2 Unix SMB/CIFS implementation.
3 test suite for samr rpc operations
5 Copyright (C) Andrew Tridgell 2003
6 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2003
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 #include "torture/torture.h"
25 #include "system/time.h"
26 #include "librpc/gen_ndr/lsa.h"
27 #include "librpc/gen_ndr/ndr_samr_c.h"
28 #include "lib/crypto/crypto.h"
29 #include "libcli/auth/libcli_auth.h"
30 #include "libcli/security/security.h"
31 #include "torture/rpc/rpc.h"
33 #define TEST_ACCOUNT_NAME "samrtorturetest"
34 #define TEST_ALIASNAME "samrtorturetestalias"
35 #define TEST_GROUPNAME "samrtorturetestgroup"
36 #define TEST_MACHINENAME "samrtestmach$"
37 #define TEST_DOMAINNAME "samrtestdom$"
39 enum torture_samr_choice {
40 TORTURE_SAMR_PASSWORDS,
41 TORTURE_SAMR_USER_ATTRIBUTES,
45 static BOOL test_QueryUserInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
46 struct policy_handle *handle);
48 static BOOL test_QueryUserInfo2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
49 struct policy_handle *handle);
51 static BOOL test_QueryAliasInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
52 struct policy_handle *handle);
54 static BOOL test_ChangePassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
55 const char *acct_name,
56 struct policy_handle *domain_handle, char **password);
58 static void init_lsa_String(struct lsa_String *string, const char *s)
63 BOOL test_samr_handle_Close(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
64 struct policy_handle *handle)
70 r.out.handle = handle;
72 status = dcerpc_samr_Close(p, mem_ctx, &r);
73 if (!NT_STATUS_IS_OK(status)) {
74 printf("Close handle failed - %s\n", nt_errstr(status));
81 static BOOL test_Shutdown(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
82 struct policy_handle *handle)
85 struct samr_Shutdown r;
87 if (!lp_parm_bool(-1, "torture", "dangerous", False)) {
88 printf("samr_Shutdown disabled - enable dangerous tests to use\n");
92 r.in.connect_handle = handle;
94 printf("testing samr_Shutdown\n");
96 status = dcerpc_samr_Shutdown(p, mem_ctx, &r);
97 if (!NT_STATUS_IS_OK(status)) {
98 printf("samr_Shutdown failed - %s\n", nt_errstr(status));
105 static BOOL test_SetDsrmPassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
106 struct policy_handle *handle)
109 struct samr_SetDsrmPassword r;
110 struct lsa_String string;
111 struct samr_Password hash;
113 if (!lp_parm_bool(-1, "torture", "dangerous", False)) {
114 printf("samr_SetDsrmPassword disabled - enable dangerous tests to use\n");
118 E_md4hash("TeSTDSRM123", hash.hash);
120 init_lsa_String(&string, "Administrator");
126 printf("testing samr_SetDsrmPassword\n");
128 status = dcerpc_samr_SetDsrmPassword(p, mem_ctx, &r);
129 if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
130 printf("samr_SetDsrmPassword failed - %s\n", nt_errstr(status));
138 static BOOL test_QuerySecurity(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
139 struct policy_handle *handle)
142 struct samr_QuerySecurity r;
143 struct samr_SetSecurity s;
145 r.in.handle = handle;
148 status = dcerpc_samr_QuerySecurity(p, mem_ctx, &r);
149 if (!NT_STATUS_IS_OK(status)) {
150 printf("QuerySecurity failed - %s\n", nt_errstr(status));
154 if (r.out.sdbuf == NULL) {
158 s.in.handle = handle;
160 s.in.sdbuf = r.out.sdbuf;
162 if (lp_parm_bool(-1, "torture", "samba4", False)) {
163 printf("skipping SetSecurity test against Samba4\n");
167 status = dcerpc_samr_SetSecurity(p, mem_ctx, &s);
168 if (!NT_STATUS_IS_OK(status)) {
169 printf("SetSecurity failed - %s\n", nt_errstr(status));
173 status = dcerpc_samr_QuerySecurity(p, mem_ctx, &r);
174 if (!NT_STATUS_IS_OK(status)) {
175 printf("QuerySecurity failed - %s\n", nt_errstr(status));
183 static BOOL test_SetUserInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
184 struct policy_handle *handle, uint32_t base_acct_flags,
185 const char *base_account_name)
188 struct samr_SetUserInfo s;
189 struct samr_SetUserInfo2 s2;
190 struct samr_QueryUserInfo q;
191 struct samr_QueryUserInfo q0;
192 union samr_UserInfo u;
194 const char *test_account_name;
196 uint32_t user_extra_flags = 0;
197 if (base_acct_flags == ACB_NORMAL) {
198 /* When created, accounts are expired by default */
199 user_extra_flags = ACB_PW_EXPIRED;
202 s.in.user_handle = handle;
205 s2.in.user_handle = handle;
208 q.in.user_handle = handle;
212 #define TESTCALL(call, r) \
213 status = dcerpc_samr_ ##call(p, mem_ctx, &r); \
214 if (!NT_STATUS_IS_OK(status)) { \
215 printf(#call " level %u failed - %s (%s)\n", \
216 r.in.level, nt_errstr(status), __location__); \
221 #define STRING_EQUAL(s1, s2, field) \
222 if ((s1 && !s2) || (s2 && !s1) || strcmp(s1, s2)) { \
223 printf("Failed to set %s to '%s' (%s)\n", \
224 #field, s2, __location__); \
229 #define INT_EQUAL(i1, i2, field) \
231 printf("Failed to set %s to 0x%x - got 0x%x (%s)\n", \
232 #field, i2, i1, __location__); \
237 #define TEST_USERINFO_STRING(lvl1, field1, lvl2, field2, value, fpval) do { \
238 printf("field test %d/%s vs %d/%s\n", lvl1, #field1, lvl2, #field2); \
240 TESTCALL(QueryUserInfo, q) \
242 s2.in.level = lvl1; \
245 ZERO_STRUCT(u.info21); \
246 u.info21.fields_present = fpval; \
248 init_lsa_String(&u.info ## lvl1.field1, value); \
249 TESTCALL(SetUserInfo, s) \
250 TESTCALL(SetUserInfo2, s2) \
251 init_lsa_String(&u.info ## lvl1.field1, ""); \
252 TESTCALL(QueryUserInfo, q); \
254 STRING_EQUAL(u.info ## lvl1.field1.string, value, field1); \
256 TESTCALL(QueryUserInfo, q) \
258 STRING_EQUAL(u.info ## lvl2.field2.string, value, field2); \
261 #define TEST_USERINFO_INT_EXP(lvl1, field1, lvl2, field2, value, exp_value, fpval) do { \
262 printf("field test %d/%s vs %d/%s\n", lvl1, #field1, lvl2, #field2); \
264 TESTCALL(QueryUserInfo, q) \
266 s2.in.level = lvl1; \
269 uint8_t *bits = u.info21.logon_hours.bits; \
270 ZERO_STRUCT(u.info21); \
271 if (fpval == SAMR_FIELD_LOGON_HOURS) { \
272 u.info21.logon_hours.units_per_week = 168; \
273 u.info21.logon_hours.bits = bits; \
275 u.info21.fields_present = fpval; \
277 u.info ## lvl1.field1 = value; \
278 TESTCALL(SetUserInfo, s) \
279 TESTCALL(SetUserInfo2, s2) \
280 u.info ## lvl1.field1 = 0; \
281 TESTCALL(QueryUserInfo, q); \
283 INT_EQUAL(u.info ## lvl1.field1, exp_value, field1); \
285 TESTCALL(QueryUserInfo, q) \
287 INT_EQUAL(u.info ## lvl2.field2, exp_value, field1); \
290 #define TEST_USERINFO_INT(lvl1, field1, lvl2, field2, value, fpval) do { \
291 TEST_USERINFO_INT_EXP(lvl1, field1, lvl2, field2, value, value, fpval); \
295 do { TESTCALL(QueryUserInfo, q0) } while (0);
297 TEST_USERINFO_STRING(2, comment, 1, comment, "xx2-1 comment", 0);
298 TEST_USERINFO_STRING(2, comment, 21, comment, "xx2-21 comment", 0);
299 TEST_USERINFO_STRING(21, comment, 21, comment, "xx21-21 comment",
302 test_account_name = talloc_asprintf(mem_ctx, "%sxx7-1", base_account_name);
303 TEST_USERINFO_STRING(7, account_name, 1, account_name, base_account_name, 0);
304 test_account_name = talloc_asprintf(mem_ctx, "%sxx7-3", base_account_name);
305 TEST_USERINFO_STRING(7, account_name, 3, account_name, base_account_name, 0);
306 test_account_name = talloc_asprintf(mem_ctx, "%sxx7-5", base_account_name);
307 TEST_USERINFO_STRING(7, account_name, 5, account_name, base_account_name, 0);
308 test_account_name = talloc_asprintf(mem_ctx, "%sxx7-6", base_account_name);
309 TEST_USERINFO_STRING(7, account_name, 6, account_name, base_account_name, 0);
310 test_account_name = talloc_asprintf(mem_ctx, "%sxx7-7", base_account_name);
311 TEST_USERINFO_STRING(7, account_name, 7, account_name, base_account_name, 0);
312 test_account_name = talloc_asprintf(mem_ctx, "%sxx7-21", base_account_name);
313 TEST_USERINFO_STRING(7, account_name, 21, account_name, base_account_name, 0);
314 test_account_name = base_account_name;
315 TEST_USERINFO_STRING(21, account_name, 21, account_name, base_account_name,
316 SAMR_FIELD_ACCOUNT_NAME);
318 TEST_USERINFO_STRING(6, full_name, 1, full_name, "xx6-1 full_name", 0);
319 TEST_USERINFO_STRING(6, full_name, 3, full_name, "xx6-3 full_name", 0);
320 TEST_USERINFO_STRING(6, full_name, 5, full_name, "xx6-5 full_name", 0);
321 TEST_USERINFO_STRING(6, full_name, 6, full_name, "xx6-6 full_name", 0);
322 TEST_USERINFO_STRING(6, full_name, 8, full_name, "xx6-8 full_name", 0);
323 TEST_USERINFO_STRING(6, full_name, 21, full_name, "xx6-21 full_name", 0);
324 TEST_USERINFO_STRING(8, full_name, 21, full_name, "xx8-21 full_name", 0);
325 TEST_USERINFO_STRING(21, full_name, 21, full_name, "xx21-21 full_name",
326 SAMR_FIELD_FULL_NAME);
328 TEST_USERINFO_STRING(11, logon_script, 3, logon_script, "xx11-3 logon_script", 0);
329 TEST_USERINFO_STRING(11, logon_script, 5, logon_script, "xx11-5 logon_script", 0);
330 TEST_USERINFO_STRING(11, logon_script, 21, logon_script, "xx11-21 logon_script", 0);
331 TEST_USERINFO_STRING(21, logon_script, 21, logon_script, "xx21-21 logon_script",
332 SAMR_FIELD_LOGON_SCRIPT);
334 TEST_USERINFO_STRING(12, profile_path, 3, profile_path, "xx12-3 profile_path", 0);
335 TEST_USERINFO_STRING(12, profile_path, 5, profile_path, "xx12-5 profile_path", 0);
336 TEST_USERINFO_STRING(12, profile_path, 21, profile_path, "xx12-21 profile_path", 0);
337 TEST_USERINFO_STRING(21, profile_path, 21, profile_path, "xx21-21 profile_path",
338 SAMR_FIELD_PROFILE_PATH);
340 TEST_USERINFO_STRING(10, home_directory, 3, home_directory, "xx10-3 home_directory", 0);
341 TEST_USERINFO_STRING(10, home_directory, 5, home_directory, "xx10-5 home_directory", 0);
342 TEST_USERINFO_STRING(10, home_directory, 21, home_directory, "xx10-21 home_directory", 0);
343 TEST_USERINFO_STRING(21, home_directory, 21, home_directory, "xx21-21 home_directory",
344 SAMR_FIELD_HOME_DIRECTORY);
345 TEST_USERINFO_STRING(21, home_directory, 10, home_directory, "xx21-10 home_directory",
346 SAMR_FIELD_HOME_DIRECTORY);
348 TEST_USERINFO_STRING(10, home_drive, 3, home_drive, "xx10-3 home_drive", 0);
349 TEST_USERINFO_STRING(10, home_drive, 5, home_drive, "xx10-5 home_drive", 0);
350 TEST_USERINFO_STRING(10, home_drive, 21, home_drive, "xx10-21 home_drive", 0);
351 TEST_USERINFO_STRING(21, home_drive, 21, home_drive, "xx21-21 home_drive",
352 SAMR_FIELD_HOME_DRIVE);
353 TEST_USERINFO_STRING(21, home_drive, 10, home_drive, "xx21-10 home_drive",
354 SAMR_FIELD_HOME_DRIVE);
356 TEST_USERINFO_STRING(13, description, 1, description, "xx13-1 description", 0);
357 TEST_USERINFO_STRING(13, description, 5, description, "xx13-5 description", 0);
358 TEST_USERINFO_STRING(13, description, 21, description, "xx13-21 description", 0);
359 TEST_USERINFO_STRING(21, description, 21, description, "xx21-21 description",
360 SAMR_FIELD_DESCRIPTION);
362 TEST_USERINFO_STRING(14, workstations, 3, workstations, "14workstation3", 0);
363 TEST_USERINFO_STRING(14, workstations, 5, workstations, "14workstation4", 0);
364 TEST_USERINFO_STRING(14, workstations, 21, workstations, "14workstation21", 0);
365 TEST_USERINFO_STRING(21, workstations, 21, workstations, "21workstation21",
366 SAMR_FIELD_WORKSTATIONS);
368 TEST_USERINFO_STRING(20, parameters, 21, parameters, "xx20-21 parameters", 0);
369 TEST_USERINFO_STRING(21, parameters, 21, parameters, "xx21-21 parameters",
370 SAMR_FIELD_PARAMETERS);
372 TEST_USERINFO_INT(2, country_code, 21, country_code, __LINE__, 0);
373 TEST_USERINFO_INT(21, country_code, 21, country_code, __LINE__,
374 SAMR_FIELD_COUNTRY_CODE);
376 TEST_USERINFO_INT(2, code_page, 21, code_page, __LINE__, 0);
377 TEST_USERINFO_INT(21, code_page, 21, code_page, __LINE__,
378 SAMR_FIELD_CODE_PAGE);
380 TEST_USERINFO_INT(4, logon_hours.bits[3], 3, logon_hours.bits[3], 1, 0);
381 TEST_USERINFO_INT(4, logon_hours.bits[3], 5, logon_hours.bits[3], 2, 0);
382 TEST_USERINFO_INT(4, logon_hours.bits[3], 21, logon_hours.bits[3], 3, 0);
383 TEST_USERINFO_INT(21, logon_hours.bits[3], 21, logon_hours.bits[3], 4,
384 SAMR_FIELD_LOGON_HOURS);
386 if (lp_parm_bool(-1, "torture", "samba4", False)) {
387 printf("skipping Set Account Flag tests against Samba4\n");
391 TEST_USERINFO_INT_EXP(16, acct_flags, 5, acct_flags,
392 (base_acct_flags | ACB_DISABLED | ACB_HOMDIRREQ),
393 (base_acct_flags | ACB_DISABLED | ACB_HOMDIRREQ | user_extra_flags),
395 TEST_USERINFO_INT_EXP(16, acct_flags, 5, acct_flags,
396 (base_acct_flags | ACB_DISABLED),
397 (base_acct_flags | ACB_DISABLED | user_extra_flags),
400 /* Setting PWNOEXP clears the magic ACB_PW_EXPIRED flag */
401 TEST_USERINFO_INT_EXP(16, acct_flags, 5, acct_flags,
402 (base_acct_flags | ACB_DISABLED | ACB_PWNOEXP),
403 (base_acct_flags | ACB_DISABLED | ACB_PWNOEXP),
405 TEST_USERINFO_INT_EXP(16, acct_flags, 21, acct_flags,
406 (base_acct_flags | ACB_DISABLED | ACB_HOMDIRREQ),
407 (base_acct_flags | ACB_DISABLED | ACB_HOMDIRREQ | user_extra_flags),
411 /* The 'autolock' flag doesn't stick - check this */
412 TEST_USERINFO_INT_EXP(16, acct_flags, 21, acct_flags,
413 (base_acct_flags | ACB_DISABLED | ACB_AUTOLOCK),
414 (base_acct_flags | ACB_DISABLED | user_extra_flags),
417 /* Removing the 'disabled' flag doesn't stick - check this */
418 TEST_USERINFO_INT_EXP(16, acct_flags, 21, acct_flags,
420 (base_acct_flags | ACB_DISABLED | user_extra_flags),
423 /* The 'store plaintext' flag does stick */
424 TEST_USERINFO_INT_EXP(16, acct_flags, 21, acct_flags,
425 (base_acct_flags | ACB_DISABLED | ACB_ENC_TXT_PWD_ALLOWED),
426 (base_acct_flags | ACB_DISABLED | ACB_ENC_TXT_PWD_ALLOWED | user_extra_flags),
428 /* The 'use DES' flag does stick */
429 TEST_USERINFO_INT_EXP(16, acct_flags, 21, acct_flags,
430 (base_acct_flags | ACB_DISABLED | ACB_USE_DES_KEY_ONLY),
431 (base_acct_flags | ACB_DISABLED | ACB_USE_DES_KEY_ONLY | user_extra_flags),
433 /* The 'don't require kerberos pre-authentication flag does stick */
434 TEST_USERINFO_INT_EXP(16, acct_flags, 21, acct_flags,
435 (base_acct_flags | ACB_DISABLED | ACB_DONT_REQUIRE_PREAUTH),
436 (base_acct_flags | ACB_DISABLED | ACB_DONT_REQUIRE_PREAUTH | user_extra_flags),
438 /* The 'no kerberos PAC required' flag sticks */
439 TEST_USERINFO_INT_EXP(16, acct_flags, 21, acct_flags,
440 (base_acct_flags | ACB_DISABLED | ACB_NO_AUTH_DATA_REQD),
441 (base_acct_flags | ACB_DISABLED | ACB_NO_AUTH_DATA_REQD | user_extra_flags),
444 TEST_USERINFO_INT_EXP(21, acct_flags, 21, acct_flags,
445 (base_acct_flags | ACB_DISABLED),
446 (base_acct_flags | ACB_DISABLED | user_extra_flags),
447 SAMR_FIELD_ACCT_FLAGS);
450 /* these fail with win2003 - it appears you can't set the primary gid?
