/* Unix SMB/CIFS implementation. test suite for samr rpc operations Copyright (C) Andrew Tridgell 2003 Copyright (C) Andrew Bartlett 2003 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #include "includes.h" #define TEST_ACCOUNT_NAME "samrtorturetest" #define TEST_ALIASNAME "samrtorturetestalias" #define TEST_GROUPNAME "samrtorturetestgroup" #define TEST_MACHINENAME "samrtorturetestmach$" #define TEST_DOMAINNAME "samrtorturetestdom$" static BOOL test_QueryUserInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *handle); static BOOL test_QueryUserInfo2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *handle); static BOOL test_QueryAliasInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *handle); static void init_samr_Name(struct samr_Name *name, const char *s) { name->name = s; } static BOOL test_Close(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *handle) { NTSTATUS status; struct samr_Close r; r.in.handle = handle; r.out.handle = handle; status = dcerpc_samr_Close(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { printf("Close handle failed - %s\n", nt_errstr(status)); return False; } return True; } static BOOL test_Shutdown(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *handle) { NTSTATUS status; struct samr_Shutdown r; if (lp_parm_int(-1, "torture", "dangerous") != 1) { printf("samr_Shutdown disabled - enable dangerous tests to use\n"); return True; } r.in.connect_handle = handle; printf("testing samr_Shutdown\n"); status = dcerpc_samr_Shutdown(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { printf("samr_Shutdown failed - %s\n", nt_errstr(status)); return False; } return True; } static BOOL test_SetDsrmPassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *handle) { NTSTATUS status; struct samr_SetDsrmPassword r; struct samr_Name name; struct samr_Password hash; if (lp_parm_int(-1, "torture", "dangerous") != 1) { printf("samr_SetDsrmPassword disabled - enable dangerous tests to use\n"); return True; } E_md4hash("TeSTDSRM123", hash.hash); init_samr_Name(&name, "Administrator"); r.in.name = &name; r.in.unknown = 0; r.in.hash = &hash; printf("testing samr_SetDsrmPassword\n"); status = dcerpc_samr_SetDsrmPassword(p, mem_ctx, &r); if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) { printf("samr_SetDsrmPassword failed - %s\n", nt_errstr(status)); return False; } return True; } static BOOL test_QuerySecurity(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *handle) { NTSTATUS status; struct samr_QuerySecurity r; struct samr_SetSecurity s; r.in.handle = handle; r.in.sec_info = 7; status = dcerpc_samr_QuerySecurity(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { printf("QuerySecurity failed - %s\n", nt_errstr(status)); return False; } if (r.out.sdbuf == NULL) { return False; } s.in.handle = handle; s.in.sec_info = 7; s.in.sdbuf = r.out.sdbuf; status = dcerpc_samr_SetSecurity(p, mem_ctx, &s); if (!NT_STATUS_IS_OK(status)) { printf("SetSecurity failed - %s\n", nt_errstr(status)); return False; } status = dcerpc_samr_QuerySecurity(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { printf("QuerySecurity failed - %s\n", nt_errstr(status)); return False; } return True; } static BOOL test_SetUserInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *handle) { NTSTATUS status; struct samr_SetUserInfo s; struct samr_SetUserInfo2 s2; struct samr_QueryUserInfo q; struct samr_QueryUserInfo q0; union samr_UserInfo u; BOOL ret = True; s.in.user_handle = handle; s.in.info = &u; s2.in.user_handle = handle; s2.in.info = &u; q.in.user_handle = handle; q.out.info = &u; q0 = q; #define TESTCALL(call, r) \ status = dcerpc_samr_ ##call(p, mem_ctx, &r); \ if (!NT_STATUS_IS_OK(status)) { \ printf(#call " level %u failed - %s (line %d)\n", \ r.in.level, nt_errstr(status), __LINE__); \ ret = False; \ break; \ } #define STRING_EQUAL(s1, s2, field) \ if ((s1 && !s2) || (s2 && !s1) || strcmp(s1, s2)) { \ printf("Failed to set %s to '%s' (line %d)\n", \ #field, s2, __LINE__); \ ret = False; \ break; \ } #define INT_EQUAL(i1, i2, field) \ if (i1 != i2) { \ printf("Failed to set %s to %u (line %d)\n", \ #field, i2, __LINE__); \ ret = False; \ break; \ } #define TEST_USERINFO_NAME(lvl1, field1, lvl2, field2, value, fpval) do { \ printf("field test %d/%s vs %d/%s\n", lvl1, #field1, lvl2, #field2); \ q.in.level = lvl1; \ TESTCALL(QueryUserInfo, q) \ s.in.level = lvl1; \ s2.in.level = lvl1; \ u = *q.out.info; \ if (lvl1 == 21) { \ ZERO_STRUCT(u.info21); \ u.info21.fields_present = fpval; \ } \ init_samr_Name(&u.info ## lvl1.field1, value); \ TESTCALL(SetUserInfo, s) \ TESTCALL(SetUserInfo2, s2) \ init_samr_Name(&u.info ## lvl1.field1, ""); \ TESTCALL(QueryUserInfo, q); \ u = *q.out.info; \ STRING_EQUAL(u.info ## lvl1.field1.name, value, field1); \ q.in.level = lvl2; \ TESTCALL(QueryUserInfo, q) \ u = *q.out.info; \ STRING_EQUAL(u.info ## lvl2.field2.name, value, field2); \ } while (0) #define TEST_USERINFO_INT(lvl1, field1, lvl2, field2, value, fpval) do { \ printf("field test %d/%s vs %d/%s\n", lvl1, #field1, lvl2, #field2); \ q.in.level = lvl1; \ TESTCALL(QueryUserInfo, q) \ s.in.level = lvl1; \ s2.in.level = lvl1; \ u = *q.out.info; \ if (lvl1 == 21) { \ uint8_t *bitmap = u.info21.logon_hours.bitmap; \ ZERO_STRUCT(u.info21); \ if (fpval == SAMR_FIELD_LOGON_HOURS) { \ u.info21.logon_hours.units_per_week = 168; \ u.info21.logon_hours.bitmap = bitmap; \ } \ u.info21.fields_present = fpval; \ } \ u.info ## lvl1.field1 = value; \ TESTCALL(SetUserInfo, s) \ TESTCALL(SetUserInfo2, s2) \ u.info ## lvl1.field1 = 0; \ TESTCALL(QueryUserInfo, q); \ u = *q.out.info; \ INT_EQUAL(u.info ## lvl1.field1, value, field1); \ q.in.level = lvl2; \ TESTCALL(QueryUserInfo, q) \ u = *q.out.info; \ INT_EQUAL(u.info ## lvl2.field2, value, field1); \ } while (0) q0.in.level = 12; do { TESTCALL(QueryUserInfo, q0) } while (0); TEST_USERINFO_NAME(2, comment, 1, comment, "xx2-1 comment", 0); TEST_USERINFO_NAME(2, comment, 21, comment, "xx2-21 comment", 0); TEST_USERINFO_NAME(21, comment, 21, comment, "xx21-21 comment", SAMR_FIELD_COMMENT); TEST_USERINFO_NAME(6, full_name, 1, full_name, "xx6-1 full_name", 0); TEST_USERINFO_NAME(6, full_name, 3, full_name, "xx6-3 full_name", 0); TEST_USERINFO_NAME(6, full_name, 5, full_name, "xx6-5 full_name", 0); TEST_USERINFO_NAME(6, full_name, 6, full_name, "xx6-6 full_name", 0); TEST_USERINFO_NAME(6, full_name, 8, full_name, "xx6-8 full_name", 0); TEST_USERINFO_NAME(6, full_name, 21, full_name, "xx6-21 full_name", 0); TEST_USERINFO_NAME(8, full_name, 21, full_name, "xx8-21 full_name", 0); TEST_USERINFO_NAME(21, full_name, 21, full_name, "xx21-21 