2 Unix SMB/CIFS implementation.
3 test suite for samr rpc operations
5 Copyright (C) Andrew Tridgell 2003
6 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2003
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "torture/torture.h"
24 #include "system/time.h"
25 #include "librpc/gen_ndr/lsa.h"
26 #include "librpc/gen_ndr/ndr_samr_c.h"
27 #include "../lib/crypto/crypto.h"
28 #include "libcli/auth/libcli_auth.h"
29 #include "libcli/security/security.h"
30 #include "torture/rpc/rpc.h"
32 #define TEST_ACCOUNT_NAME "samrtorturetest"
33 #define TEST_ALIASNAME "samrtorturetestalias"
34 #define TEST_GROUPNAME "samrtorturetestgroup"
35 #define TEST_MACHINENAME "samrtestmach$"
36 #define TEST_DOMAINNAME "samrtestdom$"
38 enum torture_samr_choice {
39 TORTURE_SAMR_PASSWORDS,
40 TORTURE_SAMR_USER_ATTRIBUTES,
44 static bool test_QueryUserInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
45 struct policy_handle *handle);
47 static bool test_QueryUserInfo2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
48 struct policy_handle *handle);
50 static bool test_QueryAliasInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
51 struct policy_handle *handle);
53 static bool test_ChangePassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
54 const char *acct_name,
55 struct policy_handle *domain_handle, char **password);
57 static void init_lsa_String(struct lsa_String *string, const char *s)
62 bool test_samr_handle_Close(struct dcerpc_pipe *p, struct torture_context *tctx,
63 struct policy_handle *handle)
69 r.out.handle = handle;
71 status = dcerpc_samr_Close(p, tctx, &r);
72 torture_assert_ntstatus_ok(tctx, status, "Close");
77 static bool test_Shutdown(struct dcerpc_pipe *p, struct torture_context *tctx,
78 struct policy_handle *handle)
81 struct samr_Shutdown r;
83 if (!torture_setting_bool(tctx, "dangerous", false)) {
84 torture_skip(tctx, "samr_Shutdown disabled - enable dangerous tests to use\n");
88 r.in.connect_handle = handle;
90 torture_comment(tctx, "testing samr_Shutdown\n");
92 status = dcerpc_samr_Shutdown(p, tctx, &r);
93 torture_assert_ntstatus_ok(tctx, status, "samr_Shutdown");
98 static bool test_SetDsrmPassword(struct dcerpc_pipe *p, struct torture_context *tctx,
99 struct policy_handle *handle)
102 struct samr_SetDsrmPassword r;
103 struct lsa_String string;
104 struct samr_Password hash;
106 if (!torture_setting_bool(tctx, "dangerous", false)) {
107 torture_skip(tctx, "samr_SetDsrmPassword disabled - enable dangerous tests to use");
110 E_md4hash("TeSTDSRM123", hash.hash);
112 init_lsa_String(&string, "Administrator");
118 torture_comment(tctx, "testing samr_SetDsrmPassword\n");
120 status = dcerpc_samr_SetDsrmPassword(p, tctx, &r);
121 torture_assert_ntstatus_equal(tctx, status, NT_STATUS_NOT_SUPPORTED, "samr_SetDsrmPassword");
127 static bool test_QuerySecurity(struct dcerpc_pipe *p,
128 struct torture_context *tctx,
129 struct policy_handle *handle)
132 struct samr_QuerySecurity r;
133 struct samr_SetSecurity s;
135 r.in.handle = handle;
138 status = dcerpc_samr_QuerySecurity(p, tctx, &r);
139 torture_assert_ntstatus_ok(tctx, status, "QuerySecurity");
141 torture_assert(tctx, r.out.sdbuf != NULL, "sdbuf is NULL");
143 s.in.handle = handle;
145 s.in.sdbuf = r.out.sdbuf;
147 if (torture_setting_bool(tctx, "samba4", false)) {
148 torture_skip(tctx, "skipping SetSecurity test against Samba4\n");
151 status = dcerpc_samr_SetSecurity(p, tctx, &s);
152 torture_assert_ntstatus_ok(tctx, status, "SetSecurity");
154 status = dcerpc_samr_QuerySecurity(p, tctx, &r);
155 torture_assert_ntstatus_ok(tctx, status, "QuerySecurity");
161 static bool test_SetUserInfo(struct dcerpc_pipe *p, struct torture_context *tctx,
162 struct policy_handle *handle, uint32_t base_acct_flags,
163 const char *base_account_name)
166 struct samr_SetUserInfo s;
167 struct samr_SetUserInfo2 s2;
168 struct samr_QueryUserInfo q;
169 struct samr_QueryUserInfo q0;
170 union samr_UserInfo u;
172 const char *test_account_name;
174 uint32_t user_extra_flags = 0;
175 if (base_acct_flags == ACB_NORMAL) {
176 /* When created, accounts are expired by default */
177 user_extra_flags = ACB_PW_EXPIRED;
180 s.in.user_handle = handle;
183 s2.in.user_handle = handle;
186 q.in.user_handle = handle;
190 #define TESTCALL(call, r) \
191 status = dcerpc_samr_ ##call(p, tctx, &r); \
192 if (!NT_STATUS_IS_OK(status)) { \
193 torture_comment(tctx, #call " level %u failed - %s (%s)\n", \
194 r.in.level, nt_errstr(status), __location__); \
199 #define STRING_EQUAL(s1, s2, field) \
200 if ((s1 && !s2) || (s2 && !s1) || strcmp(s1, s2)) { \
201 torture_comment(tctx, "Failed to set %s to '%s' (%s)\n", \
202 #field, s2, __location__); \
207 #define INT_EQUAL(i1, i2, field) \
209 torture_comment(tctx, "Failed to set %s to 0x%llx - got 0x%llx (%s)\n", \
210 #field, (unsigned long long)i2, (unsigned long long)i1, __location__); \
215 #define TEST_USERINFO_STRING(lvl1, field1, lvl2, field2, value, fpval) do { \
216 torture_comment(tctx, "field test %d/%s vs %d/%s\n", lvl1, #field1, lvl2, #field2); \
218 TESTCALL(QueryUserInfo, q) \
220 s2.in.level = lvl1; \
223 ZERO_STRUCT(u.info21); \
224 u.info21.fields_present = fpval; \
226 init_lsa_String(&u.info ## lvl1.field1, value); \
227 TESTCALL(SetUserInfo, s) \
228 TESTCALL(SetUserInfo2, s2) \
229 init_lsa_String(&u.info ## lvl1.field1, ""); \
230 TESTCALL(QueryUserInfo, q); \
232 STRING_EQUAL(u.info ## lvl1.field1.string, value, field1); \
234 TESTCALL(QueryUserInfo, q) \
236 STRING_EQUAL(u.info ## lvl2.field2.string, value, field2); \
239 #define TEST_USERINFO_INT_EXP(lvl1, field1, lvl2, field2, value, exp_value, fpval) do { \
240 torture_comment(tctx, "field test %d/%s vs %d/%s\n", lvl1, #field1, lvl2, #field2); \
242 TESTCALL(QueryUserInfo, q) \
244 s2.in.level = lvl1; \
247 uint8_t *bits = u.info21.logon_hours.bits; \
248 ZERO_STRUCT(u.info21); \
249 if (fpval == SAMR_FIELD_LOGON_HOURS) { \
250 u.info21.logon_hours.units_per_week = 168; \
251 u.info21.logon_hours.bits = bits; \
253 u.info21.fields_present = fpval; \
255 u.info ## lvl1.field1 = value; \
256 TESTCALL(SetUserInfo, s) \
257 TESTCALL(SetUserInfo2, s2) \
258 u.info ## lvl1.field1 = 0; \
259 TESTCALL(QueryUserInfo, q); \
261 INT_EQUAL(u.info ## lvl1.field1, exp_value, field1); \
263 TESTCALL(QueryUserInfo, q) \
265 INT_EQUAL(u.info ## lvl2.field2, exp_value, field1); \
268 #define TEST_USERINFO_INT(lvl1, field1, lvl2, field2, value, fpval) do { \
269 TEST_USERINFO_INT_EXP(lvl1, field1, lvl2, field2, value, value, fpval); \
273 do { TESTCALL(QueryUserInfo, q0) } while (0);
275 TEST_USERINFO_STRING(2, comment, 1, comment, "xx2-1 comment", 0);
276 TEST_USERINFO_STRING(2, comment, 21, comment, "xx2-21 comment", 0);
277 TEST_USERINFO_STRING(21, comment, 21, comment, "xx21-21 comment",
280 test_account_name = talloc_asprintf(tctx, "%sxx7-1", base_account_name);
281 TEST_USERINFO_STRING(7, account_name, 1, account_name, base_account_name, 0);
282 test_account_name = talloc_asprintf(tctx, "%sxx7-3", base_account_name);
283 TEST_USERINFO_STRING(7, account_name, 3, account_name, base_account_name, 0);
284 test_account_name = talloc_asprintf(tctx, "%sxx7-5", base_account_name);
285 TEST_USERINFO_STRING(7, account_name, 5, account_name, base_account_name, 0);
286 test_account_name = talloc_asprintf(tctx, "%sxx7-6", base_account_name);
287 TEST_USERINFO_STRING(7, account_name, 6, account_name, base_account_name, 0);
288 test_account_name = talloc_asprintf(tctx, "%sxx7-7", base_account_name);
289 TEST_USERINFO_STRING(7, account_name, 7, account_name, base_account_name, 0);
290 test_account_name = talloc_asprintf(tctx, "%sxx7-21", base_account_name);
291 TEST_USERINFO_STRING(7, account_name, 21, account_name, base_account_name, 0);
292 test_account_name = base_account_name;
293 TEST_USERINFO_STRING(21, account_name, 21, account_name, base_account_name,
294 SAMR_FIELD_ACCOUNT_NAME);
296 TEST_USERINFO_STRING(6, full_name, 1, full_name, "xx6-1 full_name", 0);
297 TEST_USERINFO_STRING(6, full_name, 3, full_name, "xx6-3 full_name", 0);
298 TEST_USERINFO_STRING(6, full_name, 5, full_name, "xx6-5 full_name", 0);
299 TEST_USERINFO_STRING(6, full_name, 6, full_name, "xx6-6 full_name", 0);
300 TEST_USERINFO_STRING(6, full_name, 8, full_name, "xx6-8 full_name", 0);
301 TEST_USERINFO_STRING(6, full_name, 21, full_name, "xx6-21 full_name", 0);
302 TEST_USERINFO_STRING(8, full_name, 21, full_name, "xx8-21 full_name", 0);
303 TEST_USERINFO_STRING(21, full_name, 21, full_name, "xx21-21 full_name",
304 SAMR_FIELD_FULL_NAME);
306 TEST_USERINFO_STRING(6, full_name, 1, full_name, "", 0);
307 TEST_USERINFO_STRING(6, full_name, 3, full_name, "", 0);
308 TEST_USERINFO_STRING(6, full_name, 5, full_name, "", 0);
309 TEST_USERINFO_STRING(6, full_name, 6, full_name, "", 0);
310 TEST_USERINFO_STRING(6, full_name, 8, full_name, "", 0);
311 TEST_USERINFO_STRING(6, full_name, 21, full_name, "", 0);
312 TEST_USERINFO_STRING(8, full_name, 21, full_name, "", 0);
313 TEST_USERINFO_STRING(21, full_name, 21, full_name, "",
314 SAMR_FIELD_FULL_NAME);
316 TEST_USERINFO_STRING(11, logon_script, 3, logon_script, "xx11-3 logon_script", 0);
317 TEST_USERINFO_STRING(11, logon_script, 5, logon_script, "xx11-5 logon_script", 0);
318 TEST_USERINFO_STRING(11, logon_script, 21, logon_script, "xx11-21 logon_script", 0);
319 TEST_USERINFO_STRING(21, logon_script, 21, logon_script, "xx21-21 logon_script",
320 SAMR_FIELD_LOGON_SCRIPT);
322 TEST_USERINFO_STRING(12, profile_path, 3, profile_path, "xx12-3 profile_path", 0);
323 TEST_USERINFO_STRING(12, profile_path, 5, profile_path, "xx12-5 profile_path", 0);
324 TEST_USERINFO_STRING(12, profile_path, 21, profile_path, "xx12-21 profile_path", 0);
325 TEST_USERINFO_STRING(21, profile_path, 21, profile_path, "xx21-21 profile_path",
326 SAMR_FIELD_PROFILE_PATH);
328 TEST_USERINFO_STRING(10, home_directory, 3, home_directory, "xx10-3 home_directory", 0);
329 TEST_USERINFO_STRING(10, home_directory, 5, home_directory, "xx10-5 home_directory", 0);
330 TEST_USERINFO_STRING(10, home_directory, 21, home_directory, "xx10-21 home_directory", 0);
331 TEST_USERINFO_STRING(21, home_directory, 21, home_directory, "xx21-21 home_directory",
332 SAMR_FIELD_HOME_DIRECTORY);
333 TEST_USERINFO_STRING(21, home_directory, 10, home_directory, "xx21-10 home_directory",
334 SAMR_FIELD_HOME_DIRECTORY);
336 TEST_USERINFO_STRING(10, home_drive, 3, home_drive, "xx10-3 home_drive", 0);
337 TEST_USERINFO_STRING(10, home_drive, 5, home_drive, "xx10-5 home_drive", 0);
338 TEST_USERINFO_STRING(10, home_drive, 21, home_drive, "xx10-21 home_drive", 0);
339 TEST_USERINFO_STRING(21, home_drive, 21, home_drive, "xx21-21 home_drive",
340 SAMR_FIELD_HOME_DRIVE);
341 TEST_USERINFO_STRING(21, home_drive, 10, home_drive, "xx21-10 home_drive",
342 SAMR_FIELD_HOME_DRIVE);
344 TEST_USERINFO_STRING(13, description, 1, description, "xx13-1 description", 0);
345 TEST_USERINFO_STRING(13, description, 5, description, "xx13-5 description", 0);
346 TEST_USERINFO_STRING(13, description, 21, description, "xx13-21 description", 0);
347 TEST_USERINFO_STRING(21, description, 21, description, "xx21-21 description",
348 SAMR_FIELD_DESCRIPTION);
350 TEST_USERINFO_STRING(14, workstations, 3, workstations, "14workstation3", 0);
351 TEST_USERINFO_STRING(14, workstations, 5, workstations, "14workstation4", 0);
352 TEST_USERINFO_STRING(14, workstations, 21, workstations, "14workstation21", 0);
353 TEST_USERINFO_STRING(21, workstations, 21, workstations, "21workstation21",
354 SAMR_FIELD_WORKSTATIONS);
355 TEST_USERINFO_STRING(21, workstations, 3, workstations, "21workstation3",
356 SAMR_FIELD_WORKSTATIONS);
357 TEST_USERINFO_STRING(21, workstations, 5, workstations, "21workstation5",
358 SAMR_FIELD_WORKSTATIONS);
359 TEST_USERINFO_STRING(21, workstations, 14, workstations, "21workstation14",
360 SAMR_FIELD_WORKSTATIONS);
362 TEST_USERINFO_STRING(20, parameters, 21, parameters, "xx20-21 parameters", 0);
363 TEST_USERINFO_STRING(21, parameters, 21, parameters, "xx21-21 parameters",
364 SAMR_FIELD_PARAMETERS);
365 TEST_USERINFO_STRING(21, parameters, 20, parameters, "xx21-20 parameters",
366 SAMR_FIELD_PARAMETERS);
368 TEST_USERINFO_INT(2, country_code, 2, country_code, __LINE__, 0);
369 TEST_USERINFO_INT(2, country_code, 21, country_code, __LINE__, 0);
370 TEST_USERINFO_INT(21, country_code, 21, country_code, __LINE__,
371 SAMR_FIELD_COUNTRY_CODE);
372 TEST_USERINFO_INT(21, country_code, 2, country_code, __LINE__,
373 SAMR_FIELD_COUNTRY_CODE);
375 TEST_USERINFO_INT(2, code_page, 21, code_page, __LINE__, 0);
376 TEST_USERINFO_INT(21, code_page, 21, code_page, __LINE__,
377 SAMR_FIELD_CODE_PAGE);
378 TEST_USERINFO_INT(21, code_page, 2, code_page, __LINE__,
379 SAMR_FIELD_CODE_PAGE);
381 TEST_USERINFO_INT(17, acct_expiry, 21, acct_expiry, __LINE__, 0);
382 TEST_USERINFO_INT(17, acct_expiry, 5, acct_expiry, __LINE__, 0);
383 TEST_USERINFO_INT(21, acct_expiry, 21, acct_expiry, __LINE__,
384 SAMR_FIELD_ACCT_EXPIRY);
385 TEST_USERINFO_INT(21, acct_expiry, 5, acct_expiry, __LINE__,
386 SAMR_FIELD_ACCT_EXPIRY);
387 TEST_USERINFO_INT(21, acct_expiry, 17, acct_expiry, __LINE__,
388 SAMR_FIELD_ACCT_EXPIRY);
390 TEST_USERINFO_INT(4, logon_hours.bits[3], 3, logon_hours.bits[3], 1, 0);
391 TEST_USERINFO_INT(4, logon_hours.bits[3], 5, logon_hours.bits[3], 2, 0);
392 TEST_USERINFO_INT(4, logon_hours.bits[3], 21, logon_hours.bits[3], 3, 0);
393 TEST_USERINFO_INT(21, logon_hours.bits[3], 21, logon_hours.bits[3], 4,
394 SAMR_FIELD_LOGON_HOURS);
396 TEST_USERINFO_INT_EXP(16, acct_flags, 5, acct_flags,
397 (base_acct_flags | ACB_DISABLED | ACB_HOMDIRREQ),
398 (base_acct_flags | ACB_DISABLED | ACB_HOMDIRREQ | user_extra_flags),
400 TEST_USERINFO_INT_EXP(16, acct_flags, 5, acct_flags,
401 (base_acct_flags | ACB_DISABLED),
402 (base_acct_flags | ACB_DISABLED | user_extra_flags),
405 /* Setting PWNOEXP clears the magic ACB_PW_EXPIRED flag */
406 TEST_USERINFO_INT_EXP(16, acct_flags, 5, acct_flags,
407 (base_acct_flags | ACB_DISABLED | ACB_PWNOEXP),
408 (base_acct_flags | ACB_DISABLED | ACB_PWNOEXP),
410 TEST_USERINFO_INT_EXP(16, acct_flags, 21, acct_flags,
411 (base_acct_flags | ACB_DISABLED | ACB_HOMDIRREQ),
412 (base_acct_flags | ACB_DISABLED | ACB_HOMDIRREQ | user_extra_flags),
416 /* The 'autolock' flag doesn't stick - check this */
417 TEST_USERINFO_INT_EXP(16, acct_flags, 21, acct_flags,
418 (base_acct_flags | ACB_DISABLED | ACB_AUTOLOCK),
419 (base_acct_flags | ACB_DISABLED | user_extra_flags),
422 /* Removing the 'disabled' flag doesn't stick - check this */
423 TEST_USERINFO_INT_EXP(16, acct_flags, 21, acct_flags,
425 (base_acct_flags | ACB_DISABLED | user_extra_flags),
428 /* The 'store plaintext' flag does stick */
429 TEST_USERINFO_INT_EXP(16, acct_flags, 21, acct_flags,
430 (base_acct_flags | ACB_DISABLED | ACB_ENC_TXT_PWD_ALLOWED),
431 (base_acct_flags | ACB_DISABLED | ACB_ENC_TXT_PWD_ALLOWED | user_extra_flags),
433 /* The 'use DES' flag does stick */
434 TEST_USERINFO_INT_EXP(16, acct_flags, 21, acct_flags,
435 (base_acct_flags | ACB_DISABLED | ACB_USE_DES_KEY_ONLY),
436 (base_acct_flags | ACB_DISABLED | ACB_USE_DES_KEY_ONLY | user_extra_flags),
438 /* The 'don't require kerberos pre-authentication flag does stick */
439 TEST_USERINFO_INT_EXP(16, acct_flags, 21, acct_flags,
440 (base_acct_flags | ACB_DISABLED | ACB_DONT_REQUIRE_PREAUTH),
441 (base_acct_flags | ACB_DISABLED | ACB_DONT_REQUIRE_PREAUTH | user_extra_flags),
443 /* The 'no kerberos PAC required' flag sticks */
444 TEST_USERINFO_INT_EXP(16, acct_flags, 21, acct_flags,
445 (base_acct_flags | ACB_DISABLED | ACB_NO_AUTH_DATA_REQD),
446 (base_acct_flags | ACB_DISABLED | ACB_NO_AUTH_DATA_REQD | user_extra_flags),
449 TEST_USERINFO_INT_EXP(21, acct_flags, 21, acct_flags,
450 (base_acct_flags | ACB_DISABLED),
451 (base_acct_flags | ACB_DISABLED | user_extra_flags),
452 SAMR_FIELD_ACCT_FLAGS);
455 /* these fail with win2003 - it appears you can't set the primary gid?
