Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 : Test suite for libnet calls.
4 :
5 : Copyright (C) Rafal Szczesniak 2007
6 :
7 : This program is free software; you can redistribute it and/or modify
8 : it under the terms of the GNU General Public License as published by
9 : the Free Software Foundation; either version 3 of the License, or
10 : (at your option) any later version.
11 :
12 : This program is distributed in the hope that it will be useful,
13 : but WITHOUT ANY WARRANTY; without even the implied warranty of
14 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 : GNU General Public License for more details.
16 :
17 : You should have received a copy of the GNU General Public License
18 : along with this program. If not, see <http://www.gnu.org/licenses/>.
19 : */
20 :
21 : /*
22 : * These are more general use functions shared among the tests.
23 : */
24 :
25 : #include "includes.h"
26 : #include "lib/cmdline/cmdline.h"
27 : #include "torture/rpc/torture_rpc.h"
28 : #include "libnet/libnet.h"
29 : #include "librpc/gen_ndr/ndr_samr_c.h"
30 : #include "librpc/gen_ndr/ndr_lsa_c.h"
31 : #include "torture/libnet/proto.h"
32 : #include "ldb_wrap.h"
33 :
34 : /**
35 : * Opens handle on Domain using SAMR
36 : *
37 : * @param _domain_handle [out] Ptr to storage to store Domain handle
38 : * @param _dom_sid [out] If NULL, Domain SID won't be returned
39 : */
40 12 : bool test_domain_open(struct torture_context *tctx,
41 : struct dcerpc_binding_handle *b,
42 : struct lsa_String *domname,
43 : TALLOC_CTX *mem_ctx,
44 : struct policy_handle *_domain_handle,
45 : struct dom_sid2 *_dom_sid)
46 : {
47 0 : struct policy_handle connect_handle;
48 0 : struct policy_handle domain_handle;
49 0 : struct samr_Connect r1;
50 0 : struct samr_LookupDomain r2;
51 12 : struct dom_sid2 *sid = NULL;
52 0 : struct samr_OpenDomain r3;
53 :
54 12 : torture_comment(tctx, "connecting\n");
55 :
56 12 : r1.in.system_name = 0;
57 12 : r1.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
58 12 : r1.out.connect_handle = &connect_handle;
59 :
60 12 : torture_assert_ntstatus_ok(tctx,
61 : dcerpc_samr_Connect_r(b, mem_ctx, &r1),
62 : "Connect failed");
63 12 : torture_assert_ntstatus_ok(tctx, r1.out.result,
64 : "Connect failed");
65 :
66 12 : r2.in.connect_handle = &connect_handle;
67 12 : r2.in.domain_name = domname;
68 12 : r2.out.sid = &sid;
69 :
70 12 : torture_comment(tctx, "domain lookup on %s\n", domname->string);
71 :
72 12 : torture_assert_ntstatus_ok(tctx,
73 : dcerpc_samr_LookupDomain_r(b, mem_ctx, &r2),
74 : "LookupDomain failed");
75 12 : torture_assert_ntstatus_ok(tctx, r2.out.result,
76 : "LookupDomain failed");
77 :
78 12 : r3.in.connect_handle = &connect_handle;
79 12 : r3.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
80 12 : r3.in.sid = *r2.out.sid;
81 12 : r3.out.domain_handle = &domain_handle;
82 :
83 12 : torture_comment(tctx, "opening domain %s\n", domname->string);
84 :
85 12 : torture_assert_ntstatus_ok(tctx,
86 : dcerpc_samr_OpenDomain_r(b, mem_ctx, &r3),
87 : "OpenDomain failed");
88 12 : torture_assert_ntstatus_ok(tctx, r3.out.result,
89 : "OpenDomain failed");
90 :
91 12 : *_domain_handle = domain_handle;
92 :
93 12 : if (_dom_sid) {
94 8 : *_dom_sid = **r2.out.sid;
95 : }
96 :
97 : /* Close connect_handle, we don't need it anymore */
98 12 : test_samr_close_handle(tctx, b, mem_ctx, &connect_handle);
99 :
100 12 : return true;
101 : }
102 :
103 :
104 : /**
105 : * Find out user's samAccountName for given
106 : * user RDN. We need samAccountName value
107 : * when deleting users.
