summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2003-12-03 03:10:10 +0000
committerAndrew Bartlett <abartlet@samba.org>2003-12-03 03:10:10 +0000
commitec92e2f9a2b9966c052621026b0763f42b6bd6a7 (patch)
treefb903155d9b51384d584f1a4f0aed5f1dc99d917 /source4
parentea507ee6059215b9605443ba3e9405089207e9e8 (diff)
downloadsamba-ec92e2f9a2b9966c052621026b0763f42b6bd6a7.tar.gz
samba-ec92e2f9a2b9966c052621026b0763f42b6bd6a7.tar.bz2
samba-ec92e2f9a2b9966c052621026b0763f42b6bd6a7.zip
My first stab at Samba4 IDL!
This patch adds the samr_CreateUser2 function, which is create_user in Samba 3.0. This also adds a torture suite that checks for various valid and invalid account flags, and that they are persistant. Also, a patch by Anthony Liguori to fix the build Andrew Bartlett (This used to be commit 53e657b74572ab329d4598a85e6989547c324209)
Diffstat (limited to 'source4')
-rw-r--r--source4/librpc/idl/samr.idl12
-rw-r--r--source4/torture/rpc/samr.c142
2 files changed, 150 insertions, 4 deletions
diff --git a/source4/librpc/idl/samr.idl b/source4/librpc/idl/samr.idl
index e690e7b616..ec6d2f8d67 100644
--- a/source4/librpc/idl/samr.idl
+++ b/source4/librpc/idl/samr.idl
@@ -767,7 +767,17 @@
/************************/
/* Function 0x32 */
- NTSTATUS samr_CREATE_USER2_IN_DOMAIN();
+ NTSTATUS samr_CreateUser2(
+ /************************/
+ [in,ref] policy_handle *handle,
+ [in,ref] samr_Name *username,
+ [in] uint32 acct_flags,
+ [in] uint32 access_mask,
+ [out,ref] policy_handle *acct_handle,
+ [out,ref] uint32 *access_granted,
+ [out,ref] uint32 *rid
+ );
+
/************************/
/* Function 0x33 */
diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
index 45a0c4f02d..7ccdc321ce 100644
--- a/source4/torture/rpc/samr.c
+++ b/source4/torture/rpc/samr.c
@@ -3,6 +3,7 @@
test suite for samr rpc operations
Copyright (C) Andrew Tridgell 2003
+ Copyright (C) Andrew Bartlett <abartlet@samba.org> 2003
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -22,6 +23,8 @@
#include "includes.h"
#define TEST_USERNAME "samrtorturetest"
+#define TEST_MACHINENAME "samrtorturetestmach$"
+#define TEST_DOMAINNAME "samrtorturetestdom$"
static BOOL test_QueryUserInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *handle);
@@ -181,9 +184,9 @@ static BOOL test_SetUserInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
TEST_USERINFO_INT(2, country_code, 21, country_code, __LINE__);
TEST_USERINFO_INT(2, code_page, 21, code_page, __LINE__);
- TEST_USERINFO_INT(4, logon_hours[3], 3, logon_hours[3], __LINE__);
- TEST_USERINFO_INT(4, logon_hours[3], 5, logon_hours[3], __LINE__);
- TEST_USERINFO_INT(4, logon_hours[3], 21, logon_hours[3], __LINE__);
+ TEST_USERINFO_INT(4, logon_hours.bitmap[3], 3, logon_hours.bitmap[3], __LINE__);
+ TEST_USERINFO_INT(4, logon_hours.bitmap[3], 5, logon_hours.bitmap[3], __LINE__);
+ TEST_USERINFO_INT(4, logon_hours.bitmap[3], 21, logon_hours.bitmap[3], __LINE__);
TEST_USERINFO_INT(9, primary_gid, 1, primary_gid, 513);
TEST_USERINFO_INT(9, primary_gid, 3, primary_gid, 513);
@@ -288,9 +291,13 @@ static BOOL test_CreateUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
{
NTSTATUS status;
struct samr_CreateUser r;
+ struct samr_QueryUserInfo q;
struct samr_DeleteUser d;
struct policy_handle acct_handle;
uint32 rid;
+
+ /* This call creates a 'normal' account - check that it really does */
+ const uint32 acct_flags = ACB_NORMAL;
struct samr_Name name;
BOOL ret = True;
@@ -323,6 +330,23 @@ static BOOL test_CreateUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
}
+ q.in.handle = handle;
+ q.in.level = 16;
+
+ status = dcerpc_samr_QueryUserInfo(p, mem_ctx, &q);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("QueryUserInfo level %u failed - %s\n",
+ q.in.level, nt_errstr(status));
+ ret = False;
+ } else {
+ if (q.out.info->info16.acct_flags != acct_flags) {
+ printf("QuerUserInfo level 16 failed, it returned 0x%08x (%u) when we expected flags of 0x%08x (%u)\n",
+ q.out.info->info16.acct_flags, q.out.info->info16.acct_flags,
