2 Unix SMB/CIFS implementation.
3 Test suite for libnet calls.
5 Copyright (C) Rafal Szczesniak 2007
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 * These are more general use functions shared among the tests.
26 #include "lib/cmdline/popt_common.h"
27 #include "torture/rpc/torture_rpc.h"
28 #include "libnet/libnet.h"
29 #include "librpc/gen_ndr/ndr_samr_c.h"
30 #include "librpc/gen_ndr/ndr_lsa_c.h"
31 #include "torture/libnet/proto.h"
32 #include "lib/ldb_wrap.h"
35 * Opens handle on Domain using SAMR
37 * @param _domain_handle [out] Ptr to storage to store Domain handle
38 * @param _dom_sid [out] If NULL, Domain SID won't be returned
40 bool test_domain_open(struct torture_context *tctx,
41 struct dcerpc_binding_handle *b,
42 struct lsa_String *domname,
44 struct policy_handle *_domain_handle,
45 struct dom_sid2 *_dom_sid)
47 struct policy_handle connect_handle;
48 struct policy_handle domain_handle;
49 struct samr_Connect r1;
50 struct samr_LookupDomain r2;
51 struct dom_sid2 *sid = NULL;
52 struct samr_OpenDomain r3;
54 torture_comment(tctx, "connecting\n");
56 r1.in.system_name = 0;
57 r1.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
58 r1.out.connect_handle = &connect_handle;
60 torture_assert_ntstatus_ok(tctx,
61 dcerpc_samr_Connect_r(b, mem_ctx, &r1),
63 torture_assert_ntstatus_ok(tctx, r1.out.result,
66 r2.in.connect_handle = &connect_handle;
67 r2.in.domain_name = domname;
70 torture_comment(tctx, "domain lookup on %s\n", domname->string);
72 torture_assert_ntstatus_ok(tctx,
73 dcerpc_samr_LookupDomain_r(b, mem_ctx, &r2),
74 "LookupDomain failed");
75 torture_assert_ntstatus_ok(tctx, r2.out.result,
76 "LookupDomain failed");
78 r3.in.connect_handle = &connect_handle;
79 r3.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
80 r3.in.sid = *r2.out.sid;
81 r3.out.domain_handle = &domain_handle;
83 torture_comment(tctx, "opening domain %s\n", domname->string);
85 torture_assert_ntstatus_ok(tctx,
86 dcerpc_samr_OpenDomain_r(b, mem_ctx, &r3),
88 torture_assert_ntstatus_ok(tctx, r3.out.result,
91 *_domain_handle = domain_handle;
94 *_dom_sid = **r2.out.sid;
97 /* Close connect_handle, we don't need it anymore */
98 test_samr_close_handle(tctx, b, mem_ctx, &connect_handle);
105 * Find out user's samAccountName for given
106 * user RDN. We need samAccountName value
107 * when deleting users.
109 static bool _get_account_name_for_user_rdn(struct torture_context *tctx,
110 struct dcerpc_binding_handle *b,
111 const char *user_rdn,
113 const char **_account_name)
116 struct ldb_context *ldb;
118 bool test_res = true;
119 struct dcerpc_pipe *p = talloc_get_type_abort(b->private_data, struct dcerpc_pipe);
121 struct ldb_result *ldb_res;
122 const char *account_name = NULL;
123 static const char *attrs[] = {
128 tmp_ctx = talloc_new(tctx);
129 torture_assert(tctx, tmp_ctx != NULL, "Failed to create temporary mem context");
131 url = talloc_asprintf(tmp_ctx, "ldap://%s/", p->binding->target_hostname);
132 torture_assert_goto(tctx, url != NULL, test_res, done, "Failed to allocate URL for ldb");
134 ldb = ldb_wrap_connect(tmp_ctx,
135 tctx->ev, tctx->lp_ctx,
136 url, NULL, cmdline_credentials, 0);
137 torture_assert_goto(tctx, ldb != NULL, test_res, done, "Failed to make LDB connection");
139 ldb_ret = ldb_search(ldb, tmp_ctx, &ldb_res,
140 ldb_get_default_basedn(ldb), LDB_SCOPE_SUBTREE,
142 "(&(objectClass=user)(name=%s))", user_rdn);
143 if (LDB_SUCCESS == ldb_ret && 1 == ldb_res->count) {
144 account_name = ldb_msg_find_attr_as_string(ldb_res->msgs[0], "samAccountName", NULL);
147 /* return user_rdn by default */
149 account_name = user_rdn;
152 /* duplicate memory in parent context */
153 *_account_name = talloc_strdup(mem_ctx, account_name);
156 talloc_free(tmp_ctx);
161 * Removes user by RDN through SAMR interface.
