2287
2288                 if ((dominfo->min_password_age > 0) && !null_nttime(last_password_change) &&
2289                            (last_password_change + dominfo->min_password_age > t)) {
2290
2291                         if (reject->extendedFailureReason != SAM_PWD_CHANGE_NO_ERROR) {
2292                                 torture_warning(tctx, "expected SAM_PWD_CHANGE_NO_ERROR (%d), got %d\n",
2293                                         SAM_PWD_CHANGE_NO_ERROR, reject->extendedFailureReason);
2294                                 return false;
2295                         }
2296
2297                 } else if ((dominfo->min_password_length > 0) &&
2298                            (strlen(newpass) < dominfo->min_password_length)) {
2299
2300                         if (reject->extendedFailureReason != SAM_PWD_CHANGE_PASSWORD_TOO_SHORT) {
2301                                 torture_warning(tctx, "expected SAM_PWD_CHANGE_PASSWORD_TOO_SHORT (%d), got %d\n",
2302                                         SAM_PWD_CHANGE_PASSWORD_TOO_SHORT, reject->extendedFailureReason);
2303                                 return false;
2304                         }
2305
2306                 } else if ((dominfo->password_history_length > 0) &&
2307                             strequal(oldpass, newpass)) {
2308
2309                         if (reject->extendedFailureReason != SAM_PWD_CHANGE_PWD_IN_HISTORY) {
2310                                 torture_warning(tctx, "expected SAM_PWD_CHANGE_PWD_IN_HISTORY (%d), got %d\n",
2311                                         SAM_PWD_CHANGE_PWD_IN_HISTORY, reject->extendedFailureReason);
2312                                 return false;
2313                         }
2314                 } else if (dominfo->password_properties & DOMAIN_PASSWORD_COMPLEX) {
2315
2316                         if (reject->extendedFailureReason != SAM_PWD_CHANGE_NOT_COMPLEX) {
2317                                 torture_warning(tctx, "expected SAM_PWD_CHANGE_NOT_COMPLEX (%d), got %d\n",
2318                                         SAM_PWD_CHANGE_NOT_COMPLEX, reject->extendedFailureReason);
2319                                 return false;
2320                         }
2321
2322                 }
2323
2324                 if (reject->extendedFailureReason == SAM_PWD_CHANGE_PASSWORD_TOO_SHORT) {
2325                         /* retry with adjusted size */
2326                         return test_ChangePasswordUser3(p, tctx, account_string,
2327                                                         dominfo->min_password_length,
2328                                                         password, NULL, 0, false);
2329
2330                 }
2331
2332         } else if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) {
2333                 if (reject && reject->extendedFailureReason != SAM_PWD_CHANGE_NO_ERROR) {
2334                         torture_warning(tctx, "expected SAM_PWD_CHANGE_NO_ERROR (%d), got %d\n",
2335                                SAM_PWD_CHANGE_NO_ERROR, reject->extendedFailureReason);
2336                         return false;
2337                 }
2338                 /* Perhaps the server has a 'min password age' set? */
2339
2340         } else {
2341                 torture_assert_ntstatus_ok(tctx, status, "ChangePasswordUser3");
2342                 *password = talloc_strdup(tctx, newpass);
2343         }
2344
2345         return ret;
2346 }
2347
2348 bool test_ChangePasswordRandomBytes(struct dcerpc_pipe *p, struct torture_context *tctx,
2349                                     const char *account_string,
2350                                     struct policy_handle *handle,
2351                                     char **password)
2352 {
2353         NTSTATUS status;
2354         struct samr_ChangePasswordUser3 r;
2355         struct samr_SetUserInfo s;
2356         union samr_UserInfo u;
2357         DATA_BLOB session_key;
2358         DATA_BLOB confounded_session_key = data_blob_talloc(tctx, NULL, 16);
2359         uint8_t confounder[16];
2360         struct MD5Context ctx;
2361
2362         bool ret = true;
2363         struct lsa_String server, account;
2364         struct samr_CryptPassword nt_pass;
2365         struct samr_Password nt_verifier;
2366         DATA_BLOB new_random_pass;
2367         char *newpass;
2368         char *oldpass;
2369         uint8_t old_nt_hash[16], new_nt_hash[16];
2370         NTTIME t;
2371         struct samr_DomInfo1 *dominfo = NULL;
2372         struct userPwdChangeFailureInformation *reject = NULL;
2373
2374         new_random_pass = samr_very_rand_pass(tctx, 128);
2375
2376         torture_assert(tctx, *password != NULL,
2377                                    "Failing ChangePasswordUser3 as old password was NULL.  Previous test failed?");
2378
2379         oldpass = *password;
2380         server.string = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
2381         init_lsa_String(&account, account_string);
2382
2383         s.in.user_handle = handle;
2384         s.in.info = &u;
2385         s.in.level = 25;
2386
2387         ZERO_STRUCT(u);
