2 Unix SMB/CIFS implementation.
3 test suite for samr rpc operations
5 Copyright (C) Andrew Tridgell 2003
6 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2003
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 #include "torture/torture.h"
25 #include "system/time.h"
26 #include "librpc/gen_ndr/lsa.h"
27 #include "librpc/gen_ndr/ndr_samr_c.h"
29 #include "lib/crypto/crypto.h"
30 #include "libcli/auth/libcli_auth.h"
31 #include "libcli/security/security.h"
32 #include "torture/rpc/rpc.h"
34 #define TEST_ACCOUNT_NAME "samrtorturetest"
35 #define TEST_ALIASNAME "samrtorturetestalias"
36 #define TEST_GROUPNAME "samrtorturetestgroup"
37 #define TEST_MACHINENAME "samrtestmach$"
38 #define TEST_DOMAINNAME "samrtestdom$"
40 enum torture_samr_choice {
41 TORTURE_SAMR_PASSWORDS,
42 TORTURE_SAMR_USER_ATTRIBUTES,
46 static BOOL test_QueryUserInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
47 struct policy_handle *handle);
49 static BOOL test_QueryUserInfo2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
50 struct policy_handle *handle);
52 static BOOL test_QueryAliasInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
53 struct policy_handle *handle);
55 static BOOL test_ChangePassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
56 const char *acct_name,
57 struct policy_handle *domain_handle, char **password);
59 static void init_lsa_String(struct lsa_String *string, const char *s)
64 BOOL test_samr_handle_Close(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
65 struct policy_handle *handle)
71 r.out.handle = handle;
73 status = dcerpc_samr_Close(p, mem_ctx, &r);
74 if (!NT_STATUS_IS_OK(status)) {
75 printf("Close handle failed - %s\n", nt_errstr(status));
82 static BOOL test_Shutdown(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
83 struct policy_handle *handle)
86 struct samr_Shutdown r;
88 if (!lp_parm_bool(-1, "torture", "dangerous", False)) {
89 printf("samr_Shutdown disabled - enable dangerous tests to use\n");
93 r.in.connect_handle = handle;
95 printf("testing samr_Shutdown\n");
97 status = dcerpc_samr_Shutdown(p, mem_ctx, &r);
98 if (!NT_STATUS_IS_OK(status)) {
99 printf("samr_Shutdown failed - %s\n", nt_errstr(status));
106 static BOOL test_SetDsrmPassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
107 struct policy_handle *handle)
110 struct samr_SetDsrmPassword r;
111 struct lsa_String string;
112 struct samr_Password hash;
114 if (!lp_parm_bool(-1, "torture", "dangerous", False)) {
115 printf("samr_SetDsrmPassword disabled - enable dangerous tests to use\n");
119 E_md4hash("TeSTDSRM123", hash.hash);
121 init_lsa_String(&string, "Administrator");
127 printf("testing samr_SetDsrmPassword\n");
129 status = dcerpc_samr_SetDsrmPassword(p, mem_ctx, &r);
130 if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
131 printf("samr_SetDsrmPassword failed - %s\n", nt_errstr(status));
139 static BOOL test_QuerySecurity(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
140 struct policy_handle *handle)
143 struct samr_QuerySecurity r;
144 struct samr_SetSecurity s;
146 r.in.handle = handle;
149 status = dcerpc_samr_QuerySecurity(p, mem_ctx, &r);
150 if (!NT_STATUS_IS_OK(status)) {
151 printf("QuerySecurity failed - %s\n", nt_errstr(status));
155 if (r.out.sdbuf == NULL) {
159 s.in.handle = handle;
161 s.in.sdbuf = r.out.sdbuf;
163 if (lp_parm_bool(-1, "target", "samba4", False)) {
164 printf("skipping SetSecurity test against Samba4\n");
168 status = dcerpc_samr_SetSecurity(p, mem_ctx, &s);
169 if (!NT_STATUS_IS_OK(status)) {
170 printf("SetSecurity failed - %s\n", nt_errstr(status));
174 status = dcerpc_samr_QuerySecurity(p, mem_ctx, &r);
175 if (!NT_STATUS_IS_OK(status)) {
176 printf("QuerySecurity failed - %s\n", nt_errstr(status));
184 static BOOL test_SetUserInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
185 struct policy_handle *handle, uint32_t base_acct_flags,
186 const char *base_account_name)
189 struct samr_SetUserInfo s;
190 struct samr_SetUserInfo2 s2;
191 struct samr_QueryUserInfo q;
192 struct samr_QueryUserInfo q0;
193 union samr_UserInfo u;
195 const char *test_account_name;
197 uint32_t user_extra_flags = 0;
198 if (base_acct_flags == ACB_NORMAL) {
199 /* When created, accounts are expired by default */
200 user_extra_flags = ACB_PW_EXPIRED;
203 s.in.user_handle = handle;
206 s2.in.user_handle = handle;
209 q.in.user_handle = handle;
213 #define TESTCALL(call, r) \
214 status = dcerpc_samr_ ##call(p, mem_ctx, &r); \
215 if (!NT_STATUS_IS_OK(status)) { \
216 printf(#call " level %u failed - %s (%s)\n", \
217 r.in.level, nt_errstr(status), __location__); \
222 #define STRING_EQUAL(s1, s2, field) \
223 if ((s1 && !s2) || (s2 && !s1) || strcmp(s1, s2)) { \
224 printf("Failed to set %s to '%s' (%s)\n", \
225 #field, s2, __location__); \
230 #define INT_EQUAL(i1, i2, field) \
232 printf("Failed to set %s to 0x%x - got 0x%x (%s)\n", \
233 #field, i2, i1, __location__); \
238 #define TEST_USERINFO_STRING(lvl1, field1, lvl2, field2, value, fpval) do { \
239 printf("field test %d/%s vs %d/%s\n", lvl1, #field1, lvl2, #field2); \
241 TESTCALL(QueryUserInfo, q) \
243 s2.in.level = lvl1; \
246 ZERO_STRUCT(u.info21); \
247 u.info21.fields_present = fpval; \
249 init_lsa_String(&u.info ## lvl1.field1, value); \
250 TESTCALL(SetUserInfo, s) \
251 TESTCALL(SetUserInfo2, s2) \
252 init_lsa_String(&u.info ## lvl1.field1, ""); \
253 TESTCALL(QueryUserInfo, q); \
255 STRING_EQUAL(u.info ## lvl1.field1.string, value, field1); \
257 TESTCALL(QueryUserInfo, q) \
259 STRING_EQUAL(u.info ## lvl2.field2.string, value, field2); \
262 #define TEST_USERINFO_INT_EXP(lvl1, field1, lvl2, field2, value, exp_value, fpval) do { \
263 printf("field test %d/%s vs %d/%s\n", lvl1, #field1, lvl2, #field2); \
265 TESTCALL(QueryUserInfo, q) \
267 s2.in.level = lvl1; \
270 uint8_t *bits = u.info21.logon_hours.bits; \
271 ZERO_STRUCT(u.info21); \
272 if (fpval == SAMR_FIELD_LOGON_HOURS) { \
273 u.info21.logon_hours.units_per_week = 168; \
274 u.info21.logon_hours.bits = bits; \
276 u.info21.fields_present = fpval; \
278 u.info ## lvl1.field1 = value; \
279 TESTCALL(SetUserInfo, s) \
280 TESTCALL(SetUserInfo2, s2) \
281 u.info ## lvl1.field1 = 0; \
282 TESTCALL(QueryUserInfo, q); \
284 INT_EQUAL(u.info ## lvl1.field1, exp_value, field1); \
286 TESTCALL(QueryUserInfo, q) \
288 INT_EQUAL(u.info ## lvl2.field2, exp_value, field1); \
291 #define TEST_USERINFO_INT(lvl1, field1, lvl2, field2, value, fpval) do { \
292 TEST_USERINFO_INT_EXP(lvl1, field1, lvl2, field2, value, value, fpval); \
296 do { TESTCALL(QueryUserInfo, q0) } while (0);
298 TEST_USERINFO_STRING(2, comment, 1, comment, "xx2-1 comment", 0);
299 TEST_USERINFO_STRING(2, comment, 21, comment, "xx2-21 comment", 0);
300 TEST_USERINFO_STRING(21, comment, 21, comment, "xx21-21 comment",
303 test_account_name = talloc_asprintf(mem_ctx, "%sxx7-1", base_account_name);
304 TEST_USERINFO_STRING(7, account_name, 1, account_name, base_account_name, 0);
305 test_account_name = talloc_asprintf(mem_ctx, "%sxx7-3", base_account_name);
306 TEST_USERINFO_STRING(7, account_name, 3, account_name, base_account_name, 0);
307 test_account_name = talloc_asprintf(mem_ctx, "%sxx7-5", base_account_name);
308 TEST_USERINFO_STRING(7, account_name, 5, account_name, base_account_name, 0);
309 test_account_name = talloc_asprintf(mem_ctx, "%sxx7-6", base_account_name);
310 TEST_USERINFO_STRING(7, account_name, 6, account_name, base_account_name, 0);
311 test_account_name = talloc_asprintf(mem_ctx, "%sxx7-7", base_account_name);
312 TEST_USERINFO_STRING(7, account_name, 7, account_name, base_account_name, 0);
313 test_account_name = talloc_asprintf(mem_ctx, "%sxx7-21", base_account_name);
314 TEST_USERINFO_STRING(7, account_name, 21, account_name, base_account_name, 0);
315 test_account_name = base_account_name;
316 TEST_USERINFO_STRING(21, account_name, 21, account_name, base_account_name,
317 SAMR_FIELD_ACCOUNT_NAME);
319 TEST_USERINFO_STRING(6, full_name, 1, full_name, "xx6-1 full_name", 0);
320 TEST_USERINFO_STRING(6, full_name, 3, full_name, "xx6-3 full_name", 0);
321 TEST_USERINFO_STRING(6, full_name, 5, full_name, "xx6-5 full_name", 0);
322 TEST_USERINFO_STRING(6, full_name, 6, full_name, "xx6-6 full_name", 0);
323 TEST_USERINFO_STRING(6, full_name, 8, full_name, "xx6-8 full_name", 0);
324 TEST_USERINFO_STRING(6, full_name, 21, full_name, "xx6-21 full_name", 0);
325 TEST_USERINFO_STRING(8, full_name, 21, full_name, "xx8-21 full_name", 0);
326 TEST_USERINFO_STRING(21, full_name, 21, full_name, "xx21-21 full_name",
327 SAMR_FIELD_FULL_NAME);
329 TEST_USERINFO_STRING(11, logon_script, 3, logon_script, "xx11-3 logon_script", 0);
330 TEST_USERINFO_STRING(11, logon_script, 5, logon_script, "xx11-5 logon_script", 0);
331 TEST_USERINFO_STRING(11, logon_script, 21, logon_script, "xx11-21 logon_script", 0);
332 TEST_USERINFO_STRING(21, logon_script, 21, logon_script, "xx21-21 logon_script",
333 SAMR_FIELD_LOGON_SCRIPT);
335 TEST_USERINFO_STRING(12, profile_path, 3, profile_path, "xx12-3 profile_path", 0);
336 TEST_USERINFO_STRING(12, profile_path, 5, profile_path, "xx12-5 profile_path", 0);
337 TEST_USERINFO_STRING(12, profile_path, 21, profile_path, "xx12-21 profile_path", 0);
338 TEST_USERINFO_STRING(21, profile_path, 21, profile_path, "xx21-21 profile_path",
339 SAMR_FIELD_PROFILE_PATH);
341 TEST_USERINFO_STRING(13, description, 1, description, "xx13-1 description", 0);
342 TEST_USERINFO_STRING(13, description, 5, description, "xx13-5 description", 0);
343 TEST_USERINFO_STRING(13, description, 21, description, "xx13-21 description", 0);
344 TEST_USERINFO_STRING(21, description, 21, description, "xx21-21 description",
345 SAMR_FIELD_DESCRIPTION);
347 TEST_USERINFO_STRING(14, workstations, 3, workstations, "14workstation3", 0);
348 TEST_USERINFO_STRING(14, workstations, 5, workstations, "14workstation4", 0);
349 TEST_USERINFO_STRING(14, workstations, 21, workstations, "14workstation21", 0);
350 TEST_USERINFO_STRING(21, workstations, 21, workstations, "21workstation21",
351 SAMR_FIELD_WORKSTATIONS);
353 TEST_USERINFO_STRING(20, parameters, 21, parameters, "xx20-21 parameters", 0);
354 TEST_USERINFO_STRING(21, parameters, 21, parameters, "xx21-21 parameters",
355 SAMR_FIELD_PARAMETERS);
357 TEST_USERINFO_INT(2, country_code, 21, country_code, __LINE__, 0);
358 TEST_USERINFO_INT(21, country_code, 21, country_code, __LINE__,
359 SAMR_FIELD_COUNTRY_CODE);
361 TEST_USERINFO_INT(2, code_page, 21, code_page, __LINE__, 0);
362 TEST_USERINFO_INT(21, code_page, 21, code_page, __LINE__,
363 SAMR_FIELD_CODE_PAGE);
365 TEST_USERINFO_INT(4, logon_hours.bits[3], 3, logon_hours.bits[3], 1, 0);
366 TEST_USERINFO_INT(4, logon_hours.bits[3], 5, logon_hours.bits[3], 2, 0);
367 TEST_USERINFO_INT(4, logon_hours.bits[3], 21, logon_hours.bits[3], 3, 0);
368 TEST_USERINFO_INT(21, logon_hours.bits[3], 21, logon_hours.bits[3], 4,
369 SAMR_FIELD_LOGON_HOURS);
371 if (lp_parm_bool(-1, "target", "samba4", False)) {
372 printf("skipping Set Account Flag tests against Samba4\n");
376 TEST_USERINFO_INT_EXP(16, acct_flags, 5, acct_flags,
377 (base_acct_flags | ACB_DISABLED | ACB_HOMDIRREQ),
378 (base_acct_flags | ACB_DISABLED | ACB_HOMDIRREQ | user_extra_flags),
380 TEST_USERINFO_INT_EXP(16, acct_flags, 5, acct_flags,
381 (base_acct_flags | ACB_DISABLED),
382 (base_acct_flags | ACB_DISABLED | user_extra_flags),
385 /* Setting PWNOEXP clears the magic ACB_PW_EXPIRED flag */
386 TEST_USERINFO_INT_EXP(16, acct_flags, 5, acct_flags,
387 (base_acct_flags | ACB_DISABLED | ACB_PWNOEXP),
388 (base_acct_flags | ACB_DISABLED | ACB_PWNOEXP),
390 TEST_USERINFO_INT_EXP(16, acct_flags, 21, acct_flags,
391 (base_acct_flags | ACB_DISABLED | ACB_HOMDIRREQ),
392 (base_acct_flags | ACB_DISABLED | ACB_HOMDIRREQ | user_extra_flags),
396 /* The 'autolock' flag doesn't stick - check this */
397 TEST_USERINFO_INT_EXP(16, acct_flags, 21, acct_flags,
398 (base_acct_flags | ACB_DISABLED | ACB_AUTOLOCK),
399 (base_acct_flags | ACB_DISABLED | user_extra_flags),
402 /* Removing the 'disabled' flag doesn't stick - check this */
403 TEST_USERINFO_INT_EXP(16, acct_flags, 21, acct_flags,
405 (base_acct_flags | ACB_DISABLED | user_extra_flags),
408 /* The 'store plaintext' flag does stick */
409 TEST_USERINFO_INT_EXP(16, acct_flags, 21, acct_flags,
410 (base_acct_flags | ACB_DISABLED | ACB_ENC_TXT_PWD_ALLOWED),
411 (base_acct_flags | ACB_DISABLED | ACB_ENC_TXT_PWD_ALLOWED | user_extra_flags),
413 /* The 'use DES' flag does stick */
414 TEST_USERINFO_INT_EXP(16, acct_flags, 21, acct_flags,
415 (base_acct_flags | ACB_DISABLED | ACB_USE_DES_KEY_ONLY),
416 (base_acct_flags | ACB_DISABLED | ACB_USE_DES_KEY_ONLY | user_extra_flags),
418 /* The 'don't require kerberos pre-authentication flag does stick */
419 TEST_USERINFO_INT_EXP(16, acct_flags, 21, acct_flags,
420 (base_acct_flags | ACB_DISABLED | ACB_DONT_REQUIRE_PREAUTH),
421 (base_acct_flags | ACB_DISABLED | ACB_DONT_REQUIRE_PREAUTH | user_extra_flags),
423 /* The 'no kerberos PAC required' flag sticks */
424 TEST_USERINFO_INT_EXP(16, acct_flags, 21, acct_flags,
425 (base_acct_flags | ACB_DISABLED | ACB_NO_AUTH_DATA_REQD),
426 (base_acct_flags | ACB_DISABLED | ACB_NO_AUTH_DATA_REQD | user_extra_flags),
429 TEST_USERINFO_INT_EXP(21, acct_flags, 21, acct_flags,
430 (base_acct_flags | ACB_DISABLED),
431 (base_acct_flags | ACB_DISABLED | user_extra_flags),
432 SAMR_FIELD_ACCT_FLAGS);
435 /* these fail with win2003 - it appears you can't set the primary gid?