451 the set succeeds, but the gid isn't changed. Very weird! */
452 TEST_USERINFO_INT(9, primary_gid, 1, primary_gid, 513);
453 TEST_USERINFO_INT(9, primary_gid, 3, primary_gid, 513);
454 TEST_USERINFO_INT(9, primary_gid, 5, primary_gid, 513);
455 TEST_USERINFO_INT(9, primary_gid, 21, primary_gid, 513);
462 generate a random password for password change tests
464 static char *samr_rand_pass(TALLOC_CTX *mem_ctx, int min_len)
466 size_t len = MAX(8, min_len) + (random() % 6);
467 char *s = generate_random_str(mem_ctx, len);
468 printf("Generated password '%s'\n", s);
473 generate a random password for password change tests (fixed length)
475 static char *samr_rand_pass_fixed_len(TALLOC_CTX *mem_ctx, int len)
477 char *s = generate_random_str(mem_ctx, len);
478 printf("Generated password '%s'\n", s);
482 static BOOL test_SetUserPass(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
483 struct policy_handle *handle, char **password)
486 struct samr_SetUserInfo s;
487 union samr_UserInfo u;
489 DATA_BLOB session_key;
491 struct samr_GetUserPwInfo pwp;
492 int policy_min_pw_len = 0;
493 pwp.in.user_handle = handle;
495 status = dcerpc_samr_GetUserPwInfo(p, mem_ctx, &pwp);
496 if (NT_STATUS_IS_OK(status)) {
497 policy_min_pw_len = pwp.out.info.min_password_length;
499 newpass = samr_rand_pass(mem_ctx, policy_min_pw_len);
501 s.in.user_handle = handle;
505 encode_pw_buffer(u.info24.password.data, newpass, STR_UNICODE);
506 /* w2k3 ignores this length */
507 u.info24.pw_len = strlen_m(newpass) * 2;
509 status = dcerpc_fetch_session_key(p, &session_key);
510 if (!NT_STATUS_IS_OK(status)) {
511 printf("SetUserInfo level %u - no session key - %s\n",
512 s.in.level, nt_errstr(status));
516 arcfour_crypt_blob(u.info24.password.data, 516, &session_key);
518 printf("Testing SetUserInfo level 24 (set password)\n");
520 status = dcerpc_samr_SetUserInfo(p, mem_ctx, &s);
521 if (!NT_STATUS_IS_OK(status)) {
522 printf("SetUserInfo level %u failed - %s\n",
523 s.in.level, nt_errstr(status));
533 static BOOL test_SetUserPass_23(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
534 struct policy_handle *handle, uint32_t fields_present,
538 struct samr_SetUserInfo s;
539 union samr_UserInfo u;
541 DATA_BLOB session_key;
543 struct samr_GetUserPwInfo pwp;
544 int policy_min_pw_len = 0;
545 pwp.in.user_handle = handle;
547 status = dcerpc_samr_GetUserPwInfo(p, mem_ctx, &pwp);
548 if (NT_STATUS_IS_OK(status)) {
549 policy_min_pw_len = pwp.out.info.min_password_length;
551 newpass = samr_rand_pass(mem_ctx, policy_min_pw_len);
553 s.in.user_handle = handle;
559 u.info23.info.fields_present = fields_present;
561 encode_pw_buffer(u.info23.password.data, newpass, STR_UNICODE);
563 status = dcerpc_fetch_session_key(p, &session_key);
564 if (!NT_STATUS_IS_OK(status)) {
565 printf("SetUserInfo level %u - no session key - %s\n",
566 s.in.level, nt_errstr(status));
570 arcfour_crypt_blob(u.info23.password.data, 516, &session_key);
572 printf("Testing SetUserInfo level 23 (set password)\n");
574 status = dcerpc_samr_SetUserInfo(p, mem_ctx, &s);
575 if (!NT_STATUS_IS_OK(status)) {
576 printf("SetUserInfo level %u failed - %s\n",
577 s.in.level, nt_errstr(status));
583 encode_pw_buffer(u.info23.password.data, newpass, STR_UNICODE);
585 status = dcerpc_fetch_session_key(p, &session_key);
586 if (!NT_STATUS_IS_OK(status)) {
587 printf("SetUserInfo level %u - no session key - %s\n",
588 s.in.level, nt_errstr(status));
592 /* This should break the key nicely */
593 session_key.length--;
594 arcfour_crypt_blob(u.info23.password.data, 516, &session_key);
596 printf("Testing SetUserInfo level 23 (set password) with wrong password\n");
598 status = dcerpc_samr_SetUserInfo(p, mem_ctx, &s);
599 if (!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
600 printf("SetUserInfo level %u should have failed with WRONG_PASSWORD- %s\n",
601 s.in.level, nt_errstr(status));
609 static BOOL test_SetUserPassEx(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
610 struct policy_handle *handle, char **password)
613 struct samr_SetUserInfo s;
614 union samr_UserInfo u;
616 DATA_BLOB session_key;
617 DATA_BLOB confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16);
618 uint8_t confounder[16];
620 struct MD5Context ctx;
621 struct samr_GetUserPwInfo pwp;
622 int policy_min_pw_len = 0;
623 pwp.in.user_handle = handle;
625 status = dcerpc_samr_GetUserPwInfo(p, mem_ctx, &pwp);
626 if (NT_STATUS_IS_OK(status)) {
627 policy_min_pw_len = pwp.out.info.min_password_length;
629 newpass = samr_rand_pass(mem_ctx, policy_min_pw_len);
631 s.in.user_handle = handle;
635 encode_pw_buffer(u.info26.password.data, newpass, STR_UNICODE);
636 u.info26.pw_len = strlen(newpass);
638 status = dcerpc_fetch_session_key(p, &session_key);
639 if (!NT_STATUS_IS_OK(status)) {
640 printf("SetUserInfo level %u - no session key - %s\n",
641 s.in.level, nt_errstr(status));
645 generate_random_buffer((uint8_t *)confounder, 16);
648 MD5Update(&ctx, confounder, 16);
649 MD5Update(&ctx, session_key.data, session_key.length);
650 MD5Final(confounded_session_key.data, &ctx);
652 arcfour_crypt_blob(u.info26.password.data, 516, &confounded_session_key);
653 memcpy(&u.info26.password.data[516], confounder, 16);
655 printf("Testing SetUserInfo level 26 (set password ex)\n");
657 status = dcerpc_samr_SetUserInfo(p, mem_ctx, &s);
658 if (!NT_STATUS_IS_OK(status)) {
659 printf("SetUserInfo level %u failed - %s\n",
660 s.in.level, nt_errstr(status));
666 /* This should break the key nicely */
667 confounded_session_key.data[0]++;
669 arcfour_crypt_blob(u.info26.password.data, 516, &confounded_session_key);
670 memcpy(&u.info26.password.data[516], confounder, 16);
672 printf("Testing SetUserInfo level 26 (set password ex) with wrong session key\n");
674 status = dcerpc_samr_SetUserInfo(p, mem_ctx, &s);
675 if (!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
676 printf("SetUserInfo level %u should have failed with WRONG_PASSWORD- %s\n",
677 s.in.level, nt_errstr(status));
686 static BOOL test_SetUserPass_25(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
687 struct policy_handle *handle, uint32_t fields_present,
691 struct samr_SetUserInfo s;
692 union samr_UserInfo u;
694 DATA_BLOB session_key;
695 DATA_BLOB confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16);
696 struct MD5Context ctx;
697 uint8_t confounder[16];
699 struct samr_GetUserPwInfo pwp;
700 int policy_min_pw_len = 0;
701 pwp.in.user_handle = handle;
703 status = dcerpc_samr_GetUserPwInfo(p, mem_ctx, &pwp);
704 if (NT_STATUS_IS_OK(status)) {
705 policy_min_pw_len = pwp.out.info.min_password_length;
707 newpass = samr_rand_pass(mem_ctx, policy_min_pw_len);
709 s.in.user_handle = handle;
715 u.info25.info.fields_present = fields_present;
717 encode_pw_buffer(u.info25.password.data, newpass, STR_UNICODE);
719 status = dcerpc_fetch_session_key(p, &session_key);
720 if (!NT_STATUS_IS_OK(status)) {
721 printf("SetUserInfo level %u - no session key - %s\n",
722 s.in.level, nt_errstr(status));
726 generate_random_buffer((uint8_t *)confounder, 16);
729 MD5Update(&ctx, confounder, 16);
730 MD5Update(&ctx, session_key.data, session_key.length);
731 MD5Final(confounded_session_key.data, &ctx);
733 arcfour_crypt_blob(u.info25.password.data, 516, &confounded_session_key);
734 memcpy(&u.info25.password.data[516], confounder, 16);
736 printf("Testing SetUserInfo level 25 (set password ex)\n");
738 status = dcerpc_samr_SetUserInfo(p, mem_ctx, &s);
739 if (!NT_STATUS_IS_OK(status)) {
740 printf("SetUserInfo level %u failed - %s\n",
741 s.in.level, nt_errstr(status));
747 /* This should break the key nicely */
748 confounded_session_key.data[0]++;
750 arcfour_crypt_blob(u.info25.password.data, 516, &confounded_session_key);
751 memcpy(&u.info25.password.data[516], confounder, 16);
753 printf("Testing SetUserInfo level 25 (set password ex) with wrong session key\n");
755 status = dcerpc_samr_SetUserInfo(p, mem_ctx, &s);
756 if (!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
757 printf("SetUserInfo level %u should have failed with WRONG_PASSWORD- %s\n",
758 s.in.level, nt_errstr(status));
765 static BOOL test_SetAliasInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
766 struct policy_handle *handle)
769 struct samr_SetAliasInfo r;
770 struct samr_QueryAliasInfo q;
771 uint16_t levels[] = {2, 3};
775 /* Ignoring switch level 1, as that includes the number of members for the alias
776 * and setting this to a wrong value might have negative consequences
779 for (i=0;i<ARRAY_SIZE(levels);i++) {
780 printf("Testing SetAliasInfo level %u\n", levels[i]);
782 r.in.alias_handle = handle;
783 r.in.level = levels[i];
784 r.in.info = talloc(mem_ctx, union samr_AliasInfo);
785 switch (r.in.level) {
786 case ALIASINFONAME: init_lsa_String(&r.in.info->name,TEST_ALIASNAME); break;
787 case ALIASINFODESCRIPTION: init_lsa_String(&r.in.info->description,
788 "Test Description, should test I18N as well"); break;
791 status = dcerpc_samr_SetAliasInfo(p, mem_ctx, &r);
792 if (!NT_STATUS_IS_OK(status)) {
793 printf("SetAliasInfo level %u failed - %s\n",
794 levels[i], nt_errstr(status));
798 q.in.alias_handle = handle;
799 q.in.level = levels[i];
801 status = dcerpc_samr_QueryAliasInfo(p, mem_ctx, &q);
802 if (!NT_STATUS_IS_OK(status)) {
803 printf("QueryAliasInfo level %u failed - %s\n",
804 levels[i], nt_errstr(status));
812 static BOOL test_GetGroupsForUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
813 struct policy_handle *user_handle)
815 struct samr_GetGroupsForUser r;
819 printf("testing GetGroupsForUser\n");
821 r.in.user_handle = user_handle;
823 status = dcerpc_samr_GetGroupsForUser(p, mem_ctx, &r);
824 if (!NT_STATUS_IS_OK(status)) {
825 printf("GetGroupsForUser failed - %s\n",nt_errstr(status));
833 static BOOL test_GetDomPwInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
834 struct lsa_String *domain_name)
837 struct samr_GetDomPwInfo r;
840 r.in.domain_name = domain_name;
841 printf("Testing GetDomPwInfo with name %s\n", r.in.domain_name->string);
843 status = dcerpc_samr_GetDomPwInfo(p, mem_ctx, &r);
844 if (!NT_STATUS_IS_OK(status)) {
845 printf("GetDomPwInfo failed - %s\n", nt_errstr(status));
849 r.in.domain_name->string = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
850 printf("Testing GetDomPwInfo with name %s\n", r.in.domain_name->string);
852 status = dcerpc_samr_GetDomPwInfo(p, mem_ctx, &r);
853 if (!NT_STATUS_IS_OK(status)) {
854 printf("GetDomPwInfo failed - %s\n", nt_errstr(status));
858 r.in.domain_name->string = "\\\\__NONAME__";
859 printf("Testing GetDomPwInfo with name %s\n", r.in.domain_name->string);
861 status = dcerpc_samr_GetDomPwInfo(p, mem_ctx, &r);
862 if (!NT_STATUS_IS_OK(status)) {
863 printf("GetDomPwInfo failed - %s\n", nt_errstr(status));
867 r.in.domain_name->string = "\\\\Builtin";
868 printf("Testing GetDomPwInfo with name %s\n", r.in.domain_name->string);
870 status = dcerpc_samr_GetDomPwInfo(p, mem_ctx, &r);
871 if (!NT_STATUS_IS_OK(status)) {
872 printf("GetDomPwInfo failed - %s\n", nt_errstr(status));
880 static BOOL test_GetUserPwInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
881 struct policy_handle *handle)
884 struct samr_GetUserPwInfo r;
887 printf("Testing GetUserPwInfo\n");
889 r.in.user_handle = handle;
891 status = dcerpc_samr_GetUserPwInfo(p, mem_ctx, &r);
892 if (!NT_STATUS_IS_OK(status)) {
893 printf("GetUserPwInfo failed - %s\n", nt_errstr(status));
900 static NTSTATUS test_LookupName(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
901 struct policy_handle *domain_handle, const char *name,
905 struct samr_LookupNames n;
906 struct lsa_String sname[2];
908 init_lsa_String(&sname[0], name);
910 n.in.domain_handle = domain_handle;
913 status = dcerpc_samr_LookupNames(p, mem_ctx, &n);
914 if (NT_STATUS_IS_OK(status)) {
915 *rid = n.out.rids.ids[0];
920 init_lsa_String(&sname[1], "xxNONAMExx");
922 status = dcerpc_samr_LookupNames(p, mem_ctx, &n);
923 if (!NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) {
924 printf("LookupNames[2] failed - %s\n", nt_errstr(status));
925 if (NT_STATUS_IS_OK(status)) {
926 return NT_STATUS_UNSUCCESSFUL;
932 status = dcerpc_samr_LookupNames(p, mem_ctx, &n);
933 if (!NT_STATUS_IS_OK(status)) {
934 printf("LookupNames[0] failed - %s\n", nt_errstr(status));
938 init_lsa_String(&sname[0], "xxNONAMExx");
940 status = dcerpc_samr_LookupNames(p, mem_ctx, &n);
941 if (!NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)) {
942 printf("LookupNames[1 bad name] failed - %s\n", nt_errstr(status));
943 if (NT_STATUS_IS_OK(status)) {
944 return NT_STATUS_UNSUCCESSFUL;
949 init_lsa_String(&sname[0], "xxNONAMExx");
950 init_lsa_String(&sname[1], "xxNONAME2xx");
952 status = dcerpc_samr_LookupNames(p, mem_ctx, &n);
953 if (!NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)) {
954 printf("LookupNames[2 bad names] failed - %s\n", nt_errstr(status));
955 if (NT_STATUS_IS_OK(status)) {
956 return NT_STATUS_UNSUCCESSFUL;
964 static NTSTATUS test_OpenUser_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
965 struct policy_handle *domain_handle,
966 const char *name, struct policy_handle *user_handle)
969 struct samr_OpenUser r;
972 status = test_LookupName(p, mem_ctx, domain_handle, name, &rid);
973 if (!NT_STATUS_IS_OK(status)) {
977 r.in.domain_handle = domain_handle;
978 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
980 r.out.user_handle = user_handle;
981 status = dcerpc_samr_OpenUser(p, mem_ctx, &r);
982 if (!NT_STATUS_IS_OK(status)) {
983 printf("OpenUser_byname(%s -> %d) failed - %s\n", name, rid, nt_errstr(status));
990 static BOOL test_ChangePasswordNT3(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
991 struct policy_handle *handle)
994 struct samr_ChangePasswordUser r;
996 struct samr_Password hash1, hash2, hash3, hash4, hash5, hash6;
997 struct policy_handle user_handle;
998 char *oldpass = "test";
999 char *newpass = "test2";
1000 uint8_t old_nt_hash[16], new_nt_hash[16];
