r5876: Add a test account for the duration of the samsync - to ensure we have

a good variety of things to test against.

Add code to testjoin to handle this just like test machine accounts

Soon I'll remove the 'must change password' flag, so we can do logins with it.

Andrew Bartlett
(This used to be commit 08b47e2dc067f7e4a52b982d358ff1b0209cc1df)

diff --git a/source4/torture/rpc/samsync.c b/source4/torture/rpc/samsync.c
index 35d36e9bf862864ec55b78b28f10627ff62bbc07..2f9b01ea10ce01fea19239d871c216e0d81aa914 100644 (file)
--- a/source4/torture/rpc/samsync.c
+++ b/source4/torture/rpc/samsync.c
@@ -31,6 +31,7 @@
 
 #define TEST_MACHINE_NAME "samsynctest"
 #define TEST_MACHINE_NAME2 "samsynctest2"
+#define TEST_USER_NAME "samsynctestuser"
 
 /*
   try a netlogon SamLogon
@@ -787,7 +788,7 @@ static BOOL samsync_handle_secret(TALLOC_CTX *mem_ctx, struct samsync_state *sam
 
                status = sess_decrypt_blob(mem_ctx, &lsa_blob1, &session_key, &lsa_blob_out);
                if (!NT_STATUS_IS_OK(status)) {
-                       printf("Failed to decrypt secrets OLD blob\n");
+                       printf("Failed to decrypt secrets OLD blob: %s\n", nt_errstr(status));
                        return False;
                }
 
@@ -1281,6 +1282,7 @@ BOOL torture_rpc_samsync(void)
        BOOL ret = True;
        struct test_join *join_ctx;
        struct test_join *join_ctx2;
+       struct test_join *user_ctx;
        const char *machine_password;
        const char *machine_password2;
        const char *binding = lp_parm_string(-1, "torture", "binding");
@@ -1312,6 +1314,14 @@ BOOL torture_rpc_samsync(void)
                return False;
        }
        
+       user_ctx = torture_create_testuser(TEST_USER_NAME,
+                                          lp_workgroup(),
+                                          ACB_NORMAL, NULL);
+       if (!user_ctx) {
+               printf("Failed to create test account\n");
+               return False;
+       }
+
        samsync_state = talloc_zero(mem_ctx, struct samsync_state);
 
        samsync_state->p_samr = torture_join_samr_pipe(join_ctx);
@@ -1469,6 +1479,7 @@ failed:
 
        torture_leave_domain(join_ctx);
        torture_leave_domain(join_ctx2);
+       torture_leave_domain(user_ctx);
 
        talloc_free(mem_ctx);
 

diff --git a/source4/torture/rpc/testjoin.c b/source4/torture/rpc/testjoin.c
index 3921afb074dc65492b6305409acfaddbd95bb179..891bbcaf10fed158cbc155b1e0daa7ff9d4be653 100644 (file)
--- a/source4/torture/rpc/testjoin.c
+++ b/source4/torture/rpc/testjoin.c
@@ -27,10 +27,10 @@
 
 #include "includes.h"
 #include "librpc/gen_ndr/ndr_samr.h"
+#include "system/time.h"
 
 struct test_join {
        struct dcerpc_pipe *p;
-       const char *machine_password;
        struct policy_handle user_handle;
 };
 
@@ -81,14 +81,15 @@ static NTSTATUS DeleteUser_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
 }
 
 /*
-  join the domain as a test machine
+  create a test user in the domain
   an opaque pointer is returned. Pass it to torture_leave_domain() 
   when finished
 */
-struct test_join *torture_join_domain(const char *machine_name, 
-                                     const char *domain,
-                                     uint16_t acct_flags,
-                                     const char **machine_password)
+
+struct test_join *torture_create_testuser(const char *username, 
+                                         const char *domain,
+                                         uint16_t acct_type,
+                                         const char **random_password)
 {
        NTSTATUS status;
        struct samr_Connect c;
@@ -104,8 +105,12 @@ struct test_join *torture_join_domain(const char *machine_name,
        uint32_t rid;
        DATA_BLOB session_key;
        struct samr_String name;
+       struct samr_String comment;
+       struct samr_String full_name;
+       
        int policy_min_pw_len = 0;
        struct test_join *join;
+       char *random_pw;
 
        join = talloc(NULL, struct test_join);
        if (join == NULL) {
@@ -161,13 +166,13 @@ struct test_join *torture_join_domain(const char *machine_name,
                goto failed;
        }
 