456 the set succeeds, but the gid isn't changed. Very weird! */
457 TEST_USERINFO_INT(9, primary_gid, 1, primary_gid, 513);
458 TEST_USERINFO_INT(9, primary_gid, 3, primary_gid, 513);
459 TEST_USERINFO_INT(9, primary_gid, 5, primary_gid, 513);
460 TEST_USERINFO_INT(9, primary_gid, 21, primary_gid, 513);
467 generate a random password for password change tests
469 static char *samr_rand_pass(TALLOC_CTX *mem_ctx, int min_len)
471 size_t len = MAX(8, min_len) + (random() % 6);
472 char *s = generate_random_str(mem_ctx, len);
473 printf("Generated password '%s'\n", s);
478 generate a random password for password change tests
480 static DATA_BLOB samr_very_rand_pass(TALLOC_CTX *mem_ctx, int len)
483 DATA_BLOB password = data_blob_talloc(mem_ctx, NULL, len * 2 /* number of unicode chars */);
484 generate_random_buffer(password.data, password.length);
486 for (i=0; i < len; i++) {
487 if (((uint16_t *)password.data)[i] == 0) {
488 ((uint16_t *)password.data)[i] = 1;
496 generate a random password for password change tests (fixed length)
498 static char *samr_rand_pass_fixed_len(TALLOC_CTX *mem_ctx, int len)
500 char *s = generate_random_str(mem_ctx, len);
501 printf("Generated password '%s'\n", s);
505 static bool test_SetUserPass(struct dcerpc_pipe *p, struct torture_context *tctx,
506 struct policy_handle *handle, char **password)
509 struct samr_SetUserInfo s;
510 union samr_UserInfo u;
512 DATA_BLOB session_key;
514 struct samr_GetUserPwInfo pwp;
515 int policy_min_pw_len = 0;
516 pwp.in.user_handle = handle;
518 status = dcerpc_samr_GetUserPwInfo(p, tctx, &pwp);
519 if (NT_STATUS_IS_OK(status)) {
520 policy_min_pw_len = pwp.out.info.min_password_length;
522 newpass = samr_rand_pass(tctx, policy_min_pw_len);
524 s.in.user_handle = handle;
528 encode_pw_buffer(u.info24.password.data, newpass, STR_UNICODE);
529 /* w2k3 ignores this length */
530 u.info24.pw_len = strlen_m(newpass) * 2;
532 status = dcerpc_fetch_session_key(p, &session_key);
533 if (!NT_STATUS_IS_OK(status)) {
534 printf("SetUserInfo level %u - no session key - %s\n",
535 s.in.level, nt_errstr(status));
539 arcfour_crypt_blob(u.info24.password.data, 516, &session_key);
541 torture_comment(tctx, "Testing SetUserInfo level 24 (set password)\n");
543 status = dcerpc_samr_SetUserInfo(p, tctx, &s);
544 if (!NT_STATUS_IS_OK(status)) {
545 printf("SetUserInfo level %u failed - %s\n",
546 s.in.level, nt_errstr(status));
556 static bool test_SetUserPass_23(struct dcerpc_pipe *p, struct torture_context *tctx,
557 struct policy_handle *handle, uint32_t fields_present,
561 struct samr_SetUserInfo s;
562 union samr_UserInfo u;
564 DATA_BLOB session_key;
566 struct samr_GetUserPwInfo pwp;
567 int policy_min_pw_len = 0;
568 pwp.in.user_handle = handle;
570 status = dcerpc_samr_GetUserPwInfo(p, tctx, &pwp);
571 if (NT_STATUS_IS_OK(status)) {
572 policy_min_pw_len = pwp.out.info.min_password_length;
574 newpass = samr_rand_pass(tctx, policy_min_pw_len);
576 s.in.user_handle = handle;
582 u.info23.info.fields_present = fields_present;
584 encode_pw_buffer(u.info23.password.data, newpass, STR_UNICODE);
586 status = dcerpc_fetch_session_key(p, &session_key);
587 if (!NT_STATUS_IS_OK(status)) {
588 printf("SetUserInfo level %u - no session key - %s\n",
589 s.in.level, nt_errstr(status));
593 arcfour_crypt_blob(u.info23.password.data, 516, &session_key);
595 torture_comment(tctx, "Testing SetUserInfo level 23 (set password)\n");
597 status = dcerpc_samr_SetUserInfo(p, tctx, &s);
598 if (!NT_STATUS_IS_OK(status)) {
599 printf("SetUserInfo level %u failed - %s\n",
600 s.in.level, nt_errstr(status));
606 encode_pw_buffer(u.info23.password.data, newpass, STR_UNICODE);
608 status = dcerpc_fetch_session_key(p, &session_key);
609 if (!NT_STATUS_IS_OK(status)) {
610 printf("SetUserInfo level %u - no session key - %s\n",
611 s.in.level, nt_errstr(status));
615 /* This should break the key nicely */
616 session_key.length--;
617 arcfour_crypt_blob(u.info23.password.data, 516, &session_key);
619 torture_comment(tctx, "Testing SetUserInfo level 23 (set password) with wrong password\n");
621 status = dcerpc_samr_SetUserInfo(p, tctx, &s);
622 if (!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
623 printf("SetUserInfo level %u should have failed with WRONG_PASSWORD- %s\n",
624 s.in.level, nt_errstr(status));
632 static bool test_SetUserPassEx(struct dcerpc_pipe *p, struct torture_context *tctx,
633 struct policy_handle *handle, bool makeshort,
637 struct samr_SetUserInfo s;
638 union samr_UserInfo u;
640 DATA_BLOB session_key;
641 DATA_BLOB confounded_session_key = data_blob_talloc(tctx, NULL, 16);
642 uint8_t confounder[16];
644 struct MD5Context ctx;
645 struct samr_GetUserPwInfo pwp;
646 int policy_min_pw_len = 0;
647 pwp.in.user_handle = handle;
649 status = dcerpc_samr_GetUserPwInfo(p, tctx, &pwp);
650 if (NT_STATUS_IS_OK(status)) {
651 policy_min_pw_len = pwp.out.info.min_password_length;
653 if (makeshort && policy_min_pw_len) {
654 newpass = samr_rand_pass_fixed_len(tctx, policy_min_pw_len - 1);
656 newpass = samr_rand_pass(tctx, policy_min_pw_len);
659 s.in.user_handle = handle;
663 encode_pw_buffer(u.info26.password.data, newpass, STR_UNICODE);
664 u.info26.pw_len = strlen(newpass);
666 status = dcerpc_fetch_session_key(p, &session_key);
667 if (!NT_STATUS_IS_OK(status)) {
668 printf("SetUserInfo level %u - no session key - %s\n",
669 s.in.level, nt_errstr(status));
673 generate_random_buffer((uint8_t *)confounder, 16);
676 MD5Update(&ctx, confounder, 16);
677 MD5Update(&ctx, session_key.data, session_key.length);
678 MD5Final(confounded_session_key.data, &ctx);
680 arcfour_crypt_blob(u.info26.password.data, 516, &confounded_session_key);
681 memcpy(&u.info26.password.data[516], confounder, 16);
683 torture_comment(tctx, "Testing SetUserInfo level 26 (set password ex)\n");
685 status = dcerpc_samr_SetUserInfo(p, tctx, &s);
686 if (!NT_STATUS_IS_OK(status)) {
687 printf("SetUserInfo level %u failed - %s\n",
688 s.in.level, nt_errstr(status));
694 /* This should break the key nicely */
695 confounded_session_key.data[0]++;
697 arcfour_crypt_blob(u.info26.password.data, 516, &confounded_session_key);
698 memcpy(&u.info26.password.data[516], confounder, 16);
700 torture_comment(tctx, "Testing SetUserInfo level 26 (set password ex) with wrong session key\n");
702 status = dcerpc_samr_SetUserInfo(p, tctx, &s);
703 if (!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
704 printf("SetUserInfo level %u should have failed with WRONG_PASSWORD: %s\n",
705 s.in.level, nt_errstr(status));
714 static bool test_SetUserPass_25(struct dcerpc_pipe *p, struct torture_context *tctx,
715 struct policy_handle *handle, uint32_t fields_present,
719 struct samr_SetUserInfo s;
720 union samr_UserInfo u;
722 DATA_BLOB session_key;
723 DATA_BLOB confounded_session_key = data_blob_talloc(tctx, NULL, 16);
724 struct MD5Context ctx;
725 uint8_t confounder[16];
727 struct samr_GetUserPwInfo pwp;
728 int policy_min_pw_len = 0;
729 pwp.in.user_handle = handle;
731 status = dcerpc_samr_GetUserPwInfo(p, tctx, &pwp);
732 if (NT_STATUS_IS_OK(status)) {
733 policy_min_pw_len = pwp.out.info.min_password_length;
735 newpass = samr_rand_pass(tctx, policy_min_pw_len);
737 s.in.user_handle = handle;
743 u.info25.info.fields_present = fields_present;
745 encode_pw_buffer(u.info25.password.data, newpass, STR_UNICODE);
747 status = dcerpc_fetch_session_key(p, &session_key);
748 if (!NT_STATUS_IS_OK(status)) {
749 printf("SetUserInfo level %u - no session key - %s\n",
750 s.in.level, nt_errstr(status));
754 generate_random_buffer((uint8_t *)confounder, 16);
757 MD5Update(&ctx, confounder, 16);
758 MD5Update(&ctx, session_key.data, session_key.length);
759 MD5Final(confounded_session_key.data, &ctx);
761 arcfour_crypt_blob(u.info25.password.data, 516, &confounded_session_key);
762 memcpy(&u.info25.password.data[516], confounder, 16);
764 torture_comment(tctx, "Testing SetUserInfo level 25 (set password ex)\n");
766 status = dcerpc_samr_SetUserInfo(p, tctx, &s);
767 if (!NT_STATUS_IS_OK(status)) {
768 printf("SetUserInfo level %u failed - %s\n",
769 s.in.level, nt_errstr(status));
775 /* This should break the key nicely */
776 confounded_session_key.data[0]++;
778 arcfour_crypt_blob(u.info25.password.data, 516, &confounded_session_key);
779 memcpy(&u.info25.password.data[516], confounder, 16);
781 torture_comment(tctx, "Testing SetUserInfo level 25 (set password ex) with wrong session key\n");
783 status = dcerpc_samr_SetUserInfo(p, tctx, &s);
784 if (!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
785 printf("SetUserInfo level %u should have failed with WRONG_PASSWORD- %s\n",
786 s.in.level, nt_errstr(status));
793 static bool test_SetAliasInfo(struct dcerpc_pipe *p, struct torture_context *tctx,
794 struct policy_handle *handle)
797 struct samr_SetAliasInfo r;
798 struct samr_QueryAliasInfo q;
799 uint16_t levels[] = {2, 3};
803 /* Ignoring switch level 1, as that includes the number of members for the alias
804 * and setting this to a wrong value might have negative consequences
807 for (i=0;i<ARRAY_SIZE(levels);i++) {
808 torture_comment(tctx, "Testing SetAliasInfo level %u\n", levels[i]);
810 r.in.alias_handle = handle;
811 r.in.level = levels[i];
812 r.in.info = talloc(tctx, union samr_AliasInfo);
813 switch (r.in.level) {
814 case ALIASINFONAME: init_lsa_String(&r.in.info->name,TEST_ALIASNAME); break;
815 case ALIASINFODESCRIPTION: init_lsa_String(&r.in.info->description,
816 "Test Description, should test I18N as well"); break;
817 case ALIASINFOALL: printf("ALIASINFOALL ignored\n"); break;
820 status = dcerpc_samr_SetAliasInfo(p, tctx, &r);
821 if (!NT_STATUS_IS_OK(status)) {
822 printf("SetAliasInfo level %u failed - %s\n",
823 levels[i], nt_errstr(status));
827 q.in.alias_handle = handle;
828 q.in.level = levels[i];
830 status = dcerpc_samr_QueryAliasInfo(p, tctx, &q);
831 if (!NT_STATUS_IS_OK(status)) {
832 printf("QueryAliasInfo level %u failed - %s\n",
833 levels[i], nt_errstr(status));
841 static bool test_GetGroupsForUser(struct dcerpc_pipe *p, struct torture_context *tctx,
842 struct policy_handle *user_handle)
844 struct samr_GetGroupsForUser r;
847 torture_comment(tctx, "testing GetGroupsForUser\n");
849 r.in.user_handle = user_handle;
851 status = dcerpc_samr_GetGroupsForUser(p, tctx, &r);
852 torture_assert_ntstatus_ok(tctx, status, "GetGroupsForUser");
858 static bool test_GetDomPwInfo(struct dcerpc_pipe *p, struct torture_context *tctx,
859 struct lsa_String *domain_name)
862 struct samr_GetDomPwInfo r;
864 r.in.domain_name = domain_name;
865 torture_comment(tctx, "Testing GetDomPwInfo with name %s\n", r.in.domain_name->string);
867 status = dcerpc_samr_GetDomPwInfo(p, tctx, &r);
868 torture_assert_ntstatus_ok(tctx, status, "GetDomPwInfo");
870 r.in.domain_name->string = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
871 torture_comment(tctx, "Testing GetDomPwInfo with name %s\n", r.in.domain_name->string);
873 status = dcerpc_samr_GetDomPwInfo(p, tctx, &r);
874 torture_assert_ntstatus_ok(tctx, status, "GetDomPwInfo");
876 r.in.domain_name->string = "\\\\__NONAME__";
877 torture_comment(tctx, "Testing GetDomPwInfo with name %s\n", r.in.domain_name->string);
879 status = dcerpc_samr_GetDomPwInfo(p, tctx, &r);
880 torture_assert_ntstatus_ok(tctx, status, "GetDomPwInfo");
882 r.in.domain_name->string = "\\\\Builtin";
883 torture_comment(tctx, "Testing GetDomPwInfo with name %s\n", r.in.domain_name->string);
885 status = dcerpc_samr_GetDomPwInfo(p, tctx, &r);
886 torture_assert_ntstatus_ok(tctx, status, "GetDomPwInfo");
891 static bool test_GetUserPwInfo(struct dcerpc_pipe *p, struct torture_context *tctx,
892 struct policy_handle *handle)
895 struct samr_GetUserPwInfo r;
897 torture_comment(tctx, "Testing GetUserPwInfo\n");
899 r.in.user_handle = handle;
901 status = dcerpc_samr_GetUserPwInfo(p, tctx, &r);
902 torture_assert_ntstatus_ok(tctx, status, "GetUserPwInfo");
907 static NTSTATUS test_LookupName(struct dcerpc_pipe *p, struct torture_context *tctx,
908 struct policy_handle *domain_handle, const char *name,
912 struct samr_LookupNames n;
913 struct lsa_String sname[2];
915 init_lsa_String(&sname[0], name);
917 n.in.domain_handle = domain_handle;
920 status = dcerpc_samr_LookupNames(p, tctx, &n);
921 if (NT_STATUS_IS_OK(status)) {
922 *rid = n.out.rids.ids[0];
927 init_lsa_String(&sname[1], "xxNONAMExx");
929 status = dcerpc_samr_LookupNames(p, tctx, &n);
930 if (!NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) {
931 printf("LookupNames[2] failed - %s\n", nt_errstr(status));
932 if (NT_STATUS_IS_OK(status)) {
933 return NT_STATUS_UNSUCCESSFUL;
939 status = dcerpc_samr_LookupNames(p, tctx, &n);
940 if (!NT_STATUS_IS_OK(status)) {
941 printf("LookupNames[0] failed - %s\n", nt_errstr(status));
945 init_lsa_String(&sname[0], "xxNONAMExx");
947 status = dcerpc_samr_LookupNames(p, tctx, &n);
948 if (!NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)) {
949 printf("LookupNames[1 bad name] failed - %s\n", nt_errstr(status));
950 if (NT_STATUS_IS_OK(status)) {
951 return NT_STATUS_UNSUCCESSFUL;
956 init_lsa_String(&sname[0], "xxNONAMExx");
957 init_lsa_String(&sname[1], "xxNONAME2xx");
959 status = dcerpc_samr_LookupNames(p, tctx, &n);
960 if (!NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)) {
961 printf("LookupNames[2 bad names] failed - %s\n", nt_errstr(status));
962 if (NT_STATUS_IS_OK(status)) {
963 return NT_STATUS_UNSUCCESSFUL;
971 static NTSTATUS test_OpenUser_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
972 struct policy_handle *domain_handle,
973 const char *name, struct policy_handle *user_handle)
976 struct samr_OpenUser r;
979 status = test_LookupName(p, mem_ctx, domain_handle, name, &rid);
980 if (!NT_STATUS_IS_OK(status)) {
984 r.in.domain_handle = domain_handle;
985 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
987 r.out.user_handle = user_handle;
988 status = dcerpc_samr_OpenUser(p, mem_ctx, &r);
989 if (!NT_STATUS_IS_OK(status)) {
990 printf("OpenUser_byname(%s -> %d) failed - %s\n", name, rid, nt_errstr(status));
997 static bool test_ChangePasswordNT3(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
998 struct policy_handle *handle)
1001 struct samr_ChangePasswordUser r;
1003 struct samr_Password hash1, hash2, hash3, hash4, hash5, hash6;
1004 struct policy_handle user_handle;
1005 char *oldpass = "test";
1006 char *newpass = "test2";
1007 uint8_t old_nt_hash[16], new_nt_hash[16];
1008 uint8_t old_lm_hash[16], new_lm_hash[16];
1010 status = test_OpenUser_byname(p, mem_ctx, handle, "testuser", &user_handle);
1011 if (!NT_STATUS_IS_OK(status)) {
1015 printf("Testing ChangePasswordUser for user 'testuser'\n");
1017 printf("old password: %s\n", oldpass);
1018 printf("new password: %s\n", newpass);
1020 E_md4hash(oldpass, old_nt_hash);
1021 E_md4hash(newpass, new_nt_hash);
1022 E_deshash(oldpass, old_lm_hash);
1023 E_deshash(newpass, new_lm_hash);
1025 E_old_pw_hash(new_lm_hash, old_lm_hash, hash1.hash);
1026 E_old_pw_hash(old_lm_hash, new_lm_hash, hash2.hash);
1027 E_old_pw_hash(new_nt_hash, old_nt_hash, hash3.hash);
1028 E_old_pw_hash(old_nt_hash, new_nt_hash, hash4.hash);
1029 E_old_pw_hash(old_lm_hash, new_nt_hash, hash5.hash);
1030 E_old_pw_hash(old_nt_hash, new_lm_hash, hash6.hash);
1032 r.in.handle = &user_handle;
1033 r.in.lm_present = 1;
1034 r.in.old_lm_crypted = &hash1;
1035 r.in.new_lm_crypted = &hash2;
1036 r.in.nt_present = 1;
1037 r.in.old_nt_crypted = &hash3;
1038 r.in.new_nt_crypted = &hash4;
1039 r.in.cross1_present = 1;
1040 r.in.nt_cross = &hash5;
1041 r.in.cross2_present = 1;
1042 r.in.lm_cross = &hash6;
1044 status = dcerpc_samr_ChangePasswordUser(p, mem_ctx, &r);
1045 if (!NT_STATUS_IS_OK(status)) {
1046 printf("ChangePasswordUser failed - %s\n", nt_errstr(status));
1050 if (!test_samr_handle_Close(p, mem_ctx, &user_handle)) {
1058 static bool test_ChangePasswordUser(struct dcerpc_pipe *p, struct torture_context *tctx,