108 : */
109 8 : static bool _get_account_name_for_user_rdn(struct torture_context *tctx,
110 : const char *user_rdn,
111 : TALLOC_CTX *mem_ctx,
112 : const char **_account_name)
113 : {
114 0 : const char *url;
115 0 : struct ldb_context *ldb;
116 0 : TALLOC_CTX *tmp_ctx;
117 8 : bool test_res = true;
118 8 : const char *hostname = torture_setting_string(tctx, "host", NULL);
119 0 : int ldb_ret;
120 0 : struct ldb_result *ldb_res;
121 8 : const char *account_name = NULL;
122 0 : static const char *attrs[] = {
123 : "samAccountName",
124 : NULL
125 : };
126 :
127 8 : torture_assert(tctx, hostname != NULL, "Failed to get hostname");
128 :
129 8 : tmp_ctx = talloc_new(tctx);
130 8 : torture_assert(tctx, tmp_ctx != NULL, "Failed to create temporary mem context");
131 :
132 8 : url = talloc_asprintf(tmp_ctx, "ldap://%s/", hostname);
133 8 : torture_assert_goto(tctx, url != NULL, test_res, done, "Failed to allocate URL for ldb");
134 :
135 8 : ldb = ldb_wrap_connect(tmp_ctx,
136 : tctx->ev, tctx->lp_ctx,
137 : url, NULL, samba_cmdline_get_creds(), 0);
138 8 : torture_assert_goto(tctx, ldb != NULL, test_res, done, "Failed to make LDB connection");
139 :
140 8 : ldb_ret = ldb_search(ldb, tmp_ctx, &ldb_res,
141 : ldb_get_default_basedn(ldb), LDB_SCOPE_SUBTREE,
142 : attrs,
143 : "(&(objectClass=user)(name=%s))", user_rdn);
144 8 : if (LDB_SUCCESS == ldb_ret && 1 == ldb_res->count) {
145 8 : account_name = ldb_msg_find_attr_as_string(ldb_res->msgs[0], "samAccountName", NULL);
146 : }
147 :
148 : /* return user_rdn by default */
149 8 : if (!account_name) {
150 0 : account_name = user_rdn;
151 : }
152 :
153 : /* duplicate memory in parent context */
154 8 : *_account_name = talloc_strdup(mem_ctx, account_name);
155 :
156 8 : done:
157 8 : talloc_free(tmp_ctx);
158 8 : return test_res;
159 : }
160 :
161 : /**
162 : * Removes user by RDN through SAMR interface.
163 : *
164 : * @param domain_handle [in] Domain handle
165 : * @param user_rdn [in] User's RDN in ldap database
166 : */
167 8 : bool test_user_cleanup(struct torture_context *tctx,
168 : struct dcerpc_binding_handle *b,
169 : TALLOC_CTX *mem_ctx,
170 : struct policy_handle *domain_handle,
171 : const char *user_rdn)
172 : {
173 0 : struct samr_LookupNames r1;
174 0 : struct samr_OpenUser r2;
175 0 : struct samr_DeleteUser r3;
176 0 : struct lsa_String names[2];
177 0 : uint32_t rid;
178 0 : struct policy_handle user_handle;
179 0 : struct samr_Ids rids, types;
180 0 : const char *account_name;
181 :
182 8 : if (!_get_account_name_for_user_rdn(tctx, user_rdn, mem_ctx, &account_name)) {
183 0 : torture_result(tctx, TORTURE_FAIL,
184 : __location__": Failed to find samAccountName for %s", user_rdn);
185 0 : return false;
186 : }
187 :
188 8 : names[0].string = account_name;
189 :
190 8 : r1.in.domain_handle = domain_handle;
191 8 : r1.in.num_names = 1;
192 8 : r1.in.names = names;
193 8 : r1.out.rids = &rids;
194 8 : r1.out.types = &types;
195 :
196 8 : torture_comment(tctx, "user account lookup '%s'\n", account_name);
197 :
198 8 : torture_assert_ntstatus_ok(tctx,
199 : dcerpc_samr_LookupNames_r(b, mem_ctx, &r1),
200 : "LookupNames failed");
201 8 : torture_assert_ntstatus_ok(tctx, r1.out.result,
202 : "LookupNames failed");
203 :
204 8 : rid = r1.out.rids->ids[0];
205 :
206 8 : r2.in.domain_handle = domain_handle;
207 8 : r2.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
208 8 : r2.in.rid = rid;
209 8 : r2.out.user_handle = &user_handle;
210 :
211 8 : torture_comment(tctx, "opening user account\n");
212 :
213 8 : torture_assert_ntstatus_ok(tctx,
214 : dcerpc_samr_OpenUser_r(b, mem_ctx, &r2),
215 : "OpenUser failed");
216 8 : torture_assert_ntstatus_ok(tctx, r2.out.result,
217 : "OpenUser failed");
218 :
219 8 : r3.in.user_handle = &user_handle;
220 8 : r3.out.user_handle = &user_handle;
221 :
222 8 : torture_comment(tctx, "deleting user account\n");
223 :
224 8 : torture_assert_ntstatus_ok(tctx,
225 : dcerpc_samr_DeleteUser_r(b, mem_ctx, &r3),
