2 Unix SMB/CIFS implementation.
4 dcerpc torture tests, designed to walk Samba3 code paths
6 Copyright (C) Volker Lendecke 2006
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "libcli/raw/libcliraw.h"
24 #include "libcli/raw/raw_proto.h"
25 #include "torture/util.h"
26 #include "libcli/rap/rap.h"
27 #include "librpc/gen_ndr/ndr_lsa_c.h"
28 #include "librpc/gen_ndr/ndr_samr_c.h"
29 #include "librpc/gen_ndr/ndr_netlogon_c.h"
30 #include "librpc/gen_ndr/ndr_srvsvc_c.h"
31 #include "librpc/gen_ndr/ndr_spoolss_c.h"
32 #include "librpc/gen_ndr/ndr_winreg_c.h"
33 #include "librpc/gen_ndr/ndr_wkssvc_c.h"
34 #include "lib/cmdline/popt_common.h"
35 #include "torture/rpc/torture_rpc.h"
36 #include "libcli/libcli.h"
37 #include "libcli/smb_composite/smb_composite.h"
38 #include "libcli/auth/libcli_auth.h"
39 #include "../lib/crypto/crypto.h"
40 #include "libcli/security/security.h"
41 #include "param/param.h"
42 #include "lib/registry/registry.h"
43 #include "libcli/resolve/resolve.h"
44 #include "torture/ndr/ndr.h"
45 #include "libcli/smb2/smb2.h"
46 #include "libcli/smb2/smb2_calls.h"
47 #include "librpc/rpc/dcerpc.h"
48 #include "librpc/rpc/dcerpc_proto.h"
51 * This tests a RPC call using an invalid vuid
54 bool torture_bind_authcontext(struct torture_context *torture)
59 struct lsa_ObjectAttribute objectattr;
60 struct lsa_OpenPolicy2 openpolicy;
61 struct policy_handle handle;
62 struct lsa_Close close_handle;
63 struct smbcli_session *tmp;
64 struct smbcli_session *session2;
65 struct smbcli_state *cli;
66 struct dcerpc_pipe *lsa_pipe;
67 struct dcerpc_binding_handle *lsa_handle;
68 struct cli_credentials *anon_creds;
69 struct smb_composite_sesssetup setup;
70 struct smbcli_options options;
71 struct smbcli_session_options session_options;
73 mem_ctx = talloc_init("torture_bind_authcontext");
75 if (mem_ctx == NULL) {
76 torture_comment(torture, "talloc_init failed\n");
80 lpcfg_smbcli_options(torture->lp_ctx, &options);
81 lpcfg_smbcli_session_options(torture->lp_ctx, &session_options);
83 status = smbcli_full_connection(mem_ctx, &cli,
84 torture_setting_string(torture, "host", NULL),
85 lpcfg_smb_ports(torture->lp_ctx),
87 lpcfg_socket_options(torture->lp_ctx),
89 lpcfg_resolve_context(torture->lp_ctx),
90 torture->ev, &options, &session_options,
91 lpcfg_gensec_settings(torture, torture->lp_ctx));
92 if (!NT_STATUS_IS_OK(status)) {
93 torture_comment(torture, "smbcli_full_connection failed: %s\n",
98 lsa_pipe = dcerpc_pipe_init(mem_ctx, torture->ev);
99 if (lsa_pipe == NULL) {
100 torture_comment(torture, "dcerpc_pipe_init failed\n");
103 lsa_handle = lsa_pipe->binding_handle;
105 status = dcerpc_pipe_open_smb(lsa_pipe, cli->tree, "\\lsarpc");
106 if (!NT_STATUS_IS_OK(status)) {
107 torture_comment(torture, "dcerpc_pipe_open_smb failed: %s\n",
112 status = dcerpc_bind_auth_none(lsa_pipe, &ndr_table_lsarpc);
113 if (!NT_STATUS_IS_OK(status)) {
114 torture_comment(torture, "dcerpc_bind_auth_none failed: %s\n",
119 openpolicy.in.system_name =talloc_asprintf(
120 mem_ctx, "\\\\%s", dcerpc_server_name(lsa_pipe));
121 ZERO_STRUCT(objectattr);
122 openpolicy.in.attr = &objectattr;
123 openpolicy.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
124 openpolicy.out.handle = &handle;
126 status = dcerpc_lsa_OpenPolicy2_r(lsa_handle, mem_ctx, &openpolicy);
128 if (!NT_STATUS_IS_OK(status)) {
129 torture_comment(torture, "dcerpc_lsa_OpenPolicy2 failed: %s\n",
133 if (!NT_STATUS_IS_OK(openpolicy.out.result)) {
134 torture_comment(torture, "dcerpc_lsa_OpenPolicy2 failed: %s\n",
135 nt_errstr(openpolicy.out.result));
139 close_handle.in.handle = &handle;
140 close_handle.out.handle = &handle;
142 status = dcerpc_lsa_Close_r(lsa_handle, mem_ctx, &close_handle);
143 if (!NT_STATUS_IS_OK(status)) {
144 torture_comment(torture, "dcerpc_lsa_Close failed: %s\n",
148 if (!NT_STATUS_IS_OK(close_handle.out.result)) {
149 torture_comment(torture, "dcerpc_lsa_Close failed: %s\n",
150 nt_errstr(close_handle.out.result));
154 session2 = smbcli_session_init(cli->transport, mem_ctx, false, session_options);
155 if (session2 == NULL) {
156 torture_comment(torture, "smbcli_session_init failed\n");
160 if (!(anon_creds = cli_credentials_init_anon(mem_ctx))) {
161 torture_comment(torture, "create_anon_creds failed\n");
165 setup.in.sesskey = cli->transport->negotiate.sesskey;
166 setup.in.capabilities = cli->transport->negotiate.capabilities;
167 setup.in.workgroup = "";
168 setup.in.credentials = anon_creds;
169 setup.in.gensec_settings = lpcfg_gensec_settings(torture, torture->lp_ctx);
171 status = smb_composite_sesssetup(session2, &setup);
172 if (!NT_STATUS_IS_OK(status)) {
173 torture_comment(torture, "anon session setup failed: %s\n",
177 session2->vuid = setup.out.vuid;
179 tmp = cli->tree->session;
180 cli->tree->session = session2;
182 status = dcerpc_lsa_OpenPolicy2_r(lsa_handle, mem_ctx, &openpolicy);
184 cli->tree->session = tmp;
185 talloc_free(lsa_pipe);
188 if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_HANDLE)) {
189 torture_comment(torture, "dcerpc_lsa_OpenPolicy2 with wrong vuid gave %s, "
190 "expected NT_STATUS_INVALID_HANDLE\n",
197 talloc_free(mem_ctx);
202 * Bind to lsa using a specific auth method
205 static bool bindtest(struct torture_context *tctx,
206 struct smbcli_state *cli,
207 struct cli_credentials *credentials,
208 uint8_t auth_type, uint8_t auth_level)
214 struct dcerpc_pipe *lsa_pipe;
215 struct dcerpc_binding_handle *lsa_handle;
216 struct lsa_ObjectAttribute objectattr;
217 struct lsa_OpenPolicy2 openpolicy;
218 struct lsa_QueryInfoPolicy query;
219 union lsa_PolicyInformation *info = NULL;
220 struct policy_handle handle;
221 struct lsa_Close close_handle;
223 if ((mem_ctx = talloc_init("bindtest")) == NULL) {
224 torture_comment(tctx, "talloc_init failed\n");
228 lsa_pipe = dcerpc_pipe_init(mem_ctx, tctx->ev);
229 if (lsa_pipe == NULL) {
230 torture_comment(tctx, "dcerpc_pipe_init failed\n");
233 lsa_handle = lsa_pipe->binding_handle;
235 status = dcerpc_pipe_open_smb(lsa_pipe, cli->tree, "\\lsarpc");
236 if (!NT_STATUS_IS_OK(status)) {
237 torture_comment(tctx, "dcerpc_pipe_open_smb failed: %s\n",
242 status = dcerpc_bind_auth(lsa_pipe, &ndr_table_lsarpc,
243 credentials, lpcfg_gensec_settings(tctx->lp_ctx, tctx->lp_ctx), auth_type, auth_level,
245 if (!NT_STATUS_IS_OK(status)) {
246 torture_comment(tctx, "dcerpc_bind_auth failed: %s\n", nt_errstr(status));
250 openpolicy.in.system_name =talloc_asprintf(
251 mem_ctx, "\\\\%s", dcerpc_server_name(lsa_pipe));
252 ZERO_STRUCT(objectattr);
253 openpolicy.in.attr = &objectattr;
254 openpolicy.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
255 openpolicy.out.handle = &handle;
257 status = dcerpc_lsa_OpenPolicy2_r(lsa_handle, mem_ctx, &openpolicy);
259 if (!NT_STATUS_IS_OK(status)) {
260 torture_comment(tctx, "dcerpc_lsa_OpenPolicy2 failed: %s\n",
264 if (!NT_STATUS_IS_OK(openpolicy.out.result)) {
265 torture_comment(tctx, "dcerpc_lsa_OpenPolicy2 failed: %s\n",
266 nt_errstr(openpolicy.out.result));
270 query.in.handle = &handle;
271 query.in.level = LSA_POLICY_INFO_DOMAIN;
272 query.out.info = &info;
274 status = dcerpc_lsa_QueryInfoPolicy_r(lsa_handle, mem_ctx, &query);
275 if (!NT_STATUS_IS_OK(status)) {
276 torture_comment(tctx, "dcerpc_lsa_QueryInfoPolicy failed: %s\n",
280 if (!NT_STATUS_IS_OK(query.out.result)) {
281 torture_comment(tctx, "dcerpc_lsa_QueryInfoPolicy failed: %s\n",
282 nt_errstr(query.out.result));
286 close_handle.in.handle = &handle;
287 close_handle.out.handle = &handle;
289 status = dcerpc_lsa_Close_r(lsa_handle, mem_ctx, &close_handle);
290 if (!NT_STATUS_IS_OK(status)) {
291 torture_comment(tctx, "dcerpc_lsa_Close failed: %s\n",
295 if (!NT_STATUS_IS_OK(close_handle.out.result)) {
296 torture_comment(tctx, "dcerpc_lsa_Close failed: %s\n",
297 nt_errstr(close_handle.out.result));
304 talloc_free(mem_ctx);
309 * test authenticated RPC binds with the variants Samba3 does support
312 static bool torture_bind_samba3(struct torture_context *torture)
317 struct smbcli_state *cli;
318 struct smbcli_options options;
319 struct smbcli_session_options session_options;
321 mem_ctx = talloc_init("torture_bind_authcontext");
323 if (mem_ctx == NULL) {
324 torture_comment(torture, "talloc_init failed\n");
328 lpcfg_smbcli_options(torture->lp_ctx, &options);
329 lpcfg_smbcli_session_options(torture->lp_ctx, &session_options);
331 status = smbcli_full_connection(mem_ctx, &cli,
332 torture_setting_string(torture, "host", NULL),
333 lpcfg_smb_ports(torture->lp_ctx),
335 lpcfg_socket_options(torture->lp_ctx),
337 lpcfg_resolve_context(torture->lp_ctx),
338 torture->ev, &options, &session_options,
339 lpcfg_gensec_settings(torture, torture->lp_ctx));
340 if (!NT_STATUS_IS_OK(status)) {
341 torture_comment(torture, "smbcli_full_connection failed: %s\n",
348 ret &= bindtest(torture, cli, cmdline_credentials, DCERPC_AUTH_TYPE_NTLMSSP,
349 DCERPC_AUTH_LEVEL_INTEGRITY);
350 ret &= bindtest(torture, cli, cmdline_credentials, DCERPC_AUTH_TYPE_NTLMSSP,
351 DCERPC_AUTH_LEVEL_PRIVACY);
352 ret &= bindtest(torture, cli, cmdline_credentials, DCERPC_AUTH_TYPE_SPNEGO,
353 DCERPC_AUTH_LEVEL_INTEGRITY);
354 ret &= bindtest(torture, cli, cmdline_credentials, DCERPC_AUTH_TYPE_SPNEGO,
355 DCERPC_AUTH_LEVEL_PRIVACY);
358 talloc_free(mem_ctx);
363 * Lookup or create a user and return all necessary info
366 static bool get_usr_handle(struct torture_context *tctx,
367 struct smbcli_state *cli,
369 struct cli_credentials *admin_creds,
372 const char *username,
374 struct dcerpc_pipe **result_pipe,
375 struct policy_handle **result_handle,
376 struct dom_sid **sid_p)
378 struct dcerpc_pipe *samr_pipe;
379 struct dcerpc_binding_handle *samr_handle;
381 struct policy_handle conn_handle;
382 struct policy_handle domain_handle;
383 struct policy_handle *user_handle;
384 struct samr_Connect2 conn;
385 struct samr_EnumDomains enumdom;
386 uint32_t resume_handle = 0;
387 uint32_t num_entries = 0;
388 struct samr_SamArray *sam = NULL;
389 struct samr_LookupDomain l;
390 struct dom_sid2 *sid = NULL;
392 struct lsa_String domain_name;
393 struct lsa_String user_name;
394 struct samr_OpenDomain o;
395 struct samr_CreateUser2 c;
396 uint32_t user_rid,access_granted;
398 samr_pipe = dcerpc_pipe_init(mem_ctx, tctx->ev);
399 torture_assert(tctx, samr_pipe, "dcerpc_pipe_init failed");
401 samr_handle = samr_pipe->binding_handle;
403 torture_assert_ntstatus_ok(tctx,
404 dcerpc_pipe_open_smb(samr_pipe, cli->tree, "\\samr"),
405 "dcerpc_pipe_open_smb failed");
407 if (admin_creds != NULL) {
408 torture_assert_ntstatus_ok(tctx,
409 dcerpc_bind_auth(samr_pipe, &ndr_table_samr,
410 admin_creds, lpcfg_gensec_settings(tctx->lp_ctx, tctx->lp_ctx), auth_type, auth_level,
412 "dcerpc_bind_auth failed");
414 /* We must have an authenticated SMB connection */
415 torture_assert_ntstatus_ok(tctx,
416 dcerpc_bind_auth_none(samr_pipe, &ndr_table_samr),
417 "dcerpc_bind_auth_none failed");
420 conn.in.system_name = talloc_asprintf(
421 mem_ctx, "\\\\%s", dcerpc_server_name(samr_pipe));
422 conn.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
423 conn.out.connect_handle = &conn_handle;
425 torture_assert_ntstatus_ok(tctx,
426 dcerpc_samr_Connect2_r(samr_handle, mem_ctx, &conn),
427 "samr_Connect2 failed");
428 torture_assert_ntstatus_ok(tctx, conn.out.result,
429 "samr_Connect2 failed");
431 enumdom.in.connect_handle = &conn_handle;
432 enumdom.in.resume_handle = &resume_handle;
433 enumdom.in.buf_size = (uint32_t)-1;
434 enumdom.out.resume_handle = &resume_handle;
435 enumdom.out.num_entries = &num_entries;
436 enumdom.out.sam = &sam;
438 torture_assert_ntstatus_ok(tctx,
439 dcerpc_samr_EnumDomains_r(samr_handle, mem_ctx, &enumdom),
440 "samr_EnumDomains failed");
441 torture_assert_ntstatus_ok(tctx, enumdom.out.result,
442 "samr_EnumDomains failed");
444 torture_assert_int_equal(tctx, *enumdom.out.num_entries, 2,
445 "samr_EnumDomains returned unexpected num_entries");
447 dom_idx = strequal(sam->entries[0].name.string,
450 l.in.connect_handle = &conn_handle;
451 domain_name.string = sam->entries[dom_idx].name.string;
452 *domain = talloc_strdup(mem_ctx, domain_name.string);
453 l.in.domain_name = &domain_name;
456 torture_assert_ntstatus_ok(tctx,
457 dcerpc_samr_LookupDomain_r(samr_handle, mem_ctx, &l),
458 "samr_LookupDomain failed");
459 torture_assert_ntstatus_ok(tctx, l.out.result,
460 "samr_LookupDomain failed");
462 o.in.connect_handle = &conn_handle;
463 o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
464 o.in.sid = *l.out.sid;
465 o.out.domain_handle = &domain_handle;
467 torture_assert_ntstatus_ok(tctx,
468 dcerpc_samr_OpenDomain_r(samr_handle, mem_ctx, &o),