full_name", SAMR_FIELD_NAME); TEST_USERINFO_NAME(11, logon_script, 3, logon_script, "xx11-3 logon_script", 0); TEST_USERINFO_NAME(11, logon_script, 5, logon_script, "xx11-5 logon_script", 0); TEST_USERINFO_NAME(11, logon_script, 21, logon_script, "xx11-21 logon_script", 0); TEST_USERINFO_NAME(21, logon_script, 21, logon_script, "xx21-21 logon_script", SAMR_FIELD_LOGON_SCRIPT); TEST_USERINFO_NAME(12, profile_path, 3, profile_path, "xx12-3 profile_path", 0); TEST_USERINFO_NAME(12, profile_path, 5, profile_path, "xx12-5 profile_path", 0); TEST_USERINFO_NAME(12, profile_path, 21, profile_path, "xx12-21 profile_path", 0); TEST_USERINFO_NAME(21, profile_path, 21, profile_path, "xx21-21 profile_path", SAMR_FIELD_PROFILE_PATH); TEST_USERINFO_NAME(13, description, 1, description, "xx13-1 description", 0); TEST_USERINFO_NAME(13, description, 5, description, "xx13-5 description", 0); TEST_USERINFO_NAME(13, description, 21, description, "xx13-21 description", 0); TEST_USERINFO_NAME(21, description, 21, description, "xx21-21 description", SAMR_FIELD_DESCRIPTION); TEST_USERINFO_NAME(14, workstations, 3, workstations, "14workstation3", 0); TEST_USERINFO_NAME(14, workstations, 5, workstations, "14workstation4", 0); TEST_USERINFO_NAME(14, workstations, 21, workstations, "14workstation21", 0); TEST_USERINFO_NAME(21, workstations, 21, workstations, "21workstation21", SAMR_FIELD_WORKSTATION); TEST_USERINFO_NAME(20, callback, 21, callback, "xx20-21 callback", 0); TEST_USERINFO_NAME(21, callback, 21, callback, "xx21-21 callback", SAMR_FIELD_CALLBACK); TEST_USERINFO_INT(2, country_code, 21, country_code, __LINE__, 0); TEST_USERINFO_INT(21, country_code, 21, country_code, __LINE__, SAMR_FIELD_COUNTRY_CODE); TEST_USERINFO_INT(2, code_page, 21, code_page, __LINE__, 0); TEST_USERINFO_INT(21, code_page, 21, code_page, __LINE__, SAMR_FIELD_CODE_PAGE); TEST_USERINFO_INT(4, logon_hours.bitmap[3], 3, logon_hours.bitmap[3], 1, 0); TEST_USERINFO_INT(4, logon_hours.bitmap[3], 5, logon_hours.bitmap[3], 2, 0); TEST_USERINFO_INT(4, logon_hours.bitmap[3], 21, logon_hours.bitmap[3], 3, 0); TEST_USERINFO_INT(21, logon_hours.bitmap[3], 21, logon_hours.bitmap[3], 4, SAMR_FIELD_LOGON_HOURS); #if 0 /* these fail with win2003 - it appears you can't set the primary gid? the set succeeds, but the gid isn't changed. Very weird! */ TEST_USERINFO_INT(9, primary_gid, 1, primary_gid, 513); TEST_USERINFO_INT(9, primary_gid, 3, primary_gid, 513); TEST_USERINFO_INT(9, primary_gid, 5, primary_gid, 513); TEST_USERINFO_INT(9, primary_gid, 21, primary_gid, 513); #endif return ret; } /* generate a random password for password change tests */ static char *samr_rand_pass(TALLOC_CTX *mem_ctx) { size_t len = 8 + (random() % 6); char *s = generate_random_str(mem_ctx, len); printf("Generated password '%s'\n", s); return s; } static BOOL test_SetUserPass(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *handle, char **password) { NTSTATUS status; struct samr_SetUserInfo s; union samr_UserInfo u; BOOL ret = True; DATA_BLOB session_key; char *newpass = samr_rand_pass(mem_ctx); s.in.user_handle = handle; s.in.info = &u; s.in.level = 24; encode_pw_buffer(u.info24.password.data, newpass, STR_UNICODE); /* w2k3 ignores this length */ u.info24.pw_len = str_charnum(newpass)*2; status = dcerpc_fetch_session_key(p, &session_key); if (!NT_STATUS_IS_OK(status)) { printf("SetUserInfo level %u - no session key - %s\n", s.in.level, nt_errstr(status)); return False; } arcfour_crypt_blob(u.info24.password.data, 516, &session_key); printf("Testing SetUserInfo level 24 (set password)\n"); status = dcerpc_samr_SetUserInfo(p, mem_ctx, &s); if (!NT_STATUS_IS_OK(status)) { printf("SetUserInfo level %u failed - %s\n", s.in.level, nt_errstr(status)); ret = False; } else { *password = newpass; } return ret; } static BOOL test_SetUserPass_23(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *handle, char **password) { NTSTATUS status; struct samr_SetUserInfo s; union samr_UserInfo u; BOOL ret = True; DATA_BLOB session_key; char *newpass = samr_rand_pass(mem_ctx); s.in.user_handle = handle; s.in.info = &u; s.in.level = 23; ZERO_STRUCT(u); u.info23.info.fields_present = SAMR_FIELD_PASSWORD; encode_pw_buffer(u.info23.password.data, newpass, STR_UNICODE); status = dcerpc_fetch_session_key(p, &session_key); if (!NT_STATUS_IS_OK(status)) { printf("SetUserInfo level %u - no session key - %s\n", s.in.level, nt_errstr(status)); return False; } arcfour_crypt_blob(u.info23.password.data, 516, &session_key); printf("Testing SetUserInfo level 23 (set password)\n"); status = dcerpc_samr_SetUserInfo(p, mem_ctx, &s); if (!NT_STATUS_IS_OK(status)) { printf("SetUserInfo level %u failed - %s\n", s.in.level, nt_errstr(status)); ret = False; } else { *password = newpass; } return ret; } static BOOL test_SetUserPassEx(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *handle, char **password) { NTSTATUS status; struct samr_SetUserInfo s; union samr_UserInfo u; BOOL ret = True; DATA_BLOB session_key; DATA_BLOB confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16); uint8_t confounder[16]; char *newpass = samr_rand_pass(mem_ctx); struct MD5Context ctx; s.in.user_handle = handle; s.in.info = &u; s.in.level = 26; encode_pw_buffer(u.info26.password.data, newpass, STR_UNICODE); u.info26.pw_len = strlen(newpass); status = dcerpc_fetch_session_key(p, &session_key); if (!NT_STATUS_IS_OK(status)) { printf("SetUserInfo level %u - no session key - %s\n", s.in.level, nt_errstr(status)); return False; } generate_random_buffer((uint8_t *)confounder, 16); MD5Init(&ctx); MD5Update(&ctx, confounder, 16); MD5Update(&ctx, session_key.data, session_key.length); MD5Final(confounded_session_key.data, &ctx); arcfour_crypt_blob(u.info26.password.data, 516, &confounded_session_key); memcpy(&u.info26.password.data[516], confounder, 16); printf("Testing SetUserInfo level 26 (set password ex)\n"); status = dcerpc_samr_SetUserInfo(p, mem_ctx, &s); if (!NT_STATUS_IS_OK(status)) { printf("SetUserInfo level %u failed - %s\n", s.in.level, nt_errstr(status)); ret = False; } else { *password = newpass; } return ret; } static BOOL test_SetUserPass_25(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *handle, char **password) { NTSTATUS status; struct samr_SetUserInfo s; union samr_UserInfo u; BOOL ret = True; DATA_BLOB session_key; DATA_BLOB confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16); uint8_t confounder[16]; char *newpass = samr_rand_pass(mem_ctx); struct MD5Context ctx; s.in.user_handle = handle; s.in.info = &u; s.in.level = 25; ZERO_STRUCT(u); u.info25.info.fields_present = SAMR_FIELD_PASSWORD; encode_pw_buffer(u.info25.password.data, newpass, STR_UNICODE); status = dcerpc_fetch_session_key(p, &session_key); if (!NT_STATUS_IS_OK(status)) { printf("SetUserInfo level %u - no session key - %s\n", s.in.level, nt_errstr(status)); return False; } generate_random_buffer((uint8_t *)confounder, 16); MD5Init(&ctx); MD5Update(&ctx, confounder, 16); MD5Update(&ctx, session_key.data, session_key.length); MD5Final(confounded_session_key.data, &ctx); arcfour_crypt_blob(u.info25.password.data, 516, &confounded_session_key); memcpy(&u.info25.password.data[516], confounder, 16); printf("Testing SetUserInfo level 25 (set password ex)\n"); status = dcerpc_samr_SetUserInfo(p, mem_ctx, &s); if (!NT_STATUS_IS_OK(status)) { printf("SetUserInfo level %u failed - %s\n", s.in.level, nt_errstr(status)); ret = False; } else { *password = newpass; } return ret; } static BOOL test_SetAliasInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *handle) { NTSTATUS status; struct samr_SetAliasInfo r; struct samr_QueryAliasInfo q; uint16_t levels[] = {2, 3}; int i; BOOL ret = True; /* Ignoring switch level 1, as that includes the number of members for the alias * and setting this to a wrong value might have negative consequences */ for (i=0;iname); status = dcerpc_samr_GetDomPwInfo(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { printf("GetDomPwInfo failed - %s\n", nt_errstr(status)); ret = False; } r.in.name->name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p)); printf("Testing GetDomPwInfo with name %s\n", r.in.name->name); status = dcerpc_samr_GetDomPwInfo(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { printf("GetDomPwInfo failed - %s\n", nt_errstr(status)); ret = False; } r.in.name->name = "\\\\__NONAME__"; printf("Testing GetDomPwInfo with name %s\n", r.in.name->name); status = dcerpc_samr_GetDomPwInfo(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { printf("GetDomPwInfo failed - %s\n", nt_errstr(status)); ret = False; } r.in.name->name = "\\\\Builtin"; printf("Testing GetDomPwInfo with name %s\n", r.in.name->name); status = dcerpc_samr_GetDomPwInfo(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { printf("GetDomPwInfo failed - %s\n", nt_errstr(status)); ret = False; } return ret; } static BOOL test_GetUserPwInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *handle) { NTSTATUS status; struct samr_GetUserPwInfo r; BOOL ret = True; printf("Testing GetUserPwInfo\n"); r.in.user_handle = handle; status = dcerpc_samr_GetUserPwInfo(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { printf("GetUserPwInfo failed - %s\n", nt_errstr(status)); ret = False; } return ret; } static NTSTATUS test_LookupName(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *domain_handle, const char *name, uint32_t *rid) { NTSTATUS status; struct samr_LookupNames n; struct samr_Name sname[2]; init_samr_Name(&sname[0], name); n.in.domain_handle = domain_handle; n.in.num_names = 1; n.in.names = sname; status = dcerpc_samr_LookupNames(p, mem_ctx, &n); if (NT_STATUS_IS_OK(status)) { *rid = n.out.rids.ids[0]; } else { return status; } init_samr_Name(&sname[1], "xxNONAMExx"); n.in.num_names = 2; status = dcerpc_samr_LookupNames(p, mem_ctx, &n); if (!NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) { printf("LookupNames[2] failed - %s\n", nt_errstr(status)); return status; } init_samr_Name(&sname[1], "xxNONAMExx"); n.in.num_names = 0; status = dcerpc_samr_LookupNames(p, mem_ctx, &n); if (!NT_STATUS_IS_OK(status)) { printf("LookupNames[0] failed - %s\n", nt_errstr(status)); } return status; } static NTSTATUS test_OpenUser_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *domain_handle, const char *name, struct policy_handle *user_handle) { NTSTATUS status; struct samr_OpenUser r; uint32_t rid; status = test_LookupName(p, mem_ctx, domain_handle, name, &rid); if (!NT_STATUS_IS_OK(status)) { return status; } r.in.domain_handle = domain_handle; r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED; r.in.rid = rid; r.out.user_handle = user_handle; status = dcerpc_samr_OpenUser(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { printf("OpenUser_byname(%s) failed - %s\n", name, nt_errstr(status)); } return status; } #if 0 static BOOL test_ChangePasswordNT3(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *handle) { NTSTATUS status; struct samr_ChangePasswordUser r; BOOL ret = True; struct samr_Password hash1, hash2, hash3, hash4, hash5, hash6; struct policy_handle user_handle; char *oldpass = "test"; char *newpass = "test2"; uint8_t old_nt_hash[16], new_nt_hash[16]; uint8_t old_lm_hash[16], new_lm_hash[16]; status = test_OpenUser_byname(p, mem_ctx, handle, "testuser", &user_handle); if (!NT_STATUS_IS_OK(status)) { return False; } printf("Testing ChangePasswordUser for user 'testuser'\n"); printf("old password: %s\n", oldpass); printf("new password: %s\n", newpass); E_md4hash(oldpass, old_nt_hash); E_md4hash(newpass, new_nt_hash); E_deshash(oldpass, old_lm_hash); E_deshash(newpass, new_lm_hash); E_old_pw_hash(new_lm_hash, old_lm_hash, hash1.hash); E_old_pw_hash(old_lm_hash, new_lm_hash, hash2.hash); E_old_pw_hash(new_nt_hash, old_nt_hash, hash3.hash); E_old_pw_hash(old_nt_hash, new_nt_hash, hash4.hash); E_old_pw_hash(old_lm_hash, new_nt_hash, hash5.hash); E_old_pw_hash(old_nt_hash, new_lm_hash, hash6.hash); r.in.handle = &user_handle; r.in.lm_present = 1; r.in.old_lm_crypted = &hash1; r.in.new_lm_crypted = &hash2; r.in.nt_present = 1; r.in.old_nt_crypted = &hash3; r.in.new_nt_crypted = &hash4; r.in.cross1_present = 1; r.in.nt_cross = &hash5; r.in.cross2_present = 1; r.in.lm_cross = &hash6; status = dcerpc_samr_ChangePasswordUser(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { printf("ChangePasswordUser failed - %s\n", nt_errstr(status)); ret = False; } if (!test_Close(p, mem_ctx, &user_handle)) { ret = False; } return ret; } #endif static BOOL test_ChangePasswordUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *handle, char **password) { NTSTATUS status; struct samr_ChangePasswordUser r; BOOL ret = True; struct samr_Password hash1, hash2, hash3, hash4, hash5, hash6; struct policy_handle user_handle; char *oldpass = *password; char *newpass = samr_rand_pass(mem_ctx); uint8_t old_nt_hash[16], new_nt_hash[16]; uint8_t old_lm_hash[16], new_lm_hash[16]; status = test_OpenUser_byname(p, mem_ctx, handle, TEST_ACCOUNT_NAME, &user_handle); if (!NT_STATUS_IS_OK(status)) { return False; } printf("Testing