Unix SMB/CIFS implementation.
SMB torture tester - winbind struct based protocol
Copyright (C) Stefan Metzmacher 2007
+ Copyright (C) Michael Adam 2007
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
*/
#include "includes.h"
-#include "pstring.h"
#include "torture/torture.h"
-#include "torture/winbind/proto.h"
#include "nsswitch/winbind_client.h"
#include "libcli/security/security.h"
#include "librpc/gen_ndr/netlogon.h"
#include "param/param.h"
-#include "auth/pam_errors.h"
+#include "auth/ntlm/pam_errors.h"
#define DO_STRUCT_REQ_REP_EXT(op,req,rep,expected,strict,warnaction,cmt) do { \
NSS_STATUS __got, __expected = (expected); \
return true;
}
+
+static char winbind_separator(struct torture_context *torture)
+{
+ struct winbindd_response rep;
+
+ ZERO_STRUCT(rep);
+
+ DO_STRUCT_REQ_REP(WINBINDD_INFO, NULL, &rep);
+
+ return rep.data.info.winbind_separator;
+}
+
static bool torture_winbind_struct_info(struct torture_context *torture)
{
struct winbindd_response rep;
separator = torture_setting_string(torture,
"winbindd separator",
- lp_winbind_separator(global_loadparm));
+ lp_winbind_separator(torture->lp_ctx));
torture_assert_int_equal(torture,
rep.data.info.winbind_separator,
*separator,
static bool torture_winbind_struct_priv_pipe_dir(struct torture_context *torture)
{
struct winbindd_response rep;
- const char *default_dir;
- const char *expected_dir;
const char *got_dir;
ZERO_STRUCT(rep);
torture_assert(torture, got_dir, "NULL WINBINDD_PRIV_PIPE_DIR\n");
- default_dir = lock_path(torture, WINBINDD_PRIV_SOCKET_SUBDIR);
- expected_dir = torture_setting_string(torture,
- "winbindd private pipe dir",
- default_dir);
-
- torture_assert_str_equal(torture, got_dir, expected_dir,
- "WINBINDD_PRIV_PIPE_DIR doesn't match");
-
SAFE_FREE(rep.extra_data.data);
return true;
}
expected = torture_setting_string(torture,
"winbindd netbios name",
- lp_netbios_name(global_loadparm));
-
+ lp_netbios_name(torture->lp_ctx));
+ expected = strupper_talloc(torture, expected);
+
torture_assert_str_equal(torture,
rep.data.netbios_name, expected,
"winbindd's netbios name doesn't match");
return true;
}
-static bool torture_winbind_struct_domain_name(struct torture_context *torture)
+static bool get_winbind_domain(struct torture_context *torture, char **domain)
{
struct winbindd_response rep;
- const char *expected;
ZERO_STRUCT(rep);
- torture_comment(torture, "Running WINBINDD_DOMAIN_NAME (struct based)\n");
-
DO_STRUCT_REQ_REP(WINBINDD_DOMAIN_NAME, NULL, &rep);
+ *domain = talloc_strdup(torture, rep.data.domain_name);
+ torture_assert(torture, domain, "talloc error");
+
+ return true;
+}
+
+static bool torture_winbind_struct_domain_name(struct torture_context *torture)
+{
+ const char *expected;
+ char *domain;
+
+ torture_comment(torture, "Running WINBINDD_DOMAIN_NAME (struct based)\n");
+
expected = torture_setting_string(torture,
"winbindd netbios domain",
- lp_workgroup(global_loadparm));
+ lp_workgroup(torture->lp_ctx));