469 "samr_OpenDomain failed");
470 torture_assert_ntstatus_ok(tctx, o.out.result,
471 "samr_OpenDomain failed");
473 c.in.domain_handle = &domain_handle;
474 user_name.string = username;
475 c.in.account_name = &user_name;
476 c.in.acct_flags = ACB_NORMAL;
477 c.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
478 user_handle = talloc(mem_ctx, struct policy_handle);
479 c.out.user_handle = user_handle;
480 c.out.access_granted = &access_granted;
481 c.out.rid = &user_rid;
483 torture_assert_ntstatus_ok(tctx,
484 dcerpc_samr_CreateUser2_r(samr_handle, mem_ctx, &c),
485 "samr_CreateUser2 failed");
487 if (NT_STATUS_EQUAL(c.out.result, NT_STATUS_USER_EXISTS)) {
488 struct samr_LookupNames ln;
489 struct samr_OpenUser ou;
490 struct samr_Ids rids, types;
492 ln.in.domain_handle = &domain_handle;
494 ln.in.names = &user_name;
496 ln.out.types = &types;
498 torture_assert_ntstatus_ok(tctx,
499 dcerpc_samr_LookupNames_r(samr_handle, mem_ctx, &ln),
500 "samr_LookupNames failed");
501 torture_assert_ntstatus_ok(tctx, ln.out.result,
502 "samr_LookupNames failed");
504 ou.in.domain_handle = &domain_handle;
505 ou.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
506 user_rid = ou.in.rid = ln.out.rids->ids[0];
507 ou.out.user_handle = user_handle;
509 torture_assert_ntstatus_ok(tctx,
510 dcerpc_samr_OpenUser_r(samr_handle, mem_ctx, &ou),
511 "samr_OpenUser failed");
512 status = ou.out.result;
514 status = c.out.result;
517 torture_assert_ntstatus_ok(tctx, status,
518 "samr_CreateUser failed");
520 *result_pipe = samr_pipe;
521 *result_handle = user_handle;
523 *sid_p = dom_sid_add_rid(mem_ctx, *l.out.sid, user_rid);
533 static bool create_user(struct torture_context *tctx,
534 TALLOC_CTX *mem_ctx, struct smbcli_state *cli,
535 struct cli_credentials *admin_creds,
536 const char *username, const char *password,
538 struct dom_sid **user_sid)
542 struct dcerpc_pipe *samr_pipe;
543 struct dcerpc_binding_handle *samr_handle;
544 struct policy_handle *wks_handle;
547 if (!(tmp_ctx = talloc_new(mem_ctx))) {
548 torture_comment(tctx, "talloc_init failed\n");
552 ret = get_usr_handle(tctx, cli, tmp_ctx, admin_creds,
553 DCERPC_AUTH_TYPE_NTLMSSP,
554 DCERPC_AUTH_LEVEL_INTEGRITY,
555 username, domain_name, &samr_pipe, &wks_handle,
558 torture_comment(tctx, "get_usr_handle failed\n");
561 samr_handle = samr_pipe->binding_handle;
564 struct samr_SetUserInfo2 sui2;
565 struct samr_SetUserInfo sui;
566 struct samr_QueryUserInfo qui;
567 union samr_UserInfo u_info;
568 union samr_UserInfo *info;
569 DATA_BLOB session_key;
573 encode_pw_buffer(u_info.info23.password.data, password,
576 status = dcerpc_fetch_session_key(samr_pipe, &session_key);
577 if (!NT_STATUS_IS_OK(status)) {
578 torture_comment(tctx, "dcerpc_fetch_session_key failed\n");
581 arcfour_crypt_blob(u_info.info23.password.data, 516,
583 u_info.info23.info.password_expired = 0;
584 u_info.info23.info.fields_present = SAMR_FIELD_NT_PASSWORD_PRESENT |
585 SAMR_FIELD_LM_PASSWORD_PRESENT |
586 SAMR_FIELD_EXPIRED_FLAG;
587 sui2.in.user_handle = wks_handle;
588 sui2.in.info = &u_info;
591 status = dcerpc_samr_SetUserInfo2_r(samr_handle, tmp_ctx, &sui2);
592 if (!NT_STATUS_IS_OK(status)) {
593 torture_comment(tctx, "samr_SetUserInfo(23) failed: %s\n",
597 if (!NT_STATUS_IS_OK(sui2.out.result)) {
598 torture_comment(tctx, "samr_SetUserInfo(23) failed: %s\n",
599 nt_errstr(sui2.out.result));
603 u_info.info16.acct_flags = ACB_NORMAL;
604 sui.in.user_handle = wks_handle;
605 sui.in.info = &u_info;
608 status = dcerpc_samr_SetUserInfo_r(samr_handle, tmp_ctx, &sui);
609 if (!NT_STATUS_IS_OK(status) || !NT_STATUS_IS_OK(sui.out.result)) {
610 torture_comment(tctx, "samr_SetUserInfo(16) failed\n");
614 qui.in.user_handle = wks_handle;
616 qui.out.info = &info;
618 status = dcerpc_samr_QueryUserInfo_r(samr_handle, tmp_ctx, &qui);
619 if (!NT_STATUS_IS_OK(status) || !NT_STATUS_IS_OK(qui.out.result)) {
620 torture_comment(tctx, "samr_QueryUserInfo(21) failed\n");
624 info->info21.allow_password_change = 0;
625 info->info21.force_password_change = 0;
626 info->info21.account_name.string = NULL;
627 info->info21.rid = 0;
628 info->info21.acct_expiry = 0;
629 info->info21.fields_present = 0x81827fa; /* copy usrmgr.exe */
631 u_info.info21 = info->info21;
632 sui.in.user_handle = wks_handle;
633 sui.in.info = &u_info;
636 status = dcerpc_samr_SetUserInfo_r(samr_handle, tmp_ctx, &sui);
637 if (!NT_STATUS_IS_OK(status) || !NT_STATUS_IS_OK(sui.out.result)) {
638 torture_comment(tctx, "samr_SetUserInfo(21) failed\n");
643 *domain_name= talloc_steal(mem_ctx, *domain_name);
644 *user_sid = talloc_steal(mem_ctx, *user_sid);
647 talloc_free(tmp_ctx);
655 static bool delete_user(struct torture_context *tctx,
656 struct smbcli_state *cli,
657 struct cli_credentials *admin_creds,
658 const char *username)
663 struct dcerpc_pipe *samr_pipe;
664 struct dcerpc_binding_handle *samr_handle;
665 struct policy_handle *user_handle;
668 if ((mem_ctx = talloc_init("leave")) == NULL) {
669 torture_comment(tctx, "talloc_init failed\n");
673 ret = get_usr_handle(tctx, cli, mem_ctx, admin_creds,
674 DCERPC_AUTH_TYPE_NTLMSSP,
675 DCERPC_AUTH_LEVEL_INTEGRITY,
676 username, &dom_name, &samr_pipe,
679 torture_comment(tctx, "get_wks_handle failed\n");
682 samr_handle = samr_pipe->binding_handle;
685 struct samr_DeleteUser d;
687 d.in.user_handle = user_handle;
688 d.out.user_handle = user_handle;
690 status = dcerpc_samr_DeleteUser_r(samr_handle, mem_ctx, &d);
691 if (!NT_STATUS_IS_OK(status)) {
692 torture_comment(tctx, "samr_DeleteUser failed %s\n", nt_errstr(status));
695 if (!NT_STATUS_IS_OK(d.out.result)) {
696 torture_comment(tctx, "samr_DeleteUser failed %s\n", nt_errstr(d.out.result));
705 talloc_free(mem_ctx);
710 * Do a Samba3-style join
713 static bool join3(struct torture_context *tctx,
714 struct smbcli_state *cli,
716 struct cli_credentials *admin_creds,
717 struct cli_credentials *wks_creds)
722 struct dcerpc_pipe *samr_pipe;
723 struct dcerpc_binding_handle *samr_handle;
724 struct policy_handle *wks_handle;
726 NTTIME last_password_change;
728 if ((mem_ctx = talloc_init("join3")) == NULL) {
729 torture_comment(tctx, "talloc_init failed\n");
733 ret = get_usr_handle(
734 tctx, cli, mem_ctx, admin_creds,
735 DCERPC_AUTH_TYPE_NTLMSSP,
736 DCERPC_AUTH_LEVEL_PRIVACY,
737 talloc_asprintf(mem_ctx, "%s$",
738 cli_credentials_get_workstation(wks_creds)),
739 &dom_name, &samr_pipe, &wks_handle, NULL);
741 torture_comment(tctx, "get_wks_handle failed\n");
744 samr_handle = samr_pipe->binding_handle;
747 struct samr_QueryUserInfo q;
748 union samr_UserInfo *info;
750 q.in.user_handle = wks_handle;
754 status = dcerpc_samr_QueryUserInfo_r(samr_handle, mem_ctx, &q);
755 if (!NT_STATUS_IS_OK(status)) {
756 torture_warning(tctx, "QueryUserInfo failed: %s\n",
760 if (!NT_STATUS_IS_OK(q.out.result)) {
761 torture_warning(tctx, "QueryUserInfo failed: %s\n",
762 nt_errstr(q.out.result));
767 last_password_change = info->info21.last_password_change;
770 cli_credentials_set_domain(wks_creds, dom_name, CRED_SPECIFIED);
773 struct samr_SetUserInfo2 sui2;
774 union samr_UserInfo u_info;
775 struct samr_UserInfo21 *i21 = &u_info.info25.info;
776 DATA_BLOB session_key;
777 DATA_BLOB confounded_session_key = data_blob_talloc(
779 struct MD5Context ctx;
780 uint8_t confounder[16];
784 i21->full_name.string = talloc_asprintf(
786 cli_credentials_get_workstation(wks_creds));
787 i21->acct_flags = ACB_WSTRUST;
788 i21->fields_present = SAMR_FIELD_FULL_NAME |
789 SAMR_FIELD_ACCT_FLAGS | SAMR_FIELD_NT_PASSWORD_PRESENT;
790 /* this would break the test result expectations
791 i21->fields_present |= SAMR_FIELD_EXPIRED_FLAG;
792 i21->password_expired = 1;
795 encode_pw_buffer(u_info.info25.password.data,
796 cli_credentials_get_password(wks_creds),
798 status = dcerpc_fetch_session_key(samr_pipe, &session_key);
799 if (!NT_STATUS_IS_OK(status)) {
800 torture_comment(tctx, "dcerpc_fetch_session_key failed: %s\n",
804 generate_random_buffer((uint8_t *)confounder, 16);
807 MD5Update(&ctx, confounder, 16);
808 MD5Update(&ctx, session_key.data, session_key.length);
809 MD5Final(confounded_session_key.data, &ctx);
811 arcfour_crypt_blob(u_info.info25.password.data, 516,
812 &confounded_session_key);
813 memcpy(&u_info.info25.password.data[516], confounder, 16);
815 sui2.in.user_handle = wks_handle;
817 sui2.in.info = &u_info;
819 status = dcerpc_samr_SetUserInfo2_r(samr_handle, mem_ctx, &sui2);
820 if (!NT_STATUS_IS_OK(status)) {
821 torture_comment(tctx, "samr_SetUserInfo2(25) failed: %s\n",
825 if (!NT_STATUS_IS_OK(sui2.out.result)) {
826 torture_comment(tctx, "samr_SetUserInfo2(25) failed: %s\n",
827 nt_errstr(sui2.out.result));
831 struct samr_SetUserInfo2 sui2;
832 struct samr_SetUserInfo sui;
833 union samr_UserInfo u_info;
834 DATA_BLOB session_key;
836 encode_pw_buffer(u_info.info24.password.data,
837 cli_credentials_get_password(wks_creds),
839 /* just to make this test pass */
840 u_info.info24.password_expired = 1;
842 status = dcerpc_fetch_session_key(samr_pipe, &session_key);
843 if (!NT_STATUS_IS_OK(status)) {
844 torture_comment(tctx, "dcerpc_fetch_session_key failed\n");
847 arcfour_crypt_blob(u_info.info24.password.data, 516,
849 sui2.in.user_handle = wks_handle;
850 sui2.in.info = &u_info;
853 status = dcerpc_samr_SetUserInfo2_r(samr_handle, mem_ctx, &sui2);
854 if (!NT_STATUS_IS_OK(status)) {
855 torture_comment(tctx, "samr_SetUserInfo(24) failed: %s\n",
859 if (!NT_STATUS_IS_OK(sui2.out.result)) {
860 torture_comment(tctx, "samr_SetUserInfo(24) failed: %s\n",
861 nt_errstr(sui2.out.result));
865 u_info.info16.acct_flags = ACB_WSTRUST;
866 sui.in.user_handle = wks_handle;
867 sui.in.info = &u_info;
870 status = dcerpc_samr_SetUserInfo_r(samr_handle, mem_ctx, &sui);
871 if (!NT_STATUS_IS_OK(status) || !NT_STATUS_IS_OK(sui.out.result)) {
872 torture_comment(tctx, "samr_SetUserInfo(16) failed\n");
878 struct samr_QueryUserInfo q;
879 union samr_UserInfo *info;
881 q.in.user_handle = wks_handle;
885 status = dcerpc_samr_QueryUserInfo_r(samr_handle, mem_ctx, &q);
886 if (!NT_STATUS_IS_OK(status)) {
887 torture_warning(tctx, "QueryUserInfo failed: %s\n",
891 if (!NT_STATUS_IS_OK(q.out.result)) {
892 torture_warning(tctx, "QueryUserInfo failed: %s\n",
893 nt_errstr(q.out.result));
898 if (last_password_change
899 == info->info21.last_password_change) {
900 torture_warning(tctx, "last_password_change unchanged "
901 "during join, level25 must change "
907 if (last_password_change
908 != info->info21.last_password_change) {
909 torture_warning(tctx, "last_password_change changed "
910 "during join, level24 doesn't "
920 talloc_free(mem_ctx);
925 * Do a ReqChallenge/Auth2 and get the wks creds
928 static bool auth2(struct torture_context *tctx,
929 struct smbcli_state *cli,
930 struct cli_credentials *wks_cred)
933 struct dcerpc_pipe *net_pipe;
934 struct dcerpc_binding_handle *net_handle;
937 struct netr_ServerReqChallenge r;
938 struct netr_Credential netr_cli_creds;
939 struct netr_Credential netr_srv_creds;
940 uint32_t negotiate_flags;
941 struct netr_ServerAuthenticate2 a;
942 struct netlogon_creds_CredentialState *creds_state;
943 struct netr_Credential netr_cred;
944 struct samr_Password mach_pw;
946 mem_ctx = talloc_new(NULL);
947 if (mem_ctx == NULL) {
948 torture_comment(tctx, "talloc_new failed\n");
952 net_pipe = dcerpc_pipe_init(mem_ctx, tctx->ev);
953 if (net_pipe == NULL) {
954 torture_comment(tctx, "dcerpc_pipe_init failed\n");
957 net_handle = net_pipe->binding_handle;
959 status = dcerpc_pipe_open_smb(net_pipe, cli->tree, "\\netlogon");
960 if (!NT_STATUS_IS_OK(status)) {
961 torture_comment(tctx, "dcerpc_pipe_open_smb failed: %s\n",
966 status = dcerpc_bind_auth_none(net_pipe, &ndr_table_netlogon);
967 if (!NT_STATUS_IS_OK(status)) {
968 torture_comment(tctx, "dcerpc_bind_auth_none failed: %s\n",
973 r.in.computer_name = cli_credentials_get_workstation(wks_cred);
974 r.in.server_name = talloc_asprintf(
975 mem_ctx, "\\\\%s", dcerpc_server_name(net_pipe));
976 if (r.in.server_name == NULL) {
977 torture_comment(tctx, "talloc_asprintf failed\n");
980 generate_random_buffer(netr_cli_creds.data,
981 sizeof(netr_cli_creds.data));
982 r.in.credentials = &netr_cli_creds;
983 r.out.return_credentials = &netr_srv_creds;
985 status = dcerpc_netr_ServerReqChallenge_r(net_handle, mem_ctx, &r);
986 if (!NT_STATUS_IS_OK(status)) {
987 torture_comment(tctx, "netr_ServerReqChallenge failed: %s\n",
991 if (!NT_STATUS_IS_OK(r.out.result)) {
992 torture_comment(tctx, "netr_ServerReqChallenge failed: %s\n",
993 nt_errstr(r.out.result));
997 negotiate_flags = NETLOGON_NEG_AUTH2_FLAGS;
998 E_md4hash(cli_credentials_get_password(wks_cred), mach_pw.hash);
