TORTURE_SAMR_MANY_ALIASES
};
+struct torture_samr_context {
+ struct policy_handle handle;
+ struct cli_credentials *machine_credentials;
+ enum torture_samr_choice choice;
+ uint32_t num_objects_large_dc;
+};
+
static bool test_QueryUserInfo(struct dcerpc_pipe *p,
struct torture_context *tctx,
struct policy_handle *handle);
return true;
}
+static bool test_GetAliasMembership(struct dcerpc_pipe *p,
+ struct torture_context *tctx,
+ struct policy_handle *domain_handle)
+{
+ struct samr_GetAliasMembership r;
+ struct lsa_SidArray sids;
+ struct samr_Ids rids;
+ NTSTATUS status;
+
+ torture_comment(tctx, "Testing GetAliasMembership\n");
+
+ if (torture_setting_bool(tctx, "samba4", false)) {
+ torture_skip(tctx, "skipping GetAliasMembership against s4");
+ }
+
+ r.in.domain_handle = domain_handle;
+ r.in.sids = &sids;
+ r.out.rids = &rids;
+
+ sids.num_sids = 0;
+ sids.sids = talloc_zero_array(tctx, struct lsa_SidPtr, sids.num_sids);
+
+ status = dcerpc_samr_GetAliasMembership(p, tctx, &r);
+ torture_assert_ntstatus_ok(tctx, status,
+ "samr_GetAliasMembership failed");
+
+ torture_assert_int_equal(tctx, sids.num_sids, rids.count,
+ "protocol misbehaviour");
+
+ sids.num_sids = 1;
+ sids.sids = talloc_zero_array(tctx, struct lsa_SidPtr, sids.num_sids);
+ sids.sids[0].sid = dom_sid_parse_talloc(tctx, "S-1-5-32-1-2-3-1");
+
+ status = dcerpc_samr_GetAliasMembership(p, tctx, &r);
+ torture_assert_ntstatus_ok(tctx, status,
+ "samr_GetAliasMembership failed");
+
+#if 0
+ /* only true for w2k8 it seems
+ * win7, xp, w2k3 will return a 0 length array pointer */
+
+ torture_assert(tctx, (rids.ids && !rids.count),
+ "samr_GetAliasMembership protocol misbehaviour");
+#endif
+ torture_assert(tctx, (!rids.ids && rids.count),
+ "samr_GetAliasMembership protocol misbehaviour");
+
+ return true;
+}
+
static bool test_TestPrivateFunctionsUser(struct dcerpc_pipe *p, struct torture_context *tctx,
struct policy_handle *user_handle)
{
struct torture_context *tctx,
struct policy_handle *domain_handle,
struct dom_sid *domain_sid,
- enum torture_samr_choice which_ops)
+ struct torture_samr_context *ctx)
{
- uint32_t num_total = 1500;
+ uint32_t num_total = ctx->num_objects_large_dc;
uint32_t num_enum = 0;
uint32_t num_disp = 0;
uint32_t num_created = 0;
torture_assert_ntstatus_ok(tctx, status,
"failed to query domain info");
- switch (which_ops) {
+ switch (ctx->choice) {
case TORTURE_SAMR_MANY_ACCOUNTS:
num_anounced = info->general.num_users;
break;
const char *name = NULL;
- switch (which_ops) {
+ switch (ctx->choice) {
case TORTURE_SAMR_MANY_ACCOUNTS:
name = talloc_asprintf(tctx, "%s%04d", TEST_ACCOUNT_NAME, i);
ret &= test_CreateUser(p, tctx, domain_handle, name, &handles[i], domain_sid, 0, NULL, false);
/* enum */
- switch (which_ops) {
+ switch (ctx->choice) {
case TORTURE_SAMR_MANY_ACCOUNTS:
ret &= test_EnumDomainUsers(p, tctx, domain_handle, &num_enum);
break;
/* dispinfo */
- switch (which_ops) {
+ switch (ctx->choice) {
case TORTURE_SAMR_MANY_ACCOUNTS:
ret &= test_QueryDisplayInfo_level(p, tctx, domain_handle, 1, &num_disp);
break;
if (torture_setting_bool(tctx, "samba3", false)) {
ret &= test_samr_handle_Close(p, tctx, &handles[i]);
} else {
- switch (which_ops) {
+ switch (ctx->choice) {
case TORTURE_SAMR_MANY_ACCOUNTS:
ret &= test_DeleteUser(p, tctx, &handles[i]);
break;
talloc_free(handles);
- if (which_ops == TORTURE_SAMR_MANY_ACCOUNTS && num_enum != num_anounced + num_created) {
+ if (ctx->choice == TORTURE_SAMR_MANY_ACCOUNTS && num_enum != num_anounced + num_created) {
torture_comment(tctx,
"unexpected number of results (%u) returned in enum call, expected %u\n",
num_enum, num_anounced + num_created);
struct policy_handle *handle);
static bool test_OpenDomain(struct dcerpc_pipe *p, struct torture_context *tctx,
- struct policy_handle *handle, struct dom_sid *sid,
- enum torture_samr_choice which_ops,
- struct cli_credentials *machine_credentials)
+ struct torture_samr_context *ctx, struct dom_sid *sid)
{
NTSTATUS status;
struct samr_OpenDomain r;
torture_comment(tctx, "Testing OpenDomain of %s\n", dom_sid_string(tctx, sid));
- r.in.connect_handle = handle;
+ r.in.connect_handle = &ctx->handle;
r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
r.in.sid = sid;
r.out.domain_handle = &domain_handle;
/* run the domain tests with the main handle closed - this tests
the servers reference counting */
- torture_assert(tctx, test_samr_handle_Close(p, tctx, handle), "Failed to close SAMR handle");
+ torture_assert(tctx, test_samr_handle_Close(p, tctx, &ctx->handle), "Failed to close SAMR handle");
- switch (which_ops) {
+ switch (ctx->choice) {
case TORTURE_SAMR_PASSWORDS:
case TORTURE_SAMR_USER_PRIVILEGES:
if (!torture_setting_bool(tctx, "samba3", false)) {
- ret &= test_CreateUser2(p, tctx, &domain_handle, sid, which_ops, NULL);
+ ret &= test_CreateUser2(p, tctx, &domain_handle, sid, ctx->choice, NULL);
}
- ret &= test_CreateUser(p, tctx, &domain_handle, TEST_ACCOUNT_NAME, &user_handle, sid, which_ops, NULL, true);
+ ret &= test_CreateUser(p, tctx, &domain_handle, TEST_ACCOUNT_NAME, &user_handle, sid, ctx->choice, NULL, true);
if (!ret) {
torture_warning(tctx, "Testing PASSWORDS or PRIVILEGES on domain %s failed!\n", dom_sid_string(tctx, sid));
}
break;
case TORTURE_SAMR_USER_ATTRIBUTES:
if (!torture_setting_bool(tctx, "samba3", false)) {
- ret &= test_CreateUser2(p, tctx, &domain_handle, sid, which_ops, NULL);
+ ret &= test_CreateUser2(p, tctx, &domain_handle, sid, ctx->choice, NULL);
}
- ret &= test_CreateUser(p, tctx, &domain_handle, TEST_ACCOUNT_NAME, &user_handle, sid, which_ops, NULL, true);
+ ret &= test_CreateUser(p, tctx, &domain_handle, TEST_ACCOUNT_NAME, &user_handle, sid, ctx->choice, NULL, true);
/* This test needs 'complex' users to validate */
ret &= test_QueryDisplayInfo(p, tctx, &domain_handle);
if (!ret) {
break;
case TORTURE_SAMR_PASSWORDS_PWDLASTSET:
if (!torture_setting_bool(tctx, "samba3", false)) {
- ret &= test_CreateUser2(p, tctx, &domain_handle, sid, which_ops, machine_credentials);