1001 uint8_t old_lm_hash[16], new_lm_hash[16];
1003 status = test_OpenUser_byname(p, mem_ctx, handle, "testuser", &user_handle);
1004 if (!NT_STATUS_IS_OK(status)) {
1008 printf("Testing ChangePasswordUser for user 'testuser'\n");
1010 printf("old password: %s\n", oldpass);
1011 printf("new password: %s\n", newpass);
1013 E_md4hash(oldpass, old_nt_hash);
1014 E_md4hash(newpass, new_nt_hash);
1015 E_deshash(oldpass, old_lm_hash);
1016 E_deshash(newpass, new_lm_hash);
1018 E_old_pw_hash(new_lm_hash, old_lm_hash, hash1.hash);
1019 E_old_pw_hash(old_lm_hash, new_lm_hash, hash2.hash);
1020 E_old_pw_hash(new_nt_hash, old_nt_hash, hash3.hash);
1021 E_old_pw_hash(old_nt_hash, new_nt_hash, hash4.hash);
1022 E_old_pw_hash(old_lm_hash, new_nt_hash, hash5.hash);
1023 E_old_pw_hash(old_nt_hash, new_lm_hash, hash6.hash);
1025 r.in.handle = &user_handle;
1026 r.in.lm_present = 1;
1027 r.in.old_lm_crypted = &hash1;
1028 r.in.new_lm_crypted = &hash2;
1029 r.in.nt_present = 1;
1030 r.in.old_nt_crypted = &hash3;
1031 r.in.new_nt_crypted = &hash4;
1032 r.in.cross1_present = 1;
1033 r.in.nt_cross = &hash5;
1034 r.in.cross2_present = 1;
1035 r.in.lm_cross = &hash6;
1037 status = dcerpc_samr_ChangePasswordUser(p, mem_ctx, &r);
1038 if (!NT_STATUS_IS_OK(status)) {
1039 printf("ChangePasswordUser failed - %s\n", nt_errstr(status));
1043 if (!test_samr_handle_Close(p, mem_ctx, &user_handle)) {
1051 static BOOL test_ChangePasswordUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1052 const char *acct_name,
1053 struct policy_handle *handle, char **password)
1056 struct samr_ChangePasswordUser r;
1058 struct samr_Password hash1, hash2, hash3, hash4, hash5, hash6;
1059 struct policy_handle user_handle;
1061 uint8_t old_nt_hash[16], new_nt_hash[16];
1062 uint8_t old_lm_hash[16], new_lm_hash[16];
1063 BOOL changed = True;
1066 struct samr_GetUserPwInfo pwp;
1067 int policy_min_pw_len = 0;
1069 status = test_OpenUser_byname(p, mem_ctx, handle, acct_name, &user_handle);
1070 if (!NT_STATUS_IS_OK(status)) {
1073 pwp.in.user_handle = &user_handle;
1075 status = dcerpc_samr_GetUserPwInfo(p, mem_ctx, &pwp);
1076 if (NT_STATUS_IS_OK(status)) {
1077 policy_min_pw_len = pwp.out.info.min_password_length;
1079 newpass = samr_rand_pass(mem_ctx, policy_min_pw_len);
1081 printf("Testing ChangePasswordUser\n");
1084 printf("Failing ChangePasswordUser as old password was NULL. Previous test failed?\n");
1088 oldpass = *password;
1090 E_md4hash(oldpass, old_nt_hash);
1091 E_md4hash(newpass, new_nt_hash);
1092 E_deshash(oldpass, old_lm_hash);
1093 E_deshash(newpass, new_lm_hash);
1095 E_old_pw_hash(new_lm_hash, old_lm_hash, hash1.hash);
1096 E_old_pw_hash(old_lm_hash, new_lm_hash, hash2.hash);
1097 E_old_pw_hash(new_nt_hash, old_nt_hash, hash3.hash);
1098 E_old_pw_hash(old_nt_hash, new_nt_hash, hash4.hash);
1099 E_old_pw_hash(old_lm_hash, new_nt_hash, hash5.hash);
1100 E_old_pw_hash(old_nt_hash, new_lm_hash, hash6.hash);
1102 r.in.user_handle = &user_handle;
1103 r.in.lm_present = 1;
1104 r.in.old_lm_crypted = &hash1;
1105 r.in.new_lm_crypted = &hash2;
1106 r.in.nt_present = 1;
1107 r.in.old_nt_crypted = &hash3;
1108 r.in.new_nt_crypted = &hash4;
1109 r.in.cross1_present = 1;
1110 r.in.nt_cross = &hash5;
1111 r.in.cross2_present = 0;
1112 r.in.lm_cross = NULL;
1114 status = dcerpc_samr_ChangePasswordUser(p, mem_ctx, &r);
1115 if (!NT_STATUS_EQUAL(status, NT_STATUS_LM_CROSS_ENCRYPTION_REQUIRED)) {
1116 printf("ChangePasswordUser failed: expected NT_STATUS_LM_CROSS_ENCRYPTION_REQUIRED, got %s\n", nt_errstr(status));
1121 r.in.user_handle = &user_handle;
1122 r.in.lm_present = 1;
1123 r.in.old_lm_crypted = &hash1;
1124 r.in.new_lm_crypted = &hash2;
1125 r.in.nt_present = 1;
1126 r.in.old_nt_crypted = &hash3;
1127 r.in.new_nt_crypted = &hash4;
1128 r.in.cross1_present = 0;
1129 r.in.nt_cross = NULL;
1130 r.in.cross2_present = 1;
1131 r.in.lm_cross = &hash6;
1133 status = dcerpc_samr_ChangePasswordUser(p, mem_ctx, &r);
1134 if (!NT_STATUS_EQUAL(status, NT_STATUS_NT_CROSS_ENCRYPTION_REQUIRED)) {
1135 printf("ChangePasswordUser failed: expected NT_STATUS_NT_CROSS_ENCRYPTION_REQUIRED, got %s\n", nt_errstr(status));
1139 r.in.user_handle = &user_handle;
1140 r.in.lm_present = 1;
1141 /* Break the LM hash */
1143 r.in.old_lm_crypted = &hash1;
1144 r.in.new_lm_crypted = &hash2;
1145 r.in.nt_present = 1;
1146 r.in.old_nt_crypted = &hash3;
1147 r.in.new_nt_crypted = &hash4;
1148 r.in.cross1_present = 1;
1149 r.in.nt_cross = &hash5;
1150 r.in.cross2_present = 1;
1151 r.in.lm_cross = &hash6;
1153 status = dcerpc_samr_ChangePasswordUser(p, mem_ctx, &r);
1154 if (!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
1155 printf("ChangePasswordUser failed: expected NT_STATUS_WRONG_PASSWORD because we broke the LM hash, got %s\n", nt_errstr(status));
1159 /* Unbreak the LM hash */
1162 r.in.user_handle = &user_handle;
1163 r.in.lm_present = 1;
1164 r.in.old_lm_crypted = &hash1;
1165 r.in.new_lm_crypted = &hash2;
1166 /* Break the NT hash */
1168 r.in.nt_present = 1;
1169 r.in.old_nt_crypted = &hash3;
1170 r.in.new_nt_crypted = &hash4;
1171 r.in.cross1_present = 1;
1172 r.in.nt_cross = &hash5;
1173 r.in.cross2_present = 1;
1174 r.in.lm_cross = &hash6;
1176 status = dcerpc_samr_ChangePasswordUser(p, mem_ctx, &r);
1177 if (!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
1178 printf("ChangePasswordUser failed: expected NT_STATUS_WRONG_PASSWORD because we broke the NT hash, got %s\n", nt_errstr(status));
1182 /* Unbreak the NT hash */
1185 r.in.user_handle = &user_handle;
1186 r.in.lm_present = 1;
1187 r.in.old_lm_crypted = &hash1;
1188 r.in.new_lm_crypted = &hash2;
1189 r.in.nt_present = 1;
1190 r.in.old_nt_crypted = &hash3;
1191 r.in.new_nt_crypted = &hash4;
1192 r.in.cross1_present = 1;
1193 r.in.nt_cross = &hash5;
1194 r.in.cross2_present = 1;
1195 /* Break the LM cross */
1197 r.in.lm_cross = &hash6;
1199 status = dcerpc_samr_ChangePasswordUser(p, mem_ctx, &r);
1200 if (!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
1201 printf("ChangePasswordUser failed: expected NT_STATUS_WRONG_PASSWORD because we broke the LM cross-hash, got %s\n", nt_errstr(status));
1205 /* Unbreak the LM cross */
1208 r.in.user_handle = &user_handle;
1209 r.in.lm_present = 1;
1210 r.in.old_lm_crypted = &hash1;
1211 r.in.new_lm_crypted = &hash2;
1212 r.in.nt_present = 1;
1213 r.in.old_nt_crypted = &hash3;
1214 r.in.new_nt_crypted = &hash4;
1215 r.in.cross1_present = 1;
1216 /* Break the NT cross */
1218 r.in.nt_cross = &hash5;
1219 r.in.cross2_present = 1;
1220 r.in.lm_cross = &hash6;
1222 status = dcerpc_samr_ChangePasswordUser(p, mem_ctx, &r);
1223 if (!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
1224 printf("ChangePasswordUser failed: expected NT_STATUS_WRONG_PASSWORD because we broke the NT cross-hash, got %s\n", nt_errstr(status));
1228 /* Unbreak the NT cross */
1231 /* Reset the hashes to not broken values */
1232 E_old_pw_hash(new_lm_hash, old_lm_hash, hash1.hash);
1233 E_old_pw_hash(old_lm_hash, new_lm_hash, hash2.hash);
1234 E_old_pw_hash(new_nt_hash, old_nt_hash, hash3.hash);
1235 E_old_pw_hash(old_nt_hash, new_nt_hash, hash4.hash);
1236 E_old_pw_hash(old_lm_hash, new_nt_hash, hash5.hash);
1237 E_old_pw_hash(old_nt_hash, new_lm_hash, hash6.hash);
1239 r.in.user_handle = &user_handle;
1240 r.in.lm_present = 1;
1241 r.in.old_lm_crypted = &hash1;
1242 r.in.new_lm_crypted = &hash2;
1243 r.in.nt_present = 1;
1244 r.in.old_nt_crypted = &hash3;
1245 r.in.new_nt_crypted = &hash4;
1246 r.in.cross1_present = 1;
1247 r.in.nt_cross = &hash5;
1248 r.in.cross2_present = 1;
1249 r.in.lm_cross = &hash6;
1251 status = dcerpc_samr_ChangePasswordUser(p, mem_ctx, &r);
1252 if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) {
1253 printf("ChangePasswordUser returned: %s perhaps min password age? (not fatal)\n", nt_errstr(status));
1254 } else if (!NT_STATUS_IS_OK(status)) {
1255 printf("ChangePasswordUser failed - %s\n", nt_errstr(status));
1259 *password = newpass;
1262 r.in.user_handle = &user_handle;
1263 r.in.lm_present = 1;
1264 r.in.old_lm_crypted = &hash1;
1265 r.in.new_lm_crypted = &hash2;
1266 r.in.nt_present = 1;
1267 r.in.old_nt_crypted = &hash3;
1268 r.in.new_nt_crypted = &hash4;
1269 r.in.cross1_present = 1;
1270 r.in.nt_cross = &hash5;
1271 r.in.cross2_present = 1;
1272 r.in.lm_cross = &hash6;
1275 status = dcerpc_samr_ChangePasswordUser(p, mem_ctx, &r);
1276 if (!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
1277 printf("ChangePasswordUser failed: expected NT_STATUS_WRONG_PASSWORD because we already changed the password, got %s\n", nt_errstr(status));
1282 if (!test_samr_handle_Close(p, mem_ctx, &user_handle)) {
1290 static BOOL test_OemChangePasswordUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1291 const char *acct_name,
1292 struct policy_handle *handle, char **password)
1295 struct samr_OemChangePasswordUser2 r;
1297 struct samr_Password lm_verifier;
1298 struct samr_CryptPassword lm_pass;
1299 struct lsa_AsciiString server, account, account_bad;
1302 uint8_t old_lm_hash[16], new_lm_hash[16];
1304 struct samr_GetDomPwInfo dom_pw_info;
1305 int policy_min_pw_len = 0;
1307 struct lsa_String domain_name;
1309 domain_name.string = "";
1310 dom_pw_info.in.domain_name = &domain_name;
1312 printf("Testing OemChangePasswordUser2\n");
1315 printf("Failing OemChangePasswordUser2 as old password was NULL. Previous test failed?\n");
1319 oldpass = *password;
1321 status = dcerpc_samr_GetDomPwInfo(p, mem_ctx, &dom_pw_info);
1322 if (NT_STATUS_IS_OK(status)) {
1323 policy_min_pw_len = dom_pw_info.out.info.min_password_length;
1326 newpass = samr_rand_pass(mem_ctx, policy_min_pw_len);
1328 server.string = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
1329 account.string = acct_name;
1331 E_deshash(oldpass, old_lm_hash);
1332 E_deshash(newpass, new_lm_hash);
1334 encode_pw_buffer(lm_pass.data, newpass, STR_ASCII);
1335 arcfour_crypt(lm_pass.data, old_lm_hash, 516);
1336 E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash);
1338 r.in.server = &server;
1339 r.in.account = &account;
1340 r.in.password = &lm_pass;
1341 r.in.hash = &lm_verifier;
1343 /* Break the verification */
1344 lm_verifier.hash[0]++;
1346 status = dcerpc_samr_OemChangePasswordUser2(p, mem_ctx, &r);
1348 if (!NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)
1349 && !NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
1350 printf("ChangePasswordUser3 failed, should have returned WRONG_PASSWORD (or at least 'PASSWORD_RESTRICTON') for invalid password verifier - %s\n",
1355 encode_pw_buffer(lm_pass.data, newpass, STR_ASCII);
1356 /* Break the old password */
1358 arcfour_crypt(lm_pass.data, old_lm_hash, 516);
1359 /* unbreak it for the next operation */
1361 E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash);
1363 r.in.server = &server;
1364 r.in.account = &account;
1365 r.in.password = &lm_pass;
1366 r.in.hash = &lm_verifier;
1368 status = dcerpc_samr_OemChangePasswordUser2(p, mem_ctx, &r);
1370 if (!NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)
1371 && !NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
1372 printf("ChangePasswordUser3 failed, should have returned WRONG_PASSWORD (or at least 'PASSWORD_RESTRICTON') for invalidly encrpted password - %s\n",
1377 encode_pw_buffer(lm_pass.data, newpass, STR_ASCII);
1378 arcfour_crypt(lm_pass.data, old_lm_hash, 516);
1380 r.in.server = &server;
1381 r.in.account = &account;
1382 r.in.password = &lm_pass;
1385 status = dcerpc_samr_OemChangePasswordUser2(p, mem_ctx, &r);
1387 if (!NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)
1388 && !NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
1389 printf("ChangePasswordUser3 failed, should have returned WRONG_PASSWORD (or at least 'PASSWORD_RESTRICTON') for no supplied validation hash - %s\n",
1394 /* This shouldn't be a valid name */
1395 account_bad.string = TEST_ACCOUNT_NAME "XX";
1396 r.in.account = &account_bad;
1398 status = dcerpc_samr_OemChangePasswordUser2(p, mem_ctx, &r);
1400 if (!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
1401 printf("ChangePasswordUser3 failed, should have returned WRONG_PASSWORD for invalid user - %s\n",
1406 E_deshash(oldpass, old_lm_hash);
1407 E_deshash(newpass, new_lm_hash);
1409 encode_pw_buffer(lm_pass.data, newpass, STR_ASCII);
1410 arcfour_crypt(lm_pass.data, old_lm_hash, 516);
1411 E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash);
1413 r.in.server = &server;
1414 r.in.account = &account;
1415 r.in.password = &lm_pass;
1416 r.in.hash = &lm_verifier;
1418 status = dcerpc_samr_OemChangePasswordUser2(p, mem_ctx, &r);
1419 if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) {
1420 printf("OemChangePasswordUser2 returned: %s perhaps min password age? (not fatal)\n", nt_errstr(status));
1421 } else if (!NT_STATUS_IS_OK(status)) {
1422 printf("OemChangePasswordUser2 failed - %s\n", nt_errstr(status));
1425 *password = newpass;
1432 static BOOL test_ChangePasswordUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1433 const char *acct_name,
1434 struct policy_handle *handle, char **password)
1437 struct samr_ChangePasswordUser2 r;
1439 struct lsa_String server, account;
1440 struct samr_CryptPassword nt_pass, lm_pass;
1441 struct samr_Password nt_verifier, lm_verifier;
1444 uint8_t old_nt_hash[16], new_nt_hash[16];
1445 uint8_t old_lm_hash[16], new_lm_hash[16];
1447 struct samr_GetDomPwInfo dom_pw_info;
1448 int policy_min_pw_len = 0;
1450 struct lsa_String domain_name;
1453 domain_name.string = "";
1454 dom_pw_info.in.domain_name = &domain_name;
1456 printf("Testing ChangePasswordUser2\n");
1459 printf("Failing ChangePasswordUser3 as old password was NULL. Previous test failed?\n");
1462 oldpass = *password;
1464 status = dcerpc_samr_GetDomPwInfo(p, mem_ctx, &dom_pw_info);
1465 if (NT_STATUS_IS_OK(status)) {
1466 policy_min_pw_len = dom_pw_info.out.info.min_password_length;
1469 newpass = samr_rand_pass(mem_ctx, policy_min_pw_len);