1000 a.in.server_name = talloc_asprintf(
1001 mem_ctx, "\\\\%s", dcerpc_server_name(net_pipe));
1002 a.in.account_name = talloc_asprintf(
1003 mem_ctx, "%s$", cli_credentials_get_workstation(wks_cred));
1004 a.in.computer_name = cli_credentials_get_workstation(wks_cred);
1005 a.in.secure_channel_type = SEC_CHAN_WKSTA;
1006 a.in.negotiate_flags = &negotiate_flags;
1007 a.out.negotiate_flags = &negotiate_flags;
1008 a.in.credentials = &netr_cred;
1009 a.out.return_credentials = &netr_cred;
1011 creds_state = netlogon_creds_client_init(mem_ctx,
1015 r.out.return_credentials, &mach_pw,
1016 &netr_cred, negotiate_flags);
1018 status = dcerpc_netr_ServerAuthenticate2_r(net_handle, mem_ctx, &a);
1019 if (!NT_STATUS_IS_OK(status)) {
1020 torture_comment(tctx, "netr_ServerServerAuthenticate2 failed: %s\n",
1024 if (!NT_STATUS_IS_OK(a.out.result)) {
1025 torture_comment(tctx, "netr_ServerServerAuthenticate2 failed: %s\n",
1026 nt_errstr(a.out.result));
1030 if (!netlogon_creds_client_check(creds_state, a.out.return_credentials)) {
1031 torture_comment(tctx, "creds_client_check failed\n");
1035 cli_credentials_set_netlogon_creds(wks_cred, creds_state);
1040 talloc_free(mem_ctx);
1045 * Do a couple of schannel protected Netlogon ops: Interactive and Network
1046 * login, and change the wks password
1049 static bool schan(struct torture_context *tctx,
1050 struct smbcli_state *cli,
1051 struct cli_credentials *wks_creds,
1052 struct cli_credentials *user_creds)
1054 TALLOC_CTX *mem_ctx;
1057 struct dcerpc_pipe *net_pipe;
1058 struct dcerpc_binding_handle *net_handle;
1061 mem_ctx = talloc_new(NULL);
1062 if (mem_ctx == NULL) {
1063 torture_comment(tctx, "talloc_new failed\n");
1067 net_pipe = dcerpc_pipe_init(mem_ctx, tctx->ev);
1068 if (net_pipe == NULL) {
1069 torture_comment(tctx, "dcerpc_pipe_init failed\n");
1072 net_handle = net_pipe->binding_handle;
1074 status = dcerpc_pipe_open_smb(net_pipe, cli->tree, "\\netlogon");
1075 if (!NT_STATUS_IS_OK(status)) {
1076 torture_comment(tctx, "dcerpc_pipe_open_smb failed: %s\n",
1082 net_pipe->conn->flags |= DCERPC_DEBUG_PRINT_IN |
1083 DCERPC_DEBUG_PRINT_OUT;
1086 net_pipe->conn->flags |= (DCERPC_SIGN | DCERPC_SEAL);
1087 status = dcerpc_bind_auth(net_pipe, &ndr_table_netlogon,
1088 wks_creds, lpcfg_gensec_settings(tctx->lp_ctx, tctx->lp_ctx), DCERPC_AUTH_TYPE_SCHANNEL,
1089 DCERPC_AUTH_LEVEL_PRIVACY,
1092 status = dcerpc_bind_auth_none(net_pipe, &ndr_table_netlogon);
1094 if (!NT_STATUS_IS_OK(status)) {
1095 torture_comment(tctx, "schannel bind failed: %s\n", nt_errstr(status));
1100 for (i=2; i<4; i++) {
1102 DATA_BLOB chal, nt_resp, lm_resp, names_blob, session_key;
1103 struct netlogon_creds_CredentialState *creds_state;
1104 struct netr_Authenticator netr_auth, netr_auth2;
1105 struct netr_NetworkInfo ninfo;
1106 struct netr_PasswordInfo pinfo;
1107 struct netr_LogonSamLogon r;
1108 union netr_LogonLevel logon;
1109 union netr_Validation validation;
1110 uint8_t authoritative;
1111 struct netr_Authenticator return_authenticator;
1113 flags = CLI_CRED_LANMAN_AUTH | CLI_CRED_NTLM_AUTH |
1114 CLI_CRED_NTLMv2_AUTH;
1116 chal = data_blob_talloc(mem_ctx, NULL, 8);
1117 if (chal.data == NULL) {
1118 torture_comment(tctx, "data_blob_talloc failed\n");
1122 generate_random_buffer(chal.data, chal.length);
1123 names_blob = NTLMv2_generate_names_blob(
1125 cli_credentials_get_workstation(user_creds),
1126 cli_credentials_get_domain(user_creds));
1127 status = cli_credentials_get_ntlm_response(
1128 user_creds, mem_ctx, &flags, chal, names_blob,
1129 &lm_resp, &nt_resp, NULL, NULL);
1130 if (!NT_STATUS_IS_OK(status)) {
1131 torture_comment(tctx, "cli_credentials_get_ntlm_response failed:"
1132 " %s\n", nt_errstr(status));
1136 creds_state = cli_credentials_get_netlogon_creds(wks_creds);
1137 netlogon_creds_client_authenticator(creds_state, &netr_auth);
1139 ninfo.identity_info.account_name.string =
1140 cli_credentials_get_username(user_creds);
1141 ninfo.identity_info.domain_name.string =
1142 cli_credentials_get_domain(user_creds);
1143 ninfo.identity_info.parameter_control = 0;
1144 ninfo.identity_info.logon_id_low = 0;
1145 ninfo.identity_info.logon_id_high = 0;
1146 ninfo.identity_info.workstation.string =
1147 cli_credentials_get_workstation(user_creds);
1148 memcpy(ninfo.challenge, chal.data, sizeof(ninfo.challenge));
1149 ninfo.nt.length = nt_resp.length;
1150 ninfo.nt.data = nt_resp.data;
1151 ninfo.lm.length = lm_resp.length;
1152 ninfo.lm.data = lm_resp.data;
1154 logon.network = &ninfo;
1156 r.in.server_name = talloc_asprintf(
1157 mem_ctx, "\\\\%s", dcerpc_server_name(net_pipe));
1158 ZERO_STRUCT(netr_auth2);
1159 r.in.computer_name =
1160 cli_credentials_get_workstation(wks_creds);
1161 r.in.credential = &netr_auth;
1162 r.in.return_authenticator = &netr_auth2;
1163 r.in.logon_level = 2;
1164 r.in.validation_level = i;
1165 r.in.logon = &logon;
1166 r.out.validation = &validation;
1167 r.out.authoritative = &authoritative;
1168 r.out.return_authenticator = &return_authenticator;
1170 status = dcerpc_netr_LogonSamLogon_r(net_handle, mem_ctx, &r);
1171 if (!NT_STATUS_IS_OK(status)) {
1172 torture_comment(tctx, "netr_LogonSamLogon failed: %s\n",
1176 if (!NT_STATUS_IS_OK(r.out.result)) {
1177 torture_comment(tctx, "netr_LogonSamLogon failed: %s\n",
1178 nt_errstr(r.out.result));
1182 if ((r.out.return_authenticator == NULL) ||
1183 (!netlogon_creds_client_check(creds_state,
1184 &r.out.return_authenticator->cred))) {
1185 torture_comment(tctx, "Credentials check failed!\n");
1189 netlogon_creds_client_authenticator(creds_state, &netr_auth);
1191 pinfo.identity_info = ninfo.identity_info;
1192 ZERO_STRUCT(pinfo.lmpassword.hash);
1193 E_md4hash(cli_credentials_get_password(user_creds),
1194 pinfo.ntpassword.hash);
1195 session_key = data_blob_talloc(mem_ctx,
1196 creds_state->session_key, 16);
1197 arcfour_crypt_blob(pinfo.ntpassword.hash,
1198 sizeof(pinfo.ntpassword.hash),
1201 logon.password = &pinfo;
1203 r.in.logon_level = 1;
1204 r.in.logon = &logon;
1205 r.out.return_authenticator = &return_authenticator;
1207 status = dcerpc_netr_LogonSamLogon_r(net_handle, mem_ctx, &r);
1208 if (!NT_STATUS_IS_OK(status)) {
1209 torture_comment(tctx, "netr_LogonSamLogon failed: %s\n",
1213 if (!NT_STATUS_IS_OK(r.out.result)) {
1214 torture_comment(tctx, "netr_LogonSamLogon failed: %s\n",
1215 nt_errstr(r.out.result));
1219 if ((r.out.return_authenticator == NULL) ||
1220 (!netlogon_creds_client_check(creds_state,
1221 &r.out.return_authenticator->cred))) {
1222 torture_comment(tctx, "Credentials check failed!\n");
1228 struct netr_ServerPasswordSet s;
1229 char *password = generate_random_password(wks_creds, 8, 255);
1230 struct netlogon_creds_CredentialState *creds_state;
1231 struct netr_Authenticator credential, return_authenticator;
1232 struct samr_Password new_password;
1234 s.in.server_name = talloc_asprintf(
1235 mem_ctx, "\\\\%s", dcerpc_server_name(net_pipe));
1236 s.in.computer_name = cli_credentials_get_workstation(wks_creds);
1237 s.in.account_name = talloc_asprintf(
1238 mem_ctx, "%s$", s.in.computer_name);
1239 s.in.secure_channel_type = SEC_CHAN_WKSTA;
1240 s.in.credential = &credential;
1241 s.in.new_password = &new_password;
1242 s.out.return_authenticator = &return_authenticator;
1244 E_md4hash(password, new_password.hash);
1246 creds_state = cli_credentials_get_netlogon_creds(wks_creds);
1247 netlogon_creds_des_encrypt(creds_state, &new_password);
1248 netlogon_creds_client_authenticator(creds_state, &credential);
1250 status = dcerpc_netr_ServerPasswordSet_r(net_handle, mem_ctx, &s);
1251 if (!NT_STATUS_IS_OK(status)) {
1252 torture_comment(tctx, "ServerPasswordSet - %s\n", nt_errstr(status));
1255 if (!NT_STATUS_IS_OK(s.out.result)) {
1256 torture_comment(tctx, "ServerPasswordSet - %s\n", nt_errstr(s.out.result));
1260 if (!netlogon_creds_client_check(creds_state,
1261 &s.out.return_authenticator->cred)) {
1262 torture_comment(tctx, "Credential chaining failed\n");
1265 cli_credentials_set_password(wks_creds, password,
1271 talloc_free(mem_ctx);
1276 * Delete the wks account again
1279 static bool leave(struct torture_context *tctx,
1280 struct smbcli_state *cli,
1281 struct cli_credentials *admin_creds,
1282 struct cli_credentials *wks_creds)
1284 char *wks_name = talloc_asprintf(
1285 NULL, "%s$", cli_credentials_get_workstation(wks_creds));
1288 ret = delete_user(tctx, cli, admin_creds, wks_name);
1289 talloc_free(wks_name);
1294 * Test the Samba3 DC code a bit. Join, do some schan netlogon ops, leave
1297 static bool torture_netlogon_samba3(struct torture_context *torture)
1300 struct smbcli_state *cli;
1301 struct cli_credentials *anon_creds;
1302 struct cli_credentials *wks_creds;
1303 const char *wks_name;
1305 struct smbcli_options options;
1306 struct smbcli_session_options session_options;
1308 wks_name = torture_setting_string(torture, "wksname", NULL);
1309 if (wks_name == NULL) {
1310 wks_name = get_myname(torture);
1313 if (!(anon_creds = cli_credentials_init_anon(torture))) {
1314 torture_fail(torture, "create_anon_creds failed\n");
1317 lpcfg_smbcli_options(torture->lp_ctx, &options);
1318 lpcfg_smbcli_session_options(torture->lp_ctx, &session_options);
1320 status = smbcli_full_connection(torture, &cli,
1321 torture_setting_string(torture, "host", NULL),
1322 lpcfg_smb_ports(torture->lp_ctx),
1324 lpcfg_socket_options(torture->lp_ctx),
1326 lpcfg_resolve_context(torture->lp_ctx),
1327 torture->ev, &options, &session_options,
1328 lpcfg_gensec_settings(torture, torture->lp_ctx));
1329 torture_assert_ntstatus_ok(torture, status, "smbcli_full_connection failed\n");
1331 wks_creds = cli_credentials_init(torture);
1332 if (wks_creds == NULL) {
1333 torture_fail(torture, "cli_credentials_init failed\n");
1336 cli_credentials_set_conf(wks_creds, torture->lp_ctx);
1337 cli_credentials_set_secure_channel_type(wks_creds, SEC_CHAN_WKSTA);
1338 cli_credentials_set_username(wks_creds, wks_name, CRED_SPECIFIED);
1339 cli_credentials_set_workstation(wks_creds, wks_name, CRED_SPECIFIED);
1340 cli_credentials_set_password(wks_creds,
1341 generate_random_password(wks_creds, 8, 255),
1344 torture_assert(torture,
1345 join3(torture, cli, false, cmdline_credentials, wks_creds),
1348 cli_credentials_set_domain(
1349 cmdline_credentials, cli_credentials_get_domain(wks_creds),
1352 for (i=0; i<2; i++) {
1354 /* Do this more than once, the routine "schan" changes
1355 * the workstation password using the netlogon
1356 * password change routine */
1360 torture_assert(torture,
1361 auth2(torture, cli, wks_creds),
1364 for (j=0; j<2; j++) {
1365 torture_assert(torture,
1366 schan(torture, cli, wks_creds, cmdline_credentials),
1371 torture_assert(torture,
1372 leave(torture, cli, cmdline_credentials, wks_creds),
1379 * Do a simple join, testjoin and leave using specified smb and samr
1383 static bool test_join3(struct torture_context *tctx,
1385 struct cli_credentials *smb_creds,
1386 struct cli_credentials *samr_creds,
1387 const char *wks_name)
1390 struct smbcli_state *cli;
1391 struct cli_credentials *wks_creds;
1392 struct smbcli_options options;
1393 struct smbcli_session_options session_options;
1395 lpcfg_smbcli_options(tctx->lp_ctx, &options);
1396 lpcfg_smbcli_session_options(tctx->lp_ctx, &session_options);
1398 status = smbcli_full_connection(tctx, &cli,
1399 torture_setting_string(tctx, "host", NULL),
1400 lpcfg_smb_ports(tctx->lp_ctx),
1401 "IPC$", NULL, lpcfg_socket_options(tctx->lp_ctx),
1402 smb_creds, lpcfg_resolve_context(tctx->lp_ctx),
1403 tctx->ev, &options, &session_options,
1404 lpcfg_gensec_settings(tctx, tctx->lp_ctx));
1405 torture_assert_ntstatus_ok(tctx, status,
1406 "smbcli_full_connection failed");
1408 wks_creds = cli_credentials_init(cli);
1409 torture_assert(tctx, wks_creds, "cli_credentials_init failed");
1411 cli_credentials_set_conf(wks_creds, tctx->lp_ctx);
1412 cli_credentials_set_secure_channel_type(wks_creds, SEC_CHAN_WKSTA);
1413 cli_credentials_set_username(wks_creds, wks_name, CRED_SPECIFIED);
1414 cli_credentials_set_workstation(wks_creds, wks_name, CRED_SPECIFIED);
1415 cli_credentials_set_password(wks_creds,
1416 generate_random_password(wks_creds, 8, 255),
1419 torture_assert(tctx,
1420 join3(tctx, cli, use_level25, samr_creds, wks_creds),
1423 cli_credentials_set_domain(
1424 cmdline_credentials, cli_credentials_get_domain(wks_creds),
1427 torture_assert(tctx,
1428 auth2(tctx, cli, wks_creds),
1431 torture_assert(tctx,
1432 leave(tctx, cli, samr_creds, wks_creds),
1441 * Test the different session key variants. Do it by joining, this uses the
1442 * session key in the setpassword routine. Test the join by doing the auth2.