2388
2389         u.info25.info.fields_present = SAMR_FIELD_NT_PASSWORD_PRESENT;
2390
2391         set_pw_in_buffer(u.info25.password.data, &new_random_pass);
2392
2393         status = dcerpc_fetch_session_key(p, &session_key);
2394         if (!NT_STATUS_IS_OK(status)) {
2395                 torture_warning(tctx, "SetUserInfo level %u - no session key - %s\n",
2396                        s.in.level, nt_errstr(status));
2397                 return false;
2398         }
2399
2400         generate_random_buffer((uint8_t *)confounder, 16);
2401
2402         MD5Init(&ctx);
2403         MD5Update(&ctx, confounder, 16);
2404         MD5Update(&ctx, session_key.data, session_key.length);
2405         MD5Final(confounded_session_key.data, &ctx);
2406
2407         arcfour_crypt_blob(u.info25.password.data, 516, &confounded_session_key);
2408         memcpy(&u.info25.password.data[516], confounder, 16);
2409
2410         torture_comment(tctx, "Testing SetUserInfo level 25 (set password ex) with a password made up of only random bytes\n");
2411
2412         status = dcerpc_samr_SetUserInfo(p, tctx, &s);
2413         if (!NT_STATUS_IS_OK(status)) {
2414                 torture_warning(tctx, "SetUserInfo level %u failed - %s\n",
2415                        s.in.level, nt_errstr(status));
2416                 ret = false;
2417         }
2418
2419         torture_comment(tctx, "Testing ChangePasswordUser3 with a password made up of only random bytes\n");
2420
2421         mdfour(old_nt_hash, new_random_pass.data, new_random_pass.length);
2422
2423         new_random_pass = samr_very_rand_pass(tctx, 128);
2424
2425         mdfour(new_nt_hash, new_random_pass.data, new_random_pass.length);
2426
2427         set_pw_in_buffer(nt_pass.data, &new_random_pass);
2428         arcfour_crypt(nt_pass.data, old_nt_hash, 516);
2429         E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
2430
2431         r.in.server = &server;
2432         r.in.account = &account;
2433         r.in.nt_password = &nt_pass;
2434         r.in.nt_verifier = &nt_verifier;
2435         r.in.lm_change = 0;
2436         r.in.lm_password = NULL;
2437         r.in.lm_verifier = NULL;
2438         r.in.password3 = NULL;
2439         r.out.dominfo = &dominfo;
2440         r.out.reject = &reject;
2441
2442         unix_to_nt_time(&t, time(NULL));
2443
2444         status = dcerpc_samr_ChangePasswordUser3(p, tctx, &r);
2445
2446         if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) {
2447                 if (reject && reject->extendedFailureReason != SAM_PWD_CHANGE_NO_ERROR) {
2448                         torture_warning(tctx, "expected SAM_PWD_CHANGE_NO_ERROR (%d), got %d\n",
2449                                SAM_PWD_CHANGE_NO_ERROR, reject->extendedFailureReason);
2450                         return false;
2451                 }
2452                 /* Perhaps the server has a 'min password age' set? */
2453
2454         } else if (!NT_STATUS_IS_OK(status)) {
2455                 torture_warning(tctx, "ChangePasswordUser3 failed - %s\n", nt_errstr(status));
2456                 ret = false;
2457         }
2458
2459         newpass = samr_rand_pass(tctx, 128);
2460
2461         mdfour(old_nt_hash, new_random_pass.data, new_random_pass.length);
2462
2463         E_md4hash(newpass, new_nt_hash);
2464
2465         encode_pw_buffer(nt_pass.data, newpass, STR_UNICODE);
2466         arcfour_crypt(nt_pass.data, old_nt_hash, 516);
2467         E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
2468
2469         r.in.server = &server;
2470         r.in.account = &account;
2471         r.in.nt_password = &nt_pass;
2472         r.in.nt_verifier = &nt_verifier;
2473         r.in.lm_change = 0;
2474         r.in.lm_password = NULL;
2475         r.in.lm_verifier = NULL;
2476         r.in.password3 = NULL;
2477         r.out.dominfo = &dominfo;
2478         r.out.reject = &reject;
2479
2480         unix_to_nt_time(&t, time(NULL));
2481
2482         status = dcerpc_samr_ChangePasswordUser3(p, tctx, &r);
2483
2484         if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) {
2485                 if (reject && reject->extendedFailureReason != SAM_PWD_CHANGE_NO_ERROR) {
2486                         torture_warning(tctx, "expected SAM_PWD_CHANGE_NO_ERROR (%d), got %d\n",
2487                                SAM_PWD_CHANGE_NO_ERROR, reject->extendedFailureReason);
2488                         return false;
2489                 }
2490                 /* Perhaps the server has a 'min password age' set? */
2491
2492         } else {
2493                 torture_assert_ntstatus_ok(tctx, status, "ChangePasswordUser3 (on second random password)");
2494                 *password = talloc_strdup(tctx, newpass);
2495         }
2496
2497         return ret;
2498 }
2499
2500
2501 static bool test_GetMembersInAlias(struct dcerpc_pipe *p, struct torture_context *tctx,
2502                                   struct policy_handle *alias_handle)
2503 {
2504         struct samr_GetMembersInAlias r;
2505         struct lsa_SidArray sids;
2506         NTSTATUS status;
