diff options
-rwxr-xr-x | source4/script/tests/test_rpc.sh | 6 | ||||
-rw-r--r-- | source4/torture/rpc/rpc.c | 2 | ||||
-rw-r--r-- | source4/torture/rpc/samr.c | 400 |
3 files changed, 243 insertions, 165 deletions
diff --git a/source4/script/tests/test_rpc.sh b/source4/script/tests/test_rpc.sh index ae9f7c67f5..82f96abbc7 100755 --- a/source4/script/tests/test_rpc.sh +++ b/source4/script/tests/test_rpc.sh @@ -5,9 +5,9 @@ ncacn_np_tests="RPC-SPOOLSS RPC-SRVSVC RPC-SCHANNEL RPC-JOIN RPC-LSA RPC-ECHO RPC-DSSETUP RPC-ALTERCONTEXT RPC-MULTIBIND NET-API-RPCCONN-BIND NET-API-LISTSHARES NET-API-CREATEUSER NET-API-DELETEUSER" ncalrpc_tests="RPC-SCHANNEL RPC-JOIN RPC-LSA RPC-ECHO RPC-DSSETUP RPC-ALTERCONTEXT RPC-MULTIBIND NET-API-LISTSHARES NET-API-CREATEUSER NET-API-DELETEUSER" ncacn_ip_tcp_tests="RPC-SCHANNEL RPC-JOIN RPC-LSA RPC-ECHO RPC-DSSETUP RPC-ALTERCONTEXT RPC-MULTIBIND NET-API-LISTSHARES NET-API-CREATEUSER NET-API-DELETEUSER" -slow_ncacn_np_tests="RPC-SAMLOGON" -slow_ncalrpc_tests="RPC-SAMLOGON" -slow_ncacn_ip_tcp_tests="RPC-SAMLOGON" +slow_ncacn_np_tests="RPC-SAMLOGON RPC-SAMR-USERS RPC-SAMR-PASSWORDS " +slow_ncalrpc_tests="RPC-SAMLOGON RPC-SAMR-USERS RPC-SAMR-PASSWORDS" +slow_ncacn_ip_tcp_tests="RPC-SAMLOGON RPC-SAMR-USERS RPC-SAMR-PASSWORDS" if [ $# -lt 4 ]; then cat <<EOF diff --git a/source4/torture/rpc/rpc.c b/source4/torture/rpc/rpc.c index 8d33560d65..a89ffc71d2 100644 --- a/source4/torture/rpc/rpc.c +++ b/source4/torture/rpc/rpc.c @@ -103,6 +103,8 @@ NTSTATUS torture_rpc_init(void) register_torture_op("RPC-DFS", torture_rpc_dfs); register_torture_op("RPC-SPOOLSS", torture_rpc_spoolss); register_torture_op("RPC-SAMR", torture_rpc_samr); + register_torture_op("RPC-SAMR-USERS", torture_rpc_samr_users); + register_torture_op("RPC-SAMR-PASSWORDS", torture_rpc_samr_passwords); register_torture_op("RPC-UNIXINFO", torture_rpc_unixinfo); register_torture_op("RPC-NETLOGON", torture_rpc_netlogon); register_torture_op("RPC-SAMLOGON", torture_rpc_samlogon); diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index bdff980950..6c8f63c385 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -37,6 +37,11 @@ #define TEST_MACHINENAME "samrtestmach$" #define TEST_DOMAINNAME "samrtestdom$" +enum torture_samr_choice { + TORTURE_SAMR_PASSWORDS, + TORTURE_SAMR_USER_ATTRIBUTES, + TORTURE_SAMR_OTHER +}; static BOOL test_QueryUserInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *handle); @@ -47,6 +52,10 @@ static BOOL test_QueryUserInfo2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, static BOOL test_QueryAliasInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *handle); +static BOOL test_ChangePassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, + const char *acct_name, + struct policy_handle *domain_handle, char **password); + static void init_lsa_String(struct lsa_String *string, const char *s) { string->string = s; @@ -935,6 +944,7 @@ static BOOL test_ChangePasswordNT3(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, #endif static BOOL test_ChangePasswordUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, + const char *acct_name, struct policy_handle *handle, char **password) { NTSTATUS status; @@ -950,7 +960,7 @@ static BOOL test_ChangePasswordUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct samr_GetUserPwInfo pwp; int policy_min_pw_len = 0; - status = test_OpenUser_byname(p, mem_ctx, handle, TEST_ACCOUNT_NAME, &user_handle); + status = test_OpenUser_byname(p, mem_ctx, handle, acct_name, &user_handle); if (!NT_STATUS_IS_OK(status)) { return False; } @@ -1014,6 +1024,7 @@ static BOOL test_ChangePasswordUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, static BOOL test_OemChangePasswordUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, + const char *acct_name, struct policy_handle *handle, char **password) { NTSTATUS status; @@ -1051,7 +1062,7 @@ static BOOL test_OemChangePasswordUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_c newpass = samr_rand_pass(mem_ctx, policy_min_pw_len); server.string = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p)); - account.string = TEST_ACCOUNT_NAME; + account.string = acct_name; E_deshash(oldpass, old_lm_hash); E_deshash(newpass, new_lm_hash); @@ -1116,6 +1127,7 @@ static BOOL test_OemChangePasswordUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_c static BOOL test_ChangePasswordUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, + const char *acct_name, struct policy_handle *handle, char **password) { NTSTATUS status; @@ -1154,7 +1166,7 @@ static BOOL test_ChangePasswordUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, newpass = samr_rand_pass(mem_ctx, policy_min_pw_len); server.string = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p)); - init_lsa_String(&account, TEST_ACCOUNT_NAME); + init_lsa_String(&account, acct_name); E_md4hash(oldpass, old_nt_hash); E_md4hash(newpass, new_nt_hash); @@ -1447,36 +1459,91 @@ static BOOL test_TestPrivateFunctionsUser(struct dcerpc_pipe *p, TALLOC_CTX *mem static BOOL test_user_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, - struct policy_handle *handle, uint32_t base_acct_flags, - const char *base_acct_name) + struct policy_handle *user_handle, + struct policy_handle *domain_handle, + uint32_t base_acct_flags, + const char *base_acct_name, enum torture_samr_choice which_ops) { + TALLOC_CTX *user_ctx; + char *password = NULL; + BOOL ret = True; + int i; + const uint32_t password_fields[] = { + SAMR_FIELD_PASSWORD, + SAMR_FIELD_PASSWORD2, + SAMR_FIELD_PASSWORD | SAMR_FIELD_PASSWORD2, + 0 + }; + + user_ctx = talloc_named(mem_ctx, 0, "test_user_ops per-user context"); + switch (which_ops) { + case TORTURE_SAMR_USER_ATTRIBUTES: + if (!test_QuerySecurity(p, user_ctx, user_handle)) { + ret = False; + } - if (!test_QuerySecurity(p, mem_ctx, handle)) { - ret = False; - } + if (!test_QueryUserInfo(p, user_ctx, user_handle)) { + ret = False; + } - if (!test_QueryUserInfo(p, mem_ctx, handle)) { - ret = False; - } + if (!test_QueryUserInfo2(p, user_ctx, user_handle)) { + ret = False; + } - if (!test_QueryUserInfo2(p, mem_ctx, handle)) { - ret = False; - } + if (!test_SetUserInfo(p, user_ctx, user_handle, base_acct_flags, + base_acct_name)) { + ret = False; + } - if (!test_SetUserInfo(p, mem_ctx, handle, base_acct_flags, - base_acct_name)) { - ret = False; - } + if (!test_GetUserPwInfo(p, user_ctx, user_handle)) { + ret = False; + } - if (!test_GetUserPwInfo(p, mem_ctx, handle)) { - ret = False; - } + if (!test_TestPrivateFunctionsUser(p, user_ctx, user_handle)) { + ret = False; + } - if (!test_TestPrivateFunctionsUser(p, mem_ctx, handle)) { - ret = False; - } + if (!test_SetUserPass(p, user_ctx, user_handle, &password)) { + ret = False; + } + break; + case TORTURE_SAMR_PASSWORDS: + for (i = 0; password_fields[i]; i++) { + if (!test_SetUserPass_23(p, user_ctx, user_handle, password_fields[i], &password)) { + ret = False; + } + + /* check it was set right */ + if (!test_ChangePasswordUser3(p, user_ctx, base_acct_name, 0, &password)) { + ret = False; + } + } + + for (i = 0; password_fields[i]; i++) { + if (!test_SetUserPass_25(p, user_ctx, user_handle, password_fields[i], &password)) { + ret = False; + } + + /* check it was set right */ + if (!test_ChangePasswordUser3(p, user_ctx, base_acct_name, 0, &password)) { + ret = False; + } + } + + if (!test_SetUserPassEx(p, user_ctx, user_handle, &password)) { + ret = False; + } + if (!test_ChangePassword(p, user_ctx, base_acct_name, domain_handle, &password)) { + ret = False; + } + break; + case TORTURE_SAMR_OTHER: + /* Can't happen */ + break; + } + talloc_free(user_ctx); return ret; } @@ -1692,6 +1759,7 @@ static BOOL test_CreateAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, } static BOOL test_ChangePassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, + const char *acct_name, struct policy_handle *domain_handle, char **password) { BOOL ret = True; @@ -1700,25 +1768,25 @@ static BOOL test_ChangePassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, return False; } - if (!test_ChangePasswordUser(p, mem_ctx, domain_handle, password)) { + if (!test_ChangePasswordUser(p, mem_ctx, acct_name, domain_handle, password)) { ret = False; } - if (!test_ChangePasswordUser2(p, mem_ctx, domain_handle, password)) { + if (!test_ChangePasswordUser2(p, mem_ctx, acct_name, domain_handle, password)) { ret = False; } - if (!test_OemChangePasswordUser2(p, mem_ctx, domain_handle, password)) { + if (!test_OemChangePasswordUser2(p, mem_ctx, acct_name, domain_handle, password)) { ret = False; } /* we change passwords twice - this has the effect of verifying they were changed correctly for the final call */ - if (!test_ChangePasswordUser3(p, mem_ctx, TEST_ACCOUNT_NAME, 0, password)) { + if (!test_ChangePasswordUser3(p, mem_ctx, acct_name, 0, password)) { ret = False; } - if (!test_ChangePasswordUser3(p, mem_ctx, TEST_ACCOUNT_NAME, 0, password)) { + if (!test_ChangePasswordUser3(p, mem_ctx, acct_name, 0, password)) { ret = False; } @@ -1726,36 +1794,31 @@ static BOOL test_ChangePassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, } static BOOL test_CreateUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, - struct policy_handle *domain_handle, struct policy_handle *user_handle) + struct policy_handle *domain_handle, + enum torture_samr_choice which_ops) { + + TALLOC_CTX *user_ctx; + NTSTATUS status; struct samr_CreateUser r; struct samr_QueryUserInfo q; + struct samr_DeleteUser d; uint32_t rid; - char *password = NULL; - - int i; - const uint32_t password_fields[] = { - SAMR_FIELD_PASSWORD, - SAMR_FIELD_PASSWORD2, - SAMR_FIELD_PASSWORD | SAMR_FIELD_PASSWORD2, - 0 - }; - - TALLOC_CTX *user_ctx; /* This call creates a 'normal' account - check that it really does */ const uint32_t acct_flags = ACB_NORMAL; struct lsa_String name; BOOL ret = True; + struct policy_handle user_handle; user_ctx = talloc_named(mem_ctx, 0, "test_CreateUser2 per-user context"); init_lsa_String(&name, TEST_ACCOUNT_NAME); r.in.domain_handle = domain_handle; r.in.account_name = &name; r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; - r.out.user_handle = user_handle; + r.out.user_handle = &user_handle; r.out.rid = &rid; printf("Testing CreateUser(%s)\n", r.in.account_name->string); @@ -1763,8 +1826,7 @@ static BOOL test_CreateUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, status = dcerpc_samr_CreateUser(p, user_ctx, &r); if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) { - printf("Server refused create of '%s'\n", r.in.account_name->string); - ZERO_STRUCTP(user_handle); + printf("Server refused create of '%s': %s\n", r.in.account_name->string, nt_errstr(status)); talloc_free(user_ctx); return True; } @@ -1780,62 +1842,41 @@ static BOOL test_CreateUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, talloc_free(user_ctx); printf("CreateUser failed - %s\n", nt_errstr(status)); return False; - } - - q.in.user_handle = user_handle; - q.in.level = 16; - - status = dcerpc_samr_QueryUserInfo(p, user_ctx, &q); - if (!NT_STATUS_IS_OK(status)) { - printf("QueryUserInfo level %u failed - %s\n", - q.in.level, nt_errstr(status)); - ret = False; } else { - if ((q.out.info->info16.acct_flags & acct_flags) != acct_flags) { - printf("QuerUserInfo level 16 failed, it returned 0x%08x (%u) when we expected flags of 0x%08x (%u)\n", - q.out.info->info16.acct_flags, q.out.info->info16.acct_flags, - acct_flags, acct_flags); + q.in.user_handle = &user_handle; + q.in.level = 16; + + status = dcerpc_samr_QueryUserInfo(p, user_ctx, &q); + if (!NT_STATUS_IS_OK(status)) { + printf("QueryUserInfo level %u failed - %s\n", + q.in.level, nt_errstr(status)); ret = False; + } else { + if ((q.out.info->info16.acct_flags & acct_flags) != acct_flags) { + printf("QuerUserInfo level 16 failed, it returned 0x%08x when we expected flags of 0x%08x\n", + q.out.info->info16.acct_flags, + acct_flags); + ret = False; + } } - } - - if (!test_user_ops(p, user_ctx, user_handle, acct_flags, name.string)) { - ret = False; - } - - if (!test_SetUserPass(p, user_ctx, user_handle, &password)) { - ret = False; - } - - for (i = 0; password_fields[i]; i++) { - if (!test_SetUserPass_23(p, user_ctx, user_handle, password_fields[i], &password)) { - ret = False; - } - /* check it was set right */ - if (!test_ChangePasswordUser3(p, user_ctx, TEST_ACCOUNT_NAME, 0, &password)) { + if (!test_user_ops(p, user_ctx, &user_handle, domain_handle, + acct_flags, name.string, which_ops)) { ret = False; } - } - - for (i = 0; password_fields[i]; i++) { - if (!test_SetUserPass_25(p, user_ctx, user_handle, password_fields[i], &password)) { - ret = False; - } - /* check it was set right */ - if (!test_ChangePasswordUser3(p, user_ctx, TEST_ACCOUNT_NAME, 0, &password)) { - ret = False; + printf("Testing DeleteUser (createuser2 test)\n"); + + d.in.user_handle = &user_handle; + d.out.user_handle = &user_handle; + + status = dcerpc_samr_DeleteUser(p, user_ctx, &d); + if (!NT_STATUS_IS_OK(status)) { + printf("DeleteUser failed - %s\n", nt_errstr(status)); + ret = False; } - } - - if (!test_SetUserPassEx(p, user_ctx, user_handle, &password)) { - ret = False; - } - - if (!test_ChangePassword(p, user_ctx, domain_handle, &password)) { - ret = False; - } + + } talloc_free(user_ctx); @@ -1843,29 +1884,8 @@ static BOOL test_CreateUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, } -static BOOL