1445 static bool torture_samba3_sessionkey(struct torture_context *torture)
1447 struct cli_credentials *anon_creds;
1448 const char *wks_name;
1450 wks_name = torture_setting_string(torture, "wksname", get_myname(torture));
1452 if (!(anon_creds = cli_credentials_init_anon(torture))) {
1453 torture_fail(torture, "create_anon_creds failed\n");
1456 cli_credentials_set_workstation(anon_creds, wks_name, CRED_SPECIFIED);
1459 if (!torture_setting_bool(torture, "samba3", false)) {
1461 /* Samba3 in the build farm right now does this happily. Need
1464 if (test_join3(torture, false, anon_creds, NULL, wks_name)) {
1465 torture_fail(torture, "join using anonymous bind on an anonymous smb "
1466 "connection succeeded -- HUH??\n");
1470 torture_assert(torture,
1471 test_join3(torture, false, anon_creds, cmdline_credentials, wks_name),
1472 "join using ntlmssp bind on an anonymous smb connection failed");
1474 torture_assert(torture,
1475 test_join3(torture, false, cmdline_credentials, NULL, wks_name),
1476 "join using anonymous bind on an authenticated smb connection failed");
1478 torture_assert(torture,
1479 test_join3(torture, false, cmdline_credentials, cmdline_credentials, wks_name),
1480 "join using ntlmssp bind on an authenticated smb connection failed");
1483 * The following two are tests for setuserinfolevel 25
1486 torture_assert(torture,
1487 test_join3(torture, true, anon_creds, cmdline_credentials, wks_name),
1488 "join using ntlmssp bind on an anonymous smb connection failed");
1490 torture_assert(torture,
1491 test_join3(torture, true, cmdline_credentials, NULL, wks_name),
1492 "join using anonymous bind on an authenticated smb connection failed");
1498 * open pipe and bind, given an IPC$ context
1501 static NTSTATUS pipe_bind_smb(struct torture_context *tctx,
1502 TALLOC_CTX *mem_ctx,
1503 struct smbcli_tree *tree,
1504 const char *pipe_name,
1505 const struct ndr_interface_table *iface,
1506 struct dcerpc_pipe **p)
1508 struct dcerpc_pipe *result;
1511 if (!(result = dcerpc_pipe_init(mem_ctx, tctx->ev))) {
1512 return NT_STATUS_NO_MEMORY;
1515 status = dcerpc_pipe_open_smb(result, tree, pipe_name);
1516 if (!NT_STATUS_IS_OK(status)) {
1517 torture_comment(tctx, "dcerpc_pipe_open_smb failed: %s\n",
1519 talloc_free(result);
1523 status = dcerpc_bind_auth_none(result, iface);
1524 if (!NT_STATUS_IS_OK(status)) {
1525 torture_comment(tctx, "schannel bind failed: %s\n", nt_errstr(status));
1526 talloc_free(result);
1531 return NT_STATUS_OK;
1535 * Sane wrapper around lsa_LookupNames
1538 static struct dom_sid *name2sid(struct torture_context *tctx,
1539 TALLOC_CTX *mem_ctx,
1540 struct dcerpc_pipe *p,
1544 struct lsa_ObjectAttribute attr;
1545 struct lsa_QosInfo qos;
1546 struct lsa_OpenPolicy2 r;
1549 struct policy_handle handle;
1550 struct lsa_LookupNames l;
1551 struct lsa_TransSidArray sids;
1552 struct lsa_RefDomainList *domains = NULL;
1553 struct lsa_String lsa_name;
1555 struct dom_sid *result;
1556 TALLOC_CTX *tmp_ctx;
1557 struct dcerpc_binding_handle *b = p->binding_handle;
1559 if (!(tmp_ctx = talloc_new(mem_ctx))) {
1564 qos.impersonation_level = 2;
1565 qos.context_mode = 1;
1566 qos.effective_only = 0;
1569 attr.root_dir = NULL;
1570 attr.object_name = NULL;
1571 attr.attributes = 0;
1572 attr.sec_desc = NULL;
1573 attr.sec_qos = &qos;
1575 r.in.system_name = "\\";
1577 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
1578 r.out.handle = &handle;
1580 status = dcerpc_lsa_OpenPolicy2_r(b, tmp_ctx, &r);
1581 if (!NT_STATUS_IS_OK(status)) {
1582 torture_comment(tctx, "OpenPolicy2 failed - %s\n", nt_errstr(status));
1583 talloc_free(tmp_ctx);
1586 if (!NT_STATUS_IS_OK(r.out.result)) {
1587 torture_comment(tctx, "OpenPolicy2 failed - %s\n", nt_errstr(r.out.result));
1588 talloc_free(tmp_ctx);
1595 lsa_name.string = talloc_asprintf(tmp_ctx, "%s\\%s", domain, name);
1597 l.in.handle = &handle;
1599 l.in.names = &lsa_name;
1602 l.in.count = &count;
1603 l.out.count = &count;
1605 l.out.domains = &domains;
1607 status = dcerpc_lsa_LookupNames_r(b, tmp_ctx, &l);
1608 if (!NT_STATUS_IS_OK(status)) {
1609 torture_comment(tctx, "LookupNames of %s failed - %s\n", lsa_name.string,
1611 talloc_free(tmp_ctx);
1614 if (!NT_STATUS_IS_OK(l.out.result)) {
1615 torture_comment(tctx, "LookupNames of %s failed - %s\n", lsa_name.string,
1616 nt_errstr(l.out.result));
1617 talloc_free(tmp_ctx);
1621 result = dom_sid_add_rid(mem_ctx, domains->domains[0].sid,
1622 l.out.sids->sids[0].rid);
1624 c.in.handle = &handle;
1625 c.out.handle = &handle;
1627 status = dcerpc_lsa_Close_r(b, tmp_ctx, &c);
1628 if (!NT_STATUS_IS_OK(status)) {
1629 torture_comment(tctx, "dcerpc_lsa_Close failed - %s\n", nt_errstr(status));
1630 talloc_free(tmp_ctx);
1633 if (!NT_STATUS_IS_OK(c.out.result)) {
1634 torture_comment(tctx, "dcerpc_lsa_Close failed - %s\n", nt_errstr(c.out.result));
1635 talloc_free(tmp_ctx);
1639 talloc_free(tmp_ctx);
1644 * Find out the user SID on this connection
1647 static struct dom_sid *whoami(struct torture_context *tctx,
1648 TALLOC_CTX *mem_ctx,
1649 struct smbcli_tree *tree)
1651 struct dcerpc_pipe *lsa;
1652 struct dcerpc_binding_handle *lsa_handle;
1653 struct lsa_GetUserName r;
1655 struct lsa_String *authority_name_p = NULL;
1656 struct lsa_String *account_name_p = NULL;
1657 struct dom_sid *result;
1659 status = pipe_bind_smb(tctx, mem_ctx, tree, "\\pipe\\lsarpc",
1660 &ndr_table_lsarpc, &lsa);
1661 if (!NT_STATUS_IS_OK(status)) {
1662 torture_warning(tctx, "Could not bind to LSA: %s\n",
1666 lsa_handle = lsa->binding_handle;
1668 r.in.system_name = "\\";
1669 r.in.account_name = &account_name_p;
1670 r.in.authority_name = &authority_name_p;
1671 r.out.account_name = &account_name_p;
1673 status = dcerpc_lsa_GetUserName_r(lsa_handle, mem_ctx, &r);
1675 authority_name_p = *r.out.authority_name;
1677 if (!NT_STATUS_IS_OK(status)) {
1678 torture_warning(tctx, "GetUserName failed - %s\n",
1683 if (!NT_STATUS_IS_OK(r.out.result)) {
1684 torture_warning(tctx, "GetUserName failed - %s\n",
1685 nt_errstr(r.out.result));
1690 result = name2sid(tctx, mem_ctx, lsa, account_name_p->string,
1691 authority_name_p->string);
1697 static int destroy_tree(struct smbcli_tree *tree)
1699 smb_tree_disconnect(tree);
1704 * Do a tcon, given a session
1707 static NTSTATUS secondary_tcon(struct torture_context *tctx,
1708 TALLOC_CTX *mem_ctx,
1709 struct smbcli_session *session,
1710 const char *sharename,
1711 struct smbcli_tree **res)
1713 struct smbcli_tree *result;
1714 TALLOC_CTX *tmp_ctx;
1715 union smb_tcon tcon;
1718 if (!(tmp_ctx = talloc_new(mem_ctx))) {
1719 return NT_STATUS_NO_MEMORY;
1722 if (!(result = smbcli_tree_init(session, mem_ctx, false))) {
1723 talloc_free(tmp_ctx);
1724 return NT_STATUS_NO_MEMORY;
1727 tcon.generic.level = RAW_TCON_TCONX;
1728 tcon.tconx.in.flags = 0;
1729 tcon.tconx.in.password = data_blob(NULL, 0);
1730 tcon.tconx.in.path = sharename;
1731 tcon.tconx.in.device = "?????";
1733 status = smb_raw_tcon(result, tmp_ctx, &tcon);
1734 if (!NT_STATUS_IS_OK(status)) {
1735 torture_warning(tctx, "smb_raw_tcon failed: %s\n",
1737 talloc_free(tmp_ctx);
1741 result->tid = tcon.tconx.out.tid;
1742 result = talloc_steal(mem_ctx, result);
1743 talloc_set_destructor(result, destroy_tree);
1744 talloc_free(tmp_ctx);
1746 return NT_STATUS_OK;
1750 * Test the getusername behaviour
1753 static bool torture_samba3_rpc_getusername(struct torture_context *torture)
1756 struct smbcli_state *cli;
1758 struct dom_sid *user_sid;
1759 struct dom_sid *created_sid;
1760 struct cli_credentials *anon_creds;
1761 struct cli_credentials *user_creds;
1763 struct smbcli_options options;
1764 struct smbcli_session_options session_options;
1766 lpcfg_smbcli_options(torture->lp_ctx, &options);
1767 lpcfg_smbcli_session_options(torture->lp_ctx, &session_options);
1769 status = smbcli_full_connection(
1770 torture, &cli, torture_setting_string(torture, "host", NULL),
1771 lpcfg_smb_ports(torture->lp_ctx),
1772 "IPC$", NULL, lpcfg_socket_options(torture->lp_ctx), cmdline_credentials,
1773 lpcfg_resolve_context(torture->lp_ctx), torture->ev, &options,
1774 &session_options, lpcfg_gensec_settings(torture, torture->lp_ctx));
1775 torture_assert_ntstatus_ok(torture, status, "smbcli_full_connection failed\n");
1777 if (!(user_sid = whoami(torture, torture, cli->tree))) {
1778 torture_fail(torture, "whoami on auth'ed connection failed\n");
1783 if (!(anon_creds = cli_credentials_init_anon(torture))) {
1784 torture_fail(torture, "create_anon_creds failed\n");
1787 status = smbcli_full_connection(
1788 torture, &cli, torture_setting_string(torture, "host", NULL),
1789 lpcfg_smb_ports(torture->lp_ctx), "IPC$", NULL,
1790 lpcfg_socket_options(torture->lp_ctx), anon_creds,
1791 lpcfg_resolve_context(torture->lp_ctx),
1792 torture->ev, &options, &session_options,
1793 lpcfg_gensec_settings(torture, torture->lp_ctx));
1794 torture_assert_ntstatus_ok(torture, status, "anon smbcli_full_connection failed\n");
1796 if (!(user_sid = whoami(torture, torture, cli->tree))) {
1797 torture_fail(torture, "whoami on anon connection failed\n");
1800 torture_assert_sid_equal(torture, user_sid, dom_sid_parse_talloc(torture, "s-1-5-7"),
1801 "Anon lsa_GetUserName returned unexpected SID");
1803 if (!(user_creds = cli_credentials_init(torture))) {
1804 torture_fail(torture, "cli_credentials_init failed\n");
1807 cli_credentials_set_conf(user_creds, torture->lp_ctx);
1808 cli_credentials_set_username(user_creds, "torture_username",
1810 cli_credentials_set_password(user_creds,
1811 generate_random_password(user_creds, 8, 255),
1814 if (!create_user(torture, torture, cli, cmdline_credentials,
1815 cli_credentials_get_username(user_creds),
1816 cli_credentials_get_password(user_creds),
1817 &domain_name, &created_sid)) {
1818 torture_fail(torture, "create_user failed\n");
1821 cli_credentials_set_domain(user_creds, domain_name,
1825 struct smbcli_session *session2;
1826 struct smb_composite_sesssetup setup;
1827 struct smbcli_tree *tree;
1829 session2 = smbcli_session_init(cli->transport, torture, false, session_options);
1830 if (session2 == NULL) {
1831 torture_fail(torture, "smbcli_session_init failed\n");
1834 setup.in.sesskey = cli->transport->negotiate.sesskey;
1835 setup.in.capabilities = cli->transport->negotiate.capabilities;
1836 setup.in.workgroup = "";
1837 setup.in.credentials = user_creds;
1838 setup.in.gensec_settings = lpcfg_gensec_settings(torture, torture->lp_ctx);
1840 status = smb_composite_sesssetup(session2, &setup);
1841 torture_assert_ntstatus_ok(torture, status, "session setup with new user failed");
1843 session2->vuid = setup.out.vuid;
1845 if (!NT_STATUS_IS_OK(secondary_tcon(torture, torture, session2,
1847 torture_fail(torture, "secondary_tcon failed\n");
1850 if (!(user_sid = whoami(torture, torture, tree))) {
1851 torture_fail_goto(torture, del, "whoami on user connection failed\n");
1859 torture_comment(torture, "Created %s, found %s\n",
1860 dom_sid_string(torture, created_sid),
1861 dom_sid_string(torture, user_sid));
1863 if (!dom_sid_equal(created_sid, user_sid)) {
1868 if (!delete_user(torture, cli,
1869 cmdline_credentials,
1870 cli_credentials_get_username(user_creds))) {
1871 torture_fail(torture, "delete_user failed\n");
1877 static bool test_NetShareGetInfo(struct torture_context *tctx,
1878 struct dcerpc_pipe *p,
1879 const char *sharename)
1882 struct srvsvc_NetShareGetInfo r;
1883 union srvsvc_NetShareInfo info;
1884 uint32_t levels[] = { 0, 1, 2, 501, 502, 1004, 1005, 1006, 1007, 1501 };
1887 struct dcerpc_binding_handle *b = p->binding_handle;
1889 r.in.server_unc = talloc_asprintf(tctx, "\\\\%s",
1890 dcerpc_server_name(p));
1891 r.in.share_name = sharename;
1894 for (i=0;i<ARRAY_SIZE(levels);i++) {
1895 r.in.level = levels[i];
1897 torture_comment(tctx, "Testing NetShareGetInfo level %u on share '%s'\n",
1898 r.in.level, r.in.share_name);
1900 status = dcerpc_srvsvc_NetShareGetInfo_r(b, tctx, &r);
1901 if (!NT_STATUS_IS_OK(status)) {
1902 torture_warning(tctx, "NetShareGetInfo level %u on share '%s' failed"
1903 " - %s\n", r.in.level, r.in.share_name,
1908 if (!W_ERROR_IS_OK(r.out.result)) {
1909 torture_warning(tctx, "NetShareGetInfo level %u on share '%s' failed "
1910 "- %s\n", r.in.level, r.in.share_name,
1911 win_errstr(r.out.result));
1920 static bool test_NetShareEnum(struct torture_context *tctx,
1921 struct dcerpc_pipe *p,
1922 const char **one_sharename)
1925 struct srvsvc_NetShareEnum r;
1926 struct srvsvc_NetShareInfoCtr info_ctr;
1927 struct srvsvc_NetShareCtr0 c0;
1928 struct srvsvc_NetShareCtr1 c1;
1929 struct srvsvc_NetShareCtr2 c2;
1930 struct srvsvc_NetShareCtr501 c501;
1931 struct srvsvc_NetShareCtr502 c502;
1932 struct srvsvc_NetShareCtr1004 c1004;
1933 struct srvsvc_NetShareCtr1005 c1005;
1934 struct srvsvc_NetShareCtr1006 c1006;
1935 struct srvsvc_NetShareCtr1007 c1007;
