#!/usr/bin/python import sys import dcerpc, samr def test_Connect(pipe): handle = samr.Connect(pipe) handle = samr.Connect2(pipe) handle = samr.Connect3(pipe) handle = samr.Connect4(pipe) # WIN2K3 only? try: handle = samr.Connect5(pipe) except dcerpc.NTSTATUS, arg: if arg[0] != 0xc00000d2L: # NT_STATUS_NET_WRITE_FAULT raise return handle def test_UserHandle(user_handle): # QuerySecurity()/SetSecurity() user_handle.SetSecurity(user_handle.QuerySecurity()) # GetUserPwInfo() user_handle.GetUserPwInfo() # GetUserInfo() for level in [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 16, 17, 20, 21, 23, 24, 25, 26]: try: user_handle.QueryUserInfo(level) user_handle.QueryUserInfo2(level) except dcerpc.NTSTATUS, arg: if arg[0] != 0xc0000003L: # NT_STATUS_INVALID_INFO_CLASS raise def test_GroupHandle(group_handle): # QuerySecurity()/SetSecurity() group_handle.SetSecurity(group_handle.QuerySecurity()) def test_AliasHandle(alias_handle): # QuerySecurity()/SetSecurity() alias_handle.SetSecurity(alias_handle.QuerySecurity()) def test_DomainHandle(name, sid, domain_handle): print 'testing %s (%s)' % (name, sid) # QuerySecurity()/SetSecurity() domain_handle.SetSecurity(domain_handle.QuerySecurity()) # LookupNames(), none mapped try: domain_handle.LookupNames(['xxNONAMExx']) except dcerpc.NTSTATUS, arg: if arg[0] != 0xc0000073L: raise dcerpc.NTSTATUS(arg) # LookupNames(), some mapped if name != 'Builtin': domain_handle.LookupNames(['Administrator', 'xxNONAMExx']) # QueryDomainInfo()/SetDomainInfo() levels = [1, 2, 3, 4, 5, 6, 7, 8, 9, 11, 12, 13] set_ok = [1, 0, 1, 1, 0, 1, 1, 0, 1, 0, 1, 0] for i in range(len(levels)): info = domain_handle.QueryDomainInfo(level = levels[i]) try: domain_handle.SetDomainInfo(levels[i], info) except dcerpc.NTSTATUS, arg: if not (arg[0] == 0xc0000003L and not set_ok[i]): raise # QueryDomainInfo2() levels = [1, 2, 3, 4, 5, 6, 7, 8, 9, 11, 12, 13] for i in range(len(levels)): domain_handle.QueryDomainInfo2(level = levels[i]) # EnumDomainUsers print 'testing users' users = domain_handle.EnumDomainUsers() rids = domain_handle.LookupNames(users) for i in range(len(users)): test_UserHandle(domain_handle.OpenUser(rids[0][i])) # QueryDisplayInfo for i in [1, 2, 3, 4, 5]: domain_handle.QueryDisplayInfo(level = i) domain_handle.QueryDisplayInfo2(level = i) domain_handle.QueryDisplayInfo3(level = i) # EnumDomainGroups print 'testing groups' groups = domain_handle.EnumDomainGroups() rids = domain_handle.LookupNames(groups) for i in range(len(groups)): test_GroupHandle(domain_handle.OpenGroup(rids[0][i])) # EnumDomainAliases print 'testing aliases' aliases = domain_handle.EnumDomainAliases() rids = domain_handle.LookupNames(aliases) for i in range(len(aliases)): test_AliasHandle(domain_handle.OpenAlias(rids[0][i])) # CreateUser # CreateUser2 # CreateDomAlias # RidToSid # RemoveMemberFromForeignDomain # CreateDomainGroup # GetAliasMembership def test_ConnectHandle(connect_handle): print 'testing connect handle' # QuerySecurity/SetSecurity connect_handle.SetSecurity(connect_handle.QuerySecurity()) # Lookup bogus domain try: connect_handle.LookupDomain('xxNODOMAINxx') except dcerpc.NTSTATUS, arg: if arg[0] != 0xC00000DFL: # NT_STATUS_NO_SUCH_DOMAIN raise # Test all domains for domain_name in connect_handle.EnumDomains(): connect_handle.GetDomPwInfo(domain_name) sid = connect_handle.LookupDomain(domain_name) domain_handle = connect_handle.OpenDomain(sid) test_DomainHandle(domain_name, sid, domain_handle) # TODO: Test Shutdown() function def runtests(binding, creds): print 'Testing SAMR pipe' pipe = dcerpc.pipe_connect(binding, dcerpc.DCERPC_SAMR_UUID, int(dcerpc.DCERPC_SAMR_VERSION), creds) handle = test_Connect(pipe) test_ConnectHandle(handle)