nsswitch/libwbclient/tests/wbclient.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    SMB torture tester
   4    Copyright (C) Guenther Deschner 2009-2010
   5
   6    This program is free software; you can redistribute it and/or modify
   7    it under the terms of the GNU General Public License as published by
   8    the Free Software Foundation; either version 3 of the License, or
   9    (at your option) any later version.
  10
  11    This program is distributed in the hope that it will be useful,
  12    but WITHOUT ANY WARRANTY; without even the implied warranty of
  13    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14    GNU General Public License for more details.
  15
  16    You should have received a copy of the GNU General Public License
  17    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18 */
  19
  20 #include "lib/replace/replace.h"
  21 #include "libcli/util/ntstatus.h"
  22 #include "libcli/util/werror.h"
  23 #include "lib/util/data_blob.h"
  24 #include "lib/util/time.h"
  25 #include "nsswitch/libwbclient/wbclient.h"
  26 #include "torture/smbtorture.h"
  27 #include "torture/winbind/proto.h"
  28 #include "lib/util/util_net.h"
  29 #include "lib/util/charset/charset.h"
  30 #include "libcli/auth/libcli_auth.h"
  31 #include "source4/param/param.h"
  32 #include "lib/util/samba_util.h"
  33 #include "lib/crypto/arcfour.h"
  34
  35 #define WBC_ERROR_EQUAL(x,y) (x == y)
  36
  37 #define torture_assert_wbc_equal(torture_ctx, got, expected, cmt) \
  38         do { wbcErr __got = got, __expected = expected; \
  39         if (!WBC_ERROR_EQUAL(__got, __expected)) { \
  40                 torture_result(torture_ctx, TORTURE_FAIL, __location__": "#got" was %s, expected %s: %s", wbcErrorString(__got), wbcErrorString(__expected), cmt); \
  41                 return false; \
  42         } \
  43         } while (0)
  44
  45 #define torture_assert_wbc_ok(torture_ctx,expr,cmt) \
  46                 torture_assert_wbc_equal(torture_ctx,expr,WBC_ERR_SUCCESS,cmt)
  47
  48 static bool test_wbc_ping(struct torture_context *tctx)
  49 {
  50         torture_assert_wbc_ok(tctx, wbcPing(),
  51                 "wbcPing failed");
  52
  53         return true;
  54 }
  55
  56 static bool test_wbc_pingdc(struct torture_context *tctx)
  57 {
  58         torture_assert_wbc_equal(tctx, wbcPingDc("random_string", NULL), WBC_ERR_NOT_IMPLEMENTED,
  59                 "wbcPingDc failed");
  60         torture_assert_wbc_ok(tctx, wbcPingDc(NULL, NULL),
  61                 "wbcPingDc failed");
  62
  63         return true;
  64 }
  65
  66 static bool test_wbc_library_details(struct torture_context *tctx)
  67 {
  68         struct wbcLibraryDetails *details;
  69
  70         torture_assert_wbc_ok(tctx, wbcLibraryDetails(&details),
  71                 "wbcLibraryDetails failed");
  72         torture_assert(tctx, details,
  73                 "wbcLibraryDetails returned NULL pointer");
  74
  75         wbcFreeMemory(details);
  76
  77         return true;
  78 }
  79
  80 static bool test_wbc_interface_details(struct torture_context *tctx)
  81 {
  82         struct wbcInterfaceDetails *details;
  83
  84         torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details),
  85                 "wbcInterfaceDetails failed");
  86         torture_assert(tctx, details,
  87                 "wbcInterfaceDetails returned NULL pointer");
  88
  89         wbcFreeMemory(details);
  90
  91         return true;
  92 }
  93
  94 static bool test_wbc_sidtypestring(struct torture_context *tctx)
  95 {
  96         torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_USE_NONE),
  97                                  "SID_NONE", "SID_NONE failed");
  98         torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_USER),
  99                                  "SID_USER", "SID_USER failed");