1471 server.string = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
1472 init_lsa_String(&account, acct_name);
1474 E_md4hash(oldpass, old_nt_hash);
1475 E_md4hash(newpass, new_nt_hash);
1477 E_deshash(oldpass, old_lm_hash);
1478 E_deshash(newpass, new_lm_hash);
1480 encode_pw_buffer(lm_pass.data, newpass, STR_ASCII|STR_TERMINATE);
1481 arcfour_crypt(lm_pass.data, old_lm_hash, 516);
1482 E_old_pw_hash(new_nt_hash, old_lm_hash, lm_verifier.hash);
1484 encode_pw_buffer(nt_pass.data, newpass, STR_UNICODE);
1485 arcfour_crypt(nt_pass.data, old_nt_hash, 516);
1486 E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
1488 r.in.server = &server;
1489 r.in.account = &account;
1490 r.in.nt_password = &nt_pass;
1491 r.in.nt_verifier = &nt_verifier;
1493 r.in.lm_password = &lm_pass;
1494 r.in.lm_verifier = &lm_verifier;
1496 status = dcerpc_samr_ChangePasswordUser2(p, mem_ctx, &r);
1497 if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) {
1498 printf("ChangePasswordUser2 returned: %s perhaps min password age? (not fatal)\n", nt_errstr(status));
1499 } else if (!NT_STATUS_IS_OK(status)) {
1500 printf("ChangePasswordUser2 failed - %s\n", nt_errstr(status));
1503 *password = newpass;
1510 BOOL test_ChangePasswordUser3(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1511 const char *account_string,
1512 int policy_min_pw_len,
1514 const char *newpass,
1515 NTTIME last_password_change,
1516 BOOL handle_reject_reason)
1519 struct samr_ChangePasswordUser3 r;
1521 struct lsa_String server, account, account_bad;
1522 struct samr_CryptPassword nt_pass, lm_pass;
1523 struct samr_Password nt_verifier, lm_verifier;
1525 uint8_t old_nt_hash[16], new_nt_hash[16];
1526 uint8_t old_lm_hash[16], new_lm_hash[16];
1529 printf("Testing ChangePasswordUser3\n");
1531 if (newpass == NULL) {
1533 if (policy_min_pw_len == 0) {
1534 newpass = samr_rand_pass(mem_ctx, policy_min_pw_len);
1536 newpass = samr_rand_pass_fixed_len(mem_ctx, policy_min_pw_len);
1538 } while (check_password_quality(newpass) == False);
1540 printf("Using password '%s'\n", newpass);
1544 printf("Failing ChangePasswordUser3 as old password was NULL. Previous test failed?\n");
1548 oldpass = *password;
1549 server.string = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
1550 init_lsa_String(&account, account_string);
1552 E_md4hash(oldpass, old_nt_hash);
1553 E_md4hash(newpass, new_nt_hash);
1555 E_deshash(oldpass, old_lm_hash);
1556 E_deshash(newpass, new_lm_hash);
1558 encode_pw_buffer(lm_pass.data, newpass, STR_UNICODE);
1559 arcfour_crypt(lm_pass.data, old_nt_hash, 516);
1560 E_old_pw_hash(new_nt_hash, old_lm_hash, lm_verifier.hash);
1562 encode_pw_buffer(nt_pass.data, newpass, STR_UNICODE);
1563 arcfour_crypt(nt_pass.data, old_nt_hash, 516);
1564 E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
1566 /* Break the verification */
1567 nt_verifier.hash[0]++;
1569 r.in.server = &server;
1570 r.in.account = &account;
1571 r.in.nt_password = &nt_pass;
1572 r.in.nt_verifier = &nt_verifier;
1574 r.in.lm_password = &lm_pass;
1575 r.in.lm_verifier = &lm_verifier;
1576 r.in.password3 = NULL;
1578 status = dcerpc_samr_ChangePasswordUser3(p, mem_ctx, &r);
1579 if (!NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION) &&
1580 (!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD))) {
1581 printf("ChangePasswordUser3 failed, should have returned WRONG_PASSWORD (or at least 'PASSWORD_RESTRICTON') for invalid password verifier - %s\n",
1586 encode_pw_buffer(lm_pass.data, newpass, STR_UNICODE);
1587 arcfour_crypt(lm_pass.data, old_nt_hash, 516);
1588 E_old_pw_hash(new_nt_hash, old_lm_hash, lm_verifier.hash);
1590 encode_pw_buffer(nt_pass.data, newpass, STR_UNICODE);
1591 /* Break the NT hash */
1593 arcfour_crypt(nt_pass.data, old_nt_hash, 516);
1594 /* Unbreak it again */
1596 E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
1598 r.in.server = &server;
1599 r.in.account = &account;
1600 r.in.nt_password = &nt_pass;
1601 r.in.nt_verifier = &nt_verifier;
1603 r.in.lm_password = &lm_pass;
1604 r.in.lm_verifier = &lm_verifier;
1605 r.in.password3 = NULL;
1607 status = dcerpc_samr_ChangePasswordUser3(p, mem_ctx, &r);
1608 if (!NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION) &&
1609 (!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD))) {
1610 printf("ChangePasswordUser3 failed, should have returned WRONG_PASSWORD (or at least 'PASSWORD_RESTRICTON') for invalidly encrpted password - %s\n",
1615 /* This shouldn't be a valid name */
1616 init_lsa_String(&account_bad, talloc_asprintf(mem_ctx, "%sXX", account_string));
1618 r.in.account = &account_bad;
1619 status = dcerpc_samr_ChangePasswordUser3(p, mem_ctx, &r);
1620 if (!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
1621 printf("ChangePasswordUser3 failed, should have returned WRONG_PASSWORD for invalid username - %s\n",
1626 E_md4hash(oldpass, old_nt_hash);
1627 E_md4hash(newpass, new_nt_hash);
1629 E_deshash(oldpass, old_lm_hash);
1630 E_deshash(newpass, new_lm_hash);
1632 encode_pw_buffer(lm_pass.data, newpass, STR_UNICODE);
1633 arcfour_crypt(lm_pass.data, old_nt_hash, 516);
1634 E_old_pw_hash(new_nt_hash, old_lm_hash, lm_verifier.hash);
1636 encode_pw_buffer(nt_pass.data, newpass, STR_UNICODE);
1637 arcfour_crypt(nt_pass.data, old_nt_hash, 516);
1638 E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
1640 r.in.server = &server;
1641 r.in.account = &account;
1642 r.in.nt_password = &nt_pass;
1643 r.in.nt_verifier = &nt_verifier;
1645 r.in.lm_password = &lm_pass;
1646 r.in.lm_verifier = &lm_verifier;
1647 r.in.password3 = NULL;
1649 unix_to_nt_time(&t, time(NULL));
1651 status = dcerpc_samr_ChangePasswordUser3(p, mem_ctx, &r);
1653 if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION) &&
1654 r.out.dominfo && r.out.reject && handle_reject_reason) {
1656 if (r.out.dominfo->password_properties & DOMAIN_REFUSE_PASSWORD_CHANGE ) {
1658 if (r.out.reject && (r.out.reject->reason != SAMR_REJECT_OTHER)) {
1659 printf("expected SAMR_REJECT_OTHER (%d), got %d\n",
1660 SAMR_REJECT_OTHER, r.out.reject->reason);
1665 /* We tested the order of precendence which is as follows:
1674 if ((r.out.dominfo->min_password_age > 0) && !null_nttime(last_password_change) &&
1675 (last_password_change + r.out.dominfo->min_password_age > t)) {
1677 if (r.out.reject->reason != SAMR_REJECT_OTHER) {
1678 printf("expected SAMR_REJECT_OTHER (%d), got %d\n",
1679 SAMR_REJECT_OTHER, r.out.reject->reason);
1683 } else if ((r.out.dominfo->min_password_length > 0) &&
1684 (strlen(newpass) < r.out.dominfo->min_password_length)) {
1686 if (r.out.reject->reason != SAMR_REJECT_TOO_SHORT) {
1687 printf("expected SAMR_REJECT_TOO_SHORT (%d), got %d\n",
1688 SAMR_REJECT_TOO_SHORT, r.out.reject->reason);
1692 } else if ((r.out.dominfo->password_history_length > 0) &&
1693 strequal(oldpass, newpass)) {
1695 if (r.out.reject->reason != SAMR_REJECT_IN_HISTORY) {
1696 printf("expected SAMR_REJECT_IN_HISTORY (%d), got %d\n",
1697 SAMR_REJECT_IN_HISTORY, r.out.reject->reason);
1700 } else if (r.out.dominfo->password_properties & DOMAIN_PASSWORD_COMPLEX) {
1702 if (r.out.reject->reason != SAMR_REJECT_COMPLEXITY) {
1703 printf("expected SAMR_REJECT_COMPLEXITY (%d), got %d\n",
1704 SAMR_REJECT_COMPLEXITY, r.out.reject->reason);
1710 if (r.out.reject->reason == SAMR_REJECT_TOO_SHORT) {
1711 /* retry with adjusted size */
1712 return test_ChangePasswordUser3(p, mem_ctx, account_string,
1713 r.out.dominfo->min_password_length,
1714 password, NULL, 0, False);
1718 } else if (!NT_STATUS_IS_OK(status)) {
1719 printf("ChangePasswordUser3 failed - %s\n", nt_errstr(status));
1722 *password = talloc_strdup(mem_ctx, newpass);
1729 static BOOL test_GetMembersInAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1730 struct policy_handle *alias_handle)
1732 struct samr_GetMembersInAlias r;
1733 struct lsa_SidArray sids;
1737 printf("Testing GetMembersInAlias\n");
1739 r.in.alias_handle = alias_handle;
1742 status = dcerpc_samr_GetMembersInAlias(p, mem_ctx, &r);
1743 if (!NT_STATUS_IS_OK(status)) {
1744 printf("GetMembersInAlias failed - %s\n",
1752 static BOOL test_AddMemberToAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1753 struct policy_handle *alias_handle,
1754 const struct dom_sid *domain_sid)
1756 struct samr_AddAliasMember r;
1757 struct samr_DeleteAliasMember d;
1760 struct dom_sid *sid;
1762 sid = dom_sid_add_rid(mem_ctx, domain_sid, 512);
1764 printf("testing AddAliasMember\n");
1765 r.in.alias_handle = alias_handle;
1768 status = dcerpc_samr_AddAliasMember(p, mem_ctx, &r);
1769 if (!NT_STATUS_IS_OK(status)) {
1770 printf("AddAliasMember failed - %s\n", nt_errstr(status));
1774 d.in.alias_handle = alias_handle;
1777 status = dcerpc_samr_DeleteAliasMember(p, mem_ctx, &d);
1778 if (!NT_STATUS_IS_OK(status)) {
1779 printf("DelAliasMember failed - %s\n", nt_errstr(status));
1786 static BOOL test_AddMultipleMembersToAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1787 struct policy_handle *alias_handle)
1789 struct samr_AddMultipleMembersToAlias a;
1790 struct samr_RemoveMultipleMembersFromAlias r;
1793 struct lsa_SidArray sids;
1795 printf("testing AddMultipleMembersToAlias\n");
1796 a.in.alias_handle = alias_handle;
1800 sids.sids = talloc_array(mem_ctx, struct lsa_SidPtr, 3);
1802 sids.sids[0].sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-1-2-3-1");
1803 sids.sids[1].sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-1-2-3-2");
1804 sids.sids[2].sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-1-2-3-3");
1806 status = dcerpc_samr_AddMultipleMembersToAlias(p, mem_ctx, &a);
1807 if (!NT_STATUS_IS_OK(status)) {
1808 printf("AddMultipleMembersToAlias failed - %s\n", nt_errstr(status));
1813 printf("testing RemoveMultipleMembersFromAlias\n");
1814 r.in.alias_handle = alias_handle;
1817 status = dcerpc_samr_RemoveMultipleMembersFromAlias(p, mem_ctx, &r);
1818 if (!NT_STATUS_IS_OK(status)) {
1819 printf("RemoveMultipleMembersFromAlias failed - %s\n", nt_errstr(status));
1823 /* strange! removing twice doesn't give any error */
1824 status = dcerpc_samr_RemoveMultipleMembersFromAlias(p, mem_ctx, &r);
1825 if (!NT_STATUS_IS_OK(status)) {
1826 printf("RemoveMultipleMembersFromAlias failed - %s\n", nt_errstr(status));
1830 /* but removing an alias that isn't there does */
1831 sids.sids[2].sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-1-2-3-4");
1833 status = dcerpc_samr_RemoveMultipleMembersFromAlias(p, mem_ctx, &r);
1834 if (!NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_NOT_FOUND, status)) {
1835 printf("RemoveMultipleMembersFromAlias failed - %s\n", nt_errstr(status));
1842 static BOOL test_TestPrivateFunctionsUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1843 struct policy_handle *user_handle)
1845 struct samr_TestPrivateFunctionsUser r;
1849 printf("Testing TestPrivateFunctionsUser\n");
1851 r.in.user_handle = user_handle;
1853 status = dcerpc_samr_TestPrivateFunctionsUser(p, mem_ctx, &r);
1854 if (!NT_STATUS_EQUAL(NT_STATUS_NOT_IMPLEMENTED, status)) {
1855 printf("TestPrivateFunctionsUser failed - %s\n", nt_errstr(status));
1863 static BOOL test_user_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1864 struct policy_handle *user_handle,
1865 struct policy_handle *domain_handle,
1866 uint32_t base_acct_flags,
1867 const char *base_acct_name, enum torture_samr_choice which_ops)
1869 TALLOC_CTX *user_ctx;
1870 char *password = NULL;
1874 const uint32_t password_fields[] = {
1875 SAMR_FIELD_PASSWORD,
1876 SAMR_FIELD_PASSWORD2,
1877 SAMR_FIELD_PASSWORD | SAMR_FIELD_PASSWORD2,
1881 user_ctx = talloc_named(mem_ctx, 0, "test_user_ops per-user context");
1882 switch (which_ops) {
1883 case TORTURE_SAMR_USER_ATTRIBUTES:
1884 if (!test_QuerySecurity(p, user_ctx, user_handle)) {
1888 if (!test_QueryUserInfo(p, user_ctx, user_handle)) {
1892 if (!test_QueryUserInfo2(p, user_ctx, user_handle)) {
1896 if (!test_SetUserInfo(p, user_ctx, user_handle, base_acct_flags,
1901 if (!test_GetUserPwInfo(p, user_ctx, user_handle)) {
1905 if (!test_TestPrivateFunctionsUser(p, user_ctx, user_handle)) {
1909 if (!test_SetUserPass(p, user_ctx, user_handle, &password)) {
1913 case TORTURE_SAMR_PASSWORDS:
1914 for (i = 0; password_fields[i]; i++) {
1915 if (!test_SetUserPass_23(p, user_ctx, user_handle, password_fields[i], &password)) {
1919 /* check it was set right */
1920 if (!test_ChangePasswordUser3(p, user_ctx, base_acct_name, 0, &password, NULL, 0, False)) {
1925 for (i = 0; password_fields[i]; i++) {
1926 if (!test_SetUserPass_25(p, user_ctx, user_handle, password_fields[i], &password)) {
1930 /* check it was set right */
1931 if (!test_ChangePasswordUser3(p, user_ctx, base_acct_name, 0, &password, NULL, 0, False)) {
1936 if (!test_SetUserPassEx(p, user_ctx, user_handle, &password)) {
1940 if (!test_ChangePassword(p, user_ctx, base_acct_name, domain_handle, &password)) {
1944 case TORTURE_SAMR_OTHER:
1945 /* We just need the account to exist */
1948 talloc_free(user_ctx);
1952 static BOOL test_alias_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1953 struct policy_handle *alias_handle,
1954 const struct dom_sid *domain_sid)
1958 if (!test_QuerySecurity(p, mem_ctx, alias_handle)) {
1962 if (!test_QueryAliasInfo(p, mem_ctx, alias_handle)) {
1966 if (!test_SetAliasInfo(p, mem_ctx, alias_handle)) {
1970 if (!test_AddMemberToAlias(p, mem_ctx, alias_handle, domain_sid)) {
1974 if (lp_parm_bool(-1, "torture", "samba4", False)) {
1975 printf("skipping MultipleMembers Alias tests against Samba4\n");
1979 if (!test_AddMultipleMembersToAlias(p, mem_ctx, alias_handle)) {
1987 static BOOL test_DeleteUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1988 struct policy_handle *user_handle)
1990 struct samr_DeleteUser d;
1993 printf("Testing DeleteUser\n");
1995 d.in.user_handle = user_handle;
1996 d.out.user_handle = user_handle;
1998 status = dcerpc_samr_DeleteUser(p, mem_ctx, &d);
1999 if (!NT_STATUS_IS_OK(status)) {
2000 printf("DeleteUser failed - %s\n", nt_errstr(status));