2507
2508         torture_comment(tctx, "Testing GetMembersInAlias\n");
2509
2510         r.in.alias_handle = alias_handle;
2511         r.out.sids = &sids;
2512
2513         status = dcerpc_samr_GetMembersInAlias(p, tctx, &r);
2514         torture_assert_ntstatus_ok(tctx, status, "GetMembersInAlias");
2515
2516         return true;
2517 }
2518
2519 static bool test_AddMemberToAlias(struct dcerpc_pipe *p, struct torture_context *tctx,
2520                                   struct policy_handle *alias_handle,
2521                                   const struct dom_sid *domain_sid)
2522 {
2523         struct samr_AddAliasMember r;
2524         struct samr_DeleteAliasMember d;
2525         NTSTATUS status;
2526         struct dom_sid *sid;
2527
2528         sid = dom_sid_add_rid(tctx, domain_sid, 512);
2529
2530         torture_comment(tctx, "testing AddAliasMember\n");
2531         r.in.alias_handle = alias_handle;
2532         r.in.sid = sid;
2533
2534         status = dcerpc_samr_AddAliasMember(p, tctx, &r);
2535         torture_assert_ntstatus_ok(tctx, status, "AddAliasMember");
2536
2537         d.in.alias_handle = alias_handle;
2538         d.in.sid = sid;
2539
2540         status = dcerpc_samr_DeleteAliasMember(p, tctx, &d);
2541         torture_assert_ntstatus_ok(tctx, status, "DelAliasMember");
2542
2543         return true;
2544 }
2545
2546 static bool test_AddMultipleMembersToAlias(struct dcerpc_pipe *p, struct torture_context *tctx,
2547                                            struct policy_handle *alias_handle)
2548 {
2549         struct samr_AddMultipleMembersToAlias a;
2550         struct samr_RemoveMultipleMembersFromAlias r;
2551         NTSTATUS status;
2552         struct lsa_SidArray sids;
2553
2554         torture_comment(tctx, "testing AddMultipleMembersToAlias\n");
2555         a.in.alias_handle = alias_handle;
2556         a.in.sids = &sids;
2557
2558         sids.num_sids = 3;
2559         sids.sids = talloc_array(tctx, struct lsa_SidPtr, 3);
2560
2561         sids.sids[0].sid = dom_sid_parse_talloc(tctx, "S-1-5-32-1-2-3-1");
2562         sids.sids[1].sid = dom_sid_parse_talloc(tctx, "S-1-5-32-1-2-3-2");
2563         sids.sids[2].sid = dom_sid_parse_talloc(tctx, "S-1-5-32-1-2-3-3");
2564
2565         status = dcerpc_samr_AddMultipleMembersToAlias(p, tctx, &a);
2566         torture_assert_ntstatus_ok(tctx, status, "AddMultipleMembersToAlias");
2567
2568
2569         torture_comment(tctx, "testing RemoveMultipleMembersFromAlias\n");
2570         r.in.alias_handle = alias_handle;
2571         r.in.sids = &sids;
2572
2573         status = dcerpc_samr_RemoveMultipleMembersFromAlias(p, tctx, &r);
2574         torture_assert_ntstatus_ok(tctx, status, "RemoveMultipleMembersFromAlias");
2575
2576         /* strange! removing twice doesn't give any error */
2577         status = dcerpc_samr_RemoveMultipleMembersFromAlias(p, tctx, &r);
2578         torture_assert_ntstatus_ok(tctx, status, "RemoveMultipleMembersFromAlias");
2579
2580         /* but removing an alias that isn't there does */
2581         sids.sids[2].sid = dom_sid_parse_talloc(tctx, "S-1-5-32-1-2-3-4");
2582
2583         status = dcerpc_samr_RemoveMultipleMembersFromAlias(p, tctx, &r);
2584         torture_assert_ntstatus_equal(tctx, status, NT_STATUS_OBJECT_NAME_NOT_FOUND, "RemoveMultipleMembersFromAlias");
2585
2586         return true;
2587 }
2588
2589 static bool test_TestPrivateFunctionsUser(struct dcerpc_pipe *p, struct torture_context *tctx,
2590                                             struct policy_handle *user_handle)
2591 {
2592         struct samr_TestPrivateFunctionsUser r;
2593         NTSTATUS status;
2594
2595         torture_comment(tctx, "Testing TestPrivateFunctionsUser\n");
2596
2597         r.in.user_handle = user_handle;
2598
2599         status = dcerpc_samr_TestPrivateFunctionsUser(p, tctx, &r);
2600         torture_assert_ntstatus_equal(tctx, status, NT_STATUS_NOT_IMPLEMENTED, "TestPrivateFunctionsUser");
2601
2602         return true;
2603 }
2604
2605 static bool test_QueryUserInfo_pwdlastset(struct dcerpc_pipe *p,
2606                                           struct torture_context *tctx,
2607                                           struct policy_handle *handle,
2608                                           bool use_info2,
2609                                           NTTIME *pwdlastset)
2610 {
2611         NTSTATUS status;
2612         uint16_t levels[] = { /* 3, */ 5, 21 };
2613         int i;
2614         NTTIME pwdlastset3 = 0;
2615         NTTIME pwdlastset5 = 0;
2616         NTTIME pwdlastset21 = 0;
2617
2618         torture_comment(tctx, "Testing QueryUserInfo%s level 5 and 21 call ",
2619                         use_info2 ? "2":"");
2620
2621         for (i=0; i<ARRAY_SIZE(levels); i++) {
2622
2623                 struct samr_QueryUserInfo r;
2624                 struct samr_QueryUserInfo2 r2;
2625                 union samr_UserInfo *info;
2626
2627                 if (use_info2) {
2628                         r2.in.user_handle = handle;
2629                         r2.in.level = levels[i];