226 : "DeleteUser failed");
227 8 : torture_assert_ntstatus_ok(tctx, r3.out.result,
228 : "DeleteUser failed");
229 :
230 8 : return true;
231 : }
232 :
233 :
234 : /**
235 : * Creates new user using SAMR
236 : *
237 : * @param name [in] Username for user to create
238 : * @param rid [out] If NULL, User's RID is not returned
239 : */
240 7 : bool test_user_create(struct torture_context *tctx,
241 : struct dcerpc_binding_handle *b,
242 : TALLOC_CTX *mem_ctx,
243 : struct policy_handle *domain_handle,
244 : const char *name,
245 : uint32_t *rid)
246 : {
247 0 : struct policy_handle user_handle;
248 0 : struct lsa_String username;
249 0 : struct samr_CreateUser r;
250 0 : uint32_t user_rid;
251 :
252 7 : username.string = name;
253 :
254 7 : r.in.domain_handle = domain_handle;
255 7 : r.in.account_name = &username;
256 7 : r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
257 7 : r.out.user_handle = &user_handle;
258 : /* return user's RID only if requested */
259 7 : r.out.rid = rid ? rid : &user_rid;
260 :
261 7 : torture_comment(tctx, "creating user '%s'\n", username.string);
262 :
263 7 : torture_assert_ntstatus_ok(tctx,
264 : dcerpc_samr_CreateUser_r(b, mem_ctx, &r),
265 : "CreateUser RPC call failed");
266 7 : if (!NT_STATUS_IS_OK(r.out.result)) {
267 0 : torture_comment(tctx, "CreateUser failed - %s\n", nt_errstr(r.out.result));
268 :
269 0 : if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_USER_EXISTS)) {
270 0 : torture_comment(tctx,
271 : "User (%s) already exists - "
272 : "attempting to delete and recreate account again\n",
273 : username.string);
274 0 : if (!test_user_cleanup(tctx, b, mem_ctx, domain_handle, username.string)) {
275 0 : return false;
276 : }
277 :
278 0 : torture_comment(tctx, "creating user account\n");
279 :
280 0 : torture_assert_ntstatus_ok(tctx,
281 : dcerpc_samr_CreateUser_r(b, mem_ctx, &r),
282 : "CreateUser RPC call failed");
283 0 : torture_assert_ntstatus_ok(tctx, r.out.result,
284 : "CreateUser failed");
285 :
286 : /* be nice and close opened handles */
287 0 : test_samr_close_handle(tctx, b, mem_ctx, &user_handle);
288 :
289 0 : return true;
290 : }
291 0 : return false;
292 : }
293 :
294 : /* be nice and close opened handles */
295 7 : test_samr_close_handle(tctx, b, mem_ctx, &user_handle);
296 :
297 7 : return true;
298 : }
299 :
300 :
301 : /**
302 : * Deletes a Group using SAMR interface
303 : */
304 4 : bool test_group_cleanup(struct torture_context *tctx,
305 : struct dcerpc_binding_handle *b,
306 : TALLOC_CTX *mem_ctx,
307 : struct policy_handle *domain_handle,
308 : const char *name)
309 : {
310 0 : struct samr_LookupNames r1;
311 0 : struct samr_OpenGroup r2;
312 0 : struct samr_DeleteDomainGroup r3;
313 0 : struct lsa_String names[2];
314 0 : uint32_t rid;
315 0 : struct policy_handle group_handle;
316 0 : struct samr_Ids rids, types;
317 :
318 4 : names[0].string = name;
319 :
320 4 : r1.in.domain_handle = domain_handle;
321 4 : r1.in.num_names = 1;
322 4 : r1.in.names = names;
323 4 : r1.out.rids = &rids;
324 4 : r1.out.types = &types;
325 :
326 4 : torture_comment(tctx, "group account lookup '%s'\n", name);
327 :
328 4 : torture_assert_ntstatus_ok(tctx,
329 : dcerpc_samr_LookupNames_r(b, mem_ctx, &r1),
330 : "LookupNames failed");
331 4 : torture_assert_ntstatus_ok(tctx, r1.out.result,
332 : "LookupNames failed");
333 :
334 4 : rid = r1.out.rids->ids[0];
335 :
336 4 : r2.in.domain_handle = domain_handle;
337 4 : r2.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
338 4 : r2.in.rid = rid;
339 4 : r2.out.group_handle = &group_handle;
340 :
341 4 : torture_comment(tctx, "opening group account\n");
342 :
343 4 : torture_assert_ntstatus_ok(tctx,
344 : dcerpc_samr_OpenGroup_r(b, mem_ctx, &r2),
345 : "OpenGroup failed");
346 4 : torture_assert_ntstatus_ok(tctx, r2.out.result,
347 : "OpenGroup failed");
348 :
349 4 : r3.in.group_handle = &group_handle;
350 4 : r3.out.group_handle = &group_handle;