ChangePasswordUser\n"); E_md4hash(oldpass, old_nt_hash); E_md4hash(newpass, new_nt_hash); E_deshash(oldpass, old_lm_hash); E_deshash(newpass, new_lm_hash); E_old_pw_hash(new_lm_hash, old_lm_hash, hash1.hash); E_old_pw_hash(old_lm_hash, new_lm_hash, hash2.hash); E_old_pw_hash(new_nt_hash, old_nt_hash, hash3.hash); E_old_pw_hash(old_nt_hash, new_nt_hash, hash4.hash); E_old_pw_hash(old_lm_hash, new_nt_hash, hash5.hash); E_old_pw_hash(old_nt_hash, new_lm_hash, hash6.hash); r.in.user_handle = &user_handle; r.in.lm_present = 1; r.in.old_lm_crypted = &hash1; r.in.new_lm_crypted = &hash2; r.in.nt_present = 1; r.in.old_nt_crypted = &hash3; r.in.new_nt_crypted = &hash4; r.in.cross1_present = 1; r.in.nt_cross = &hash5; r.in.cross2_present = 1; r.in.lm_cross = &hash6; status = dcerpc_samr_ChangePasswordUser(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { printf("ChangePasswordUser failed - %s\n", nt_errstr(status)); ret = False; } else { *password = newpass; } if (!test_Close(p, mem_ctx, &user_handle)) { ret = False; } return ret; } static BOOL test_OemChangePasswordUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *handle, char **password) { NTSTATUS status; struct samr_OemChangePasswordUser2 r; BOOL ret = True; struct samr_Password lm_verifier; struct samr_CryptPassword lm_pass; struct samr_AsciiName server, account; char *oldpass = *password; char *newpass = samr_rand_pass(mem_ctx); uint8_t old_lm_hash[16], new_lm_hash[16]; printf("Testing OemChangePasswordUser2\n"); server.name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p)); account.name = TEST_ACCOUNT_NAME; E_deshash(oldpass, old_lm_hash); E_deshash(newpass, new_lm_hash); encode_pw_buffer(lm_pass.data, newpass, STR_ASCII); arcfour_crypt(lm_pass.data, old_lm_hash, 516); E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash); r.in.server = &server; r.in.account = &account; r.in.password = &lm_pass; r.in.hash = &lm_verifier; status = dcerpc_samr_OemChangePasswordUser2(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { printf("OemChangePasswordUser2 failed - %s\n", nt_errstr(status)); ret = False; } else { *password = newpass; } return ret; } static BOOL test_ChangePasswordUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *handle, char **password) { NTSTATUS status; struct samr_ChangePasswordUser2 r; BOOL ret = True; struct samr_Name server, account; struct samr_CryptPassword nt_pass, lm_pass; struct samr_Password nt_verifier, lm_verifier; char *oldpass = *password; char *newpass = samr_rand_pass(mem_ctx); uint8_t old_nt_hash[16], new_nt_hash[16]; uint8_t old_lm_hash[16], new_lm_hash[16]; printf("Testing ChangePasswordUser2\n"); server.name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p)); init_samr_Name(&account, TEST_ACCOUNT_NAME); E_md4hash(oldpass, old_nt_hash); E_md4hash(newpass, new_nt_hash); E_deshash(oldpass, old_lm_hash); E_deshash(newpass, new_lm_hash); encode_pw_buffer(lm_pass.data, newpass, STR_ASCII|STR_TERMINATE); arcfour_crypt(lm_pass.data, old_lm_hash, 516); E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash); encode_pw_buffer(nt_pass.data, newpass, STR_UNICODE); arcfour_crypt(nt_pass.data, old_nt_hash, 516); E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash); r.in.server = &server; r.in.account = &account; r.in.nt_password = &nt_pass; r.in.nt_verifier = &nt_verifier; r.in.lm_change = 1; r.in.lm_password = &lm_pass; r.in.lm_verifier = &lm_verifier; status = dcerpc_samr_ChangePasswordUser2(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { printf("ChangePasswordUser2 failed - %s\n", nt_errstr(status)); ret = False; } else { *password = newpass; } return ret; } static BOOL test_ChangePasswordUser3(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *handle, char **password) { NTSTATUS status; struct samr_ChangePasswordUser3 r; BOOL ret = True; struct samr_Name server, account; struct samr_CryptPassword nt_pass, lm_pass; struct samr_Password nt_verifier, lm_verifier; char *oldpass = *password; char *newpass = samr_rand_pass(mem_ctx); uint8_t old_nt_hash[16], new_nt_hash[16]; uint8_t old_lm_hash[16], new_lm_hash[16]; printf("Testing ChangePasswordUser3\n"); server.name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p)); init_samr_Name(&account, TEST_ACCOUNT_NAME); E_md4hash(oldpass, old_nt_hash); E_md4hash(newpass, new_nt_hash); E_deshash(oldpass, old_lm_hash); E_deshash(newpass, new_lm_hash); encode_pw_buffer(lm_pass.data, newpass, STR_UNICODE); arcfour_crypt(lm_pass.data, old_nt_hash, 516); E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash); encode_pw_buffer(nt_pass.data, newpass, STR_UNICODE); arcfour_crypt(nt_pass.data, old_nt_hash, 516); E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash); r.in.server = &server; r.in.account = &account; r.in.nt_password = &nt_pass; r.in.nt_verifier = &nt_verifier; r.in.lm_change = 1; r.in.lm_password = &lm_pass; r.in.lm_verifier = &lm_verifier; r.in.password3 = NULL; status = dcerpc_samr_ChangePasswordUser3(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { printf("ChangePasswordUser3 failed - %s\n", nt_errstr(status)); ret = False; } else { *password = newpass; } return ret; } static BOOL test_GetMembersInAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *alias_handle) { struct samr_GetMembersInAlias r; struct lsa_SidArray sids; NTSTATUS status; BOOL ret = True; printf("Testing GetMembersInAlias\n"); r.in.alias_handle = alias_handle; r.out.sids = &sids; status = dcerpc_samr_GetMembersInAlias(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { printf("GetMembersInAlias failed - %s\n", nt_errstr(status)); ret = False; } return ret; } static BOOL test_AddMemberToAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *alias_handle, const struct dom_sid *domain_sid) { struct samr_AddAliasMember r; struct samr_DeleteAliasMember d; NTSTATUS status; BOOL ret = True; struct dom_sid *sid; sid = dom_sid_add_rid(mem_ctx, domain_sid, 512); printf("testing AddAliasMember\n"); r.in.alias_handle = alias_handle; r.in.sid = sid; status = dcerpc_samr_AddAliasMember(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { printf("AddAliasMember failed - %s\n", nt_errstr(status)); ret = False; } d.in.alias_handle = alias_handle; d.in.sid = sid; status = dcerpc_samr_DeleteAliasMember(p, mem_ctx, &d); if (!NT_STATUS_IS_OK(status)) { printf("DelAliasMember failed - %s\n", nt_errstr(status)); ret = False; } return ret; } static BOOL test_AddMultipleMembersToAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *alias_handle) { struct samr_AddMultipleMembersToAlias a; struct samr_RemoveMultipleMembersFromAlias r; NTSTATUS status; BOOL ret = True; struct lsa_SidArray sids; printf("testing AddMultipleMembersToAlias\n"); a.in.alias_handle = alias_handle; a.in.sids = &sids; sids.num_sids = 3; sids.sids = talloc_array_p(mem_ctx, struct lsa_SidPtr, 