- torture_assert_str_equal(torture,
- rep.data.domain_name, expected,
+ get_winbind_domain(torture, &domain);
+
+ torture_assert_str_equal(torture, domain, expected,
"winbindd's netbios domain doesn't match");
return true;
torture_assert_str_equal(torture,
rep.data.auth.error_string,
- nt_errstr(NT_STATUS_OK),
+ get_friendly_nt_error_msg(NT_STATUS_OK),
"WINBINDD_CHECK_MACHACC ok: error_string");
torture_assert_int_equal(torture,
struct winbindd_response rep;
struct torture_trust_domain *d = NULL;
uint32_t dcount = 0;
- fstring line;
+ char line[256];
const char *extra_data;
ZERO_STRUCT(req);
DO_STRUCT_REQ_REP(WINBINDD_LIST_TRUSTDOM, &req, &rep);
extra_data = (char *)rep.extra_data.data;
+ if (!extra_data) {
+ return true;
+ }
+
torture_assert(torture, extra_data, "NULL trust list");
- while (next_token(&extra_data, line, "\n", sizeof(fstring))) {
+ while (next_token(&extra_data, line, "\n", sizeof(line))) {
char *p, *lp;
d = talloc_realloc(torture, d,
DO_STRUCT_REQ_REP(WINBINDD_LIST_TRUSTDOM, &req, &rep);
list1 = (char *)rep.extra_data.data;
- torture_assert(torture, list1, "NULL trust list");
torture_comment(torture, "%s\n", list1);
DO_STRUCT_REQ_REP(WINBINDD_LIST_TRUSTDOM, &req, &rep);
list2 = (char *)rep.extra_data.data;
- torture_assert(torture, list2, "NULL trust list");
/*
* The list_all_domains parameter should be ignored
ok = get_trusted_domains(torture, &listd);
torture_assert(torture, ok, "failed to get trust list");
- for (i=0; listd[i].netbios_name; i++) {
+ for (i=0; listd && listd[i].netbios_name; i++) {
if (i == 0) {
struct dom_sid *builtin_sid;
ok = get_trusted_domains(torture, &listd);
torture_assert(torture, ok, "failed to get trust list");
- for (i=0; listd[i].netbios_name; i++) {
+ for (i=0; listd && listd[i].netbios_name; i++) {
struct winbindd_request req;
struct winbindd_response rep;
struct dom_sid *sid;
{
bool ok;
bool strict = torture_setting_bool(torture, "strict mode", false);
+ const char *domain_name = torture_setting_string(torture,
+ "winbindd netbios domain",
+ lp_workgroup(torture->lp_ctx));
struct torture_trust_domain *listd = NULL;
- uint32_t i;
+ uint32_t i, count = 0;
torture_comment(torture, "Running WINBINDD_GETDCNAME (struct based)\n");
ok = get_trusted_domains(torture, &listd);
torture_assert(torture, ok, "failed to get trust list");
- for (i=0; listd[i].netbios_name; i++) {
+ for (i=0; listd && listd[i].netbios_name; i++) {
struct winbindd_request req;
struct winbindd_response rep;
+ /* getdcname is not expected to work on "BUILTIN" or our own
+ * domain */
+ if (strequal(listd[i].netbios_name, "BUILTIN") ||
+ strequal(listd[i].netbios_name, domain_name)) {
+ continue;
+ }
+
ZERO_STRUCT(req);
ZERO_STRUCT(rep);
/* TODO: check rep.data.dc_name; */
torture_comment(torture, "DOMAIN '%s' => DCNAME '%s'\n",
req.domain_name, rep.data.dc_name);
+ count++;
}
+ if (strict) {
+ torture_assert(torture, count > 0,
+ "WiNBINDD_GETDCNAME was not tested");
+ }
return true;
}
