r275: added IDL and test code for samr_QueryDisplayInfo3(),

samr_AddMultipleMembersToAlias(), samr_RemoveMultipleMembersFromAlias(), samr_OemChangePasswordUser2(), and samr_ChangePasswordUser2() The password change functions don't actually work yet (but should soon). At this stage I have just completed the IDL for them. Next step is to get the hash verifiers right and the torture test should be able to do password changes. (This used to be commit 849d0d314a2add80f2b2be6b503fea05973f998e)
author: Andrew Tridgell <tridge@samba.org> 2004-04-19 05:48:03 +0000
committer: Gerald (Jerry) Carter <jerry@samba.org> 2007-10-10 12:51:19 -0500
commit: 8fce9e3c549bcf1433119333ddbbf0a3dc4af8d9 (patch)
tree: 47f7cbbc59bbd5f65d50e5d14321cd4f82c4d30c /source4/torture/rpc
parent: 6de32ddc2dbfe0685f361ed1a0dc11dff8ca19e5 (diff)
download: samba-8fce9e3c549bcf1433119333ddbbf0a3dc4af8d9.tar.gz
samba-8fce9e3c549bcf1433119333ddbbf0a3dc4af8d9.tar.bz2
samba-8fce9e3c549bcf1433119333ddbbf0a3dc4af8d9.zip
2 files changed, 248 insertions, 14 deletions
diff --git a/source4/torture/rpc/autoidl.c b/source4/torture/rpc/autoidl.c
index 5f89970d17..31359b4baf 100644
--- a/source4/torture/rpc/autoidl.c
+++ b/source4/torture/rpc/autoidl.c
@@ -74,9 +74,56 @@ static void reopen(struct dcerpc_pipe **p, const struct dcerpc_interface_table *
 	}
 }
 
+static void print_depth(int depth)
+{
+	int i;
+	for (i=0;i<depth;i++) {
+		printf("    ");
+	}
+}
 
 static void test_ptr_scan(TALLOC_CTX *mem_ctx, const struct dcerpc_interface_table *iface, 
-			  int opnum, int min_in)
+			  int opnum, DATA_BLOB *base_in, int min_ofs, int max_ofs, int depth);
+
+static void try_expand(TALLOC_CTX *mem_ctx, const struct dcerpc_interface_table *iface, 
+		       int opnum, DATA_BLOB *base_in, int insert_ofs, int depth)
+{
+	DATA_BLOB stub_in, stub_out;
+	int n;
+	NTSTATUS status;
+	struct dcerpc_pipe *p = NULL;
+
+	reopen(&p, iface);
+
+	/* work out how much to expand to get a non fault */
+	for (n=0;n<2000;n++) {
+		stub_in = data_blob(NULL, base_in->length + n);
+		data_blob_clear(&stub_in);
+		memcpy(stub_in.data, base_in->data, insert_ofs);
+		memcpy(stub_in.data+insert_ofs+n, base_in->data+insert_ofs, base_in->length-insert_ofs);
+
+		status = dcerpc_request(p, opnum, mem_ctx, &stub_in, &stub_out);
+
+		if (!NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
+			print_depth(depth);
+			printf("expand by %d gives %s\n", n, nt_errstr(status));
+			if (n >= 4) {
+				test_ptr_scan(mem_ctx, iface, opnum, &stub_in, 
+					      insert_ofs, insert_ofs+n, depth+1);
+			}
+			return;
+		}
+		if (p->last_fault_code == 5) {
+			reopen(&p, iface);
+		}
+	}
+
+	dcerpc_pipe_close(p);	
+}
+
+
+static void test_ptr_scan(TALLOC_CTX *mem_ctx, const struct dcerpc_interface_table *iface, 
+			  int opnum, DATA_BLOB *base_in, int min_ofs, int max_ofs, int depth)
 {
 	DATA_BLOB stub_in, stub_out;
 	int ofs;
@@ -85,24 +132,30 @@ static void test_ptr_scan(TALLOC_CTX *mem_ctx, const struct dcerpc_interface_tab
 
 	reopen(&p, iface);
 