+ ret &= test_CreateUser2(p, tctx, &domain_handle, sid, ctx->choice, ctx->machine_credentials);
}
- ret &= test_CreateUser(p, tctx, &domain_handle, TEST_ACCOUNT_NAME, &user_handle, sid, which_ops, machine_credentials, true);
+ ret &= test_CreateUser(p, tctx, &domain_handle, TEST_ACCOUNT_NAME, &user_handle, sid, ctx->choice, ctx->machine_credentials, true);
if (!ret) {
torture_warning(tctx, "Testing PASSWORDS PWDLASTSET on domain %s failed!\n", dom_sid_string(tctx, sid));
}
case TORTURE_SAMR_MANY_ACCOUNTS:
case TORTURE_SAMR_MANY_GROUPS:
case TORTURE_SAMR_MANY_ALIASES:
- ret &= test_ManyObjects(p, tctx, &domain_handle, sid, which_ops);
+ ret &= test_ManyObjects(p, tctx, &domain_handle, sid, ctx);
if (!ret) {
torture_warning(tctx, "Testing MANY-{ACCOUNTS,GROUPS,ALIASES} on domain %s failed!\n", dom_sid_string(tctx, sid));
}
break;
case TORTURE_SAMR_OTHER:
- ret &= test_CreateUser(p, tctx, &domain_handle, TEST_ACCOUNT_NAME, &user_handle, sid, which_ops, NULL, true);
+ ret &= test_CreateUser(p, tctx, &domain_handle, TEST_ACCOUNT_NAME, &user_handle, sid, ctx->choice, NULL, true);
if (!ret) {
torture_warning(tctx, "Failed to CreateUser in SAMR-OTHER on domain %s!\n", dom_sid_string(tctx, sid));
}
ret &= test_RemoveMemberFromForeignDomain(p, tctx, &domain_handle);
ret &= test_CreateAlias(p, tctx, &domain_handle, TEST_ALIASNAME, &alias_handle, sid, true);
ret &= test_CreateDomainGroup(p, tctx, &domain_handle, TEST_GROUPNAME, &group_handle, sid, true);
+ ret &= test_GetAliasMembership(p, tctx, &domain_handle);
ret &= test_QueryDomainInfo(p, tctx, &domain_handle);
ret &= test_QueryDomainInfo2(p, tctx, &domain_handle);
ret &= test_EnumDomainUsers_all(p, tctx, &domain_handle);
torture_assert(tctx, test_samr_handle_Close(p, tctx, &domain_handle), "Failed to close SAMR domain handle");
- torture_assert(tctx, test_Connect(p, tctx, handle), "Faile to re-connect SAMR handle");
+ torture_assert(tctx, test_Connect(p, tctx, &ctx->handle), "Faile to re-connect SAMR handle");
/* reconnect the main handle */
if (!ret) {
}
static bool test_LookupDomain(struct dcerpc_pipe *p, struct torture_context *tctx,
- struct policy_handle *handle, const char *domain,
- enum torture_samr_choice which_ops,
- struct cli_credentials *machine_credentials)
+ struct torture_samr_context *ctx, const char *domain)
{
NTSTATUS status;
struct samr_LookupDomain r;
torture_comment(tctx, "Testing LookupDomain(%s)\n", domain);
/* check for correct error codes */
- r.in.connect_handle = handle;
+ r.in.connect_handle = &ctx->handle;
r.in.domain_name = &n2;
r.out.sid = &sid;
n2.string = NULL;
status = dcerpc_samr_LookupDomain(p, tctx, &r);
torture_assert_ntstatus_equal(tctx, NT_STATUS_NO_SUCH_DOMAIN, status, "LookupDomain expected NT_STATUS_NO_SUCH_DOMAIN");
- r.in.connect_handle = handle;
+ r.in.connect_handle = &ctx->handle;
init_lsa_String(&n1, domain);
r.in.domain_name = &n1;
ret = false;
}
- if (!test_OpenDomain(p, tctx, handle, *r.out.sid, which_ops,
- machine_credentials)) {