ok = get_trusted_domains(torture, &listd);
torture_assert(torture, ok, "failed to get trust list");
- for (i=0; listd[i].netbios_name; i++) {
+ for (i=0; listd && listd[i].netbios_name; i++) {
struct winbindd_request req;
struct winbindd_response rep;
return true;
}
-static bool torture_winbind_struct_list_users(struct torture_context *torture)
+static bool get_user_list(struct torture_context *torture, char ***users)
{
struct winbindd_request req;
struct winbindd_response rep;
+ char **u = NULL;
+ uint32_t count;
+ char name[256];
+ const char *extra_data;
+
+ ZERO_STRUCT(req);
+ ZERO_STRUCT(rep);
+
+ DO_STRUCT_REQ_REP(WINBINDD_LIST_USERS, &req, &rep);
+
+ extra_data = (char *)rep.extra_data.data;
+ torture_assert(torture, extra_data, "NULL extra data");
+
+ for(count = 0;
+ next_token(&extra_data, name, ",", sizeof(name));
+ count++)
+ {
+ u = talloc_realloc(torture, u, char *, count + 2);
+ u[count+1] = NULL;
+ u[count] = talloc_strdup(u, name);
+ }
+
+ SAFE_FREE(rep.extra_data.data);
+
+ *users = u;
+ return true;
+}
+
+static bool torture_winbind_struct_list_users(struct torture_context *torture)
+{
+ char **users;
+ uint32_t count;
+ bool ok;
torture_comment(torture, "Running WINBINDD_LIST_USERS (struct based)\n");
+ ok = get_user_list(torture, &users);
+ torture_assert(torture, ok, "failed to get user list");
+
+ for (count = 0; users[count]; count++) { }
+
+ torture_comment(torture, "got %d users\n", count);
+
+ return true;
+}
+
+static bool get_group_list(struct torture_context *torture, char ***groups)
+{
+ struct winbindd_request req;
+ struct winbindd_response rep;
+ char **g = NULL;
+ uint32_t count;
+ char name[256];
+ const char *extra_data;
+
ZERO_STRUCT(req);
ZERO_STRUCT(rep);
- DO_STRUCT_REQ_REP(WINBINDD_LIST_USERS, &req, &rep);
+ DO_STRUCT_REQ_REP(WINBINDD_LIST_GROUPS, &req, &rep);
+
+ extra_data = (char *)rep.extra_data.data;
+ torture_assert(torture, extra_data, "NULL extra data");
+
+ for(count = 0;
+ next_token(&extra_data, name, ",", sizeof(name));
+ count++)
+ {
+ g = talloc_realloc(torture, g, char *, count + 2);
+ g[count+1] = NULL;
+ g[count] = talloc_strdup(g, name);
+ }
+
+ SAFE_FREE(rep.extra_data.data);
+ *groups = g;
return true;
}
static bool torture_winbind_struct_list_groups(struct torture_context *torture)
+{
+ char **groups;
+ uint32_t count;
+ bool ok;
+
+ torture_comment(torture, "Running WINBINDD_LIST_GROUPS (struct based)\n");
+
+ ok = get_group_list(torture, &groups);
+ torture_assert(torture, ok, "failed to get group list");
+
+ for (count = 0; groups[count]; count++) { }
+
+ torture_comment(torture, "got %d groups\n", count);
+
+ return true;
+}
+
+struct torture_domain_sequence {
+ const char *netbios_name;
+ uint32_t seq;
+};
+
+static bool get_sequence_numbers(struct torture_context *torture,
+ struct torture_domain_sequence **seqs)
{
struct winbindd_request req;
struct winbindd_response rep;
+ const char *extra_data;
+ char line[256];
+ uint32_t count = 0;
+ struct torture_domain_sequence *s = NULL;