-	stub_in = data_blob(NULL, min_in);
-	data_blob_clear(&stub_in);
+	stub_in = data_blob(NULL, base_in->length);
+	memcpy(stub_in.data, base_in->data, base_in->length);
 
-	/* work out the minimum amount of input data */
-	for (ofs=0;ofs<min_in;ofs+=4) {
+	/* work out which elements are pointers */
+	for (ofs=min_ofs;ofs<=max_ofs-4;ofs+=4) {
 		SIVAL(stub_in.data, ofs, 1);
 		status = dcerpc_request(p, opnum, mem_ctx, &stub_in, &stub_out);
-		SIVAL(stub_in.data, ofs, 0);
 
 		if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
-			printf("opnum %d ofs %d size %d fault 0x%08x\n", 
-			       opnum, ofs, min_in, p->last_fault_code);
+			print_depth(depth);
+			printf("possible ptr at ofs %d - fault 0x%08x\n", 
+			       ofs-min_ofs, p->last_fault_code);
 			if (p->last_fault_code == 5) {
 				reopen(&p, iface);
 			}
+			if (depth == 0) {
+				try_expand(mem_ctx, iface, opnum, &stub_in, ofs+4, depth+1);
+			} else {
+				try_expand(mem_ctx, iface, opnum, &stub_in, max_ofs, depth+1);
+			}
+			SIVAL(stub_in.data, ofs, 0);
 			continue;
 		}
-		printf("opnum %d  ofs %d error %s\n", opnum, ofs, nt_errstr(status));
+		SIVAL(stub_in.data, ofs, 0);
 	}
 
 	dcerpc_pipe_close(p);	
@@ -126,9 +179,6 @@ static void test_scan_call(TALLOC_CTX *mem_ctx, const struct dcerpc_interface_ta
 		stub_in = data_blob(NULL, i);
 		data_blob_clear(&stub_in);
 
-#if 1
-		fill_blob_handle(&stub_in, mem_ctx, &handle);
-#endif
 
 		status = dcerpc_request(p, opnum, mem_ctx, &stub_in, &stub_out);
 
@@ -137,7 +187,20 @@ static void test_scan_call(TALLOC_CTX *mem_ctx, const struct dcerpc_interface_ta
 			       opnum, stub_in.length, stub_out.length);
 			dump_data(0, stub_out.data, stub_out.length);
 			dcerpc_pipe_close(p);
-			test_ptr_scan(mem_ctx, iface, opnum, stub_in.length);
+			test_ptr_scan(mem_ctx, iface, opnum, &stub_in, 0, stub_in.length, 0);
+			return;
+		}
+
+		fill_blob_handle(&stub_in, mem_ctx, &handle);
+
+		status = dcerpc_request(p, opnum, mem_ctx, &stub_in, &stub_out);
+
+		if (NT_STATUS_IS_OK(status)) {
+			printf("opnum %d   min_input %d - output %d (with handle)\n", 
+			       opnum, stub_in.length, stub_out.length);
+			dump_data(0, stub_out.data, stub_out.length);
+			dcerpc_pipe_close(p);
+			test_ptr_scan(mem_ctx, iface, opnum, &stub_in, 0, stub_in.length, 0);
 			return;
 		}
 
@@ -159,7 +222,7 @@ static void test_scan_call(TALLOC_CTX *mem_ctx, const struct dcerpc_interface_ta
 
 static void test_auto_scan(TALLOC_CTX *mem_ctx, const struct dcerpc_interface_table *iface)
 {
-	test_scan_call(mem_ctx, iface, 0x26);
+	test_scan_call(mem_ctx, iface, 0x37);
 }
 
 BOOL torture_rpc_autoidl(int dummy)
diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
index a098fbd9ca..2a48a6c584 100644
--- a/source4/torture/rpc/samr.c
+++ b/source4/torture/rpc/samr.c
@@ -421,6 +421,76 @@ static BOOL test_ChangePasswordUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
 }
 