436 the set succeeds, but the gid isn't changed. Very weird! */
437 TEST_USERINFO_INT(9, primary_gid, 1, primary_gid, 513);
438 TEST_USERINFO_INT(9, primary_gid, 3, primary_gid, 513);
439 TEST_USERINFO_INT(9, primary_gid, 5, primary_gid, 513);
440 TEST_USERINFO_INT(9, primary_gid, 21, primary_gid, 513);
447 generate a random password for password change tests
449 static char *samr_rand_pass(TALLOC_CTX *mem_ctx, int min_len)
451 size_t len = MAX(8, min_len) + (random() % 6);
452 char *s = generate_random_str(mem_ctx, len);
453 printf("Generated password '%s'\n", s);
457 static BOOL test_SetUserPass(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
458 struct policy_handle *handle, char **password)
461 struct samr_SetUserInfo s;
462 union samr_UserInfo u;
464 DATA_BLOB session_key;
466 struct samr_GetUserPwInfo pwp;
467 int policy_min_pw_len = 0;
468 pwp.in.user_handle = handle;
470 status = dcerpc_samr_GetUserPwInfo(p, mem_ctx, &pwp);
471 if (NT_STATUS_IS_OK(status)) {
472 policy_min_pw_len = pwp.out.info.min_password_length;
474 newpass = samr_rand_pass(mem_ctx, policy_min_pw_len);
476 s.in.user_handle = handle;
480 encode_pw_buffer(u.info24.password.data, newpass, STR_UNICODE);
481 /* w2k3 ignores this length */
482 u.info24.pw_len = strlen_m(newpass) * 2;
484 status = dcerpc_fetch_session_key(p, &session_key);
485 if (!NT_STATUS_IS_OK(status)) {
486 printf("SetUserInfo level %u - no session key - %s\n",
487 s.in.level, nt_errstr(status));
491 arcfour_crypt_blob(u.info24.password.data, 516, &session_key);
493 printf("Testing SetUserInfo level 24 (set password)\n");
495 status = dcerpc_samr_SetUserInfo(p, mem_ctx, &s);
496 if (!NT_STATUS_IS_OK(status)) {
497 printf("SetUserInfo level %u failed - %s\n",
498 s.in.level, nt_errstr(status));
508 static BOOL test_SetUserPass_23(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
509 struct policy_handle *handle, uint32_t fields_present,
513 struct samr_SetUserInfo s;
514 union samr_UserInfo u;
516 DATA_BLOB session_key;
518 struct samr_GetUserPwInfo pwp;
519 int policy_min_pw_len = 0;
520 pwp.in.user_handle = handle;
522 status = dcerpc_samr_GetUserPwInfo(p, mem_ctx, &pwp);
523 if (NT_STATUS_IS_OK(status)) {
524 policy_min_pw_len = pwp.out.info.min_password_length;
526 newpass = samr_rand_pass(mem_ctx, policy_min_pw_len);
528 s.in.user_handle = handle;
534 u.info23.info.fields_present = fields_present;
536 encode_pw_buffer(u.info23.password.data, newpass, STR_UNICODE);
538 status = dcerpc_fetch_session_key(p, &session_key);
539 if (!NT_STATUS_IS_OK(status)) {
540 printf("SetUserInfo level %u - no session key - %s\n",
541 s.in.level, nt_errstr(status));
545 arcfour_crypt_blob(u.info23.password.data, 516, &session_key);
547 printf("Testing SetUserInfo level 23 (set password)\n");
549 status = dcerpc_samr_SetUserInfo(p, mem_ctx, &s);
550 if (!NT_STATUS_IS_OK(status)) {
551 printf("SetUserInfo level %u failed - %s\n",
552 s.in.level, nt_errstr(status));
562 static BOOL test_SetUserPassEx(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
563 struct policy_handle *handle, char **password)
566 struct samr_SetUserInfo s;
567 union samr_UserInfo u;
569 DATA_BLOB session_key;
570 DATA_BLOB confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16);
571 uint8_t confounder[16];
573 struct MD5Context ctx;
574 struct samr_GetUserPwInfo pwp;
575 int policy_min_pw_len = 0;
576 pwp.in.user_handle = handle;
578 status = dcerpc_samr_GetUserPwInfo(p, mem_ctx, &pwp);
579 if (NT_STATUS_IS_OK(status)) {
580 policy_min_pw_len = pwp.out.info.min_password_length;
582 newpass = samr_rand_pass(mem_ctx, policy_min_pw_len);
584 s.in.user_handle = handle;
588 encode_pw_buffer(u.info26.password.data, newpass, STR_UNICODE);
589 u.info26.pw_len = strlen(newpass);
591 status = dcerpc_fetch_session_key(p, &session_key);
592 if (!NT_STATUS_IS_OK(status)) {
593 printf("SetUserInfo level %u - no session key - %s\n",
594 s.in.level, nt_errstr(status));
598 generate_random_buffer((uint8_t *)confounder, 16);
601 MD5Update(&ctx, confounder, 16);
602 MD5Update(&ctx, session_key.data, session_key.length);
603 MD5Final(confounded_session_key.data, &ctx);
605 arcfour_crypt_blob(u.info26.password.data, 516, &confounded_session_key);
606 memcpy(&u.info26.password.data[516], confounder, 16);
608 printf("Testing SetUserInfo level 26 (set password ex)\n");
610 status = dcerpc_samr_SetUserInfo(p, mem_ctx, &s);
611 if (!NT_STATUS_IS_OK(status)) {
612 printf("SetUserInfo level %u failed - %s\n",
613 s.in.level, nt_errstr(status));
622 static BOOL test_SetUserPass_25(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
623 struct policy_handle *handle, uint32_t fields_present,
627 struct samr_SetUserInfo s;
628 union samr_UserInfo u;
630 DATA_BLOB session_key;
631 DATA_BLOB confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16);
632 struct MD5Context ctx;
633 uint8_t confounder[16];
635 struct samr_GetUserPwInfo pwp;
636 int policy_min_pw_len = 0;
637 pwp.in.user_handle = handle;
639 status = dcerpc_samr_GetUserPwInfo(p, mem_ctx, &pwp);
640 if (NT_STATUS_IS_OK(status)) {
641 policy_min_pw_len = pwp.out.info.min_password_length;
643 newpass = samr_rand_pass(mem_ctx, policy_min_pw_len);
645 s.in.user_handle = handle;
651 u.info25.info.fields_present = fields_present;
653 encode_pw_buffer(u.info25.password.data, newpass, STR_UNICODE);
655 status = dcerpc_fetch_session_key(p, &session_key);
656 if (!NT_STATUS_IS_OK(status)) {
657 printf("SetUserInfo level %u - no session key - %s\n",
658 s.in.level, nt_errstr(status));
662 generate_random_buffer((uint8_t *)confounder, 16);
665 MD5Update(&ctx, confounder, 16);
666 MD5Update(&ctx, session_key.data, session_key.length);
667 MD5Final(confounded_session_key.data, &ctx);
669 arcfour_crypt_blob(u.info25.password.data, 516, &confounded_session_key);
670 memcpy(&u.info25.password.data[516], confounder, 16);
672 printf("Testing SetUserInfo level 25 (set password ex)\n");
674 status = dcerpc_samr_SetUserInfo(p, mem_ctx, &s);
675 if (!NT_STATUS_IS_OK(status)) {
676 printf("SetUserInfo level %u failed - %s\n",
677 s.in.level, nt_errstr(status));
686 static BOOL test_SetAliasInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
687 struct policy_handle *handle)
690 struct samr_SetAliasInfo r;
691 struct samr_QueryAliasInfo q;
692 uint16_t levels[] = {2, 3};
696 /* Ignoring switch level 1, as that includes the number of members for the alias
697 * and setting this to a wrong value might have negative consequences
700 for (i=0;i<ARRAY_SIZE(levels);i++) {
701 printf("Testing SetAliasInfo level %u\n", levels[i]);
703 r.in.alias_handle = handle;
704 r.in.level = levels[i];
705 r.in.info = talloc(mem_ctx, union samr_AliasInfo);
706 switch (r.in.level) {
707 case ALIASINFONAME: init_lsa_String(&r.in.info->name,TEST_ALIASNAME); break;
708 case ALIASINFODESCRIPTION: init_lsa_String(&r.in.info->description,
709 "Test Description, should test I18N as well"); break;
712 status = dcerpc_samr_SetAliasInfo(p, mem_ctx, &r);
713 if (!NT_STATUS_IS_OK(status)) {
714 printf("SetAliasInfo level %u failed - %s\n",
715 levels[i], nt_errstr(status));
719 q.in.alias_handle = handle;
720 q.in.level = levels[i];
722 status = dcerpc_samr_QueryAliasInfo(p, mem_ctx, &q);
723 if (!NT_STATUS_IS_OK(status)) {
724 printf("QueryAliasInfo level %u failed - %s\n",
725 levels[i], nt_errstr(status));
733 static BOOL test_GetGroupsForUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
734 struct policy_handle *user_handle)
736 struct samr_GetGroupsForUser r;
740 printf("testing GetGroupsForUser\n");
742 r.in.user_handle = user_handle;
744 status = dcerpc_samr_GetGroupsForUser(p, mem_ctx, &r);
745 if (!NT_STATUS_IS_OK(status)) {
746 printf("GetGroupsForUser failed - %s\n",nt_errstr(status));
754 static BOOL test_GetDomPwInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
755 struct lsa_String *domain_name)
758 struct samr_GetDomPwInfo r;
761 r.in.domain_name = domain_name;
762 printf("Testing GetDomPwInfo with name %s\n", r.in.domain_name->string);
764 status = dcerpc_samr_GetDomPwInfo(p, mem_ctx, &r);
765 if (!NT_STATUS_IS_OK(status)) {
766 printf("GetDomPwInfo failed - %s\n", nt_errstr(status));
770 r.in.domain_name->string = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
771 printf("Testing GetDomPwInfo with name %s\n", r.in.domain_name->string);
773 status = dcerpc_samr_GetDomPwInfo(p, mem_ctx, &r);
774 if (!NT_STATUS_IS_OK(status)) {
775 printf("GetDomPwInfo failed - %s\n", nt_errstr(status));
779 r.in.domain_name->string = "\\\\__NONAME__";
780 printf("Testing GetDomPwInfo with name %s\n", r.in.domain_name->string);
782 status = dcerpc_samr_GetDomPwInfo(p, mem_ctx, &r);
783 if (!NT_STATUS_IS_OK(status)) {
784 printf("GetDomPwInfo failed - %s\n", nt_errstr(status));
788 r.in.domain_name->string = "\\\\Builtin";
789 printf("Testing GetDomPwInfo with name %s\n", r.in.domain_name->string);
791 status = dcerpc_samr_GetDomPwInfo(p, mem_ctx, &r);
792 if (!NT_STATUS_IS_OK(status)) {
793 printf("GetDomPwInfo failed - %s\n", nt_errstr(status));
801 static BOOL test_GetUserPwInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
802 struct policy_handle *handle)
805 struct samr_GetUserPwInfo r;
808 printf("Testing GetUserPwInfo\n");
810 r.in.user_handle = handle;
812 status = dcerpc_samr_GetUserPwInfo(p, mem_ctx, &r);
813 if (!NT_STATUS_IS_OK(status)) {
814 printf("GetUserPwInfo failed - %s\n", nt_errstr(status));
821 static NTSTATUS test_LookupName(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
822 struct policy_handle *domain_handle, const char *name,
826 struct samr_LookupNames n;
827 struct lsa_String sname[2];
829 init_lsa_String(&sname[0], name);
831 n.in.domain_handle = domain_handle;
834 status = dcerpc_samr_LookupNames(p, mem_ctx, &n);
835 if (NT_STATUS_IS_OK(status)) {
836 *rid = n.out.rids.ids[0];
841 init_lsa_String(&sname[1], "xxNONAMExx");
843 status = dcerpc_samr_LookupNames(p, mem_ctx, &n);
844 if (!NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) {
845 printf("LookupNames[2] failed - %s\n", nt_errstr(status));
849 init_lsa_String(&sname[1], "xxNONAMExx");
851 status = dcerpc_samr_LookupNames(p, mem_ctx, &n);
852 if (!NT_STATUS_IS_OK(status)) {
853 printf("LookupNames[0] failed - %s\n", nt_errstr(status));
859 static NTSTATUS test_OpenUser_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
860 struct policy_handle *domain_handle,
861 const char *name, struct policy_handle *user_handle)
864 struct samr_OpenUser r;
867 status = test_LookupName(p, mem_ctx, domain_handle, name, &rid);
868 if (!NT_STATUS_IS_OK(status)) {
872 r.in.domain_handle = domain_handle;
873 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
875 r.out.user_handle = user_handle;
876 status = dcerpc_samr_OpenUser(p, mem_ctx, &r);
877 if (!NT_STATUS_IS_OK(status)) {
878 printf("OpenUser_byname(%s -> %d) failed - %s\n", name, rid, nt_errstr(status));
885 static BOOL test_ChangePasswordNT3(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
886 struct policy_handle *handle)
889 struct samr_ChangePasswordUser r;
891 struct samr_Password hash1, hash2, hash3, hash4, hash5, hash6;
892 struct policy_handle user_handle;
893 char *oldpass = "test";
894 char *newpass = "test2";
895 uint8_t old_nt_hash[16], new_nt_hash[16];
896 uint8_t old_lm_hash[16], new_lm_hash[16];
898 status = test_OpenUser_byname(p, mem_ctx, handle, "testuser", &user_handle);