 100         torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_DOM_GRP),
 101                                  "SID_DOM_GROUP", "SID_DOM_GROUP failed");
 102         torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_DOMAIN),
 103                                  "SID_DOMAIN", "SID_DOMAIN failed");
 104         torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_ALIAS),
 105                                  "SID_ALIAS", "SID_ALIAS failed");
 106         torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_WKN_GRP),
 107                                  "SID_WKN_GROUP", "SID_WKN_GROUP failed");
 108         torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_DELETED),
 109                                  "SID_DELETED", "SID_DELETED failed");
 110         torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_INVALID),
 111                                  "SID_INVALID", "SID_INVALID failed");
 112         torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_UNKNOWN),
 113                                  "SID_UNKNOWN", "SID_UNKNOWN failed");
 114         torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_COMPUTER),
 115                                  "SID_COMPUTER", "SID_COMPUTER failed");
 116         return true;
 117 }
 118
 119 static bool test_wbc_sidtostring(struct torture_context *tctx)
 120 {
 121         struct wbcDomainSid sid;
 122         const char *sid_string = "S-1-5-32";
 123         char *sid_string2;
 124
 125         torture_assert_wbc_ok(tctx, wbcStringToSid(sid_string, &sid),
 126                 "wbcStringToSid failed");
 127         torture_assert_wbc_ok(tctx, wbcSidToString(&sid, &sid_string2),
 128                 "wbcSidToString failed");
 129         torture_assert_str_equal(tctx, sid_string, sid_string2,
 130                 "sid strings differ");
 131         wbcFreeMemory(sid_string2);
 132
 133         return true;
 134 }
 135
 136 static bool test_wbc_guidtostring(struct torture_context *tctx)
 137 {
 138         struct wbcGuid guid;
 139         const char *guid_string = "f7cf07b4-1487-45c7-824d-8b18cc580811";
 140         char *guid_string2;
 141
 142         torture_assert_wbc_ok(tctx, wbcStringToGuid(guid_string, &guid),
 143                 "wbcStringToGuid failed");
 144         torture_assert_wbc_ok(tctx, wbcGuidToString(&guid, &guid_string2),
 145                 "wbcGuidToString failed");
 146         torture_assert_str_equal(tctx, guid_string, guid_string2,
 147                 "guid strings differ");
 148         wbcFreeMemory(guid_string2);
 149
 150         return true;
 151 }
 152
 153 static bool test_wbc_domain_info(struct torture_context *tctx)
 154 {
 155         struct wbcDomainInfo *info;
 156         struct wbcInterfaceDetails *details;
 157
 158         torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details),
 159                 "wbcInterfaceDetails failed");
 160         torture_assert_wbc_ok(
 161                 tctx, wbcDomainInfo(details->netbios_domain, &info),
 162                 "wbcDomainInfo failed");
 163         wbcFreeMemory(details);
 164
 165         torture_assert(tctx, info,
 166                 "wbcDomainInfo returned NULL pointer");
 167         wbcFreeMemory(info);
 168
 169         return true;
 170 }
 171
 172 static bool test_wbc_users(struct torture_context *tctx)
 173 {
 174         const char *domain_name = NULL;
 175         uint32_t num_users;
 176         const char **users;
 177         int i;
 178         struct wbcInterfaceDetails *details;
 179
 180         torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details),
 181                 "wbcInterfaceDetails failed");
 182
 183         domain_name = talloc_strdup(tctx, details->netbios_domain);
 184         wbcFreeMemory(details);
 185