1936 uint32_t totalentries = 0;
1937 uint32_t levels[] = { 0, 1, 2, 501, 502, 1004, 1005, 1006, 1007 };
1940 struct dcerpc_binding_handle *b = p->binding_handle;
1942 ZERO_STRUCT(info_ctr);
1944 r.in.server_unc = talloc_asprintf(tctx,"\\\\%s",dcerpc_server_name(p));
1945 r.in.info_ctr = &info_ctr;
1946 r.in.max_buffer = (uint32_t)-1;
1947 r.in.resume_handle = NULL;
1948 r.out.totalentries = &totalentries;
1949 r.out.info_ctr = &info_ctr;
1951 for (i=0;i<ARRAY_SIZE(levels);i++) {
1952 info_ctr.level = levels[i];
1954 switch (info_ctr.level) {
1957 info_ctr.ctr.ctr0 = &c0;
1961 info_ctr.ctr.ctr1 = &c1;
1965 info_ctr.ctr.ctr2 = &c2;
1969 info_ctr.ctr.ctr501 = &c501;
1973 info_ctr.ctr.ctr502 = &c502;
1977 info_ctr.ctr.ctr1004 = &c1004;
1981 info_ctr.ctr.ctr1005 = &c1005;
1985 info_ctr.ctr.ctr1006 = &c1006;
1989 info_ctr.ctr.ctr1007 = &c1007;
1993 torture_comment(tctx, "Testing NetShareEnum level %u\n", info_ctr.level);
1995 status = dcerpc_srvsvc_NetShareEnum_r(b, tctx, &r);
1996 if (!NT_STATUS_IS_OK(status)) {
1997 torture_warning(tctx, "NetShareEnum level %u failed - %s\n",
1998 info_ctr.level, nt_errstr(status));
2002 if (!W_ERROR_IS_OK(r.out.result)) {
2003 torture_warning(tctx, "NetShareEnum level %u failed - %s\n",
2004 info_ctr.level, win_errstr(r.out.result));
2007 if (info_ctr.level == 0) {
2008 struct srvsvc_NetShareCtr0 *ctr = r.out.info_ctr->ctr.ctr0;
2009 if (ctr->count > 0) {
2010 *one_sharename = ctr->array[0].name;
2018 static bool torture_samba3_rpc_srvsvc(struct torture_context *torture)
2020 struct dcerpc_pipe *p;
2021 const char *sharename = NULL;
2024 torture_assert_ntstatus_ok(torture,
2025 torture_rpc_connection(torture, &p, &ndr_table_srvsvc),
2026 "failed to open srvsvc");
2028 ret &= test_NetShareEnum(torture, p, &sharename);
2029 if (sharename == NULL) {
2030 torture_comment(torture, "did not get sharename\n");
2032 ret &= test_NetShareGetInfo(torture, p, sharename);
2039 * Do a ReqChallenge/Auth2 with a random wks name, make sure it returns
2040 * NT_STATUS_NO_SAM_ACCOUNT
2043 static bool torture_samba3_rpc_randomauth2(struct torture_context *torture)
2045 TALLOC_CTX *mem_ctx;
2046 struct dcerpc_pipe *net_pipe;
2047 struct dcerpc_binding_handle *net_handle;
2049 bool result = false;
2051 struct netr_ServerReqChallenge r;
2052 struct netr_Credential netr_cli_creds;
2053 struct netr_Credential netr_srv_creds;
2054 uint32_t negotiate_flags;
2055 struct netr_ServerAuthenticate2 a;
2056 struct netlogon_creds_CredentialState *creds_state;
2057 struct netr_Credential netr_cred;
2058 struct samr_Password mach_pw;
2059 struct smbcli_state *cli;
2061 if (!(mem_ctx = talloc_new(torture))) {
2062 torture_comment(torture, "talloc_new failed\n");
2066 if (!(wksname = generate_random_str_list(
2067 mem_ctx, 14, "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"))) {
2068 torture_comment(torture, "generate_random_str_list failed\n");
2072 if (!(torture_open_connection_share(
2074 torture, torture_setting_string(torture, "host", NULL),
2075 "IPC$", torture->ev))) {
2076 torture_comment(torture, "IPC$ connection failed\n");
2080 if (!(net_pipe = dcerpc_pipe_init(mem_ctx, torture->ev))) {
2081 torture_comment(torture, "dcerpc_pipe_init failed\n");
2084 net_handle = net_pipe->binding_handle;
2086 status = dcerpc_pipe_open_smb(net_pipe, cli->tree, "\\netlogon");
2087 if (!NT_STATUS_IS_OK(status)) {
2088 torture_comment(torture, "dcerpc_pipe_open_smb failed: %s\n",
2093 status = dcerpc_bind_auth_none(net_pipe, &ndr_table_netlogon);
2094 if (!NT_STATUS_IS_OK(status)) {
2095 torture_comment(torture, "dcerpc_bind_auth_none failed: %s\n",
2100 r.in.computer_name = wksname;
2101 r.in.server_name = talloc_asprintf(
2102 mem_ctx, "\\\\%s", dcerpc_server_name(net_pipe));
2103 if (r.in.server_name == NULL) {
2104 torture_comment(torture, "talloc_asprintf failed\n");
2107 generate_random_buffer(netr_cli_creds.data,
2108 sizeof(netr_cli_creds.data));
2109 r.in.credentials = &netr_cli_creds;
2110 r.out.return_credentials = &netr_srv_creds;
2112 status = dcerpc_netr_ServerReqChallenge_r(net_handle, mem_ctx, &r);
2113 if (!NT_STATUS_IS_OK(status)) {
2114 torture_comment(torture, "netr_ServerReqChallenge failed: %s\n",
2118 if (!NT_STATUS_IS_OK(r.out.result)) {
2119 torture_comment(torture, "netr_ServerReqChallenge failed: %s\n",
2120 nt_errstr(r.out.result));
2124 negotiate_flags = NETLOGON_NEG_AUTH2_FLAGS;
2125 E_md4hash("foobar", mach_pw.hash);
2127 a.in.server_name = talloc_asprintf(
2128 mem_ctx, "\\\\%s", dcerpc_server_name(net_pipe));
2129 a.in.account_name = talloc_asprintf(
2130 mem_ctx, "%s$", wksname);
2131 a.in.computer_name = wksname;
2132 a.in.secure_channel_type = SEC_CHAN_WKSTA;
2133 a.in.negotiate_flags = &negotiate_flags;
2134 a.out.negotiate_flags = &negotiate_flags;
2135 a.in.credentials = &netr_cred;
2136 a.out.return_credentials = &netr_cred;
2138 creds_state = netlogon_creds_client_init(mem_ctx,
2142 r.out.return_credentials, &mach_pw,
2143 &netr_cred, negotiate_flags);
2146 status = dcerpc_netr_ServerAuthenticate2_r(net_handle, mem_ctx, &a);
2147 if (!NT_STATUS_IS_OK(status)) {
2150 if (!NT_STATUS_EQUAL(a.out.result, NT_STATUS_NO_TRUST_SAM_ACCOUNT)) {
2151 torture_comment(torture, "dcerpc_netr_ServerAuthenticate2 returned %s, "
2152 "expected NT_STATUS_NO_TRUST_SAM_ACCOUNT\n",
2153 nt_errstr(a.out.result));
2159 talloc_free(mem_ctx);
2163 static struct security_descriptor *get_sharesec(struct torture_context *tctx,
2164 TALLOC_CTX *mem_ctx,
2165 struct smbcli_session *sess,
2166 const char *sharename)
2168 struct smbcli_tree *tree;
2169 TALLOC_CTX *tmp_ctx;
2170 struct dcerpc_pipe *p;
2171 struct dcerpc_binding_handle *b;
2173 struct srvsvc_NetShareGetInfo r;
2174 union srvsvc_NetShareInfo info;
2175 struct security_descriptor *result;
2177 if (!(tmp_ctx = talloc_new(mem_ctx))) {
2178 torture_comment(tctx, "talloc_new failed\n");
2182 if (!NT_STATUS_IS_OK(secondary_tcon(tctx, tmp_ctx, sess, "IPC$", &tree))) {
2183 torture_comment(tctx, "secondary_tcon failed\n");
2184 talloc_free(tmp_ctx);
2188 status = pipe_bind_smb(tctx, mem_ctx, tree, "\\pipe\\srvsvc",
2189 &ndr_table_srvsvc, &p);
2190 if (!NT_STATUS_IS_OK(status)) {
2191 torture_warning(tctx, "could not bind to srvsvc pipe: %s\n",
2193 talloc_free(tmp_ctx);
2196 b = p->binding_handle;
2199 p->conn->flags |= DCERPC_DEBUG_PRINT_IN | DCERPC_DEBUG_PRINT_OUT;
2202 r.in.server_unc = talloc_asprintf(tmp_ctx, "\\\\%s",
2203 dcerpc_server_name(p));
2204 r.in.share_name = sharename;
2208 status = dcerpc_srvsvc_NetShareGetInfo_r(b, tmp_ctx, &r);
2209 if (!NT_STATUS_IS_OK(status)) {
2210 torture_comment(tctx, "srvsvc_NetShareGetInfo failed: %s\n",
2212 talloc_free(tmp_ctx);
2215 if (!W_ERROR_IS_OK(r.out.result)) {
2216 torture_comment(tctx, "srvsvc_NetShareGetInfo failed: %s\n",
2217 win_errstr(r.out.result));
2218 talloc_free(tmp_ctx);
2222 result = talloc_steal(mem_ctx, info.info502->sd_buf.sd);
2223 talloc_free(tmp_ctx);
2227 static NTSTATUS set_sharesec(struct torture_context *tctx,
2228 TALLOC_CTX *mem_ctx,
2229 struct smbcli_session *sess,
2230 const char *sharename,
2231 struct security_descriptor *sd)
2233 struct smbcli_tree *tree;
2234 TALLOC_CTX *tmp_ctx;
2235 struct dcerpc_pipe *p;
2236 struct dcerpc_binding_handle *b;
2238 struct sec_desc_buf i;
2239 struct srvsvc_NetShareSetInfo r;
2240 union srvsvc_NetShareInfo info;
2243 if (!(tmp_ctx = talloc_new(mem_ctx))) {
2244 torture_comment(tctx, "talloc_new failed\n");
2245 return NT_STATUS_NO_MEMORY;
2248 if (!NT_STATUS_IS_OK(secondary_tcon(tctx, tmp_ctx, sess, "IPC$", &tree))) {
2249 torture_comment(tctx, "secondary_tcon failed\n");
2250 talloc_free(tmp_ctx);
2251 return NT_STATUS_UNSUCCESSFUL;
2254 status = pipe_bind_smb(tctx, mem_ctx, tree, "\\pipe\\srvsvc",
2255 &ndr_table_srvsvc, &p);
2256 if (!NT_STATUS_IS_OK(status)) {
2257 torture_warning(tctx, "could not bind to srvsvc pipe: %s\n",
2259 talloc_free(tmp_ctx);
2260 return NT_STATUS_UNSUCCESSFUL;
2262 b = p->binding_handle;
2265 p->conn->flags |= DCERPC_DEBUG_PRINT_IN | DCERPC_DEBUG_PRINT_OUT;
2268 r.in.server_unc = talloc_asprintf(tmp_ctx, "\\\\%s",
2269 dcerpc_server_name(p));
2270 r.in.share_name = sharename;
2275 r.in.parm_error = &error;
2277 status = dcerpc_srvsvc_NetShareSetInfo_r(b, tmp_ctx, &r);
2278 if (!NT_STATUS_IS_OK(status)) {
2279 torture_comment(tctx, "srvsvc_NetShareSetInfo failed: %s\n",
2282 if (!W_ERROR_IS_OK(r.out.result)) {
2283 torture_comment(tctx, "srvsvc_NetShareSetInfo failed: %s\n",
2284 win_errstr(r.out.result));
2285 status = werror_to_ntstatus(r.out.result);
2287 talloc_free(tmp_ctx);
2291 bool try_tcon(struct torture_context *tctx,
2292 TALLOC_CTX *mem_ctx,
2293 struct security_descriptor *orig_sd,
2294 struct smbcli_session *session,
2295 const char *sharename, const struct dom_sid *user_sid,
2296 unsigned int access_mask, NTSTATUS expected_tcon,
2297 NTSTATUS expected_mkdir)
2299 TALLOC_CTX *tmp_ctx;
2300 struct smbcli_tree *rmdir_tree, *tree;
2301 struct dom_sid *domain_sid;
2303 struct security_descriptor *sd;
2307 if (!(tmp_ctx = talloc_new(mem_ctx))) {
2308 torture_comment(tctx, "talloc_new failed\n");
2312 status = secondary_tcon(tctx, tmp_ctx, session, sharename, &rmdir_tree);
2313 if (!NT_STATUS_IS_OK(status)) {
2314 torture_comment(tctx, "first tcon to delete dir failed\n");
2315 talloc_free(tmp_ctx);
2319 smbcli_rmdir(rmdir_tree, "sharesec_testdir");
2321 if (!NT_STATUS_IS_OK(dom_sid_split_rid(tmp_ctx, user_sid,
2322 &domain_sid, &rid))) {
2323 torture_comment(tctx, "dom_sid_split_rid failed\n");
2324 talloc_free(tmp_ctx);
2328 sd = security_descriptor_dacl_create(
2329 tmp_ctx, 0, "S-1-5-32-544",
2330 dom_sid_string(mem_ctx, dom_sid_add_rid(mem_ctx, domain_sid,
2332 dom_sid_string(mem_ctx, user_sid),
2333 SEC_ACE_TYPE_ACCESS_ALLOWED, access_mask, 0, NULL);
2335 torture_comment(tctx, "security_descriptor_dacl_create failed\n");
2336 talloc_free(tmp_ctx);
2340 status = set_sharesec(tctx, mem_ctx, session, sharename, sd);
2341 if (!NT_STATUS_IS_OK(status)) {
2342 torture_comment(tctx, "custom set_sharesec failed: %s\n",
2344 talloc_free(tmp_ctx);
2348 status = secondary_tcon(tctx, tmp_ctx, session, sharename, &tree);
2349 if (!NT_STATUS_EQUAL(status, expected_tcon)) {
2350 torture_comment(tctx, "Expected %s, got %s\n", nt_errstr(expected_tcon),
2356 if (!NT_STATUS_IS_OK(status)) {
2357 /* An expected non-access, no point in trying to write */
2361 status = smbcli_mkdir(tree, "sharesec_testdir");
2362 if (!NT_STATUS_EQUAL(status, expected_mkdir)) {
2363 torture_warning(tctx, "Expected %s, got %s\n",
2364 nt_errstr(expected_mkdir), nt_errstr(status));
2369 smbcli_rmdir(rmdir_tree, "sharesec_testdir");
2371 status = set_sharesec(tctx, mem_ctx, session, sharename, orig_sd);
2372 if (!NT_STATUS_IS_OK(status)) {
2373 torture_comment(tctx, "custom set_sharesec failed: %s\n",
2375 talloc_free(tmp_ctx);
2379 talloc_free(tmp_ctx);
2383 static bool torture_samba3_rpc_sharesec(struct torture_context *torture)
2385 struct smbcli_state *cli;
2386 struct security_descriptor *sd;
2387 struct dom_sid *user_sid;
2389 if (!(torture_open_connection_share(
2390 torture, &cli, torture, torture_setting_string(torture, "host", NULL),
2391 "IPC$", torture->ev))) {
2392 torture_fail(torture, "IPC$ connection failed\n");
2395 if (!(user_sid = whoami(torture, torture, cli->tree))) {
2396 torture_fail(torture, "whoami failed\n");
2399 sd = get_sharesec(torture, torture, cli->session,
2400 torture_setting_string(torture, "share", NULL));
2402 torture_assert(torture, try_tcon(
2403 torture, torture, sd, cli->session,
2404 torture_setting_string(torture, "share", NULL),
2405 user_sid, 0, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK),
2406 "failed to test tcon with 0 access_mask");
2408 torture_assert(torture, try_tcon(
2409 torture, torture, sd, cli->session,
2410 torture_setting_string(torture, "share", NULL),
2411 user_sid, SEC_FILE_READ_DATA, NT_STATUS_OK,
2412 NT_STATUS_MEDIA_WRITE_PROTECTED),
2413 "failed to test tcon with SEC_FILE_READ_DATA access_mask");
2415 torture_assert(torture, try_tcon(
2416 torture, torture, sd, cli->session,
2417 torture_setting_string(torture, "share", NULL),
2418 user_sid, SEC_FILE_ALL, NT_STATUS_OK, NT_STATUS_OK),
2419 "failed to test tcon with SEC_FILE_ALL access_mask")
2424 static bool torture_samba3_rpc_lsa(struct torture_context *torture)
2426 struct dcerpc_pipe *p;
2427 struct dcerpc_binding_handle *b;
2428 struct policy_handle lsa_handle;
2430 torture_assert_ntstatus_ok(torture,
2431 torture_rpc_connection(torture, &p, &ndr_table_lsarpc),
2432 "failed to setup lsarpc");
2434 b = p->binding_handle;
2437 struct lsa_ObjectAttribute attr;
2438 struct lsa_OpenPolicy2 o;
2439 o.in.system_name = talloc_asprintf(
2440 torture, "\\\\%s", dcerpc_server_name(p));
2443 o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
2444 o.out.handle = &lsa_handle;