899 if (!NT_STATUS_IS_OK(status)) {
903 printf("Testing ChangePasswordUser for user 'testuser'\n");
905 printf("old password: %s\n", oldpass);
906 printf("new password: %s\n", newpass);
908 E_md4hash(oldpass, old_nt_hash);
909 E_md4hash(newpass, new_nt_hash);
910 E_deshash(oldpass, old_lm_hash);
911 E_deshash(newpass, new_lm_hash);
913 E_old_pw_hash(new_lm_hash, old_lm_hash, hash1.hash);
914 E_old_pw_hash(old_lm_hash, new_lm_hash, hash2.hash);
915 E_old_pw_hash(new_nt_hash, old_nt_hash, hash3.hash);
916 E_old_pw_hash(old_nt_hash, new_nt_hash, hash4.hash);
917 E_old_pw_hash(old_lm_hash, new_nt_hash, hash5.hash);
918 E_old_pw_hash(old_nt_hash, new_lm_hash, hash6.hash);
920 r.in.handle = &user_handle;
922 r.in.old_lm_crypted = &hash1;
923 r.in.new_lm_crypted = &hash2;
925 r.in.old_nt_crypted = &hash3;
926 r.in.new_nt_crypted = &hash4;
927 r.in.cross1_present = 1;
928 r.in.nt_cross = &hash5;
929 r.in.cross2_present = 1;
930 r.in.lm_cross = &hash6;
932 status = dcerpc_samr_ChangePasswordUser(p, mem_ctx, &r);
933 if (!NT_STATUS_IS_OK(status)) {
934 printf("ChangePasswordUser failed - %s\n", nt_errstr(status));
938 if (!test_samr_handle_Close(p, mem_ctx, &user_handle)) {
946 static BOOL test_ChangePasswordUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
947 const char *acct_name,
948 struct policy_handle *handle, char **password)
951 struct samr_ChangePasswordUser r;
953 struct samr_Password hash1, hash2, hash3, hash4, hash5, hash6;
954 struct policy_handle user_handle;
956 uint8_t old_nt_hash[16], new_nt_hash[16];
957 uint8_t old_lm_hash[16], new_lm_hash[16];
960 struct samr_GetUserPwInfo pwp;
961 int policy_min_pw_len = 0;
963 status = test_OpenUser_byname(p, mem_ctx, handle, acct_name, &user_handle);
964 if (!NT_STATUS_IS_OK(status)) {
967 pwp.in.user_handle = &user_handle;
969 status = dcerpc_samr_GetUserPwInfo(p, mem_ctx, &pwp);
970 if (NT_STATUS_IS_OK(status)) {
971 policy_min_pw_len = pwp.out.info.min_password_length;
973 newpass = samr_rand_pass(mem_ctx, policy_min_pw_len);
975 printf("Testing ChangePasswordUser\n");
978 printf("Failing ChangePasswordUser as old password was NULL. Previous test failed?\n");
984 E_md4hash(oldpass, old_nt_hash);
985 E_md4hash(newpass, new_nt_hash);
986 E_deshash(oldpass, old_lm_hash);
987 E_deshash(newpass, new_lm_hash);
989 E_old_pw_hash(new_lm_hash, old_lm_hash, hash1.hash);
990 E_old_pw_hash(old_lm_hash, new_lm_hash, hash2.hash);
991 E_old_pw_hash(new_nt_hash, old_nt_hash, hash3.hash);
992 E_old_pw_hash(old_nt_hash, new_nt_hash, hash4.hash);
993 E_old_pw_hash(old_lm_hash, new_nt_hash, hash5.hash);
994 E_old_pw_hash(old_nt_hash, new_lm_hash, hash6.hash);
996 r.in.user_handle = &user_handle;
998 r.in.old_lm_crypted = &hash1;
999 r.in.new_lm_crypted = &hash2;
1000 r.in.nt_present = 1;
1001 r.in.old_nt_crypted = &hash3;
1002 r.in.new_nt_crypted = &hash4;
1003 r.in.cross1_present = 1;
1004 r.in.nt_cross = &hash5;
1005 r.in.cross2_present = 1;
1006 r.in.lm_cross = &hash6;
1008 status = dcerpc_samr_ChangePasswordUser(p, mem_ctx, &r);
1009 if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) {
1010 printf("ChangePasswordUser returned: %s perhaps min password age? (not fatal)\n", nt_errstr(status));
1011 } else if (!NT_STATUS_IS_OK(status)) {
1012 printf("ChangePasswordUser failed - %s\n", nt_errstr(status));
1015 *password = newpass;
1018 if (!test_samr_handle_Close(p, mem_ctx, &user_handle)) {
1026 static BOOL test_OemChangePasswordUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1027 const char *acct_name,
1028 struct policy_handle *handle, char **password)
1031 struct samr_OemChangePasswordUser2 r;
1033 struct samr_Password lm_verifier;
1034 struct samr_CryptPassword lm_pass;
1035 struct lsa_AsciiString server, account, account_bad;
1038 uint8_t old_lm_hash[16], new_lm_hash[16];
1040 struct samr_GetDomPwInfo dom_pw_info;
1041 int policy_min_pw_len = 0;
1043 struct lsa_String domain_name;
1045 domain_name.string = "";
1046 dom_pw_info.in.domain_name = &domain_name;
1048 printf("Testing OemChangePasswordUser2\n");
1051 printf("Failing OemChangePasswordUser2 as old password was NULL. Previous test failed?\n");
1055 oldpass = *password;
1057 status = dcerpc_samr_GetDomPwInfo(p, mem_ctx, &dom_pw_info);
1058 if (NT_STATUS_IS_OK(status)) {
1059 policy_min_pw_len = dom_pw_info.out.info.min_password_length;
1062 newpass = samr_rand_pass(mem_ctx, policy_min_pw_len);
1064 server.string = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
1065 account.string = acct_name;
1067 E_deshash(oldpass, old_lm_hash);
1068 E_deshash(newpass, new_lm_hash);
1070 encode_pw_buffer(lm_pass.data, newpass, STR_ASCII);
1071 arcfour_crypt(lm_pass.data, old_lm_hash, 516);
1072 E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash);
1074 r.in.server = &server;
1075 r.in.account = &account;
1076 r.in.password = &lm_pass;
1077 r.in.hash = &lm_verifier;
1079 /* Break the verification */
1080 lm_verifier.hash[0]++;
1082 status = dcerpc_samr_OemChangePasswordUser2(p, mem_ctx, &r);
1084 if (!NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)
1085 && !NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
1086 printf("ChangePasswordUser3 failed, should have returned WRONG_PASSWORD (or at least 'PASSWORD_RESTRICTON') for invalid password verifier - %s\n",
1091 /* This shouldn't be a valid name */
1092 account_bad.string = TEST_ACCOUNT_NAME "XX";
1093 r.in.account = &account_bad;
1095 status = dcerpc_samr_OemChangePasswordUser2(p, mem_ctx, &r);
1097 if (!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
1098 printf("ChangePasswordUser3 failed, should have returned WRONG_PASSWORD for invalid user - %s\n",
1103 E_deshash(oldpass, old_lm_hash);
1104 E_deshash(newpass, new_lm_hash);
1106 encode_pw_buffer(lm_pass.data, newpass, STR_ASCII);
1107 arcfour_crypt(lm_pass.data, old_lm_hash, 516);
1108 E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash);
1110 r.in.server = &server;
1111 r.in.account = &account;
1112 r.in.password = &lm_pass;
1113 r.in.hash = &lm_verifier;
1115 status = dcerpc_samr_OemChangePasswordUser2(p, mem_ctx, &r);
1116 if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) {
1117 printf("OemChangePasswordUser2 returned: %s perhaps min password age? (not fatal)\n", nt_errstr(status));
1118 } else if (!NT_STATUS_IS_OK(status)) {
1119 printf("OemChangePasswordUser2 failed - %s\n", nt_errstr(status));
1122 *password = newpass;
1129 static BOOL test_ChangePasswordUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1130 const char *acct_name,
1131 struct policy_handle *handle, char **password)
1134 struct samr_ChangePasswordUser2 r;
1136 struct lsa_String server, account;
1137 struct samr_CryptPassword nt_pass, lm_pass;
1138 struct samr_Password nt_verifier, lm_verifier;
1141 uint8_t old_nt_hash[16], new_nt_hash[16];
1142 uint8_t old_lm_hash[16], new_lm_hash[16];
1144 struct samr_GetDomPwInfo dom_pw_info;
1145 int policy_min_pw_len = 0;
1147 struct lsa_String domain_name;
1150 domain_name.string = "";
1151 dom_pw_info.in.domain_name = &domain_name;
1153 printf("Testing ChangePasswordUser2\n");
1156 printf("Failing ChangePasswordUser3 as old password was NULL. Previous test failed?\n");
1159 oldpass = *password;
1161 status = dcerpc_samr_GetDomPwInfo(p, mem_ctx, &dom_pw_info);
1162 if (NT_STATUS_IS_OK(status)) {
1163 policy_min_pw_len = dom_pw_info.out.info.min_password_length;
1166 newpass = samr_rand_pass(mem_ctx, policy_min_pw_len);
1168 server.string = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
1169 init_lsa_String(&account, acct_name);
1171 E_md4hash(oldpass, old_nt_hash);
1172 E_md4hash(newpass, new_nt_hash);
1174 E_deshash(oldpass, old_lm_hash);
1175 E_deshash(newpass, new_lm_hash);
1177 encode_pw_buffer(lm_pass.data, newpass, STR_ASCII|STR_TERMINATE);
1178 arcfour_crypt(lm_pass.data, old_lm_hash, 516);
1179 E_old_pw_hash(new_nt_hash, old_lm_hash, lm_verifier.hash);
1181 encode_pw_buffer(nt_pass.data, newpass, STR_UNICODE);
1182 arcfour_crypt(nt_pass.data, old_nt_hash, 516);
1183 E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
1185 r.in.server = &server;
1186 r.in.account = &account;
1187 r.in.nt_password = &nt_pass;
1188 r.in.nt_verifier = &nt_verifier;
1190 r.in.lm_password = &lm_pass;
1191 r.in.lm_verifier = &lm_verifier;
1193 status = dcerpc_samr_ChangePasswordUser2(p, mem_ctx, &r);
1194 if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) {
1195 printf("ChangePasswordUser2 returned: %s perhaps min password age? (not fatal)\n", nt_errstr(status));
1196 } else if (!NT_STATUS_IS_OK(status)) {
1197 printf("ChangePasswordUser2 failed - %s\n", nt_errstr(status));
1200 *password = newpass;
1207 BOOL test_ChangePasswordUser3(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1208 const char *account_string,
1209 int policy_min_pw_len,
1213 struct samr_ChangePasswordUser3 r;
1215 struct lsa_String server, account, account_bad;
1216 struct samr_CryptPassword nt_pass, lm_pass;
1217 struct samr_Password nt_verifier, lm_verifier;
1219 char *newpass = samr_rand_pass(mem_ctx, policy_min_pw_len);
1220 uint8_t old_nt_hash[16], new_nt_hash[16];
1221 uint8_t old_lm_hash[16], new_lm_hash[16];
1223 printf("Testing ChangePasswordUser3\n");
1226 printf("Failing ChangePasswordUser3 as old password was NULL. Previous test failed?\n");
1230 oldpass = *password;
1231 server.string = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
1232 init_lsa_String(&account, account_string);
1234 E_md4hash(oldpass, old_nt_hash);
1235 E_md4hash(newpass, new_nt_hash);
1237 E_deshash(oldpass, old_lm_hash);
1238 E_deshash(newpass, new_lm_hash);
1240 encode_pw_buffer(lm_pass.data, newpass, STR_UNICODE);
1241 arcfour_crypt(lm_pass.data, old_nt_hash, 516);
1242 E_old_pw_hash(new_nt_hash, old_lm_hash, lm_verifier.hash);
1244 encode_pw_buffer(nt_pass.data, newpass, STR_UNICODE);
1245 arcfour_crypt(nt_pass.data, old_nt_hash, 516);
1246 E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
1248 /* Break the verification */
1249 nt_verifier.hash[0]++;
1251 r.in.server = &server;
1252 r.in.account = &account;
1253 r.in.nt_password = &nt_pass;
1254 r.in.nt_verifier = &nt_verifier;
1256 r.in.lm_password = &lm_pass;
1257 r.in.lm_verifier = &lm_verifier;
1258 r.in.password3 = NULL;
1260 status = dcerpc_samr_ChangePasswordUser3(p, mem_ctx, &r);
1261 if (!NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION) &&
1262 (!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD))) {
1263 printf("ChangePasswordUser3 failed, should have returned WRONG_PASSWORD (or at least 'PASSWORD_RESTRICTON') for invalid password verifier - %s\n",
1268 /* This shouldn't be a valid name */
1269 init_lsa_String(&account_bad, talloc_asprintf(mem_ctx, "%sXX", account_string));
1271 r.in.account = &account_bad;
1272 status = dcerpc_samr_ChangePasswordUser3(p, mem_ctx, &r);
1273 if (!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
1274 printf("ChangePasswordUser3 failed, should have returned WRONG_PASSWORD for invalid username - %s\n",
1279 E_md4hash(oldpass, old_nt_hash);
1280 E_md4hash(newpass, new_nt_hash);
1282 E_deshash(oldpass, old_lm_hash);
1283 E_deshash(newpass, new_lm_hash);
1285 encode_pw_buffer(lm_pass.data, newpass, STR_UNICODE);
1286 arcfour_crypt(lm_pass.data, old_nt_hash, 516);
1287 E_old_pw_hash(new_nt_hash, old_lm_hash, lm_verifier.hash);
1289 encode_pw_buffer(nt_pass.data, newpass, STR_UNICODE);
1290 arcfour_crypt(nt_pass.data, old_nt_hash, 516);