1059 const char *acct_name,
1060 struct policy_handle *handle, char **password)
1063 struct samr_ChangePasswordUser r;
1065 struct samr_Password hash1, hash2, hash3, hash4, hash5, hash6;
1066 struct policy_handle user_handle;
1068 uint8_t old_nt_hash[16], new_nt_hash[16];
1069 uint8_t old_lm_hash[16], new_lm_hash[16];
1070 bool changed = true;
1073 struct samr_GetUserPwInfo pwp;
1074 int policy_min_pw_len = 0;
1076 status = test_OpenUser_byname(p, tctx, handle, acct_name, &user_handle);
1077 if (!NT_STATUS_IS_OK(status)) {
1080 pwp.in.user_handle = &user_handle;
1082 status = dcerpc_samr_GetUserPwInfo(p, tctx, &pwp);
1083 if (NT_STATUS_IS_OK(status)) {
1084 policy_min_pw_len = pwp.out.info.min_password_length;
1086 newpass = samr_rand_pass(tctx, policy_min_pw_len);
1088 torture_comment(tctx, "Testing ChangePasswordUser\n");
1090 torture_assert(tctx, *password != NULL,
1091 "Failing ChangePasswordUser as old password was NULL. Previous test failed?");
1093 oldpass = *password;
1095 E_md4hash(oldpass, old_nt_hash);
1096 E_md4hash(newpass, new_nt_hash);
1097 E_deshash(oldpass, old_lm_hash);
1098 E_deshash(newpass, new_lm_hash);
1100 E_old_pw_hash(new_lm_hash, old_lm_hash, hash1.hash);
1101 E_old_pw_hash(old_lm_hash, new_lm_hash, hash2.hash);
1102 E_old_pw_hash(new_nt_hash, old_nt_hash, hash3.hash);
1103 E_old_pw_hash(old_nt_hash, new_nt_hash, hash4.hash);
1104 E_old_pw_hash(old_lm_hash, new_nt_hash, hash5.hash);
1105 E_old_pw_hash(old_nt_hash, new_lm_hash, hash6.hash);
1107 r.in.user_handle = &user_handle;
1108 r.in.lm_present = 1;
1109 /* Break the LM hash */
1111 r.in.old_lm_crypted = &hash1;
1112 r.in.new_lm_crypted = &hash2;
1113 r.in.nt_present = 1;
1114 r.in.old_nt_crypted = &hash3;
1115 r.in.new_nt_crypted = &hash4;
1116 r.in.cross1_present = 1;
1117 r.in.nt_cross = &hash5;
1118 r.in.cross2_present = 1;
1119 r.in.lm_cross = &hash6;
1121 status = dcerpc_samr_ChangePasswordUser(p, tctx, &r);
1122 torture_assert_ntstatus_equal(tctx, status, NT_STATUS_WRONG_PASSWORD,
1123 "ChangePasswordUser failed: expected NT_STATUS_WRONG_PASSWORD because we broke the LM hash");
1125 /* Unbreak the LM hash */
1128 r.in.user_handle = &user_handle;
1129 r.in.lm_present = 1;
1130 r.in.old_lm_crypted = &hash1;
1131 r.in.new_lm_crypted = &hash2;
1132 /* Break the NT hash */
1134 r.in.nt_present = 1;
1135 r.in.old_nt_crypted = &hash3;
1136 r.in.new_nt_crypted = &hash4;
1137 r.in.cross1_present = 1;
1138 r.in.nt_cross = &hash5;
1139 r.in.cross2_present = 1;
1140 r.in.lm_cross = &hash6;
1142 status = dcerpc_samr_ChangePasswordUser(p, tctx, &r);
1143 torture_assert_ntstatus_equal(tctx, status, NT_STATUS_WRONG_PASSWORD,
1144 "expected NT_STATUS_WRONG_PASSWORD because we broke the NT hash");
1146 /* Unbreak the NT hash */
1149 r.in.user_handle = &user_handle;
1150 r.in.lm_present = 1;
1151 r.in.old_lm_crypted = &hash1;
1152 r.in.new_lm_crypted = &hash2;
1153 r.in.nt_present = 1;
1154 r.in.old_nt_crypted = &hash3;
1155 r.in.new_nt_crypted = &hash4;
1156 r.in.cross1_present = 1;
1157 r.in.nt_cross = &hash5;
1158 r.in.cross2_present = 1;
1159 /* Break the LM cross */
1161 r.in.lm_cross = &hash6;
1163 status = dcerpc_samr_ChangePasswordUser(p, tctx, &r);
1164 if (!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
1165 printf("ChangePasswordUser failed: expected NT_STATUS_WRONG_PASSWORD because we broke the LM cross-hash, got %s\n", nt_errstr(status));
1169 /* Unbreak the LM cross */
1172 r.in.user_handle = &user_handle;
1173 r.in.lm_present = 1;
1174 r.in.old_lm_crypted = &hash1;
1175 r.in.new_lm_crypted = &hash2;
1176 r.in.nt_present = 1;
1177 r.in.old_nt_crypted = &hash3;
1178 r.in.new_nt_crypted = &hash4;
1179 r.in.cross1_present = 1;
1180 /* Break the NT cross */
1182 r.in.nt_cross = &hash5;
1183 r.in.cross2_present = 1;
1184 r.in.lm_cross = &hash6;
1186 status = dcerpc_samr_ChangePasswordUser(p, tctx, &r);
1187 if (!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
1188 printf("ChangePasswordUser failed: expected NT_STATUS_WRONG_PASSWORD because we broke the NT cross-hash, got %s\n", nt_errstr(status));
1192 /* Unbreak the NT cross */
1196 /* Reset the hashes to not broken values */
1197 E_old_pw_hash(new_lm_hash, old_lm_hash, hash1.hash);
1198 E_old_pw_hash(old_lm_hash, new_lm_hash, hash2.hash);
1199 E_old_pw_hash(new_nt_hash, old_nt_hash, hash3.hash);
1200 E_old_pw_hash(old_nt_hash, new_nt_hash, hash4.hash);
1201 E_old_pw_hash(old_lm_hash, new_nt_hash, hash5.hash);
1202 E_old_pw_hash(old_nt_hash, new_lm_hash, hash6.hash);
1204 r.in.user_handle = &user_handle;
1205 r.in.lm_present = 1;
1206 r.in.old_lm_crypted = &hash1;
1207 r.in.new_lm_crypted = &hash2;
1208 r.in.nt_present = 1;
1209 r.in.old_nt_crypted = &hash3;
1210 r.in.new_nt_crypted = &hash4;
1211 r.in.cross1_present = 1;
1212 r.in.nt_cross = &hash5;
1213 r.in.cross2_present = 0;
1214 r.in.lm_cross = NULL;
1216 status = dcerpc_samr_ChangePasswordUser(p, tctx, &r);
1217 if (NT_STATUS_IS_OK(status)) {
1219 *password = newpass;
1220 } else if (!NT_STATUS_EQUAL(NT_STATUS_PASSWORD_RESTRICTION, status)) {
1221 printf("ChangePasswordUser failed: expected NT_STATUS_OK, or at least NT_STATUS_PASSWORD_RESTRICTION, got %s\n", nt_errstr(status));
1226 newpass = samr_rand_pass(tctx, policy_min_pw_len);
1228 E_md4hash(oldpass, old_nt_hash);
1229 E_md4hash(newpass, new_nt_hash);
1230 E_deshash(oldpass, old_lm_hash);
1231 E_deshash(newpass, new_lm_hash);
1234 /* Reset the hashes to not broken values */
1235 E_old_pw_hash(new_lm_hash, old_lm_hash, hash1.hash);
1236 E_old_pw_hash(old_lm_hash, new_lm_hash, hash2.hash);
1237 E_old_pw_hash(new_nt_hash, old_nt_hash, hash3.hash);
1238 E_old_pw_hash(old_nt_hash, new_nt_hash, hash4.hash);
1239 E_old_pw_hash(old_lm_hash, new_nt_hash, hash5.hash);
1240 E_old_pw_hash(old_nt_hash, new_lm_hash, hash6.hash);
1242 r.in.user_handle = &user_handle;
1243 r.in.lm_present = 1;
1244 r.in.old_lm_crypted = &hash1;
1245 r.in.new_lm_crypted = &hash2;
1246 r.in.nt_present = 1;
1247 r.in.old_nt_crypted = &hash3;
1248 r.in.new_nt_crypted = &hash4;
1249 r.in.cross1_present = 0;
1250 r.in.nt_cross = NULL;
1251 r.in.cross2_present = 1;
1252 r.in.lm_cross = &hash6;
1254 status = dcerpc_samr_ChangePasswordUser(p, tctx, &r);
1255 if (NT_STATUS_IS_OK(status)) {
1257 *password = newpass;
1258 } else if (!NT_STATUS_EQUAL(NT_STATUS_PASSWORD_RESTRICTION, status)) {
1259 printf("ChangePasswordUser failed: expected NT_STATUS_NT_CROSS_ENCRYPTION_REQUIRED, got %s\n", nt_errstr(status));
1264 newpass = samr_rand_pass(tctx, policy_min_pw_len);
1266 E_md4hash(oldpass, old_nt_hash);
1267 E_md4hash(newpass, new_nt_hash);
1268 E_deshash(oldpass, old_lm_hash);
1269 E_deshash(newpass, new_lm_hash);
1272 /* Reset the hashes to not broken values */
1273 E_old_pw_hash(new_lm_hash, old_lm_hash, hash1.hash);
1274 E_old_pw_hash(old_lm_hash, new_lm_hash, hash2.hash);
1275 E_old_pw_hash(new_nt_hash, old_nt_hash, hash3.hash);
1276 E_old_pw_hash(old_nt_hash, new_nt_hash, hash4.hash);
1277 E_old_pw_hash(old_lm_hash, new_nt_hash, hash5.hash);
1278 E_old_pw_hash(old_nt_hash, new_lm_hash, hash6.hash);
1280 r.in.user_handle = &user_handle;
1281 r.in.lm_present = 1;
1282 r.in.old_lm_crypted = &hash1;
1283 r.in.new_lm_crypted = &hash2;
1284 r.in.nt_present = 1;
1285 r.in.old_nt_crypted = &hash3;
1286 r.in.new_nt_crypted = &hash4;
1287 r.in.cross1_present = 1;
1288 r.in.nt_cross = &hash5;
1289 r.in.cross2_present = 1;
1290 r.in.lm_cross = &hash6;
1292 status = dcerpc_samr_ChangePasswordUser(p, tctx, &r);
1293 if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) {
1294 printf("ChangePasswordUser returned: %s perhaps min password age? (not fatal)\n", nt_errstr(status));
1295 } else if (!NT_STATUS_IS_OK(status)) {
1296 printf("ChangePasswordUser failed - %s\n", nt_errstr(status));
1300 *password = newpass;
1303 r.in.user_handle = &user_handle;
1304 r.in.lm_present = 1;
1305 r.in.old_lm_crypted = &hash1;
1306 r.in.new_lm_crypted = &hash2;
1307 r.in.nt_present = 1;
1308 r.in.old_nt_crypted = &hash3;
1309 r.in.new_nt_crypted = &hash4;
1310 r.in.cross1_present = 1;
1311 r.in.nt_cross = &hash5;
1312 r.in.cross2_present = 1;
1313 r.in.lm_cross = &hash6;
1316 status = dcerpc_samr_ChangePasswordUser(p, tctx, &r);
1317 if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) {
1318 printf("ChangePasswordUser returned: %s perhaps min password age? (not fatal)\n", nt_errstr(status));
1319 } else if (!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
1320 printf("ChangePasswordUser failed: expected NT_STATUS_WRONG_PASSWORD because we already changed the password, got %s\n", nt_errstr(status));
1326 if (!test_samr_handle_Close(p, tctx, &user_handle)) {
1334 static bool test_OemChangePasswordUser2(struct dcerpc_pipe *p, struct torture_context *tctx,
1335 const char *acct_name,
1336 struct policy_handle *handle, char **password)
1339 struct samr_OemChangePasswordUser2 r;
1341 struct samr_Password lm_verifier;
1342 struct samr_CryptPassword lm_pass;
1343 struct lsa_AsciiString server, account, account_bad;
1346 uint8_t old_lm_hash[16], new_lm_hash[16];
1348 struct samr_GetDomPwInfo dom_pw_info;
1349 int policy_min_pw_len = 0;
1351 struct lsa_String domain_name;
1353 domain_name.string = "";
1354 dom_pw_info.in.domain_name = &domain_name;
1356 torture_comment(tctx, "Testing OemChangePasswordUser2\n");
1358 torture_assert(tctx, *password != NULL,
1359 "Failing OemChangePasswordUser2 as old password was NULL. Previous test failed?");
1361 oldpass = *password;
1363 status = dcerpc_samr_GetDomPwInfo(p, tctx, &dom_pw_info);
1364 if (NT_STATUS_IS_OK(status)) {
1365 policy_min_pw_len = dom_pw_info.out.info.min_password_length;
1368 newpass = samr_rand_pass(tctx, policy_min_pw_len);
1370 server.string = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1371 account.string = acct_name;
1373 E_deshash(oldpass, old_lm_hash);
1374 E_deshash(newpass, new_lm_hash);
1376 encode_pw_buffer(lm_pass.data, newpass, STR_ASCII);
1377 arcfour_crypt(lm_pass.data, old_lm_hash, 516);
1378 E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash);
1380 r.in.server = &server;
1381 r.in.account = &account;
1382 r.in.password = &lm_pass;
1383 r.in.hash = &lm_verifier;
1385 /* Break the verification */
1386 lm_verifier.hash[0]++;
1388 status = dcerpc_samr_OemChangePasswordUser2(p, tctx, &r);
1390 if (!NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)
1391 && !NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
1392 printf("ChangePasswordUser3 failed, should have returned WRONG_PASSWORD (or at least 'PASSWORD_RESTRICTON') for invalid password verifier - %s\n",
1397 encode_pw_buffer(lm_pass.data, newpass, STR_ASCII);
1398 /* Break the old password */
1400 arcfour_crypt(lm_pass.data, old_lm_hash, 516);
1401 /* unbreak it for the next operation */
1403 E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash);
1405 r.in.server = &server;
1406 r.in.account = &account;
1407 r.in.password = &lm_pass;
1408 r.in.hash = &lm_verifier;
1410 status = dcerpc_samr_OemChangePasswordUser2(p, tctx, &r);
1412 if (!NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)
1413 && !NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
1414 printf("ChangePasswordUser3 failed, should have returned WRONG_PASSWORD (or at least 'PASSWORD_RESTRICTON') for invalidly encrpted password - %s\n",
1419 encode_pw_buffer(lm_pass.data, newpass, STR_ASCII);
1420 arcfour_crypt(lm_pass.data, old_lm_hash, 516);
1422 r.in.server = &server;
1423 r.in.account = &account;
1424 r.in.password = &lm_pass;
1427 status = dcerpc_samr_OemChangePasswordUser2(p, tctx, &r);
1429 if (!NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)
1430 && !NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
1431 printf("ChangePasswordUser3 failed, should have returned INVALID_PARAMETER (or at least 'PASSWORD_RESTRICTON') for no supplied validation hash - %s\n",
1436 /* This shouldn't be a valid name */
1437 account_bad.string = TEST_ACCOUNT_NAME "XX";
1438 r.in.account = &account_bad;
1440 status = dcerpc_samr_OemChangePasswordUser2(p, tctx, &r);
1442 if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
1443 printf("ChangePasswordUser3 failed, should have returned INVALID_PARAMETER for no supplied validation hash and invalid user - %s\n",
1448 /* This shouldn't be a valid name */
1449 account_bad.string = TEST_ACCOUNT_NAME "XX";
1450 r.in.account = &account_bad;
1451 r.in.password = &lm_pass;
1452 r.in.hash = &lm_verifier;
1454 status = dcerpc_samr_OemChangePasswordUser2(p, tctx, &r);
1456 if (!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
1457 printf("ChangePasswordUser3 failed, should have returned WRONG_PASSWORD for invalid user - %s\n",
1462 /* This shouldn't be a valid name */
1463 account_bad.string = TEST_ACCOUNT_NAME "XX";
1464 r.in.account = &account_bad;
1465 r.in.password = NULL;
1466 r.in.hash = &lm_verifier;
1468 status = dcerpc_samr_OemChangePasswordUser2(p, tctx, &r);
1470 if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
1471 printf("ChangePasswordUser3 failed, should have returned INVALID_PARAMETER for no supplied password and invalid user - %s\n",
1476 E_deshash(oldpass, old_lm_hash);
1477 E_deshash(newpass, new_lm_hash);
1479 encode_pw_buffer(lm_pass.data, newpass, STR_ASCII);
1480 arcfour_crypt(lm_pass.data, old_lm_hash, 516);
1481 E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash);
1483 r.in.server = &server;
1484 r.in.account = &account;
1485 r.in.password = &lm_pass;
1486 r.in.hash = &lm_verifier;
1488 status = dcerpc_samr_OemChangePasswordUser2(p, tctx, &r);
1489 if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) {
1490 printf("OemChangePasswordUser2 returned: %s perhaps min password age? (not fatal)\n", nt_errstr(status));
1491 } else if (!NT_STATUS_IS_OK(status)) {
1492 printf("OemChangePasswordUser2 failed - %s\n", nt_errstr(status));
1495 *password = newpass;
1502 static bool test_ChangePasswordUser2(struct dcerpc_pipe *p, struct torture_context *tctx,
1503 const char *acct_name,
1505 char *newpass, bool allow_password_restriction)
1508 struct samr_ChangePasswordUser2 r;
1510 struct lsa_String server, account;
1511 struct samr_CryptPassword nt_pass, lm_pass;
1512 struct samr_Password nt_verifier, lm_verifier;
1514 uint8_t old_nt_hash[16], new_nt_hash[16];
1515 uint8_t old_lm_hash[16], new_lm_hash[16];
1517 struct samr_GetDomPwInfo dom_pw_info;
1519 struct lsa_String domain_name;
1521 domain_name.string = "";
1522 dom_pw_info.in.domain_name = &domain_name;
1524 torture_comment(tctx, "Testing ChangePasswordUser2 on %s\n", acct_name);
1526 torture_assert(tctx, *password != NULL,
1527 "Failing ChangePasswordUser3 as old password was NULL. Previous test failed?");
1528 oldpass = *password;
1531 int policy_min_pw_len = 0;
1532 status = dcerpc_samr_GetDomPwInfo(p, tctx, &dom_pw_info);
1533 if (NT_STATUS_IS_OK(status)) {
1534 policy_min_pw_len = dom_pw_info.out.info.min_password_length;
1537 newpass = samr_rand_pass(tctx, policy_min_pw_len);
1540 server.string = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1541 init_lsa_String(&account, acct_name);
1543 E_md4hash(oldpass, old_nt_hash);
1544 E_md4hash(newpass, new_nt_hash);
1546 E_deshash(oldpass, old_lm_hash);
1547 E_deshash(newpass, new_lm_hash);
1549 encode_pw_buffer(lm_pass.data, newpass, STR_ASCII|STR_TERMINATE);
1550 arcfour_crypt(lm_pass.data, old_lm_hash, 516);
1551 E_old_pw_hash(new_nt_hash, old_lm_hash, lm_verifier.hash);
1553 encode_pw_buffer(nt_pass.data, newpass, STR_UNICODE);
1554 arcfour_crypt(nt_pass.data, old_nt_hash, 516);
1555 E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
1557 r.in.server = &server;
1558 r.in.account = &account;
1559 r.in.nt_password = &nt_pass;
1560 r.in.nt_verifier = &nt_verifier;
1562 r.in.lm_password = &lm_pass;
1563 r.in.lm_verifier = &lm_verifier;
1565 status = dcerpc_samr_ChangePasswordUser2(p, tctx, &r);
1566 if (allow_password_restriction && NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) {
1567 printf("ChangePasswordUser2 returned: %s perhaps min password age? (not fatal)\n", nt_errstr(status));
