Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 :
4 : test suite for handle types on the SAMR pipe
5 :
6 : Copyright (C) Samuel Cabrero <scabrero@samba.org> 2020
7 :
8 : This program is free software; you can redistribute it and/or modify
9 : it under the terms of the GNU General Public License as published by
10 : the Free Software Foundation; either version 3 of the License, or
11 : (at your option) any later version.
12 :
13 : This program is distributed in the hope that it will be useful,
14 : but WITHOUT ANY WARRANTY; without even the implied warranty of
15 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 : GNU General Public License for more details.
17 :
18 : You should have received a copy of the GNU General Public License
19 : along with this program. If not, see <http://www.gnu.org/licenses/>.
20 : */
21 :
22 : #include "includes.h"
23 : #include "librpc/gen_ndr/ndr_samr_c.h"
24 : #include "torture/rpc/torture_rpc.h"
25 : #include "param/param.h"
26 : #include "libcli/security/security.h"
27 :
28 : enum samr_handle {
29 : SAMR_HANDLE_CONNECT,
30 : SAMR_HANDLE_DOMAIN,
31 : SAMR_HANDLE_USER,
32 : SAMR_HANDLE_GROUP,
33 : SAMR_HANDLE_ALIAS
34 : };
35 :
36 15 : static NTSTATUS torture_samr_Close(struct torture_context *tctx,
37 : struct dcerpc_binding_handle *b,
38 : struct policy_handle *h)
39 : {
40 0 : NTSTATUS status;
41 0 : struct samr_Close cl;
42 :
43 15 : cl.in.handle = h;
44 15 : cl.out.handle = h;
45 15 : status = dcerpc_samr_Close_r(b, tctx, &cl);
46 15 : if (!NT_STATUS_IS_OK(status)) {
47 0 : return status;
48 : }
49 :
50 15 : return cl.out.result;
51 : }
52 :
53 10 : static NTSTATUS torture_samr_Connect5(struct torture_context *tctx,
54 : struct dcerpc_binding_handle *b,
55 : uint32_t mask, struct policy_handle *h)
56 : {
57 0 : NTSTATUS status;
58 0 : struct samr_Connect5 r5;
59 0 : union samr_ConnectInfo info;
60 10 : uint32_t level_out = 0;
61 :
62 10 : info.info1.client_version = 0;
63 10 : info.info1.supported_features = 0;
64 10 : r5.in.system_name = "";
65 10 : r5.in.level_in = 1;
66 10 : r5.in.info_in = &info;
67 10 : r5.out.info_out = &info;
68 10 : r5.out.level_out = &level_out;
69 10 : r5.out.connect_handle = h;
70 10 : r5.in.access_mask = mask;
71 :
72 10 : status = dcerpc_samr_Connect5_r(b, tctx, &r5);
73 10 : if (!NT_STATUS_IS_OK(status)) {
74 0 : return status;
75 : }
76 :
77 10 : return r5.out.result;
78 : }
79 :
80 5 : static bool test_samr_handletype_OpenDomain(struct torture_context *tctx,
81 : struct dcerpc_pipe *p)
82 : {
83 0 : NTSTATUS status;
84 0 : struct samr_LookupDomain ld;
85 5 : struct dom_sid2 *sid = NULL;
86 0 : struct samr_OpenDomain od;
87 0 : struct samr_OpenUser ou;
88 0 : struct samr_OpenGroup og;
89 0 : struct policy_handle ch;
90 0 : struct policy_handle bad;
91 0 : struct policy_handle dh;
92 0 : struct policy_handle oh;
93 0 : struct lsa_String dn;
94 5 : struct dcerpc_binding_handle *b = p->binding_handle;
95 :
96 : /* first we must grab the sid of the domain */
97 5 : status = torture_samr_Connect5(tctx, b, SEC_FLAG_MAXIMUM_ALLOWED, &ch);
98 5 : torture_assert_ntstatus_ok(tctx, status, "Connect5 failed");
99 :
100 5 : ld.in.connect_handle = &ch;
101 5 : ld.in.domain_name = &dn;
102 5 : ld.out.sid = &sid;
103 5 : dn.string = lpcfg_workgroup(tctx->lp_ctx);
104 5 : status = dcerpc_samr_LookupDomain_r(b, tctx, &ld);
105 5 : torture_assert_ntstatus_ok(tctx, status, "LookupDomain failed");
106 5 : torture_assert_ntstatus_ok(tctx, ld.out.result, "LookupDomain failed");
107 :
108 5 : status = torture_samr_Connect5(tctx, b, 1, &ch);
109 5 : torture_assert_ntstatus_ok(tctx, status, "Connect5 failed");
110 :