1291 E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
1293 r.in.server = &server;
1294 r.in.account = &account;
1295 r.in.nt_password = &nt_pass;
1296 r.in.nt_verifier = &nt_verifier;
1298 r.in.lm_password = &lm_pass;
1299 r.in.lm_verifier = &lm_verifier;
1300 r.in.password3 = NULL;
1302 status = dcerpc_samr_ChangePasswordUser3(p, mem_ctx, &r);
1303 if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)
1304 && !policy_min_pw_len) {
1305 if (r.out.dominfo) {
1306 policy_min_pw_len = r.out.dominfo->min_password_length;
1308 if (policy_min_pw_len) /* try again with the right min password length */ {
1309 ret = test_ChangePasswordUser3(p, mem_ctx, account_string, policy_min_pw_len, password);
1311 printf("ChangePasswordUser3 failed (no min length known) - %s\n", nt_errstr(status));
1314 } else if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) {
1315 printf("ChangePasswordUser3 returned: %s perhaps min password age? (not fatal)\n", nt_errstr(status));
1316 } else if (!NT_STATUS_IS_OK(status)) {
1317 printf("ChangePasswordUser3 failed - %s\n", nt_errstr(status));
1320 *password = newpass;
1327 static BOOL test_GetMembersInAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1328 struct policy_handle *alias_handle)
1330 struct samr_GetMembersInAlias r;
1331 struct lsa_SidArray sids;
1335 printf("Testing GetMembersInAlias\n");
1337 r.in.alias_handle = alias_handle;
1340 status = dcerpc_samr_GetMembersInAlias(p, mem_ctx, &r);
1341 if (!NT_STATUS_IS_OK(status)) {
1342 printf("GetMembersInAlias failed - %s\n",
1350 static BOOL test_AddMemberToAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1351 struct policy_handle *alias_handle,
1352 const struct dom_sid *domain_sid)
1354 struct samr_AddAliasMember r;
1355 struct samr_DeleteAliasMember d;
1358 struct dom_sid *sid;
1360 sid = dom_sid_add_rid(mem_ctx, domain_sid, 512);
1362 printf("testing AddAliasMember\n");
1363 r.in.alias_handle = alias_handle;
1366 status = dcerpc_samr_AddAliasMember(p, mem_ctx, &r);
1367 if (!NT_STATUS_IS_OK(status)) {
1368 printf("AddAliasMember failed - %s\n", nt_errstr(status));
1372 d.in.alias_handle = alias_handle;
1375 status = dcerpc_samr_DeleteAliasMember(p, mem_ctx, &d);
1376 if (!NT_STATUS_IS_OK(status)) {
1377 printf("DelAliasMember failed - %s\n", nt_errstr(status));
1384 static BOOL test_AddMultipleMembersToAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1385 struct policy_handle *alias_handle)
1387 struct samr_AddMultipleMembersToAlias a;
1388 struct samr_RemoveMultipleMembersFromAlias r;
1391 struct lsa_SidArray sids;
1393 printf("testing AddMultipleMembersToAlias\n");
1394 a.in.alias_handle = alias_handle;
1398 sids.sids = talloc_array(mem_ctx, struct lsa_SidPtr, 3);
1400 sids.sids[0].sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-1-2-3-1");
1401 sids.sids[1].sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-1-2-3-2");
1402 sids.sids[2].sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-1-2-3-3");
1404 status = dcerpc_samr_AddMultipleMembersToAlias(p, mem_ctx, &a);
1405 if (!NT_STATUS_IS_OK(status)) {
1406 printf("AddMultipleMembersToAlias failed - %s\n", nt_errstr(status));
1411 printf("testing RemoveMultipleMembersFromAlias\n");
1412 r.in.alias_handle = alias_handle;
1415 status = dcerpc_samr_RemoveMultipleMembersFromAlias(p, mem_ctx, &r);
1416 if (!NT_STATUS_IS_OK(status)) {
1417 printf("RemoveMultipleMembersFromAlias failed - %s\n", nt_errstr(status));
1421 /* strange! removing twice doesn't give any error */
1422 status = dcerpc_samr_RemoveMultipleMembersFromAlias(p, mem_ctx, &r);
1423 if (!NT_STATUS_IS_OK(status)) {
1424 printf("RemoveMultipleMembersFromAlias failed - %s\n", nt_errstr(status));
1428 /* but removing an alias that isn't there does */
1429 sids.sids[2].sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-1-2-3-4");
1431 status = dcerpc_samr_RemoveMultipleMembersFromAlias(p, mem_ctx, &r);
1432 if (!NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_NOT_FOUND, status)) {
1433 printf("RemoveMultipleMembersFromAlias failed - %s\n", nt_errstr(status));
1440 static BOOL test_TestPrivateFunctionsUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1441 struct policy_handle *user_handle)
1443 struct samr_TestPrivateFunctionsUser r;
1447 printf("Testing TestPrivateFunctionsUser\n");
1449 r.in.user_handle = user_handle;
1451 status = dcerpc_samr_TestPrivateFunctionsUser(p, mem_ctx, &r);
1452 if (!NT_STATUS_EQUAL(NT_STATUS_NOT_IMPLEMENTED, status)) {
1453 printf("TestPrivateFunctionsUser failed - %s\n", nt_errstr(status));
1461 static BOOL test_user_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1462 struct policy_handle *user_handle,
1463 struct policy_handle *domain_handle,
1464 uint32_t base_acct_flags,
1465 const char *base_acct_name, enum torture_samr_choice which_ops)
1467 TALLOC_CTX *user_ctx;
1468 char *password = NULL;
1472 const uint32_t password_fields[] = {
1473 SAMR_FIELD_PASSWORD,
1474 SAMR_FIELD_PASSWORD2,
1475 SAMR_FIELD_PASSWORD | SAMR_FIELD_PASSWORD2,
1479 user_ctx = talloc_named(mem_ctx, 0, "test_user_ops per-user context");
1480 switch (which_ops) {
1481 case TORTURE_SAMR_USER_ATTRIBUTES:
1482 if (!test_QuerySecurity(p, user_ctx, user_handle)) {
1486 if (!test_QueryUserInfo(p, user_ctx, user_handle)) {
1490 if (!test_QueryUserInfo2(p, user_ctx, user_handle)) {
1494 if (!test_SetUserInfo(p, user_ctx, user_handle, base_acct_flags,
1499 if (!test_GetUserPwInfo(p, user_ctx, user_handle)) {
1503 if (!test_TestPrivateFunctionsUser(p, user_ctx, user_handle)) {
1507 if (!test_SetUserPass(p, user_ctx, user_handle, &password)) {
1511 case TORTURE_SAMR_PASSWORDS:
1512 for (i = 0; password_fields[i]; i++) {
1513 if (!test_SetUserPass_23(p, user_ctx, user_handle, password_fields[i], &password)) {
1517 /* check it was set right */
1518 if (!test_ChangePasswordUser3(p, user_ctx, base_acct_name, 0, &password)) {
1523 for (i = 0; password_fields[i]; i++) {
1524 if (!test_SetUserPass_25(p, user_ctx, user_handle, password_fields[i], &password)) {
1528 /* check it was set right */
1529 if (!test_ChangePasswordUser3(p, user_ctx, base_acct_name, 0, &password)) {
1534 if (!test_SetUserPassEx(p, user_ctx, user_handle, &password)) {
1538 if (!test_ChangePassword(p, user_ctx, base_acct_name, domain_handle, &password)) {
1542 case TORTURE_SAMR_OTHER:
1543 /* We just need the account to exist */
1546 talloc_free(user_ctx);
1550 static BOOL test_alias_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1551 struct policy_handle *alias_handle,
1552 const struct dom_sid *domain_sid)
1556 if (!test_QuerySecurity(p, mem_ctx, alias_handle)) {
1560 if (!test_QueryAliasInfo(p, mem_ctx, alias_handle)) {
1564 if (!test_SetAliasInfo(p, mem_ctx, alias_handle)) {
1568 if (!test_AddMemberToAlias(p, mem_ctx, alias_handle, domain_sid)) {
1572 if (lp_parm_bool(-1, "target", "samba4", False)) {
1573 printf("skipping MultipleMembers Alias tests against Samba4\n");
1577 if (!test_AddMultipleMembersToAlias(p, mem_ctx, alias_handle)) {
1585 static BOOL test_DeleteUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1586 struct policy_handle *user_handle)
1588 struct samr_DeleteUser d;
1591 printf("Testing DeleteUser\n");
1593 d.in.user_handle = user_handle;
1594 d.out.user_handle = user_handle;
1596 status = dcerpc_samr_DeleteUser(p, mem_ctx, &d);
1597 if (!NT_STATUS_IS_OK(status)) {
1598 printf("DeleteUser failed - %s\n", nt_errstr(status));
1605 BOOL test_DeleteUser_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1606 struct policy_handle *handle, const char *name)
1609 struct samr_DeleteUser d;
1610 struct policy_handle user_handle;
1613 status = test_LookupName(p, mem_ctx, handle, name, &rid);
1614 if (!NT_STATUS_IS_OK(status)) {
1618 status = test_OpenUser_byname(p, mem_ctx, handle, name, &user_handle);
1619 if (!NT_STATUS_IS_OK(status)) {
1623 d.in.user_handle = &user_handle;
1624 d.out.user_handle = &user_handle;
1625 status = dcerpc_samr_DeleteUser(p, mem_ctx, &d);
1626 if (!NT_STATUS_IS_OK(status)) {
1633 printf("DeleteUser_byname(%s) failed - %s\n", name, nt_errstr(status));
1638 static BOOL test_DeleteGroup_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1639 struct policy_handle *handle, const char *name)
1642 struct samr_OpenGroup r;
1643 struct samr_DeleteDomainGroup d;
1644 struct policy_handle group_handle;
1647 status = test_LookupName(p, mem_ctx, handle, name, &rid);
1648 if (!NT_STATUS_IS_OK(status)) {
1652 r.in.domain_handle = handle;
1653 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
1655 r.out.group_handle = &group_handle;
1656 status = dcerpc_samr_OpenGroup(p, mem_ctx, &r);
1657 if (!NT_STATUS_IS_OK(status)) {
1661 d.in.group_handle = &group_handle;
1662 d.out.group_handle = &group_handle;
1663 status = dcerpc_samr_DeleteDomainGroup(p, mem_ctx, &d);
1664 if (!NT_STATUS_IS_OK(status)) {
1671 printf("DeleteGroup_byname(%s) failed - %s\n", name, nt_errstr(status));
1676 static BOOL test_DeleteAlias_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1677 struct policy_handle *domain_handle, const char *name)
1680 struct samr_OpenAlias r;
1681 struct samr_DeleteDomAlias d;
1682 struct policy_handle alias_handle;
1685 printf("testing DeleteAlias_byname\n");
1687 status = test_LookupName(p, mem_ctx, domain_handle, name, &rid);
1688 if (!NT_STATUS_IS_OK(status)) {
1692 r.in.domain_handle = domain_handle;
1693 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
1695 r.out.alias_handle = &alias_handle;
1696 status = dcerpc_samr_OpenAlias(p, mem_ctx, &r);
1697 if (!NT_STATUS_IS_OK(status)) {
1701 d.in.alias_handle = &alias_handle;
1702 d.out.alias_handle = &alias_handle;
1703 status = dcerpc_samr_DeleteDomAlias(p, mem_ctx, &d);
1704 if (!NT_STATUS_IS_OK(status)) {
1711 printf("DeleteAlias_byname(%s) failed - %s\n", name, nt_errstr(status));
1715 static BOOL test_DeleteAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1716 struct policy_handle *alias_handle)
1718 struct samr_DeleteDomAlias d;
1721 printf("Testing DeleteAlias\n");
1723 d.in.alias_handle = alias_handle;
1724 d.out.alias_handle = alias_handle;
1726 status = dcerpc_samr_DeleteDomAlias(p, mem_ctx, &d);
1727 if (!NT_STATUS_IS_OK(status)) {
1728 printf("DeleteAlias failed - %s\n", nt_errstr(status));
1735 static BOOL test_CreateAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1736 struct policy_handle *domain_handle,
1737 struct policy_handle *alias_handle,
1738 const struct dom_sid *domain_sid)
1741 struct samr_CreateDomAlias r;
1742 struct lsa_String name;
1746 init_lsa_String(&name, TEST_ALIASNAME);
1747 r.in.domain_handle = domain_handle;
1748 r.in.alias_name = &name;
1749 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
1750 r.out.alias_handle = alias_handle;
1753 printf("Testing CreateAlias (%s)\n", r.in.alias_name->string);
1755 status = dcerpc_samr_CreateDomAlias(p, mem_ctx, &r);
1757 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
1758 printf("Server refused create of '%s'\n", r.in.alias_name->string);
1762 if (NT_STATUS_EQUAL(status, NT_STATUS_ALIAS_EXISTS)) {
1763 if (!test_DeleteAlias_byname(p, mem_ctx, domain_handle, r.in.alias_name->string)) {
1766 status = dcerpc_samr_CreateDomAlias(p, mem_ctx, &r);
1769 if (!NT_STATUS_IS_OK(status)) {
1770 printf("CreateAlias failed - %s\n", nt_errstr(status));
1774 if (!test_alias_ops(p, mem_ctx, alias_handle, domain_sid)) {
1781 static BOOL test_ChangePassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1782 const char *acct_name,