1568 } else if (!NT_STATUS_IS_OK(status)) {
1569 printf("ChangePasswordUser2 failed - %s\n", nt_errstr(status));
1572 *password = newpass;
1579 bool test_ChangePasswordUser3(struct dcerpc_pipe *p, struct torture_context *tctx,
1580 const char *account_string,
1581 int policy_min_pw_len,
1583 const char *newpass,
1584 NTTIME last_password_change,
1585 bool handle_reject_reason)
1588 struct samr_ChangePasswordUser3 r;
1590 struct lsa_String server, account, account_bad;
1591 struct samr_CryptPassword nt_pass, lm_pass;
1592 struct samr_Password nt_verifier, lm_verifier;
1594 uint8_t old_nt_hash[16], new_nt_hash[16];
1595 uint8_t old_lm_hash[16], new_lm_hash[16];
1598 torture_comment(tctx, "Testing ChangePasswordUser3\n");
1600 if (newpass == NULL) {
1602 if (policy_min_pw_len == 0) {
1603 newpass = samr_rand_pass(tctx, policy_min_pw_len);
1605 newpass = samr_rand_pass_fixed_len(tctx, policy_min_pw_len);
1607 } while (check_password_quality(newpass) == false);
1609 torture_comment(tctx, "Using password '%s'\n", newpass);
1612 torture_assert(tctx, *password != NULL,
1613 "Failing ChangePasswordUser3 as old password was NULL. Previous test failed?");
1615 oldpass = *password;
1616 server.string = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1617 init_lsa_String(&account, account_string);
1619 E_md4hash(oldpass, old_nt_hash);
1620 E_md4hash(newpass, new_nt_hash);
1622 E_deshash(oldpass, old_lm_hash);
1623 E_deshash(newpass, new_lm_hash);
1625 encode_pw_buffer(lm_pass.data, newpass, STR_UNICODE);
1626 arcfour_crypt(lm_pass.data, old_nt_hash, 516);
1627 E_old_pw_hash(new_nt_hash, old_lm_hash, lm_verifier.hash);
1629 encode_pw_buffer(nt_pass.data, newpass, STR_UNICODE);
1630 arcfour_crypt(nt_pass.data, old_nt_hash, 516);
1631 E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
1633 /* Break the verification */
1634 nt_verifier.hash[0]++;
1636 r.in.server = &server;
1637 r.in.account = &account;
1638 r.in.nt_password = &nt_pass;
1639 r.in.nt_verifier = &nt_verifier;
1641 r.in.lm_password = &lm_pass;
1642 r.in.lm_verifier = &lm_verifier;
1643 r.in.password3 = NULL;
1645 status = dcerpc_samr_ChangePasswordUser3(p, tctx, &r);
1646 if (!NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION) &&
1647 (!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD))) {
1648 printf("ChangePasswordUser3 failed, should have returned WRONG_PASSWORD (or at least 'PASSWORD_RESTRICTON') for invalid password verifier - %s\n",
1653 encode_pw_buffer(lm_pass.data, newpass, STR_UNICODE);
1654 arcfour_crypt(lm_pass.data, old_nt_hash, 516);
1655 E_old_pw_hash(new_nt_hash, old_lm_hash, lm_verifier.hash);
1657 encode_pw_buffer(nt_pass.data, newpass, STR_UNICODE);
1658 /* Break the NT hash */
1660 arcfour_crypt(nt_pass.data, old_nt_hash, 516);
1661 /* Unbreak it again */
1663 E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
1665 r.in.server = &server;
1666 r.in.account = &account;
1667 r.in.nt_password = &nt_pass;
1668 r.in.nt_verifier = &nt_verifier;
1670 r.in.lm_password = &lm_pass;
1671 r.in.lm_verifier = &lm_verifier;
1672 r.in.password3 = NULL;
1674 status = dcerpc_samr_ChangePasswordUser3(p, tctx, &r);
1675 if (!NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION) &&
1676 (!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD))) {
1677 printf("ChangePasswordUser3 failed, should have returned WRONG_PASSWORD (or at least 'PASSWORD_RESTRICTON') for invalidly encrpted password - %s\n",
1682 /* This shouldn't be a valid name */
1683 init_lsa_String(&account_bad, talloc_asprintf(tctx, "%sXX", account_string));
1685 r.in.account = &account_bad;
1686 status = dcerpc_samr_ChangePasswordUser3(p, tctx, &r);
1687 if (!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
1688 printf("ChangePasswordUser3 failed, should have returned WRONG_PASSWORD for invalid username - %s\n",
1693 E_md4hash(oldpass, old_nt_hash);
1694 E_md4hash(newpass, new_nt_hash);
1696 E_deshash(oldpass, old_lm_hash);
1697 E_deshash(newpass, new_lm_hash);
1699 encode_pw_buffer(lm_pass.data, newpass, STR_UNICODE);
1700 arcfour_crypt(lm_pass.data, old_nt_hash, 516);
1701 E_old_pw_hash(new_nt_hash, old_lm_hash, lm_verifier.hash);
1703 encode_pw_buffer(nt_pass.data, newpass, STR_UNICODE);
1704 arcfour_crypt(nt_pass.data, old_nt_hash, 516);
1705 E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
1707 r.in.server = &server;
1708 r.in.account = &account;
1709 r.in.nt_password = &nt_pass;
1710 r.in.nt_verifier = &nt_verifier;
1712 r.in.lm_password = &lm_pass;
1713 r.in.lm_verifier = &lm_verifier;
1714 r.in.password3 = NULL;
1716 unix_to_nt_time(&t, time(NULL));
1718 status = dcerpc_samr_ChangePasswordUser3(p, tctx, &r);
1720 if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)
1723 && handle_reject_reason
1724 && (!null_nttime(last_password_change) || !r.out.dominfo->min_password_age)) {
1725 if (r.out.dominfo->password_properties & DOMAIN_REFUSE_PASSWORD_CHANGE ) {
1727 if (r.out.reject && (r.out.reject->reason != SAMR_REJECT_OTHER)) {
1728 printf("expected SAMR_REJECT_OTHER (%d), got %d\n",
1729 SAMR_REJECT_OTHER, r.out.reject->reason);
1734 /* We tested the order of precendence which is as follows:
1743 if ((r.out.dominfo->min_password_age > 0) && !null_nttime(last_password_change) &&
1744 (last_password_change + r.out.dominfo->min_password_age > t)) {
1746 if (r.out.reject->reason != SAMR_REJECT_OTHER) {
1747 printf("expected SAMR_REJECT_OTHER (%d), got %d\n",
1748 SAMR_REJECT_OTHER, r.out.reject->reason);
1752 } else if ((r.out.dominfo->min_password_length > 0) &&
1753 (strlen(newpass) < r.out.dominfo->min_password_length)) {
1755 if (r.out.reject->reason != SAMR_REJECT_TOO_SHORT) {
1756 printf("expected SAMR_REJECT_TOO_SHORT (%d), got %d\n",
1757 SAMR_REJECT_TOO_SHORT, r.out.reject->reason);
1761 } else if ((r.out.dominfo->password_history_length > 0) &&
1762 strequal(oldpass, newpass)) {
1764 if (r.out.reject->reason != SAMR_REJECT_IN_HISTORY) {
1765 printf("expected SAMR_REJECT_IN_HISTORY (%d), got %d\n",
1766 SAMR_REJECT_IN_HISTORY, r.out.reject->reason);
1769 } else if (r.out.dominfo->password_properties & DOMAIN_PASSWORD_COMPLEX) {
1771 if (r.out.reject->reason != SAMR_REJECT_COMPLEXITY) {
1772 printf("expected SAMR_REJECT_COMPLEXITY (%d), got %d\n",
1773 SAMR_REJECT_COMPLEXITY, r.out.reject->reason);
1779 if (r.out.reject->reason == SAMR_REJECT_TOO_SHORT) {
1780 /* retry with adjusted size */
1781 return test_ChangePasswordUser3(p, tctx, account_string,
1782 r.out.dominfo->min_password_length,
1783 password, NULL, 0, false);
1787 } else if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) {
1788 if (r.out.reject && r.out.reject->reason != SAMR_REJECT_OTHER) {
1789 printf("expected SAMR_REJECT_OTHER (%d), got %d\n",
1790 SAMR_REJECT_OTHER, r.out.reject->reason);
1793 /* Perhaps the server has a 'min password age' set? */
1796 torture_assert_ntstatus_ok(tctx, status, "ChangePasswordUser3");
1797 *password = talloc_strdup(tctx, newpass);
1803 bool test_ChangePasswordRandomBytes(struct dcerpc_pipe *p, struct torture_context *tctx,
1804 const char *account_string,
1805 struct policy_handle *handle,
1809 struct samr_ChangePasswordUser3 r;
1810 struct samr_SetUserInfo s;
1811 union samr_UserInfo u;
1812 DATA_BLOB session_key;
1813 DATA_BLOB confounded_session_key = data_blob_talloc(tctx, NULL, 16);
1814 uint8_t confounder[16];
1815 struct MD5Context ctx;
1818 struct lsa_String server, account;
1819 struct samr_CryptPassword nt_pass;
1820 struct samr_Password nt_verifier;
1821 DATA_BLOB new_random_pass;
1824 uint8_t old_nt_hash[16], new_nt_hash[16];
1827 new_random_pass = samr_very_rand_pass(tctx, 128);
1829 torture_assert(tctx, *password != NULL,
1830 "Failing ChangePasswordUser3 as old password was NULL. Previous test failed?");
1832 oldpass = *password;
1833 server.string = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1834 init_lsa_String(&account, account_string);
1836 s.in.user_handle = handle;
1842 u.info25.info.fields_present = SAMR_FIELD_PASSWORD;
1844 set_pw_in_buffer(u.info25.password.data, &new_random_pass);
1846 status = dcerpc_fetch_session_key(p, &session_key);
1847 if (!NT_STATUS_IS_OK(status)) {
1848 printf("SetUserInfo level %u - no session key - %s\n",
1849 s.in.level, nt_errstr(status));
1853 generate_random_buffer((uint8_t *)confounder, 16);
1856 MD5Update(&ctx, confounder, 16);
1857 MD5Update(&ctx, session_key.data, session_key.length);
1858 MD5Final(confounded_session_key.data, &ctx);
1860 arcfour_crypt_blob(u.info25.password.data, 516, &confounded_session_key);
1861 memcpy(&u.info25.password.data[516], confounder, 16);
1863 torture_comment(tctx, "Testing SetUserInfo level 25 (set password ex) with a password made up of only random bytes\n");
1865 status = dcerpc_samr_SetUserInfo(p, tctx, &s);
1866 if (!NT_STATUS_IS_OK(status)) {
1867 printf("SetUserInfo level %u failed - %s\n",
1868 s.in.level, nt_errstr(status));
1872 torture_comment(tctx, "Testing ChangePasswordUser3 with a password made up of only random bytes\n");
1874 mdfour(old_nt_hash, new_random_pass.data, new_random_pass.length);
1876 new_random_pass = samr_very_rand_pass(tctx, 128);
1878 mdfour(new_nt_hash, new_random_pass.data, new_random_pass.length);
1880 set_pw_in_buffer(nt_pass.data, &new_random_pass);
1881 arcfour_crypt(nt_pass.data, old_nt_hash, 516);
1882 E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
1884 r.in.server = &server;
1885 r.in.account = &account;
1886 r.in.nt_password = &nt_pass;
1887 r.in.nt_verifier = &nt_verifier;
1889 r.in.lm_password = NULL;
1890 r.in.lm_verifier = NULL;
1891 r.in.password3 = NULL;
1893 unix_to_nt_time(&t, time(NULL));
1895 status = dcerpc_samr_ChangePasswordUser3(p, tctx, &r);
1897 if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) {
1898 if (r.out.reject && r.out.reject->reason != SAMR_REJECT_OTHER) {
1899 printf("expected SAMR_REJECT_OTHER (%d), got %d\n",
1900 SAMR_REJECT_OTHER, r.out.reject->reason);
1903 /* Perhaps the server has a 'min password age' set? */
1905 } else if (!NT_STATUS_IS_OK(status)) {
1906 printf("ChangePasswordUser3 failed - %s\n", nt_errstr(status));
1910 newpass = samr_rand_pass(tctx, 128);
1912 mdfour(old_nt_hash, new_random_pass.data, new_random_pass.length);
1914 E_md4hash(newpass, new_nt_hash);
1916 encode_pw_buffer(nt_pass.data, newpass, STR_UNICODE);
1917 arcfour_crypt(nt_pass.data, old_nt_hash, 516);
1918 E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
1920 r.in.server = &server;
1921 r.in.account = &account;
1922 r.in.nt_password = &nt_pass;
1923 r.in.nt_verifier = &nt_verifier;
1925 r.in.lm_password = NULL;
1926 r.in.lm_verifier = NULL;
1927 r.in.password3 = NULL;
1929 unix_to_nt_time(&t, time(NULL));
1931 status = dcerpc_samr_ChangePasswordUser3(p, tctx, &r);
1933 if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) {
1934 if (r.out.reject && r.out.reject->reason != SAMR_REJECT_OTHER) {
1935 printf("expected SAMR_REJECT_OTHER (%d), got %d\n",
1936 SAMR_REJECT_OTHER, r.out.reject->reason);
1939 /* Perhaps the server has a 'min password age' set? */
1942 torture_assert_ntstatus_ok(tctx, status, "ChangePasswordUser3 (on second random password)");
1943 *password = talloc_strdup(tctx, newpass);
1950 static bool test_GetMembersInAlias(struct dcerpc_pipe *p, struct torture_context *tctx,
1951 struct policy_handle *alias_handle)
1953 struct samr_GetMembersInAlias r;
1954 struct lsa_SidArray sids;
1957 torture_comment(tctx, "Testing GetMembersInAlias\n");
1959 r.in.alias_handle = alias_handle;
1962 status = dcerpc_samr_GetMembersInAlias(p, tctx, &r);
1963 torture_assert_ntstatus_ok(tctx, status, "GetMembersInAlias");
1968 static bool test_AddMemberToAlias(struct dcerpc_pipe *p, struct torture_context *tctx,
1969 struct policy_handle *alias_handle,
1970 const struct dom_sid *domain_sid)
1972 struct samr_AddAliasMember r;
1973 struct samr_DeleteAliasMember d;
1975 struct dom_sid *sid;
1977 sid = dom_sid_add_rid(tctx, domain_sid, 512);
1979 torture_comment(tctx, "testing AddAliasMember\n");
1980 r.in.alias_handle = alias_handle;
1983 status = dcerpc_samr_AddAliasMember(p, tctx, &r);
1984 torture_assert_ntstatus_ok(tctx, status, "AddAliasMember");
1986 d.in.alias_handle = alias_handle;
1989 status = dcerpc_samr_DeleteAliasMember(p, tctx, &d);
1990 torture_assert_ntstatus_ok(tctx, status, "DelAliasMember");
1995 static bool test_AddMultipleMembersToAlias(struct dcerpc_pipe *p, struct torture_context *tctx,
1996 struct policy_handle *alias_handle)
1998 struct samr_AddMultipleMembersToAlias a;
1999 struct samr_RemoveMultipleMembersFromAlias r;
2001 struct lsa_SidArray sids;
2003 torture_comment(tctx, "testing AddMultipleMembersToAlias\n");
2004 a.in.alias_handle = alias_handle;
2008 sids.sids = talloc_array(tctx, struct lsa_SidPtr, 3);
2010 sids.sids[0].sid = dom_sid_parse_talloc(tctx, "S-1-5-32-1-2-3-1");
2011 sids.sids[1].sid = dom_sid_parse_talloc(tctx, "S-1-5-32-1-2-3-2");
2012 sids.sids[2].sid = dom_sid_parse_talloc(tctx, "S-1-5-32-1-2-3-3");
2014 status = dcerpc_samr_AddMultipleMembersToAlias(p, tctx, &a);
2015 torture_assert_ntstatus_ok(tctx, status, "AddMultipleMembersToAlias");
2018 torture_comment(tctx, "testing RemoveMultipleMembersFromAlias\n");
2019 r.in.alias_handle = alias_handle;
2022 status = dcerpc_samr_RemoveMultipleMembersFromAlias(p, tctx, &r);
2023 torture_assert_ntstatus_ok(tctx, status, "RemoveMultipleMembersFromAlias");
2025 /* strange! removing twice doesn't give any error */
2026 status = dcerpc_samr_RemoveMultipleMembersFromAlias(p, tctx, &r);
2027 torture_assert_ntstatus_ok(tctx, status, "RemoveMultipleMembersFromAlias");
2029 /* but removing an alias that isn't there does */
2030 sids.sids[2].sid = dom_sid_parse_talloc(tctx, "S-1-5-32-1-2-3-4");
2032 status = dcerpc_samr_RemoveMultipleMembersFromAlias(p, tctx, &r);
2033 torture_assert_ntstatus_equal(tctx, status, NT_STATUS_OBJECT_NAME_NOT_FOUND, "RemoveMultipleMembersFromAlias");
2038 static bool test_TestPrivateFunctionsUser(struct dcerpc_pipe *p, struct torture_context *tctx,
2039 struct policy_handle *user_handle)
2041 struct samr_TestPrivateFunctionsUser r;
2044 torture_comment(tctx, "Testing TestPrivateFunctionsUser\n");
2046 r.in.user_handle = user_handle;
2048 status = dcerpc_samr_TestPrivateFunctionsUser(p, tctx, &r);
2049 torture_assert_ntstatus_equal(tctx, status, NT_STATUS_NOT_IMPLEMENTED, "TestPrivateFunctionsUser");
2055 static bool test_user_ops(struct dcerpc_pipe *p,
2056 struct torture_context *tctx,
2057 struct policy_handle *user_handle,
2058 struct policy_handle *domain_handle,
2059 uint32_t base_acct_flags,
2060 const char *base_acct_name, enum torture_samr_choice which_ops)
2062 char *password = NULL;
2063 struct samr_QueryUserInfo q;
2069 const uint32_t password_fields[] = {
2070 SAMR_FIELD_PASSWORD,
2071 SAMR_FIELD_PASSWORD2,
2072 SAMR_FIELD_PASSWORD | SAMR_FIELD_PASSWORD2,
2076 status = test_LookupName(p, tctx, domain_handle, base_acct_name, &rid);
2077 if (!NT_STATUS_IS_OK(status)) {
2081 switch (which_ops) {
2082 case TORTURE_SAMR_USER_ATTRIBUTES:
2083 if (!test_QuerySecurity(p, tctx, user_handle)) {
2087 if (!test_QueryUserInfo(p, tctx, user_handle)) {
2091 if (!test_QueryUserInfo2(p, tctx, user_handle)) {
2095 if (!test_SetUserInfo(p, tctx, user_handle, base_acct_flags,
2100 if (!test_GetUserPwInfo(p, tctx, user_handle)) {
2104 if (!test_TestPrivateFunctionsUser(p, tctx, user_handle)) {
2108 if (!test_SetUserPass(p, tctx, user_handle, &password)) {
2112 case TORTURE_SAMR_PASSWORDS:
2113 if (base_acct_flags & (ACB_WSTRUST|ACB_DOMTRUST|ACB_SVRTRUST)) {
2114 char simple_pass[9];
2115 char *v = generate_random_str(tctx, 1);
2117 ZERO_STRUCT(simple_pass);
2118 memset(simple_pass, *v, sizeof(simple_pass) - 1);
2120 printf("Testing machine account password policy rules\n");
2122 /* Workstation trust accounts don't seem to need to honour password quality policy */
2123 if (!test_SetUserPassEx(p, tctx, user_handle, true, &password)) {