2630                         r2.out.info = &info;
2631                         status = dcerpc_samr_QueryUserInfo2(p, tctx, &r2);
2632
2633                 } else {
2634                         r.in.user_handle = handle;
2635                         r.in.level = levels[i];
2636                         r.out.info = &info;
2637                         status = dcerpc_samr_QueryUserInfo(p, tctx, &r);
2638                 }
2639
2640                 if (!NT_STATUS_IS_OK(status) &&
2641                     !NT_STATUS_EQUAL(status, NT_STATUS_INVALID_INFO_CLASS)) {
2642                         torture_warning(tctx, "QueryUserInfo%s level %u failed - %s\n",
2643                                use_info2 ? "2":"", levels[i], nt_errstr(status));
2644                         return false;
2645                 }
2646
2647                 switch (levels[i]) {
2648                 case 3:
2649                         pwdlastset3 = info->info3.last_password_change;
2650                         break;
2651                 case 5:
2652                         pwdlastset5 = info->info5.last_password_change;
2653                         break;
2654                 case 21:
2655                         pwdlastset21 = info->info21.last_password_change;
2656                         break;
2657                 default:
2658                         return false;
2659                 }
2660         }
2661         /* torture_assert_int_equal(tctx, pwdlastset3, pwdlastset5,
2662                                     "pwdlastset mixup"); */
2663         torture_assert_int_equal(tctx, pwdlastset5, pwdlastset21,
2664                                  "pwdlastset mixup");
2665
2666         *pwdlastset = pwdlastset21;
2667
2668         torture_comment(tctx, "(pwdlastset: %lld)\n", *pwdlastset);
2669
2670         return true;
2671 }
2672
2673 static bool test_SamLogon(struct torture_context *tctx,
2674                           struct dcerpc_pipe *p,
2675                           struct cli_credentials *test_credentials,
2676                           NTSTATUS expected_result)
2677 {
2678         NTSTATUS status;
2679         struct netr_LogonSamLogonEx r;
2680         union netr_LogonLevel logon;
2681         union netr_Validation validation;
2682         uint8_t authoritative;
2683         struct netr_NetworkInfo ninfo;
2684         DATA_BLOB names_blob, chal, lm_resp, nt_resp;
2685         int flags = CLI_CRED_NTLM_AUTH;
2686         uint32_t samlogon_flags = 0;
2687
2688         if (lp_client_lanman_auth(tctx->lp_ctx)) {
2689                 flags |= CLI_CRED_LANMAN_AUTH;
2690         }
2691
2692         if (lp_client_ntlmv2_auth(tctx->lp_ctx)) {
2693                 flags |= CLI_CRED_NTLMv2_AUTH;
2694         }
2695
2696         cli_credentials_get_ntlm_username_domain(test_credentials, tctx,
2697                                                  &ninfo.identity_info.account_name.string,
2698                                                  &ninfo.identity_info.domain_name.string);
2699
2700         generate_random_buffer(ninfo.challenge,
2701                                sizeof(ninfo.challenge));
2702         chal = data_blob_const(ninfo.challenge,
2703                                sizeof(ninfo.challenge));
2704
2705         names_blob = NTLMv2_generate_names_blob(tctx, cli_credentials_get_workstation(test_credentials),
2706                                                 cli_credentials_get_domain(test_credentials));
2707
2708         status = cli_credentials_get_ntlm_response(test_credentials, tctx,
2709                                                    &flags,
2710                                                    chal,
2711                                                    names_blob,
2712                                                    &lm_resp, &nt_resp,
2713                                                    NULL, NULL);
2714         torture_assert_ntstatus_ok(tctx, status, "cli_credentials_get_ntlm_response failed");
2715
2716         ninfo.lm.data = lm_resp.data;
2717         ninfo.lm.length = lm_resp.length;
2718
2719         ninfo.nt.data = nt_resp.data;
2720         ninfo.nt.length = nt_resp.length;
2721
2722         ninfo.identity_info.parameter_control =
2723                 MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT |
2724                 MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT;
2725         ninfo.identity_info.logon_id_low = 0;
2726         ninfo.identity_info.logon_id_high = 0;
2727         ninfo.identity_info.workstation.string = cli_credentials_get_workstation(test_credentials);
2728
2729         logon.network = &ninfo;
2730
2731         r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
2732         r.in.computer_name = cli_credentials_get_workstation(test_credentials);
2733         r.in.logon_level = NetlogonNetworkInformation;
2734         r.in.logon = &logon;
2735         r.in.flags = &samlogon_flags;
2736         r.out.flags = &samlogon_flags;
2737         r.out.validation = &validation;
2738         r.out.authoritative = &authoritative;
2739