3); sids.sids[0].sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-1-2-3-1"); sids.sids[1].sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-1-2-3-2"); sids.sids[2].sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-1-2-3-3"); status = dcerpc_samr_AddMultipleMembersToAlias(p, mem_ctx, &a); if (!NT_STATUS_IS_OK(status)) { printf("AddMultipleMembersToAlias failed - %s\n", nt_errstr(status)); ret = False; } printf("testing RemoveMultipleMembersFromAlias\n"); r.in.alias_handle = alias_handle; r.in.sids = &sids; status = dcerpc_samr_RemoveMultipleMembersFromAlias(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { printf("RemoveMultipleMembersFromAlias failed - %s\n", nt_errstr(status)); ret = False; } /* strange! removing twice doesn't give any error */ status = dcerpc_samr_RemoveMultipleMembersFromAlias(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { printf("RemoveMultipleMembersFromAlias failed - %s\n", nt_errstr(status)); ret = False; } /* but removing an alias that isn't there does */ sids.sids[2].sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-1-2-3-4"); status = dcerpc_samr_RemoveMultipleMembersFromAlias(p, mem_ctx, &r); if (!NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_NOT_FOUND, status)) { printf("RemoveMultipleMembersFromAlias failed - %s\n", nt_errstr(status)); ret = False; } return ret; } static BOOL test_TestPrivateFunctionsUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *user_handle) { struct samr_TestPrivateFunctionsUser r; NTSTATUS status; BOOL ret = True; printf("Testing TestPrivateFunctionsUser\n"); r.in.user_handle = user_handle; status = dcerpc_samr_TestPrivateFunctionsUser(p, mem_ctx, &r); if (!NT_STATUS_EQUAL(NT_STATUS_NOT_IMPLEMENTED, status)) { printf("TestPrivateFunctionsUser failed - %s\n", nt_errstr(status)); ret = False; } return ret; } static BOOL test_user_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *handle) { BOOL ret = True; if (!test_QuerySecurity(p, mem_ctx, handle)) { ret = False; } if (!test_QueryUserInfo(p, mem_ctx, handle)) { ret = False; } if (!test_QueryUserInfo2(p, mem_ctx, handle)) { ret = False; } if (!test_SetUserInfo(p, mem_ctx, handle)) { ret = False; } if (!test_GetUserPwInfo(p, mem_ctx, handle)) { ret = False; } if (!test_TestPrivateFunctionsUser(p, mem_ctx, handle)) { ret = False; } return ret; } static BOOL test_alias_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *alias_handle, const struct dom_sid *domain_sid) { BOOL ret = True; if (!test_QuerySecurity(p, mem_ctx, alias_handle)) { ret = False; } if (!test_QueryAliasInfo(p, mem_ctx, alias_handle)) { ret = False; } if (!test_SetAliasInfo(p, mem_ctx, alias_handle)) { ret = False; } if (!test_AddMemberToAlias(p, mem_ctx, alias_handle, domain_sid)) { ret = False; } if (!test_AddMultipleMembersToAlias(p, mem_ctx, alias_handle)) { ret = False; } return ret; } BOOL test_DeleteUser_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *handle, const char *name) { NTSTATUS status; struct samr_DeleteUser d; struct policy_handle user_handle; uint32_t rid; status = test_LookupName(p, mem_ctx, handle, name, &rid); if (!NT_STATUS_IS_OK(status)) { goto failed; } status = test_OpenUser_byname(p, mem_ctx, handle, name, &user_handle); if (!NT_STATUS_IS_OK(status)) { goto failed; } d.in.user_handle = &user_handle; d.out.user_handle = &user_handle; status = dcerpc_samr_DeleteUser(p, mem_ctx, &d); if (!NT_STATUS_IS_OK(status)) { goto failed; } return True; failed: printf("DeleteUser_byname(%s) failed - %s\n", name, nt_errstr(status)); return False; } static BOOL test_DeleteGroup_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *handle, const char *name) { NTSTATUS status; struct samr_OpenGroup r; struct samr_DeleteDomainGroup d; struct policy_handle group_handle; uint32_t rid; status = test_LookupName(p, mem_ctx, handle, name, &rid); if (!NT_STATUS_IS_OK(status)) { goto failed; } r.in.domain_handle = handle; r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED; r.in.rid = rid; r.out.group_handle = &group_handle; status = dcerpc_samr_OpenGroup(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { goto failed; } d.in.group_handle = &group_handle; d.out.group_handle = &group_handle; status = dcerpc_samr_DeleteDomainGroup(p, mem_ctx, &d); if (!NT_STATUS_IS_OK(status)) { goto failed; } return True; failed: printf("DeleteGroup_byname(%s) failed - %s\n", name, nt_errstr(status)); return False; } static BOOL test_DeleteAlias_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *domain_handle, const char *name) { NTSTATUS status; struct samr_OpenAlias r; struct samr_DeleteDomAlias d; struct policy_handle alias_handle; uint32_t rid; printf("testing DeleteAlias_byname\n"); status = test_LookupName(p, mem_ctx, domain_handle, name, &rid); if (!NT_STATUS_IS_OK(status)) { goto failed; } r.in.domain_handle = domain_handle; r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED; r.in.rid = rid; r.out.alias_handle = &alias_handle; status = dcerpc_samr_OpenAlias(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { goto failed; } d.in.alias_handle = &alias_handle; d.out.alias_handle = &alias_handle; status = dcerpc_samr_DeleteDomAlias(p, mem_ctx, &d); if (!NT_STATUS_IS_OK(status)) { goto failed; } return True; failed: printf("DeleteUser_byname(%s) failed - %s\n", name, nt_errstr(status)); return False; } static BOOL test_DeleteAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *alias_handle) { struct samr_DeleteDomAlias d; NTSTATUS status; BOOL ret = True; printf("Testing DeleteAlias\n"); d.in.alias_handle = alias_handle; d.out.alias_handle = alias_handle; status = dcerpc_samr_DeleteDomAlias(p, mem_ctx, &d); if (!NT_STATUS_IS_OK(status)) { printf("DeleteAlias failed - %s\n", nt_errstr(status)); ret = False; } return ret; } static BOOL test_CreateAlias(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *domain_handle, struct policy_handle *alias_handle, const struct dom_sid *domain_sid) { NTSTATUS status; struct samr_CreateDomAlias r; struct samr_Name name; uint32_t rid; BOOL ret = True; init_samr_Name(&name, TEST_ALIASNAME); r.in.domain_handle = domain_handle; r.in.aliasname = &name; r.in.access_mask = SEC_RIGHT_MAXIMUM_ALLOWED; r.out.alias_handle = alias_handle; r.out.rid = &rid; printf("Testing CreateAlias (%s)\n", r.in.aliasname->name); status = dcerpc_samr_CreateDomAlias(p, mem_ctx, &r); if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) { printf("Server refused create of '%s'\n", r.in.aliasname->name); return True; } if (NT_STATUS_EQUAL(status, NT_STATUS_ALIAS_EXISTS)) { if (!test_DeleteAlias_byname(p, mem_ctx, domain_handle, r.in.aliasname->name)) { return False; } status = dcerpc_samr_CreateDomAlias(p, mem_ctx, &r); } if (!NT_STATUS_IS_OK(status)) { printf("CreateAlias failed - %s\n", nt_errstr(status)); return False; } if (!test_alias_ops(p, mem_ctx, alias_handle, domain_sid)) { ret = False; } return ret; } static BOOL test_ChangePassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *domain_handle, char **password) { BOOL ret = True; if (!