From 7f26e3ad339355e7cdab03e12c442ac1a9385561 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 21 Apr 2004 06:23:29 +0000 Subject: r307: added IDL and test code for samr_GetDomPwInfo(), samr_SetUserInfo2(), samr_GetBootKeyInformation() and samr_Connect3() also added some stub IDL for samr_SetBootKeyInformation() although I don't yet have working test code. This one is tricky, as if you get it wrong then the target system won't boot any more :) (This used to be commit 118b6fc292ba3257511b1b83846582013fb59b23) --- source4/librpc/idl/samr.idl | 36 ++++++++++++++++--- source4/torture/rpc/samr.c | 86 +++++++++++++++++++++++++++++++++++++++++++-- 2 files changed, 114 insertions(+), 8 deletions(-) diff --git a/source4/librpc/idl/samr.idl b/source4/librpc/idl/samr.idl index b76541bb26..8372095350 100644 --- a/source4/librpc/idl/samr.idl +++ b/source4/librpc/idl/samr.idl @@ -993,7 +993,10 @@ /************************/ /* Function 0x38 */ - NTSTATUS samr_GET_DOM_PWINFO(); + NTSTATUS samr_GetDomPwInfo( + [in] samr_Name *name, + [out] samr_PwInfo info + ); /************************/ /* Function 0x39 */ @@ -1005,19 +1008,42 @@ /************************/ /* Function 0x3a */ - NTSTATUS samr_SET_USERINFO2(); + /* + seems to be an exact alias for samr_SetUserInfo() + */ + NTSTATUS samr_SetUserInfo2( + [in,ref] policy_handle *handle, + [in] uint16 level, + [in,ref,switch_is(level)] samr_UserInfo *info + ); /************************/ /* Function 0x3b */ - NTSTATUS samr_SET_BOOT_KEY_INFORMATION(); + /* + this one is mysterious. I have a few guesses, but nothing working yet + */ + NTSTATUS samr_SetBootKeyInformation( + [in,ref] policy_handle *handle + [in] uint32 unknown1, + [in] uint32 unknown2, + [in] uint32 unknown3 + ); /************************/ /* Function 0x3c */ - NTSTATUS samr_GET_BOOT_KEY_INFORMATION(); + NTSTATUS samr_GetBootKeyInformation( + [in,ref] policy_handle *handle, + [out] uint32 unknown + ); /************************/ /* Function 0x3d */ - NTSTATUS samr_CONNECT3(); + NTSTATUS samr_Connect3( + [in] unistr *system_name, + [in] uint32 unknown, + [in] uint32 access_mask, + [out,ref] policy_handle *handle + ); /************************/ /* Function 0x3e */ diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index 6f90d68f75..be8b3e31ae 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -106,6 +106,7 @@ static BOOL test_SetUserInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, { NTSTATUS status; struct samr_SetUserInfo s; + struct samr_SetUserInfo2 s2; struct samr_QueryUserInfo q; struct samr_QueryUserInfo q0; union samr_UserInfo u; @@ -113,6 +114,10 @@ static BOOL test_SetUserInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, s.in.handle = handle; s.in.info = &u; + + s2.in.handle = handle; + s2.in.info = &u; + q.in.handle = handle; q.out.info = &u; q0 = q; @@ -147,12 +152,14 @@ static BOOL test_SetUserInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, q.in.level = lvl1; \ TESTCALL(QueryUserInfo, q) \ s.in.level = lvl1; \ + s2.in.level = lvl1; \ u = *q.out.info; \ init_samr_Name(&u.info ## lvl1.field1, value); \ if (lvl1 == 21) { \ u.info21.fields_present = fpval; \ } \ TESTCALL(SetUserInfo, s) \ + TESTCALL(SetUserInfo2, s2) \ init_samr_Name(&u.info ## lvl1.field1, ""); \ TESTCALL(QueryUserInfo, q); \ u = *q.out.info; \ @@ -168,12 +175,14 @@ static BOOL test_SetUserInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, q.in.level = lvl1; \ TESTCALL(QueryUserInfo, q) \ s.in.level = lvl1; \ + s2.in.level = lvl1; \ u = *q.out.info; \ u.info ## lvl1.field1 = value; \ if (lvl1 == 21) { \ u.info21.fields_present = fpval; \ } \ TESTCALL(SetUserInfo, s) \ + TESTCALL(SetUserInfo2, s2) \ u.info ## lvl1.field1 = 0; \ TESTCALL(QueryUserInfo, q); \ u = *q.out.info; \ @@ -244,7 +253,6 @@ static BOOL test_SetUserInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, return ret; } - static BOOL