2740         torture_comment(tctx, "Testing LogonSamLogon with name %s\n", ninfo.identity_info.account_name.string);
2741
2742         r.in.validation_level = 6;
2743
2744         status = dcerpc_netr_LogonSamLogonEx(p, tctx, &r);
2745         if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_INFO_CLASS)) {
2746                 r.in.validation_level = 3;
2747                 status = dcerpc_netr_LogonSamLogonEx(p, tctx, &r);
2748         }
2749         if (!NT_STATUS_IS_OK(status)) {
2750                 torture_assert_ntstatus_equal(tctx, status, expected_result, "LogonSamLogonEx failed");
2751                 return true;
2752         } else {
2753                 torture_assert_ntstatus_ok(tctx, status, "LogonSamLogonEx failed");
2754         }
2755
2756         return true;
2757 }
2758
2759 static bool test_SamLogon_with_creds(struct torture_context *tctx,
2760                                      struct dcerpc_pipe *p,
2761                                      struct cli_credentials *machine_creds,
2762                                      const char *acct_name,
2763                                      char *password,
2764                                      NTSTATUS expected_samlogon_result)
2765 {
2766         bool ret = true;
2767         struct cli_credentials *test_credentials;
2768
2769         test_credentials = cli_credentials_init(tctx);
2770
2771         cli_credentials_set_workstation(test_credentials,
2772                                         cli_credentials_get_workstation(machine_creds), CRED_SPECIFIED);
2773         cli_credentials_set_domain(test_credentials,
2774                                    cli_credentials_get_domain(machine_creds), CRED_SPECIFIED);
2775         cli_credentials_set_username(test_credentials,
2776                                      acct_name, CRED_SPECIFIED);
2777         cli_credentials_set_password(test_credentials,
2778                                      password, CRED_SPECIFIED);
2779
2780         torture_comment(tctx, "testing samlogon as %s password: %s\n",
2781                 acct_name, password);
2782
2783         if (!test_SamLogon(tctx, p, test_credentials,
2784                            expected_samlogon_result)) {
2785                 torture_warning(tctx, "new password did not work\n");
2786                 ret = false;
2787         }
2788
2789         return ret;
2790 }
2791
2792 static bool test_SetPassword_level(struct dcerpc_pipe *p,
2793                                    struct dcerpc_pipe *np,
2794                                    struct torture_context *tctx,
2795                                    struct policy_handle *handle,
2796                                    uint16_t level,
2797                                    uint32_t fields_present,
2798                                    uint8_t password_expired,
2799                                    bool *matched_expected_error,
2800                                    bool use_setinfo2,
2801                                    const char *acct_name,
2802                                    char **password,
2803                                    struct cli_credentials *machine_creds,
2804                                    bool use_queryinfo2,
2805                                    NTTIME *pwdlastset,
2806                                    NTSTATUS expected_samlogon_result)
2807 {
2808         const char *fields = NULL;
2809         bool ret = true;
2810
2811         switch (level) {
2812         case 21:
2813         case 23:
2814         case 25:
2815                 fields = talloc_asprintf(tctx, "(fields_present: 0x%08x)",
2816                                          fields_present);
2817                 break;
2818         default:
2819                 break;
2820         }
2821
2822         torture_comment(tctx, "Testing SetUserInfo%s level %d call "
2823                 "(password_expired: %d) %s\n",
2824                 use_setinfo2 ? "2":"", level, password_expired,
2825                 fields ? fields : "");
2826
2827         if (!test_SetUserPass_level_ex(p, tctx, handle, level,
2828                                        fields_present,
2829                                        password,
2830                                        password_expired,
2831                                        use_setinfo2,
2832                                        matched_expected_error)) {
2833                 ret = false;
2834         }
2835
2836         if (!test_QueryUserInfo_pwdlastset(p, tctx, handle,
2837                                            use_queryinfo2,
2838                                            pwdlastset)) {
2839                 ret = false;
2840         }
2841
2842         if (*matched_expected_error == true) {
2843                 return ret;
2844         }
2845
2846         if (!test_SamLogon_with_creds(tctx, np,
2847                                       machine_creds,
2848                                       acct_name,
2849                                       *password,
2850                                       expected_samlogon_result)) {
2851                 ret = false;