1783 struct policy_handle *domain_handle, char **password)
1791 if (!test_ChangePasswordUser(p, mem_ctx, acct_name, domain_handle, password)) {
1795 if (!test_ChangePasswordUser2(p, mem_ctx, acct_name, domain_handle, password)) {
1799 if (!test_OemChangePasswordUser2(p, mem_ctx, acct_name, domain_handle, password)) {
1803 /* we change passwords twice - this has the effect of verifying
1804 they were changed correctly for the final call */
1805 if (!test_ChangePasswordUser3(p, mem_ctx, acct_name, 0, password)) {
1809 if (!test_ChangePasswordUser3(p, mem_ctx, acct_name, 0, password)) {
1816 static BOOL test_CreateUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1817 struct policy_handle *domain_handle,
1818 struct policy_handle *user_handle_out,
1819 enum torture_samr_choice which_ops)
1822 TALLOC_CTX *user_ctx;
1825 struct samr_CreateUser r;
1826 struct samr_QueryUserInfo q;
1827 struct samr_DeleteUser d;
1830 /* This call creates a 'normal' account - check that it really does */
1831 const uint32_t acct_flags = ACB_NORMAL;
1832 struct lsa_String name;
1835 struct policy_handle user_handle;
1836 user_ctx = talloc_named(mem_ctx, 0, "test_CreateUser2 per-user context");
1837 init_lsa_String(&name, TEST_ACCOUNT_NAME);
1839 r.in.domain_handle = domain_handle;
1840 r.in.account_name = &name;
1841 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
1842 r.out.user_handle = &user_handle;
1845 printf("Testing CreateUser(%s)\n", r.in.account_name->string);
1847 status = dcerpc_samr_CreateUser(p, user_ctx, &r);
1849 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
1850 printf("Server refused create of '%s': %s\n", r.in.account_name->string, nt_errstr(status));
1851 talloc_free(user_ctx);
1855 if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
1856 if (!test_DeleteUser_byname(p, user_ctx, domain_handle, r.in.account_name->string)) {
1857 talloc_free(user_ctx);
1860 status = dcerpc_samr_CreateUser(p, user_ctx, &r);
1862 if (!NT_STATUS_IS_OK(status)) {
1863 talloc_free(user_ctx);
1864 printf("CreateUser failed - %s\n", nt_errstr(status));
1867 q.in.user_handle = &user_handle;
1870 status = dcerpc_samr_QueryUserInfo(p, user_ctx, &q);
1871 if (!NT_STATUS_IS_OK(status)) {
1872 printf("QueryUserInfo level %u failed - %s\n",
1873 q.in.level, nt_errstr(status));
1876 if ((q.out.info->info16.acct_flags & acct_flags) != acct_flags) {
1877 printf("QuerUserInfo level 16 failed, it returned 0x%08x when we expected flags of 0x%08x\n",
1878 q.out.info->info16.acct_flags,
1884 if (!test_user_ops(p, user_ctx, &user_handle, domain_handle,
1885 acct_flags, name.string, which_ops)) {
1889 if (user_handle_out) {
1890 *user_handle_out = user_handle;
1892 printf("Testing DeleteUser (createuser test)\n");
1894 d.in.user_handle = &user_handle;
1895 d.out.user_handle = &user_handle;
1897 status = dcerpc_samr_DeleteUser(p, user_ctx, &d);
1898 if (!NT_STATUS_IS_OK(status)) {
1899 printf("DeleteUser failed - %s\n", nt_errstr(status));
1906 talloc_free(user_ctx);
1912 static BOOL test_CreateUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1913 struct policy_handle *domain_handle, enum torture_samr_choice which_ops)
1916 struct samr_CreateUser2 r;
1917 struct samr_QueryUserInfo q;
1918 struct samr_DeleteUser d;
1919 struct policy_handle user_handle;
1921 struct lsa_String name;
1926 uint32_t acct_flags;
1927 const char *account_name;
1929 } account_types[] = {
1930 { ACB_NORMAL, TEST_ACCOUNT_NAME, NT_STATUS_OK },
1931 { ACB_NORMAL | ACB_DISABLED, TEST_ACCOUNT_NAME, NT_STATUS_INVALID_PARAMETER },
1932 { ACB_NORMAL | ACB_PWNOEXP, TEST_ACCOUNT_NAME, NT_STATUS_INVALID_PARAMETER },
1933 { ACB_WSTRUST, TEST_MACHINENAME, NT_STATUS_OK },
1934 { ACB_WSTRUST | ACB_DISABLED, TEST_MACHINENAME, NT_STATUS_INVALID_PARAMETER },
1935 { ACB_WSTRUST | ACB_PWNOEXP, TEST_MACHINENAME, NT_STATUS_INVALID_PARAMETER },
1936 { ACB_SVRTRUST, TEST_MACHINENAME, NT_STATUS_OK },
1937 { ACB_SVRTRUST | ACB_DISABLED, TEST_MACHINENAME, NT_STATUS_INVALID_PARAMETER },
1938 { ACB_SVRTRUST | ACB_PWNOEXP, TEST_MACHINENAME, NT_STATUS_INVALID_PARAMETER },
1939 { ACB_DOMTRUST, TEST_DOMAINNAME, NT_STATUS_OK },
1940 { ACB_DOMTRUST | ACB_DISABLED, TEST_DOMAINNAME, NT_STATUS_INVALID_PARAMETER },
1941 { ACB_DOMTRUST | ACB_PWNOEXP, TEST_DOMAINNAME, NT_STATUS_INVALID_PARAMETER },
1942 { 0, TEST_ACCOUNT_NAME, NT_STATUS_INVALID_PARAMETER },
1943 { ACB_DISABLED, TEST_ACCOUNT_NAME, NT_STATUS_INVALID_PARAMETER },
1944 { 0, NULL, NT_STATUS_INVALID_PARAMETER }
1947 for (i = 0; account_types[i].account_name; i++) {
1948 TALLOC_CTX *user_ctx;
1949 uint32_t acct_flags = account_types[i].acct_flags;
1950 uint32_t access_granted;
1951 user_ctx = talloc_named(mem_ctx, 0, "test_CreateUser2 per-user context");
1952 init_lsa_String(&name, account_types[i].account_name);
1954 r.in.domain_handle = domain_handle;
1955 r.in.account_name = &name;
1956 r.in.acct_flags = acct_flags;
1957 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
1958 r.out.user_handle = &user_handle;
1959 r.out.access_granted = &access_granted;
1962 printf("Testing CreateUser2(%s, 0x%x)\n", r.in.account_name->string, acct_flags);
1964 status = dcerpc_samr_CreateUser2(p, user_ctx, &r);
1966 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
1967 talloc_free(user_ctx);
1968 printf("Server refused create of '%s'\n", r.in.account_name->string);
1971 } else if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
1972 if (!test_DeleteUser_byname(p, user_ctx, domain_handle, r.in.account_name->string)) {
1973 talloc_free(user_ctx);
1977 status = dcerpc_samr_CreateUser2(p, user_ctx, &r);
1980 if (!NT_STATUS_EQUAL(status, account_types[i].nt_status)) {
1981 printf("CreateUser2 failed gave incorrect error return - %s (should be %s)\n",
1982 nt_errstr(status), nt_errstr(account_types[i].nt_status));
1986 if (NT_STATUS_IS_OK(status)) {
1987 q.in.user_handle = &user_handle;
1990 status = dcerpc_samr_QueryUserInfo(p, user_ctx, &q);
1991 if (!NT_STATUS_IS_OK(status)) {
1992 printf("QueryUserInfo level %u failed - %s\n",
1993 q.in.level, nt_errstr(status));
1996 if ((q.out.info->info16.acct_flags & acct_flags) != acct_flags) {
1997 printf("QuerUserInfo level 16 failed, it returned 0x%08x when we expected flags of 0x%08x\n",
1998 q.out.info->info16.acct_flags,
2004 if (!test_user_ops(p, user_ctx, &user_handle, domain_handle,
2005 acct_flags, name.string, which_ops)) {
2009 printf("Testing DeleteUser (createuser2 test)\n");
2011 d.in.user_handle = &user_handle;
2012 d.out.user_handle = &user_handle;
2014 status = dcerpc_samr_DeleteUser(p, user_ctx, &d);
2015 if (!NT_STATUS_IS_OK(status)) {
2016 printf("DeleteUser failed - %s\n", nt_errstr(status));
2020 talloc_free(user_ctx);
2026 static BOOL test_QueryAliasInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2027 struct policy_handle *handle)
2030 struct samr_QueryAliasInfo r;
2031 uint16_t levels[] = {1, 2, 3};
2035 for (i=0;i<ARRAY_SIZE(levels);i++) {
2036 printf("Testing QueryAliasInfo level %u\n", levels[i]);
2038 r.in.alias_handle = handle;
2039 r.in.level = levels[i];
2041 status = dcerpc_samr_QueryAliasInfo(p, mem_ctx, &r);
2042 if (!NT_STATUS_IS_OK(status)) {
2043 printf("QueryAliasInfo level %u failed - %s\n",
2044 levels[i], nt_errstr(status));
2052 static BOOL test_QueryGroupInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2053 struct policy_handle *handle)
2056 struct samr_QueryGroupInfo r;
2057 uint16_t levels[] = {1, 2, 3, 4, 5};
2061 for (i=0;i<ARRAY_SIZE(levels);i++) {
2062 printf("Testing QueryGroupInfo level %u\n", levels[i]);
2064 r.in.group_handle = handle;
2065 r.in.level = levels[i];
2067 status = dcerpc_samr_QueryGroupInfo(p, mem_ctx, &r);
2068 if (!NT_STATUS_IS_OK(status)) {
2069 printf("QueryGroupInfo level %u failed - %s\n",
2070 levels[i], nt_errstr(status));
2078 static BOOL test_QueryGroupMember(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2079 struct policy_handle *handle)
2082 struct samr_QueryGroupMember r;
2085 printf("Testing QueryGroupMember\n");
2087 r.in.group_handle = handle;
2089 status = dcerpc_samr_QueryGroupMember(p, mem_ctx, &r);
2090 if (!NT_STATUS_IS_OK(status)) {
2091 printf("QueryGroupInfo failed - %s\n", nt_errstr(status));
2099 static BOOL test_SetGroupInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2100 struct policy_handle *handle)
2103 struct samr_QueryGroupInfo r;
2104 struct samr_SetGroupInfo s;
2105 uint16_t levels[] = {1, 2, 3, 4};
2106 uint16_t set_ok[] = {0, 1, 1, 1};
2110 for (i=0;i<ARRAY_SIZE(levels);i++) {
2111 printf("Testing QueryGroupInfo level %u\n", levels[i]);
2113 r.in.group_handle = handle;
2114 r.in.level = levels[i];
2116 status = dcerpc_samr_QueryGroupInfo(p, mem_ctx, &r);
2117 if (!NT_STATUS_IS_OK(status)) {
2118 printf("QueryGroupInfo level %u failed - %s\n",
2119 levels[i], nt_errstr(status));
2123 printf("Testing SetGroupInfo level %u\n", levels[i]);
2125 s.in.group_handle = handle;
2126 s.in.level = levels[i];
2127 s.in.info = r.out.info;
2130 /* disabled this, as it changes the name only from the point of view of samr,
2131 but leaves the name from the point of view of w2k3 internals (and ldap). This means
2132 the name is still reserved, so creating the old name fails, but deleting by the old name
2134 if (s.in.level == 2) {
2135 init_lsa_String(&s.in.info->string, "NewName");
2139 if (s.in.level == 4) {
2140 init_lsa_String(&s.in.info->description, "test description");
2143 status = dcerpc_samr_SetGroupInfo(p, mem_ctx, &s);
2145 if (!NT_STATUS_IS_OK(status)) {
2146 printf("SetGroupInfo level %u failed - %s\n",
2147 r.in.level, nt_errstr(status));
2152 if (!NT_STATUS_EQUAL(NT_STATUS_INVALID_INFO_CLASS, status)) {
2153 printf("SetGroupInfo level %u gave %s - should have been NT_STATUS_INVALID_INFO_CLASS\n",
2154 r.in.level, nt_errstr(status));
2164 static BOOL test_QueryUserInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2165 struct policy_handle *handle)
2168 struct samr_QueryUserInfo r;
2169 uint16_t levels[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
2170 11, 12, 13, 14, 16, 17, 20, 21};
2174 for (i=0;i<ARRAY_SIZE(levels);i++) {
2175 printf("Testing QueryUserInfo level %u\n", levels[i]);
2177 r.in.user_handle = handle;
2178 r.in.level = levels[i];
2180 status = dcerpc_samr_QueryUserInfo(p, mem_ctx, &r);
2181 if (!NT_STATUS_IS_OK(status)) {
2182 printf("QueryUserInfo level %u failed - %s\n",
2183 levels[i], nt_errstr(status));
2191 static BOOL test_QueryUserInfo2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2192 struct policy_handle *handle)
2195 struct samr_QueryUserInfo2 r;
2196 uint16_t levels[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
2197 11, 12, 13, 14, 16, 17, 20, 21};
2201 for (i=0;i<ARRAY_SIZE(levels);i++) {
2202 printf("Testing QueryUserInfo2 level %u\n", levels[i]);
2204 r.in.user_handle = handle;
2205 r.in.level = levels[i];
2207 status = dcerpc_samr_QueryUserInfo2(p, mem_ctx, &r);
2208 if (!NT_STATUS_IS_OK(status)) {
2209 printf("QueryUserInfo2 level %u failed - %s\n",
2210 levels[i], nt_errstr(status));
2218 static BOOL test_OpenUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2219 struct policy_handle *handle, uint32_t rid)
2222 struct samr_OpenUser r;
2223 struct policy_handle user_handle;
2226 printf("Testing OpenUser(%u)\n", rid);
2228 r.in.domain_handle = handle;
2229 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
2231 r.out.user_handle = &user_handle;