2446 torture_assert_ntstatus_ok(torture,
2447 dcerpc_lsa_OpenPolicy2_r(b, torture, &o),
2448 "dcerpc_lsa_OpenPolicy2 failed");
2449 torture_assert_ntstatus_ok(torture, o.out.result,
2450 "dcerpc_lsa_OpenPolicy2 failed");
2455 int levels[] = { 2,3,5,6 };
2457 for (i=0; i<ARRAY_SIZE(levels); i++) {
2458 struct lsa_QueryInfoPolicy r;
2459 union lsa_PolicyInformation *info = NULL;
2460 r.in.handle = &lsa_handle;
2461 r.in.level = levels[i];
2464 torture_assert_ntstatus_ok(torture,
2465 dcerpc_lsa_QueryInfoPolicy_r(b, torture, &r),
2466 talloc_asprintf(torture, "dcerpc_lsa_QueryInfoPolicy level %d failed", levels[i]));
2467 torture_assert_ntstatus_ok(torture, r.out.result,
2468 talloc_asprintf(torture, "dcerpc_lsa_QueryInfoPolicy level %d failed", levels[i]));
2475 static NTSTATUS get_servername(TALLOC_CTX *mem_ctx, struct smbcli_tree *tree,
2478 struct rap_WserverGetInfo r;
2480 char servername[17];
2481 size_t converted_size;
2484 r.in.bufsize = 0xffff;
2486 status = smbcli_rap_netservergetinfo(tree, mem_ctx, &r);
2487 if (!NT_STATUS_IS_OK(status)) {
2491 memcpy(servername, r.out.info.info0.name, 16);
2492 servername[16] = '\0';
2494 if (!pull_ascii_talloc(mem_ctx, name, servername, &converted_size)) {
2495 return NT_STATUS_NO_MEMORY;
2498 return NT_STATUS_OK;
2501 static bool rap_get_servername(struct torture_context *tctx,
2504 struct smbcli_state *cli;
2506 torture_assert(tctx,
2507 torture_open_connection_share(tctx, &cli, tctx, torture_setting_string(tctx, "host", NULL),
2509 "IPC$ connection failed");
2511 torture_assert_ntstatus_ok(tctx,
2512 get_servername(tctx, cli->tree, servername),
2513 "get_servername failed");
2520 static bool find_printers(struct torture_context *tctx,
2521 struct dcerpc_pipe *p,
2522 const char ***printers,
2525 struct srvsvc_NetShareEnum r;
2526 struct srvsvc_NetShareInfoCtr info_ctr;
2527 struct srvsvc_NetShareCtr1 c1_in;
2528 struct srvsvc_NetShareCtr1 *c1;
2529 uint32_t totalentries = 0;
2531 struct dcerpc_binding_handle *b = p->binding_handle;
2535 info_ctr.ctr.ctr1 = &c1_in;
2537 r.in.server_unc = talloc_asprintf(
2538 tctx, "\\\\%s", dcerpc_server_name(p));
2539 r.in.info_ctr = &info_ctr;
2540 r.in.max_buffer = (uint32_t)-1;
2541 r.in.resume_handle = NULL;
2542 r.out.totalentries = &totalentries;
2543 r.out.info_ctr = &info_ctr;
2545 torture_assert_ntstatus_ok(tctx,
2546 dcerpc_srvsvc_NetShareEnum_r(b, tctx, &r),
2547 "NetShareEnum level 1 failed");
2548 torture_assert_werr_ok(tctx, r.out.result,
2549 "NetShareEnum level 1 failed");
2553 c1 = r.out.info_ctr->ctr.ctr1;
2554 for (i=0; i<c1->count; i++) {
2555 if (c1->array[i].type != STYPE_PRINTQ) {
2558 if (!add_string_to_array(tctx, c1->array[i].name,
2559 printers, num_printers)) {
2567 static bool enumprinters(struct torture_context *tctx,
2568 struct dcerpc_binding_handle *b,
2569 const char *servername, int level, int *num_printers)
2571 struct spoolss_EnumPrinters r;
2575 union spoolss_PrinterInfo *info;
2577 r.in.flags = PRINTER_ENUM_LOCAL;
2578 r.in.server = talloc_asprintf(tctx, "\\\\%s", servername);
2582 r.out.needed = &needed;
2583 r.out.count = &count;
2586 torture_assert_ntstatus_ok(tctx,
2587 dcerpc_spoolss_EnumPrinters_r(b, tctx, &r),
2588 "dcerpc_spoolss_EnumPrinters failed");
2589 torture_assert_werr_equal(tctx, r.out.result, WERR_INSUFFICIENT_BUFFER,
2590 "EnumPrinters unexpected return code should be WERR_INSUFFICIENT_BUFFER");
2592 blob = data_blob_talloc_zero(tctx, needed);
2593 if (blob.data == NULL) {
2597 r.in.buffer = &blob;
2598 r.in.offered = needed;
2600 torture_assert_ntstatus_ok(tctx,
2601 dcerpc_spoolss_EnumPrinters_r(b, tctx, &r),
2602 "dcerpc_spoolss_EnumPrinters failed");
2603 torture_assert_werr_ok(tctx, r.out.result,
2604 "dcerpc_spoolss_EnumPrinters failed");
2606 *num_printers = count;
2611 static bool getprinterinfo(struct torture_context *tctx,
2612 struct dcerpc_binding_handle *b,
2613 struct policy_handle *handle, int level,
2614 union spoolss_PrinterInfo **res)
2616 struct spoolss_GetPrinter r;
2620 r.in.handle = handle;
2624 r.out.needed = &needed;
2626 torture_assert_ntstatus_ok(tctx,
2627 dcerpc_spoolss_GetPrinter_r(b, tctx, &r),
2628 "dcerpc_spoolss_GetPrinter failed");
2629 torture_assert_werr_equal(tctx, r.out.result, WERR_INSUFFICIENT_BUFFER,
2630 "GetPrinter unexpected return code should be WERR_INSUFFICIENT_BUFFER");
2632 r.in.handle = handle;
2634 blob = data_blob_talloc_zero(tctx, needed);
2635 if (blob.data == NULL) {
2638 r.in.buffer = &blob;
2639 r.in.offered = needed;
2641 torture_assert_ntstatus_ok(tctx,
2642 dcerpc_spoolss_GetPrinter_r(b, tctx, &r),
2643 "dcerpc_spoolss_GetPrinter failed");
2644 torture_assert_werr_ok(tctx, r.out.result,
2645 "dcerpc_spoolss_GetPrinter failed");
2648 *res = talloc_steal(tctx, r.out.info);
2654 static bool torture_samba3_rpc_spoolss(struct torture_context *torture)
2656 struct dcerpc_pipe *p, *p2;
2657 struct dcerpc_binding_handle *b;
2658 struct policy_handle server_handle, printer_handle;
2659 const char **printers;
2661 struct spoolss_UserLevel1 userlevel1;
2664 torture_assert(torture,
2665 rap_get_servername(torture, &servername),
2666 "failed to rap servername");
2668 torture_assert_ntstatus_ok(torture,
2669 torture_rpc_connection(torture, &p2, &ndr_table_srvsvc),
2670 "failed to setup srvsvc");
2672 torture_assert(torture,
2673 find_printers(torture, p2, &printers, &num_printers),
2674 "failed to find printers via srvsvc");
2678 if (num_printers == 0) {
2679 torture_skip(torture, "Did not find printers\n");
2683 torture_assert_ntstatus_ok(torture,
2684 torture_rpc_connection(torture, &p, &ndr_table_spoolss),
2685 "failed to setup spoolss");
2687 b = p->binding_handle;
2689 ZERO_STRUCT(userlevel1);
2690 userlevel1.client = talloc_asprintf(
2691 torture, "\\\\%s", lpcfg_netbios_name(torture->lp_ctx));
2692 userlevel1.user = cli_credentials_get_username(cmdline_credentials);
2693 userlevel1.build = 2600;
2694 userlevel1.major = 3;
2695 userlevel1.minor = 0;
2696 userlevel1.processor = 0;
2699 struct spoolss_OpenPrinterEx r;
2702 r.in.printername = talloc_asprintf(torture, "\\\\%s",
2704 r.in.datatype = NULL;
2705 r.in.access_mask = 0;
2707 r.in.userlevel.level1 = &userlevel1;
2708 r.out.handle = &server_handle;
2710 torture_assert_ntstatus_ok(torture,
2711 dcerpc_spoolss_OpenPrinterEx_r(b, torture, &r),
2712 "dcerpc_spoolss_OpenPrinterEx failed");
2713 torture_assert_werr_ok(torture, r.out.result,
2714 "dcerpc_spoolss_OpenPrinterEx failed");
2718 struct spoolss_ClosePrinter r;
2720 r.in.handle = &server_handle;
2721 r.out.handle = &server_handle;
2723 torture_assert_ntstatus_ok(torture,
2724 dcerpc_spoolss_ClosePrinter_r(b, torture, &r),
2725 "dcerpc_spoolss_ClosePrinter failed");
2726 torture_assert_werr_ok(torture, r.out.result,
2727 "dcerpc_spoolss_ClosePrinter failed");
2731 struct spoolss_OpenPrinterEx r;
2734 r.in.printername = talloc_asprintf(
2735 torture, "\\\\%s\\%s", servername, printers[0]);
2736 r.in.datatype = NULL;
2737 r.in.access_mask = 0;
2739 r.in.userlevel.level1 = &userlevel1;
2740 r.out.handle = &printer_handle;
2742 torture_assert_ntstatus_ok(torture,
2743 dcerpc_spoolss_OpenPrinterEx_r(b, torture, &r),
2744 "dcerpc_spoolss_OpenPrinterEx failed");
2745 torture_assert_werr_ok(torture, r.out.result,
2746 "dcerpc_spoolss_OpenPrinterEx failed");
2752 for (i=0; i<8; i++) {
2753 torture_assert(torture,
2754 getprinterinfo(torture, b, &printer_handle, i, NULL),
2755 talloc_asprintf(torture, "getprinterinfo %d failed", i));
2760 struct spoolss_ClosePrinter r;
2762 r.in.handle = &printer_handle;
2763 r.out.handle = &printer_handle;
2765 torture_assert_ntstatus_ok(torture,
2766 dcerpc_spoolss_ClosePrinter_r(b, torture, &r),
2767 "dcerpc_spoolss_ClosePrinter failed");
2768 torture_assert_werr_ok(torture, r.out.result,
2769 "dcerpc_spoolss_ClosePrinter failed");
2775 torture_assert(torture,
2776 enumprinters(torture, b, servername, 1, &num_enumerated),
2777 "enumprinters failed");
2779 torture_assert_int_equal(torture, num_printers, num_enumerated,
2780 "netshareenum / enumprinters lvl 1 numprinter mismatch");
2786 torture_assert(torture,
2787 enumprinters(torture, b, servername, 2, &num_enumerated),
2788 "enumprinters failed");
2790 torture_assert_int_equal(torture, num_printers, num_enumerated,
2791 "netshareenum / enumprinters lvl 2 numprinter mismatch");
2797 static bool torture_samba3_rpc_wkssvc(struct torture_context *torture)
2799 struct dcerpc_pipe *p;
2800 struct dcerpc_binding_handle *b;
2803 torture_assert(torture,
2804 rap_get_servername(torture, &servername),
2805 "failed to rap servername");
2807 torture_assert_ntstatus_ok(torture,
2808 torture_rpc_connection(torture, &p, &ndr_table_wkssvc),
2809 "failed to setup wkssvc");
2811 b = p->binding_handle;
2814 struct wkssvc_NetWkstaInfo100 wks100;
2815 union wkssvc_NetWkstaInfo info;
2816 struct wkssvc_NetWkstaGetInfo r;
2818 r.in.server_name = "\\foo";
2820 info.info100 = &wks100;
2823 torture_assert_ntstatus_ok(torture,
2824 dcerpc_wkssvc_NetWkstaGetInfo_r(b, torture, &r),
2825 "dcerpc_wkssvc_NetWksGetInfo failed");
2826 torture_assert_werr_ok(torture, r.out.result,
2827 "dcerpc_wkssvc_NetWksGetInfo failed");
2829 torture_assert_str_equal(torture, servername, r.out.info->info100->server_name,
2830 "servername RAP / DCERPC inconsistency");
2836 static bool winreg_close(struct torture_context *tctx,
2837 struct dcerpc_binding_handle *b,
2838 struct policy_handle *handle)
2840 struct winreg_CloseKey c;
2842 c.in.handle = c.out.handle = handle;
2844 torture_assert_ntstatus_ok(tctx,
2845 dcerpc_winreg_CloseKey_r(b, tctx, &c),
2846 "winreg_CloseKey failed");
2847 torture_assert_werr_ok(tctx, c.out.result,
2848 "winreg_CloseKey failed");
2853 static bool enumvalues(struct torture_context *tctx,
2854 struct dcerpc_binding_handle *b,
2855 struct policy_handle *handle)
2857 uint32_t enum_index = 0;
2860 struct winreg_EnumValue r;
2861 struct winreg_ValNameBuf name;
2862 enum winreg_Type type = 0;
2865 uint32_t size, length;
2867 r.in.handle = handle;
2868 r.in.enum_index = enum_index;
2871 r.in.name = r.out.name = &name;
2877 r.in.length = &length;
2879 status = dcerpc_winreg_EnumValue_r(b, tctx, &r);
2880 if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(r.out.result)) {
2887 static bool enumkeys(struct torture_context *tctx,
2888 struct dcerpc_binding_handle *b,
2889 struct policy_handle *handle,
2892 struct winreg_EnumKey r;
2893 struct winreg_StringBuf kclass, name;
2904 r.in.handle = handle;
2905 r.in.enum_index = 0;
2907 r.in.keyclass = &kclass;
2909 r.in.last_changed_time = &t;
2912 struct winreg_OpenKey o;
2913 struct policy_handle key_handle;
2919 status = dcerpc_winreg_EnumKey_r(b, tctx, &r);
2920 if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(r.out.result)) {
2921 /* We're done enumerating */
2925 for (i=0; i<10-depth; i++) {
2926 torture_comment(tctx, " ");
2928 torture_comment(tctx, "%s\n", r.out.name->name);
2930 o.in.parent_handle = handle;
2931 o.in.keyname.name = r.out.name->name;
2933 o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
2934 o.out.handle = &key_handle;
2936 status = dcerpc_winreg_OpenKey_r(b, tctx, &o);
2937 if (NT_STATUS_IS_OK(status) && W_ERROR_IS_OK(o.out.result)) {
2938 enumkeys(tctx, b, &key_handle, depth-1);
2939 enumvalues(tctx, b, &key_handle);
2940 torture_assert(tctx, winreg_close(tctx, b, &key_handle), "");
2943 r.in.enum_index += 1;
2949 typedef NTSTATUS (*winreg_open_fn)(struct dcerpc_binding_handle *, TALLOC_CTX *, void *);
2951 static bool test_Open3(struct torture_context *tctx,
2952 struct dcerpc_binding_handle *b,
2953 const char *name, winreg_open_fn open_fn)
2955 struct policy_handle handle;
2956 struct winreg_OpenHKLM r;
2958 r.in.system_name = 0;
2959 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
2960 r.out.handle = &handle;
2962 torture_assert_ntstatus_ok(tctx,
2963 open_fn(b, tctx, &r),
2964 talloc_asprintf(tctx, "%s failed", name));
2965 torture_assert_werr_ok(tctx, r.out.result,
2966 talloc_asprintf(tctx, "%s failed", name));
2968 enumkeys(tctx, b, &handle, 4);
2970 torture_assert(tctx,
2971 winreg_close(tctx, b, &handle),
2972 "dcerpc_CloseKey failed");
2977 static bool torture_samba3_rpc_winreg(struct torture_context *torture)
2979 struct dcerpc_pipe *p;
2980 struct dcerpc_binding_handle *b;
2986 {"OpenHKLM", (winreg_open_fn)dcerpc_winreg_OpenHKLM_r },
2987 {"OpenHKU", (winreg_open_fn)dcerpc_winreg_OpenHKU_r },
2988 {"OpenHKPD", (winreg_open_fn)dcerpc_winreg_OpenHKPD_r },
2989 {"OpenHKPT", (winreg_open_fn)dcerpc_winreg_OpenHKPT_r },
2990 {"OpenHKCR", (winreg_open_fn)dcerpc_winreg_OpenHKCR_r }};
2995 torture_assert_ntstatus_ok(torture,
2996 torture_rpc_connection(torture, &p, &ndr_table_winreg),
2997 "failed to setup winreg");
2999 b = p->binding_handle;
3002 ret = test_Open3(torture, b, open_fns[0].name, open_fns[0].fn);
3004 for (i = 0; i < ARRAY_SIZE(open_fns); i++) {