2007 BOOL test_DeleteUser_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2008 struct policy_handle *handle, const char *name)
2011 struct samr_DeleteUser d;
2012 struct policy_handle user_handle;
2015 status = test_LookupName(p, mem_ctx, handle, name, &rid);
2016 if (!NT_STATUS_IS_OK(status)) {
2020 status = test_OpenUser_byname(p, mem_ctx, handle, name, &user_handle);
2021 if (!NT_STATUS_IS_OK(status)) {
2025 d.in.user_handle = &user_handle;
2026 d.out.user_handle = &user_handle;
2027 status = dcerpc_samr_DeleteUser(p, mem_ctx, &d);
2028 if (!NT_STATUS_IS_OK(status)) {
2035 printf("DeleteUser_byname(%s) failed - %s\n", name, nt_errstr(status));
2040 static BOOL test_DeleteGroup_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2041 struct policy_handle *handle, const char *name)
2044 struct samr_OpenGroup r;
2045 struct samr_DeleteDomainGroup d;
2046 struct policy_handle group_handle;
2049 status = test_LookupName(p, mem_ctx, handle, name, &rid);
2050 if (!NT_STATUS_IS_OK(status)) {
2054 r.in.domain_handle = handle;
2055 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
2057 r.out.group_handle = &group_handle;
2058 status = dcerpc_samr_OpenGroup(p, mem_ctx, &r);
2059 if (!NT_STATUS_IS_OK(status)) {
2063 d.in.group_handle = &group_handle;
2064 d.out.group_handle = &group_handle;
2065 status = dcerpc_samr_DeleteDomainGroup(p, mem_ctx, &d);
2066 if (!NT_STATUS_IS_OK(status)) {
2073 printf("DeleteGroup_byname(%s) failed - %s\n", name, nt_errstr(status));
2078 static BOOL test_DeleteAlias_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2079 struct policy_handle *domain_handle, const char *name)
2082 struct samr_OpenAlias r;
2083 struct samr_DeleteDomAlias d;
2084 struct policy_handle alias_handle;
2087 printf("testing DeleteAlias_byname\n");
2089 status = test_LookupName(p, mem_ctx, domain_handle, name, &rid);
2090 if (!NT_STATUS_IS_OK(status)) {
2094 r.in.domain_handle = domain_handle;
2095 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
2097 r.out.alias_handle = &alias_handle;
2098 status = dcerpc_samr_OpenAlias(p, mem_ctx, &r);
2099 if (!NT_STATUS_IS_OK(status)) {
2103 d.in.alias_handle = &alias_handle;
2104 d.out.alias_handle = &alias_handle;
2105 status = dcerpc_samr_DeleteDomAlias(p, mem_ctx, &d);
2106 if (!NT_STATUS_IS_OK(status)) {
2113 printf("DeleteAlias_byname(%s) failed - %s\n", name, nt_errstr(status));
2117 static BOOL test_DeleteAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2118 struct policy_handle *alias_handle)
2120 struct samr_DeleteDomAlias d;
2123 printf("Testing DeleteAlias\n");
2125 d.in.alias_handle = alias_handle;
2126 d.out.alias_handle = alias_handle;
2128 status = dcerpc_samr_DeleteDomAlias(p, mem_ctx, &d);
2129 if (!NT_STATUS_IS_OK(status)) {
2130 printf("DeleteAlias failed - %s\n", nt_errstr(status));
2137 static BOOL test_CreateAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2138 struct policy_handle *domain_handle,
2139 struct policy_handle *alias_handle,
2140 const struct dom_sid *domain_sid)
2143 struct samr_CreateDomAlias r;
2144 struct lsa_String name;
2148 init_lsa_String(&name, TEST_ALIASNAME);
2149 r.in.domain_handle = domain_handle;
2150 r.in.alias_name = &name;
2151 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
2152 r.out.alias_handle = alias_handle;
2155 printf("Testing CreateAlias (%s)\n", r.in.alias_name->string);
2157 status = dcerpc_samr_CreateDomAlias(p, mem_ctx, &r);
2159 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
2160 printf("Server refused create of '%s'\n", r.in.alias_name->string);
2164 if (NT_STATUS_EQUAL(status, NT_STATUS_ALIAS_EXISTS)) {
2165 if (!test_DeleteAlias_byname(p, mem_ctx, domain_handle, r.in.alias_name->string)) {
2168 status = dcerpc_samr_CreateDomAlias(p, mem_ctx, &r);
2171 if (!NT_STATUS_IS_OK(status)) {
2172 printf("CreateAlias failed - %s\n", nt_errstr(status));
2176 if (!test_alias_ops(p, mem_ctx, alias_handle, domain_sid)) {
2183 static BOOL test_ChangePassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2184 const char *acct_name,
2185 struct policy_handle *domain_handle, char **password)
2193 if (!test_ChangePasswordUser(p, mem_ctx, acct_name, domain_handle, password)) {
2197 if (!test_ChangePasswordUser2(p, mem_ctx, acct_name, domain_handle, password)) {
2201 if (!test_OemChangePasswordUser2(p, mem_ctx, acct_name, domain_handle, password)) {
2205 /* test what happens when setting the old password again */
2206 if (!test_ChangePasswordUser3(p, mem_ctx, acct_name, 0, password, *password, 0, True)) {
2211 char simple_pass[9];
2212 char *v = generate_random_str(mem_ctx, 1);
2214 ZERO_STRUCT(simple_pass);
2215 memset(simple_pass, *v, sizeof(simple_pass) - 1);
2217 /* test what happens when picking a simple password */
2218 if (!test_ChangePasswordUser3(p, mem_ctx, acct_name, 0, password, simple_pass, 0, True)) {
2223 /* set samr_SetDomainInfo level 1 with min_length 5 */
2225 struct samr_QueryDomainInfo r;
2226 struct samr_SetDomainInfo s;
2227 uint16_t len_old, len;
2228 uint32_t pwd_prop_old;
2233 r.in.domain_handle = domain_handle;
2236 printf("testing samr_QueryDomainInfo level 1\n");
2237 status = dcerpc_samr_QueryDomainInfo(p, mem_ctx, &r);
2238 if (!NT_STATUS_IS_OK(status)) {
2242 s.in.domain_handle = domain_handle;
2244 s.in.info = r.out.info;
2246 /* remember the old min length, so we can reset it */
2247 len_old = s.in.info->info1.min_password_length;
2248 s.in.info->info1.min_password_length = len;
2249 pwd_prop_old = s.in.info->info1.password_properties;
2250 /* turn off password complexity checks for this test */
2251 s.in.info->info1.password_properties &= ~DOMAIN_PASSWORD_COMPLEX;
2253 printf("testing samr_SetDomainInfo level 1\n");
2254 status = dcerpc_samr_SetDomainInfo(p, mem_ctx, &s);
2255 if (!NT_STATUS_IS_OK(status)) {
2259 printf("calling test_ChangePasswordUser3 with too short password\n");
2261 if (!test_ChangePasswordUser3(p, mem_ctx, acct_name, len - 1, password, NULL, 0, True)) {
2265 s.in.info->info1.min_password_length = len_old;
2266 s.in.info->info1.password_properties = pwd_prop_old;
2268 printf("testing samr_SetDomainInfo level 1\n");
2269 status = dcerpc_samr_SetDomainInfo(p, mem_ctx, &s);
2270 if (!NT_STATUS_IS_OK(status)) {
2278 struct samr_OpenUser r;
2279 struct samr_QueryUserInfo q;
2280 struct samr_LookupNames n;
2281 struct policy_handle user_handle;
2283 n.in.domain_handle = domain_handle;
2285 n.in.names = talloc_array(mem_ctx, struct lsa_String, 1);
2286 n.in.names[0].string = acct_name;
2288 status = dcerpc_samr_LookupNames(p, mem_ctx, &n);
2289 if (!NT_STATUS_IS_OK(status)) {
2290 printf("LookupNames failed - %s\n", nt_errstr(status));
2294 r.in.domain_handle = domain_handle;
2295 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
2296 r.in.rid = n.out.rids.ids[0];
2297 r.out.user_handle = &user_handle;
2299 status = dcerpc_samr_OpenUser(p, mem_ctx, &r);
2300 if (!NT_STATUS_IS_OK(status)) {
2301 printf("OpenUser(%u) failed - %s\n", n.out.rids.ids[0], nt_errstr(status));
2305 q.in.user_handle = &user_handle;
2308 status = dcerpc_samr_QueryUserInfo(p, mem_ctx, &q);
2309 if (!NT_STATUS_IS_OK(status)) {
2310 printf("QueryUserInfo failed - %s\n", nt_errstr(status));
2314 printf("calling test_ChangePasswordUser3 with too early password change\n");
2316 if (!test_ChangePasswordUser3(p, mem_ctx, acct_name, 0, password, NULL,
2317 q.out.info->info5.last_password_change, True)) {
2322 /* we change passwords twice - this has the effect of verifying
2323 they were changed correctly for the final call */
2324 if (!test_ChangePasswordUser3(p, mem_ctx, acct_name, 0, password, NULL, 0, True)) {
2328 if (!test_ChangePasswordUser3(p, mem_ctx, acct_name, 0, password, NULL, 0, True)) {
2335 static BOOL test_CreateUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2336 struct policy_handle *domain_handle,
2337 struct policy_handle *user_handle_out,
2338 enum torture_samr_choice which_ops)
2341 TALLOC_CTX *user_ctx;
2344 struct samr_CreateUser r;
2345 struct samr_QueryUserInfo q;
2346 struct samr_DeleteUser d;
2349 /* This call creates a 'normal' account - check that it really does */
2350 const uint32_t acct_flags = ACB_NORMAL;
2351 struct lsa_String name;
2354 struct policy_handle user_handle;
2355 user_ctx = talloc_named(mem_ctx, 0, "test_CreateUser2 per-user context");
2356 init_lsa_String(&name, TEST_ACCOUNT_NAME);
2358 r.in.domain_handle = domain_handle;
2359 r.in.account_name = &name;
2360 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
2361 r.out.user_handle = &user_handle;
2364 printf("Testing CreateUser(%s)\n", r.in.account_name->string);
2366 status = dcerpc_samr_CreateUser(p, user_ctx, &r);
2368 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
2369 printf("Server refused create of '%s': %s\n", r.in.account_name->string, nt_errstr(status));
2370 talloc_free(user_ctx);
2374 if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
2375 if (!test_DeleteUser_byname(p, user_ctx, domain_handle, r.in.account_name->string)) {
2376 talloc_free(user_ctx);
2379 status = dcerpc_samr_CreateUser(p, user_ctx, &r);
2381 if (!NT_STATUS_IS_OK(status)) {
2382 talloc_free(user_ctx);
2383 printf("CreateUser failed - %s\n", nt_errstr(status));
2386 q.in.user_handle = &user_handle;
2389 status = dcerpc_samr_QueryUserInfo(p, user_ctx, &q);
2390 if (!NT_STATUS_IS_OK(status)) {
2391 printf("QueryUserInfo level %u failed - %s\n",
2392 q.in.level, nt_errstr(status));
2395 if ((q.out.info->info16.acct_flags & acct_flags) != acct_flags) {
2396 printf("QuerUserInfo level 16 failed, it returned 0x%08x when we expected flags of 0x%08x\n",
2397 q.out.info->info16.acct_flags,
2403 if (!test_user_ops(p, user_ctx, &user_handle, domain_handle,
2404 acct_flags, name.string, which_ops)) {
2408 if (user_handle_out) {
2409 *user_handle_out = user_handle;
2411 printf("Testing DeleteUser (createuser test)\n");
2413 d.in.user_handle = &user_handle;
2414 d.out.user_handle = &user_handle;
2416 status = dcerpc_samr_DeleteUser(p, user_ctx, &d);
2417 if (!NT_STATUS_IS_OK(status)) {
2418 printf("DeleteUser failed - %s\n", nt_errstr(status));
2425 talloc_free(user_ctx);
2431 static BOOL test_CreateUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2432 struct policy_handle *domain_handle, enum torture_samr_choice which_ops)
2435 struct samr_CreateUser2 r;
2436 struct samr_QueryUserInfo q;
2437 struct samr_DeleteUser d;
2438 struct policy_handle user_handle;
2440 struct lsa_String name;
2445 uint32_t acct_flags;
2446 const char *account_name;
2448 } account_types[] = {
2449 { ACB_NORMAL, TEST_ACCOUNT_NAME, NT_STATUS_OK },
2450 { ACB_NORMAL | ACB_DISABLED, TEST_ACCOUNT_NAME, NT_STATUS_INVALID_PARAMETER },
2451 { ACB_NORMAL | ACB_PWNOEXP, TEST_ACCOUNT_NAME, NT_STATUS_INVALID_PARAMETER },
2452 { ACB_WSTRUST, TEST_MACHINENAME, NT_STATUS_OK },
2453 { ACB_WSTRUST | ACB_DISABLED, TEST_MACHINENAME, NT_STATUS_INVALID_PARAMETER },
2454 { ACB_WSTRUST | ACB_PWNOEXP, TEST_MACHINENAME, NT_STATUS_INVALID_PARAMETER },
2455 { ACB_SVRTRUST, TEST_MACHINENAME, NT_STATUS_OK },
2456 { ACB_SVRTRUST | ACB_DISABLED, TEST_MACHINENAME, NT_STATUS_INVALID_PARAMETER },
2457 { ACB_SVRTRUST | ACB_PWNOEXP, TEST_MACHINENAME, NT_STATUS_INVALID_PARAMETER },
2458 { ACB_DOMTRUST, TEST_DOMAINNAME, NT_STATUS_OK },
2459 { ACB_DOMTRUST | ACB_DISABLED, TEST_DOMAINNAME, NT_STATUS_INVALID_PARAMETER },
2460 { ACB_DOMTRUST | ACB_PWNOEXP, TEST_DOMAINNAME, NT_STATUS_INVALID_PARAMETER },
2461 { 0, TEST_ACCOUNT_NAME, NT_STATUS_INVALID_PARAMETER },
2462 { ACB_DISABLED, TEST_ACCOUNT_NAME, NT_STATUS_INVALID_PARAMETER },
2463 { 0, NULL, NT_STATUS_INVALID_PARAMETER }
2466 for (i = 0; account_types[i].account_name; i++) {
2467 TALLOC_CTX *user_ctx;
2468 uint32_t acct_flags = account_types[i].acct_flags;
2469 uint32_t access_granted;
2470 user_ctx = talloc_named(mem_ctx, 0, "test_CreateUser2 per-user context");
2471 init_lsa_String(&name, account_types[i].account_name);
2473 r.in.domain_handle = domain_handle;
2474 r.in.account_name = &name;
2475 r.in.acct_flags = acct_flags;
2476 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
2477 r.out.user_handle = &user_handle;
2478 r.out.access_granted = &access_granted;
2481 printf("Testing CreateUser2(%s, 0x%x)\n", r.in.account_name->string, acct_flags);
2483 status = dcerpc_samr_CreateUser2(p, user_ctx, &r);
2485 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
2486 talloc_free(user_ctx);
2487 printf("Server refused create of '%s'\n", r.in.account_name->string);
2490 } else if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
2491 if (!test_DeleteUser_byname(p, user_ctx, domain_handle, r.in.account_name->string)) {
2492 talloc_free(user_ctx);
2496 status = dcerpc_samr_CreateUser2(p, user_ctx, &r);
2499 if (!NT_STATUS_EQUAL(status, account_types[i].nt_status)) {
2500 printf("CreateUser2 failed gave incorrect error return - %s (should be %s)\n",
2501 nt_errstr(status), nt_errstr(account_types[i].nt_status));
2505 if (NT_STATUS_IS_OK(status)) {
2506 q.in.user_handle = &user_handle;
2509 status = dcerpc_samr_QueryUserInfo(p, user_ctx, &q);
2510 if (!NT_STATUS_IS_OK(status)) {
2511 printf("QueryUserInfo level %u failed - %s\n",
2512 q.in.level, nt_errstr(status));
2515 if ((q.out.info->info16.acct_flags & acct_flags) != acct_flags) {
2516 printf("QuerUserInfo level 16 failed, it returned 0x%08x when we expected flags of 0x%08x\n",
2517 q.out.info->info16.acct_flags,
2523 if (!test_user_ops(p, user_ctx, &user_handle, domain_handle,
2524 acct_flags, name.string, which_ops)) {
2528 printf("Testing DeleteUser (createuser2 test)\n");
2530 d.in.user_handle = &user_handle;
2531 d.out.user_handle = &user_handle;
2533 status = dcerpc_samr_DeleteUser(p, user_ctx, &d);
2534 if (!NT_STATUS_IS_OK(status)) {
2535 printf("DeleteUser failed - %s\n", nt_errstr(status));
2539 talloc_free(user_ctx);
2545 static BOOL test_QueryAliasInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2546 struct policy_handle *handle)
2549 struct samr_QueryAliasInfo r;