 186         torture_assert_wbc_ok(tctx, wbcListUsers(domain_name, &num_users, &users),
 187                 "wbcListUsers failed");
 188         torture_assert(tctx, !(num_users > 0 && !users),
 189                 "wbcListUsers returned invalid results");
 190
 191         for (i=0; i < MIN(num_users,100); i++) {
 192
 193                 struct wbcDomainSid sid, *sids;
 194                 enum wbcSidType name_type;
 195                 char *domain;
 196                 char *name;
 197                 uint32_t num_sids;
 198
 199                 torture_assert_wbc_ok(tctx, wbcLookupName(domain_name, users[i], &sid, &name_type),
 200                         "wbcLookupName failed");
 201                 torture_assert_int_equal(tctx, name_type, WBC_SID_NAME_USER,
 202                         "wbcLookupName expected WBC_SID_NAME_USER");
 203                 torture_assert_wbc_ok(tctx, wbcLookupSid(&sid, &domain, &name, &name_type),
 204                         "wbcLookupSid failed");
 205                 torture_assert_int_equal(tctx, name_type, WBC_SID_NAME_USER,
 206                         "wbcLookupSid expected WBC_SID_NAME_USER");
 207                 torture_assert(tctx, name,
 208                         "wbcLookupSid returned no name");
 209                 wbcFreeMemory(domain);
 210                 wbcFreeMemory(name);
 211                 torture_assert_wbc_ok(tctx, wbcLookupUserSids(&sid, true, &num_sids, &sids),
 212                         "wbcLookupUserSids failed");
 213                 torture_assert_wbc_ok(
 214                         tctx, wbcGetDisplayName(&sid, &domain, &name,
 215                                                 &name_type),
 216                         "wbcGetDisplayName failed");
 217                 wbcFreeMemory(domain);
 218                 wbcFreeMemory(name);
 219                 wbcFreeMemory(sids);
 220         }
 221         wbcFreeMemory(users);
 222
 223         return true;
 224 }
 225
 226 static bool test_wbc_groups(struct torture_context *tctx)
 227 {
 228         const char *domain_name = NULL;
 229         uint32_t num_groups;
 230         const char **groups;
 231         int i;
 232         struct wbcInterfaceDetails *details;
 233
 234         torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details),
 235                 "wbcInterfaceDetails failed");
 236
 237         domain_name = talloc_strdup(tctx, details->netbios_domain);
 238         wbcFreeMemory(details);
 239
 240         torture_assert_wbc_ok(tctx, wbcListGroups(domain_name, &num_groups, &groups),
 241                 "wbcListGroups failed");
 242         torture_assert(tctx, !(num_groups > 0 && !groups),
 243                 "wbcListGroups returned invalid results");
 244
 245         for (i=0; i < MIN(num_groups,100); i++) {
 246
 247                 struct wbcDomainSid sid;
 248                 enum wbcSidType name_type;
 249                 char *domain;
 250                 char *name;
 251
 252                 torture_assert_wbc_ok(tctx, wbcLookupName(domain_name, groups[i], &sid, &name_type),
 253                         "wbcLookupName failed");
 254                 torture_assert_wbc_ok(tctx, wbcLookupSid(&sid, &domain, &name, &name_type),
 255                         "wbcLookupSid failed");
 256                 torture_assert(tctx, name,
 257                         "wbcLookupSid returned no name");
 258         }
 259         wbcFreeMemory(groups);
 260
 261         return true;
 262 }
 263
 264 static bool test_wbc_trusts(struct torture_context *tctx)
 265 {
 266         struct wbcDomainInfo *domains;
 267         size_t num_domains;
 268         int i;
 269
 270         torture_assert_wbc_ok(tctx, wbcListTrusts(&domains, &num_domains),
 271                 "wbcListTrusts failed");
 272         torture_assert(tctx, !(num_domains > 0 && !domains),
 273                 "wbcListTrusts returned invalid results");