test_SetUserPass(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *handle) { @@ -348,6 +356,27 @@ static BOOL test_GetGroupsForUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, return ret; } + +static BOOL test_GetDomPwInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, + struct samr_Name *domain_name) +{ + NTSTATUS status; + struct samr_GetDomPwInfo r; + BOOL ret = True; + + printf("Testing GetDomPwInfo\n"); + + r.in.name = domain_name; + + status = dcerpc_samr_GetDomPwInfo(p, mem_ctx, &r); + if (!NT_STATUS_IS_OK(status)) { + printf("GetDomPwInfo failed - %s\n", nt_errstr(status)); + ret = False; + } + + return ret; +} + static BOOL test_GetUserPwInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *handle) { @@ -1962,6 +1991,26 @@ static BOOL test_RidToSid(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, return ret; } +static BOOL test_GetBootKeyInformation(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, + struct policy_handle *domain_handle) +{ + struct samr_GetBootKeyInformation r; + NTSTATUS status; + BOOL ret = True; + + printf("Testing GetBootKeyInformation\n"); + + r.in.handle = domain_handle; + + status = dcerpc_samr_GetBootKeyInformation(p, mem_ctx, &r); + if (!NT_STATUS_IS_OK(status)) { + printf("GetBootKeyInformation failed - %s\n", nt_errstr(status)); + ret = False; + } + + return ret; +} + static BOOL test_AddGroupMember(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *domain_handle, struct policy_handle *group_handle) @@ -2197,6 +2246,10 @@ static BOOL test_OpenDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, ret = False; } + if (!test_GetBootKeyInformation(p, mem_ctx, &domain_handle)) { + ret = False; + } + if (!policy_handle_empty(&user_handle) && !test_DeleteUser(p, mem_ctx, &user_handle)) { ret = False; @@ -2224,6 +2277,7 @@ static BOOL test_LookupDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, { NTSTATUS status; struct samr_LookupDomain r; + BOOL ret = True; printf("Testing LookupDomain(%s)\n", domain->name); @@ -2236,11 +2290,15 @@ static BOOL test_LookupDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, return False; } + if (!test_GetDomPwInfo(p, mem_ctx, domain)) { + ret = False; + } + if (!test_OpenDomain(p, mem_ctx, handle, r.out.sid)) { - return False; + ret = False; } - return True; + return ret; } @@ -2285,10 +2343,13 @@ static BOOL test_Connect(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, NTSTATUS status; struct samr_Connect r; struct samr_Connect2 r2; + struct samr_Connect3 r3; struct samr_Connect4 r4; struct samr_Connect5 r5; BOOL ret = True; + printf("testing samr_Connect\n"); + r.in.system_name = 0; r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED; r.out.handle = handle; @@ -2299,6 +2360,8 @@ static BOOL test_Connect(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, ret = False; } + printf("testing samr_Connect2\n"); + r2.in.system_name = ""; r2.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED; r2.out.handle = handle; @@ -2309,6 +2372,21 @@ static BOOL test_Connect(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, ret = False; } + printf("testing samr_Connect3\n"); + + r3.in.system_name = ""; + r3.in.unknown = 0; + r3.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED; + r3.out.handle = handle; + + status = dcerpc_samr_Connect3(p, mem_ctx, &r3); + if (!NT_STATUS_IS_OK(status)) { + printf("Connect3 failed - %s\n", nt_errstr(status)); + ret = False; + } + + printf("testing samr_Connect4\n"); + r4.in.system_name = ""; r4.in.unknown = 0; r4.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED; @@ -2320,6 +2398,8 @@ static BOOL test_Connect(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, ret = False; } + printf("testing samr_Connect5\n"); + r5.in.system_name = ""; r5.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED; r5.in.unknown0 = 1; /*Magic values I took from a WinXP pro workstation */ -- cgit