-       printf("Creating machine account %s\n", machine_name);
+       printf("Creating account %s\n", username);
 
 again:
-       name.string = talloc_asprintf(join, "%s$", machine_name);
+       name.string = username;
        r.in.domain_handle = &domain_handle;
        r.in.account_name = &name;
-       r.in.acct_flags = acct_flags;
+       r.in.acct_flags = acct_type;
        r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
        r.out.user_handle = &join->user_handle;
        r.out.access_granted = &access_granted;
@@ -194,16 +199,16 @@ again:
                policy_min_pw_len = pwp.out.info.min_password_length;
        }
 
-       join->machine_password = generate_random_str(join, MAX(8, policy_min_pw_len));
+       random_pw = generate_random_str(join, MAX(8, policy_min_pw_len));
 
-       printf("Setting machine account password '%s'\n", join->machine_password);
+       printf("Setting account password '%s'\n", random_pw);
 
        s.in.user_handle = &join->user_handle;
        s.in.info = &u;
        s.in.level = 24;
 
-       encode_pw_buffer(u.info24.password.data, join->machine_password, STR_UNICODE);
-       u.info24.pw_len = strlen(join->machine_password);
+       encode_pw_buffer(u.info24.password.data, random_pw, STR_UNICODE);
+       u.info24.pw_len = strlen(random_pw);
 
        status = dcerpc_fetch_session_key(join->p, &session_key);
        if (!NT_STATUS_IS_OK(status)) {
@@ -221,13 +226,23 @@ again:
                goto failed;
        }
 
+       ZERO_STRUCT(u);
        s.in.user_handle = &join->user_handle;
        s.in.info = &u;
-       s.in.level = 16;
+       s.in.level = 21;
 
-       u.info16.acct_flags = acct_flags;
+       u.info21.acct_flags = acct_type;
+       u.info21.fields_present = SAMR_FIELD_ACCT_FLAGS | SAMR_FIELD_COMMENT | SAMR_FIELD_FULL_NAME;
+       comment.string = talloc_asprintf(join, 
+                                        "Tortured by Samba4: %s", 
+                                        timestring(join, time(NULL)));
+       u.info21.comment = comment;
+       full_name.string = talloc_asprintf(join, 
+                                        "Torture account for Samba4: %s", 
+                                        timestring(join, time(NULL)));
+       u.info21.full_name = full_name;
 
-       printf("Resetting ACB flags\n");
+       printf("Resetting ACB flags, force pw change time\n");
 
        status = dcerpc_samr_SetUserInfo(join->p, join, &s);
        if (!NT_STATUS_IS_OK(status)) {
@@ -235,8 +250,8 @@ again:
                goto failed;
        }
 
-       if (machine_password) {
-               *machine_password = join->machine_password;
+       if (random_password) {
+               *random_password = random_pw;
        }
 
        return join;
@@ -246,11 +261,28 @@ failed:
        return NULL;
 }
 
+
+struct test_join *torture_join_domain(const char *machine_name, 
+                                     const char *domain,
+                                     uint16_t acct_flags,
+                                     const char **machine_password)
+{
+       char *username = talloc_asprintf(NULL, "%s$", machine_name);
+       struct test_join *tj = torture_create_testuser(username, domain, acct_flags, machine_password);
+       talloc_free(username);
+       return tj;
+}
+
 struct dcerpc_pipe *torture_join_samr_pipe(struct test_join *join) 
 {
        return join->p;
 }
 
+struct policy_handle *torture_join_samr_user_policy(struct test_join *join) 
+{
+       return &join->user_handle;
+}
+
 /*
   leave the domain, deleting the machine acct
 */