163 * @param domain_handle [in] Domain handle
164 * @param user_rdn [in] User's RDN in ldap database
166 bool test_user_cleanup(struct torture_context *tctx,
167 struct dcerpc_binding_handle *b,
169 struct policy_handle *domain_handle,
170 const char *user_rdn)
172 struct samr_LookupNames r1;
173 struct samr_OpenUser r2;
174 struct samr_DeleteUser r3;
175 struct lsa_String names[2];
177 struct policy_handle user_handle;
178 struct samr_Ids rids, types;
179 const char *account_name;
181 if (!_get_account_name_for_user_rdn(tctx, b, user_rdn, mem_ctx, &account_name)) {
182 torture_result(tctx, TORTURE_FAIL,
183 __location__": Failed to find samAccountName for %s", user_rdn);
187 names[0].string = account_name;
189 r1.in.domain_handle = domain_handle;
193 r1.out.types = &types;
195 torture_comment(tctx, "user account lookup '%s'\n", account_name);
197 torture_assert_ntstatus_ok(tctx,
198 dcerpc_samr_LookupNames_r(b, mem_ctx, &r1),
199 "LookupNames failed");
200 torture_assert_ntstatus_ok(tctx, r1.out.result,
201 "LookupNames failed");
203 rid = r1.out.rids->ids[0];
205 r2.in.domain_handle = domain_handle;
206 r2.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
208 r2.out.user_handle = &user_handle;
210 torture_comment(tctx, "opening user account\n");
212 torture_assert_ntstatus_ok(tctx,
213 dcerpc_samr_OpenUser_r(b, mem_ctx, &r2),
215 torture_assert_ntstatus_ok(tctx, r2.out.result,
218 r3.in.user_handle = &user_handle;
219 r3.out.user_handle = &user_handle;
221 torture_comment(tctx, "deleting user account\n");
223 torture_assert_ntstatus_ok(tctx,
224 dcerpc_samr_DeleteUser_r(b, mem_ctx, &r3),
225 "DeleteUser failed");
226 torture_assert_ntstatus_ok(tctx, r3.out.result,
227 "DeleteUser failed");
234 * Creates new user using SAMR
236 * @param name [in] Username for user to create
237 * @param rid [out] If NULL, User's RID is not returned
239 bool test_user_create(struct torture_context *tctx,
240 struct dcerpc_binding_handle *b,
242 struct policy_handle *domain_handle,
246 struct policy_handle user_handle;
247 struct lsa_String username;
248 struct samr_CreateUser r;
251 username.string = name;
253 r.in.domain_handle = domain_handle;
254 r.in.account_name = &username;
255 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
256 r.out.user_handle = &user_handle;
257 /* return user's RID only if requested */
258 r.out.rid = rid ? rid : &user_rid;
260 torture_comment(tctx, "creating user '%s'\n", username.string);
262 torture_assert_ntstatus_ok(tctx,
263 dcerpc_samr_CreateUser_r(b, mem_ctx, &r),
264 "CreateUser RPC call failed");
265 if (!NT_STATUS_IS_OK(r.out.result)) {
266 torture_comment(tctx, "CreateUser failed - %s\n", nt_errstr(r.out.result));
268 if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_USER_EXISTS)) {
269 torture_comment(tctx,
270 "User (%s) already exists - "
271 "attempting to delete and recreate account again\n",
273 if (!test_user_cleanup(tctx, b, mem_ctx, domain_handle, username.string)) {
277 torture_comment(tctx, "creating user account\n");
279 torture_assert_ntstatus_ok(tctx,
280 dcerpc_samr_CreateUser_r(b, mem_ctx, &r),
281 "CreateUser RPC call failed");
282 torture_assert_ntstatus_ok(tctx, r.out.result,
283 "CreateUser failed");
285 /* be nice and close opened handles */
286 test_samr_close_handle(tctx, b, mem_ctx, &user_handle);
293 /* be nice and close opened handles */
294 test_samr_close_handle(tctx, b, mem_ctx, &user_handle);