+ if (!test_OpenDomain(p, tctx, ctx, *r.out.sid)) {
ret = false;
}
static bool test_EnumDomains(struct dcerpc_pipe *p, struct torture_context *tctx,
- struct policy_handle *handle, enum torture_samr_choice which_ops,
- struct cli_credentials *machine_credentials)
+ struct torture_samr_context *ctx)
{
NTSTATUS status;
struct samr_EnumDomains r;
int i;
bool ret = true;
- r.in.connect_handle = handle;
+ r.in.connect_handle = &ctx->handle;
r.in.resume_handle = &resume_handle;
r.in.buf_size = (uint32_t)-1;
r.out.resume_handle = &resume_handle;
}
for (i=0;i<sam->count;i++) {
- if (!test_LookupDomain(p, tctx, handle,
- sam->entries[i].name.string, which_ops,
- machine_credentials)) {
+ if (!test_LookupDomain(p, tctx, ctx,
+ sam->entries[i].name.string)) {
ret = false;
}
}
NTSTATUS status;
struct dcerpc_pipe *p;
bool ret = true;
- struct policy_handle handle;
+ struct torture_samr_context *ctx;
status = torture_rpc_connection(torture, &p, &ndr_table_samr);
if (!NT_STATUS_IS_OK(status)) {
return false;
}
- ret &= test_Connect(p, torture, &handle);
+ ctx = talloc_zero(torture, struct torture_samr_context);
+
+ ctx->choice = TORTURE_SAMR_OTHER;
+
+ ret &= test_Connect(p, torture, &ctx->handle);
if (!torture_setting_bool(torture, "samba3", false)) {
- ret &= test_QuerySecurity(p, torture, &handle);
+ ret &= test_QuerySecurity(p, torture, &ctx->handle);
}
- ret &= test_EnumDomains(p, torture, &handle, TORTURE_SAMR_OTHER, NULL);
+ ret &= test_EnumDomains(p, torture, ctx);
- ret &= test_SetDsrmPassword(p, torture, &handle);
+ ret &= test_SetDsrmPassword(p, torture, &ctx->handle);
- ret &= test_Shutdown(p, torture, &handle);
+ ret &= test_Shutdown(p, torture, &ctx->handle);
- ret &= test_samr_handle_Close(p, torture, &handle);
+ ret &= test_samr_handle_Close(p, torture, &ctx->handle);
return ret;
}
NTSTATUS status;
struct dcerpc_pipe *p;
bool ret = true;
- struct policy_handle handle;
+ struct torture_samr_context *ctx;
status = torture_rpc_connection(torture, &p, &ndr_table_samr);
if (!NT_STATUS_IS_OK(status)) {
return false;
}
- ret &= test_Connect(p, torture, &handle);
+ ctx = talloc_zero(torture, struct torture_samr_context);
+
+ ctx->choice = TORTURE_SAMR_USER_ATTRIBUTES;
+
+ ret &= test_Connect(p, torture, &ctx->handle);
if (!torture_setting_bool(torture, "samba3", false)) {
- ret &= test_QuerySecurity(p, torture, &handle);
+ ret &= test_QuerySecurity(p, torture, &ctx->handle);
}
- ret &= test_EnumDomains(p, torture, &handle, TORTURE_SAMR_USER_ATTRIBUTES, NULL);
+ ret &= test_EnumDomains(p, torture, ctx);
- ret &= test_SetDsrmPassword(p, torture, &handle);
+ ret &= test_SetDsrmPassword(p, torture, &ctx->handle);
- ret &= test_Shutdown(p, torture, &handle);
+ ret &= test_Shutdown(p, torture, &ctx->handle);
- ret &= test_samr_handle_Close(p, torture, &handle);
+ ret &= test_samr_handle_Close(p, torture, &ctx->handle);
return ret;
}
NTSTATUS status;
struct dcerpc_pipe *p;
bool ret = true;
- struct policy_handle handle;
+ struct torture_samr_context *ctx;