2233 status = dcerpc_samr_OpenUser(p, mem_ctx, &r);
2234 if (!NT_STATUS_IS_OK(status)) {
2235 printf("OpenUser(%u) failed - %s\n", rid, nt_errstr(status));
2239 if (!test_QuerySecurity(p, mem_ctx, &user_handle)) {
2243 if (!test_QueryUserInfo(p, mem_ctx, &user_handle)) {
2247 if (!test_QueryUserInfo2(p, mem_ctx, &user_handle)) {
2251 if (!test_GetUserPwInfo(p, mem_ctx, &user_handle)) {
2255 if (!test_GetGroupsForUser(p,mem_ctx, &user_handle)) {
2259 if (!test_samr_handle_Close(p, mem_ctx, &user_handle)) {
2266 static BOOL test_OpenGroup(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2267 struct policy_handle *handle, uint32_t rid)
2270 struct samr_OpenGroup r;
2271 struct policy_handle group_handle;
2274 printf("Testing OpenGroup(%u)\n", rid);
2276 r.in.domain_handle = handle;
2277 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
2279 r.out.group_handle = &group_handle;
2281 status = dcerpc_samr_OpenGroup(p, mem_ctx, &r);
2282 if (!NT_STATUS_IS_OK(status)) {
2283 printf("OpenGroup(%u) failed - %s\n", rid, nt_errstr(status));
2287 if (!test_QuerySecurity(p, mem_ctx, &group_handle)) {
2291 if (!test_QueryGroupInfo(p, mem_ctx, &group_handle)) {
2295 if (!test_QueryGroupMember(p, mem_ctx, &group_handle)) {
2299 if (!test_samr_handle_Close(p, mem_ctx, &group_handle)) {
2306 static BOOL test_OpenAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2307 struct policy_handle *handle, uint32_t rid)
2310 struct samr_OpenAlias r;
2311 struct policy_handle alias_handle;
2314 printf("Testing OpenAlias(%u)\n", rid);
2316 r.in.domain_handle = handle;
2317 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
2319 r.out.alias_handle = &alias_handle;
2321 status = dcerpc_samr_OpenAlias(p, mem_ctx, &r);
2322 if (!NT_STATUS_IS_OK(status)) {
2323 printf("OpenAlias(%u) failed - %s\n", rid, nt_errstr(status));
2327 if (!test_QuerySecurity(p, mem_ctx, &alias_handle)) {
2331 if (!test_QueryAliasInfo(p, mem_ctx, &alias_handle)) {
2335 if (!test_GetMembersInAlias(p, mem_ctx, &alias_handle)) {
2339 if (!test_samr_handle_Close(p, mem_ctx, &alias_handle)) {
2346 static BOOL test_EnumDomainUsers(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2347 struct policy_handle *handle)
2350 struct samr_EnumDomainUsers r;
2351 uint32_t resume_handle=0;
2354 struct samr_LookupNames n;
2355 struct samr_LookupRids lr ;
2357 printf("Testing EnumDomainUsers\n");
2359 r.in.domain_handle = handle;
2360 r.in.resume_handle = &resume_handle;
2361 r.in.acct_flags = 0;
2362 r.in.max_size = (uint32_t)-1;
2363 r.out.resume_handle = &resume_handle;
2365 status = dcerpc_samr_EnumDomainUsers(p, mem_ctx, &r);
2366 if (!NT_STATUS_IS_OK(status)) {
2367 printf("EnumDomainUsers failed - %s\n", nt_errstr(status));
2375 if (r.out.sam->count == 0) {
2379 for (i=0;i<r.out.sam->count;i++) {
2380 if (!test_OpenUser(p, mem_ctx, handle, r.out.sam->entries[i].idx)) {
2385 printf("Testing LookupNames\n");
2386 n.in.domain_handle = handle;
2387 n.in.num_names = r.out.sam->count;
2388 n.in.names = talloc_array(mem_ctx, struct lsa_String, r.out.sam->count);
2389 for (i=0;i<r.out.sam->count;i++) {
2390 n.in.names[i].string = r.out.sam->entries[i].name.string;
2392 status = dcerpc_samr_LookupNames(p, mem_ctx, &n);
2393 if (!NT_STATUS_IS_OK(status)) {
2394 printf("LookupNames failed - %s\n", nt_errstr(status));
2399 printf("Testing LookupRids\n");
2400 lr.in.domain_handle = handle;
2401 lr.in.num_rids = r.out.sam->count;
2402 lr.in.rids = talloc_array(mem_ctx, uint32_t, r.out.sam->count);
2403 for (i=0;i<r.out.sam->count;i++) {
2404 lr.in.rids[i] = r.out.sam->entries[i].idx;
2406 status = dcerpc_samr_LookupRids(p, mem_ctx, &lr);
2407 if (!NT_STATUS_IS_OK(status)) {
2408 printf("LookupRids failed - %s\n", nt_errstr(status));
2416 try blasting the server with a bunch of sync requests
2418 static BOOL test_EnumDomainUsers_async(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2419 struct policy_handle *handle)
2422 struct samr_EnumDomainUsers r;
2423 uint32_t resume_handle=0;
2425 #define ASYNC_COUNT 100
2426 struct rpc_request *req[ASYNC_COUNT];
2428 if (!lp_parm_bool(-1, "torture", "dangerous", False)) {
2429 printf("samr async test disabled - enable dangerous tests to use\n");
2433 printf("Testing EnumDomainUsers_async\n");
2435 r.in.domain_handle = handle;
2436 r.in.resume_handle = &resume_handle;
2437 r.in.acct_flags = 0;
2438 r.in.max_size = (uint32_t)-1;
2439 r.out.resume_handle = &resume_handle;
2441 for (i=0;i<ASYNC_COUNT;i++) {
2442 req[i] = dcerpc_samr_EnumDomainUsers_send(p, mem_ctx, &r);
2445 for (i=0;i<ASYNC_COUNT;i++) {
2446 status = dcerpc_ndr_request_recv(req[i]);
2447 if (!NT_STATUS_IS_OK(status)) {
2448 printf("EnumDomainUsers[%d] failed - %s\n",
2449 i, nt_errstr(status));
2454 printf("%d async requests OK\n", i);
2459 static BOOL test_EnumDomainGroups(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2460 struct policy_handle *handle)
2463 struct samr_EnumDomainGroups r;
2464 uint32_t resume_handle=0;
2468 printf("Testing EnumDomainGroups\n");
2470 r.in.domain_handle = handle;
2471 r.in.resume_handle = &resume_handle;
2472 r.in.max_size = (uint32_t)-1;
2473 r.out.resume_handle = &resume_handle;
2475 status = dcerpc_samr_EnumDomainGroups(p, mem_ctx, &r);
2476 if (!NT_STATUS_IS_OK(status)) {
2477 printf("EnumDomainGroups failed - %s\n", nt_errstr(status));
2485 for (i=0;i<r.out.sam->count;i++) {
2486 if (!test_OpenGroup(p, mem_ctx, handle, r.out.sam->entries[i].idx)) {
2494 static BOOL test_EnumDomainAliases(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2495 struct policy_handle *handle)
2498 struct samr_EnumDomainAliases r;
2499 uint32_t resume_handle=0;
2503 printf("Testing EnumDomainAliases\n");
2505 r.in.domain_handle = handle;
2506 r.in.resume_handle = &resume_handle;
2507 r.in.acct_flags = (uint32_t)-1;
2508 r.out.resume_handle = &resume_handle;
2510 status = dcerpc_samr_EnumDomainAliases(p, mem_ctx, &r);
2511 if (!NT_STATUS_IS_OK(status)) {
2512 printf("EnumDomainAliases failed - %s\n", nt_errstr(status));
2520 for (i=0;i<r.out.sam->count;i++) {
2521 if (!test_OpenAlias(p, mem_ctx, handle, r.out.sam->entries[i].idx)) {
2529 static BOOL test_GetDisplayEnumerationIndex(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2530 struct policy_handle *handle)
2533 struct samr_GetDisplayEnumerationIndex r;
2535 uint16_t levels[] = {1, 2, 3, 4, 5};
2536 uint16_t ok_lvl[] = {1, 1, 1, 0, 0};
2539 for (i=0;i<ARRAY_SIZE(levels);i++) {
2540 printf("Testing GetDisplayEnumerationIndex level %u\n", levels[i]);
2542 r.in.domain_handle = handle;
2543 r.in.level = levels[i];
2544 init_lsa_String(&r.in.name, TEST_ACCOUNT_NAME);
2546 status = dcerpc_samr_GetDisplayEnumerationIndex(p, mem_ctx, &r);
2549 !NT_STATUS_IS_OK(status) &&
2550 !NT_STATUS_EQUAL(NT_STATUS_NO_MORE_ENTRIES, status)) {
2551 printf("GetDisplayEnumerationIndex level %u failed - %s\n",
2552 levels[i], nt_errstr(status));
2556 init_lsa_String(&r.in.name, "zzzzzzzz");
2558 status = dcerpc_samr_GetDisplayEnumerationIndex(p, mem_ctx, &r);
2560 if (ok_lvl[i] && !NT_STATUS_EQUAL(NT_STATUS_NO_MORE_ENTRIES, status)) {
2561 printf("GetDisplayEnumerationIndex level %u failed - %s\n",
2562 levels[i], nt_errstr(status));
2570 static BOOL test_GetDisplayEnumerationIndex2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2571 struct policy_handle *handle)
2574 struct samr_GetDisplayEnumerationIndex2 r;
2576 uint16_t levels[] = {1, 2, 3, 4, 5};
2577 uint16_t ok_lvl[] = {1, 1, 1, 0, 0};
2580 for (i=0;i<ARRAY_SIZE(levels);i++) {
2581 printf("Testing GetDisplayEnumerationIndex2 level %u\n", levels[i]);
2583 r.in.domain_handle = handle;
2584 r.in.level = levels[i];
2585 init_lsa_String(&r.in.name, TEST_ACCOUNT_NAME);
2587 status = dcerpc_samr_GetDisplayEnumerationIndex2(p, mem_ctx, &r);
2589 !NT_STATUS_IS_OK(status) &&
2590 !NT_STATUS_EQUAL(NT_STATUS_NO_MORE_ENTRIES, status)) {
2591 printf("GetDisplayEnumerationIndex2 level %u failed - %s\n",
2592 levels[i], nt_errstr(status));
2596 init_lsa_String(&r.in.name, "zzzzzzzz");
2598 status = dcerpc_samr_GetDisplayEnumerationIndex2(p, mem_ctx, &r);
2599 if (ok_lvl[i] && !NT_STATUS_EQUAL(NT_STATUS_NO_MORE_ENTRIES, status)) {
2600 printf("GetDisplayEnumerationIndex2 level %u failed - %s\n",
2601 levels[i], nt_errstr(status));
2609 static BOOL test_QueryDisplayInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2610 struct policy_handle *handle)
2613 struct samr_QueryDisplayInfo r;
2615 uint16_t levels[] = {1, 2, 3, 4, 5};
2618 for (i=0;i<ARRAY_SIZE(levels);i++) {
2619 printf("Testing QueryDisplayInfo level %u\n", levels[i]);
2621 r.in.domain_handle = handle;
2622 r.in.level = levels[i];
2624 r.in.max_entries = 1000;
2625 r.in.buf_size = (uint32_t)-1;
2627 status = dcerpc_samr_QueryDisplayInfo(p, mem_ctx, &r);
2628 if (!NT_STATUS_IS_OK(status)) {
2629 printf("QueryDisplayInfo level %u failed - %s\n",
2630 levels[i], nt_errstr(status));
2638 static BOOL test_QueryDisplayInfo2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2639 struct policy_handle *handle)
2642 struct samr_QueryDisplayInfo2 r;
2644 uint16_t levels[] = {1, 2, 3, 4, 5};
2647 for (i=0;i<ARRAY_SIZE(levels);i++) {
2648 printf("Testing QueryDisplayInfo2 level %u\n", levels[i]);
2650 r.in.domain_handle = handle;
2651 r.in.level = levels[i];
2653 r.in.max_entries = 1000;
2654 r.in.buf_size = (uint32_t)-1;
2656 status = dcerpc_samr_QueryDisplayInfo2(p, mem_ctx, &r);
2657 if (!NT_STATUS_IS_OK(status)) {
2658 printf("QueryDisplayInfo2 level %u failed - %s\n",
2659 levels[i], nt_errstr(status));
2667 static BOOL test_QueryDisplayInfo3(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2668 struct policy_handle *handle)
2671 struct samr_QueryDisplayInfo3 r;
2673 uint16_t levels[] = {1, 2, 3, 4, 5};
2676 for (i=0;i<ARRAY_SIZE(levels);i++) {
2677 printf("Testing QueryDisplayInfo3 level %u\n", levels[i]);
2679 r.in.domain_handle = handle;
2680 r.in.level = levels[i];
2682 r.in.max_entries = 1000;
2683 r.in.buf_size = (uint32_t)-1;
2685 status = dcerpc_samr_QueryDisplayInfo3(p, mem_ctx, &r);
2686 if (!NT_STATUS_IS_OK(status)) {
2687 printf("QueryDisplayInfo3 level %u failed - %s\n",
2688 levels[i], nt_errstr(status));
2697 static BOOL test_QueryDisplayInfo_continue(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2698 struct policy_handle *handle)
2701 struct samr_QueryDisplayInfo r;
2704 printf("Testing QueryDisplayInfo continuation\n");
2706 r.in.domain_handle = handle;
2709 r.in.max_entries = 1;
2710 r.in.buf_size = (uint32_t)-1;
2713 status = dcerpc_samr_QueryDisplayInfo(p, mem_ctx, &r);
2714 if (NT_STATUS_IS_OK(status) && r.out.returned_size != 0) {
2715 if (r.out.info.info1.entries[0].idx != r.in.start_idx + 1) {
2716 printf("expected idx %d but got %d\n",
2718 r.out.info.info1.entries[0].idx);
2722 if (!NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES) &&
2723 !NT_STATUS_IS_OK(status)) {
2724 printf("QueryDisplayInfo level %u failed - %s\n",
2725 r.in.level, nt_errstr(status));
2730 } while ((NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES) ||
2731 NT_STATUS_IS_OK(status)) &&
2732 r.out.returned_size != 0);
2737 static BOOL test_QueryDomainInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2738 struct policy_handle *handle)
2741 struct samr_QueryDomainInfo r;
2742 struct samr_SetDomainInfo s;
2743 uint16_t levels[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 11, 12, 13};