2550 uint16_t levels[] = {1, 2, 3};
2554 for (i=0;i<ARRAY_SIZE(levels);i++) {
2555 printf("Testing QueryAliasInfo level %u\n", levels[i]);
2557 r.in.alias_handle = handle;
2558 r.in.level = levels[i];
2560 status = dcerpc_samr_QueryAliasInfo(p, mem_ctx, &r);
2561 if (!NT_STATUS_IS_OK(status)) {
2562 printf("QueryAliasInfo level %u failed - %s\n",
2563 levels[i], nt_errstr(status));
2571 static BOOL test_QueryGroupInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2572 struct policy_handle *handle)
2575 struct samr_QueryGroupInfo r;
2576 uint16_t levels[] = {1, 2, 3, 4, 5};
2580 for (i=0;i<ARRAY_SIZE(levels);i++) {
2581 printf("Testing QueryGroupInfo level %u\n", levels[i]);
2583 r.in.group_handle = handle;
2584 r.in.level = levels[i];
2586 status = dcerpc_samr_QueryGroupInfo(p, mem_ctx, &r);
2587 if (!NT_STATUS_IS_OK(status)) {
2588 printf("QueryGroupInfo level %u failed - %s\n",
2589 levels[i], nt_errstr(status));
2597 static BOOL test_QueryGroupMember(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2598 struct policy_handle *handle)
2601 struct samr_QueryGroupMember r;
2604 printf("Testing QueryGroupMember\n");
2606 r.in.group_handle = handle;
2608 status = dcerpc_samr_QueryGroupMember(p, mem_ctx, &r);
2609 if (!NT_STATUS_IS_OK(status)) {
2610 printf("QueryGroupInfo failed - %s\n", nt_errstr(status));
2618 static BOOL test_SetGroupInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2619 struct policy_handle *handle)
2622 struct samr_QueryGroupInfo r;
2623 struct samr_SetGroupInfo s;
2624 uint16_t levels[] = {1, 2, 3, 4};
2625 uint16_t set_ok[] = {0, 1, 1, 1};
2629 for (i=0;i<ARRAY_SIZE(levels);i++) {
2630 printf("Testing QueryGroupInfo level %u\n", levels[i]);
2632 r.in.group_handle = handle;
2633 r.in.level = levels[i];
2635 status = dcerpc_samr_QueryGroupInfo(p, mem_ctx, &r);
2636 if (!NT_STATUS_IS_OK(status)) {
2637 printf("QueryGroupInfo level %u failed - %s\n",
2638 levels[i], nt_errstr(status));
2642 printf("Testing SetGroupInfo level %u\n", levels[i]);
2644 s.in.group_handle = handle;
2645 s.in.level = levels[i];
2646 s.in.info = r.out.info;
2649 /* disabled this, as it changes the name only from the point of view of samr,
2650 but leaves the name from the point of view of w2k3 internals (and ldap). This means
2651 the name is still reserved, so creating the old name fails, but deleting by the old name
2653 if (s.in.level == 2) {
2654 init_lsa_String(&s.in.info->string, "NewName");
2658 if (s.in.level == 4) {
2659 init_lsa_String(&s.in.info->description, "test description");
2662 status = dcerpc_samr_SetGroupInfo(p, mem_ctx, &s);
2664 if (!NT_STATUS_IS_OK(status)) {
2665 printf("SetGroupInfo level %u failed - %s\n",
2666 r.in.level, nt_errstr(status));
2671 if (!NT_STATUS_EQUAL(NT_STATUS_INVALID_INFO_CLASS, status)) {
2672 printf("SetGroupInfo level %u gave %s - should have been NT_STATUS_INVALID_INFO_CLASS\n",
2673 r.in.level, nt_errstr(status));
2683 static BOOL test_QueryUserInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2684 struct policy_handle *handle)
2687 struct samr_QueryUserInfo r;
2688 uint16_t levels[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
2689 11, 12, 13, 14, 16, 17, 20, 21};
2693 for (i=0;i<ARRAY_SIZE(levels);i++) {
2694 printf("Testing QueryUserInfo level %u\n", levels[i]);
2696 r.in.user_handle = handle;
2697 r.in.level = levels[i];
2699 status = dcerpc_samr_QueryUserInfo(p, mem_ctx, &r);
2700 if (!NT_STATUS_IS_OK(status)) {
2701 printf("QueryUserInfo level %u failed - %s\n",
2702 levels[i], nt_errstr(status));
2710 static BOOL test_QueryUserInfo2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2711 struct policy_handle *handle)
2714 struct samr_QueryUserInfo2 r;
2715 uint16_t levels[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
2716 11, 12, 13, 14, 16, 17, 20, 21};
2720 for (i=0;i<ARRAY_SIZE(levels);i++) {
2721 printf("Testing QueryUserInfo2 level %u\n", levels[i]);
2723 r.in.user_handle = handle;
2724 r.in.level = levels[i];
2726 status = dcerpc_samr_QueryUserInfo2(p, mem_ctx, &r);
2727 if (!NT_STATUS_IS_OK(status)) {
2728 printf("QueryUserInfo2 level %u failed - %s\n",
2729 levels[i], nt_errstr(status));
2737 static BOOL test_OpenUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2738 struct policy_handle *handle, uint32_t rid)
2741 struct samr_OpenUser r;
2742 struct policy_handle user_handle;
2745 printf("Testing OpenUser(%u)\n", rid);
2747 r.in.domain_handle = handle;
2748 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
2750 r.out.user_handle = &user_handle;
2752 status = dcerpc_samr_OpenUser(p, mem_ctx, &r);
2753 if (!NT_STATUS_IS_OK(status)) {
2754 printf("OpenUser(%u) failed - %s\n", rid, nt_errstr(status));
2758 if (!test_QuerySecurity(p, mem_ctx, &user_handle)) {
2762 if (!test_QueryUserInfo(p, mem_ctx, &user_handle)) {
2766 if (!test_QueryUserInfo2(p, mem_ctx, &user_handle)) {
2770 if (!test_GetUserPwInfo(p, mem_ctx, &user_handle)) {
2774 if (!test_GetGroupsForUser(p,mem_ctx, &user_handle)) {
2778 if (!test_samr_handle_Close(p, mem_ctx, &user_handle)) {
2785 static BOOL test_OpenGroup(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2786 struct policy_handle *handle, uint32_t rid)
2789 struct samr_OpenGroup r;
2790 struct policy_handle group_handle;
2793 printf("Testing OpenGroup(%u)\n", rid);
2795 r.in.domain_handle = handle;
2796 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
2798 r.out.group_handle = &group_handle;
2800 status = dcerpc_samr_OpenGroup(p, mem_ctx, &r);
2801 if (!NT_STATUS_IS_OK(status)) {
2802 printf("OpenGroup(%u) failed - %s\n", rid, nt_errstr(status));
2806 if (!test_QuerySecurity(p, mem_ctx, &group_handle)) {
2810 if (!test_QueryGroupInfo(p, mem_ctx, &group_handle)) {
2814 if (!test_QueryGroupMember(p, mem_ctx, &group_handle)) {
2818 if (!test_samr_handle_Close(p, mem_ctx, &group_handle)) {
2825 static BOOL test_OpenAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2826 struct policy_handle *handle, uint32_t rid)
2829 struct samr_OpenAlias r;
2830 struct policy_handle alias_handle;
2833 printf("Testing OpenAlias(%u)\n", rid);
2835 r.in.domain_handle = handle;
2836 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
2838 r.out.alias_handle = &alias_handle;
2840 status = dcerpc_samr_OpenAlias(p, mem_ctx, &r);
2841 if (!NT_STATUS_IS_OK(status)) {
2842 printf("OpenAlias(%u) failed - %s\n", rid, nt_errstr(status));
2846 if (!test_QuerySecurity(p, mem_ctx, &alias_handle)) {
2850 if (!test_QueryAliasInfo(p, mem_ctx, &alias_handle)) {
2854 if (!test_GetMembersInAlias(p, mem_ctx, &alias_handle)) {
2858 if (!test_samr_handle_Close(p, mem_ctx, &alias_handle)) {
2865 static BOOL test_EnumDomainUsers(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2866 struct policy_handle *handle)
2869 struct samr_EnumDomainUsers r;
2870 uint32_t resume_handle=0;
2873 struct samr_LookupNames n;
2874 struct samr_LookupRids lr ;
2876 printf("Testing EnumDomainUsers\n");
2878 r.in.domain_handle = handle;
2879 r.in.resume_handle = &resume_handle;
2880 r.in.acct_flags = 0;
2881 r.in.max_size = (uint32_t)-1;
2882 r.out.resume_handle = &resume_handle;
2884 status = dcerpc_samr_EnumDomainUsers(p, mem_ctx, &r);
2885 if (!NT_STATUS_IS_OK(status)) {
2886 printf("EnumDomainUsers failed - %s\n", nt_errstr(status));
2894 if (r.out.sam->count == 0) {
2898 for (i=0;i<r.out.sam->count;i++) {
2899 if (!test_OpenUser(p, mem_ctx, handle, r.out.sam->entries[i].idx)) {
2904 printf("Testing LookupNames\n");
2905 n.in.domain_handle = handle;
2906 n.in.num_names = r.out.sam->count;
2907 n.in.names = talloc_array(mem_ctx, struct lsa_String, r.out.sam->count);
2908 for (i=0;i<r.out.sam->count;i++) {
2909 n.in.names[i].string = r.out.sam->entries[i].name.string;
2911 status = dcerpc_samr_LookupNames(p, mem_ctx, &n);
2912 if (!NT_STATUS_IS_OK(status)) {
2913 printf("LookupNames failed - %s\n", nt_errstr(status));
2918 printf("Testing LookupRids\n");
2919 lr.in.domain_handle = handle;
2920 lr.in.num_rids = r.out.sam->count;
2921 lr.in.rids = talloc_array(mem_ctx, uint32_t, r.out.sam->count);
2922 for (i=0;i<r.out.sam->count;i++) {
2923 lr.in.rids[i] = r.out.sam->entries[i].idx;
2925 status = dcerpc_samr_LookupRids(p, mem_ctx, &lr);
2926 if (!NT_STATUS_IS_OK(status)) {
2927 printf("LookupRids failed - %s\n", nt_errstr(status));
2935 try blasting the server with a bunch of sync requests
2937 static BOOL test_EnumDomainUsers_async(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2938 struct policy_handle *handle)
2941 struct samr_EnumDomainUsers r;
2942 uint32_t resume_handle=0;
2944 #define ASYNC_COUNT 100
2945 struct rpc_request *req[ASYNC_COUNT];
2947 if (!lp_parm_bool(-1, "torture", "dangerous", False)) {
2948 printf("samr async test disabled - enable dangerous tests to use\n");
2952 printf("Testing EnumDomainUsers_async\n");
2954 r.in.domain_handle = handle;
2955 r.in.resume_handle = &resume_handle;
2956 r.in.acct_flags = 0;
2957 r.in.max_size = (uint32_t)-1;
2958 r.out.resume_handle = &resume_handle;
2960 for (i=0;i<ASYNC_COUNT;i++) {
2961 req[i] = dcerpc_samr_EnumDomainUsers_send(p, mem_ctx, &r);
2964 for (i=0;i<ASYNC_COUNT;i++) {
2965 status = dcerpc_ndr_request_recv(req[i]);
2966 if (!NT_STATUS_IS_OK(status)) {
2967 printf("EnumDomainUsers[%d] failed - %s\n",
2968 i, nt_errstr(status));
2973 printf("%d async requests OK\n", i);
2978 static BOOL test_EnumDomainGroups(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
2979 struct policy_handle *handle)
2982 struct samr_EnumDomainGroups r;
2983 uint32_t resume_handle=0;
2987 printf("Testing EnumDomainGroups\n");
2989 r.in.domain_handle = handle;
2990 r.in.resume_handle = &resume_handle;
2991 r.in.max_size = (uint32_t)-1;
2992 r.out.resume_handle = &resume_handle;
2994 status = dcerpc_samr_EnumDomainGroups(p, mem_ctx, &r);
2995 if (!NT_STATUS_IS_OK(status)) {
2996 printf("EnumDomainGroups failed - %s\n", nt_errstr(status));
3004 for (i=0;i<r.out.sam->count;i++) {
3005 if (!test_OpenGroup(p, mem_ctx, handle, r.out.sam->entries[i].idx)) {
3013 static BOOL test_EnumDomainAliases(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
3014 struct policy_handle *handle)
3017 struct samr_EnumDomainAliases r;
3018 uint32_t resume_handle=0;
3022 printf("Testing EnumDomainAliases\n");
3024 r.in.domain_handle = handle;
3025 r.in.resume_handle = &resume_handle;
3026 r.in.acct_flags = (uint32_t)-1;
3027 r.out.resume_handle = &resume_handle;
3029 status = dcerpc_samr_EnumDomainAliases(p, mem_ctx, &r);
3030 if (!NT_STATUS_IS_OK(status)) {
3031 printf("EnumDomainAliases failed - %s\n", nt_errstr(status));
3039 for (i=0;i<r.out.sam->count;i++) {
3040 if (!test_OpenAlias(p, mem_ctx, handle, r.out.sam->entries[i].idx)) {
3048 static BOOL test_GetDisplayEnumerationIndex(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
3049 struct policy_handle *handle)
3052 struct samr_GetDisplayEnumerationIndex r;
3054 uint16_t levels[] = {1, 2, 3, 4, 5};
3055 uint16_t ok_lvl[] = {1, 1, 1, 0, 0};
3058 for (i=0;i<ARRAY_SIZE(levels);i++) {
3059 printf("Testing GetDisplayEnumerationIndex level %u\n", levels[i]);
3061 r.in.domain_handle = handle;
3062 r.in.level = levels[i];
3063 init_lsa_String(&r.in.name, TEST_ACCOUNT_NAME);
3065 status = dcerpc_samr_GetDisplayEnumerationIndex(p, mem_ctx, &r);
3068 !NT_STATUS_IS_OK(status) &&
3069 !NT_STATUS_EQUAL(NT_STATUS_NO_MORE_ENTRIES, status)) {
3070 printf("GetDisplayEnumerationIndex level %u failed - %s\n",
3071 levels[i], nt_errstr(status));
3075 init_lsa_String(&r.in.name, "zzzzzzzz");
3077 status = dcerpc_samr_GetDisplayEnumerationIndex(p, mem_ctx, &r);
3079 if (ok_lvl[i] && !NT_STATUS_EQUAL(NT_STATUS_NO_MORE_ENTRIES, status)) {
3080 printf("GetDisplayEnumerationIndex level %u failed - %s\n",
3081 levels[i], nt_errstr(status));
3089 static BOOL test_GetDisplayEnumerationIndex2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
3090 struct policy_handle *handle)
3093 struct samr_GetDisplayEnumerationIndex2 r;
3095 uint16_t levels[] = {1, 2, 3, 4, 5};
3096 uint16_t ok_lvl[] = {1, 1, 1, 0, 0};
3099 for (i=0;i<ARRAY_SIZE(levels);i++) {
3100 printf("Testing GetDisplayEnumerationIndex2 level %u\n", levels[i]);
3102 r.in.domain_handle = handle;
3103 r.in.level = levels[i];
3104 init_lsa_String(&r.in.name, TEST_ACCOUNT_NAME);
3106 status = dcerpc_samr_GetDisplayEnumerationIndex2(p, mem_ctx, &r);
3108 !NT_STATUS_IS_OK(status) &&
3109 !NT_STATUS_EQUAL(NT_STATUS_NO_MORE_ENTRIES, status)) {
3110 printf("GetDisplayEnumerationIndex2 level %u failed - %s\n",
3111 levels[i], nt_errstr(status));
3115 init_lsa_String(&r.in.name, "zzzzzzzz");
3117 status = dcerpc_samr_GetDisplayEnumerationIndex2(p, mem_ctx, &r);
3118 if (ok_lvl[i] && !NT_STATUS_EQUAL(NT_STATUS_NO_MORE_ENTRIES, status)) {
3119 printf("GetDisplayEnumerationIndex2 level %u failed - %s\n",
3120 levels[i], nt_errstr(status));
3128 static BOOL test_QueryDisplayInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
3129 struct policy_handle *handle)
3132 struct samr_QueryDisplayInfo r;
3134 uint16_t levels[] = {1, 2, 3, 4, 5};
3137 for (i=0;i<ARRAY_SIZE(levels);i++) {
3138 printf("Testing QueryDisplayInfo level %u\n", levels[i]);
3140 r.in.domain_handle = handle;
3141 r.in.level = levels[i];
3143 r.in.max_entries = 1000;
3144 r.in.buf_size = (uint32_t)-1;
3146 status = dcerpc_samr_QueryDisplayInfo(p, mem_ctx, &r);
3147 if (!NT_STATUS_IS_OK(status)) {
3148 printf("QueryDisplayInfo level %u failed - %s\n",
3149 levels[i], nt_errstr(status));
3157 static BOOL test_QueryDisplayInfo2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
3158 struct policy_handle *handle)
3161 struct samr_QueryDisplayInfo2 r;
3163 uint16_t levels[] = {1, 2, 3, 4, 5};
3166 for (i=0;i<ARRAY_SIZE(levels);i++) {
3167 printf("Testing QueryDisplayInfo2 level %u\n", levels[i]);
3169 r.in.domain_handle = handle;
3170 r.in.level = levels[i];
3172 r.in.max_entries = 1000;
3173 r.in.buf_size = (uint32_t)-1;
3175 status = dcerpc_samr_QueryDisplayInfo2(p, mem_ctx, &r);
3176 if (!NT_STATUS_IS_OK(status)) {