2852         }
2853
2854         return ret;
2855 }
2856
2857 static bool test_SetPassword_pwdlastset(struct dcerpc_pipe *p,
2858                                         struct torture_context *tctx,
2859                                         uint32_t acct_flags,
2860                                         const char *acct_name,
2861                                         struct policy_handle *handle,
2862                                         char **password,
2863                                         struct cli_credentials *machine_credentials)
2864 {
2865         int s = 0, q = 0, f = 0, l = 0, z = 0;
2866         struct dcerpc_binding *b;
2867         bool ret = true;
2868         int delay = 50000;
2869         bool set_levels[] = { false, true };
2870         bool query_levels[] = { false, true };
2871         uint32_t levels[] = { 18, 21, 26, 23, 24, 25 }; /* Second half only used when TEST_ALL_LEVELS defined */
2872         uint32_t nonzeros[] = { 1, 24 };
2873         uint32_t fields_present[] = {
2874                 0,
2875                 SAMR_FIELD_EXPIRED_FLAG,
2876                 SAMR_FIELD_LAST_PWD_CHANGE,
2877                 SAMR_FIELD_EXPIRED_FLAG | SAMR_FIELD_LAST_PWD_CHANGE,
2878                 SAMR_FIELD_COMMENT,
2879                 SAMR_FIELD_NT_PASSWORD_PRESENT,
2880                 SAMR_FIELD_NT_PASSWORD_PRESENT | SAMR_FIELD_LAST_PWD_CHANGE,
2881                 SAMR_FIELD_NT_PASSWORD_PRESENT | SAMR_FIELD_LM_PASSWORD_PRESENT,
2882                 SAMR_FIELD_NT_PASSWORD_PRESENT | SAMR_FIELD_LM_PASSWORD_PRESENT | SAMR_FIELD_LAST_PWD_CHANGE,
2883                 SAMR_FIELD_NT_PASSWORD_PRESENT | SAMR_FIELD_EXPIRED_FLAG,
2884                 SAMR_FIELD_NT_PASSWORD_PRESENT | SAMR_FIELD_LM_PASSWORD_PRESENT | SAMR_FIELD_EXPIRED_FLAG,
2885                 SAMR_FIELD_NT_PASSWORD_PRESENT | SAMR_FIELD_LM_PASSWORD_PRESENT | SAMR_FIELD_LAST_PWD_CHANGE | SAMR_FIELD_EXPIRED_FLAG
2886         };
2887         NTSTATUS status;
2888         struct dcerpc_pipe *np = NULL;
2889
2890         if (torture_setting_bool(tctx, "samba3", false)) {
2891                 delay = 999999;
2892                 torture_comment(tctx, "Samba3 has second granularity, setting delay to: %d\n",
2893                         delay);
2894         }
2895
2896         status = torture_rpc_binding(tctx, &b);
2897         if (!NT_STATUS_IS_OK(status)) {
2898                 ret = false;
2899                 return ret;
2900         }
2901
2902         /* We have to use schannel, otherwise the SamLogonEx fails
2903          * with INTERNAL_ERROR */
2904
2905         b->flags &= ~DCERPC_AUTH_OPTIONS;
2906         b->flags |= DCERPC_SCHANNEL | DCERPC_SIGN | DCERPC_SCHANNEL_128;
2907
2908         status = dcerpc_pipe_connect_b(tctx, &np, b,
2909                                        &ndr_table_netlogon,
2910                                        machine_credentials, tctx->ev, tctx->lp_ctx);
2911
2912         if (!NT_STATUS_IS_OK(status)) {
2913                 torture_warning(tctx, "RPC pipe connect as domain member failed: %s\n", nt_errstr(status));
2914                 ret = false;
2915                 return ret;
2916         }
2917
2918         /* set to 1 to enable testing for all possible opcode
2919            (SetUserInfo, SetUserInfo2, QueryUserInfo, QueryUserInfo2)
2920            combinations */
2921 #if 0
2922 #define TEST_ALL_LEVELS 1
2923 #define TEST_SET_LEVELS 1
2924 #define TEST_QUERY_LEVELS 1
2925 #endif
2926 #ifdef TEST_ALL_LEVELS
2927         for (l=0; l<ARRAY_SIZE(levels); l++) {
2928 #else
2929         for (l=0; l<(ARRAY_SIZE(levels))/2; l++) {
2930 #endif
2931         for (z=0; z<ARRAY_SIZE(nonzeros); z++) {
2932         for (f=0; f<ARRAY_SIZE(fields_present); f++) {
2933 #ifdef TEST_SET_LEVELS
2934         for (s=0; s<ARRAY_SIZE(set_levels); s++) {
2935 #endif
2936 #ifdef TEST_QUERY_LEVELS
2937         for (q=0; q<ARRAY_SIZE(query_levels); q++) {
2938 #endif
2939                 NTTIME pwdlastset_old = 0;
2940                 NTTIME pwdlastset_new = 0;
2941                 bool matched_expected_error = false;
2942                 NTSTATUS expected_samlogon_result = NT_STATUS_ACCOUNT_DISABLED;
2943
2944                 torture_comment(tctx, "------------------------------\n"
2945                                 "Testing pwdLastSet attribute for flags: 0x%08x "
2946                                 "(s: %d (l: %d), q: %d)\n",
2947                                 acct_flags, s, levels[l], q);
2948
2949                 switch (levels[l]) {
2950                 case 21:
2951                 case 23:
2952                 case 25:
2953                         if (!((fields_present[f] & SAMR_FIELD_NT_PASSWORD_PRESENT) ||
2954                               (fields_present[f] & SAMR_FIELD_LM_PASSWORD_PRESENT))) {
2955                                 expected_samlogon_result = NT_STATUS_WRONG_PASSWORD;
2956                         }
2957                         break;
2958                 }
2959
2960
2961                 /* set #1 */
2962
2963                 /* set a password and force password change (pwdlastset 0) by