 
+static BOOL test_OemChangePasswordUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, 
+					struct policy_handle *handle)
+{
+	NTSTATUS status;
+	struct samr_OemChangePasswordUser2 r;
+	BOOL ret = True;
+	struct samr_Hash hash;
+	struct samr_CryptPassword pass;
+	struct samr_AsciiName server, account;
+
+	printf("Testing OemChangePasswordUser2\n");
+
+	ZERO_STRUCT(hash);
+	ZERO_STRUCT(pass);
+
+	server.name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
+	account.name = TEST_USERNAME;
+
+	r.in.server = &server;
+	r.in.account = &account;
+	r.in.password = &pass;
+	r.in.hash = &hash;
+
+	status = dcerpc_samr_OemChangePasswordUser2(p, mem_ctx, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("OemChangePasswordUser2 failed - %s\n", nt_errstr(status));
+		ret = False;
+	}
+
+	return ret;
+}
+
+static BOOL test_ChangePasswordUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, 
+				     struct policy_handle *handle)
+{
+	NTSTATUS status;
+	struct samr_ChangePasswordUser2 r;
+	BOOL ret = True;
+	struct samr_Name server, account;
+	struct samr_CryptPassword nt_pass, lm_pass;
+	struct samr_Hash nt_verifier, lm_verifier;
+
+	printf("Testing ChangePasswordUser2\n");
+
+	server.name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
+	init_samr_Name(&account, TEST_USERNAME);
+
+	ZERO_STRUCT(nt_pass);
+	ZERO_STRUCT(lm_pass);
+	ZERO_STRUCT(nt_verifier);
+	ZERO_STRUCT(lm_verifier);
+	
+	r.in.server = &server;
+	r.in.account = &account;
+	r.in.nt_password = &nt_pass;
+	r.in.nt_verifier = &nt_verifier;
+	r.in.lm_change = 1;
+	r.in.lm_password = &lm_pass;
+	r.in.lm_verifier = &lm_verifier;
+
+	status = dcerpc_samr_ChangePasswordUser2(p, mem_ctx, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("ChangePasswordUser2 failed - %s\n", nt_errstr(status));
+		ret = False;
+	}
+
+	return ret;
+}
+
+
 static BOOL test_GetMembersInAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
 				  struct policy_handle *alias_handle)
 {
@@ -479,6 +549,62 @@ static BOOL test_AddMemberToAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
 	return ret;
 }
 
+static BOOL test_AddMultipleMembersToAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+					   struct policy_handle *alias_handle)
+{
+	struct samr_AddMultipleMembersToAlias a;
+	struct samr_RemoveMultipleMembersFromAlias r;
+	NTSTATUS status;
+	BOOL ret = True;
+	struct lsa_SidArray sids;
+
+	printf("testing AddMultipleMembersToAlias\n");
+	a.in.handle = alias_handle;
+	a.in.sids = &sids;
+
+	sids.num_sids = 3;
+	sids.sids = talloc_array_p(mem_ctx, struct lsa_SidPtr, 3);
+
+	sids.sids[0].sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-1-2-3-1");
+	sids.sids[1].sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-1-2-3-2");
+	sids.sids[2].sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-1-2-3-3");
+
+	status = dcerpc_samr_AddMultipleMembersToAlias(p, mem_ctx, &a);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("AddMultipleMembersToAlias failed - %s\n", nt_errstr(status));
+		ret = False;
+	}
+
+
+	printf("testing RemoveMultipleMembersFromAlias\n");
+	r.in.handle = alias_handle;
+	r.in.sids = &sids;
+
+	status = dcerpc_samr_RemoveMultipleMembersFromAlias(p, mem_ctx, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("RemoveMultipleMembersFromAlias failed - %s\n", nt_errstr(status));
+		ret = False;
+	}
+
+	/* strange! removing twice doesn't give any error */
+	status = dcerpc_samr_RemoveMultipleMembersFromAlias(p, mem_ctx, &r);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("RemoveMultipleMembersFromAlias failed - %s\n", nt_errstr(status));
+		ret = False;
+	}
+
+	/* but removing an alias that isn't there does */
+	sids.sids[2].sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-1-2-3-4");
+
+	status = dcerpc_samr_RemoveMultipleMembersFromAlias(p, mem_ctx, &r);
+	if (!NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_NOT_FOUND, status)) {
+		printf("RemoveMultipleMembersFromAlias failed - %s\n", nt_errstr(status));
+		ret = False;
+	}
+
+	return ret;
+}
+
 static BOOL test_TestPrivateFunctionsUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
 					    struct policy_handle *user_handle)
 {
@@ -556,6 +682,10 @@ static BOOL test_alias_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
 		ret = False;
 	}
 