 274
 275         for (i=0; i < MIN(num_domains,100); i++) {
 276
 277                 struct wbcAuthErrorInfo *error;
 278                 /*
 279                 struct wbcDomainSid sid;
 280                 enum wbcSidType name_type;
 281                 char *domain;
 282                 char *name;
 283                 */
 284                 torture_assert_wbc_ok(tctx, wbcCheckTrustCredentials(domains[i].short_name, &error),
 285                         "wbcCheckTrustCredentials failed");
 286                 /*
 287                 torture_assert_wbc_ok(tctx, wbcLookupName(domains[i].short_name, NULL, &sid, &name_type),
 288                         "wbcLookupName failed");
 289                 torture_assert_int_equal(tctx, name_type, WBC_SID_NAME_DOMAIN,
 290                         "wbcLookupName expected WBC_SID_NAME_DOMAIN");
 291                 torture_assert_wbc_ok(tctx, wbcLookupSid(&sid, &domain, &name, &name_type),
 292                         "wbcLookupSid failed");
 293                 torture_assert_int_equal(tctx, name_type, WBC_SID_NAME_DOMAIN,
 294                         "wbcLookupSid expected WBC_SID_NAME_DOMAIN");
 295                 torture_assert(tctx, name,
 296                         "wbcLookupSid returned no name");
 297                 */
 298         }
 299         wbcFreeMemory(domains);
 300
 301         return true;
 302 }
 303
 304 static bool test_wbc_lookupdc(struct torture_context *tctx)
 305 {
 306         const char *domain_name = NULL;
 307         struct wbcInterfaceDetails *details;
 308         struct wbcDomainControllerInfo *dc_info;
 309
 310         torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details),
 311                 "wbcInterfaceDetails failed");
 312
 313         domain_name = talloc_strdup(tctx, details->netbios_domain);
 314         wbcFreeMemory(details);
 315
 316         torture_assert_wbc_ok(tctx, wbcLookupDomainController(domain_name, 0, &dc_info),
 317                 "wbcLookupDomainController failed");
 318         wbcFreeMemory(dc_info);
 319
 320         return true;
 321 }
 322
 323 static bool test_wbc_lookupdcex(struct torture_context *tctx)
 324 {
 325         const char *domain_name = NULL;
 326         struct wbcInterfaceDetails *details;
 327         struct wbcDomainControllerInfoEx *dc_info;
 328
 329         torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details),
 330                 "wbcInterfaceDetails failed");
 331
 332         domain_name = talloc_strdup(tctx, details->netbios_domain);
 333         wbcFreeMemory(details);
 334
 335         torture_assert_wbc_ok(tctx, wbcLookupDomainControllerEx(domain_name, NULL, NULL, 0, &dc_info),
 336                 "wbcLookupDomainControllerEx failed");
 337         wbcFreeMemory(dc_info);
 338
 339         return true;
 340 }
 341
 342 static bool test_wbc_resolve_winsbyname(struct torture_context *tctx)
 343 {
 344         const char *name;
 345         char *ip;
 346         wbcErr ret;
 347
 348         name = torture_setting_string(tctx, "host", NULL);
 349
 350         ret = wbcResolveWinsByName(name, &ip);
 351
 352         if (is_ipaddress(name)) {
 353                 torture_assert_wbc_equal(tctx, ret, WBC_ERR_DOMAIN_NOT_FOUND, "wbcResolveWinsByName failed");
 354         } else {
 355                 torture_assert_wbc_ok(tctx, ret, "wbcResolveWinsByName failed");
 356         }
 357
 358         return true;
 359 }
 360
 361 static bool test_wbc_resolve_winsbyip(struct torture_context *tctx)
 362 {
 363         const char *ip;
 364         char *name;
 365         wbcErr ret;
 366
 367         ip = torture_setting_string(tctx, "host", NULL);
 368
 369         ret = wbcResolveWinsByIP(ip, &name);
 370
 371         torture_assert_wbc_ok(tctx, ret, "wbcResolveWinsByIP failed");
 372
 373         wbcFreeMemory(name);
 374