2127 if (!test_ChangePasswordUser2(p, tctx, base_acct_name, &password, simple_pass, false)) {
2131 /* reset again, to allow another 'user' password change */
2132 if (!test_SetUserPassEx(p, tctx, user_handle, true, &password)) {
2136 /* Try a 'short' password */
2137 if (!test_ChangePasswordUser2(p, tctx, base_acct_name, &password, samr_rand_pass(tctx, 4), false)) {
2141 /* Try a compleatly random password */
2142 if (!test_ChangePasswordRandomBytes(p, tctx, base_acct_name, user_handle, &password)) {
2147 for (i = 0; password_fields[i]; i++) {
2148 if (!test_SetUserPass_23(p, tctx, user_handle, password_fields[i], &password)) {
2152 /* check it was set right */
2153 if (!test_ChangePasswordUser3(p, tctx, base_acct_name, 0, &password, NULL, 0, false)) {
2158 for (i = 0; password_fields[i]; i++) {
2159 if (!test_SetUserPass_25(p, tctx, user_handle, password_fields[i], &password)) {
2163 /* check it was set right */
2164 if (!test_ChangePasswordUser3(p, tctx, base_acct_name, 0, &password, NULL, 0, false)) {
2169 if (!test_SetUserPassEx(p, tctx, user_handle, false, &password)) {
2173 if (!test_ChangePassword(p, tctx, base_acct_name, domain_handle, &password)) {
2177 q.in.user_handle = user_handle;
2180 status = dcerpc_samr_QueryUserInfo(p, tctx, &q);
2181 if (!NT_STATUS_IS_OK(status)) {
2182 printf("QueryUserInfo level %u failed - %s\n",
2183 q.in.level, nt_errstr(status));
2186 uint32_t expected_flags = (base_acct_flags | ACB_PWNOTREQ | ACB_DISABLED);
2187 if ((q.out.info->info5.acct_flags) != expected_flags) {
2188 printf("QuerUserInfo level 5 failed, it returned 0x%08x when we expected flags of 0x%08x\n",
2189 q.out.info->info5.acct_flags,
2193 if (q.out.info->info5.rid != rid) {
2194 printf("QuerUserInfo level 5 failed, it returned %u when we expected rid of %u\n",
2195 q.out.info->info5.rid, rid);
2201 case TORTURE_SAMR_OTHER:
2202 /* We just need the account to exist */
2208 static bool test_alias_ops(struct dcerpc_pipe *p, struct torture_context *tctx,
2209 struct policy_handle *alias_handle,
2210 const struct dom_sid *domain_sid)
2214 if (!test_QuerySecurity(p, tctx, alias_handle)) {
2218 if (!test_QueryAliasInfo(p, tctx, alias_handle)) {
2222 if (!test_SetAliasInfo(p, tctx, alias_handle)) {
2226 if (!test_AddMemberToAlias(p, tctx, alias_handle, domain_sid)) {
2230 if (torture_setting_bool(tctx, "samba4", false)) {
2231 printf("skipping MultipleMembers Alias tests against Samba4\n");
2235 if (!test_AddMultipleMembersToAlias(p, tctx, alias_handle)) {
2243 static bool test_DeleteUser(struct dcerpc_pipe *p, struct torture_context *tctx,
2244 struct policy_handle *user_handle)
2246 struct samr_DeleteUser d;
2248 torture_comment(tctx, "Testing DeleteUser\n");
2250 d.in.user_handle = user_handle;
2251 d.out.user_handle = user_handle;
2253 status = dcerpc_samr_DeleteUser(p, tctx, &d);
2254 torture_assert_ntstatus_ok(tctx, status, "DeleteUser");
2259 bool test_DeleteUser_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2260 struct policy_handle *handle, const char *name)
2263 struct samr_DeleteUser d;
2264 struct policy_handle user_handle;
2267 status = test_LookupName(p, mem_ctx, handle, name, &rid);
2268 if (!NT_STATUS_IS_OK(status)) {
2272 status = test_OpenUser_byname(p, mem_ctx, handle, name, &user_handle);
2273 if (!NT_STATUS_IS_OK(status)) {
2277 d.in.user_handle = &user_handle;
2278 d.out.user_handle = &user_handle;
2279 status = dcerpc_samr_DeleteUser(p, mem_ctx, &d);
2280 if (!NT_STATUS_IS_OK(status)) {
2287 printf("DeleteUser_byname(%s) failed - %s\n", name, nt_errstr(status));
2292 static bool test_DeleteGroup_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2293 struct policy_handle *handle, const char *name)
2296 struct samr_OpenGroup r;
2297 struct samr_DeleteDomainGroup d;
2298 struct policy_handle group_handle;
2301 status = test_LookupName(p, mem_ctx, handle, name, &rid);
2302 if (!NT_STATUS_IS_OK(status)) {
2306 r.in.domain_handle = handle;
2307 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
2309 r.out.group_handle = &group_handle;
2310 status = dcerpc_samr_OpenGroup(p, mem_ctx, &r);
2311 if (!NT_STATUS_IS_OK(status)) {
2315 d.in.group_handle = &group_handle;
2316 d.out.group_handle = &group_handle;
2317 status = dcerpc_samr_DeleteDomainGroup(p, mem_ctx, &d);
2318 if (!NT_STATUS_IS_OK(status)) {
2325 printf("DeleteGroup_byname(%s) failed - %s\n", name, nt_errstr(status));
2330 static bool test_DeleteAlias_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2331 struct policy_handle *domain_handle, const char *name)
2334 struct samr_OpenAlias r;
2335 struct samr_DeleteDomAlias d;
2336 struct policy_handle alias_handle;
2339 printf("testing DeleteAlias_byname\n");
2341 status = test_LookupName(p, mem_ctx, domain_handle, name, &rid);
2342 if (!NT_STATUS_IS_OK(status)) {
2346 r.in.domain_handle = domain_handle;
2347 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
2349 r.out.alias_handle = &alias_handle;
2350 status = dcerpc_samr_OpenAlias(p, mem_ctx, &r);
2351 if (!NT_STATUS_IS_OK(status)) {
2355 d.in.alias_handle = &alias_handle;
2356 d.out.alias_handle = &alias_handle;
2357 status = dcerpc_samr_DeleteDomAlias(p, mem_ctx, &d);
2358 if (!NT_STATUS_IS_OK(status)) {
2365 printf("DeleteAlias_byname(%s) failed - %s\n", name, nt_errstr(status));
2369 static bool test_DeleteAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2370 struct policy_handle *alias_handle)
2372 struct samr_DeleteDomAlias d;
2375 printf("Testing DeleteAlias\n");
2377 d.in.alias_handle = alias_handle;
2378 d.out.alias_handle = alias_handle;
2380 status = dcerpc_samr_DeleteDomAlias(p, mem_ctx, &d);
2381 if (!NT_STATUS_IS_OK(status)) {
2382 printf("DeleteAlias failed - %s\n", nt_errstr(status));
2389 static bool test_CreateAlias(struct dcerpc_pipe *p, struct torture_context *tctx,
2390 struct policy_handle *domain_handle,
2391 struct policy_handle *alias_handle,
2392 const struct dom_sid *domain_sid)
2395 struct samr_CreateDomAlias r;
2396 struct lsa_String name;
2400 init_lsa_String(&name, TEST_ALIASNAME);
2401 r.in.domain_handle = domain_handle;
2402 r.in.alias_name = &name;
2403 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
2404 r.out.alias_handle = alias_handle;
2407 printf("Testing CreateAlias (%s)\n", r.in.alias_name->string);
2409 status = dcerpc_samr_CreateDomAlias(p, tctx, &r);
2411 if (dom_sid_equal(domain_sid, dom_sid_parse_talloc(tctx, SID_BUILTIN))) {
2412 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
2413 printf("Server correctly refused create of '%s'\n", r.in.alias_name->string);
2416 printf("Server should have refused create of '%s', got %s instead\n", r.in.alias_name->string,
2422 if (NT_STATUS_EQUAL(status, NT_STATUS_ALIAS_EXISTS)) {
2423 if (!test_DeleteAlias_byname(p, tctx, domain_handle, r.in.alias_name->string)) {
2426 status = dcerpc_samr_CreateDomAlias(p, tctx, &r);
2429 if (!NT_STATUS_IS_OK(status)) {
2430 printf("CreateAlias failed - %s\n", nt_errstr(status));
2434 if (!test_alias_ops(p, tctx, alias_handle, domain_sid)) {
2441 static bool test_ChangePassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2442 const char *acct_name,
2443 struct policy_handle *domain_handle, char **password)
2451 if (!test_ChangePasswordUser(p, mem_ctx, acct_name, domain_handle, password)) {
2455 if (!test_ChangePasswordUser2(p, mem_ctx, acct_name, password, 0, true)) {
2459 if (!test_OemChangePasswordUser2(p, mem_ctx, acct_name, domain_handle, password)) {
2463 /* test what happens when setting the old password again */
2464 if (!test_ChangePasswordUser3(p, mem_ctx, acct_name, 0, password, *password, 0, true)) {
2469 char simple_pass[9];
2470 char *v = generate_random_str(mem_ctx, 1);
2472 ZERO_STRUCT(simple_pass);
2473 memset(simple_pass, *v, sizeof(simple_pass) - 1);
2475 /* test what happens when picking a simple password */
2476 if (!test_ChangePasswordUser3(p, mem_ctx, acct_name, 0, password, simple_pass, 0, true)) {
2481 /* set samr_SetDomainInfo level 1 with min_length 5 */
2483 struct samr_QueryDomainInfo r;
2484 struct samr_SetDomainInfo s;
2485 uint16_t len_old, len;
2486 uint32_t pwd_prop_old;
2487 int64_t min_pwd_age_old;
2492 r.in.domain_handle = domain_handle;
2495 printf("testing samr_QueryDomainInfo level 1\n");
2496 status = dcerpc_samr_QueryDomainInfo(p, mem_ctx, &r);
2497 if (!NT_STATUS_IS_OK(status)) {
2501 s.in.domain_handle = domain_handle;
2503 s.in.info = r.out.info;
2505 /* remember the old min length, so we can reset it */
2506 len_old = s.in.info->info1.min_password_length;
2507 s.in.info->info1.min_password_length = len;
2508 pwd_prop_old = s.in.info->info1.password_properties;
2509 /* turn off password complexity checks for this test */
2510 s.in.info->info1.password_properties &= ~DOMAIN_PASSWORD_COMPLEX;
2512 min_pwd_age_old = s.in.info->info1.min_password_age;
2513 s.in.info->info1.min_password_age = 0;
2515 printf("testing samr_SetDomainInfo level 1\n");
2516 status = dcerpc_samr_SetDomainInfo(p, mem_ctx, &s);
2517 if (!NT_STATUS_IS_OK(status)) {
2521 printf("calling test_ChangePasswordUser3 with too short password\n");
2523 if (!test_ChangePasswordUser3(p, mem_ctx, acct_name, len - 1, password, NULL, 0, true)) {
2527 s.in.info->info1.min_password_length = len_old;
2528 s.in.info->info1.password_properties = pwd_prop_old;
2529 s.in.info->info1.min_password_age = min_pwd_age_old;
2531 printf("testing samr_SetDomainInfo level 1\n");
2532 status = dcerpc_samr_SetDomainInfo(p, mem_ctx, &s);
2533 if (!NT_STATUS_IS_OK(status)) {
2541 struct samr_OpenUser r;
2542 struct samr_QueryUserInfo q;
2543 struct samr_LookupNames n;
2544 struct policy_handle user_handle;
2546 n.in.domain_handle = domain_handle;
2548 n.in.names = talloc_array(mem_ctx, struct lsa_String, 1);
2549 n.in.names[0].string = acct_name;
2551 status = dcerpc_samr_LookupNames(p, mem_ctx, &n);
2552 if (!NT_STATUS_IS_OK(status)) {
2553 printf("LookupNames failed - %s\n", nt_errstr(status));
2557 r.in.domain_handle = domain_handle;
2558 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
2559 r.in.rid = n.out.rids.ids[0];
2560 r.out.user_handle = &user_handle;
2562 status = dcerpc_samr_OpenUser(p, mem_ctx, &r);
2563 if (!NT_STATUS_IS_OK(status)) {
2564 printf("OpenUser(%u) failed - %s\n", n.out.rids.ids[0], nt_errstr(status));
2568 q.in.user_handle = &user_handle;
2571 status = dcerpc_samr_QueryUserInfo(p, mem_ctx, &q);
2572 if (!NT_STATUS_IS_OK(status)) {
2573 printf("QueryUserInfo failed - %s\n", nt_errstr(status));
2577 printf("calling test_ChangePasswordUser3 with too early password change\n");
2579 if (!test_ChangePasswordUser3(p, mem_ctx, acct_name, 0, password, NULL,
2580 q.out.info->info5.last_password_change, true)) {
2585 /* we change passwords twice - this has the effect of verifying
2586 they were changed correctly for the final call */
2587 if (!test_ChangePasswordUser3(p, mem_ctx, acct_name, 0, password, NULL, 0, true)) {
2591 if (!test_ChangePasswordUser3(p, mem_ctx, acct_name, 0, password, NULL, 0, true)) {
2598 static bool test_CreateUser(struct dcerpc_pipe *p, struct torture_context *tctx,
2599 struct policy_handle *domain_handle,
2600 struct policy_handle *user_handle_out,
2601 struct dom_sid *domain_sid,
2602 enum torture_samr_choice which_ops)
2605 TALLOC_CTX *user_ctx;
2608 struct samr_CreateUser r;
2609 struct samr_QueryUserInfo q;
2610 struct samr_DeleteUser d;
2613 /* This call creates a 'normal' account - check that it really does */
2614 const uint32_t acct_flags = ACB_NORMAL;
2615 struct lsa_String name;
2618 struct policy_handle user_handle;
2619 user_ctx = talloc_named(tctx, 0, "test_CreateUser2 per-user context");
2620 init_lsa_String(&name, TEST_ACCOUNT_NAME);
2622 r.in.domain_handle = domain_handle;
2623 r.in.account_name = &name;
2624 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
2625 r.out.user_handle = &user_handle;
2628 printf("Testing CreateUser(%s)\n", r.in.account_name->string);
2630 status = dcerpc_samr_CreateUser(p, user_ctx, &r);
2632 if (dom_sid_equal(domain_sid, dom_sid_parse_talloc(tctx, SID_BUILTIN))) {
2633 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) || NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
2634 printf("Server correctly refused create of '%s'\n", r.in.account_name->string);
2637 printf("Server should have refused create of '%s', got %s instead\n", r.in.account_name->string,
2643 if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
2644 if (!test_DeleteUser_byname(p, user_ctx, domain_handle, r.in.account_name->string)) {
2645 talloc_free(user_ctx);
2648 status = dcerpc_samr_CreateUser(p, user_ctx, &r);
2650 if (!NT_STATUS_IS_OK(status)) {
2651 talloc_free(user_ctx);
2652 printf("CreateUser failed - %s\n", nt_errstr(status));
2655 q.in.user_handle = &user_handle;
2658 status = dcerpc_samr_QueryUserInfo(p, user_ctx, &q);
2659 if (!NT_STATUS_IS_OK(status)) {
2660 printf("QueryUserInfo level %u failed - %s\n",
2661 q.in.level, nt_errstr(status));
2664 if ((q.out.info->info16.acct_flags & acct_flags) != acct_flags) {
2665 printf("QuerUserInfo level 16 failed, it returned 0x%08x when we expected flags of 0x%08x\n",
2666 q.out.info->info16.acct_flags,
2672 if (!test_user_ops(p, tctx, &user_handle, domain_handle,
2673 acct_flags, name.string, which_ops)) {
2677 if (user_handle_out) {
2678 *user_handle_out = user_handle;
2680 printf("Testing DeleteUser (createuser test)\n");
2682 d.in.user_handle = &user_handle;
2683 d.out.user_handle = &user_handle;
2685 status = dcerpc_samr_DeleteUser(p, user_ctx, &d);
2686 if (!NT_STATUS_IS_OK(status)) {
2687 printf("DeleteUser failed - %s\n", nt_errstr(status));
2694 talloc_free(user_ctx);
2700 static bool test_CreateUser2(struct dcerpc_pipe *p, struct torture_context *tctx,
2701 struct policy_handle *domain_handle,
2702 struct dom_sid *domain_sid,
2703 enum torture_samr_choice which_ops)
2706 struct samr_CreateUser2 r;
2707 struct samr_QueryUserInfo q;
2708 struct samr_DeleteUser d;
2709 struct policy_handle user_handle;
2711 struct lsa_String name;
2716 uint32_t acct_flags;
2717 const char *account_name;
2719 } account_types[] = {
2720 { ACB_NORMAL, TEST_ACCOUNT_NAME, NT_STATUS_OK },
2721 { ACB_NORMAL | ACB_DISABLED, TEST_ACCOUNT_NAME, NT_STATUS_INVALID_PARAMETER },
2722 { ACB_NORMAL | ACB_PWNOEXP, TEST_ACCOUNT_NAME, NT_STATUS_INVALID_PARAMETER },
2723 { ACB_WSTRUST, TEST_MACHINENAME, NT_STATUS_OK },
2724 { ACB_WSTRUST | ACB_DISABLED, TEST_MACHINENAME, NT_STATUS_INVALID_PARAMETER },
2725 { ACB_WSTRUST | ACB_PWNOEXP, TEST_MACHINENAME, NT_STATUS_INVALID_PARAMETER },
2726 { ACB_SVRTRUST, TEST_MACHINENAME, NT_STATUS_OK },
2727 { ACB_SVRTRUST | ACB_DISABLED, TEST_MACHINENAME, NT_STATUS_INVALID_PARAMETER },
2728 { ACB_SVRTRUST | ACB_PWNOEXP, TEST_MACHINENAME, NT_STATUS_INVALID_PARAMETER },
2729 { ACB_DOMTRUST, TEST_DOMAINNAME, NT_STATUS_OK },
2730 { ACB_DOMTRUST | ACB_DISABLED, TEST_DOMAINNAME, NT_STATUS_INVALID_PARAMETER },
2731 { ACB_DOMTRUST | ACB_PWNOEXP, TEST_DOMAINNAME, NT_STATUS_INVALID_PARAMETER },
2732 { 0, TEST_ACCOUNT_NAME, NT_STATUS_INVALID_PARAMETER },
2733 { ACB_DISABLED, TEST_ACCOUNT_NAME, NT_STATUS_INVALID_PARAMETER },
2734 { 0, NULL, NT_STATUS_INVALID_PARAMETER }
2737 for (i = 0; account_types[i].account_name; i++) {
2738 TALLOC_CTX *user_ctx;
2739 uint32_t acct_flags = account_types[i].acct_flags;
2740 uint32_t access_granted;
2741 user_ctx = talloc_named(tctx, 0, "test_CreateUser2 per-user context");
2742 init_lsa_String(&name, account_types[i].account_name);
2744 r.in.domain_handle = domain_handle;
2745 r.in.account_name = &name;
2746 r.in.acct_flags = acct_flags;
2747 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
2748 r.out.user_handle = &user_handle;
2749 r.out.access_granted = &access_granted;
2752 printf("Testing CreateUser2(%s, 0x%x)\n", r.in.account_name->string, acct_flags);
2754 status = dcerpc_samr_CreateUser2(p, user_ctx, &r);
2756 if (dom_sid_equal(domain_sid, dom_sid_parse_talloc(tctx, SID_BUILTIN))) {
2757 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) || NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