111 5 : od.in.connect_handle = &bad;
112 5 : od.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
113 5 : od.in.sid = sid;
114 5 : od.out.domain_handle = &dh;
115 :
116 : /* Open domain, wrong handle GUID */
117 5 : bad = ch;
118 5 : bad.uuid = GUID_random();
119 :
120 5 : status = dcerpc_samr_OpenDomain_r(b, tctx, &od);
121 5 : torture_assert_ntstatus_equal(tctx,
122 : status,
123 : NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
124 : "OpenDomain succeeded with random GUID");
125 :
126 : /* Open domain, wrong handle type */
127 5 : bad = ch;
128 5 : bad.handle_type = SAMR_HANDLE_USER;
129 :
130 5 : status = dcerpc_samr_OpenDomain_r(b, tctx, &od);
131 5 : torture_assert_ntstatus_equal(tctx,
132 : status,
133 : NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
134 : "OpenDomain succeeded with wrong type");
135 :
136 : /* Open domain */
137 5 : bad = ch;
138 :
139 5 : status = dcerpc_samr_OpenDomain_r(b, tctx, &od);
140 5 : torture_assert_ntstatus_ok(tctx, status, "OpenDomain failed");
141 5 : torture_assert_ntstatus_ok(tctx, od.out.result, "OpenDomain failed");
142 :
143 5 : bad = dh;
144 :
145 : /* Open user, wrong handle type */
146 5 : ou.in.domain_handle = &bad;
147 5 : ou.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
148 5 : ou.in.rid = 501;
149 5 : ou.out.user_handle = &oh;
150 :
151 5 : bad.handle_type = SAMR_HANDLE_ALIAS;
152 :
153 5 : status = dcerpc_samr_OpenUser_r(b, tctx, &ou);
154 5 : torture_assert_ntstatus_equal(tctx,
155 : status,
156 : NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
157 : "OpenUser succeeded with wrong type");
158 :
159 : /* Open user */
160 5 : bad.handle_type = SAMR_HANDLE_DOMAIN;
161 :
162 5 : status = dcerpc_samr_OpenUser_r(b, tctx, &ou);
163 5 : torture_assert_ntstatus_ok(tctx, status, "OpenUser failed");
164 5 : torture_assert_ntstatus_ok(tctx, ou.out.result, "OpenUser failed");
165 :
166 : /* Close user */
167 5 : status = torture_samr_Close(tctx, b, &oh);
168 5 : torture_assert_ntstatus_ok(tctx, status, "Close failed");
169 :
170 5 : bad = dh;
171 :
172 : /* Open group, wrong type */
173 5 : og.in.domain_handle = &bad;
174 5 : og.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
175 5 : og.in.rid = 513;
176 5 : og.out.group_handle = &oh;
177 :
178 5 : bad.handle_type = SAMR_HANDLE_GROUP;
179 :
180 5 : status = dcerpc_samr_OpenGroup_r(b, tctx, &og);
181 5 : torture_assert_ntstatus_equal(tctx,
182 : status,
183 : NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
184 : "OpenGroup succeeded with wrong type");
185 :
186 : /* Open group */
187 5 : bad.handle_type = SAMR_HANDLE_DOMAIN;
188 :
189 5 : status = dcerpc_samr_OpenGroup_r(b, tctx, &og);
190 5 : torture_assert_ntstatus_ok(tctx, status, "OpenGroup failed");
191 5 : torture_assert_ntstatus_ok(tctx, ou.out.result, "OpenGroup failed");
192 :
193 : /* Close group */
194 5 : status = torture_samr_Close(tctx, b, &oh);
195 5 : torture_assert_ntstatus_ok(tctx, status, "Close failed");
196 :
197 : /* Close connect */
198 5 : status = torture_samr_Close(tctx, b, &ch);
199 5 : torture_assert_ntstatus_ok(tctx, status, "Close failed");
200 :
201 5 : return true;
202 : }
203 :
204 2354 : struct torture_suite *torture_rpc_samr_handletype(TALLOC_CTX *mem_ctx)
205 : {
206 2354 : struct torture_suite *suite = NULL;
207 2354 : struct torture_rpc_tcase *tcase = NULL;
208 :
209 2354 : suite = torture_suite_create(mem_ctx, "samr.handletype");
210 2354 : tcase = torture_suite_add_rpc_iface_tcase(suite, "samr",
211 : &ndr_table_samr);
212 :
213 2354 : torture_rpc_tcase_add_test(tcase, "OpenDomainHandleType",
214 : test_samr_handletype_OpenDomain);
215 :
216 2354 : return suite;
217 : }
|