 375         return true;
 376 }
 377
 378 static bool test_wbc_lookup_rids(struct torture_context *tctx)
 379 {
 380         struct wbcDomainSid builtin;
 381         uint32_t rids[2] = { 544, 545 };
 382         const char *domain_name, **names;
 383         enum wbcSidType *types;
 384         wbcErr ret;
 385
 386         wbcStringToSid("S-1-5-32", &builtin);
 387
 388         ret = wbcLookupRids(&builtin, 2, rids, &domain_name, &names,
 389                             &types);
 390         torture_assert_wbc_ok(tctx, ret, "wbcLookupRids failed");
 391
 392         torture_assert_str_equal(
 393                 tctx, names[0], "Administrators",
 394                 "S-1-5-32-544 not mapped to 'Administrators'");
 395         torture_assert_str_equal(
 396                 tctx, names[1], "Users", "S-1-5-32-545 not mapped to 'Users'");
 397
 398         wbcFreeMemory(discard_const_p(char ,domain_name));
 399         wbcFreeMemory(names);
 400         wbcFreeMemory(types);
 401
 402         return true;
 403 }
 404
 405 static bool test_wbc_get_sidaliases(struct torture_context *tctx)
 406 {
 407         struct wbcDomainSid builtin;
 408         struct wbcDomainInfo *info;
 409         struct wbcInterfaceDetails *details;
 410         struct wbcDomainSid sids[2];
 411         uint32_t *rids;
 412         uint32_t num_rids;
 413         wbcErr ret;
 414
 415         torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details),
 416                 "wbcInterfaceDetails failed");
 417         torture_assert_wbc_ok(
 418                 tctx, wbcDomainInfo(details->netbios_domain, &info),
 419                 "wbcDomainInfo failed");
 420         wbcFreeMemory(details);
 421
 422         sids[0] = info->sid;
 423         sids[0].sub_auths[sids[0].num_auths++] = 500;
 424         sids[1] = info->sid;
 425         sids[1].sub_auths[sids[1].num_auths++] = 512;
 426         wbcFreeMemory(info);
 427
 428         torture_assert_wbc_ok(
 429                 tctx, wbcStringToSid("S-1-5-32", &builtin),
 430                 "wbcStringToSid failed");
 431
 432         ret = wbcGetSidAliases(&builtin, sids, 2, &rids, &num_rids);
 433         torture_assert_wbc_ok(tctx, ret, "wbcGetSidAliases failed");
 434
 435         wbcFreeMemory(rids);
 436
 437         return true;
 438 }
 439
 440 static bool test_wbc_authenticate_user_int(struct torture_context *tctx,
 441                                            const char *correct_password)
 442 {
 443         struct wbcAuthUserParams params;
 444         struct wbcAuthUserInfo *info = NULL;
 445         struct wbcAuthErrorInfo *error = NULL;
 446         wbcErr ret;
 447
 448         ret = wbcAuthenticateUser(getenv("USERNAME"), correct_password);
 449         torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
 450                                  "wbcAuthenticateUser failed");
 451
 452         ZERO_STRUCT(params);
 453         params.account_name             = getenv("USERNAME");
 454         params.level                    = WBC_AUTH_USER_LEVEL_PLAIN;
 455         params.password.plaintext       = correct_password;
 456
 457         ret = wbcAuthenticateUserEx(&params, &info, &error);
 458         torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
 459                                  "wbcAuthenticateUserEx failed");
 460         wbcFreeMemory(info);
 461         info = NULL;
 462
 463         wbcFreeMemory(error);
 464         error = NULL;
 465
 466         params.password.plaintext       = "wrong";
 467         ret = wbcAuthenticateUserEx(&params, &info, &error);
 468         torture_assert_wbc_equal(tctx, ret, WBC_ERR_AUTH_ERROR,
 469                                  "wbcAuthenticateUserEx succeeded where it "
 470                                  "should have failed");
 471         wbcFreeMemory(info);
 472         info = NULL;
 473