2744 uint16_t set_ok[] = {1, 0, 1, 1, 0, 1, 1, 0, 1, 0, 1, 0};
2747 const char *domain_comment = talloc_asprintf(mem_ctx,
2748 "Tortured by Samba4 RPC-SAMR: %s",
2749 timestring(mem_ctx, time(NULL)));
2751 s.in.domain_handle = handle;
2753 s.in.info = talloc(mem_ctx, union samr_DomainInfo);
2755 s.in.info->info4.comment.string = domain_comment;
2756 status = dcerpc_samr_SetDomainInfo(p, mem_ctx, &s);
2757 if (!NT_STATUS_IS_OK(status)) {
2758 printf("SetDomainInfo level %u (set comment) failed - %s\n",
2759 r.in.level, nt_errstr(status));
2763 for (i=0;i<ARRAY_SIZE(levels);i++) {
2764 printf("Testing QueryDomainInfo level %u\n", levels[i]);
2766 r.in.domain_handle = handle;
2767 r.in.level = levels[i];
2769 status = dcerpc_samr_QueryDomainInfo(p, mem_ctx, &r);
2770 if (!NT_STATUS_IS_OK(status)) {
2771 printf("QueryDomainInfo level %u failed - %s\n",
2772 r.in.level, nt_errstr(status));
2777 switch (levels[i]) {
2779 if (strcmp(r.out.info->info2.comment.string, domain_comment) != 0) {
2780 printf("QueryDomainInfo level %u returned different comment (%s, expected %s)\n",
2781 levels[i], r.out.info->info2.comment.string, domain_comment);
2786 if (strcmp(r.out.info->info4.comment.string, domain_comment) != 0) {
2787 printf("QueryDomainInfo level %u returned different comment (%s, expected %s)\n",
2788 levels[i], r.out.info->info4.comment.string, domain_comment);
2793 if (strcmp(r.out.info->info11.info2.comment.string, domain_comment) != 0) {
2794 printf("QueryDomainInfo level %u returned different comment (%s, expected %s)\n",
2795 levels[i], r.out.info->info11.info2.comment.string, domain_comment);
2801 printf("Testing SetDomainInfo level %u\n", levels[i]);
2803 s.in.domain_handle = handle;
2804 s.in.level = levels[i];
2805 s.in.info = r.out.info;
2807 status = dcerpc_samr_SetDomainInfo(p, mem_ctx, &s);
2809 if (!NT_STATUS_IS_OK(status)) {
2810 printf("SetDomainInfo level %u failed - %s\n",
2811 r.in.level, nt_errstr(status));
2816 if (!NT_STATUS_EQUAL(NT_STATUS_INVALID_INFO_CLASS, status)) {
2817 printf("SetDomainInfo level %u gave %s - should have been NT_STATUS_INVALID_INFO_CLASS\n",
2818 r.in.level, nt_errstr(status));
2824 status = dcerpc_samr_QueryDomainInfo(p, mem_ctx, &r);
2825 if (!NT_STATUS_IS_OK(status)) {
2826 printf("QueryDomainInfo level %u failed - %s\n",
2827 r.in.level, nt_errstr(status));
2837 static BOOL test_QueryDomainInfo2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2838 struct policy_handle *handle)
2841 struct samr_QueryDomainInfo2 r;
2842 uint16_t levels[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 11, 12, 13};
2846 for (i=0;i<ARRAY_SIZE(levels);i++) {
2847 printf("Testing QueryDomainInfo2 level %u\n", levels[i]);
2849 r.in.domain_handle = handle;
2850 r.in.level = levels[i];
2852 status = dcerpc_samr_QueryDomainInfo2(p, mem_ctx, &r);
2853 if (!NT_STATUS_IS_OK(status)) {
2854 printf("QueryDomainInfo2 level %u failed - %s\n",
2855 r.in.level, nt_errstr(status));
2864 /* Test whether querydispinfo level 5 and enumdomgroups return the same
2865 set of group names. */
2866 static BOOL test_GroupList(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2867 struct policy_handle *handle)
2869 struct samr_EnumDomainGroups q1;
2870 struct samr_QueryDisplayInfo q2;
2872 uint32_t resume_handle=0;
2877 const char **names = NULL;
2879 printf("Testing coherency of querydispinfo vs enumdomgroups\n");
2881 q1.in.domain_handle = handle;
2882 q1.in.resume_handle = &resume_handle;
2884 q1.out.resume_handle = &resume_handle;
2886 status = STATUS_MORE_ENTRIES;
2887 while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
2888 status = dcerpc_samr_EnumDomainGroups(p, mem_ctx, &q1);
2890 if (!NT_STATUS_IS_OK(status) &&
2891 !NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES))
2894 for (i=0; i<q1.out.num_entries; i++) {
2895 add_string_to_array(mem_ctx,
2896 q1.out.sam->entries[i].name.string,
2897 &names, &num_names);
2901 if (!NT_STATUS_IS_OK(status)) {
2902 printf("EnumDomainGroups failed - %s\n", nt_errstr(status));
2910 q2.in.domain_handle = handle;
2912 q2.in.start_idx = 0;
2913 q2.in.max_entries = 5;
2914 q2.in.buf_size = (uint32_t)-1;
2916 status = STATUS_MORE_ENTRIES;
2917 while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
2918 status = dcerpc_samr_QueryDisplayInfo(p, mem_ctx, &q2);
2920 if (!NT_STATUS_IS_OK(status) &&
2921 !NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES))
2924 for (i=0; i<q2.out.info.info5.count; i++) {
2926 const char *name = q2.out.info.info5.entries[i].account_name.string;
2928 for (j=0; j<num_names; j++) {
2929 if (names[j] == NULL)
2931 /* Hmm. No strequal in samba4 */
2932 if (strequal(names[j], name)) {
2940 printf("QueryDisplayInfo gave name [%s] that EnumDomainGroups did not\n",
2945 q2.in.start_idx += q2.out.info.info5.count;
2948 if (!NT_STATUS_IS_OK(status)) {
2949 printf("QueryDisplayInfo level 5 failed - %s\n",
2954 for (i=0; i<num_names; i++) {
2955 if (names[i] != NULL) {
2956 printf("EnumDomainGroups gave name [%s] that QueryDisplayInfo did not\n",
2965 static BOOL test_DeleteDomainGroup(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2966 struct policy_handle *group_handle)
2968 struct samr_DeleteDomainGroup d;
2972 printf("Testing DeleteDomainGroup\n");
2974 d.in.group_handle = group_handle;
2975 d.out.group_handle = group_handle;
2977 status = dcerpc_samr_DeleteDomainGroup(p, mem_ctx, &d);
2978 if (!NT_STATUS_IS_OK(status)) {
2979 printf("DeleteDomainGroup failed - %s\n", nt_errstr(status));
2986 static BOOL test_TestPrivateFunctionsDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2987 struct policy_handle *domain_handle)
2989 struct samr_TestPrivateFunctionsDomain r;
2993 printf("Testing TestPrivateFunctionsDomain\n");
2995 r.in.domain_handle = domain_handle;
2997 status = dcerpc_samr_TestPrivateFunctionsDomain(p, mem_ctx, &r);
2998 if (!NT_STATUS_EQUAL(NT_STATUS_NOT_IMPLEMENTED, status)) {
2999 printf("TestPrivateFunctionsDomain failed - %s\n", nt_errstr(status));
3006 static BOOL test_RidToSid(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
3007 struct dom_sid *domain_sid,
3008 struct policy_handle *domain_handle)
3010 struct samr_RidToSid r;
3013 struct dom_sid *calc_sid;
3014 int rids[] = { 0, 42, 512, 10200 };
3017 for (i=0;i<ARRAY_SIZE(rids);i++) {
3019 printf("Testing RidToSid\n");
3021 calc_sid = dom_sid_dup(mem_ctx, domain_sid);
3022 r.in.domain_handle = domain_handle;
3025 status = dcerpc_samr_RidToSid(p, mem_ctx, &r);
3026 if (!NT_STATUS_IS_OK(status)) {
3027 printf("RidToSid for %d failed - %s\n", rids[i], nt_errstr(status));
3030 calc_sid = dom_sid_add_rid(calc_sid, calc_sid, rids[i]);
3032 if (!dom_sid_equal(calc_sid, r.out.sid)) {
3033 printf("RidToSid for %d failed - got %s, expected %s\n", rids[i],
3034 dom_sid_string(mem_ctx, r.out.sid),
3035 dom_sid_string(mem_ctx, calc_sid));
3044 static BOOL test_GetBootKeyInformation(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
3045 struct policy_handle *domain_handle)
3047 struct samr_GetBootKeyInformation r;
3051 printf("Testing GetBootKeyInformation\n");
3053 r.in.domain_handle = domain_handle;
3055 status = dcerpc_samr_GetBootKeyInformation(p, mem_ctx, &r);
3056 if (!NT_STATUS_IS_OK(status)) {
3057 /* w2k3 seems to fail this sometimes and pass it sometimes */
3058 printf("GetBootKeyInformation (ignored) - %s\n", nt_errstr(status));
3064 static BOOL test_AddGroupMember(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
3065 struct policy_handle *domain_handle,
3066 struct policy_handle *group_handle)
3069 struct samr_AddGroupMember r;
3070 struct samr_DeleteGroupMember d;
3071 struct samr_QueryGroupMember q;
3072 struct samr_SetMemberAttributesOfGroup s;
3076 status = test_LookupName(p, mem_ctx, domain_handle, TEST_ACCOUNT_NAME, &rid);
3077 if (!NT_STATUS_IS_OK(status)) {
3078 printf("test_AddGroupMember looking up name " TEST_ACCOUNT_NAME " failed - %s\n", nt_errstr(status));
3082 r.in.group_handle = group_handle;
3084 r.in.flags = 0; /* ??? */
3086 printf("Testing AddGroupMember and DeleteGroupMember\n");
3088 d.in.group_handle = group_handle;
3091 status = dcerpc_samr_DeleteGroupMember(p, mem_ctx, &d);
3092 if (!NT_STATUS_EQUAL(NT_STATUS_MEMBER_NOT_IN_GROUP, status)) {
3093 printf("DeleteGroupMember gave %s - should be NT_STATUS_MEMBER_NOT_IN_GROUP\n",
3098 status = dcerpc_samr_AddGroupMember(p, mem_ctx, &r);
3099 if (!NT_STATUS_IS_OK(status)) {
3100 printf("AddGroupMember failed - %s\n", nt_errstr(status));
3104 status = dcerpc_samr_AddGroupMember(p, mem_ctx, &r);
3105 if (!NT_STATUS_EQUAL(NT_STATUS_MEMBER_IN_GROUP, status)) {
3106 printf("AddGroupMember gave %s - should be NT_STATUS_MEMBER_IN_GROUP\n",
3111 if (lp_parm_bool(-1, "target", "samba4", False)) {
3112 printf("skipping SetMemberAttributesOfGroup test against Samba4\n");
3114 /* this one is quite strange. I am using random inputs in the
3115 hope of triggering an error that might give us a clue */
3117 s.in.group_handle = group_handle;
3118 s.in.unknown1 = random();
3119 s.in.unknown2 = random();
3121 status = dcerpc_samr_SetMemberAttributesOfGroup(p, mem_ctx, &s);
3122 if (!NT_STATUS_IS_OK(status)) {
3123 printf("SetMemberAttributesOfGroup failed - %s\n", nt_errstr(status));
3128 q.in.group_handle = group_handle;
3130 status = dcerpc_samr_QueryGroupMember(p, mem_ctx, &q);
3131 if (!NT_STATUS_IS_OK(status)) {
3132 printf("QueryGroupMember failed - %s\n", nt_errstr(status));
3136 status = dcerpc_samr_DeleteGroupMember(p, mem_ctx, &d);
3137 if (!NT_STATUS_IS_OK(status)) {
3138 printf("DeleteGroupMember failed - %s\n", nt_errstr(status));
3142 status = dcerpc_samr_AddGroupMember(p, mem_ctx, &r);
3143 if (!NT_STATUS_IS_OK(status)) {
3144 printf("AddGroupMember failed - %s\n", nt_errstr(status));
3152 static BOOL test_CreateDomainGroup(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
3153 struct policy_handle *domain_handle, struct policy_handle *group_handle)
3156 struct samr_CreateDomainGroup r;
3158 struct lsa_String name;
3161 init_lsa_String(&name, TEST_GROUPNAME);
3163 r.in.domain_handle = domain_handle;
3165 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
3166 r.out.group_handle = group_handle;
3169 printf("Testing CreateDomainGroup(%s)\n", r.in.name->string);
3171 status = dcerpc_samr_CreateDomainGroup(p, mem_ctx, &r);
3173 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
3174 printf("Server refused create of '%s'\n", r.in.name->string);
3175 ZERO_STRUCTP(group_handle);
3179 if (NT_STATUS_EQUAL(status, NT_STATUS_GROUP_EXISTS)) {
3180 if (!test_DeleteGroup_byname(p, mem_ctx, domain_handle, r.in.name->string)) {
3182 printf("CreateDomainGroup failed: Could not delete domain group %s - %s\n", r.in.name->string,
3186 status = dcerpc_samr_CreateDomainGroup(p, mem_ctx, &r);
3188 if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
3189 if (!test_DeleteUser_byname(p, mem_ctx, domain_handle, r.in.name->string)) {
3191 printf("CreateDomainGroup failed: Could not delete user %s - %s\n", r.in.name->string,
3195 status = dcerpc_samr_CreateDomainGroup(p, mem_ctx, &r);
3197 if (!NT_STATUS_IS_OK(status)) {
3198 printf("CreateDomainGroup failed - %s\n", nt_errstr(status));
3202 if (!test_AddGroupMember(p, mem_ctx, domain_handle, group_handle)) {
3203 printf("CreateDomainGroup failed - %s\n", nt_errstr(status));
3207 if (!test_SetGroupInfo(p, mem_ctx, group_handle)) {
3216 its not totally clear what this does. It seems to accept any sid you like.