+	if (!test_AddMultipleMembersToAlias(p, mem_ctx, alias_handle)) {
+		ret = False;
+	}
+
 	return ret;
 }
 
@@ -800,6 +930,14 @@ static BOOL test_CreateUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
 		ret = False;
 	}
 
+	if (!test_OemChangePasswordUser2(p, mem_ctx, domain_handle)) {
+		ret = False;
+	}
+
+	if (!test_ChangePasswordUser2(p, mem_ctx, domain_handle)) {
+		ret = False;
+	}
+
 	if (!test_user_ops(p, mem_ctx, user_handle)) {
 		ret = False;
 	}
@@ -1461,6 +1599,35 @@ static BOOL test_QueryDisplayInfo2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
 	return ret;	
 }
 
+static BOOL test_QueryDisplayInfo3(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, 
+				  struct policy_handle *handle)
+{
+	NTSTATUS status;
+	struct samr_QueryDisplayInfo3 r;
+	BOOL ret = True;
+	uint16 levels[] = {1, 2, 3, 4, 5};
+	int i;
+
+	for (i=0;i<ARRAY_SIZE(levels);i++) {
+		printf("Testing QueryDisplayInfo3 level %u\n", levels[i]);
+
+		r.in.handle = handle;
+		r.in.level = levels[i];
+		r.in.start_idx = 0;
+		r.in.max_entries = 1000;
+		r.in.buf_size = (uint32)-1;
+
+		status = dcerpc_samr_QueryDisplayInfo3(p, mem_ctx, &r);
+		if (!NT_STATUS_IS_OK(status)) {
+			printf("QueryDisplayInfo3 level %u failed - %s\n", 
+			       levels[i], nt_errstr(status));
+			ret = False;
+		}
+	}
+	
+	return ret;	
+}
+
 static BOOL test_QueryDomainInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, 
 				 struct policy_handle *handle)
 {
@@ -1920,6 +2087,10 @@ static BOOL test_OpenDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
 		ret = False;
 	}
 
+	if (!test_QueryDisplayInfo3(p, mem_ctx, &domain_handle)) {
+		ret = False;
+	}
+
 	if (!test_GetDisplayEnumerationIndex(p, mem_ctx, &domain_handle)) {
 		ret = False;
 	}
author	Andrew Tridgell <tridge@samba.org>	2004-04-19 05:48:03 +0000
committer	Gerald (Jerry) Carter <jerry@samba.org>	2007-10-10 12:51:19 -0500
commit	8fce9e3c549bcf1433119333ddbbf0a3dc4af8d9 (patch)
tree	47f7cbbc59bbd5f65d50e5d14321cd4f82c4d30c /source4/torture/rpc
parent	6de32ddc2dbfe0685f361ed1a0dc11dff8ca19e5 (diff)
download	samba-8fce9e3c549bcf1433119333ddbbf0a3dc4af8d9.tar.gz samba-8fce9e3c549bcf1433119333ddbbf0a3dc4af8d9.tar.bz2 samba-8fce9e3c549bcf1433119333ddbbf0a3dc4af8d9.zip