diff options
author | Andrew Tridgell <tridge@samba.org> | 2004-04-19 05:48:03 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:51:19 -0500 |
commit | 8fce9e3c549bcf1433119333ddbbf0a3dc4af8d9 (patch) | |
tree | 47f7cbbc59bbd5f65d50e5d14321cd4f82c4d30c /source4/torture/rpc | |
parent | 6de32ddc2dbfe0685f361ed1a0dc11dff8ca19e5 (diff) | |
download | samba-8fce9e3c549bcf1433119333ddbbf0a3dc4af8d9.tar.gz samba-8fce9e3c549bcf1433119333ddbbf0a3dc4af8d9.tar.bz2 samba-8fce9e3c549bcf1433119333ddbbf0a3dc4af8d9.zip |
r275: added IDL and test code for samr_QueryDisplayInfo3(),
samr_AddMultipleMembersToAlias(),
samr_RemoveMultipleMembersFromAlias(), samr_OemChangePasswordUser2(),
and samr_ChangePasswordUser2()
The password change functions don't actually work yet (but should
soon). At this stage I have just completed the IDL for them. Next step
is to get the hash verifiers right and the torture test should be able
to do password changes.
(This used to be commit 849d0d314a2add80f2b2be6b503fea05973f998e)
Diffstat (limited to 'source4/torture/rpc')
-rw-r--r-- | source4/torture/rpc/autoidl.c | 91 | ||||
-rw-r--r-- | source4/torture/rpc/samr.c | 171 |
2 files changed, 248 insertions, 14 deletions
diff --git a/source4/torture/rpc/autoidl.c b/source4/torture/rpc/autoidl.c index 5f89970d17..31359b4baf 100644 --- a/source4/torture/rpc/autoidl.c +++ b/source4/torture/rpc/autoidl.c @@ -74,9 +74,56 @@ static void reopen(struct dcerpc_pipe **p, const struct dcerpc_interface_table * } } +static void print_depth(int depth) +{ + int i; + for (i=0;i<depth;i++) { + printf(" "); + } +} static void test_ptr_scan(TALLOC_CTX *mem_ctx, const struct dcerpc_interface_table *iface, - int opnum, int min_in) + int opnum, DATA_BLOB *base_in, int min_ofs, int max_ofs, int depth); + +static void try_expand(TALLOC_CTX *mem_ctx, const struct dcerpc_interface_table *iface, + int opnum, DATA_BLOB *base_in, int insert_ofs, int depth) +{ + DATA_BLOB stub_in, stub_out; + int n; + NTSTATUS status; + struct dcerpc_pipe *p = NULL; + + reopen(&p, iface); + + /* work out how much to expand to get a non fault */ + for (n=0;n<2000;n++) { + stub_in = data_blob(NULL, base_in->length + n); + data_blob_clear(&stub_in); + memcpy(stub_in.data, base_in->data, insert_ofs); + memcpy(stub_in.data+insert_ofs+n, base_in->data+insert_ofs, base_in->length-insert_ofs); + + status = dcerpc_request(p, opnum, mem_ctx, &stub_in, &stub_out); + + if (!NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) { + print_depth(depth); + printf("expand by %d gives %s\n", n, nt_errstr(status)); + if (n >= 4) { + test_ptr_scan(mem_ctx, iface, opnum, &stub_in, + insert_ofs, insert_ofs+n, depth+1); + } + return; + } + if (p->last_fault_code == 5) { + reopen(&p, iface); + } + } + + dcerpc_pipe_close(p); +} + + +static void test_ptr_scan(TALLOC_CTX *mem_ctx, const struct dcerpc_interface_table *iface, + int opnum, DATA_BLOB *base_in, int min_ofs, int max_ofs, int depth) { DATA_BLOB stub_in, stub_out; int ofs; @@ -85,24 +132,30 @@ static void test_ptr_scan(TALLOC_CTX *mem_ctx, const struct dcerpc_interface_tab reopen(&p, iface); - stub_in = data_blob(NULL, min_in); - data_blob_clear(&stub_in); + stub_in = data_blob(NULL, base_in->length); + memcpy(stub_in.data, base_in->data, base_in->length); - /* work out the minimum amount of input data */ - for (ofs=0;ofs<min_in;ofs+=4) { + /* work out which elements are pointers */ + for (ofs=min_ofs;ofs<=max_ofs-4;ofs+=4) { SIVAL(stub_in.data, ofs, 1); status = dcerpc_request(p, opnum, mem_ctx, &stub_in, &stub_out); - SIVAL(stub_in.data, ofs, 0); if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) { - printf("opnum %d ofs %d size %d fault 0x%08x\n", - opnum, ofs, min_in, p->last_fault_code); + print_depth(depth); + printf("possible ptr at ofs %d - fault 0x%08x\n", + ofs-min_ofs, p->last_fault_code); if (p->last_fault_code == 5) { reopen(&p, iface); } + if (depth == 0) { + try_expand(mem_ctx, iface, opnum, &stub_in, ofs+4, depth+1); + } else { + try_expand(mem_ctx, iface, opnum, &stub_in, max_ofs, depth+1); + } + SIVAL(stub_in.data, ofs, 0); continue; } - printf("opnum %d ofs %d error %s\n", opnum, ofs, nt_errstr(status)); + SIVAL(stub_in.data, ofs, 0); } dcerpc_pipe_close(p); @@ -126,9 +179,6 @@ static void test_scan_call(TALLOC_CTX *mem_ctx, const struct dcerpc_interface_ta stub_in = data_blob(NULL, i); data_blob_clear(&stub_in); -#if 1 - fill_blob_handle(&stub_in, mem_ctx, &handle); -#endif status = dcerpc_request(p, opnum, mem_ctx, &stub_in, &stub_out); @@ -137,7 +187,20 @@ static void test_scan_call(TALLOC_CTX *mem_ctx, const struct dcerpc_interface_ta opnum, stub_in.length, stub_out.length); dump_data(0, stub_out.data, stub_out.length); dcerpc_pipe_close(p); - test_ptr_scan(mem_ctx, iface, opnum, stub_in.length); + test_ptr_scan(mem_ctx, iface, opnum, &stub_in, 0, stub_in.length, 0); + return; + } + + fill_blob_handle(&stub_in, mem_ctx, &handle); + + status = dcerpc_request(p, opnum, mem_ctx, &stub_in, &stub_out); + + if (NT_STATUS_IS_OK(status)) { + printf("opnum %d min_input %d - output %d (with handle)\n", + opnum, stub_in.length, stub_out.length); + dump_data(0, stub_out.data, stub_out.length); + dcerpc_pipe_close(p); + test_ptr_scan(mem_ctx, iface, opnum, &stub_in, 0, stub_in.length, 0); return; } @@ -159,7 +222,7 @@ static void test_scan_call(TALLOC_CTX *mem_ctx, const struct dcerpc_interface_ta static void test_auto_scan(TALLOC_CTX *mem_ctx, const struct dcerpc_interface_table *iface) { - test_scan_call(mem_ctx, iface, 0x26); + test_scan_call(mem_ctx, iface, 0x37); } BOOL torture_rpc_autoidl(int dummy) diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index a098fbd9ca..2a48a6c584 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -421,6 +421,76 @@ static BOOL test_ChangePasswordUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, } +static BOOL test_OemChangePasswordUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, + struct policy_handle *handle) +{ + NTSTATUS status; + struct samr_OemChangePasswordUser2 r; + BOOL ret = True; + struct samr_Hash hash; + struct samr_CryptPassword pass; + struct samr_AsciiName server, account; + + printf("Testing OemChangePasswordUser2\n"); + + ZERO_STRUCT(hash); + ZERO_STRUCT(pass); + + server.name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p)); + account.name = TEST_USERNAME; + + r.in.server = &server; + r.in.account = &account; + r.in.password = &pass; + r.in.hash = &hash; + + status = dcerpc_samr_OemChangePasswordUser2(p, mem_ctx, &r); + if (!NT_STATUS_IS_OK(status)) { + printf("OemChangePasswordUser2 failed - %s\n", nt_errstr(status)); + ret = False; + } + + return ret; +} + +static BOOL test_ChangePasswordUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, + struct policy_handle *handle) +{ + NTSTATUS status; + struct samr_ChangePasswordUser2 r; + BOOL ret = True; + struct samr_Name server, account; + struct samr_CryptPassword nt_pass, lm_pass; + struct samr_Hash nt_verifier, lm_verifier; + + printf("Testing ChangePasswordUser2\n"); + + server.name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p)); + init_samr_Name(&account, TEST_USERNAME); + + ZERO_STRUCT(nt_pass); + ZERO_STRUCT(lm_pass); + ZERO_STRUCT(nt_verifier); + ZERO_STRUCT(lm_verifier); + + r.in.server = &server; + r.in.account = &account; + r.in.nt_password = &nt_pass; + r.in.nt_verifier = &nt_verifier; + r.in.lm_change = 1; + r.in.lm_password = &lm_pass; + r.in.lm_verifier = &lm_verifier; + + status = dcerpc_samr_ChangePasswordUser2(p, mem_ctx, &r); + if (!NT_STATUS_IS_OK(status)) { + printf("ChangePasswordUser2 failed - %s\n", nt_errstr(status)); + ret = False; + } + + return ret; +} + + static BOOL test_GetMembersInAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *alias_handle) { @@ -479,6 +549,62 @@ static BOOL test_AddMemberToAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, return ret; } +static BOOL test_AddMultipleMembersToAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, + struct policy_handle *alias_handle) +{ + struct samr_AddMultipleMembersToAlias a; + struct samr_RemoveMultipleMembersFromAlias r; + NTSTATUS status; + BOOL ret = True; + struct lsa_SidArray sids; + + printf("testing AddMultipleMembersToAlias\n"); + a.in.handle = alias_handle; + a.in.sids = &sids; + + sids.num_sids = 3; + sids.sids = talloc_array_p(mem_ctx, struct lsa_SidPtr, 3); + + sids.sids[0].sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-1-2-3-1"); + sids.sids[1].sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-1-2-3-2"); + sids.sids[2].sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-1-2-3-3"); + + status = dcerpc_samr_AddMultipleMembersToAlias(p, mem_ctx, &a); + if (!NT_STATUS_IS_OK(status)) { + printf("AddMultipleMembersToAlias failed - %s\n", nt_errstr(status)); + ret = False; + } + + + printf("testing RemoveMultipleMembersFromAlias\n"); + r.in.handle = alias_handle; + r.in.sids = &sids; + + status = dcerpc_samr_RemoveMultipleMembersFromAlias(p, mem_ctx, &r); + if (!NT_STATUS_IS_OK(status)) { + printf("RemoveMultipleMembersFromAlias failed - %s\n", nt_errstr(status)); + ret = False; + } + + /* strange! removing twice doesn't give any error */ + status = dcerpc_samr_RemoveMultipleMembersFromAlias(p, mem_ctx, &r); + if (!NT_STATUS_IS_OK(status)) { + printf("RemoveMultipleMembersFromAlias failed - %s\n", nt_errstr(status)); + ret = False; + } + + /* but removing an alias that isn't there does */ + sids.sids[2].sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-1-2-3-4"); + + status = dcerpc_samr_RemoveMultipleMembersFromAlias(p, mem_ctx, &r); + if (!NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_NOT_FOUND, status)) { + printf("RemoveMultipleMembersFromAlias failed - %s\n", nt_errstr(status)); + ret = False; + } + + return ret; +} + static BOOL test_TestPrivateFunctionsUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *user_handle) { @@ -556,6 +682,10 @@ static BOOL test_alias_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, ret = False; } + if (!test_AddMultipleMembersToAlias(p, mem_ctx, alias_handle)) { + ret = False; + } + return ret; } @@ -800,6 +930,14 @@ static BOOL test_CreateUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, ret = False; } + if (!test_OemChangePasswordUser2(p, mem_ctx, domain_handle)) { + ret = False; + } + + if (!test_ChangePasswordUser2(p, mem_ctx, domain_handle)) { + ret = False; + } + if (!test_user_ops(p, mem_ctx, user_handle)) { ret = False; } @@ -1461,6 +1599,35 @@ static BOOL test_QueryDisplayInfo2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, return ret; } +static BOOL test_QueryDisplayInfo3(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, + struct policy_handle *handle) +{ + NTSTATUS status; + struct samr_QueryDisplayInfo3 r; + BOOL ret = True; + uint16 levels[] = {1, 2, 3, 4, 5}; + int i; + + for (i=0;i<ARRAY_SIZE(levels);i++) { + printf("Testing QueryDisplayInfo3 level %u\n", levels[i]); + + r.in.handle = handle; + r.in.level = levels[i]; + r.in.start_idx = 0; + r.in.max_entries = 1000; + r.in.buf_size = (uint32)-1; + + status = dcerpc_samr_QueryDisplayInfo3(p, mem_ctx, &r); + if (!NT_STATUS_IS_OK(status)) { + printf("QueryDisplayInfo3 level %u failed - %s\n", + levels[i], nt_errstr(status)); + ret = False; + } + } + + return ret; +} + static BOOL test_QueryDomainInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *handle) { @@ -1920,6 +2087,10 @@ static BOOL test_OpenDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, ret = False; } + if (!test_QueryDisplayInfo3(p, mem_ctx, &domain_handle)) { + ret = False; + } + if (!test_GetDisplayEnumerationIndex(p, mem_ctx, &domain_handle)) { ret = False; } |