status = torture_rpc_connection(torture, &p, &ndr_table_samr);
if (!NT_STATUS_IS_OK(status)) {
return false;
}
- ret &= test_Connect(p, torture, &handle);
+ ctx = talloc_zero(torture, struct torture_samr_context);
- ret &= test_EnumDomains(p, torture, &handle, TORTURE_SAMR_PASSWORDS, NULL);
+ ctx->choice = TORTURE_SAMR_PASSWORDS;
- ret &= test_samr_handle_Close(p, torture, &handle);
+ ret &= test_Connect(p, torture, &ctx->handle);
+
+ ret &= test_EnumDomains(p, torture, ctx);
+
+ ret &= test_samr_handle_Close(p, torture, &ctx->handle);
ret &= test_samr_ValidatePassword(p, torture);
NTSTATUS status;
struct dcerpc_pipe *p;
bool ret = true;
- struct policy_handle handle;
+ struct torture_samr_context *ctx;
status = torture_rpc_connection(torture, &p, &ndr_table_samr);
if (!NT_STATUS_IS_OK(status)) {
return false;
}
- ret &= test_Connect(p, torture, &handle);
+ ctx = talloc_zero(torture, struct torture_samr_context);
- ret &= test_EnumDomains(p, torture, &handle,
- TORTURE_SAMR_PASSWORDS_PWDLASTSET,
- machine_credentials);
+ ctx->choice = TORTURE_SAMR_PASSWORDS_PWDLASTSET;
+ ctx->machine_credentials = machine_credentials;
- ret &= test_samr_handle_Close(p, torture, &handle);
+ ret &= test_Connect(p, torture, &ctx->handle);
+
+ ret &= test_EnumDomains(p, torture, ctx);
+
+ ret &= test_samr_handle_Close(p, torture, &ctx->handle);
return ret;
}
NTSTATUS status;
struct dcerpc_pipe *p;
bool ret = true;
- struct policy_handle handle;
+ struct torture_samr_context *ctx;
status = torture_rpc_connection(torture, &p, &ndr_table_samr);
if (!NT_STATUS_IS_OK(status)) {
return false;
}
- ret &= test_Connect(p, torture, &handle);
+ ctx = talloc_zero(torture, struct torture_samr_context);
+
+ ctx->choice = TORTURE_SAMR_USER_PRIVILEGES;
+ ctx->machine_credentials = machine_credentials;
- ret &= test_EnumDomains(p, torture, &handle,
- TORTURE_SAMR_USER_PRIVILEGES,
- machine_credentials);
+ ret &= test_Connect(p, torture, &ctx->handle);
- ret &= test_samr_handle_Close(p, torture, &handle);
+ ret &= test_EnumDomains(p, torture, ctx);
+
+ ret &= test_samr_handle_Close(p, torture, &ctx->handle);
return ret;
}
static bool torture_rpc_samr_many_accounts(struct torture_context *torture,
struct dcerpc_pipe *p2,
- struct cli_credentials *machine_credentials)
+ void *data)
{
NTSTATUS status;
struct dcerpc_pipe *p;
bool ret = true;
- struct policy_handle handle;
+ struct torture_samr_context *ctx =
+ talloc_get_type_abort(data, struct torture_samr_context);
status = torture_rpc_connection(torture, &p, &ndr_table_samr);
if (!NT_STATUS_IS_OK(status)) {
return false;
}
- ret &= test_Connect(p, torture, &handle);
+ ctx->choice = TORTURE_SAMR_MANY_ACCOUNTS;
+ ctx->num_objects_large_dc = torture_setting_int(torture, "large_dc",
+ ctx->num_objects_large_dc);
- ret &= test_EnumDomains(p, torture, &handle,
- TORTURE_SAMR_MANY_ACCOUNTS,
- machine_credentials);
+ ret &= test_Connect(p, torture, &ctx->handle);
- ret &= test_samr_handle_Close(p, torture, &handle);
+ ret &= test_EnumDomains(p, torture, ctx);
+