 474         wbcFreeMemory(error);
 475         error = NULL;
 476
 477         return true;
 478 }
 479
 480 static bool test_wbc_authenticate_user(struct torture_context *tctx)
 481 {
 482         return test_wbc_authenticate_user_int(tctx, getenv("PASSWORD"));
 483 }
 484
 485 static bool test_wbc_change_password(struct torture_context *tctx)
 486 {
 487         wbcErr ret;
 488         const char *oldpass = getenv("PASSWORD");
 489         const char *newpass = "Koo8irei";
 490
 491         struct samr_CryptPassword new_nt_password;
 492         struct samr_CryptPassword new_lm_password;
 493         struct samr_Password old_nt_hash_enc;
 494         struct samr_Password old_lanman_hash_enc;
 495
 496         uint8_t old_nt_hash[16];
 497         uint8_t old_lanman_hash[16];
 498         uint8_t new_nt_hash[16];
 499         uint8_t new_lanman_hash[16];
 500
 501         struct wbcChangePasswordParams params;
 502
 503         if (oldpass == NULL) {
 504                 torture_skip(tctx,
 505                         "skipping wbcChangeUserPassword test as old password cannot be retrieved\n");
 506         }
 507
 508         ZERO_STRUCT(params);
 509
 510         E_md4hash(oldpass, old_nt_hash);
 511         E_md4hash(newpass, new_nt_hash);
 512
 513         if (lpcfg_client_lanman_auth(tctx->lp_ctx) &&
 514             E_deshash(newpass, new_lanman_hash) &&
 515             E_deshash(oldpass, old_lanman_hash)) {
 516
 517                 /* E_deshash returns false for 'long' passwords (> 14
 518                    DOS chars).  This allows us to match Win2k, which
 519                    does not store a LM hash for these passwords (which
 520                    would reduce the effective password length to 14) */
 521
 522                 encode_pw_buffer(new_lm_password.data, newpass, STR_UNICODE);
 523                 arcfour_crypt(new_lm_password.data, old_nt_hash, 516);
 524                 E_old_pw_hash(new_nt_hash, old_lanman_hash,
 525                               old_lanman_hash_enc.hash);
 526
 527                 params.old_password.response.old_lm_hash_enc_length =
 528                         sizeof(old_lanman_hash_enc.hash);
 529                 params.old_password.response.old_lm_hash_enc_data =
 530                         old_lanman_hash_enc.hash;
 531                 params.new_password.response.lm_length =
 532                         sizeof(new_lm_password.data);
 533                 params.new_password.response.lm_data =
 534                         new_lm_password.data;
 535         } else {
 536                 ZERO_STRUCT(new_lm_password);
 537                 ZERO_STRUCT(old_lanman_hash_enc);
 538         }
 539
 540         encode_pw_buffer(new_nt_password.data, newpass, STR_UNICODE);
 541
 542         arcfour_crypt(new_nt_password.data, old_nt_hash, 516);
 543         E_old_pw_hash(new_nt_hash, old_nt_hash, old_nt_hash_enc.hash);
 544
 545         params.old_password.response.old_nt_hash_enc_length =
 546                 sizeof(old_nt_hash_enc.hash);
 547         params.old_password.response.old_nt_hash_enc_data =
 548                 old_nt_hash_enc.hash;
 549         params.new_password.response.nt_length = sizeof(new_nt_password.data);
 550         params.new_password.response.nt_data = new_nt_password.data;
 551
 552         params.level = WBC_CHANGE_PASSWORD_LEVEL_RESPONSE;
 553         params.account_name = getenv("USERNAME");
 554         params.domain_name = "SAMBA-TEST";
 555
 556         ret = wbcChangeUserPasswordEx(&params, NULL, NULL, NULL);
 557         torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
 558                                  "wbcChangeUserPassword failed");
 559
 560         if (!test_wbc_authenticate_user_int(tctx, "Koo8irei")) {
 561                 return false;
 562         }
 563
 564         ret = wbcChangeUserPassword(getenv("USERNAME"), "Koo8irei",