3177 printf("QueryDisplayInfo2 level %u failed - %s\n",
3178 levels[i], nt_errstr(status));
3186 static BOOL test_QueryDisplayInfo3(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
3187 struct policy_handle *handle)
3190 struct samr_QueryDisplayInfo3 r;
3192 uint16_t levels[] = {1, 2, 3, 4, 5};
3195 for (i=0;i<ARRAY_SIZE(levels);i++) {
3196 printf("Testing QueryDisplayInfo3 level %u\n", levels[i]);
3198 r.in.domain_handle = handle;
3199 r.in.level = levels[i];
3201 r.in.max_entries = 1000;
3202 r.in.buf_size = (uint32_t)-1;
3204 status = dcerpc_samr_QueryDisplayInfo3(p, mem_ctx, &r);
3205 if (!NT_STATUS_IS_OK(status)) {
3206 printf("QueryDisplayInfo3 level %u failed - %s\n",
3207 levels[i], nt_errstr(status));
3216 static BOOL test_QueryDisplayInfo_continue(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
3217 struct policy_handle *handle)
3220 struct samr_QueryDisplayInfo r;
3223 printf("Testing QueryDisplayInfo continuation\n");
3225 r.in.domain_handle = handle;
3228 r.in.max_entries = 1;
3229 r.in.buf_size = (uint32_t)-1;
3232 status = dcerpc_samr_QueryDisplayInfo(p, mem_ctx, &r);
3233 if (NT_STATUS_IS_OK(status) && r.out.returned_size != 0) {
3234 if (r.out.info.info1.entries[0].idx != r.in.start_idx + 1) {
3235 printf("expected idx %d but got %d\n",
3237 r.out.info.info1.entries[0].idx);
3241 if (!NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES) &&
3242 !NT_STATUS_IS_OK(status)) {
3243 printf("QueryDisplayInfo level %u failed - %s\n",
3244 r.in.level, nt_errstr(status));
3249 } while ((NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES) ||
3250 NT_STATUS_IS_OK(status)) &&
3251 r.out.returned_size != 0);
3256 static BOOL test_QueryDomainInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
3257 struct policy_handle *handle)
3260 struct samr_QueryDomainInfo r;
3261 struct samr_SetDomainInfo s;
3262 uint16_t levels[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 11, 12, 13};
3263 uint16_t set_ok[] = {1, 0, 1, 1, 0, 1, 1, 0, 1, 0, 1, 0};
3266 const char *domain_comment = talloc_asprintf(mem_ctx,
3267 "Tortured by Samba4 RPC-SAMR: %s",
3268 timestring(mem_ctx, time(NULL)));
3270 s.in.domain_handle = handle;
3272 s.in.info = talloc(mem_ctx, union samr_DomainInfo);
3274 s.in.info->info4.comment.string = domain_comment;
3275 status = dcerpc_samr_SetDomainInfo(p, mem_ctx, &s);
3276 if (!NT_STATUS_IS_OK(status)) {
3277 printf("SetDomainInfo level %u (set comment) failed - %s\n",
3278 r.in.level, nt_errstr(status));
3282 for (i=0;i<ARRAY_SIZE(levels);i++) {
3283 printf("Testing QueryDomainInfo level %u\n", levels[i]);
3285 r.in.domain_handle = handle;
3286 r.in.level = levels[i];
3288 status = dcerpc_samr_QueryDomainInfo(p, mem_ctx, &r);
3289 if (!NT_STATUS_IS_OK(status)) {
3290 printf("QueryDomainInfo level %u failed - %s\n",
3291 r.in.level, nt_errstr(status));
3296 switch (levels[i]) {
3298 if (strcmp(r.out.info->info2.comment.string, domain_comment) != 0) {
3299 printf("QueryDomainInfo level %u returned different comment (%s, expected %s)\n",
3300 levels[i], r.out.info->info2.comment.string, domain_comment);
3303 if (!r.out.info->info2.primary.string) {
3304 printf("QueryDomainInfo level %u returned no PDC name\n",
3307 } else if (r.out.info->info2.role == SAMR_ROLE_DOMAIN_PDC) {
3308 if (dcerpc_server_name(p) && strcasecmp_m(dcerpc_server_name(p), r.out.info->info2.primary.string) != 0) {
3309 printf("QueryDomainInfo level %u returned different PDC name (%s) compared to server name (%s), despite claiming to be the PDC\n",
3310 levels[i], r.out.info->info2.primary.string, dcerpc_server_name(p));
3315 if (strcmp(r.out.info->info4.comment.string, domain_comment) != 0) {
3316 printf("QueryDomainInfo level %u returned different comment (%s, expected %s)\n",
3317 levels[i], r.out.info->info4.comment.string, domain_comment);
3322 if (!r.out.info->info6.primary.string) {
3323 printf("QueryDomainInfo level %u returned no PDC name\n",
3329 if (strcmp(r.out.info->info11.info2.comment.string, domain_comment) != 0) {
3330 printf("QueryDomainInfo level %u returned different comment (%s, expected %s)\n",
3331 levels[i], r.out.info->info11.info2.comment.string, domain_comment);
3337 printf("Testing SetDomainInfo level %u\n", levels[i]);
3339 s.in.domain_handle = handle;
3340 s.in.level = levels[i];
3341 s.in.info = r.out.info;
3343 status = dcerpc_samr_SetDomainInfo(p, mem_ctx, &s);
3345 if (!NT_STATUS_IS_OK(status)) {
3346 printf("SetDomainInfo level %u failed - %s\n",
3347 r.in.level, nt_errstr(status));
3352 if (!NT_STATUS_EQUAL(NT_STATUS_INVALID_INFO_CLASS, status)) {
3353 printf("SetDomainInfo level %u gave %s - should have been NT_STATUS_INVALID_INFO_CLASS\n",
3354 r.in.level, nt_errstr(status));
3360 status = dcerpc_samr_QueryDomainInfo(p, mem_ctx, &r);
3361 if (!NT_STATUS_IS_OK(status)) {
3362 printf("QueryDomainInfo level %u failed - %s\n",
3363 r.in.level, nt_errstr(status));
3373 static BOOL test_QueryDomainInfo2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
3374 struct policy_handle *handle)
3377 struct samr_QueryDomainInfo2 r;
3378 uint16_t levels[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 11, 12, 13};
3382 for (i=0;i<ARRAY_SIZE(levels);i++) {
3383 printf("Testing QueryDomainInfo2 level %u\n", levels[i]);
3385 r.in.domain_handle = handle;
3386 r.in.level = levels[i];
3388 status = dcerpc_samr_QueryDomainInfo2(p, mem_ctx, &r);
3389 if (!NT_STATUS_IS_OK(status)) {
3390 printf("QueryDomainInfo2 level %u failed - %s\n",
3391 r.in.level, nt_errstr(status));
3400 /* Test whether querydispinfo level 5 and enumdomgroups return the same
3401 set of group names. */
3402 static BOOL test_GroupList(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
3403 struct policy_handle *handle)
3405 struct samr_EnumDomainGroups q1;
3406 struct samr_QueryDisplayInfo q2;
3408 uint32_t resume_handle=0;
3413 const char **names = NULL;
3415 printf("Testing coherency of querydispinfo vs enumdomgroups\n");
3417 q1.in.domain_handle = handle;
3418 q1.in.resume_handle = &resume_handle;
3420 q1.out.resume_handle = &resume_handle;
3422 status = STATUS_MORE_ENTRIES;
3423 while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
3424 status = dcerpc_samr_EnumDomainGroups(p, mem_ctx, &q1);
3426 if (!NT_STATUS_IS_OK(status) &&
3427 !NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES))
3430 for (i=0; i<q1.out.num_entries; i++) {
3431 add_string_to_array(mem_ctx,
3432 q1.out.sam->entries[i].name.string,
3433 &names, &num_names);
3437 if (!NT_STATUS_IS_OK(status)) {
3438 printf("EnumDomainGroups failed - %s\n", nt_errstr(status));
3446 q2.in.domain_handle = handle;
3448 q2.in.start_idx = 0;
3449 q2.in.max_entries = 5;
3450 q2.in.buf_size = (uint32_t)-1;
3452 status = STATUS_MORE_ENTRIES;
3453 while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
3454 status = dcerpc_samr_QueryDisplayInfo(p, mem_ctx, &q2);
3456 if (!NT_STATUS_IS_OK(status) &&
3457 !NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES))
3460 for (i=0; i<q2.out.info.info5.count; i++) {
3462 const char *name = q2.out.info.info5.entries[i].account_name.string;
3464 for (j=0; j<num_names; j++) {
3465 if (names[j] == NULL)
3467 /* Hmm. No strequal in samba4 */
3468 if (strequal(names[j], name)) {
3476 printf("QueryDisplayInfo gave name [%s] that EnumDomainGroups did not\n",
3481 q2.in.start_idx += q2.out.info.info5.count;
3484 if (!NT_STATUS_IS_OK(status)) {
3485 printf("QueryDisplayInfo level 5 failed - %s\n",
3490 for (i=0; i<num_names; i++) {
3491 if (names[i] != NULL) {
3492 printf("EnumDomainGroups gave name [%s] that QueryDisplayInfo did not\n",
3501 static BOOL test_DeleteDomainGroup(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
3502 struct policy_handle *group_handle)
3504 struct samr_DeleteDomainGroup d;
3508 printf("Testing DeleteDomainGroup\n");
3510 d.in.group_handle = group_handle;
3511 d.out.group_handle = group_handle;
3513 status = dcerpc_samr_DeleteDomainGroup(p, mem_ctx, &d);
3514 if (!NT_STATUS_IS_OK(status)) {
3515 printf("DeleteDomainGroup failed - %s\n", nt_errstr(status));
3522 static BOOL test_TestPrivateFunctionsDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
3523 struct policy_handle *domain_handle)
3525 struct samr_TestPrivateFunctionsDomain r;
3529 printf("Testing TestPrivateFunctionsDomain\n");
3531 r.in.domain_handle = domain_handle;
3533 status = dcerpc_samr_TestPrivateFunctionsDomain(p, mem_ctx, &r);
3534 if (!NT_STATUS_EQUAL(NT_STATUS_NOT_IMPLEMENTED, status)) {
3535 printf("TestPrivateFunctionsDomain failed - %s\n", nt_errstr(status));
3542 static BOOL test_RidToSid(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
3543 struct dom_sid *domain_sid,
3544 struct policy_handle *domain_handle)
3546 struct samr_RidToSid r;
3549 struct dom_sid *calc_sid;
3550 int rids[] = { 0, 42, 512, 10200 };
3553 for (i=0;i<ARRAY_SIZE(rids);i++) {
3555 printf("Testing RidToSid\n");
3557 calc_sid = dom_sid_dup(mem_ctx, domain_sid);
3558 r.in.domain_handle = domain_handle;
3561 status = dcerpc_samr_RidToSid(p, mem_ctx, &r);
3562 if (!NT_STATUS_IS_OK(status)) {
3563 printf("RidToSid for %d failed - %s\n", rids[i], nt_errstr(status));
3566 calc_sid = dom_sid_add_rid(calc_sid, calc_sid, rids[i]);
3568 if (!dom_sid_equal(calc_sid, r.out.sid)) {
3569 printf("RidToSid for %d failed - got %s, expected %s\n", rids[i],
3570 dom_sid_string(mem_ctx, r.out.sid),
3571 dom_sid_string(mem_ctx, calc_sid));
3580 static BOOL test_GetBootKeyInformation(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
3581 struct policy_handle *domain_handle)
3583 struct samr_GetBootKeyInformation r;
3587 printf("Testing GetBootKeyInformation\n");
3589 r.in.domain_handle = domain_handle;
3591 status = dcerpc_samr_GetBootKeyInformation(p, mem_ctx, &r);
3592 if (!NT_STATUS_IS_OK(status)) {
3593 /* w2k3 seems to fail this sometimes and pass it sometimes */
3594 printf("GetBootKeyInformation (ignored) - %s\n", nt_errstr(status));
3600 static BOOL test_AddGroupMember(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
3601 struct policy_handle *domain_handle,
3602 struct policy_handle *group_handle)
3605 struct samr_AddGroupMember r;
3606 struct samr_DeleteGroupMember d;
3607 struct samr_QueryGroupMember q;
3608 struct samr_SetMemberAttributesOfGroup s;
3612 status = test_LookupName(p, mem_ctx, domain_handle, TEST_ACCOUNT_NAME, &rid);
3613 if (!NT_STATUS_IS_OK(status)) {
3614 printf("test_AddGroupMember looking up name " TEST_ACCOUNT_NAME " failed - %s\n", nt_errstr(status));
3618 r.in.group_handle = group_handle;
3620 r.in.flags = 0; /* ??? */
3622 printf("Testing AddGroupMember and DeleteGroupMember\n");
3624 d.in.group_handle = group_handle;
3627 status = dcerpc_samr_DeleteGroupMember(p, mem_ctx, &d);
3628 if (!NT_STATUS_EQUAL(NT_STATUS_MEMBER_NOT_IN_GROUP, status)) {
3629 printf("DeleteGroupMember gave %s - should be NT_STATUS_MEMBER_NOT_IN_GROUP\n",
3634 status = dcerpc_samr_AddGroupMember(p, mem_ctx, &r);
3635 if (!NT_STATUS_IS_OK(status)) {
3636 printf("AddGroupMember failed - %s\n", nt_errstr(status));
3640 status = dcerpc_samr_AddGroupMember(p, mem_ctx, &r);
3641 if (!NT_STATUS_EQUAL(NT_STATUS_MEMBER_IN_GROUP, status)) {
3642 printf("AddGroupMember gave %s - should be NT_STATUS_MEMBER_IN_GROUP\n",
3647 if (lp_parm_bool(-1, "torture", "samba4", False)) {
3648 printf("skipping SetMemberAttributesOfGroup test against Samba4\n");
3650 /* this one is quite strange. I am using random inputs in the
3651 hope of triggering an error that might give us a clue */
3653 s.in.group_handle = group_handle;
3654 s.in.unknown1 = random();
3655 s.in.unknown2 = random();
3657 status = dcerpc_samr_SetMemberAttributesOfGroup(p, mem_ctx, &s);
3658 if (!NT_STATUS_IS_OK(status)) {
3659 printf("SetMemberAttributesOfGroup failed - %s\n", nt_errstr(status));
3664 q.in.group_handle = group_handle;
3666 status = dcerpc_samr_QueryGroupMember(p, mem_ctx, &q);
3667 if (!NT_STATUS_IS_OK(status)) {
3668 printf("QueryGroupMember failed - %s\n", nt_errstr(status));
3672 status = dcerpc_samr_DeleteGroupMember(p, mem_ctx, &d);
3673 if (!NT_STATUS_IS_OK(status)) {
3674 printf("DeleteGroupMember failed - %s\n", nt_errstr(status));
3678 status = dcerpc_samr_AddGroupMember(p, mem_ctx, &r);
3679 if (!NT_STATUS_IS_OK(status)) {
3680 printf("AddGroupMember failed - %s\n", nt_errstr(status));
3688 static BOOL test_CreateDomainGroup(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
3689 struct policy_handle *domain_handle, struct policy_handle *group_handle)
3692 struct samr_CreateDomainGroup r;
3694 struct lsa_String name;
3697 init_lsa_String(&name, TEST_GROUPNAME);
3699 r.in.domain_handle = domain_handle;
3701 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
3702 r.out.group_handle = group_handle;
3705 printf("Testing CreateDomainGroup(%s)\n", r.in.name->string);
3707 status = dcerpc_samr_CreateDomainGroup(p, mem_ctx, &r);
3709 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
3710 printf("Server refused create of '%s'\n", r.in.name->string);
3711 ZERO_STRUCTP(group_handle);
3715 if (NT_STATUS_EQUAL(status, NT_STATUS_GROUP_EXISTS)) {
3716 if (!test_DeleteGroup_byname(p, mem_ctx, domain_handle, r.in.name->string)) {
3718 printf("CreateDomainGroup failed: Could not delete domain group %s - %s\n", r.in.name->string,
3722 status = dcerpc_samr_CreateDomainGroup(p, mem_ctx, &r);
3724 if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
3725 if (!test_DeleteUser_byname(p, mem_ctx, domain_handle, r.in.name->string)) {
3727 printf("CreateDomainGroup failed: Could not delete user %s - %s\n", r.in.name->string,
3731 status = dcerpc_samr_CreateDomainGroup(p, mem_ctx, &r);
3733 if (!NT_STATUS_IS_OK(status)) {
3734 printf("CreateDomainGroup failed - %s\n", nt_errstr(status));
3738 if (!test_AddGroupMember(p, mem_ctx, domain_handle, group_handle)) {
3739 printf("CreateDomainGroup failed - %s\n", nt_errstr(status));
3743 if (!test_SetGroupInfo(p, mem_ctx, group_handle)) {
3752 its not totally clear what this does. It seems to accept any sid you like.