3218 static BOOL test_RemoveMemberFromForeignDomain(struct dcerpc_pipe *p,
3219 TALLOC_CTX *mem_ctx,
3220 struct policy_handle *domain_handle)
3223 struct samr_RemoveMemberFromForeignDomain r;
3225 r.in.domain_handle = domain_handle;
3226 r.in.sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-12-34-56-78");
3228 status = dcerpc_samr_RemoveMemberFromForeignDomain(p, mem_ctx, &r);
3229 if (!NT_STATUS_IS_OK(status)) {
3230 printf("RemoveMemberFromForeignDomain failed - %s\n", nt_errstr(status));
3239 static BOOL test_Connect(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
3240 struct policy_handle *handle);
3242 static BOOL test_OpenDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
3243 struct policy_handle *handle, struct dom_sid *sid,
3244 enum torture_samr_choice which_ops)
3247 struct samr_OpenDomain r;
3248 struct policy_handle domain_handle;
3249 struct policy_handle alias_handle;
3250 struct policy_handle user_handle;
3251 struct policy_handle group_handle;
3254 ZERO_STRUCT(alias_handle);
3255 ZERO_STRUCT(user_handle);
3256 ZERO_STRUCT(group_handle);
3257 ZERO_STRUCT(domain_handle);
3259 printf("Testing OpenDomain\n");
3261 r.in.connect_handle = handle;
3262 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
3264 r.out.domain_handle = &domain_handle;
3266 status = dcerpc_samr_OpenDomain(p, mem_ctx, &r);
3267 if (!NT_STATUS_IS_OK(status)) {
3268 printf("OpenDomain failed - %s\n", nt_errstr(status));
3272 /* run the domain tests with the main handle closed - this tests
3273 the servers reference counting */
3274 ret &= test_samr_handle_Close(p, mem_ctx, handle);
3276 switch (which_ops) {
3277 case TORTURE_SAMR_USER_ATTRIBUTES:
3278 case TORTURE_SAMR_PASSWORDS:
3279 ret &= test_CreateUser(p, mem_ctx, &domain_handle, NULL, which_ops);
3280 ret &= test_CreateUser2(p, mem_ctx, &domain_handle, which_ops);
3282 case TORTURE_SAMR_OTHER:
3283 ret &= test_CreateUser(p, mem_ctx, &domain_handle, &user_handle, which_ops);
3284 ret &= test_QuerySecurity(p, mem_ctx, &domain_handle);
3285 ret &= test_RemoveMemberFromForeignDomain(p, mem_ctx, &domain_handle);
3286 ret &= test_CreateAlias(p, mem_ctx, &domain_handle, &alias_handle, sid);
3287 ret &= test_CreateDomainGroup(p, mem_ctx, &domain_handle, &group_handle);
3288 ret &= test_QueryDomainInfo(p, mem_ctx, &domain_handle);
3289 ret &= test_QueryDomainInfo2(p, mem_ctx, &domain_handle);
3290 ret &= test_EnumDomainUsers(p, mem_ctx, &domain_handle);
3291 ret &= test_EnumDomainUsers_async(p, mem_ctx, &domain_handle);
3292 ret &= test_EnumDomainGroups(p, mem_ctx, &domain_handle);
3293 ret &= test_EnumDomainAliases(p, mem_ctx, &domain_handle);
3294 ret &= test_QueryDisplayInfo(p, mem_ctx, &domain_handle);
3295 ret &= test_QueryDisplayInfo2(p, mem_ctx, &domain_handle);
3296 ret &= test_QueryDisplayInfo3(p, mem_ctx, &domain_handle);
3297 ret &= test_QueryDisplayInfo_continue(p, mem_ctx, &domain_handle);
3299 if (lp_parm_bool(-1, "target", "samba4", False)) {
3300 printf("skipping GetDisplayEnumerationIndex test against Samba4\n");
3302 ret &= test_GetDisplayEnumerationIndex(p, mem_ctx, &domain_handle);
3303 ret &= test_GetDisplayEnumerationIndex2(p, mem_ctx, &domain_handle);
3305 ret &= test_GroupList(p, mem_ctx, &domain_handle);
3306 ret &= test_TestPrivateFunctionsDomain(p, mem_ctx, &domain_handle);
3307 ret &= test_RidToSid(p, mem_ctx, sid, &domain_handle);
3308 ret &= test_GetBootKeyInformation(p, mem_ctx, &domain_handle);
3312 if (!policy_handle_empty(&user_handle) &&
3313 !test_DeleteUser(p, mem_ctx, &user_handle)) {
3317 if (!policy_handle_empty(&alias_handle) &&
3318 !test_DeleteAlias(p, mem_ctx, &alias_handle)) {
3322 if (!policy_handle_empty(&group_handle) &&
3323 !test_DeleteDomainGroup(p, mem_ctx, &group_handle)) {
3327 ret &= test_samr_handle_Close(p, mem_ctx, &domain_handle);
3329 /* reconnect the main handle */
3330 ret &= test_Connect(p, mem_ctx, handle);
3333 printf("Testing domain %s failed!\n", dom_sid_string(mem_ctx, sid));
3339 static BOOL test_LookupDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
3340 struct policy_handle *handle, const char *domain,
3341 enum torture_samr_choice which_ops)
3344 struct samr_LookupDomain r;
3345 struct lsa_String n1;
3346 struct lsa_String n2;
3349 printf("Testing LookupDomain(%s)\n", domain);
3351 /* check for correct error codes */
3352 r.in.connect_handle = handle;
3353 r.in.domain_name = &n2;
3356 status = dcerpc_samr_LookupDomain(p, mem_ctx, &r);
3357 if (!NT_STATUS_EQUAL(NT_STATUS_INVALID_PARAMETER, status)) {
3358 printf("failed: LookupDomain expected NT_STATUS_INVALID_PARAMETER - %s\n", nt_errstr(status));
3362 init_lsa_String(&n2, "xxNODOMAINxx");
3364 status = dcerpc_samr_LookupDomain(p, mem_ctx, &r);
3365 if (!NT_STATUS_EQUAL(NT_STATUS_NO_SUCH_DOMAIN, status)) {
3366 printf("failed: LookupDomain expected NT_STATUS_NO_SUCH_DOMAIN - %s\n", nt_errstr(status));
3370 r.in.connect_handle = handle;
3372 init_lsa_String(&n1, domain);
3373 r.in.domain_name = &n1;
3375 status = dcerpc_samr_LookupDomain(p, mem_ctx, &r);
3376 if (!NT_STATUS_IS_OK(status)) {
3377 printf("LookupDomain failed - %s\n", nt_errstr(status));
3381 if (!test_GetDomPwInfo(p, mem_ctx, &n1)) {
3385 if (!test_OpenDomain(p, mem_ctx, handle, r.out.sid, which_ops)) {
3393 static BOOL test_EnumDomains(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
3394 struct policy_handle *handle, enum torture_samr_choice which_ops)
3397 struct samr_EnumDomains r;
3398 uint32_t resume_handle = 0;
3402 r.in.connect_handle = handle;
3403 r.in.resume_handle = &resume_handle;
3404 r.in.buf_size = (uint32_t)-1;
3405 r.out.resume_handle = &resume_handle;
3407 status = dcerpc_samr_EnumDomains(p, mem_ctx, &r);
3408 if (!NT_STATUS_IS_OK(status)) {
3409 printf("EnumDomains failed - %s\n", nt_errstr(status));
3417 for (i=0;i<r.out.sam->count;i++) {
3418 if (!test_LookupDomain(p, mem_ctx, handle,
3419 r.out.sam->entries[i].name.string, which_ops)) {
3424 status = dcerpc_samr_EnumDomains(p, mem_ctx, &r);
3425 if (!NT_STATUS_IS_OK(status)) {
3426 printf("EnumDomains failed - %s\n", nt_errstr(status));
3434 static BOOL test_Connect(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
3435 struct policy_handle *handle)
3438 struct samr_Connect r;
3439 struct samr_Connect2 r2;
3440 struct samr_Connect3 r3;
3441 struct samr_Connect4 r4;
3442 struct samr_Connect5 r5;
3443 union samr_ConnectInfo info;
3444 struct policy_handle h;
3445 BOOL ret = True, got_handle = False;
3447 printf("testing samr_Connect\n");
3449 r.in.system_name = 0;
3450 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
3451 r.out.connect_handle = &h;
3453 status = dcerpc_samr_Connect(p, mem_ctx, &r);
3454 if (!NT_STATUS_IS_OK(status)) {
3455 printf("Connect failed - %s\n", nt_errstr(status));
3462 printf("testing samr_Connect2\n");
3464 r2.in.system_name = NULL;
3465 r2.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
3466 r2.out.connect_handle = &h;
3468 status = dcerpc_samr_Connect2(p, mem_ctx, &r2);
3469 if (!NT_STATUS_IS_OK(status)) {
3470 printf("Connect2 failed - %s\n", nt_errstr(status));
3474 test_samr_handle_Close(p, mem_ctx, handle);
3480 printf("testing samr_Connect3\n");
3482 r3.in.system_name = NULL;
3484 r3.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
3485 r3.out.connect_handle = &h;
3487 status = dcerpc_samr_Connect3(p, mem_ctx, &r3);
3488 if (!NT_STATUS_IS_OK(status)) {
3489 printf("Connect3 failed - %s\n", nt_errstr(status));
3493 test_samr_handle_Close(p, mem_ctx, handle);
3499 printf("testing samr_Connect4\n");
3501 r4.in.system_name = "";
3503 r4.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
3504 r4.out.connect_handle = &h;
3506 status = dcerpc_samr_Connect4(p, mem_ctx, &r4);
3507 if (!NT_STATUS_IS_OK(status)) {
3508 printf("Connect4 failed - %s\n", nt_errstr(status));
3512 test_samr_handle_Close(p, mem_ctx, handle);
3518 printf("testing samr_Connect5\n");
3520 info.info1.unknown1 = 0;
3521 info.info1.unknown2 = 0;
3523 r5.in.system_name = "";
3524 r5.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
3527 r5.out.info = &info;
3528 r5.out.connect_handle = &h;
3530 status = dcerpc_samr_Connect5(p, mem_ctx, &r5);
3531 if (!NT_STATUS_IS_OK(status)) {
3532 printf("Connect5 failed - %s\n", nt_errstr(status));
3536 test_samr_handle_Close(p, mem_ctx, handle);
3546 BOOL torture_rpc_samr(struct torture_context *torture)
3549 struct dcerpc_pipe *p;
3551 struct policy_handle handle;
3553 status = torture_rpc_connection(torture, &p, &dcerpc_table_samr);
3554 if (!NT_STATUS_IS_OK(status)) {
3558 ret &= test_Connect(p, torture, &handle);
3560 ret &= test_QuerySecurity(p, torture, &handle);
3562 ret &= test_EnumDomains(p, torture, &handle, TORTURE_SAMR_OTHER);
3564 ret &= test_SetDsrmPassword(p, torture, &handle);
3566 ret &= test_Shutdown(p, torture, &handle);
3568 ret &= test_samr_handle_Close(p, torture, &handle);
3574 BOOL torture_rpc_samr_users(struct torture_context *torture)
3577 struct dcerpc_pipe *p;
3579 struct policy_handle handle;
3581 status = torture_rpc_connection(torture, &p, &dcerpc_table_samr);
3582 if (!NT_STATUS_IS_OK(status)) {
3586 ret &= test_Connect(p, torture, &handle);
3588 ret &= test_QuerySecurity(p, torture, &handle);
3590 ret &= test_EnumDomains(p, torture, &handle, TORTURE_SAMR_USER_ATTRIBUTES);
3592 ret &= test_SetDsrmPassword(p, torture, &handle);
3594 ret &= test_Shutdown(p, torture, &handle);
3596 ret &= test_samr_handle_Close(p, torture, &handle);
3602 BOOL torture_rpc_samr_passwords(struct torture_context *torture)
3605 struct dcerpc_pipe *p;
3607 struct policy_handle handle;
3609 status = torture_rpc_connection(torture, &p, &dcerpc_table_samr);
3610 if (!NT_STATUS_IS_OK(status)) {
3614 ret &= test_Connect(p, torture, &handle);
3616 ret &= test_EnumDomains(p, torture, &handle, TORTURE_SAMR_PASSWORDS);
3618 ret &= test_samr_handle_Close(p, torture, &handle);
git.samba.org / ira / wip.git / blob