3005 if (!test_Open3(torture, b, open_fns[i].name, open_fns[i].fn))
3012 static bool get_shareinfo(struct torture_context *tctx,
3013 struct dcerpc_binding_handle *b,
3014 const char *servername,
3016 struct srvsvc_NetShareInfo502 **info502)
3018 struct srvsvc_NetShareGetInfo r;
3019 union srvsvc_NetShareInfo info;
3021 r.in.server_unc = talloc_asprintf(tctx, "\\\\%s", servername);
3022 r.in.share_name = share;
3026 torture_assert_ntstatus_ok(tctx,
3027 dcerpc_srvsvc_NetShareGetInfo_r(b, tctx, &r),
3028 "srvsvc_NetShareGetInfo failed");
3029 torture_assert_werr_ok(tctx, r.out.result,
3030 "srvsvc_NetShareGetInfo failed");
3032 *info502 = talloc_move(tctx, &info.info502);
3038 * Get us a handle on HKLM\
3041 static bool get_hklm_handle(struct torture_context *tctx,
3042 struct dcerpc_binding_handle *b,
3043 struct policy_handle *handle)
3045 struct winreg_OpenHKLM r;
3046 struct policy_handle result;
3048 r.in.system_name = 0;
3049 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
3050 r.out.handle = &result;
3052 torture_assert_ntstatus_ok(tctx,
3053 dcerpc_winreg_OpenHKLM_r(b, tctx, &r),
3055 torture_assert_werr_ok(tctx, r.out.result,
3063 static bool torture_samba3_createshare(struct torture_context *tctx,
3064 struct dcerpc_binding_handle *b,
3065 const char *sharename)
3067 struct policy_handle hklm;
3068 struct policy_handle new_handle;
3069 struct winreg_CreateKey c;
3070 struct winreg_CloseKey cl;
3071 enum winreg_CreateAction action_taken;
3073 c.in.handle = &hklm;
3074 c.in.name.name = talloc_asprintf(
3075 tctx, "software\\samba\\smbconf\\%s", sharename);
3076 torture_assert(tctx, c.in.name.name, "talloc_asprintf failed");
3078 c.in.keyclass.name = "";
3080 c.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
3081 c.in.secdesc = NULL;
3082 c.in.action_taken = &action_taken;
3083 c.out.new_handle = &new_handle;
3084 c.out.action_taken = &action_taken;
3086 torture_assert_ntstatus_ok(tctx,
3087 dcerpc_winreg_CreateKey_r(b, tctx, &c),
3089 torture_assert_werr_ok(tctx, c.out.result,
3092 cl.in.handle = &new_handle;
3093 cl.out.handle = &new_handle;
3095 torture_assert_ntstatus_ok(tctx,
3096 dcerpc_winreg_CloseKey_r(b, tctx, &cl),
3098 torture_assert_werr_ok(tctx, cl.out.result,
3104 static bool torture_samba3_deleteshare(struct torture_context *tctx,
3105 struct dcerpc_binding_handle *b,
3106 const char *sharename)
3108 struct policy_handle hklm;
3109 struct winreg_DeleteKey d;
3111 torture_assert(tctx,
3112 get_hklm_handle(tctx, b, &hklm),
3113 "get_hklm_handle failed");
3115 d.in.handle = &hklm;
3116 d.in.key.name = talloc_asprintf(
3117 tctx, "software\\samba\\smbconf\\%s", sharename);
3118 torture_assert(tctx, d.in.key.name, "talloc_asprintf failed");
3120 torture_assert_ntstatus_ok(tctx,
3121 dcerpc_winreg_DeleteKey_r(b, tctx, &d),
3122 "DeleteKey failed");
3123 torture_assert_werr_ok(tctx, d.out.result,
3124 "DeleteKey failed");
3129 static bool torture_samba3_setconfig(struct torture_context *tctx,
3130 struct dcerpc_binding_handle *b,
3131 const char *sharename,
3132 const char *parameter,
3135 struct policy_handle hklm, key_handle;
3136 struct winreg_OpenKey o;
3137 struct winreg_SetValue s;
3141 torture_assert(tctx,
3142 get_hklm_handle(tctx, b, &hklm),
3143 "get_hklm_handle failed");
3145 o.in.parent_handle = &hklm;
3146 o.in.keyname.name = talloc_asprintf(
3147 tctx, "software\\samba\\smbconf\\%s", sharename);
3148 torture_assert(tctx, o.in.keyname.name, "talloc_asprintf failed");
3151 o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
3152 o.out.handle = &key_handle;
3154 torture_assert_ntstatus_ok(tctx,
3155 dcerpc_winreg_OpenKey_r(b, tctx, &o),
3157 torture_assert_werr_ok(tctx, o.out.result,
3160 torture_assert(tctx,
3161 reg_string_to_val(tctx, "REG_SZ", value, &type, &val),
3162 "reg_string_to_val failed");
3164 s.in.handle = &key_handle;
3165 s.in.name.name = parameter;
3167 s.in.data = val.data;
3168 s.in.size = val.length;
3170 torture_assert_ntstatus_ok(tctx,
3171 dcerpc_winreg_SetValue_r(b, tctx, &s),
3173 torture_assert_werr_ok(tctx, s.out.result,
3179 static bool torture_samba3_regconfig(struct torture_context *torture)
3181 struct srvsvc_NetShareInfo502 *i = NULL;
3182 const char *comment = "Dummer Kommentar";
3183 struct dcerpc_pipe *srvsvc_pipe, *winreg_pipe;
3185 torture_assert_ntstatus_ok(torture,
3186 torture_rpc_connection(torture, &srvsvc_pipe, &ndr_table_srvsvc),
3187 "failed to setup srvsvc");
3189 torture_assert_ntstatus_ok(torture,
3190 torture_rpc_connection(torture, &winreg_pipe, &ndr_table_winreg),
3191 "failed to setup winreg");
3193 torture_assert(torture,
3194 torture_samba3_createshare(torture, winreg_pipe->binding_handle, "blubber"),
3195 "torture_samba3_createshare failed");
3197 torture_assert(torture,
3198 torture_samba3_setconfig(torture, winreg_pipe->binding_handle, "blubber", "comment", comment),
3199 "torture_samba3_setconfig failed");
3201 torture_assert(torture,
3202 get_shareinfo(torture, srvsvc_pipe->binding_handle, dcerpc_server_name(srvsvc_pipe), "blubber", &i),
3203 "get_shareinfo failed");
3205 torture_assert_str_equal(torture, comment, i->comment,
3206 "got unexpected comment");
3208 torture_assert(torture,
3209 torture_samba3_deleteshare(torture, winreg_pipe->binding_handle, "blubber"),
3210 "torture_samba3_deleteshare failed");
3216 * Test that even with a result of 0 rids the array is returned as a
3217 * non-NULL pointer. Yes, XP does notice.
3220 bool torture_samba3_getaliasmembership_0(struct torture_context *torture)
3222 struct dcerpc_pipe *p;
3223 struct dcerpc_binding_handle *b;
3224 struct samr_Connect2 c;
3225 struct samr_OpenDomain o;
3227 struct lsa_SidPtr ptr;
3228 struct lsa_SidArray sids;
3229 struct samr_GetAliasMembership g;
3230 struct samr_Ids rids;
3231 struct policy_handle samr, domain;
3233 torture_assert_ntstatus_ok(torture,
3234 torture_rpc_connection(torture, &p, &ndr_table_samr),
3235 "failed to setup samr");
3237 b = p->binding_handle;
3239 c.in.system_name = NULL;
3240 c.in.access_mask = SAMR_ACCESS_LOOKUP_DOMAIN;
3241 c.out.connect_handle = &samr;
3242 torture_assert_ntstatus_ok(torture,
3243 dcerpc_samr_Connect2_r(b, torture, &c),
3245 torture_assert_ntstatus_ok(torture, c.out.result,
3247 dom_sid_parse("S-1-5-32", &sid);
3248 o.in.connect_handle = &samr;
3249 o.in.access_mask = SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS;
3251 o.out.domain_handle = &domain;
3252 torture_assert_ntstatus_ok(torture,
3253 dcerpc_samr_OpenDomain_r(b, torture, &o),
3255 torture_assert_ntstatus_ok(torture, o.out.result,
3257 dom_sid_parse("S-1-2-3-4-5", &sid);
3261 g.in.domain_handle = &domain;
3264 torture_assert_ntstatus_ok(torture,
3265 dcerpc_samr_GetAliasMembership_r(b, torture, &g),
3267 torture_assert_ntstatus_ok(torture, g.out.result,
3269 if (rids.ids == NULL) {
3270 /* This is the piece to test here */
3271 torture_fail(torture,
3272 "torture_samba3_getaliasmembership_0: "
3273 "Server returns NULL rids array\n");
3280 * Test smb reauthentication while rpc pipe is in use.
3282 static bool torture_rpc_smb_reauth1(struct torture_context *torture)
3284 TALLOC_CTX *mem_ctx;
3287 struct smbcli_state *cli;
3288 struct smbcli_options options;
3289 struct smbcli_session_options session_options;
3291 struct dcerpc_pipe *lsa_pipe;
3292 struct dcerpc_binding_handle *lsa_handle;
3293 struct lsa_GetUserName r;
3294 struct lsa_String *authority_name_p = NULL;
3295 char *authority_name_saved = NULL;
3296 struct lsa_String *account_name_p = NULL;
3297 char *account_name_saved = NULL;
3298 struct cli_credentials *anon_creds = NULL;
3299 struct smb_composite_sesssetup io;
3301 mem_ctx = talloc_init("torture_samba3_reauth");
3302 torture_assert(torture, (mem_ctx != NULL), "talloc_init failed");
3304 lpcfg_smbcli_options(torture->lp_ctx, &options);
3305 lpcfg_smbcli_session_options(torture->lp_ctx, &session_options);
3307 status = smbcli_full_connection(mem_ctx, &cli,
3308 torture_setting_string(torture, "host", NULL),
3309 lpcfg_smb_ports(torture->lp_ctx),
3311 lpcfg_socket_options(torture->lp_ctx),
3312 cmdline_credentials,
3313 lpcfg_resolve_context(torture->lp_ctx),
3314 torture->ev, &options, &session_options,
3315 lpcfg_gensec_settings(torture, torture->lp_ctx));
3316 torture_assert_ntstatus_ok_goto(torture, status, ret, done,
3317 "smbcli_full_connection failed");
3319 lsa_pipe = dcerpc_pipe_init(mem_ctx, torture->ev);
3320 torture_assert_goto(torture, (lsa_pipe != NULL), ret, done,
3321 "dcerpc_pipe_init failed");
3322 lsa_handle = lsa_pipe->binding_handle;
3324 status = dcerpc_pipe_open_smb(lsa_pipe, cli->tree, "\\lsarpc");
3325 torture_assert_ntstatus_ok_goto(torture, status, ret, done,
3326 "dcerpc_pipe_open failed");
3328 status = dcerpc_bind_auth_none(lsa_pipe, &ndr_table_lsarpc);
3329 torture_assert_ntstatus_ok_goto(torture, status, ret, done,
3330 "dcerpc_bind_auth_none failed");
3332 /* lsa getusername */
3335 r.in.system_name = "\\";
3336 r.in.account_name = &account_name_p;
3337 r.in.authority_name = &authority_name_p;
3338 r.out.account_name = &account_name_p;
3340 status = dcerpc_lsa_GetUserName_r(lsa_handle, mem_ctx, &r);
3342 authority_name_p = *r.out.authority_name;
3344 torture_assert_ntstatus_ok_goto(torture, status, ret, done,
3345 "GetUserName failed");
3346 torture_assert_ntstatus_ok_goto(torture, r.out.result, ret, done,
3347 "GetUserName failed");
3349 torture_comment(torture, "lsa_GetUserName gave '%s\\%s'\n",
3350 authority_name_p->string,
3351 account_name_p->string);
3353 account_name_saved = talloc_strdup(mem_ctx, account_name_p->string);
3354 torture_assert_goto(torture, (account_name_saved != NULL), ret, done,
3356 authority_name_saved = talloc_strdup(mem_ctx, authority_name_p->string);
3357 torture_assert_goto(torture, (authority_name_saved != NULL), ret, done,
3360 /* smb re-authenticate as anonymous */
3362 anon_creds = cli_credentials_init_anon(mem_ctx);
3365 io.in.sesskey = cli->transport->negotiate.sesskey;
3366 io.in.capabilities = cli->transport->negotiate.capabilities;
3367 io.in.credentials = anon_creds;
3368 io.in.workgroup = lpcfg_workgroup(torture->lp_ctx);
3369 io.in.gensec_settings = lpcfg_gensec_settings(torture, torture->lp_ctx);
3371 status = smb_composite_sesssetup(cli->session, &io);
3372 torture_assert_ntstatus_ok_goto(torture, status, ret, done,
3373 "session reauth to anon failed");
3375 /* re-do lsa getusername after reauth */
3377 TALLOC_FREE(authority_name_p);
3378 TALLOC_FREE(account_name_p);
3380 r.in.system_name = "\\";
3381 r.in.account_name = &account_name_p;
3382 r.in.authority_name = &authority_name_p;
3383 r.out.account_name = &account_name_p;
3385 status = dcerpc_lsa_GetUserName_r(lsa_handle, mem_ctx, &r);
3387 authority_name_p = *r.out.authority_name;
3389 torture_assert_ntstatus_ok_goto(torture, status, ret, done,
3390 "GetUserName failed");
3391 torture_assert_ntstatus_ok_goto(torture, r.out.result, ret, done,
3392 "GetUserName failed");
3394 torture_assert_goto(torture, (strcmp(authority_name_p->string, authority_name_saved) == 0),
3395 ret, done, "authority_name not equal after reauth to anon");
3396 torture_assert_goto(torture, (strcmp(account_name_p->string, account_name_saved) == 0),
3397 ret, done, "account_name not equal after reauth to anon");
3399 /* smb re-auth again to the original user */
3402 io.in.sesskey = cli->transport->negotiate.sesskey;
3403 io.in.capabilities = cli->transport->negotiate.capabilities;
3404 io.in.credentials = cmdline_credentials;
3405 io.in.workgroup = lpcfg_workgroup(torture->lp_ctx);
3406 io.in.gensec_settings = lpcfg_gensec_settings(torture, torture->lp_ctx);
3408 status = smb_composite_sesssetup(cli->session, &io);
3409 torture_assert_ntstatus_ok_goto(torture, status, ret, done,
3410 "session reauth to anon failed");
3412 /* re-do lsa getusername */
3414 TALLOC_FREE(authority_name_p);
3415 TALLOC_FREE(account_name_p);
3417 r.in.system_name = "\\";
3418 r.in.account_name = &account_name_p;
3419 r.in.authority_name = &authority_name_p;
3420 r.out.account_name = &account_name_p;
3422 status = dcerpc_lsa_GetUserName_r(lsa_handle, mem_ctx, &r);
3424 authority_name_p = *r.out.authority_name;
3426 torture_assert_ntstatus_ok_goto(torture, status, ret, done,
3427 "GetUserName failed");
3428 torture_assert_ntstatus_ok_goto(torture, r.out.result, ret, done,
3429 "GetUserName failed");
3431 torture_assert_goto(torture, (strcmp(authority_name_p->string, authority_name_saved) == 0),
3432 ret, done, "authority_name not equal after reauth to anon");
3433 torture_assert_goto(torture, (strcmp(account_name_p->string, account_name_saved) == 0),
3434 ret, done, "account_name not equal after reauth to anon");
3439 talloc_free(mem_ctx);
3444 * Test smb reauthentication while rpc pipe is in use.
3445 * Open a second lsa bind after reauth to anon.
3446 * Do lsa getusername on that second bind.