3754 static BOOL test_RemoveMemberFromForeignDomain(struct dcerpc_pipe *p,
3755 TALLOC_CTX *mem_ctx,
3756 struct policy_handle *domain_handle)
3759 struct samr_RemoveMemberFromForeignDomain r;
3761 r.in.domain_handle = domain_handle;
3762 r.in.sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-12-34-56-78");
3764 status = dcerpc_samr_RemoveMemberFromForeignDomain(p, mem_ctx, &r);
3765 if (!NT_STATUS_IS_OK(status)) {
3766 printf("RemoveMemberFromForeignDomain failed - %s\n", nt_errstr(status));
3775 static BOOL test_Connect(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
3776 struct policy_handle *handle);
3778 static BOOL test_OpenDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
3779 struct policy_handle *handle, struct dom_sid *sid,
3780 enum torture_samr_choice which_ops)
3783 struct samr_OpenDomain r;
3784 struct policy_handle domain_handle;
3785 struct policy_handle alias_handle;
3786 struct policy_handle user_handle;
3787 struct policy_handle group_handle;
3790 ZERO_STRUCT(alias_handle);
3791 ZERO_STRUCT(user_handle);
3792 ZERO_STRUCT(group_handle);
3793 ZERO_STRUCT(domain_handle);
3795 printf("Testing OpenDomain\n");
3797 r.in.connect_handle = handle;
3798 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
3800 r.out.domain_handle = &domain_handle;
3802 status = dcerpc_samr_OpenDomain(p, mem_ctx, &r);
3803 if (!NT_STATUS_IS_OK(status)) {
3804 printf("OpenDomain failed - %s\n", nt_errstr(status));
3808 /* run the domain tests with the main handle closed - this tests
3809 the servers reference counting */
3810 ret &= test_samr_handle_Close(p, mem_ctx, handle);
3812 switch (which_ops) {
3813 case TORTURE_SAMR_USER_ATTRIBUTES:
3814 case TORTURE_SAMR_PASSWORDS:
3815 ret &= test_CreateUser(p, mem_ctx, &domain_handle, NULL, which_ops);
3816 ret &= test_CreateUser2(p, mem_ctx, &domain_handle, which_ops);
3818 case TORTURE_SAMR_OTHER:
3819 ret &= test_CreateUser(p, mem_ctx, &domain_handle, &user_handle, which_ops);
3820 ret &= test_QuerySecurity(p, mem_ctx, &domain_handle);
3821 ret &= test_RemoveMemberFromForeignDomain(p, mem_ctx, &domain_handle);
3822 ret &= test_CreateAlias(p, mem_ctx, &domain_handle, &alias_handle, sid);
3823 ret &= test_CreateDomainGroup(p, mem_ctx, &domain_handle, &group_handle);
3824 ret &= test_QueryDomainInfo(p, mem_ctx, &domain_handle);
3825 ret &= test_QueryDomainInfo2(p, mem_ctx, &domain_handle);
3826 ret &= test_EnumDomainUsers(p, mem_ctx, &domain_handle);
3827 ret &= test_EnumDomainUsers_async(p, mem_ctx, &domain_handle);
3828 ret &= test_EnumDomainGroups(p, mem_ctx, &domain_handle);
3829 ret &= test_EnumDomainAliases(p, mem_ctx, &domain_handle);
3830 ret &= test_QueryDisplayInfo(p, mem_ctx, &domain_handle);
3831 ret &= test_QueryDisplayInfo2(p, mem_ctx, &domain_handle);
3832 ret &= test_QueryDisplayInfo3(p, mem_ctx, &domain_handle);
3833 ret &= test_QueryDisplayInfo_continue(p, mem_ctx, &domain_handle);
3835 if (lp_parm_bool(-1, "torture", "samba4", False)) {
3836 printf("skipping GetDisplayEnumerationIndex test against Samba4\n");
3838 ret &= test_GetDisplayEnumerationIndex(p, mem_ctx, &domain_handle);
3839 ret &= test_GetDisplayEnumerationIndex2(p, mem_ctx, &domain_handle);
3841 ret &= test_GroupList(p, mem_ctx, &domain_handle);
3842 ret &= test_TestPrivateFunctionsDomain(p, mem_ctx, &domain_handle);
3843 ret &= test_RidToSid(p, mem_ctx, sid, &domain_handle);
3844 ret &= test_GetBootKeyInformation(p, mem_ctx, &domain_handle);
3848 if (!policy_handle_empty(&user_handle) &&
3849 !test_DeleteUser(p, mem_ctx, &user_handle)) {
3853 if (!policy_handle_empty(&alias_handle) &&
3854 !test_DeleteAlias(p, mem_ctx, &alias_handle)) {
3858 if (!policy_handle_empty(&group_handle) &&
3859 !test_DeleteDomainGroup(p, mem_ctx, &group_handle)) {
3863 ret &= test_samr_handle_Close(p, mem_ctx, &domain_handle);
3865 /* reconnect the main handle */
3866 ret &= test_Connect(p, mem_ctx, handle);
3869 printf("Testing domain %s failed!\n", dom_sid_string(mem_ctx, sid));
3875 static BOOL test_LookupDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
3876 struct policy_handle *handle, const char *domain,
3877 enum torture_samr_choice which_ops)
3880 struct samr_LookupDomain r;
3881 struct lsa_String n1;
3882 struct lsa_String n2;
3885 printf("Testing LookupDomain(%s)\n", domain);
3887 /* check for correct error codes */
3888 r.in.connect_handle = handle;
3889 r.in.domain_name = &n2;
3892 status = dcerpc_samr_LookupDomain(p, mem_ctx, &r);
3893 if (!NT_STATUS_EQUAL(NT_STATUS_INVALID_PARAMETER, status)) {
3894 printf("failed: LookupDomain expected NT_STATUS_INVALID_PARAMETER - %s\n", nt_errstr(status));
3898 init_lsa_String(&n2, "xxNODOMAINxx");
3900 status = dcerpc_samr_LookupDomain(p, mem_ctx, &r);
3901 if (!NT_STATUS_EQUAL(NT_STATUS_NO_SUCH_DOMAIN, status)) {
3902 printf("failed: LookupDomain expected NT_STATUS_NO_SUCH_DOMAIN - %s\n", nt_errstr(status));
3906 r.in.connect_handle = handle;
3908 init_lsa_String(&n1, domain);
3909 r.in.domain_name = &n1;
3911 status = dcerpc_samr_LookupDomain(p, mem_ctx, &r);
3912 if (!NT_STATUS_IS_OK(status)) {
3913 printf("LookupDomain failed - %s\n", nt_errstr(status));
3917 if (!test_GetDomPwInfo(p, mem_ctx, &n1)) {
3921 if (!test_OpenDomain(p, mem_ctx, handle, r.out.sid, which_ops)) {
3929 static BOOL test_EnumDomains(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
3930 struct policy_handle *handle, enum torture_samr_choice which_ops)
3933 struct samr_EnumDomains r;
3934 uint32_t resume_handle = 0;
3938 r.in.connect_handle = handle;
3939 r.in.resume_handle = &resume_handle;
3940 r.in.buf_size = (uint32_t)-1;
3941 r.out.resume_handle = &resume_handle;
3943 status = dcerpc_samr_EnumDomains(p, mem_ctx, &r);
3944 if (!NT_STATUS_IS_OK(status)) {
3945 printf("EnumDomains failed - %s\n", nt_errstr(status));
3953 for (i=0;i<r.out.sam->count;i++) {
3954 if (!test_LookupDomain(p, mem_ctx, handle,
3955 r.out.sam->entries[i].name.string, which_ops)) {
3960 status = dcerpc_samr_EnumDomains(p, mem_ctx, &r);
3961 if (!NT_STATUS_IS_OK(status)) {
3962 printf("EnumDomains failed - %s\n", nt_errstr(status));
3970 static BOOL test_Connect(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
3971 struct policy_handle *handle)
3974 struct samr_Connect r;
3975 struct samr_Connect2 r2;
3976 struct samr_Connect3 r3;
3977 struct samr_Connect4 r4;
3978 struct samr_Connect5 r5;
3979 union samr_ConnectInfo info;
3980 struct policy_handle h;
3981 BOOL ret = True, got_handle = False;
3983 printf("testing samr_Connect\n");
3985 r.in.system_name = 0;
3986 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
3987 r.out.connect_handle = &h;
3989 status = dcerpc_samr_Connect(p, mem_ctx, &r);
3990 if (!NT_STATUS_IS_OK(status)) {
3991 printf("Connect failed - %s\n", nt_errstr(status));
3998 printf("testing samr_Connect2\n");
4000 r2.in.system_name = NULL;
4001 r2.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
4002 r2.out.connect_handle = &h;
4004 status = dcerpc_samr_Connect2(p, mem_ctx, &r2);
4005 if (!NT_STATUS_IS_OK(status)) {
4006 printf("Connect2 failed - %s\n", nt_errstr(status));
4010 test_samr_handle_Close(p, mem_ctx, handle);
4016 printf("testing samr_Connect3\n");
4018 r3.in.system_name = NULL;
4020 r3.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
4021 r3.out.connect_handle = &h;
4023 status = dcerpc_samr_Connect3(p, mem_ctx, &r3);
4024 if (!NT_STATUS_IS_OK(status)) {
4025 printf("Connect3 failed - %s\n", nt_errstr(status));
4029 test_samr_handle_Close(p, mem_ctx, handle);
4035 printf("testing samr_Connect4\n");
4037 r4.in.system_name = "";
4039 r4.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
4040 r4.out.connect_handle = &h;
4042 status = dcerpc_samr_Connect4(p, mem_ctx, &r4);
4043 if (!NT_STATUS_IS_OK(status)) {
4044 printf("Connect4 failed - %s\n", nt_errstr(status));
4048 test_samr_handle_Close(p, mem_ctx, handle);
4054 printf("testing samr_Connect5\n");
4056 info.info1.unknown1 = 0;
4057 info.info1.unknown2 = 0;
4059 r5.in.system_name = "";
4060 r5.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
4063 r5.out.info = &info;
4064 r5.out.connect_handle = &h;
4066 status = dcerpc_samr_Connect5(p, mem_ctx, &r5);
4067 if (!NT_STATUS_IS_OK(status)) {
4068 printf("Connect5 failed - %s\n", nt_errstr(status));
4072 test_samr_handle_Close(p, mem_ctx, handle);
4082 BOOL torture_rpc_samr(struct torture_context *torture)
4085 struct dcerpc_pipe *p;
4087 struct policy_handle handle;
4089 status = torture_rpc_connection(torture, &p, &dcerpc_table_samr);
4090 if (!NT_STATUS_IS_OK(status)) {
4094 ret &= test_Connect(p, torture, &handle);
4096 ret &= test_QuerySecurity(p, torture, &handle);
4098 ret &= test_EnumDomains(p, torture, &handle, TORTURE_SAMR_OTHER);
4100 ret &= test_SetDsrmPassword(p, torture, &handle);
4102 ret &= test_Shutdown(p, torture, &handle);
4104 ret &= test_samr_handle_Close(p, torture, &handle);
4110 BOOL torture_rpc_samr_users(struct torture_context *torture)
4113 struct dcerpc_pipe *p;
4115 struct policy_handle handle;
4117 status = torture_rpc_connection(torture, &p, &dcerpc_table_samr);
4118 if (!NT_STATUS_IS_OK(status)) {
4122 ret &= test_Connect(p, torture, &handle);
4124 ret &= test_QuerySecurity(p, torture, &handle);
4126 ret &= test_EnumDomains(p, torture, &handle, TORTURE_SAMR_USER_ATTRIBUTES);
4128 ret &= test_SetDsrmPassword(p, torture, &handle);
4130 ret &= test_Shutdown(p, torture, &handle);
4132 ret &= test_samr_handle_Close(p, torture, &handle);
4138 BOOL torture_rpc_samr_passwords(struct torture_context *torture)
4141 struct dcerpc_pipe *p;
4143 struct policy_handle handle;
4145 status = torture_rpc_connection(torture, &p, &dcerpc_table_samr);
4146 if (!NT_STATUS_IS_OK(status)) {
4150 ret &= test_Connect(p, torture, &handle);
4152 ret &= test_EnumDomains(p, torture, &handle, TORTURE_SAMR_PASSWORDS);
4154 ret &= test_samr_handle_Close(p, torture, &handle);
git.samba.org / ira / wip.git / blob