 565                                     getenv("PASSWORD"));
 566         torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
 567                                  "wbcChangeUserPassword failed");
 568
 569         return test_wbc_authenticate_user_int(tctx, getenv("PASSWORD"));
 570 }
 571
 572 static bool test_wbc_logon_user(struct torture_context *tctx)
 573 {
 574         struct wbcLogonUserParams params;
 575         struct wbcLogonUserInfo *info = NULL;
 576         struct wbcAuthErrorInfo *error = NULL;
 577         struct wbcUserPasswordPolicyInfo *policy = NULL;
 578         struct wbcInterfaceDetails *iface;
 579         struct wbcDomainSid sid;
 580         enum wbcSidType sidtype;
 581         char *sidstr;
 582         wbcErr ret;
 583
 584         ZERO_STRUCT(params);
 585
 586         ret = wbcLogonUser(&params, &info, &error, &policy);
 587         torture_assert_wbc_equal(tctx, ret, WBC_ERR_INVALID_PARAM,
 588                                  "wbcLogonUser succeeded where it should "
 589                                  "have failed");
 590
 591         params.username = getenv("USERNAME");
 592         params.password = getenv("PASSWORD");
 593
 594         ret = wbcAddNamedBlob(&params.num_blobs, &params.blobs,
 595                               "foo", 0, discard_const_p(uint8_t, "bar"), 4);
 596         torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
 597                                  "wbcAddNamedBlob failed");
 598
 599         ret = wbcLogonUser(&params, &info, &error, &policy);
 600         torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
 601                                  "wbcLogonUser failed");
 602         wbcFreeMemory(info); info = NULL;
 603         wbcFreeMemory(error); error = NULL;
 604         wbcFreeMemory(policy); policy = NULL;
 605
 606         params.password = "wrong";
 607
 608         ret = wbcLogonUser(&params, &info, &error, &policy);
 609         torture_assert_wbc_equal(tctx, ret, WBC_ERR_AUTH_ERROR,
 610                                  "wbcLogonUser should have failed with "
 611                                  "WBC_ERR_AUTH_ERROR");
 612         wbcFreeMemory(info); info = NULL;
 613         wbcFreeMemory(error); error = NULL;
 614         wbcFreeMemory(policy); policy = NULL;
 615
 616         ret = wbcAddNamedBlob(&params.num_blobs, &params.blobs,
 617                               "membership_of", 0,
 618                               discard_const_p(uint8_t, "S-1-2-3-4"),
 619                               strlen("S-1-2-3-4")+1);
 620         torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
 621                                  "wbcAddNamedBlob failed");
 622         params.password = getenv("PASSWORD");
 623         ret = wbcLogonUser(&params, &info, &error, &policy);
 624         torture_assert_wbc_equal(tctx, ret, WBC_ERR_AUTH_ERROR,
 625                                  "wbcLogonUser should have failed with "
 626                                  "WBC_ERR_AUTH_ERROR");
 627         wbcFreeMemory(info); info = NULL;
 628         wbcFreeMemory(error); error = NULL;
 629         wbcFreeMemory(policy); policy = NULL;
 630         wbcFreeMemory(params.blobs);
 631         params.blobs = NULL; params.num_blobs = 0;
 632
 633         ret = wbcInterfaceDetails(&iface);
 634         torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
 635                                  "wbcInterfaceDetails failed");
 636
 637         ret = wbcLookupName(iface->netbios_domain, getenv("USERNAME"), &sid,
 638                             &sidtype);
 639         wbcFreeMemory(iface);
 640         torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
 641                                  "wbcLookupName failed");
 642
 643         ret = wbcSidToString(&sid, &sidstr);
 644         torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