+ acct_flags, acct_flags);
+ ret = False;
+ }
+ }
+
if (!test_user_ops(p, mem_ctx, &acct_handle)) {
ret = False;
}
@@ -341,6 +365,114 @@ static BOOL test_CreateUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
return ret;
}
+static BOOL test_CreateUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+ struct policy_handle *handle)
+{
+ NTSTATUS status;
+ struct samr_CreateUser2 r;
+ struct samr_QueryUserInfo q;
+ struct samr_DeleteUser d;
+ struct policy_handle acct_handle;
+ uint32 rid;
+ struct samr_Name name;
+ BOOL ret = True;
+ int i;
+
+ struct {
+ uint32 acct_flags;
+ const char *account_name;
+ NTSTATUS nt_status;
+ } account_types[] = {
+ { ACB_NORMAL, TEST_USERNAME, NT_STATUS_OK },
+ { ACB_NORMAL | ACB_DISABLED, TEST_USERNAME, NT_STATUS_INVALID_PARAMETER },
+ { ACB_NORMAL | ACB_PWNOEXP, TEST_USERNAME, NT_STATUS_INVALID_PARAMETER },
+ { ACB_WSTRUST, TEST_MACHINENAME, NT_STATUS_OK },
+ { ACB_WSTRUST | ACB_DISABLED, TEST_MACHINENAME, NT_STATUS_INVALID_PARAMETER },
+ { ACB_WSTRUST | ACB_PWNOEXP, TEST_MACHINENAME, NT_STATUS_INVALID_PARAMETER },
+ { ACB_SVRTRUST, TEST_MACHINENAME, NT_STATUS_OK },
+ { ACB_SVRTRUST | ACB_DISABLED, TEST_MACHINENAME, NT_STATUS_INVALID_PARAMETER },
+ { ACB_SVRTRUST | ACB_PWNOEXP, TEST_MACHINENAME, NT_STATUS_INVALID_PARAMETER },
+ { ACB_DOMTRUST, TEST_DOMAINNAME, NT_STATUS_OK },
+ { ACB_DOMTRUST | ACB_DISABLED, TEST_DOMAINNAME, NT_STATUS_INVALID_PARAMETER },
+ { ACB_DOMTRUST | ACB_PWNOEXP, TEST_DOMAINNAME, NT_STATUS_INVALID_PARAMETER },
+ { 0, TEST_USERNAME, NT_STATUS_INVALID_PARAMETER },
+ { ACB_DISABLED, TEST_USERNAME, NT_STATUS_INVALID_PARAMETER },
+ { 0, NULL, NT_STATUS_INVALID_PARAMETER }
+ };
+
+ for (i = 0; account_types[i].account_name; i++) {
+ uint32 acct_flags = account_types[i].acct_flags;
+ uint32 access_granted;
+
+ init_samr_Name(&name, account_types[i].account_name);
+
+ r.in.handle = handle;
+ r.in.username = &name;
+ r.in.acct_flags = acct_flags;
+ r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
+ r.out.acct_handle = &acct_handle;
+ r.out.access_granted = &access_granted;
+ r.out.rid = &rid;
+
+ printf("Testing CreateUser2(%s)\n", r.in.username->name);
+
+ status = dcerpc_samr_CreateUser2(p, mem_ctx, &r);
+
+ if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
+ printf("Server refused create of '%s'\n", r.in.username->name);
+ continue;
+
+ } else if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
+ if (!test_DeleteUser_byname(p, mem_ctx, handle, r.in.username->name)) {
+ return False;
+ }
+ status = dcerpc_samr_CreateUser2(p, mem_ctx, &r);
+
+ }
+ if (!NT_STATUS_EQUAL(status, account_types[i].nt_status)) {
+ printf("CreateUser2 failed gave incorrect error return - %s (should be %s)\n",
+ nt_errstr(status), nt_errstr(account_types[i].nt_status));
+ ret = False;
+ }
+
+ if (NT_STATUS_IS_OK(status)) {
+ q.in.handle = handle;
+ q.in.level = 16;
+
+ status = dcerpc_samr_QueryUserInfo(p, mem_ctx, &q);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("QueryUserInfo level %u failed - %s\n",
+ q.in.level, nt_errstr(status));
+ ret = False;
+ } else {
+ if (q.out.info->info16.acct_flags != acct_flags) {
+ printf("QuerUserInfo level 16 failed, it returned 0x%08xwhen we expected flags of 0x%08x\n",
+ q.out.info->info16.acct_flags,
+ acct_flags);
+ ret = False;
+ }
+ }
+
+ if (!test_user_ops(p, mem_ctx, &acct_handle)) {
+ ret = False;
+ }
+
+ printf("Testing DeleteUser\n");
+
+ d.in.handle = &acct_handle;
+ d.out.handle = &acct_handle;
+
+ status = dcerpc_samr_DeleteUser(p, mem_ctx, &d);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("DeleteUser failed - %s\n", nt_errstr(status));
+ ret = False;
+ }
+ }
+ }
+
+ return ret;
+}
+
static BOOL test_QueryAliasInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *handle)
{
@@ -752,6 +884,10 @@ static BOOL test_OpenDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
ret = False;
}
+ if (!test_CreateUser2(p, mem_ctx, &domain_handle)) {
+ ret = False;
+ }
+
if (!test_QuerySecurity(p, mem_ctx, &domain_handle)) {
ret = False;
}