2758 printf("Server correctly refused create of '%s'\n", r.in.account_name->string);
2761 printf("Server should have refused create of '%s', got %s instead\n", r.in.account_name->string,
2768 if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
2769 if (!test_DeleteUser_byname(p, user_ctx, domain_handle, r.in.account_name->string)) {
2770 talloc_free(user_ctx);
2774 status = dcerpc_samr_CreateUser2(p, user_ctx, &r);
2777 if (!NT_STATUS_EQUAL(status, account_types[i].nt_status)) {
2778 printf("CreateUser2 failed gave incorrect error return - %s (should be %s)\n",
2779 nt_errstr(status), nt_errstr(account_types[i].nt_status));
2783 if (NT_STATUS_IS_OK(status)) {
2784 q.in.user_handle = &user_handle;
2787 status = dcerpc_samr_QueryUserInfo(p, user_ctx, &q);
2788 if (!NT_STATUS_IS_OK(status)) {
2789 printf("QueryUserInfo level %u failed - %s\n",
2790 q.in.level, nt_errstr(status));
2793 uint32_t expected_flags = (acct_flags | ACB_PWNOTREQ | ACB_DISABLED);
2794 if (acct_flags == ACB_NORMAL) {
2795 expected_flags |= ACB_PW_EXPIRED;
2797 if ((q.out.info->info5.acct_flags) != expected_flags) {
2798 printf("QuerUserInfo level 5 failed, it returned 0x%08x when we expected flags of 0x%08x\n",
2799 q.out.info->info5.acct_flags,
2803 switch (acct_flags) {
2805 if (q.out.info->info5.primary_gid != DOMAIN_RID_DCS) {
2806 printf("QuerUserInfo level 5: DC should have had Primary Group %d, got %d\n",
2807 DOMAIN_RID_DCS, q.out.info->info5.primary_gid);
2812 if (q.out.info->info5.primary_gid != DOMAIN_RID_DOMAIN_MEMBERS) {
2813 printf("QuerUserInfo level 5: Domain Member should have had Primary Group %d, got %d\n",
2814 DOMAIN_RID_DOMAIN_MEMBERS, q.out.info->info5.primary_gid);
2819 if (q.out.info->info5.primary_gid != DOMAIN_RID_USERS) {
2820 printf("QuerUserInfo level 5: Users should have had Primary Group %d, got %d\n",
2821 DOMAIN_RID_USERS, q.out.info->info5.primary_gid);
2828 if (!test_user_ops(p, tctx, &user_handle, domain_handle,
2829 acct_flags, name.string, which_ops)) {
2833 printf("Testing DeleteUser (createuser2 test)\n");
2835 d.in.user_handle = &user_handle;
2836 d.out.user_handle = &user_handle;
2838 status = dcerpc_samr_DeleteUser(p, user_ctx, &d);
2839 if (!NT_STATUS_IS_OK(status)) {
2840 printf("DeleteUser failed - %s\n", nt_errstr(status));
2844 talloc_free(user_ctx);
2850 static bool test_QueryAliasInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2851 struct policy_handle *handle)
2854 struct samr_QueryAliasInfo r;
2855 uint16_t levels[] = {1, 2, 3};
2859 for (i=0;i<ARRAY_SIZE(levels);i++) {
2860 printf("Testing QueryAliasInfo level %u\n", levels[i]);
2862 r.in.alias_handle = handle;
2863 r.in.level = levels[i];
2865 status = dcerpc_samr_QueryAliasInfo(p, mem_ctx, &r);
2866 if (!NT_STATUS_IS_OK(status)) {
2867 printf("QueryAliasInfo level %u failed - %s\n",
2868 levels[i], nt_errstr(status));
2876 static bool test_QueryGroupInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2877 struct policy_handle *handle)
2880 struct samr_QueryGroupInfo r;
2881 uint16_t levels[] = {1, 2, 3, 4, 5};
2885 for (i=0;i<ARRAY_SIZE(levels);i++) {
2886 printf("Testing QueryGroupInfo level %u\n", levels[i]);
2888 r.in.group_handle = handle;
2889 r.in.level = levels[i];
2891 status = dcerpc_samr_QueryGroupInfo(p, mem_ctx, &r);
2892 if (!NT_STATUS_IS_OK(status)) {
2893 printf("QueryGroupInfo level %u failed - %s\n",
2894 levels[i], nt_errstr(status));
2902 static bool test_QueryGroupMember(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2903 struct policy_handle *handle)
2906 struct samr_QueryGroupMember r;
2909 printf("Testing QueryGroupMember\n");
2911 r.in.group_handle = handle;
2913 status = dcerpc_samr_QueryGroupMember(p, mem_ctx, &r);
2914 if (!NT_STATUS_IS_OK(status)) {
2915 printf("QueryGroupInfo failed - %s\n", nt_errstr(status));
2923 static bool test_SetGroupInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2924 struct policy_handle *handle)
2927 struct samr_QueryGroupInfo r;
2928 struct samr_SetGroupInfo s;
2929 uint16_t levels[] = {1, 2, 3, 4};
2930 uint16_t set_ok[] = {0, 1, 1, 1};
2934 for (i=0;i<ARRAY_SIZE(levels);i++) {
2935 printf("Testing QueryGroupInfo level %u\n", levels[i]);
2937 r.in.group_handle = handle;
2938 r.in.level = levels[i];
2940 status = dcerpc_samr_QueryGroupInfo(p, mem_ctx, &r);
2941 if (!NT_STATUS_IS_OK(status)) {
2942 printf("QueryGroupInfo level %u failed - %s\n",
2943 levels[i], nt_errstr(status));
2947 printf("Testing SetGroupInfo level %u\n", levels[i]);
2949 s.in.group_handle = handle;
2950 s.in.level = levels[i];
2951 s.in.info = r.out.info;
2954 /* disabled this, as it changes the name only from the point of view of samr,
2955 but leaves the name from the point of view of w2k3 internals (and ldap). This means
2956 the name is still reserved, so creating the old name fails, but deleting by the old name
2958 if (s.in.level == 2) {
2959 init_lsa_String(&s.in.info->string, "NewName");
2963 if (s.in.level == 4) {
2964 init_lsa_String(&s.in.info->description, "test description");
2967 status = dcerpc_samr_SetGroupInfo(p, mem_ctx, &s);
2969 if (!NT_STATUS_IS_OK(status)) {
2970 printf("SetGroupInfo level %u failed - %s\n",
2971 r.in.level, nt_errstr(status));
2976 if (!NT_STATUS_EQUAL(NT_STATUS_INVALID_INFO_CLASS, status)) {
2977 printf("SetGroupInfo level %u gave %s - should have been NT_STATUS_INVALID_INFO_CLASS\n",
2978 r.in.level, nt_errstr(status));
2988 static bool test_QueryUserInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2989 struct policy_handle *handle)
2992 struct samr_QueryUserInfo r;
2993 uint16_t levels[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
2994 11, 12, 13, 14, 16, 17, 20, 21};
2998 for (i=0;i<ARRAY_SIZE(levels);i++) {
2999 printf("Testing QueryUserInfo level %u\n", levels[i]);
3001 r.in.user_handle = handle;
3002 r.in.level = levels[i];
3004 status = dcerpc_samr_QueryUserInfo(p, mem_ctx, &r);
3005 if (!NT_STATUS_IS_OK(status)) {
3006 printf("QueryUserInfo level %u failed - %s\n",
3007 levels[i], nt_errstr(status));
3015 static bool test_QueryUserInfo2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
3016 struct policy_handle *handle)
3019 struct samr_QueryUserInfo2 r;
3020 uint16_t levels[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
3021 11, 12, 13, 14, 16, 17, 20, 21};
3025 for (i=0;i<ARRAY_SIZE(levels);i++) {
3026 printf("Testing QueryUserInfo2 level %u\n", levels[i]);
3028 r.in.user_handle = handle;
3029 r.in.level = levels[i];
3031 status = dcerpc_samr_QueryUserInfo2(p, mem_ctx, &r);
3032 if (!NT_STATUS_IS_OK(status)) {
3033 printf("QueryUserInfo2 level %u failed - %s\n",
3034 levels[i], nt_errstr(status));
3042 static bool test_OpenUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
3043 struct policy_handle *handle, uint32_t rid)
3046 struct samr_OpenUser r;
3047 struct policy_handle user_handle;
3050 printf("Testing OpenUser(%u)\n", rid);
3052 r.in.domain_handle = handle;
3053 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
3055 r.out.user_handle = &user_handle;
3057 status = dcerpc_samr_OpenUser(p, mem_ctx, &r);
3058 if (!NT_STATUS_IS_OK(status)) {
3059 printf("OpenUser(%u) failed - %s\n", rid, nt_errstr(status));
3063 if (!test_QuerySecurity(p, mem_ctx, &user_handle)) {
3067 if (!test_QueryUserInfo(p, mem_ctx, &user_handle)) {
3071 if (!test_QueryUserInfo2(p, mem_ctx, &user_handle)) {
3075 if (!test_GetUserPwInfo(p, mem_ctx, &user_handle)) {
3079 if (!test_GetGroupsForUser(p,mem_ctx, &user_handle)) {
3083 if (!test_samr_handle_Close(p, mem_ctx, &user_handle)) {
3090 static bool test_OpenGroup(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
3091 struct policy_handle *handle, uint32_t rid)
3094 struct samr_OpenGroup r;
3095 struct policy_handle group_handle;
3098 printf("Testing OpenGroup(%u)\n", rid);
3100 r.in.domain_handle = handle;
3101 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
3103 r.out.group_handle = &group_handle;
3105 status = dcerpc_samr_OpenGroup(p, mem_ctx, &r);
3106 if (!NT_STATUS_IS_OK(status)) {
3107 printf("OpenGroup(%u) failed - %s\n", rid, nt_errstr(status));
3111 if (!test_QuerySecurity(p, mem_ctx, &group_handle)) {
3115 if (!test_QueryGroupInfo(p, mem_ctx, &group_handle)) {
3119 if (!test_QueryGroupMember(p, mem_ctx, &group_handle)) {
3123 if (!test_samr_handle_Close(p, mem_ctx, &group_handle)) {
3130 static bool test_OpenAlias(struct dcerpc_pipe *p, struct torture_context *tctx,
3131 struct policy_handle *handle, uint32_t rid)
3134 struct samr_OpenAlias r;
3135 struct policy_handle alias_handle;
3138 torture_comment(tctx, "Testing OpenAlias(%u)\n", rid);
3140 r.in.domain_handle = handle;
3141 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
3143 r.out.alias_handle = &alias_handle;
3145 status = dcerpc_samr_OpenAlias(p, tctx, &r);
3146 if (!NT_STATUS_IS_OK(status)) {
3147 printf("OpenAlias(%u) failed - %s\n", rid, nt_errstr(status));
3151 if (!test_QuerySecurity(p, tctx, &alias_handle)) {
3155 if (!test_QueryAliasInfo(p, tctx, &alias_handle)) {
3159 if (!test_GetMembersInAlias(p, tctx, &alias_handle)) {
3163 if (!test_samr_handle_Close(p, tctx, &alias_handle)) {
3170 static bool check_mask(struct dcerpc_pipe *p, struct torture_context *tctx,
3171 struct policy_handle *handle, uint32_t rid,
3172 uint32_t acct_flag_mask)
3175 struct samr_OpenUser r;
3176 struct samr_QueryUserInfo q;
3177 struct policy_handle user_handle;
3180 torture_comment(tctx, "Testing OpenUser(%u)\n", rid);
3182 r.in.domain_handle = handle;
3183 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
3185 r.out.user_handle = &user_handle;
3187 status = dcerpc_samr_OpenUser(p, tctx, &r);
3188 if (!NT_STATUS_IS_OK(status)) {
3189 printf("OpenUser(%u) failed - %s\n", rid, nt_errstr(status));
3193 q.in.user_handle = &user_handle;
3196 status = dcerpc_samr_QueryUserInfo(p, tctx, &q);
3197 if (!NT_STATUS_IS_OK(status)) {
3198 printf("QueryUserInfo level 16 failed - %s\n",
3202 if ((acct_flag_mask & q.out.info->info16.acct_flags) == 0) {
3203 printf("Server failed to filter for 0x%x, allowed 0x%x (%d) on EnumDomainUsers\n",
3204 acct_flag_mask, q.out.info->info16.acct_flags, rid);
3209 if (!test_samr_handle_Close(p, tctx, &user_handle)) {
3216 static bool test_EnumDomainUsers(struct dcerpc_pipe *p, struct torture_context *tctx,
3217 struct policy_handle *handle)
3219 NTSTATUS status = STATUS_MORE_ENTRIES;
3220 struct samr_EnumDomainUsers r;
3221 uint32_t mask, resume_handle=0;
3224 struct samr_LookupNames n;
3225 struct samr_LookupRids lr ;
3226 uint32_t masks[] = {ACB_NORMAL, ACB_DOMTRUST, ACB_WSTRUST,
3227 ACB_DISABLED, ACB_NORMAL | ACB_DISABLED,
3228 ACB_SVRTRUST | ACB_DOMTRUST | ACB_WSTRUST,
3231 printf("Testing EnumDomainUsers\n");
3233 for (mask_idx=0;mask_idx<ARRAY_SIZE(masks);mask_idx++) {
3234 r.in.domain_handle = handle;
3235 r.in.resume_handle = &resume_handle;
3236 r.in.acct_flags = mask = masks[mask_idx];
3237 r.in.max_size = (uint32_t)-1;
3238 r.out.resume_handle = &resume_handle;
3240 status = dcerpc_samr_EnumDomainUsers(p, tctx, &r);
3241 if (!NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES) &&
3242 !NT_STATUS_IS_OK(status)) {
3243 printf("EnumDomainUsers failed - %s\n", nt_errstr(status));
3247 torture_assert(tctx, r.out.sam, "EnumDomainUsers failed: r.out.sam unexpectedly NULL");
3249 if (r.out.sam->count == 0) {
3253 for (i=0;i<r.out.sam->count;i++) {
3255 if (!check_mask(p, tctx, handle, r.out.sam->entries[i].idx, mask)) {
3258 } else if (!test_OpenUser(p, tctx, handle, r.out.sam->entries[i].idx)) {
3264 printf("Testing LookupNames\n");
3265 n.in.domain_handle = handle;
3266 n.in.num_names = r.out.sam->count;
3267 n.in.names = talloc_array(tctx, struct lsa_String, r.out.sam->count);
3268 for (i=0;i<r.out.sam->count;i++) {
3269 n.in.names[i].string = r.out.sam->entries[i].name.string;
3271 status = dcerpc_samr_LookupNames(p, tctx, &n);
3272 if (!NT_STATUS_IS_OK(status)) {
3273 printf("LookupNames failed - %s\n", nt_errstr(status));
3278 printf("Testing LookupRids\n");
3279 lr.in.domain_handle = handle;
3280 lr.in.num_rids = r.out.sam->count;
3281 lr.in.rids = talloc_array(tctx, uint32_t, r.out.sam->count);
3282 for (i=0;i<r.out.sam->count;i++) {
3283 lr.in.rids[i] = r.out.sam->entries[i].idx;
3285 status = dcerpc_samr_LookupRids(p, tctx, &lr);
3286 torture_assert_ntstatus_ok(tctx, status, "LookupRids");
3292 try blasting the server with a bunch of sync requests
3294 static bool test_EnumDomainUsers_async(struct dcerpc_pipe *p, struct torture_context *tctx,
3295 struct policy_handle *handle)
3298 struct samr_EnumDomainUsers r;
3299 uint32_t resume_handle=0;
3301 #define ASYNC_COUNT 100
3302 struct rpc_request *req[ASYNC_COUNT];
3304 if (!torture_setting_bool(tctx, "dangerous", false)) {
3305 torture_skip(tctx, "samr async test disabled - enable dangerous tests to use\n");
3308 torture_comment(tctx, "Testing EnumDomainUsers_async\n");
3310 r.in.domain_handle = handle;
3311 r.in.resume_handle = &resume_handle;
3312 r.in.acct_flags = 0;
3313 r.in.max_size = (uint32_t)-1;
3314 r.out.resume_handle = &resume_handle;
3316 for (i=0;i<ASYNC_COUNT;i++) {
3317 req[i] = dcerpc_samr_EnumDomainUsers_send(p, tctx, &r);
3320 for (i=0;i<ASYNC_COUNT;i++) {
3321 status = dcerpc_ndr_request_recv(req[i]);
3322 if (!NT_STATUS_IS_OK(status)) {
3323 printf("EnumDomainUsers[%d] failed - %s\n",
3324 i, nt_errstr(status));
3329 torture_comment(tctx, "%d async requests OK\n", i);
3334 static bool test_EnumDomainGroups(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
3335 struct policy_handle *handle)
3338 struct samr_EnumDomainGroups r;
3339 uint32_t resume_handle=0;
3343 printf("Testing EnumDomainGroups\n");
3345 r.in.domain_handle = handle;
3346 r.in.resume_handle = &resume_handle;
3347 r.in.max_size = (uint32_t)-1;
3348 r.out.resume_handle = &resume_handle;
3350 status = dcerpc_samr_EnumDomainGroups(p, mem_ctx, &r);
3351 if (!NT_STATUS_IS_OK(status)) {
3352 printf("EnumDomainGroups failed - %s\n", nt_errstr(status));
3360 for (i=0;i<r.out.sam->count;i++) {
3361 if (!test_OpenGroup(p, mem_ctx, handle, r.out.sam->entries[i].idx)) {
3369 static bool test_EnumDomainAliases(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
3370 struct policy_handle *handle)
3373 struct samr_EnumDomainAliases r;
3374 uint32_t resume_handle=0;
3378 printf("Testing EnumDomainAliases\n");
3380 r.in.domain_handle = handle;
3381 r.in.resume_handle = &resume_handle;
3382 r.in.acct_flags = (uint32_t)-1;
3383 r.out.resume_handle = &resume_handle;
3385 status = dcerpc_samr_EnumDomainAliases(p, mem_ctx, &r);
3386 if (!NT_STATUS_IS_OK(status)) {
3387 printf("EnumDomainAliases failed - %s\n", nt_errstr(status));
3395 for (i=0;i<r.out.sam->count;i++) {
3396 if (!test_OpenAlias(p, mem_ctx, handle, r.out.sam->entries[i].idx)) {
3404 static bool test_GetDisplayEnumerationIndex(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
3405 struct policy_handle *handle)
3408 struct samr_GetDisplayEnumerationIndex r;
3410 uint16_t levels[] = {1, 2, 3, 4, 5};
3411 uint16_t ok_lvl[] = {1, 1, 1, 0, 0};
3414 for (i=0;i<ARRAY_SIZE(levels);i++) {
3415 printf("Testing GetDisplayEnumerationIndex level %u\n", levels[i]);
3417 r.in.domain_handle = handle;
3418 r.in.level = levels[i];
3419 init_lsa_String(&r.in.name, TEST_ACCOUNT_NAME);
3421 status = dcerpc_samr_GetDisplayEnumerationIndex(p, mem_ctx, &r);
3424 !NT_STATUS_IS_OK(status) &&
3425 !NT_STATUS_EQUAL(NT_STATUS_NO_MORE_ENTRIES, status)) {
3426 printf("GetDisplayEnumerationIndex level %u failed - %s\n",
3427 levels[i], nt_errstr(status));
3431 init_lsa_String(&r.in.name, "zzzzzzzz");
3433 status = dcerpc_samr_GetDisplayEnumerationIndex(p, mem_ctx, &r);
3435 if (ok_lvl[i] && !NT_STATUS_EQUAL(NT_STATUS_NO_MORE_ENTRIES, status)) {
3436 printf("GetDisplayEnumerationIndex level %u failed - %s\n",
3437 levels[i], nt_errstr(status));
3445 static bool test_GetDisplayEnumerationIndex2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
3446 struct policy_handle *handle)
3449 struct samr_GetDisplayEnumerationIndex2 r;