- torture_comment(torture, "Running WINBINDD_LIST_GROUPS (struct based)\n");
+ ZERO_STRUCT(req);
+ ZERO_STRUCT(rep);
+
+ DO_STRUCT_REQ_REP(WINBINDD_SHOW_SEQUENCE, &req, &rep);
+
+ extra_data = (char *)rep.extra_data.data;
+ torture_assert(torture, extra_data, "NULL sequence list");
+
+ while (next_token(&extra_data, line, "\n", sizeof(line))) {
+ char *p, *lp;
+ uint32_t seq;
+
+ s = talloc_realloc(torture, s, struct torture_domain_sequence,
+ count + 2);
+ ZERO_STRUCT(s[count+1]);
+
+ lp = line;
+ p = strchr(lp, ' ');
+ torture_assert(torture, p, "invalid line format");
+ *p = 0;
+ s[count].netbios_name = talloc_strdup(s, lp);
+
+ lp = p+1;
+ torture_assert(torture, strncmp(lp, ": ", 2) == 0,
+ "invalid line format");
+ lp += 2;
+ if (strcmp(lp, "DISCONNECTED") == 0) {
+ seq = (uint32_t)-1;
+ } else {
+ seq = (uint32_t)strtol(lp, &p, 10);
+ torture_assert(torture, (*p == '\0'),
+ "invalid line format");
+ torture_assert(torture, (seq != (uint32_t)-1),
+ "sequence number -1 encountered");
+ }
+ s[count].seq = seq;
+
+ count++;
+ }
+ SAFE_FREE(rep.extra_data.data);
+
+ torture_assert(torture, count >= 2, "The list of domain sequence "
+ "numbers should contain 2 entries");
+
+ *seqs = s;
+ return true;
+}
+
+static bool torture_winbind_struct_show_sequence(struct torture_context *torture)
+{
+ bool ok;
+ uint32_t i;
+ struct torture_trust_domain *domlist = NULL;
+ struct torture_domain_sequence *s = NULL;
+
+ torture_comment(torture, "Running WINBINDD_SHOW_SEQUENCE (struct based)\n");
+
+ ok = get_sequence_numbers(torture, &s);
+ torture_assert(torture, ok, "failed to get list of sequence numbers");
+
+ ok = get_trusted_domains(torture, &domlist);
+ torture_assert(torture, ok, "failed to get trust list");
+
+ for (i=0; domlist[i].netbios_name; i++) {
+ struct winbindd_request req;
+ struct winbindd_response rep;
+ uint32_t seq;
+
+ torture_assert(torture, s[i].netbios_name,
+ "more domains recieved in second run");
+ torture_assert_str_equal(torture, domlist[i].netbios_name,
+ s[i].netbios_name,
+ "inconsistent order of domain lists");
+
+ ZERO_STRUCT(req);
+ ZERO_STRUCT(rep);
+ fstrcpy(req.domain_name, domlist[i].netbios_name);
+
+ DO_STRUCT_REQ_REP(WINBINDD_SHOW_SEQUENCE, &req, &rep);
+
+ seq = rep.data.sequence_number;
+
+ if (i == 0) {
+ torture_assert(torture, (seq != (uint32_t)-1),
+ "BUILTIN domain disconnected");
+ } else if (i == 1) {
+ torture_assert(torture, (seq != (uint32_t)-1),
+ "local domain disconnected");
+ }
+
+
+ if (seq == (uint32_t)-1) {
+ torture_comment(torture, " * %s : DISCONNECTED\n",
+ req.domain_name);
+ } else {
+ torture_comment(torture, " * %s : %d\n",
+ req.domain_name, seq);
+ }
+ torture_assert(torture, (seq >= s[i].seq),
+ "illegal sequence number encountered");
+ }
+
+ return true;
+}
+
+static bool torture_winbind_struct_setpwent(struct torture_context *torture)
+{
+ struct winbindd_request req;
+ struct winbindd_response rep;
+