*password) { return False; } if (!test_ChangePasswordUser(p, mem_ctx, domain_handle, password)) { ret = False; } if (!test_ChangePasswordUser2(p, mem_ctx, domain_handle, password)) { ret = False; } if (!test_OemChangePasswordUser2(p, mem_ctx, domain_handle, password)) { ret = False; } if (!test_ChangePasswordUser3(p, mem_ctx, domain_handle, password)) { ret = False; } return ret; } static BOOL test_CreateUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *domain_handle, struct policy_handle *user_handle) { NTSTATUS status; struct samr_CreateUser r; struct samr_QueryUserInfo q; uint32_t rid; char *password = NULL; /* This call creates a 'normal' account - check that it really does */ const uint32_t acct_flags = ACB_NORMAL; struct samr_Name name; BOOL ret = True; init_samr_Name(&name, TEST_ACCOUNT_NAME); r.in.domain_handle = domain_handle; r.in.account_name = &name; r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED; r.out.user_handle = user_handle; r.out.rid = &rid; printf("Testing CreateUser(%s)\n", r.in.account_name->name); status = dcerpc_samr_CreateUser(p, mem_ctx, &r); if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) { printf("Server refused create of '%s'\n", r.in.account_name->name); ZERO_STRUCTP(user_handle); return True; } if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) { if (!test_DeleteUser_byname(p, mem_ctx, domain_handle, r.in.account_name->name)) { return False; } status = dcerpc_samr_CreateUser(p, mem_ctx, &r); } if (!NT_STATUS_IS_OK(status)) { printf("CreateUser failed - %s\n", nt_errstr(status)); return False; } q.in.user_handle = user_handle; q.in.level = 16; status = dcerpc_samr_QueryUserInfo(p, mem_ctx, &q); if (!NT_STATUS_IS_OK(status)) { printf("QueryUserInfo level %u failed - %s\n", q.in.level, nt_errstr(status)); ret = False; } else { if ((q.out.info->info16.acct_flags & acct_flags) != acct_flags) { printf("QuerUserInfo level 16 failed, it returned 0x%08x (%u) when we expected flags of 0x%08x (%u)\n", q.out.info->info16.acct_flags, q.out.info->info16.acct_flags, acct_flags, acct_flags); ret = False; } } if (!test_user_ops(p, mem_ctx, user_handle)) { ret = False; } if (!test_SetUserPass(p, mem_ctx, user_handle, &password)) { ret = False; } if (!test_SetUserPass_23(p, mem_ctx, user_handle, &password)) { ret = False; } if (!test_SetUserPassEx(p, mem_ctx, user_handle, &password)) { ret = False; } if (!test_SetUserPass_25(p, mem_ctx, user_handle, &password)) { ret = False; } /* we change passwords twice - this has the effect of verifying they were changed correctly */ if (!test_ChangePassword(p, mem_ctx, domain_handle, &password)) { ret = False; } if (!test_ChangePassword(p, mem_ctx, domain_handle, &password)) { ret = False; } return ret; } static BOOL test_DeleteUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *user_handle) { struct samr_DeleteUser d; NTSTATUS status; BOOL ret = True; printf("Testing DeleteUser\n"); d.in.user_handle = user_handle; d.out.user_handle = user_handle; status = dcerpc_samr_DeleteUser(p, mem_ctx, &d); if (!NT_STATUS_IS_OK(status)) { printf("DeleteUser failed - %s\n", nt_errstr(status)); ret = False; } return ret; } static BOOL test_CreateUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *handle) { NTSTATUS status; struct samr_CreateUser2 r; struct samr_QueryUserInfo q; struct samr_DeleteUser d; struct policy_handle user_handle; uint32_t rid; struct samr_Name name; BOOL ret = True; int i; struct { uint32_t acct_flags; const char *account_name; NTSTATUS nt_status; } account_types[] = { { ACB_NORMAL, TEST_ACCOUNT_NAME, NT_STATUS_OK }, { ACB_NORMAL | ACB_DISABLED, TEST_ACCOUNT_NAME, NT_STATUS_INVALID_PARAMETER }, { ACB_NORMAL | ACB_PWNOEXP, TEST_ACCOUNT_NAME, NT_STATUS_INVALID_PARAMETER }, { ACB_WSTRUST, TEST_MACHINENAME, NT_STATUS_OK }, { ACB_WSTRUST | ACB_DISABLED, TEST_MACHINENAME, NT_STATUS_INVALID_PARAMETER }, { ACB_WSTRUST | ACB_PWNOEXP, TEST_MACHINENAME, NT_STATUS_INVALID_PARAMETER }, { ACB_SVRTRUST, TEST_MACHINENAME, NT_STATUS_OK }, { ACB_SVRTRUST | ACB_DISABLED, TEST_MACHINENAME, NT_STATUS_INVALID_PARAMETER }, { ACB_SVRTRUST | ACB_PWNOEXP, TEST_MACHINENAME, NT_STATUS_INVALID_PARAMETER }, { ACB_DOMTRUST, TEST_DOMAINNAME, NT_STATUS_OK }, { ACB_DOMTRUST | ACB_DISABLED, TEST_DOMAINNAME, NT_STATUS_INVALID_PARAMETER }, { ACB_DOMTRUST | ACB_PWNOEXP, TEST_DOMAINNAME, NT_STATUS_INVALID_PARAMETER }, { 0, TEST_ACCOUNT_NAME, NT_STATUS_INVALID_PARAMETER }, { ACB_DISABLED, TEST_ACCOUNT_NAME, NT_STATUS_INVALID_PARAMETER }, { 0, NULL, NT_STATUS_INVALID_PARAMETER } }; for (i = 0; account_types[i].account_name; i++) { uint32_t acct_flags = account_types[i].acct_flags; uint32_t access_granted; init_samr_Name(&name, account_types[i].account_name); r.in.domain_handle = handle; r.in.account_name = &name; r.in.acct_flags = acct_flags; r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED; r.out.user_handle = &user_handle; r.out.access_granted = &access_granted; r.out.rid = &rid; printf("Testing CreateUser2(%s)\n", r.in.account_name->name); status = dcerpc_samr_CreateUser2(p, mem_ctx, &r); if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) { printf("Server refused create of '%s'\n", r.in.account_name->name); continue; } else if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) { if (!test_DeleteUser_byname(p, mem_ctx, handle, r.in.account_name->name)) { return False; } status = dcerpc_samr_CreateUser2(p, mem_ctx, &r); } if (!NT_STATUS_EQUAL(status, account_types[i].nt_status)) { printf("CreateUser2 failed gave incorrect error return - %s (should be %s)\n", nt_errstr(status), nt_errstr(account_types[i].nt_status)); ret = False; } if (NT_STATUS_IS_OK(status)) { q.in.user_handle = &user_handle; q.in.level = 16; status = dcerpc_samr_QueryUserInfo(p, mem_ctx, &q); if (!NT_STATUS_IS_OK(status)) { printf("QueryUserInfo level %u failed - %s\n", q.in.level, nt_errstr(status)); ret = False; } else { if ((q.out.info->info16.acct_flags & acct_flags) != acct_flags) { printf("QuerUserInfo level 16 failed, it returned 0x%08x when we expected flags of 0x%08x\n", q.out.info->info16.acct_flags, acct_flags); ret = False; } } if (!test_user_ops(p, mem_ctx, &user_handle)) { ret = False; } printf("Testing DeleteUser (createuser2 test)\n"); d.in.user_handle = &user_handle; d.out.user_handle = &user_handle; status = dcerpc_samr_DeleteUser(p, mem_ctx, &d); if (!NT_STATUS_IS_OK(status)) { printf("DeleteUser failed - %s\n", nt_errstr(status)); ret = False; } } } return ret; } static BOOL test_QueryAliasInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *handle) { NTSTATUS status; struct samr_QueryAliasInfo r; uint16_t levels[] = {1, 2, 3}; int i; BOOL ret = True; for (i=0;iname, "NewName"); } #endif if (s.in.level == 4) { init_samr_Name(&s.in.info->description, "test description"); } status = dcerpc_samr_SetGroupInfo(p, mem_ctx, &s); if (set_ok[i]) { if (!NT_STATUS_IS_OK(status)) { printf("SetGroupInfo level %u failed - %s\n", r.in.level, nt_errstr(status)); ret = False; continue; } } else { if (!NT_STATUS_EQUAL(NT_STATUS_INVALID_INFO_CLASS, status)) { printf("SetGroupInfo level %u gave %s - should have been NT_STATUS_INVALID_INFO_CLASS\n", r.in.level, nt_errstr(status)); ret = False; continue; } } } return ret; } static BOOL test_QueryUserInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *handle) { NTSTATUS status; struct samr_QueryUserInfo r; uint16_t levels[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 16, 17, 20, 21}; int i; BOOL ret = True; for (i=0;icount == 0) { return True; } for (i=0;icount;i++) { if (!test_OpenUser(p, mem_ctx, handle, r.out.sam->entries[i].idx)) { ret = False; } } printf("Testing LookupNames\n"); n.in.domain_handle = handle; n.in.num_names = r.out.sam->count; n.in.names = talloc(mem_ctx, r.out.sam->count * sizeof(struct samr_Name)); for (i=0;icount;i++) { n.in.names[i] = r.out.sam->entries[i].name; } status = dcerpc_samr_LookupNames(p, mem_ctx, &n); if (!NT_STATUS_IS_OK(status)) { printf("LookupNames failed - %s\n", nt_errstr(status)); ret = False; } printf("Testing LookupRids\n"); lr.in.domain_handle = handle; lr.in.num_rids = r.out.sam->count; lr.in.rids = talloc(mem_ctx, r.out.sam->count * sizeof(uint32_t)); for (i=0;icount;i++) { lr.in.rids[i] = r.out.sam->entries[i].idx; } status = dcerpc_samr_LookupRids(p, mem_ctx, &lr); if (!NT_STATUS_IS_OK(status)) { printf("LookupRids failed - %s\n", nt_errstr(status)); ret = False; } return ret; } /* try blasting the server with a bunch of sync requests */ static BOOL test_EnumDomainUsers_async(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *handle) { NTSTATUS status; struct samr_EnumDomainUsers r; uint32_t resume_handle=0; int i; #define ASYNC_COUNT 100 struct rpc_request *req[ASYNC_COUNT]; if (lp_parm_int(-1, "torture", "dangerous") != 1) { printf("samr async test disabled - enable dangerous tests to use\n"); return True; } printf("Testing EnumDomainUsers_async\n"); r.in.domain_handle = handle; r.in.resume_handle = &resume_handle; r.in.acct_flags = 0; r.in.max_size = (uint32_t)-1; r.out.resume_handle = &resume_handle; for (i=0;icount;i++) { if (!test_OpenGroup(p, mem_ctx, handle, r.out.sam->entries[i].idx)) { ret = False; } } return ret; } static BOOL test_EnumDomainAliases(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *handle) { NTSTATUS status; struct samr_EnumDomainAliases r; uint32_t resume_handle=0; int i; BOOL ret = True; printf("Testing EnumDomainAliases\n"); r.in.domain_handle = handle; r.in.resume_handle = &resume_handle; r.in.acct_flags = (uint32_t)-1; r.out.resume_handle = &resume_handle; status = dcerpc_samr_EnumDomainAliases(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { printf("EnumDomainAliases failed - %s\n", nt_errstr(status)); return False; } if (!r.out.sam) { return False; } for (i=0;icount;i++) { if (!test_OpenAlias(p, mem_ctx, handle, r.out.sam->entries[i].idx)) { ret = False; } } return ret; } static BOOL test_GetDisplayEnumerationIndex(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *handle) { NTSTATUS status; struct samr_GetDisplayEnumerationIndex r; BOOL ret = True; uint16_t levels[] = {1, 2, 3, 4, 5}; uint16_t ok_lvl[] = {1, 1, 1, 0, 0}; int i; for (i=0;icount; i++) { add_string_to_array(mem_ctx, q1.out.sam->entries[i].name.name, &names, &num_names); } } if (!NT_STATUS_IS_OK(status)) { printf("EnumDomainGroups failed - %s\n", nt_errstr(status)); return False; } if (!q1.out.sam) { return False; } q2.in.domain_handle = handle; q2.in.level = 5; q2.in.start_idx = 0; q2.in.max_entries = 5; q2.in.buf_size = (uint32_t)-1; status = STATUS_MORE_ENTRIES; while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) { status = dcerpc_samr_QueryDisplayInfo(p, mem_ctx, &q2); if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) break; for (i=0; iname); status = dcerpc_samr_CreateDomainGroup(p, mem_ctx, &r); if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) { printf("Server refused create of '%s'\n", r.in.name->name); ZERO_STRUCTP(group_handle); return True; } if (NT_STATUS_EQUAL(status, NT_STATUS_GROUP_EXISTS) || NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) { if (!test_DeleteGroup_byname(p, mem_ctx, domain_handle, r.in.name->name)) { return False; } status = dcerpc_samr_CreateDomainGroup(p, mem_ctx, &r); } if (!NT_STATUS_IS_OK(status)) { printf("CreateDomainGroup failed - %s\n", nt_errstr(status)); return False; } if (!test_AddGroupMember(p, mem_ctx, domain_handle, group_handle)) { ret = False; } if (!test_SetGroupInfo(p, mem_ctx, group_handle)) { ret = False; } return ret; } /* its not totally clear what this does. It seems to accept any sid you like. */ static BOOL test_RemoveMemberFromForeignDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *domain_handle) { NTSTATUS status; struct samr_RemoveMemberFromForeignDomain r; r.in.domain_handle = domain_handle; r.in.sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-12-34-56-78-9"); status = dcerpc_samr_RemoveMemberFromForeignDomain(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { printf("RemoveMemberFromForeignDomain failed - %s\n", nt_errstr(status)); return False; } return True; } static BOOL test_OpenDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *handle, struct dom_sid *sid) { NTSTATUS status; struct samr_OpenDomain r; struct policy_handle domain_handle; struct policy_handle user_handle; struct policy_handle alias_handle; struct policy_handle group_handle; BOOL ret = True; ZERO_STRUCT(user_handle); ZERO_STRUCT(alias_handle); ZERO_STRUCT(group_handle); ZERO_STRUCT(domain_handle); printf("Testing OpenDomain\n"); r.in.connect_handle = handle; r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED; r.in.sid = sid; r.out.domain_handle = &domain_handle; status = dcerpc_samr_OpenDomain(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { printf("OpenDomain failed - %s\n", nt_errstr(status)); return False; } if (!test_QuerySecurity(p, mem_ctx, &domain_handle)) { ret = False; } if (!test_RemoveMemberFromForeignDomain(p, mem_ctx, &domain_handle)) { ret = False; } if (!test_CreateUser2(p, mem_ctx, &domain_handle)) { ret = False; } if (!test_CreateUser(p, mem_ctx, &domain_handle, &user_handle)) { ret = False; } if (!test_CreateAlias(p, mem_ctx, &domain_handle, &alias_handle, sid)) { ret = False; } if (!test_CreateDomainGroup(p, mem_ctx, &domain_handle, &group_handle)) { ret = False; } if (!test_QueryDomainInfo(p, mem_ctx, &domain_handle)) { ret = False; } if (!test_QueryDomainInfo2(p, mem_ctx, &domain_handle)) { ret = False; } if (!test_EnumDomainUsers(p, mem_ctx, &domain_handle)) { ret = False; } if (!test_EnumDomainUsers_async(p, mem_ctx, &domain_handle)) { ret = False; } if (!test_EnumDomainGroups(p, mem_ctx, &domain_handle)) { ret = False; } if (!test_EnumDomainAliases(p, mem_ctx, &domain_handle)) { ret = False; } if (!test_QueryDisplayInfo(p, mem_ctx, &domain_handle)) { ret = False; } if (!test_QueryDisplayInfo2(p, mem_ctx, &domain_handle)) { ret = False; } if (!test_QueryDisplayInfo3(p, mem_ctx, &domain_handle)) { ret = False; } if (!test_GetDisplayEnumerationIndex(p, mem_ctx, &domain_handle)) { ret = False; } if (!test_GetDisplayEnumerationIndex2(p, mem_ctx, &domain_handle)) { ret = False; } if (!test_GroupList(p, mem_ctx, &domain_handle)) { ret = False; } if (!test_TestPrivateFunctionsDomain(p, mem_ctx, &domain_handle)) { ret = False; } if (!test_RidToSid(p, mem_ctx, &domain_handle)) { ret = False; } if (!test_GetBootKeyInformation(p, mem_ctx, &domain_handle)) { ret = False; } if (!policy_handle_empty(&user_handle) && !test_DeleteUser(p, mem_ctx, &user_handle)) { ret = False; } if (!policy_handle_empty(&alias_handle) && !test_DeleteAlias(p, mem_ctx, &alias_handle)) { ret = False; } if (!policy_handle_empty(&group_handle) && !test_DeleteDomainGroup(p, mem_ctx, &group_handle)) { ret = False; } if (!test_Close(p, mem_ctx, &domain_handle)) { ret = False; } return ret; } static BOOL test_LookupDomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *handle, struct samr_Name *domain) { NTSTATUS status; struct samr_LookupDomain r; struct samr_Name n2; BOOL ret = True; printf("Testing LookupDomain(%s)\n", domain->name); /* check for correct error codes */ r.in.connect_handle = handle; r.in.domain = &n2; n2.name = NULL; status = dcerpc_samr_LookupDomain(p, mem_ctx, &r); if (!NT_STATUS_EQUAL(NT_STATUS_INVALID_PARAMETER, status)) { printf("failed: LookupDomain expected NT_STATUS_INVALID_PARAMETER - %s\n", nt_errstr(status)); ret = False; } n2.name = "xxNODOMAINxx"; status = dcerpc_samr_LookupDomain(p, mem_ctx, &r); if (!NT_STATUS_EQUAL(NT_STATUS_NO_SUCH_DOMAIN, status)) { printf("failed: LookupDomain expected NT_STATUS_NO_SUCH_DOMAIN - %s\n", nt_errstr(status)); ret = False; } r.in.connect_handle = handle; r.in.domain = domain; status = dcerpc_samr_LookupDomain(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { printf("LookupDomain failed - %s\n", nt_errstr(status)); ret = False; } if (!test_GetDomPwInfo(p, mem_ctx, domain)) { ret = False; } if (!test_OpenDomain(p, mem_ctx, handle, r.out.sid)) { ret = False; } return ret; } static BOOL test_EnumDomains(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *handle) { NTSTATUS status; struct samr_EnumDomains r; uint32_t resume_handle = 0; int i; BOOL ret = True; r.in.connect_handle = handle; r.in.resume_handle = &resume_handle; r.in.buf_size = (uint32_t)-1; r.out.resume_handle = &resume_handle; status = dcerpc_samr_EnumDomains(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { printf("EnumDomains failed - %s\n", nt_errstr(status)); return False; } if (!r.out.sam) { return False; } for (i=0;icount;i++) { if (!test_LookupDomain(p, mem_ctx, handle, &r.out.sam->entries[i].name)) { ret = False; } } status = dcerpc_samr_EnumDomains(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { printf("EnumDomains failed - %s\n", nt_errstr(status)); return False; } return ret; } static BOOL test_Connect(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *handle) { NTSTATUS status; struct samr_Connect r; struct samr_Connect2 r2; struct samr_Connect3 r3; struct samr_Connect4 r4; struct samr_Connect5 r5; union samr_ConnectInfo info; BOOL ret = True; printf("testing samr_Connect\n"); r.in.system_name = 0; r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED; r.out.connect_handle = handle; status = dcerpc_samr_Connect(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { printf("Connect failed - %s\n", nt_errstr(status)); ret = False; } printf("testing samr_Connect2\n"); r2.in.system_name = NULL; r2.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED; r2.out.connect_handle = handle; status = dcerpc_samr_Connect2(p, mem_ctx, &r2); if (!NT_STATUS_IS_OK(status)) { printf("Connect2 failed - %s\n", nt_errstr(status)); ret = False; } printf("testing samr_Connect3\n"); r3.in.system_name = NULL; r3.in.unknown = 0; r3.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED; r3.out.connect_handle = handle; status = dcerpc_samr_Connect3(p, mem_ctx, &r3); if (!NT_STATUS_IS_OK(status)) { printf("Connect3 failed - %s\n", nt_errstr(status)); ret = False; } printf("testing samr_Connect4\n"); r4.in.system_name = ""; r4.in.unknown = 0; r4.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED; r4.out.connect_handle = handle; status = dcerpc_samr_Connect4(p, mem_ctx, &r4); if (!NT_STATUS_IS_OK(status)) { printf("Connect4 failed - %s\n", nt_errstr(status)); ret = False; } printf("testing samr_Connect5\n"); info.info1.unknown1 = 0; info.info1.unknown2 = 0; r5.in.system_name = ""; r5.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED; r5.in.level = 1; r5.in.info = &info; r5.out.info = &info; r5.out.connect_handle = handle; status = dcerpc_samr_Connect5(p, mem_ctx, &r5); if (!NT_STATUS_IS_OK(status)) { printf("Connect5 failed - %s\n", nt_errstr(status)); ret = False; } return ret; } BOOL torture_rpc_samr(int dummy) { NTSTATUS status; struct dcerpc_pipe *p; TALLOC_CTX *mem_ctx; BOOL ret = True; struct policy_handle handle; mem_ctx = talloc_init("torture_rpc_samr"); status = torture_rpc_connection(&p, DCERPC_SAMR_NAME, DCERPC_SAMR_UUID, DCERPC_SAMR_VERSION); if (!NT_STATUS_IS_OK(status)) { return False; } if (!test_Connect(p, mem_ctx, &handle)) { ret = False; } if (!test_QuerySecurity(p, mem_ctx, &handle)) { ret = False; } if (!test_EnumDomains(p, mem_ctx, &handle)) { ret = False; } if (!test_SetDsrmPassword(p, mem_ctx, &handle)) { ret = False; } if (!test_Shutdown(p, mem_ctx, &handle)) { ret = False; } if (!test_Close(p, mem_ctx, &handle)) { ret = False; } talloc_destroy(mem_ctx); torture_rpc_close(p); return ret; }