+ ret &= test_samr_handle_Close(p, torture, &ctx->handle);
return ret;
}
static bool torture_rpc_samr_many_groups(struct torture_context *torture,
struct dcerpc_pipe *p2,
- struct cli_credentials *machine_credentials)
+ void *data)
{
NTSTATUS status;
struct dcerpc_pipe *p;
bool ret = true;
- struct policy_handle handle;
+ struct torture_samr_context *ctx =
+ talloc_get_type_abort(data, struct torture_samr_context);
status = torture_rpc_connection(torture, &p, &ndr_table_samr);
if (!NT_STATUS_IS_OK(status)) {
return false;
}
- ret &= test_Connect(p, torture, &handle);
+ ctx->choice = TORTURE_SAMR_MANY_GROUPS;
+ ctx->num_objects_large_dc = torture_setting_int(torture, "large_dc",
+ ctx->num_objects_large_dc);
- ret &= test_EnumDomains(p, torture, &handle,
- TORTURE_SAMR_MANY_GROUPS,
- machine_credentials);
+ ret &= test_Connect(p, torture, &ctx->handle);
- ret &= test_samr_handle_Close(p, torture, &handle);
+ ret &= test_EnumDomains(p, torture, ctx);
+
+ ret &= test_samr_handle_Close(p, torture, &ctx->handle);
return ret;
}
static bool torture_rpc_samr_many_aliases(struct torture_context *torture,
struct dcerpc_pipe *p2,
- struct cli_credentials *machine_credentials)
+ void *data)
{
NTSTATUS status;
struct dcerpc_pipe *p;
bool ret = true;
- struct policy_handle handle;
+ struct torture_samr_context *ctx =
+ talloc_get_type_abort(data, struct torture_samr_context);
status = torture_rpc_connection(torture, &p, &ndr_table_samr);
if (!NT_STATUS_IS_OK(status)) {
return false;
}
- ret &= test_Connect(p, torture, &handle);
+ ctx->choice = TORTURE_SAMR_MANY_ALIASES;
+ ctx->num_objects_large_dc = torture_setting_int(torture, "large_dc",
+ ctx->num_objects_large_dc);
- ret &= test_EnumDomains(p, torture, &handle,
- TORTURE_SAMR_MANY_ALIASES,
- machine_credentials);
+ ret &= test_Connect(p, torture, &ctx->handle);
- ret &= test_samr_handle_Close(p, torture, &handle);
+ ret &= test_EnumDomains(p, torture, ctx);
+
+ ret &= test_samr_handle_Close(p, torture, &ctx->handle);
return ret;
}
{
struct torture_suite *suite = torture_suite_create(mem_ctx, "SAMR-LARGE-DC");
struct torture_rpc_tcase *tcase;
+ struct torture_samr_context *ctx;
- tcase = torture_suite_add_machine_bdc_rpc_iface_tcase(suite, "samr",
- &ndr_table_samr,
- TEST_ACCOUNT_NAME);
+ tcase = torture_suite_add_rpc_iface_tcase(suite, "samr", &ndr_table_samr);
+
+ ctx = talloc_zero(suite, struct torture_samr_context);
+ ctx->num_objects_large_dc = 150;
- torture_rpc_tcase_add_test_creds(tcase, "many_aliases",
- torture_rpc_samr_many_aliases);
- torture_rpc_tcase_add_test_creds(tcase, "many_groups",
- torture_rpc_samr_many_groups);
- torture_rpc_tcase_add_test_creds(tcase, "many_accounts",
- torture_rpc_samr_many_accounts);
+ torture_rpc_tcase_add_test_ex(tcase, "many_aliases",
+ torture_rpc_samr_many_aliases, ctx);
+ torture_rpc_tcase_add_test_ex(tcase, "many_groups",
+ torture_rpc_samr_many_groups, ctx);
+ torture_rpc_tcase_add_test_ex(tcase, "many_accounts",
+ torture_rpc_samr_many_accounts, ctx);
return suite;
}
-