2964                  * setting the password expired flag to a non-0 value */
2965
2966                 if (!test_SetPassword_level(p, np, tctx, handle,
2967                                             levels[l],
2968                                             fields_present[f],
2969                                             nonzeros[z],
2970                                             &matched_expected_error,
2971                                             set_levels[s],
2972                                             acct_name,
2973                                             password,
2974                                             machine_credentials,
2975                                             query_levels[q],
2976                                             &pwdlastset_old,
2977                                             expected_samlogon_result)) {
2978                         ret = false;
2979                 }
2980
2981                 if (matched_expected_error == true) {
2982                         /* skipping on expected failure */
2983                         continue;
2984                 }
2985
2986                 /* pwdlastset must be 0 afterwards, except for a level 21, 23 and 25
2987                  * set without the SAMR_FIELD_EXPIRED_FLAG */
2988
2989                 switch (levels[l]) {
2990                 case 21:
2991                 case 23:
2992                 case 25:
2993                         if ((pwdlastset_new != 0) &&
2994                             !(fields_present[f] & SAMR_FIELD_EXPIRED_FLAG)) {
2995                                 torture_comment(tctx, "not considering a non-0 "
2996                                         "pwdLastSet as a an error as the "
2997                                         "SAMR_FIELD_EXPIRED_FLAG has not "
2998                                         "been set\n");
2999                                 break;
3000                         }
3001                 default:
3002                         if (pwdlastset_new != 0) {
3003                                 torture_warning(tctx, "pwdLastSet test failed: "
3004                                         "expected pwdLastSet 0 but got %lld\n",
3005                                         pwdlastset_old);
3006                                 ret = false;
3007                         }
3008                         break;
3009                 }
3010
3011                 switch (levels[l]) {
3012                 case 21:
3013                 case 23:
3014                 case 25:
3015                         if (((fields_present[f] & SAMR_FIELD_NT_PASSWORD_PRESENT) ||
3016                              (fields_present[f] & SAMR_FIELD_LM_PASSWORD_PRESENT)) &&
3017                              (pwdlastset_old > 0) && (pwdlastset_new > 0) &&
3018                              (pwdlastset_old >= pwdlastset_new)) {
3019                                 torture_warning(tctx, "pwdlastset not increasing\n");
3020                                 ret = false;
3021                         }
3022                         break;
3023                 default:
3024                         if ((pwdlastset_old > 0) && (pwdlastset_new > 0) &&
3025                             (pwdlastset_old >= pwdlastset_new)) {
3026                                 torture_warning(tctx, "pwdlastset not increasing\n");
3027                                 ret = false;
3028                         }
3029                         break;
3030                 }
3031
3032                 usleep(delay);
3033
3034                 /* set #2 */
3035
3036                 /* set a password, pwdlastset needs to get updated (increased
3037                  * value), password_expired value used here is 0 */
3038
3039                 if (!test_SetPassword_level(p, np, tctx, handle,
3040                                             levels[l],
3041                                             fields_present[f],
3042                                             0,
3043                                             &matched_expected_error,
3044                                             set_levels[s],
3045                                             acct_name,
3046                                             password,
3047                                             machine_credentials,
3048                                             query_levels[q],
3049                                             &pwdlastset_new,
3050                                             expected_samlogon_result)) {
3051                         ret = false;
3052                 }
3053
3054                 /* when a password has been changed, pwdlastset must not be 0 afterwards
3055                  * and must be larger then the old value */
3056
3057                 switch (levels[l]) {
3058                 case 21:
3059                 case 23:
3060                 case 25:
3061
3062                         /* SAMR_FIELD_EXPIRED_FLAG has not been set and no
3063                          * password has been changed, old and new pwdlastset
