diff options
-rw-r--r-- | source4/torture/libnet/libnet.c | 1 | ||||
-rw-r--r-- | source4/torture/libnet/libnet_group.c | 272 |
2 files changed, 273 insertions, 0 deletions
diff --git a/source4/torture/libnet/libnet.c b/source4/torture/libnet/libnet.c index 6ee0838375..dc0e35e102 100644 --- a/source4/torture/libnet/libnet.c +++ b/source4/torture/libnet/libnet.c @@ -40,6 +40,7 @@ NTSTATUS torture_net_init(void) torture_suite_add_simple_test(suite, "API-MODIFYUSER", torture_modifyuser); torture_suite_add_simple_test(suite, "API-USERINFO", torture_userinfo_api); torture_suite_add_simple_test(suite, "API-USERLIST", torture_userlist); + torture_suite_add_simple_test(suite, "API-GROUPINFO", torture_groupinfo_api); torture_suite_add_simple_test(suite, "API-RPCCONN-BIND", torture_rpc_connect_binding); torture_suite_add_simple_test(suite, "API-RPCCONN-SRV", torture_rpc_connect_srv); torture_suite_add_simple_test(suite, "API-RPCCONN-PDC", torture_rpc_connect_pdc); diff --git a/source4/torture/libnet/libnet_group.c b/source4/torture/libnet/libnet_group.c new file mode 100644 index 0000000000..ef2c3aa206 --- /dev/null +++ b/source4/torture/libnet/libnet_group.c @@ -0,0 +1,272 @@ +/* + Unix SMB/CIFS implementation. + Test suite for libnet calls. + + Copyright (C) Rafal Szczesniak 2007 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + + +#include "includes.h" +#include "lib/cmdline/popt_common.h" +#include "libnet/libnet.h" +#include "librpc/gen_ndr/ndr_samr_c.h" +#include "librpc/gen_ndr/ndr_lsa_c.h" +#include "torture/torture.h" +#include "torture/rpc/rpc.h" + + +#define TEST_GROUPNAME "libnetgrouptest" + + +static BOOL test_cleanup(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, + struct policy_handle *domain_handle, const char *groupname) +{ + NTSTATUS status; + struct samr_LookupNames r1; + struct samr_OpenGroup r2; + struct samr_DeleteDomainGroup r3; + struct lsa_String names[2]; + uint32_t rid; + struct policy_handle group_handle; + + names[0].string = groupname; + + r1.in.domain_handle = domain_handle; + r1.in.num_names = 1; + r1.in.names = names; + + printf("group account lookup '%s'\n", groupname); + + status = dcerpc_samr_LookupNames(p, mem_ctx, &r1); + if (!NT_STATUS_IS_OK(status)) { + printf("LookupNames failed - %s\n", nt_errstr(status)); + return False; + } + + rid = r1.out.rids.ids[0]; + + r2.in.domain_handle = domain_handle; + r2.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; + r2.in.rid = rid; + r2.out.group_handle = &group_handle; + + printf("opening group account\n"); + + status = dcerpc_samr_OpenGroup(p, mem_ctx, &r2); + if (!NT_STATUS_IS_OK(status)) { + printf("OpenGroup failed - %s\n", nt_errstr(status)); + return False; + } + + r3.in.group_handle = &group_handle; + r3.out.group_handle = &group_handle; + + printf("deleting group account\n"); + + status = dcerpc_samr_DeleteDomainGroup(p, mem_ctx, &r3); + if (!NT_STATUS_IS_OK(status)) { + printf("DeleteGroup failed - %s\n", nt_errstr(status)); + return False; + } + + return True; +} + + +static BOOL test_creategroup(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, + struct policy_handle *handle, const char *name) +{ + NTSTATUS status; + struct lsa_String groupname; + struct samr_CreateDomainGroup r; + struct policy_handle group_handle; + uint32_t group_rid; + + groupname.string = name; + + r.in.domain_handle = handle; + r.in.name = &groupname; + r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; + r.out.group_handle = &group_handle; + r.out.rid = &group_rid; + + printf("creating group account %s\n", name); + + status = dcerpc_samr_CreateDomainGroup(p, mem_ctx, &r); + if (!NT_STATUS_IS_OK(status)) { + printf("CreateGroup failed - %s\n", nt_errstr(status)); + + if (NT_STATUS_EQUAL(status, NT_STATUS_GROUP_EXISTS)) { + printf("Group (%s) already exists - attempting to delete and recreate group again\n", name); + if (!test_cleanup(p, mem_ctx, handle, TEST_GROUPNAME)) { + return False; + } + + printf("creating group account\n"); + + status = dcerpc_samr_CreateDomainGroup(p, mem_ctx, &r); + if (!NT_STATUS_IS_OK(status)) { + printf("CreateGroup failed - %s\n", nt_errstr(status)); + return False; + } + return True; + } + return False; + } + + return True; +} + + +static BOOL test_opendomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, + struct policy_handle *handle, struct lsa_String *domname) +{ + NTSTATUS status; + struct policy_handle h, domain_handle; + struct samr_Connect r1; + struct samr_LookupDomain r2; + struct samr_OpenDomain r3; + + printf("connecting\n"); + + r1.in.system_name = 0; + r1.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; + r1.out.connect_handle = &h; + + status = dcerpc_samr_Connect(p, mem_ctx, &r1); + if (!NT_STATUS_IS_OK(status)) { + printf("Connect failed - %s\n", nt_errstr(status)); + return False; + } + + r2.in.connect_handle = &h; + r2.in.domain_name = domname; + + printf("domain lookup on %s\n", domname->string); + + status = dcerpc_samr_LookupDomain(p, mem_ctx, &r2); + if (!NT_STATUS_IS_OK(status)) { + printf("LookupDomain failed - %s\n", nt_errstr(status)); + return False; + } + + r3.in.connect_handle = &h; + r3.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; + r3.in.sid = r2.out.sid; + r3.out.domain_handle = &domain_handle; + + printf("opening domain\n"); + + status = dcerpc_samr_OpenDomain(p, mem_ctx, &r3); + if (!NT_STATUS_IS_OK(status)) { + printf("OpenDomain failed - %s\n", nt_errstr(status)); + return False; + } else { + *handle = domain_handle; + } + + return True; +} + + +static BOOL test_samr_close(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, + struct policy_handle *domain_handle) +{ + NTSTATUS status; + struct samr_Close r; + + r.in.handle = domain_handle; + r.out.handle = domain_handle; + + status = dcerpc_samr_Close(p, mem_ctx, &r); + if (!NT_STATUS_IS_OK(status)) { + printf("Close samr domain failed - %s\n", nt_errstr(status)); + return False; + } + + return True; +} + + +BOOL torture_groupinfo_api(struct torture_context *torture) +{ + const char *name = TEST_GROUPNAME; + const char *binding; + BOOL ret = True; + NTSTATUS status; + TALLOC_CTX *mem_ctx = NULL, *prep_mem_ctx; + struct libnet_context *ctx; + struct dcerpc_pipe *p; + struct policy_handle h; + struct lsa_String domain_name; + struct libnet_GroupInfo req; + + prep_mem_ctx = talloc_init("prepare torture group info"); + binding = torture_setting_string(torture, "binding", NULL); + + ctx = libnet_context_init(NULL); + ctx->cred = cmdline_credentials; + + status = torture_rpc_connection(prep_mem_ctx, + &p, + &ndr_table_samr); + if (!NT_STATUS_IS_OK(status)) { + return False; + } + + domain_name.string = lp_workgroup(); + if (!test_opendomain(p, prep_mem_ctx, &h, &domain_name)) { + ret = False; + goto done; + } + + if (!test_creategroup(p, prep_mem_ctx, &h, name)) { + ret = False; + goto done; + } + + mem_ctx = talloc_init("torture group info"); + + ZERO_STRUCT(req); + + req.in.domain_name = domain_name.string; + req.in.group_name = name; + + status = libnet_GroupInfo(ctx, mem_ctx, &req); + if (!NT_STATUS_IS_OK(status)) { + printf("libnet_GroupInfo call failed: %s\n", nt_errstr(status)); + ret = False; + talloc_free(mem_ctx); + goto done; + } + + if (!test_cleanup(ctx->samr.pipe, mem_ctx, &ctx->samr.handle, TEST_GROUPNAME)) { + printf("cleanup failed\n"); + ret = False; + goto done; + } + + if (!test_samr_close(ctx->samr.pipe, mem_ctx, &ctx->samr.handle)) { + printf("domain close failed\n"); + ret = False; + } + + talloc_free(ctx); + +done: + talloc_free(mem_ctx); + return ret; +} |