3451 uint16_t levels[] = {1, 2, 3, 4, 5};
3452 uint16_t ok_lvl[] = {1, 1, 1, 0, 0};
3455 for (i=0;i<ARRAY_SIZE(levels);i++) {
3456 printf("Testing GetDisplayEnumerationIndex2 level %u\n", levels[i]);
3458 r.in.domain_handle = handle;
3459 r.in.level = levels[i];
3460 init_lsa_String(&r.in.name, TEST_ACCOUNT_NAME);
3462 status = dcerpc_samr_GetDisplayEnumerationIndex2(p, mem_ctx, &r);
3464 !NT_STATUS_IS_OK(status) &&
3465 !NT_STATUS_EQUAL(NT_STATUS_NO_MORE_ENTRIES, status)) {
3466 printf("GetDisplayEnumerationIndex2 level %u failed - %s\n",
3467 levels[i], nt_errstr(status));
3471 init_lsa_String(&r.in.name, "zzzzzzzz");
3473 status = dcerpc_samr_GetDisplayEnumerationIndex2(p, mem_ctx, &r);
3474 if (ok_lvl[i] && !NT_STATUS_EQUAL(NT_STATUS_NO_MORE_ENTRIES, status)) {
3475 printf("GetDisplayEnumerationIndex2 level %u failed - %s\n",
3476 levels[i], nt_errstr(status));
3484 #define STRING_EQUAL_QUERY(s1, s2, user) \
3485 if (s1.string == NULL && s2.string != NULL && s2.string[0] == '\0') { \
3486 /* odd, but valid */ \
3487 } else if ((s1.string && !s2.string) || (s2.string && !s1.string) || strcmp(s1.string, s2.string)) { \
3488 printf("%s mismatch for %s: %s != %s (%s)\n", \
3489 #s1, user.string, s1.string, s2.string, __location__); \
3492 #define INT_EQUAL_QUERY(s1, s2, user) \
3494 printf("%s mismatch for %s: 0x%llx != 0x%llx (%s)\n", \
3495 #s1, user.string, (unsigned long long)s1, (unsigned long long)s2, __location__); \
3499 static bool test_each_DisplayInfo_user(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
3500 struct samr_QueryDisplayInfo *querydisplayinfo,
3501 bool *seen_testuser)
3503 struct samr_OpenUser r;
3504 struct samr_QueryUserInfo q;
3505 struct policy_handle user_handle;
3508 r.in.domain_handle = querydisplayinfo->in.domain_handle;
3509 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
3510 for (i = 0; ; i++) {
3511 switch (querydisplayinfo->in.level) {
3513 if (i >= querydisplayinfo->out.info.info1.count) {
3516 r.in.rid = querydisplayinfo->out.info.info1.entries[i].rid;
3519 if (i >= querydisplayinfo->out.info.info2.count) {
3522 r.in.rid = querydisplayinfo->out.info.info2.entries[i].rid;
3528 /* Not interested in validating just the account name */
3532 r.out.user_handle = &user_handle;
3534 switch (querydisplayinfo->in.level) {
3537 status = dcerpc_samr_OpenUser(p, mem_ctx, &r);
3538 if (!NT_STATUS_IS_OK(status)) {
3539 printf("OpenUser(%u) failed - %s\n", r.in.rid, nt_errstr(status));
3544 q.in.user_handle = &user_handle;
3546 status = dcerpc_samr_QueryUserInfo(p, mem_ctx, &q);
3547 if (!NT_STATUS_IS_OK(status)) {
3548 printf("QueryUserInfo(%u) failed - %s\n", r.in.rid, nt_errstr(status));
3552 switch (querydisplayinfo->in.level) {
3554 if (seen_testuser && strcmp(q.out.info->info21.account_name.string, TEST_ACCOUNT_NAME) == 0) {
3555 *seen_testuser = true;
3557 STRING_EQUAL_QUERY(querydisplayinfo->out.info.info1.entries[i].full_name,
3558 q.out.info->info21.full_name, q.out.info->info21.account_name);
3559 STRING_EQUAL_QUERY(querydisplayinfo->out.info.info1.entries[i].account_name,
3560 q.out.info->info21.account_name, q.out.info->info21.account_name);
3561 STRING_EQUAL_QUERY(querydisplayinfo->out.info.info1.entries[i].description,
3562 q.out.info->info21.description, q.out.info->info21.account_name);
3563 INT_EQUAL_QUERY(querydisplayinfo->out.info.info1.entries[i].rid,
3564 q.out.info->info21.rid, q.out.info->info21.account_name);
3565 INT_EQUAL_QUERY(querydisplayinfo->out.info.info1.entries[i].acct_flags,
3566 q.out.info->info21.acct_flags, q.out.info->info21.account_name);
3570 STRING_EQUAL_QUERY(querydisplayinfo->out.info.info2.entries[i].account_name,
3571 q.out.info->info21.account_name, q.out.info->info21.account_name);
3572 STRING_EQUAL_QUERY(querydisplayinfo->out.info.info2.entries[i].description,
3573 q.out.info->info21.description, q.out.info->info21.account_name);
3574 INT_EQUAL_QUERY(querydisplayinfo->out.info.info2.entries[i].rid,
3575 q.out.info->info21.rid, q.out.info->info21.account_name);
3576 INT_EQUAL_QUERY((querydisplayinfo->out.info.info2.entries[i].acct_flags & ~ACB_NORMAL),
3577 q.out.info->info21.acct_flags, q.out.info->info21.account_name);
3579 if (!(querydisplayinfo->out.info.info2.entries[i].acct_flags & ACB_NORMAL)) {
3580 printf("Missing ACB_NORMAL in querydisplayinfo->out.info.info2.entries[i].acct_flags on %s\n",
3581 q.out.info->info21.account_name.string);
3584 if (!(q.out.info->info21.acct_flags & (ACB_WSTRUST | ACB_SVRTRUST))) {
3585 printf("Found non-trust account %s in trust account listing: 0x%x 0x%x\n",
3586 q.out.info->info21.account_name.string,
3587 querydisplayinfo->out.info.info2.entries[i].acct_flags,
3588 q.out.info->info21.acct_flags);
3595 if (!test_samr_handle_Close(p, mem_ctx, &user_handle)) {
3602 static bool test_QueryDisplayInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
3603 struct policy_handle *handle)
3606 struct samr_QueryDisplayInfo r;
3607 struct samr_QueryDomainInfo dom_info;
3609 uint16_t levels[] = {1, 2, 3, 4, 5};
3611 bool seen_testuser = false;
3613 for (i=0;i<ARRAY_SIZE(levels);i++) {
3614 printf("Testing QueryDisplayInfo level %u\n", levels[i]);
3617 status = STATUS_MORE_ENTRIES;
3618 while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
3619 r.in.domain_handle = handle;
3620 r.in.level = levels[i];
3621 r.in.max_entries = 2;
3622 r.in.buf_size = (uint32_t)-1;
3624 status = dcerpc_samr_QueryDisplayInfo(p, mem_ctx, &r);
3625 if (!NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES) && !NT_STATUS_IS_OK(status)) {
3626 printf("QueryDisplayInfo level %u failed - %s\n",
3627 levels[i], nt_errstr(status));
3630 switch (r.in.level) {
3632 if (!test_each_DisplayInfo_user(p, mem_ctx, &r, &seen_testuser)) {
3635 r.in.start_idx += r.out.info.info1.count;
3638 if (!test_each_DisplayInfo_user(p, mem_ctx, &r, NULL)) {
3641 r.in.start_idx += r.out.info.info2.count;
3644 r.in.start_idx += r.out.info.info3.count;
3647 r.in.start_idx += r.out.info.info4.count;
3650 r.in.start_idx += r.out.info.info5.count;
3654 dom_info.in.domain_handle = handle;
3655 dom_info.in.level = 2;
3656 /* Check number of users returned is correct */
3657 status = dcerpc_samr_QueryDomainInfo(p, mem_ctx, &dom_info);
3658 if (!NT_STATUS_IS_OK(status)) {
3659 printf("QueryDomainInfo level %u failed - %s\n",
3660 r.in.level, nt_errstr(status));
3664 switch (r.in.level) {
3667 if (dom_info.out.info->general.num_users < r.in.start_idx) {
3668 printf("QueryDomainInfo indicates that QueryDisplayInfo returned more users (%d/%d) than the domain %s is said to contain!\n",
3669 r.in.start_idx, dom_info.out.info->general.num_groups,
3670 dom_info.out.info->general.domain_name.string);
3673 if (!seen_testuser) {
3674 struct policy_handle user_handle;
3675 if (NT_STATUS_IS_OK(test_OpenUser_byname(p, mem_ctx, handle, TEST_ACCOUNT_NAME, &user_handle))) {
3676 printf("Didn't find test user " TEST_ACCOUNT_NAME " in enumeration of %s\n",
3677 dom_info.out.info->general.domain_name.string);
3679 test_samr_handle_Close(p, mem_ctx, &user_handle);
3685 if (dom_info.out.info->general.num_groups != r.in.start_idx) {
3686 printf("QueryDomainInfo indicates that QueryDisplayInfo didn't return all (%d/%d) the groups in %s\n",
3687 r.in.start_idx, dom_info.out.info->general.num_groups,
3688 dom_info.out.info->general.domain_name.string);
3700 static bool test_QueryDisplayInfo2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
3701 struct policy_handle *handle)
3704 struct samr_QueryDisplayInfo2 r;
3706 uint16_t levels[] = {1, 2, 3, 4, 5};
3709 for (i=0;i<ARRAY_SIZE(levels);i++) {
3710 printf("Testing QueryDisplayInfo2 level %u\n", levels[i]);
3712 r.in.domain_handle = handle;
3713 r.in.level = levels[i];
3715 r.in.max_entries = 1000;
3716 r.in.buf_size = (uint32_t)-1;
3718 status = dcerpc_samr_QueryDisplayInfo2(p, mem_ctx, &r);
3719 if (!NT_STATUS_IS_OK(status)) {
3720 printf("QueryDisplayInfo2 level %u failed - %s\n",
3721 levels[i], nt_errstr(status));
3729 static bool test_QueryDisplayInfo3(struct dcerpc_pipe *p, struct torture_context *tctx,
3730 struct policy_handle *handle)
3733 struct samr_QueryDisplayInfo3 r;
3735 uint16_t levels[] = {1, 2, 3, 4, 5};
3738 for (i=0;i<ARRAY_SIZE(levels);i++) {
3739 torture_comment(tctx, "Testing QueryDisplayInfo3 level %u\n", levels[i]);
3741 r.in.domain_handle = handle;
3742 r.in.level = levels[i];
3744 r.in.max_entries = 1000;
3745 r.in.buf_size = (uint32_t)-1;
3747 status = dcerpc_samr_QueryDisplayInfo3(p, tctx, &r);
3748 if (!NT_STATUS_IS_OK(status)) {
3749 printf("QueryDisplayInfo3 level %u failed - %s\n",
3750 levels[i], nt_errstr(status));
3759 static bool test_QueryDisplayInfo_continue(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
3760 struct policy_handle *handle)
3763 struct samr_QueryDisplayInfo r;
3766 printf("Testing QueryDisplayInfo continuation\n");
3768 r.in.domain_handle = handle;
3771 r.in.max_entries = 1;
3772 r.in.buf_size = (uint32_t)-1;
3775 status = dcerpc_samr_QueryDisplayInfo(p, mem_ctx, &r);
3776 if (NT_STATUS_IS_OK(status) && r.out.returned_size != 0) {
3777 if (r.out.info.info1.entries[0].idx != r.in.start_idx + 1) {
3778 printf("expected idx %d but got %d\n",
3780 r.out.info.info1.entries[0].idx);
3784 if (!NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES) &&
3785 !NT_STATUS_IS_OK(status)) {
3786 printf("QueryDisplayInfo level %u failed - %s\n",
3787 r.in.level, nt_errstr(status));
3792 } while ((NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES) ||
3793 NT_STATUS_IS_OK(status)) &&
3794 r.out.returned_size != 0);
3799 static bool test_QueryDomainInfo(struct dcerpc_pipe *p, struct torture_context *tctx,
3800 struct policy_handle *handle)
3803 struct samr_QueryDomainInfo r;
3804 struct samr_SetDomainInfo s;
3805 uint16_t levels[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 11, 12, 13};
3806 uint16_t set_ok[] = {1, 0, 1, 1, 0, 1, 1, 0, 1, 0, 1, 0};
3809 const char *domain_comment = talloc_asprintf(tctx,
3810 "Tortured by Samba4 RPC-SAMR: %s",
3811 timestring(tctx, time(NULL)));
3813 s.in.domain_handle = handle;
3815 s.in.info = talloc(tctx, union samr_DomainInfo);
3817 s.in.info->oem.oem_information.string = domain_comment;
3818 status = dcerpc_samr_SetDomainInfo(p, tctx, &s);
3819 if (!NT_STATUS_IS_OK(status)) {
3820 printf("SetDomainInfo level %u (set comment) failed - %s\n",
3821 r.in.level, nt_errstr(status));
3825 for (i=0;i<ARRAY_SIZE(levels);i++) {
3826 torture_comment(tctx, "Testing QueryDomainInfo level %u\n", levels[i]);
3828 r.in.domain_handle = handle;
3829 r.in.level = levels[i];
3831 status = dcerpc_samr_QueryDomainInfo(p, tctx, &r);
3832 if (!NT_STATUS_IS_OK(status)) {
3833 printf("QueryDomainInfo level %u failed - %s\n",
3834 r.in.level, nt_errstr(status));
3839 switch (levels[i]) {
3841 if (strcmp(r.out.info->general.oem_information.string, domain_comment) != 0) {
3842 printf("QueryDomainInfo level %u returned different oem_information (comment) (%s, expected %s)\n",
3843 levels[i], r.out.info->general.oem_information.string, domain_comment);
3846 if (!r.out.info->general.primary.string) {
3847 printf("QueryDomainInfo level %u returned no PDC name\n",
3850 } else if (r.out.info->general.role == SAMR_ROLE_DOMAIN_PDC) {
3851 if (dcerpc_server_name(p) && strcasecmp_m(dcerpc_server_name(p), r.out.info->general.primary.string) != 0) {
3852 printf("QueryDomainInfo level %u returned different PDC name (%s) compared to server name (%s), despite claiming to be the PDC\n",
3853 levels[i], r.out.info->general.primary.string, dcerpc_server_name(p));
3858 if (strcmp(r.out.info->oem.oem_information.string, domain_comment) != 0) {
3859 printf("QueryDomainInfo level %u returned different oem_information (comment) (%s, expected %s)\n",
3860 levels[i], r.out.info->oem.oem_information.string, domain_comment);
3865 if (!r.out.info->info6.primary.string) {
3866 printf("QueryDomainInfo level %u returned no PDC name\n",
3872 if (strcmp(r.out.info->general2.general.oem_information.string, domain_comment) != 0) {
3873 printf("QueryDomainInfo level %u returned different comment (%s, expected %s)\n",
3874 levels[i], r.out.info->general2.general.oem_information.string, domain_comment);
3880 torture_comment(tctx, "Testing SetDomainInfo level %u\n", levels[i]);
3882 s.in.domain_handle = handle;
3883 s.in.level = levels[i];
3884 s.in.info = r.out.info;
3886 status = dcerpc_samr_SetDomainInfo(p, tctx, &s);
3888 if (!NT_STATUS_IS_OK(status)) {
3889 printf("SetDomainInfo level %u failed - %s\n",
3890 r.in.level, nt_errstr(status));
3895 if (!NT_STATUS_EQUAL(NT_STATUS_INVALID_INFO_CLASS, status)) {
3896 printf("SetDomainInfo level %u gave %s - should have been NT_STATUS_INVALID_INFO_CLASS\n",
3897 r.in.level, nt_errstr(status));
3903 status = dcerpc_samr_QueryDomainInfo(p, tctx, &r);
3904 if (!NT_STATUS_IS_OK(status)) {
3905 printf("QueryDomainInfo level %u failed - %s\n",
3906 r.in.level, nt_errstr(status));
3916 static bool test_QueryDomainInfo2(struct dcerpc_pipe *p, struct torture_context *tctx,
3917 struct policy_handle *handle)
3920 struct samr_QueryDomainInfo2 r;
3921 uint16_t levels[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 11, 12, 13};
3925 for (i=0;i<ARRAY_SIZE(levels);i++) {
3926 printf("Testing QueryDomainInfo2 level %u\n", levels[i]);
3928 r.in.domain_handle = handle;
3929 r.in.level = levels[i];
3931 status = dcerpc_samr_QueryDomainInfo2(p, tctx, &r);
3932 if (!NT_STATUS_IS_OK(status)) {
3933 printf("QueryDomainInfo2 level %u failed - %s\n",
3934 r.in.level, nt_errstr(status));
3943 /* Test whether querydispinfo level 5 and enumdomgroups return the same
3944 set of group names. */
3945 static bool test_GroupList(struct dcerpc_pipe *p, struct torture_context *tctx,
3946 struct policy_handle *handle)
3948 struct samr_EnumDomainGroups q1;
3949 struct samr_QueryDisplayInfo q2;
3951 uint32_t resume_handle=0;
3956 const char **names = NULL;
3958 torture_comment(tctx, "Testing coherency of querydispinfo vs enumdomgroups\n");
3960 q1.in.domain_handle = handle;
3961 q1.in.resume_handle = &resume_handle;
3963 q1.out.resume_handle = &resume_handle;
3965 status = STATUS_MORE_ENTRIES;
3966 while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
3967 status = dcerpc_samr_EnumDomainGroups(p, tctx, &q1);
3969 if (!NT_STATUS_IS_OK(status) &&
3970 !NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES))
3973 for (i=0; i<q1.out.num_entries; i++) {
3974 add_string_to_array(tctx,
3975 q1.out.sam->entries[i].name.string,
3976 &names, &num_names);
3980 torture_assert_ntstatus_ok(tctx, status, "EnumDomainGroups");
3982 torture_assert(tctx, q1.out.sam, "EnumDomainGroups failed to return q1.out.sam");
3984 q2.in.domain_handle = handle;
3986 q2.in.start_idx = 0;
3987 q2.in.max_entries = 5;
3988 q2.in.buf_size = (uint32_t)-1;
3990 status = STATUS_MORE_ENTRIES;
3991 while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
3992 status = dcerpc_samr_QueryDisplayInfo(p, tctx, &q2);
3994 if (!NT_STATUS_IS_OK(status) &&
3995 !NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES))
3998 for (i=0; i<q2.out.info.info5.count; i++) {
4000 const char *name = q2.out.info.info5.entries[i].account_name.string;
4002 for (j=0; j<num_names; j++) {
4003 if (names[j] == NULL)
4005 if (strequal(names[j], name)) {
4013 printf("QueryDisplayInfo gave name [%s] that EnumDomainGroups did not\n",
4018 q2.in.start_idx += q2.out.info.info5.count;
4021 if (!NT_STATUS_IS_OK(status)) {
4022 printf("QueryDisplayInfo level 5 failed - %s\n",
4027 for (i=0; i<num_names; i++) {
4028 if (names[i] != NULL) {
4029 printf("EnumDomainGroups gave name [%s] that QueryDisplayInfo did not\n",
4038 static bool test_DeleteDomainGroup(struct dcerpc_pipe *p, struct torture_context *tctx,
4039 struct policy_handle *group_handle)
4041 struct samr_DeleteDomainGroup d;
4044 torture_comment(tctx, "Testing DeleteDomainGroup\n");
4046 d.in.group_handle = group_handle;
4047 d.out.group_handle = group_handle;
