From ec92e2f9a2b9966c052621026b0763f42b6bd6a7 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 3 Dec 2003 03:10:10 +0000 Subject: My first stab at Samba4 IDL! This patch adds the samr_CreateUser2 function, which is create_user in Samba 3.0. This also adds a torture suite that checks for various valid and invalid account flags, and that they are persistant. Also, a patch by Anthony Liguori to fix the build Andrew Bartlett (This used to be commit 53e657b74572ab329d4598a85e6989547c324209) --- source4/librpc/idl/samr.idl | 12 +++- source4/torture/rpc/samr.c | 142 +++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 150 insertions(+), 4 deletions(-) diff --git a/source4/librpc/idl/samr.idl b/source4/librpc/idl/samr.idl index e690e7b616..ec6d2f8d67 100644 --- a/source4/librpc/idl/samr.idl +++ b/source4/librpc/idl/samr.idl @@ -767,7 +767,17 @@ /************************/ /* Function 0x32 */ - NTSTATUS samr_CREATE_USER2_IN_DOMAIN(); + NTSTATUS samr_CreateUser2( + /************************/ + [in,ref] policy_handle *handle, + [in,ref] samr_Name *username, + [in] uint32 acct_flags, + [in] uint32 access_mask, + [out,ref] policy_handle *acct_handle, + [out,ref] uint32 *access_granted, + [out,ref] uint32 *rid + ); + /************************/ /* Function 0x33 */ diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index 45a0c4f02d..7ccdc321ce 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -3,6 +3,7 @@ test suite for samr rpc operations Copyright (C) Andrew Tridgell 2003 + Copyright (C) Andrew Bartlett 2003 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -22,6 +23,8 @@ #include "includes.h" #define TEST_USERNAME "samrtorturetest" +#define TEST_MACHINENAME "samrtorturetestmach$" +#define TEST_DOMAINNAME "samrtorturetestdom$" static BOOL test_QueryUserInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *handle); @@ -181,9 +184,9 @@ static BOOL test_SetUserInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, TEST_USERINFO_INT(2, country_code, 21, country_code, __LINE__); TEST_USERINFO_INT(2, code_page, 21, code_page, __LINE__); - TEST_USERINFO_INT(4, logon_hours[3], 3, logon_hours[3], __LINE__); - TEST_USERINFO_INT(4, logon_hours[3], 5, logon_hours[3], __LINE__); - TEST_USERINFO_INT(4, logon_hours[3], 21, logon_hours[3], __LINE__); + TEST_USERINFO_INT(4, logon_hours.bitmap[3], 3, logon_hours.bitmap[3], __LINE__); + TEST_USERINFO_INT(4, logon_hours.bitmap[3], 5, logon_hours.bitmap[3], __LINE__); + TEST_USERINFO_INT(4, logon_hours.bitmap[3], 21, logon_hours.bitmap[3], __LINE__); TEST_USERINFO_INT(9, primary_gid, 1, primary_gid, 513); TEST_USERINFO_INT(9, primary_gid, 3, primary_gid, 513); @@ -288,9 +291,13 @@ static BOOL test_CreateUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, { NTSTATUS status; struct samr_CreateUser r; + struct samr_QueryUserInfo q; struct samr_DeleteUser d; struct policy_handle acct_handle; uint32 rid; + + /* This call creates a 'normal' account - check that it really does */ + const uint32 acct_flags = ACB_NORMAL; struct samr_Name name; BOOL ret = True; @@ -323,6 +330,23 @@ static BOOL test_CreateUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, } + q.in.handle = handle; + q.in.level = 16; + + status = dcerpc_samr_QueryUserInfo(p, mem_ctx, &q); + if (!NT_STATUS_IS_OK(status)) { + printf("QueryUserInfo level %u failed - %s\n", + q.in.level, nt_errstr(status)); + ret = False; + } else { + if (q.out.info->info16.acct_flags != acct_flags) { + printf("QuerUserInfo level 16 failed, it returned 0x%08x (%u) when we expected flags of 0x%08x (%u)\n", + q.out.info->info16.acct_flags, q.out.info->info16.acct_flags, + acct_flags, acct_flags); + ret = False; + } + } + if (!test_user_ops(p, mem_ctx, &acct_handle)) { ret = False; } @@ -341,6 +365,114 @@ static BOOL test_CreateUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, return