351 :
352 4 : torture_comment(tctx, "deleting group account\n");
353 :
354 4 : torture_assert_ntstatus_ok(tctx,
355 : dcerpc_samr_DeleteDomainGroup_r(b, mem_ctx, &r3),
356 : "DeleteGroup failed");
357 4 : torture_assert_ntstatus_ok(tctx, r3.out.result,
358 : "DeleteGroup failed");
359 :
360 4 : return true;
361 : }
362 :
363 :
364 : /**
365 : * Creates a Group object using SAMR interface
366 : *
367 : * @param group_name [in] Name of the group to create
368 : * @param rid [out] RID of group created. May be NULL in
369 : * which case RID is not required by caller
370 : */
371 2 : bool test_group_create(struct torture_context *tctx,
372 : struct dcerpc_binding_handle *b,
373 : TALLOC_CTX *mem_ctx,
374 : struct policy_handle *handle,
375 : const char *group_name,
376 : uint32_t *rid)
377 : {
378 0 : uint32_t group_rid;
379 0 : struct lsa_String groupname;
380 0 : struct samr_CreateDomainGroup r;
381 0 : struct policy_handle group_handle;
382 :
383 2 : groupname.string = group_name;
384 :
385 2 : r.in.domain_handle = handle;
386 2 : r.in.name = &groupname;
387 2 : r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
388 2 : r.out.group_handle = &group_handle;
389 : /* use local variable in case caller
390 : * don't care about the group RID */
391 2 : r.out.rid = rid ? rid : &group_rid;
392 :
393 2 : torture_comment(tctx, "creating group account %s\n", group_name);
394 :
395 2 : torture_assert_ntstatus_ok(tctx,
396 : dcerpc_samr_CreateDomainGroup_r(b, mem_ctx, &r),
397 : "CreateGroup failed");
398 2 : if (!NT_STATUS_IS_OK(r.out.result)) {
399 0 : torture_comment(tctx, "CreateGroup failed - %s\n", nt_errstr(r.out.result));
400 :
401 0 : if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_GROUP_EXISTS)) {
402 0 : torture_comment(tctx,
403 : "Group (%s) already exists - "
404 : "attempting to delete and recreate group again\n",
405 : group_name);
406 0 : if (!test_group_cleanup(tctx, b, mem_ctx, handle, group_name)) {
407 0 : return false;
408 : }
409 :
410 0 : torture_comment(tctx, "creating group account\n");
411 :
412 0 : torture_assert_ntstatus_ok(tctx,
413 : dcerpc_samr_CreateDomainGroup_r(b, mem_ctx, &r),
414 : "CreateGroup failed");
415 0 : torture_assert_ntstatus_ok(tctx, r.out.result,
416 : "CreateGroup failed");
417 :
418 : /* be nice and close opened handles */
419 0 : test_samr_close_handle(tctx, b, mem_ctx, &group_handle);
420 :
421 0 : return true;
422 : }
423 0 : return false;
424 : }
425 :
426 : /* be nice and close opened handles */
427 2 : test_samr_close_handle(tctx, b, mem_ctx, &group_handle);
428 :
429 2 : return true;
430 : }
431 :
432 : /**
433 : * Closes SAMR handle obtained from Connect, Open User/Domain, etc
434 : */
435 28 : bool test_samr_close_handle(struct torture_context *tctx,
436 : struct dcerpc_binding_handle *b,
437 : TALLOC_CTX *mem_ctx,
438 : struct policy_handle *samr_handle)
439 : {
440 0 : struct samr_Close r;
441 :
442 28 : r.in.handle = samr_handle;
443 28 : r.out.handle = samr_handle;
444 :
445 28 : torture_assert_ntstatus_ok(tctx,
446 : dcerpc_samr_Close_r(b, mem_ctx, &r),
447 : "Close SAMR handle RPC call failed");
448 28 : torture_assert_ntstatus_ok(tctx, r.out.result,
449 : "Close SAMR handle failed");
450 :
451 28 : return true;
452 : }
453 :
454 : /**
455 : * Closes LSA handle obtained from Connect, Open Group, etc
456 : */
457 2 : bool test_lsa_close_handle(struct torture_context *tctx,
458 : struct dcerpc_binding_handle *b,
459 : TALLOC_CTX *mem_ctx,
460 : struct policy_handle *lsa_handle)
461 : {
462 0 : struct lsa_Close r;
463 :
464 2 : r.in.handle = lsa_handle;
465 2 : r.out.handle = lsa_handle;
466 :
467 2 : torture_assert_ntstatus_ok(tctx,
468 : dcerpc_lsa_Close_r(b, mem_ctx, &r),
469 : "Close LSA handle RPC call failed");
470 2 : torture_assert_ntstatus_ok(tctx, r.out.result,
471 : "Close LSA handle failed");
472 :
473 2 : return true;
474 : }
475 :
476 : /**
477 : * Create and initialize libnet_context Context.