3064                          * need to be the same value */
3065
3066                         if (!(fields_present[f] & SAMR_FIELD_EXPIRED_FLAG) &&
3067                             !((fields_present[f] & SAMR_FIELD_NT_PASSWORD_PRESENT) ||
3068                               (fields_present[f] & SAMR_FIELD_LM_PASSWORD_PRESENT)))
3069                         {
3070                                 torture_assert_int_equal(tctx, pwdlastset_old,
3071                                         pwdlastset_new, "pwdlastset must be equal");
3072                                 break;
3073                         }
3074                 default:
3075                         if (pwdlastset_old >= pwdlastset_new) {
3076                                 torture_warning(tctx, "pwdLastSet test failed: "
3077                                         "expected last pwdlastset (%lld) < new pwdlastset (%lld)\n",
3078                                         pwdlastset_old, pwdlastset_new);
3079                                 ret = false;
3080                         }
3081                         if (pwdlastset_new == 0) {
3082                                 torture_warning(tctx, "pwdLastSet test failed: "
3083                                         "expected non-0 pwdlastset, got: %lld\n",
3084                                         pwdlastset_new);
3085                                 ret = false;
3086                         }
3087                 }
3088
3089                 switch (levels[l]) {
3090                 case 21:
3091                 case 23:
3092                 case 25:
3093                         if (((fields_present[f] & SAMR_FIELD_NT_PASSWORD_PRESENT) ||
3094                              (fields_present[f] & SAMR_FIELD_LM_PASSWORD_PRESENT)) &&
3095                              (pwdlastset_old > 0) && (pwdlastset_new > 0) &&
3096                              (pwdlastset_old >= pwdlastset_new)) {
3097                                 torture_warning(tctx, "pwdlastset not increasing\n");
3098                                 ret = false;
3099                         }
3100                         break;
3101                 default:
3102                         if ((pwdlastset_old > 0) && (pwdlastset_new > 0) &&
3103                             (pwdlastset_old >= pwdlastset_new)) {
3104                                 torture_warning(tctx, "pwdlastset not increasing\n");
3105                                 ret = false;
3106                         }
3107                         break;
3108                 }
3109
3110                 pwdlastset_old = pwdlastset_new;
3111
3112                 usleep(delay);
3113
3114                 /* set #2b */
3115
3116                 /* set a password, pwdlastset needs to get updated (increased
3117                  * value), password_expired value used here is 0 */
3118
3119                 if (!test_SetPassword_level(p, np, tctx, handle,
3120                                             levels[l],
3121                                             fields_present[f],
3122                                             0,
3123                                             &matched_expected_error,
3124                                             set_levels[s],
3125                                             acct_name,
3126                                             password,
3127                                             machine_credentials,
3128                                             query_levels[q],
3129                                             &pwdlastset_new,
3130                                             expected_samlogon_result)) {
3131                         ret = false;
3132                 }
3133
3134                 /* when a password has been changed, pwdlastset must not be 0 afterwards
3135                  * and must be larger then the old value */
3136
3137                 switch (levels[l]) {
3138                 case 21:
3139                 case 23:
3140                 case 25:
3141
3142                         /* if no password has been changed, old and new pwdlastset
3143                          * need to be the same value */
3144
3145                         if (!((fields_present[f] & SAMR_FIELD_NT_PASSWORD_PRESENT) ||
3146                               (fields_present[f] & SAMR_FIELD_LM_PASSWORD_PRESENT)))
3147                         {
3148                                 torture_assert_int_equal(tctx, pwdlastset_old,
3149                                         pwdlastset_new, "pwdlastset must be equal");
3150                                 break;
3151                         }
3152                 default:
3153                         if (pwdlastset_old >= pwdlastset_new) {
3154                                 torture_warning(tctx, "pwdLastSet test failed: "
3155                                         "expected last pwdlastset (%lld) < new pwdlastset (%lld)\n",
3156                                         pwdlastset_old, pwdlastset_new);
3157                                 ret = false;
3158                         }
3159                         if (pwdlastset_new == 0) {