 645                                  "wbcSidToString failed");
 646
 647         ret = wbcAddNamedBlob(&params.num_blobs, &params.blobs,
 648                               "membership_of", 0,
 649                               (uint8_t *)sidstr, strlen(sidstr)+1);
 650         torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
 651                                  "wbcAddNamedBlob failed");
 652         wbcFreeMemory(sidstr);
 653         params.password = getenv("PASSWORD");
 654         ret = wbcLogonUser(&params, &info, &error, &policy);
 655         torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
 656                                  "wbcLogonUser failed");
 657         wbcFreeMemory(info); info = NULL;
 658         wbcFreeMemory(error); error = NULL;
 659         wbcFreeMemory(policy); policy = NULL;
 660         wbcFreeMemory(params.blobs);
 661         params.blobs = NULL; params.num_blobs = 0;
 662
 663         return true;
 664 }
 665
 666 static bool test_wbc_getgroups(struct torture_context *tctx)
 667 {
 668         wbcErr ret;
 669         uint32_t num_groups;
 670         gid_t *groups;
 671
 672         ret = wbcGetGroups(getenv("USERNAME"), &num_groups, &groups);
 673         torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
 674                                  "wbcGetGroups failed");
 675         wbcFreeMemory(groups);
 676         return true;
 677 }
 678
 679 struct torture_suite *torture_wbclient(void)
 680 {
 681         struct torture_suite *suite = torture_suite_create(talloc_autofree_context(), "wbclient");
 682
 683         torture_suite_add_simple_test(suite, "wbcPing", test_wbc_ping);
 684         torture_suite_add_simple_test(suite, "wbcPingDc", test_wbc_pingdc);
 685         torture_suite_add_simple_test(suite, "wbcLibraryDetails", test_wbc_library_details);
 686         torture_suite_add_simple_test(suite, "wbcInterfaceDetails", test_wbc_interface_details);
 687         torture_suite_add_simple_test(suite, "wbcSidTypeString", test_wbc_sidtypestring);
 688         torture_suite_add_simple_test(suite, "wbcSidToString", test_wbc_sidtostring);
 689         torture_suite_add_simple_test(suite, "wbcGuidToString", test_wbc_guidtostring);
 690         torture_suite_add_simple_test(suite, "wbcDomainInfo", test_wbc_domain_info);
 691         torture_suite_add_simple_test(suite, "wbcListUsers", test_wbc_users);
 692         torture_suite_add_simple_test(suite, "wbcListGroups", test_wbc_groups);
 693         torture_suite_add_simple_test(suite, "wbcListTrusts", test_wbc_trusts);
 694         torture_suite_add_simple_test(suite, "wbcLookupDomainController", test_wbc_lookupdc);
 695         torture_suite_add_simple_test(suite, "wbcLookupDomainControllerEx", test_wbc_lookupdcex);
 696         torture_suite_add_simple_test(suite, "wbcResolveWinsByName", test_wbc_resolve_winsbyname);
 697         torture_suite_add_simple_test(suite, "wbcResolveWinsByIP", test_wbc_resolve_winsbyip);
 698         torture_suite_add_simple_test(suite, "wbcLookupRids",
 699                                       test_wbc_lookup_rids);
 700         torture_suite_add_simple_test(suite, "wbcGetSidAliases",
 701                                       test_wbc_get_sidaliases);
 702         torture_suite_add_simple_test(suite, "wbcAuthenticateUser",
 703                                       test_wbc_authenticate_user);
 704         torture_suite_add_simple_test(suite, "wbcLogonUser",
 705                                       test_wbc_logon_user);
 706         torture_suite_add_simple_test(suite, "wbcChangeUserPassword",
 707                                       test_wbc_change_password);
 708         torture_suite_add_simple_test(suite, "wbcGetGroups",
 709                                       test_wbc_getgroups);
 710
 711         return suite;
 712 }