4049 status = dcerpc_samr_DeleteDomainGroup(p, tctx, &d);
4050 torture_assert_ntstatus_ok(tctx, status, "DeleteDomainGroup");
4055 static bool test_TestPrivateFunctionsDomain(struct dcerpc_pipe *p, struct torture_context *tctx,
4056 struct policy_handle *domain_handle)
4058 struct samr_TestPrivateFunctionsDomain r;
4062 torture_comment(tctx, "Testing TestPrivateFunctionsDomain\n");
4064 r.in.domain_handle = domain_handle;
4066 status = dcerpc_samr_TestPrivateFunctionsDomain(p, tctx, &r);
4067 torture_assert_ntstatus_equal(tctx, NT_STATUS_NOT_IMPLEMENTED, status, "TestPrivateFunctionsDomain");
4072 static bool test_RidToSid(struct dcerpc_pipe *p, struct torture_context *tctx,
4073 struct dom_sid *domain_sid,
4074 struct policy_handle *domain_handle)
4076 struct samr_RidToSid r;
4079 struct dom_sid *calc_sid;
4080 int rids[] = { 0, 42, 512, 10200 };
4083 for (i=0;i<ARRAY_SIZE(rids);i++) {
4084 torture_comment(tctx, "Testing RidToSid\n");
4086 calc_sid = dom_sid_dup(tctx, domain_sid);
4087 r.in.domain_handle = domain_handle;
4090 status = dcerpc_samr_RidToSid(p, tctx, &r);
4091 if (!NT_STATUS_IS_OK(status)) {
4092 printf("RidToSid for %d failed - %s\n", rids[i], nt_errstr(status));
4095 calc_sid = dom_sid_add_rid(calc_sid, calc_sid, rids[i]);
4097 if (!dom_sid_equal(calc_sid, r.out.sid)) {
4098 printf("RidToSid for %d failed - got %s, expected %s\n", rids[i],
4099 dom_sid_string(tctx, r.out.sid),
4100 dom_sid_string(tctx, calc_sid));
4109 static bool test_GetBootKeyInformation(struct dcerpc_pipe *p, struct torture_context *tctx,
4110 struct policy_handle *domain_handle)
4112 struct samr_GetBootKeyInformation r;
4116 torture_comment(tctx, "Testing GetBootKeyInformation\n");
4118 r.in.domain_handle = domain_handle;
4120 status = dcerpc_samr_GetBootKeyInformation(p, tctx, &r);
4121 if (!NT_STATUS_IS_OK(status)) {
4122 /* w2k3 seems to fail this sometimes and pass it sometimes */
4123 torture_comment(tctx, "GetBootKeyInformation (ignored) - %s\n", nt_errstr(status));
4129 static bool test_AddGroupMember(struct dcerpc_pipe *p, struct torture_context *tctx,
4130 struct policy_handle *domain_handle,
4131 struct policy_handle *group_handle)
4134 struct samr_AddGroupMember r;
4135 struct samr_DeleteGroupMember d;
4136 struct samr_QueryGroupMember q;
4137 struct samr_SetMemberAttributesOfGroup s;
4140 status = test_LookupName(p, tctx, domain_handle, TEST_ACCOUNT_NAME, &rid);
4141 torture_assert_ntstatus_ok(tctx, status, "test_AddGroupMember looking up name " TEST_ACCOUNT_NAME);
4143 r.in.group_handle = group_handle;
4145 r.in.flags = 0; /* ??? */
4147 torture_comment(tctx, "Testing AddGroupMember and DeleteGroupMember\n");
4149 d.in.group_handle = group_handle;
4152 status = dcerpc_samr_DeleteGroupMember(p, tctx, &d);
4153 torture_assert_ntstatus_equal(tctx, NT_STATUS_MEMBER_NOT_IN_GROUP, status, "DeleteGroupMember");
4155 status = dcerpc_samr_AddGroupMember(p, tctx, &r);
4156 torture_assert_ntstatus_ok(tctx, status, "AddGroupMember");
4158 status = dcerpc_samr_AddGroupMember(p, tctx, &r);
4159 torture_assert_ntstatus_equal(tctx, NT_STATUS_MEMBER_IN_GROUP, status, "AddGroupMember");
4161 if (torture_setting_bool(tctx, "samba4", false)) {
4162 torture_comment(tctx, "skipping SetMemberAttributesOfGroup test against Samba4\n");
4164 /* this one is quite strange. I am using random inputs in the
4165 hope of triggering an error that might give us a clue */
4167 s.in.group_handle = group_handle;
4168 s.in.unknown1 = random();
4169 s.in.unknown2 = random();
4171 status = dcerpc_samr_SetMemberAttributesOfGroup(p, tctx, &s);
4172 torture_assert_ntstatus_ok(tctx, status, "SetMemberAttributesOfGroup");
4175 q.in.group_handle = group_handle;
4177 status = dcerpc_samr_QueryGroupMember(p, tctx, &q);
4178 torture_assert_ntstatus_ok(tctx, status, "QueryGroupMember");
4180 status = dcerpc_samr_DeleteGroupMember(p, tctx, &d);
4181 torture_assert_ntstatus_ok(tctx, status, "DeleteGroupMember");
4183 status = dcerpc_samr_AddGroupMember(p, tctx, &r);
4184 torture_assert_ntstatus_ok(tctx, status, "AddGroupMember");
4190 static bool test_CreateDomainGroup(struct dcerpc_pipe *p,
4191 struct torture_context *tctx,
4192 struct policy_handle *domain_handle,
4193 struct policy_handle *group_handle,
4194 struct dom_sid *domain_sid)
4197 struct samr_CreateDomainGroup r;
4199 struct lsa_String name;
4202 init_lsa_String(&name, TEST_GROUPNAME);
4204 r.in.domain_handle = domain_handle;
4206 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
4207 r.out.group_handle = group_handle;
4210 printf("Testing CreateDomainGroup(%s)\n", r.in.name->string);
4212 status = dcerpc_samr_CreateDomainGroup(p, tctx, &r);
4214 if (dom_sid_equal(domain_sid, dom_sid_parse_talloc(tctx, SID_BUILTIN))) {
4215 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
4216 torture_comment(tctx, "Server correctly refused create of '%s'\n", r.in.name->string);
4219 printf("Server should have refused create of '%s', got %s instead\n", r.in.name->string,
4225 if (NT_STATUS_EQUAL(status, NT_STATUS_GROUP_EXISTS)) {
4226 if (!test_DeleteGroup_byname(p, tctx, domain_handle, r.in.name->string)) {
4227 printf("CreateDomainGroup failed: Could not delete domain group %s - %s\n", r.in.name->string,
4231 status = dcerpc_samr_CreateDomainGroup(p, tctx, &r);
4233 if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
4234 if (!test_DeleteUser_byname(p, tctx, domain_handle, r.in.name->string)) {
4236 printf("CreateDomainGroup failed: Could not delete user %s - %s\n", r.in.name->string,
4240 status = dcerpc_samr_CreateDomainGroup(p, tctx, &r);
4242 torture_assert_ntstatus_ok(tctx, status, "CreateDomainGroup");
4244 if (!test_AddGroupMember(p, tctx, domain_handle, group_handle)) {
4245 printf("CreateDomainGroup failed - %s\n", nt_errstr(status));
4249 if (!test_SetGroupInfo(p, tctx, group_handle)) {
4258 its not totally clear what this does. It seems to accept any sid you like.
4260 static bool test_RemoveMemberFromForeignDomain(struct dcerpc_pipe *p,
4261 struct torture_context *tctx,
4262 struct policy_handle *domain_handle)
4265 struct samr_RemoveMemberFromForeignDomain r;
4267 r.in.domain_handle = domain_handle;
4268 r.in.sid = dom_sid_parse_talloc(tctx, "S-1-5-32-12-34-56-78");
4270 status = dcerpc_samr_RemoveMemberFromForeignDomain(p, tctx, &r);
4271 torture_assert_ntstatus_ok(tctx, status, "RemoveMemberFromForeignDomain");
4278 static bool test_Connect(struct dcerpc_pipe *p, struct torture_context *tctx,
4279 struct policy_handle *handle);
4281 static bool test_OpenDomain(struct dcerpc_pipe *p, struct torture_context *tctx,
4282 struct policy_handle *handle, struct dom_sid *sid,
4283 enum torture_samr_choice which_ops)
4286 struct samr_OpenDomain r;
4287 struct policy_handle domain_handle;
4288 struct policy_handle alias_handle;
4289 struct policy_handle user_handle;
4290 struct policy_handle group_handle;
4293 ZERO_STRUCT(alias_handle);
4294 ZERO_STRUCT(user_handle);
4295 ZERO_STRUCT(group_handle);
4296 ZERO_STRUCT(domain_handle);
4298 torture_comment(tctx, "Testing OpenDomain of %s\n", dom_sid_string(tctx, sid));
4300 r.in.connect_handle = handle;
4301 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
4303 r.out.domain_handle = &domain_handle;
4305 status = dcerpc_samr_OpenDomain(p, tctx, &r);
4306 torture_assert_ntstatus_ok(tctx, status, "OpenDomain");
4308 /* run the domain tests with the main handle closed - this tests
4309 the servers reference counting */
4310 ret &= test_samr_handle_Close(p, tctx, handle);
4312 switch (which_ops) {
4313 case TORTURE_SAMR_USER_ATTRIBUTES:
4314 case TORTURE_SAMR_PASSWORDS:
4315 ret &= test_CreateUser2(p, tctx, &domain_handle, sid, which_ops);
4316 ret &= test_CreateUser(p, tctx, &domain_handle, &user_handle, sid, which_ops);
4317 /* This test needs 'complex' users to validate */
4318 ret &= test_QueryDisplayInfo(p, tctx, &domain_handle);
4320 printf("Testing PASSWORDS or ATTRIBUTES on domain %s failed!\n", dom_sid_string(tctx, sid));
4323 case TORTURE_SAMR_OTHER:
4324 ret &= test_CreateUser(p, tctx, &domain_handle, &user_handle, sid, which_ops);
4326 printf("Failed to CreateUser in SAMR-OTHER on domain %s!\n", dom_sid_string(tctx, sid));
4328 ret &= test_QuerySecurity(p, tctx, &domain_handle);
4329 ret &= test_RemoveMemberFromForeignDomain(p, tctx, &domain_handle);
4330 ret &= test_CreateAlias(p, tctx, &domain_handle, &alias_handle, sid);
4331 ret &= test_CreateDomainGroup(p, tctx, &domain_handle, &group_handle, sid);
4332 ret &= test_QueryDomainInfo(p, tctx, &domain_handle);
4333 ret &= test_QueryDomainInfo2(p, tctx, &domain_handle);
4334 ret &= test_EnumDomainUsers(p, tctx, &domain_handle);
4335 ret &= test_EnumDomainUsers_async(p, tctx, &domain_handle);
4336 ret &= test_EnumDomainGroups(p, tctx, &domain_handle);
4337 ret &= test_EnumDomainAliases(p, tctx, &domain_handle);
4338 ret &= test_QueryDisplayInfo2(p, tctx, &domain_handle);
4339 ret &= test_QueryDisplayInfo3(p, tctx, &domain_handle);
4340 ret &= test_QueryDisplayInfo_continue(p, tctx, &domain_handle);
4342 if (torture_setting_bool(tctx, "samba4", false)) {
4343 torture_comment(tctx, "skipping GetDisplayEnumerationIndex test against Samba4\n");
4345 ret &= test_GetDisplayEnumerationIndex(p, tctx, &domain_handle);
4346 ret &= test_GetDisplayEnumerationIndex2(p, tctx, &domain_handle);
4348 ret &= test_GroupList(p, tctx, &domain_handle);
4349 ret &= test_TestPrivateFunctionsDomain(p, tctx, &domain_handle);
4350 ret &= test_RidToSid(p, tctx, sid, &domain_handle);
4351 ret &= test_GetBootKeyInformation(p, tctx, &domain_handle);
4353 torture_comment(tctx, "Testing SAMR-OTHER on domain %s failed!\n", dom_sid_string(tctx, sid));
4358 if (!policy_handle_empty(&user_handle) &&
4359 !test_DeleteUser(p, tctx, &user_handle)) {
4363 if (!policy_handle_empty(&alias_handle) &&
4364 !test_DeleteAlias(p, tctx, &alias_handle)) {
4368 if (!policy_handle_empty(&group_handle) &&
4369 !test_DeleteDomainGroup(p, tctx, &group_handle)) {
4373 ret &= test_samr_handle_Close(p, tctx, &domain_handle);
4375 /* reconnect the main handle */
4376 ret &= test_Connect(p, tctx, handle);
4379 printf("Testing domain %s failed!\n", dom_sid_string(tctx, sid));
4385 static bool test_LookupDomain(struct dcerpc_pipe *p, struct torture_context *tctx,
4386 struct policy_handle *handle, const char *domain,
4387 enum torture_samr_choice which_ops)
4390 struct samr_LookupDomain r;
4391 struct lsa_String n1;
4392 struct lsa_String n2;
4395 torture_comment(tctx, "Testing LookupDomain(%s)\n", domain);
4397 /* check for correct error codes */
4398 r.in.connect_handle = handle;
4399 r.in.domain_name = &n2;
4402 status = dcerpc_samr_LookupDomain(p, tctx, &r);
4403 torture_assert_ntstatus_equal(tctx, NT_STATUS_INVALID_PARAMETER, status, "LookupDomain expected NT_STATUS_INVALID_PARAMETER");
4405 init_lsa_String(&n2, "xxNODOMAINxx");
4407 status = dcerpc_samr_LookupDomain(p, tctx, &r);
4408 torture_assert_ntstatus_equal(tctx, NT_STATUS_NO_SUCH_DOMAIN, status, "LookupDomain expected NT_STATUS_NO_SUCH_DOMAIN");
4410 r.in.connect_handle = handle;
4412 init_lsa_String(&n1, domain);
4413 r.in.domain_name = &n1;
4415 status = dcerpc_samr_LookupDomain(p, tctx, &r);
4416 torture_assert_ntstatus_ok(tctx, status, "LookupDomain");
4418 if (!test_GetDomPwInfo(p, tctx, &n1)) {
4422 if (!test_OpenDomain(p, tctx, handle, r.out.sid, which_ops)) {
4430 static bool test_EnumDomains(struct dcerpc_pipe *p, struct torture_context *tctx,
4431 struct policy_handle *handle, enum torture_samr_choice which_ops)
4434 struct samr_EnumDomains r;
4435 uint32_t resume_handle = 0;
4439 r.in.connect_handle = handle;
4440 r.in.resume_handle = &resume_handle;
4441 r.in.buf_size = (uint32_t)-1;
4442 r.out.resume_handle = &resume_handle;
4444 status = dcerpc_samr_EnumDomains(p, tctx, &r);
4445 torture_assert_ntstatus_ok(tctx, status, "EnumDomains");
4451 for (i=0;i<r.out.sam->count;i++) {
4452 if (!test_LookupDomain(p, tctx, handle,
4453 r.out.sam->entries[i].name.string, which_ops)) {
4458 status = dcerpc_samr_EnumDomains(p, tctx, &r);
4459 torture_assert_ntstatus_ok(tctx, status, "EnumDomains");
4465 static bool test_Connect(struct dcerpc_pipe *p, struct torture_context *tctx,
4466 struct policy_handle *handle)
4469 struct samr_Connect r;
4470 struct samr_Connect2 r2;
4471 struct samr_Connect3 r3;
4472 struct samr_Connect4 r4;
4473 struct samr_Connect5 r5;
4474 union samr_ConnectInfo info;
4475 struct policy_handle h;
4476 bool ret = true, got_handle = false;
4478 torture_comment(tctx, "testing samr_Connect\n");
4480 r.in.system_name = 0;
4481 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
4482 r.out.connect_handle = &h;
4484 status = dcerpc_samr_Connect(p, tctx, &r);
4485 if (!NT_STATUS_IS_OK(status)) {
4486 torture_comment(tctx, "Connect failed - %s\n", nt_errstr(status));
4493 torture_comment(tctx, "testing samr_Connect2\n");
4495 r2.in.system_name = NULL;
4496 r2.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
4497 r2.out.connect_handle = &h;
4499 status = dcerpc_samr_Connect2(p, tctx, &r2);
4500 if (!NT_STATUS_IS_OK(status)) {
4501 torture_comment(tctx, "Connect2 failed - %s\n", nt_errstr(status));
4505 test_samr_handle_Close(p, tctx, handle);
4511 torture_comment(tctx, "testing samr_Connect3\n");
4513 r3.in.system_name = NULL;
4515 r3.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
4516 r3.out.connect_handle = &h;
4518 status = dcerpc_samr_Connect3(p, tctx, &r3);
4519 if (!NT_STATUS_IS_OK(status)) {
4520 printf("Connect3 failed - %s\n", nt_errstr(status));
4524 test_samr_handle_Close(p, tctx, handle);
4530 torture_comment(tctx, "testing samr_Connect4\n");
4532 r4.in.system_name = "";
4533 r4.in.client_version = 0;
4534 r4.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
4535 r4.out.connect_handle = &h;
4537 status = dcerpc_samr_Connect4(p, tctx, &r4);
4538 if (!NT_STATUS_IS_OK(status)) {
4539 printf("Connect4 failed - %s\n", nt_errstr(status));
4543 test_samr_handle_Close(p, tctx, handle);
4549 torture_comment(tctx, "testing samr_Connect5\n");
4551 info.info1.client_version = 0;
4552 info.info1.unknown2 = 0;
4554 r5.in.system_name = "";
4555 r5.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
4558 r5.out.info = &info;
4559 r5.out.connect_handle = &h;
4561 status = dcerpc_samr_Connect5(p, tctx, &r5);
4562 if (!NT_STATUS_IS_OK(status)) {
4563 printf("Connect5 failed - %s\n", nt_errstr(status));
4567 test_samr_handle_Close(p, tctx, handle);
4577 bool torture_rpc_samr(struct torture_context *torture)
4580 struct dcerpc_pipe *p;
4582 struct policy_handle handle;
4584 status = torture_rpc_connection(torture, &p, &ndr_table_samr);
4585 if (!NT_STATUS_IS_OK(status)) {
4589 ret &= test_Connect(p, torture, &handle);
4591 ret &= test_QuerySecurity(p, torture, &handle);
4593 ret &= test_EnumDomains(p, torture, &handle, TORTURE_SAMR_OTHER);
4595 ret &= test_SetDsrmPassword(p, torture, &handle);
4597 ret &= test_Shutdown(p, torture, &handle);
4599 ret &= test_samr_handle_Close(p, torture, &handle);
4605 bool torture_rpc_samr_users(struct torture_context *torture)
4608 struct dcerpc_pipe *p;
4610 struct policy_handle handle;
4612 status = torture_rpc_connection(torture, &p, &ndr_table_samr);
4613 if (!NT_STATUS_IS_OK(status)) {
4617 ret &= test_Connect(p, torture, &handle);
4619 ret &= test_QuerySecurity(p, torture, &handle);
4621 ret &= test_EnumDomains(p, torture, &handle, TORTURE_SAMR_USER_ATTRIBUTES);
4623 ret &= test_SetDsrmPassword(p, torture, &handle);
4625 ret &= test_Shutdown(p, torture, &handle);
4627 ret &= test_samr_handle_Close(p, torture, &handle);
4633 bool torture_rpc_samr_passwords(struct torture_context *torture)
4636 struct dcerpc_pipe *p;
4638 struct policy_handle handle;
4640 status = torture_rpc_connection(torture, &p, &ndr_table_samr);
4641 if (!NT_STATUS_IS_OK(status)) {
4645 ret &= test_Connect(p, torture, &handle);
4647 ret &= test_EnumDomains(p, torture, &handle, TORTURE_SAMR_PASSWORDS);
4649 ret &= test_samr_handle_Close(p, torture, &handle);
git.samba.org / ira / wip.git / blob