ret; } +static BOOL test_CreateUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, + struct policy_handle *handle) +{ + NTSTATUS status; + struct samr_CreateUser2 r; + struct samr_QueryUserInfo q; + struct samr_DeleteUser d; + struct policy_handle acct_handle; + uint32 rid; + struct samr_Name name; + BOOL ret = True; + int i; + + struct { + uint32 acct_flags; + const char *account_name; + NTSTATUS nt_status; + } account_types[] = { + { ACB_NORMAL, TEST_USERNAME, NT_STATUS_OK }, + { ACB_NORMAL | ACB_DISABLED, TEST_USERNAME, NT_STATUS_INVALID_PARAMETER }, + { ACB_NORMAL | ACB_PWNOEXP, TEST_USERNAME, NT_STATUS_INVALID_PARAMETER }, + { ACB_WSTRUST, TEST_MACHINENAME, NT_STATUS_OK }, + { ACB_WSTRUST | ACB_DISABLED, TEST_MACHINENAME, NT_STATUS_INVALID_PARAMETER }, + { ACB_WSTRUST | ACB_PWNOEXP, TEST_MACHINENAME, NT_STATUS_INVALID_PARAMETER }, + { ACB_SVRTRUST, TEST_MACHINENAME, NT_STATUS_OK }, + { ACB_SVRTRUST | ACB_DISABLED, TEST_MACHINENAME, NT_STATUS_INVALID_PARAMETER }, + { ACB_SVRTRUST | ACB_PWNOEXP, TEST_MACHINENAME, NT_STATUS_INVALID_PARAMETER }, + { ACB_DOMTRUST, TEST_DOMAINNAME, NT_STATUS_OK }, + { ACB_DOMTRUST | ACB_DISABLED, TEST_DOMAINNAME, NT_STATUS_INVALID_PARAMETER }, + { ACB_DOMTRUST | ACB_PWNOEXP, TEST_DOMAINNAME, NT_STATUS_INVALID_PARAMETER }, + { 0, TEST_USERNAME, NT_STATUS_INVALID_PARAMETER }, + { ACB_DISABLED, TEST_USERNAME, NT_STATUS_INVALID_PARAMETER }, + { 0, NULL, NT_STATUS_INVALID_PARAMETER } + }; + + for (i = 0; account_types[i].account_name; i++) { + uint32 acct_flags = account_types[i].acct_flags; + uint32 access_granted; + + init_samr_Name(&name, account_types[i].account_name); + + r.in.handle = handle; + r.in.username = &name; + r.in.acct_flags = acct_flags; + r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED; + r.out.acct_handle = &acct_handle; + r.out.access_granted = &access_granted; + r.out.rid = &rid; + + printf("Testing CreateUser2(%s)\n", r.in.username->name); + + status = dcerpc_samr_CreateUser2(p, mem_ctx, &r); + + if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) { + printf("Server refused create of '%s'\n", r.in.username->name); + continue; + + } else if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) { + if (!test_DeleteUser_byname(p, mem_ctx, handle, r.in.username->name)) { + return False; + } + status = dcerpc_samr_CreateUser2(p, mem_ctx, &r); + + } + if (!NT_STATUS_EQUAL(status, account_types[i].nt_status)) { + printf("CreateUser2 failed gave incorrect error return - %s (should be %s)\n", + nt_errstr(status), nt_errstr(account_types[i].nt_status)); + ret = False; + } + + if (NT_STATUS_IS_OK(status)) { + q.in.handle = handle; + q.in.level = 16; + + status = dcerpc_samr_QueryUserInfo(p, mem_ctx, &q); + if (!NT_STATUS_IS_OK(status)) { + printf("QueryUserInfo level %u failed - %s\n", + q.in.level, nt_errstr(status)); + ret = False; + } else { + if (q.out.info->info16.acct_flags != acct_flags) { + printf("QuerUserInfo level 16 failed, it returned 0x%08xwhen we expected flags of 0x%08x\n", + q.out.info->info16.acct_flags, + acct_flags); + ret = False; + } + } + + if (!test_user_ops(p, mem_ctx, &acct_handle)) { + ret = False; + } + + printf("Testing DeleteUser\n"); + + d.in.handle = &acct_handle; + d.out.handle = &acct_handle; + + status = dcerpc_samr_DeleteUser(p, mem_ctx, &d); + if (!NT_STATUS_IS_OK(status)) { + printf("DeleteUser failed - %s\n", nt_errstr(status)); + ret = False; + } + } + } + + return ret; +} + static BOOL test_QueryAliasInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *handle) { @@ -752,6 +884,10 @@ static BOOL test_OpenDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, ret = False; } + if (!test_CreateUser2(p, mem_ctx, &domain_handle)) { + ret = False; + } + if (!test_QuerySecurity(p, mem_ctx, &domain_handle)) { ret = False; } -- cgit