478 : * Use this function in cases where we need to have SAMR and LSA pipes
479 : * of libnet_context to be connected before executing any other
480 : * libnet call
481 : *
482 : * @param rpc_connect [in] Connects SAMR and LSA pipes
483 : */
484 5 : bool test_libnet_context_init(struct torture_context *tctx,
485 : bool rpc_connect,
486 : struct libnet_context **_net_ctx)
487 : {
488 0 : NTSTATUS status;
489 5 : bool bret = true;
490 0 : struct libnet_context *net_ctx;
491 :
492 5 : net_ctx = libnet_context_init(tctx->ev, tctx->lp_ctx);
493 5 : torture_assert(tctx, net_ctx != NULL, "Failed to create libnet_context");
494 :
495 : /* Use command line credentials for testing */
496 5 : net_ctx->cred = samba_cmdline_get_creds();
497 :
498 5 : if (rpc_connect) {
499 : /* connect SAMR pipe */
500 5 : status = torture_rpc_connection(tctx,
501 : &net_ctx->samr.pipe,
502 : &ndr_table_samr);
503 5 : torture_assert_ntstatus_ok_goto(tctx, status, bret, done,
504 : "Failed to connect SAMR pipe");
505 :
506 5 : net_ctx->samr.samr_handle = net_ctx->samr.pipe->binding_handle;
507 :
508 : /* connect LSARPC pipe */
509 5 : status = torture_rpc_connection(tctx,
510 : &net_ctx->lsa.pipe,
511 : &ndr_table_lsarpc);
512 5 : torture_assert_ntstatus_ok_goto(tctx, status, bret, done,
513 : "Failed to connect LSA pipe");
514 :
515 5 : net_ctx->lsa.lsa_handle = net_ctx->lsa.pipe->binding_handle;
516 : }
517 :
518 5 : *_net_ctx = net_ctx;
519 :
520 5 : done:
521 5 : if (!bret) {
522 : /* a previous call has failed,
523 : * clean up memory before exit */
524 0 : talloc_free(net_ctx);
525 : }
526 5 : return bret;
527 : }
528 :
529 :
530 8 : void msg_handler(struct monitor_msg *m)
531 : {
532 0 : struct msg_rpc_open_user *msg_open;
533 0 : struct msg_rpc_query_user *msg_query;
534 0 : struct msg_rpc_close_user *msg_close;
535 0 : struct msg_rpc_create_user *msg_create;
536 :
537 8 : switch (m->type) {
538 2 : case mon_SamrOpenUser:
539 2 : msg_open = (struct msg_rpc_open_user*)m->data;
540 2 : printf("monitor_msg: user opened (rid=%d, access_mask=0x%08x)\n",
541 : msg_open->rid, msg_open->access_mask);
542 2 : break;
543 2 : case mon_SamrQueryUser:
544 2 : msg_query = (struct msg_rpc_query_user*)m->data;
545 2 : printf("monitor_msg: user queried (level=%d)\n", msg_query->level);
546 2 : break;
547 0 : case mon_SamrCloseUser:
548 0 : msg_close = (struct msg_rpc_close_user*)m->data;
549 0 : printf("monitor_msg: user closed (rid=%d)\n", msg_close->rid);
550 0 : break;
551 1 : case mon_SamrCreateUser:
552 1 : msg_create = (struct msg_rpc_create_user*)m->data;
553 1 : printf("monitor_msg: user created (rid=%d)\n", msg_create->rid);
554 1 : break;
555 : }
556 8 : }
|