+ torture_comment(torture, "Running WINBINDD_SETPWENT (struct based)\n");
ZERO_STRUCT(req);
ZERO_STRUCT(rep);
- DO_STRUCT_REQ_REP(WINBINDD_LIST_GROUPS, &req, &rep);
+ DO_STRUCT_REQ_REP(WINBINDD_SETPWENT, &req, &rep);
+
+ return true;
+}
+
+static bool torture_winbind_struct_getpwent(struct torture_context *torture)
+{
+ struct winbindd_request req;
+ struct winbindd_response rep;
+ struct winbindd_pw *pwent;
+
+ torture_comment(torture, "Running WINBINDD_GETPWENT (struct based)\n");
+
+ torture_comment(torture, " - Running WINBINDD_SETPWENT first\n");
+ ZERO_STRUCT(req);
+ ZERO_STRUCT(rep);
+ DO_STRUCT_REQ_REP(WINBINDD_SETPWENT, &req, &rep);
+
+ torture_comment(torture, " - Running WINBINDD_GETPWENT now\n");
+ ZERO_STRUCT(req);
+ ZERO_STRUCT(rep);
+ req.data.num_entries = 1;
+ DO_STRUCT_REQ_REP(WINBINDD_GETPWENT, &req, &rep);
+ pwent = (struct winbindd_pw *)rep.extra_data.data;
+ torture_assert(torture, (pwent != NULL), "NULL pwent");
+ torture_comment(torture, "name: %s, uid: %d, gid: %d, shell: %s\n",
+ pwent->pw_name, pwent->pw_uid, pwent->pw_gid,
+ pwent->pw_shell);
+
+ return true;
+}
+
+static bool torture_winbind_struct_endpwent(struct torture_context *torture)
+{
+ struct winbindd_request req;
+ struct winbindd_response rep;
+
+ torture_comment(torture, "Running WINBINDD_ENDPWENT (struct based)\n");
+
+ ZERO_STRUCT(req);
+ ZERO_STRUCT(rep);
+
+ DO_STRUCT_REQ_REP(WINBINDD_ENDPWENT, &req, &rep);
+
+ return true;
+}
+
+/* Copy of parse_domain_user from winbindd_util.c. Parse a string of the
+ form DOMAIN/user into a domain and a user */
+
+static bool parse_domain_user(struct torture_context *torture,
+ const char *domuser, fstring domain,
+ fstring user)
+{
+ char *p = strchr(domuser, winbind_separator(torture));
+ char *dom;
+
+ if (!p) {
+ /* Maybe it was a UPN? */
+ if ((p = strchr(domuser, '@')) != NULL) {
+ fstrcpy(domain, "");
+ fstrcpy(user, domuser);
+ return true;
+ }
+
+ fstrcpy(user, domuser);
+ get_winbind_domain(torture, &dom);
+ fstrcpy(domain, dom);
+ return true;
+ }
+
+ fstrcpy(user, p+1);
+ fstrcpy(domain, domuser);
+ domain[PTR_DIFF(p, domuser)] = 0;
+ strupper_m(domain);
+
+ return true;
+}
+
+static bool lookup_name_sid_list(struct torture_context *torture, char **list)
+{
+ uint32_t count;
+
+ for (count = 0; list[count]; count++) {
+ struct winbindd_request req;
+ struct winbindd_response rep;
+ char *sid;
+ char *name;
+
+ ZERO_STRUCT(req);
+ ZERO_STRUCT(rep);
+
+ parse_domain_user(torture, list[count], req.data.name.dom_name,
+ req.data.name.name);
+
+ DO_STRUCT_REQ_REP(WINBINDD_LOOKUPNAME, &req, &rep);
+
+ sid = talloc_strdup(torture, rep.data.sid.sid);
+
+ ZERO_STRUCT(req);
+ ZERO_STRUCT(rep);
+
+ fstrcpy(req.data.sid, sid);
+
+ DO_STRUCT_REQ_REP(WINBINDD_LOOKUPSID, &req, &rep);
+
+ name = talloc_asprintf(torture, "%s%c%s",
+ rep.data.name.dom_name,
+ winbind_separator(torture),
+ rep.data.name.name);
+
+ torture_assert_casestr_equal(torture, list[count], name,
+ "LOOKUP_SID after LOOKUP_NAME != id");
+
+#if 0