test_DeleteUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, - struct policy_handle *user_handle) -{ - struct samr_DeleteUser d; - NTSTATUS status; - BOOL ret = True; - - printf("Testing DeleteUser\n"); - - d.in.user_handle = user_handle; - d.out.user_handle = user_handle; - - status = dcerpc_samr_DeleteUser(p, mem_ctx, &d); - if (!NT_STATUS_IS_OK(status)) { - printf("DeleteUser failed - %s\n", nt_errstr(status)); - ret = False; - } - - return ret; -} - static BOOL test_CreateUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, - struct policy_handle *handle) + struct policy_handle *domain_handle, enum torture_samr_choice which_ops) { NTSTATUS status; struct samr_CreateUser2 r; @@ -1906,7 +1926,7 @@ static BOOL test_CreateUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, user_ctx = talloc_named(mem_ctx, 0, "test_CreateUser2 per-user context"); init_lsa_String(&name, account_types[i].account_name); - r.in.domain_handle = handle; + r.in.domain_handle = domain_handle; r.in.account_name = &name; r.in.acct_flags = acct_flags; r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; @@ -1924,7 +1944,7 @@ static BOOL test_CreateUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, continue; } else if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) { - if (!test_DeleteUser_byname(p, user_ctx, handle, r.in.account_name->string)) { + if (!test_DeleteUser_byname(p, user_ctx, domain_handle, r.in.account_name->string)) { talloc_free(user_ctx); ret = False; continue; @@ -1956,7 +1976,8 @@ static BOOL test_CreateUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, } } - if (!test_user_ops(p, user_ctx, &user_handle, acct_flags, name.string)) { + if (!test_user_ops(p, user_ctx, &user_handle, domain_handle, + acct_flags, name.string, which_ops)) { ret = False; } @@ -3181,17 +3202,16 @@ static BOOL test_Connect(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *handle); static BOOL test_OpenDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, - struct policy_handle *handle, struct dom_sid *sid) + struct policy_handle *handle, struct dom_sid *sid, + enum torture_samr_choice which_ops) { NTSTATUS status; struct samr_OpenDomain r; struct policy_handle domain_handle; - struct policy_handle user_handle; struct policy_handle alias_handle; struct policy_handle group_handle; BOOL ret = True; - ZERO_STRUCT(user_handle); ZERO_STRUCT(alias_handle); ZERO_STRUCT(group_handle); ZERO_STRUCT(domain_handle); @@ -3213,37 +3233,39 @@ static BOOL test_OpenDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, the servers reference counting */ ret &= test_samr_handle_Close(p, mem_ctx, handle); - ret &= test_QuerySecurity(p, mem_ctx, &domain_handle); - ret &= test_RemoveMemberFromForeignDomain(p, mem_ctx, &domain_handle); - ret &= test_CreateUser2(p, mem_ctx, &domain_handle); - ret &= test_CreateUser(p, mem_ctx, &domain_handle, &user_handle); - ret &= test_CreateAlias(p, mem_ctx, &domain_handle, &alias_handle, sid); - ret &= test_CreateDomainGroup(p, mem_ctx, &domain_handle, &group_handle); - ret &= test_QueryDomainInfo(p, mem_ctx, &domain_handle); - ret &= test_QueryDomainInfo2(p, mem_ctx, &domain_handle); - ret &= test_EnumDomainUsers(p, mem_ctx, &domain_handle); - ret &= test_EnumDomainUsers_async(p, mem_ctx, &domain_handle); - ret &= test_EnumDomainGroups(p, mem_ctx, &domain_handle); - ret &= test_EnumDomainAliases(p, mem_ctx, &domain_handle); - ret &= test_QueryDisplayInfo(p, mem_ctx, &domain_handle); - ret &= test_QueryDisplayInfo2(p, mem_ctx, &domain_handle); - ret &= test_QueryDisplayInfo3(p, mem_ctx, &domain_handle); - ret &= test_QueryDisplayInfo_continue(p, mem_ctx, &domain_handle); - - if (lp_parm_bool(-1, "target", "samba4", False)) { - printf("skipping GetDisplayEnumerationIndex test against Samba4\n"); - } else { - ret &= test_GetDisplayEnumerationIndex(p, mem_ctx, &domain_handle); - ret &= test_GetDisplayEnumerationIndex2(p, mem_ctx, &domain_handle); - } - ret &= test_GroupList(p, mem_ctx, &domain_handle); - ret &= test_TestPrivateFunctionsDomain(p, mem_ctx, &domain_handle); - ret &= test_RidToSid(p, mem_ctx, sid, &domain_handle); - ret &= test_GetBootKeyInformation(p, mem_ctx, &domain_handle); - - if (!policy_handle_empty(&user_handle) && - !test_DeleteUser(p, mem_ctx, &user_handle)) { - ret = False; + switch (which_ops) { + case TORTURE_SAMR_USER_ATTRIBUTES: + case TORTURE_SAMR_PASSWORDS: + ret &= test_CreateUser(p, mem_ctx, &domain_handle, which_ops); + ret &= test_CreateUser2(p, mem_ctx, &domain_handle, which_ops); + break; + case TORTURE_SAMR_OTHER: + ret &= test_QuerySecurity(p, mem_ctx, &domain_handle); + ret &= test_RemoveMemberFromForeignDomain(p, mem_ctx, &domain_handle); + ret &= test_CreateAlias(p, mem_ctx, &domain_handle, &alias_handle, sid); + ret &= test_CreateDomainGroup(p, mem_ctx, &domain_handle, &group_handle); + ret &= test_QueryDomainInfo(p, mem_ctx, &domain_handle); + ret &= test_QueryDomainInfo2(p, mem_ctx, &domain_handle); + ret &= test_EnumDomainUsers(p, mem_ctx, &domain_handle); + ret &= test_EnumDomainUsers_async(p, mem_ctx, &domain_handle); + ret &= test_EnumDomainGroups(p, mem_ctx, &domain_handle); + ret &= test_EnumDomainAliases(p, mem_ctx, &domain_handle); + ret &= test_QueryDisplayInfo(p, mem_ctx, &domain_handle); + ret &= test_QueryDisplayInfo2(p, mem_ctx, &domain_handle); + ret &= test_QueryDisplayInfo3(p, mem_ctx, &domain_handle); + ret &= test_QueryDisplayInfo_continue(p, mem_ctx, &domain_handle); + + if (lp_parm_bool(-1, "target", "samba4", False)) { + printf("skipping GetDisplayEnumerationIndex test against Samba4\n"); + } else { + ret &= test_GetDisplayEnumerationIndex(p, mem_ctx, &domain_handle); + ret &= test_GetDisplayEnumerationIndex2(p, mem_ctx, &domain_handle); + } + ret &= test_GroupList(p, mem_ctx, &domain_handle); + ret &= test_TestPrivateFunctionsDomain(p, mem_ctx, &domain_handle); + ret &= test_RidToSid(p, mem_ctx, sid, &domain_handle); + ret &= test_GetBootKeyInformation(p, mem_ctx, &domain_handle); + break; } if (!policy_handle_empty(&alias_handle) && @@ -3265,14 +3287,16 @@ static BOOL test_OpenDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, } static BOOL test_LookupDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, - struct policy_handle *handle, struct lsa_String *domain) + struct policy_handle *handle, const char *domain, + enum torture_samr_choice which_ops) { NTSTATUS status; struct samr_LookupDomain r; + struct lsa_String n1; struct lsa_String n2; BOOL ret = True; - printf("Testing LookupDomain(%s)\n", domain->string); + printf("Testing LookupDomain(%s)\n", domain); /* check for correct error codes */ r.in.connect_handle = handle; @@ -3285,7 +3309,7 @@ static BOOL