3448 static bool torture_rpc_smb_reauth2(struct torture_context *torture)
3450 TALLOC_CTX *mem_ctx;
3453 struct smbcli_state *cli;
3454 struct smbcli_options options;
3455 struct smbcli_session_options session_options;
3457 struct dcerpc_pipe *lsa_pipe;
3458 struct dcerpc_binding_handle *lsa_handle;
3459 struct lsa_GetUserName r;
3460 struct lsa_String *authority_name_p = NULL;
3461 char *authority_name_saved = NULL;
3462 struct lsa_String *account_name_p = NULL;
3463 char *account_name_saved = NULL;
3464 struct cli_credentials *anon_creds = NULL;
3465 struct smb_composite_sesssetup io;
3467 mem_ctx = talloc_init("torture_samba3_reauth");
3468 torture_assert(torture, (mem_ctx != NULL), "talloc_init failed");
3470 lpcfg_smbcli_options(torture->lp_ctx, &options);
3471 lpcfg_smbcli_session_options(torture->lp_ctx, &session_options);
3473 status = smbcli_full_connection(mem_ctx, &cli,
3474 torture_setting_string(torture, "host", NULL),
3475 lpcfg_smb_ports(torture->lp_ctx),
3477 lpcfg_socket_options(torture->lp_ctx),
3478 cmdline_credentials,
3479 lpcfg_resolve_context(torture->lp_ctx),
3480 torture->ev, &options, &session_options,
3481 lpcfg_gensec_settings(torture, torture->lp_ctx));
3482 torture_assert_ntstatus_ok_goto(torture, status, ret, done,
3483 "smbcli_full_connection failed");
3485 /* smb re-authenticate as anonymous */
3487 anon_creds = cli_credentials_init_anon(mem_ctx);
3490 io.in.sesskey = cli->transport->negotiate.sesskey;
3491 io.in.capabilities = cli->transport->negotiate.capabilities;
3492 io.in.credentials = anon_creds;
3493 io.in.workgroup = lpcfg_workgroup(torture->lp_ctx);
3494 io.in.gensec_settings = lpcfg_gensec_settings(torture, torture->lp_ctx);
3496 status = smb_composite_sesssetup(cli->session, &io);
3497 torture_assert_ntstatus_ok_goto(torture, status, ret, done,
3498 "session reauth to anon failed");
3500 /* open the lsa pipe */
3502 lsa_pipe = dcerpc_pipe_init(mem_ctx, torture->ev);
3503 torture_assert_goto(torture, (lsa_pipe != NULL), ret, done,
3504 "dcerpc_pipe_init failed");
3505 lsa_handle = lsa_pipe->binding_handle;
3507 status = dcerpc_pipe_open_smb(lsa_pipe, cli->tree, "\\lsarpc");
3508 torture_assert_ntstatus_ok_goto(torture, status, ret, done,
3509 "dcerpc_pipe_open failed");
3511 status = dcerpc_bind_auth_none(lsa_pipe, &ndr_table_lsarpc);
3512 torture_assert_ntstatus_ok_goto(torture, status, ret, done,
3513 "dcerpc_bind_auth_none failed");
3515 /* lsa getusername */
3518 r.in.system_name = "\\";
3519 r.in.account_name = &account_name_p;
3520 r.in.authority_name = &authority_name_p;
3521 r.out.account_name = &account_name_p;
3523 status = dcerpc_lsa_GetUserName_r(lsa_handle, mem_ctx, &r);
3525 authority_name_p = *r.out.authority_name;
3527 torture_assert_ntstatus_ok_goto(torture, status, ret, done,
3528 "GetUserName failed");
3529 torture_assert_ntstatus_ok_goto(torture, r.out.result, ret, done,
3530 "GetUserName failed");
3532 torture_comment(torture, "lsa_GetUserName gave '%s\\%s'\n",
3533 authority_name_p->string,
3534 account_name_p->string);
3536 account_name_saved = talloc_strdup(mem_ctx, account_name_p->string);
3537 torture_assert_goto(torture, (account_name_saved != NULL), ret, done,
3539 authority_name_saved = talloc_strdup(mem_ctx, authority_name_p->string);
3540 torture_assert_goto(torture, (authority_name_saved != NULL), ret, done,
3543 /* smb re-auth again to the original user */
3546 io.in.sesskey = cli->transport->negotiate.sesskey;
3547 io.in.capabilities = cli->transport->negotiate.capabilities;
3548 io.in.credentials = cmdline_credentials;
3549 io.in.workgroup = lpcfg_workgroup(torture->lp_ctx);
3550 io.in.gensec_settings = lpcfg_gensec_settings(torture, torture->lp_ctx);
3552 status = smb_composite_sesssetup(cli->session, &io);
3553 torture_assert_ntstatus_ok_goto(torture, status, ret, done,
3554 "session reauth to anon failed");
3556 /* re-do lsa getusername after reauth */
3558 TALLOC_FREE(authority_name_p);
3559 TALLOC_FREE(account_name_p);
3561 r.in.system_name = "\\";
3562 r.in.account_name = &account_name_p;
3563 r.in.authority_name = &authority_name_p;
3564 r.out.account_name = &account_name_p;
3566 status = dcerpc_lsa_GetUserName_r(lsa_handle, mem_ctx, &r);
3568 authority_name_p = *r.out.authority_name;
3570 torture_assert_ntstatus_ok_goto(torture, status, ret, done,
3571 "GetUserName failed");
3572 torture_assert_ntstatus_ok_goto(torture, r.out.result, ret, done,
3573 "GetUserName failed");
3575 torture_assert_goto(torture, (strcmp(authority_name_p->string, authority_name_saved) == 0),
3576 ret, done, "authority_name not equal after reauth to anon");
3577 torture_assert_goto(torture, (strcmp(account_name_p->string, account_name_saved) == 0),
3578 ret, done, "account_name not equal after reauth to anon");
3583 talloc_free(mem_ctx);
3588 * Test smb2 reauthentication while rpc pipe is in use.
3590 static bool torture_rpc_smb2_reauth1(struct torture_context *torture)
3592 TALLOC_CTX *mem_ctx;
3595 struct smbcli_options options;
3597 struct dcerpc_pipe *lsa_pipe;
3598 struct dcerpc_binding_handle *lsa_handle;
3599 struct lsa_GetUserName r;
3600 struct lsa_String *authority_name_p = NULL;
3601 char *authority_name_saved = NULL;
3602 struct lsa_String *account_name_p = NULL;
3603 char *account_name_saved = NULL;
3604 struct cli_credentials *anon_creds = NULL;
3605 const char *host = torture_setting_string(torture, "host", NULL);
3606 struct smb2_tree *tree;
3608 mem_ctx = talloc_init("torture_samba3_reauth");
3609 torture_assert(torture, (mem_ctx != NULL), "talloc_init failed");
3611 lpcfg_smbcli_options(torture->lp_ctx, &options);
3613 status = smb2_connect(mem_ctx,
3615 lpcfg_smb_ports(torture->lp_ctx),
3617 lpcfg_resolve_context(torture->lp_ctx),
3618 cmdline_credentials,
3622 lpcfg_socket_options(torture->lp_ctx),
3623 lpcfg_gensec_settings(torture, torture->lp_ctx)
3625 torture_assert_ntstatus_ok_goto(torture, status, ret, done,
3626 "smb2_connect failed");
3628 lsa_pipe = dcerpc_pipe_init(mem_ctx, torture->ev);
3629 torture_assert_goto(torture, (lsa_pipe != NULL), ret, done,
3630 "dcerpc_pipe_init failed");
3631 lsa_handle = lsa_pipe->binding_handle;
3633 status = dcerpc_pipe_open_smb2(lsa_pipe, tree, "lsarpc");
3634 torture_assert_ntstatus_ok_goto(torture, status, ret, done,
3635 "dcerpc_pipe_open_smb2 failed");
3637 status = dcerpc_bind_auth_none(lsa_pipe, &ndr_table_lsarpc);
3638 torture_assert_ntstatus_ok_goto(torture, status, ret, done,
3639 "dcerpc_bind_auth_none failed");
3641 /* lsa getusername */
3644 r.in.system_name = "\\";
3645 r.in.account_name = &account_name_p;
3646 r.in.authority_name = &authority_name_p;
3647 r.out.account_name = &account_name_p;
3649 status = dcerpc_lsa_GetUserName_r(lsa_handle, mem_ctx, &r);
3651 authority_name_p = *r.out.authority_name;
3653 torture_assert_ntstatus_ok_goto(torture, status, ret, done,
3654 "GetUserName failed");
3655 torture_assert_ntstatus_ok_goto(torture, r.out.result, ret, done,
3656 "GetUserName failed");
3658 torture_comment(torture, "lsa_GetUserName gave '%s\\%s'\n",
3659 authority_name_p->string,
3660 account_name_p->string);
3662 account_name_saved = talloc_strdup(mem_ctx, account_name_p->string);
3663 torture_assert_goto(torture, (account_name_saved != NULL), ret, done,
3665 authority_name_saved = talloc_strdup(mem_ctx, authority_name_p->string);
3666 torture_assert_goto(torture, (authority_name_saved != NULL), ret, done,
3669 /* smb re-authenticate as anonymous */
3671 anon_creds = cli_credentials_init_anon(mem_ctx);
3673 status = smb2_session_setup_spnego(tree->session,
3675 0 /* previous_session_id */);
3676 torture_assert_ntstatus_ok_goto(torture, status, ret, done,
3677 "session reauth to anon failed");
3679 /* re-do lsa getusername after reauth */
3681 TALLOC_FREE(authority_name_p);
3682 TALLOC_FREE(account_name_p);
3684 r.in.system_name = "\\";
3685 r.in.account_name = &account_name_p;
3686 r.in.authority_name = &authority_name_p;
3687 r.out.account_name = &account_name_p;
3689 status = dcerpc_lsa_GetUserName_r(lsa_handle, mem_ctx, &r);
3691 authority_name_p = *r.out.authority_name;
3693 torture_assert_ntstatus_ok_goto(torture, status, ret, done,
3694 "GetUserName failed");
3695 torture_assert_ntstatus_ok_goto(torture, r.out.result, ret, done,
3696 "GetUserName failed");
3698 torture_assert_goto(torture, (strcmp(authority_name_p->string, authority_name_saved) == 0),
3699 ret, done, "authority_name not equal after reauth to anon");
3700 torture_assert_goto(torture, (strcmp(account_name_p->string, account_name_saved) == 0),
3701 ret, done, "account_name not equal after reauth to anon");
3703 /* smb re-auth again to the original user */
3705 status = smb2_session_setup_spnego(tree->session,
3706 cmdline_credentials,
3707 0 /* previous_session_id */);
3708 torture_assert_ntstatus_ok_goto(torture, status, ret, done,
3709 "session reauth to anon failed");
3711 /* re-do lsa getusername */
3713 TALLOC_FREE(authority_name_p);
3714 TALLOC_FREE(account_name_p);
3716 r.in.system_name = "\\";
3717 r.in.account_name = &account_name_p;
3718 r.in.authority_name = &authority_name_p;
3719 r.out.account_name = &account_name_p;
3721 status = dcerpc_lsa_GetUserName_r(lsa_handle, mem_ctx, &r);
3723 authority_name_p = *r.out.authority_name;
3725 torture_assert_ntstatus_ok_goto(torture, status, ret, done,
3726 "GetUserName failed");
3727 torture_assert_ntstatus_ok_goto(torture, r.out.result, ret, done,
3728 "GetUserName failed");
3730 torture_assert_goto(torture, (strcmp(authority_name_p->string, authority_name_saved) == 0),
3731 ret, done, "authority_name not equal after reauth to anon");
3732 torture_assert_goto(torture, (strcmp(account_name_p->string, account_name_saved) == 0),
3733 ret, done, "account_name not equal after reauth to anon");
3738 talloc_free(mem_ctx);
3743 * Test smb2reauthentication while rpc pipe is in use.
3744 * Open a second lsa bind after reauth to anon.
3745 * Do lsa getusername on that second bind.
3747 static bool torture_rpc_smb2_reauth2(struct torture_context *torture)
3749 TALLOC_CTX *mem_ctx;
3752 struct smbcli_options options;
3754 struct dcerpc_pipe *lsa_pipe;
3755 struct dcerpc_binding_handle *lsa_handle;
3756 struct lsa_GetUserName r;
3757 struct lsa_String *authority_name_p = NULL;
3758 char *authority_name_saved = NULL;
3759 struct lsa_String *account_name_p = NULL;
3760 char *account_name_saved = NULL;
3761 struct cli_credentials *anon_creds = NULL;
3762 const char *host = torture_setting_string(torture, "host", NULL);
3763 struct smb2_tree *tree;
3765 mem_ctx = talloc_init("torture_samba3_reauth");
3766 torture_assert(torture, (mem_ctx != NULL), "talloc_init failed");
3768 lpcfg_smbcli_options(torture->lp_ctx, &options);
3770 status = smb2_connect(mem_ctx,
3772 lpcfg_smb_ports(torture->lp_ctx),
3774 lpcfg_resolve_context(torture->lp_ctx),
3775 cmdline_credentials,
3779 lpcfg_socket_options(torture->lp_ctx),
3780 lpcfg_gensec_settings(torture, torture->lp_ctx)
3782 torture_assert_ntstatus_ok_goto(torture, status, ret, done,
3783 "smb2_connect failed");
3785 /* smb re-authenticate as anonymous */
3787 anon_creds = cli_credentials_init_anon(mem_ctx);
3789 status = smb2_session_setup_spnego(tree->session,
3791 0 /* previous_session_id */);
3792 torture_assert_ntstatus_ok_goto(torture, status, ret, done,
3793 "session reauth to anon failed");
3795 /* open the lsa pipe */
3797 lsa_pipe = dcerpc_pipe_init(mem_ctx, torture->ev);
3798 torture_assert_goto(torture, (lsa_pipe != NULL), ret, done,
3799 "dcerpc_pipe_init failed");
3800 lsa_handle = lsa_pipe->binding_handle;
3802 status = dcerpc_pipe_open_smb2(lsa_pipe, tree, "lsarpc");
3803 torture_assert_ntstatus_ok_goto(torture, status, ret, done,
3804 "dcerpc_pipe_open_smb2 failed");
3806 status = dcerpc_bind_auth_none(lsa_pipe, &ndr_table_lsarpc);
3807 torture_assert_ntstatus_ok_goto(torture, status, ret, done,
3808 "dcerpc_bind_auth_none failed");
3810 /* lsa getusername */
3813 r.in.system_name = "\\";
3814 r.in.account_name = &account_name_p;
3815 r.in.authority_name = &authority_name_p;
3816 r.out.account_name = &account_name_p;
3818 status = dcerpc_lsa_GetUserName_r(lsa_handle, mem_ctx, &r);
3820 authority_name_p = *r.out.authority_name;
3822 torture_assert_ntstatus_ok_goto(torture, status, ret, done,
3823 "GetUserName failed");
3824 torture_assert_ntstatus_ok_goto(torture, r.out.result, ret, done,
3825 "GetUserName failed");
3827 torture_comment(torture, "lsa_GetUserName gave '%s\\%s'\n",
3828 authority_name_p->string,
3829 account_name_p->string);
3831 account_name_saved = talloc_strdup(mem_ctx, account_name_p->string);
3832 torture_assert_goto(torture, (account_name_saved != NULL), ret, done,
3834 authority_name_saved = talloc_strdup(mem_ctx, authority_name_p->string);
3835 torture_assert_goto(torture, (authority_name_saved != NULL), ret, done,
3838 /* smb re-auth again to the original user */
3840 status = smb2_session_setup_spnego(tree->session,
3841 cmdline_credentials,
3842 0 /* previous_session_id */);
3843 torture_assert_ntstatus_ok_goto(torture, status, ret, done,
3844 "session reauth to anon failed");
3846 /* re-do lsa getusername */
3848 TALLOC_FREE(authority_name_p);
3849 TALLOC_FREE(account_name_p);
3851 r.in.system_name = "\\";
3852 r.in.account_name = &account_name_p;
3853 r.in.authority_name = &authority_name_p;
3854 r.out.account_name = &account_name_p;
3856 status = dcerpc_lsa_GetUserName_r(lsa_handle, mem_ctx, &r);
3858 authority_name_p = *r.out.authority_name;
3860 torture_assert_ntstatus_ok_goto(torture, status, ret, done,
3861 "GetUserName failed");
3862 torture_assert_ntstatus_ok_goto(torture, r.out.result, ret, done,
3863 "GetUserName failed");
3865 torture_assert_goto(torture, (strcmp(authority_name_p->string, authority_name_saved) == 0),
3866 ret, done, "authority_name not equal after reauth to anon");
3867 torture_assert_goto(torture, (strcmp(account_name_p->string, account_name_saved) == 0),
3868 ret, done, "account_name not equal after reauth to anon");
3873 talloc_free(mem_ctx);
3877 struct torture_suite *torture_rpc_samba3(TALLOC_CTX *mem_ctx)
3879 struct torture_suite *suite = torture_suite_create(mem_ctx, "samba3");
3881 torture_suite_add_simple_test(suite, "bind", torture_bind_samba3);
3882 torture_suite_add_simple_test(suite, "netlogon", torture_netlogon_samba3);
3883 torture_suite_add_simple_test(suite, "sessionkey", torture_samba3_sessionkey);
3884 torture_suite_add_simple_test(suite, "srvsvc", torture_samba3_rpc_srvsvc);
3885 torture_suite_add_simple_test(suite, "sharesec", torture_samba3_rpc_sharesec);
3886 torture_suite_add_simple_test(suite, "getusername", torture_samba3_rpc_getusername);
3887 torture_suite_add_simple_test(suite, "randomauth2", torture_samba3_rpc_randomauth2);
3888 torture_suite_add_simple_test(suite, "lsa", torture_samba3_rpc_lsa);
3889 torture_suite_add_simple_test(suite, "spoolss", torture_samba3_rpc_spoolss);
3890 torture_suite_add_simple_test(suite, "wkssvc", torture_samba3_rpc_wkssvc);
3891 torture_suite_add_simple_test(suite, "winreg", torture_samba3_rpc_winreg);
3892 torture_suite_add_simple_test(suite, "getaliasmembership-0", torture_samba3_getaliasmembership_0);
3893 torture_suite_add_simple_test(suite, "regconfig", torture_samba3_regconfig);
3894 torture_suite_add_simple_test(suite, "smb-reauth1", torture_rpc_smb_reauth1);
3895 torture_suite_add_simple_test(suite, "smb-reauth2", torture_rpc_smb_reauth2);
3896 torture_suite_add_simple_test(suite, "smb2-reauth1", torture_rpc_smb2_reauth1);
3897 torture_suite_add_simple_test(suite, "smb2-reauth2", torture_rpc_smb2_reauth2);
3899 suite->description = talloc_strdup(suite, "samba3 DCERPC interface tests");