+ torture_comment(torture, " %s -> %s -> %s\n", list[count],
+ sid, name);
+#endif
+
+ talloc_free(sid);
+ talloc_free(name);
+ }
+
+ return true;
+}
+
+static bool name_is_in_list(const char *name, const char **list)
+{
+ uint32_t count;
+
+ for (count = 0; list[count]; count++) {
+ if (strequal(name, list[count])) {
+ return true;
+ }
+ }
+ return false;
+}
+
+static bool torture_winbind_struct_lookup_name_sid(struct torture_context *torture)
+{
+ struct winbindd_request req;
+ struct winbindd_response rep;
+ const char *invalid_sid = "S-0-0-7";
+ char *domain;
+ const char *invalid_user = "noone";
+ char *invalid_name;
+ bool strict = torture_setting_bool(torture, "strict mode", false);
+ char **users;
+ char **groups;
+ uint32_t count;
+ bool ok;
+
+ torture_comment(torture, "Running WINBINDD_LOOKUP_NAME_SID (struct based)\n");
+
+ ok = get_user_list(torture, &users);
+ torture_assert(torture, ok, "failed to retrieve list of users");
+ lookup_name_sid_list(torture, users);
+
+ ok = get_group_list(torture, &groups);
+ torture_assert(torture, ok, "failed to retrieve list of groups");
+ lookup_name_sid_list(torture, groups);
+
+ ZERO_STRUCT(req);
+ ZERO_STRUCT(rep);
+
+ fstrcpy(req.data.sid, invalid_sid);
+
+ ok = true;
+ DO_STRUCT_REQ_REP_EXT(WINBINDD_LOOKUPSID, &req, &rep,
+ NSS_STATUS_NOTFOUND,
+ strict,
+ ok=false,
+ talloc_asprintf(torture,
+ "invalid sid %s was resolved",
+ invalid_sid));
+
+ ZERO_STRUCT(req);
+ ZERO_STRUCT(rep);
+
+ /* try to find an invalid name... */
+
+ count = 0;
+ get_winbind_domain(torture, &domain);
+ do {
+ count++;
+ invalid_name = talloc_asprintf(torture, "%s\\%s%u",
+ domain,
+ invalid_user, count);
+ } while(name_is_in_list(invalid_name, (const char **)users) ||
+ name_is_in_list(invalid_name, (const char **)groups));
+
+ fstrcpy(req.data.name.dom_name, domain);
+ fstrcpy(req.data.name.name,
+ talloc_asprintf(torture, "%s%u", invalid_user,
+ count));
+
+ ok = true;
+ DO_STRUCT_REQ_REP_EXT(WINBINDD_LOOKUPNAME, &req, &rep,
+ NSS_STATUS_NOTFOUND,
+ strict,
+ ok=false,
+ talloc_asprintf(torture,
+ "invalid name %s was resolved",
+ invalid_name));
+
+ talloc_free(users);
+ talloc_free(groups);
return true;
}
torture_suite_add_simple_test(suite, "DSGETDCNAME", torture_winbind_struct_dsgetdcname);
torture_suite_add_simple_test(suite, "LIST_USERS", torture_winbind_struct_list_users);
torture_suite_add_simple_test(suite, "LIST_GROUPS", torture_winbind_struct_list_groups);
+ torture_suite_add_simple_test(suite, "SHOW_SEQUENCE", torture_winbind_struct_show_sequence);
+ torture_suite_add_simple_test(suite, "SETPWENT", torture_winbind_struct_setpwent);
+ torture_suite_add_simple_test(suite, "GETPWENT", torture_winbind_struct_getpwent);
+ torture_suite_add_simple_test(suite, "ENDPWENT", torture_winbind_struct_endpwent);
+ torture_suite_add_simple_test(suite, "LOOKUP_NAME_SID", torture_winbind_struct_lookup_name_sid);
suite->description = talloc_strdup(suite, "WINBIND - struct based protocol tests");