test_LookupDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, ret = False; } - n2.string = "xxNODOMAINxx"; + init_lsa_String(&n2, "xxNODOMAINxx"); status = dcerpc_samr_LookupDomain(p, mem_ctx, &r); if (!NT_STATUS_EQUAL(NT_STATUS_NO_SUCH_DOMAIN, status)) { @@ -3294,7 +3318,9 @@ static BOOL test_LookupDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, } r.in.connect_handle = handle; - r.in.domain_name = domain; + + init_lsa_String(&n1, domain); + r.in.domain_name = &n1; status = dcerpc_samr_LookupDomain(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { @@ -3302,11 +3328,11 @@ static BOOL test_LookupDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, ret = False; } - if (!test_GetDomPwInfo(p, mem_ctx, domain)) { + if (!test_GetDomPwInfo(p, mem_ctx, &n1)) { ret = False; } - if (!test_OpenDomain(p, mem_ctx, handle, r.out.sid)) { + if (!test_OpenDomain(p, mem_ctx, handle, r.out.sid, which_ops)) { ret = False; } @@ -3315,7 +3341,7 @@ static BOOL test_LookupDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, static BOOL test_EnumDomains(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, - struct policy_handle *handle) + struct policy_handle *handle, enum torture_samr_choice which_ops) { NTSTATUS status; struct samr_EnumDomains r; @@ -3340,7 +3366,7 @@ static BOOL test_EnumDomains(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, for (i=0;i<r.out.sam->count;i++) { if (!test_LookupDomain(p, mem_ctx, handle, - &r.out.sam->entries[i].name)) { + r.out.sam->entries[i].name.string, which_ops)) { ret = False; } } @@ -3469,8 +3495,8 @@ static BOOL test_Connect(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, BOOL torture_rpc_samr(struct torture_context *torture) { - NTSTATUS status; - struct dcerpc_pipe *p; + NTSTATUS status; + struct dcerpc_pipe *p; BOOL ret = True; struct policy_handle handle; @@ -3483,7 +3509,7 @@ BOOL torture_rpc_samr(struct torture_context *torture) ret &= test_QuerySecurity(p, torture, &handle); - ret &= test_EnumDomains(p, torture, &handle); + ret &= test_EnumDomains(p, torture, &handle, TORTURE_SAMR_OTHER); ret &= test_SetDsrmPassword(p, torture, &handle); @@ -3494,3 +3520,53 @@ BOOL torture_rpc_samr(struct torture_context *torture) return ret; } + +BOOL torture_rpc_samr_users(struct torture_context *torture) +{ + NTSTATUS status; + struct dcerpc_pipe *p; + BOOL ret = True; + struct policy_handle handle; + + status = torture_rpc_connection(torture, &p, &dcerpc_table_samr); + if (!NT_STATUS_IS_OK(status)) { + return False; + } + + ret &= test_Connect(p, torture, &handle); + + ret &= test_QuerySecurity(p, torture, &handle); + + ret &= test_EnumDomains(p, torture, &handle, TORTURE_SAMR_USER_ATTRIBUTES); + + ret &= test_SetDsrmPassword(p, torture, &handle); + + ret &= test_Shutdown(p, torture, &handle); + + ret &= test_samr_handle_Close(p, torture, &handle); + + return ret; +} + + +BOOL torture_rpc_samr_passwords(struct torture_context *torture) +{ + NTSTATUS status; + struct dcerpc_pipe *p; + BOOL ret = True; + struct policy_handle handle; + + status = torture_rpc_connection(torture, &p, &dcerpc_table_samr); + if (!NT_STATUS_IS_OK(status)) { + return False; + } + + ret &= test_Connect(p, torture, &handle); + + ret &= test_EnumDomains(p, torture, &handle, TORTURE_SAMR_PASSWORDS); + + ret &= test_samr_handle_Close(p, torture, &handle); + + return ret; +} + |