301 * Deletes a Group using SAMR interface
303 bool test_group_cleanup(struct torture_context *tctx,
304 struct dcerpc_binding_handle *b,
306 struct policy_handle *domain_handle,
309 struct samr_LookupNames r1;
310 struct samr_OpenGroup r2;
311 struct samr_DeleteDomainGroup r3;
312 struct lsa_String names[2];
314 struct policy_handle group_handle;
315 struct samr_Ids rids, types;
317 names[0].string = name;
319 r1.in.domain_handle = domain_handle;
323 r1.out.types = &types;
325 torture_comment(tctx, "group account lookup '%s'\n", name);
327 torture_assert_ntstatus_ok(tctx,
328 dcerpc_samr_LookupNames_r(b, mem_ctx, &r1),
329 "LookupNames failed");
330 torture_assert_ntstatus_ok(tctx, r1.out.result,
331 "LookupNames failed");
333 rid = r1.out.rids->ids[0];
335 r2.in.domain_handle = domain_handle;
336 r2.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
338 r2.out.group_handle = &group_handle;
340 torture_comment(tctx, "opening group account\n");
342 torture_assert_ntstatus_ok(tctx,
343 dcerpc_samr_OpenGroup_r(b, mem_ctx, &r2),
345 torture_assert_ntstatus_ok(tctx, r2.out.result,
348 r3.in.group_handle = &group_handle;
349 r3.out.group_handle = &group_handle;
351 torture_comment(tctx, "deleting group account\n");
353 torture_assert_ntstatus_ok(tctx,
354 dcerpc_samr_DeleteDomainGroup_r(b, mem_ctx, &r3),
355 "DeleteGroup failed");
356 torture_assert_ntstatus_ok(tctx, r3.out.result,
357 "DeleteGroup failed");
364 * Creates a Group object using SAMR interface
366 * @param group_name [in] Name of the group to create
367 * @param rid [out] RID of group created. May be NULL in
368 * which case RID is not required by caller
370 bool test_group_create(struct torture_context *tctx,
371 struct dcerpc_binding_handle *b,
373 struct policy_handle *handle,
374 const char *group_name,
378 struct lsa_String groupname;
379 struct samr_CreateDomainGroup r;
380 struct policy_handle group_handle;
382 groupname.string = group_name;
384 r.in.domain_handle = handle;
385 r.in.name = &groupname;
386 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
387 r.out.group_handle = &group_handle;
388 /* use local variable in case caller
389 * don't care about the group RID */
390 r.out.rid = rid ? rid : &group_rid;
392 torture_comment(tctx, "creating group account %s\n", group_name);
394 torture_assert_ntstatus_ok(tctx,
395 dcerpc_samr_CreateDomainGroup_r(b, mem_ctx, &r),
396 "CreateGroup failed");
397 if (!NT_STATUS_IS_OK(r.out.result)) {
398 torture_comment(tctx, "CreateGroup failed - %s\n", nt_errstr(r.out.result));
400 if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_GROUP_EXISTS)) {
401 torture_comment(tctx,
402 "Group (%s) already exists - "
403 "attempting to delete and recreate group again\n",
405 if (!test_group_cleanup(tctx, b, mem_ctx, handle, group_name)) {
409 torture_comment(tctx, "creating group account\n");
411 torture_assert_ntstatus_ok(tctx,
412 dcerpc_samr_CreateDomainGroup_r(b, mem_ctx, &r),
413 "CreateGroup failed");
414 torture_assert_ntstatus_ok(tctx, r.out.result,
415 "CreateGroup failed");
417 /* be nice and close opened handles */
418 test_samr_close_handle(tctx, b, mem_ctx, &group_handle);
425 /* be nice and close opened handles */
426 test_samr_close_handle(tctx, b, mem_ctx, &group_handle);
432 * Closes SAMR handle obtained from Connect, Open User/Domain, etc
434 bool test_samr_close_handle(struct torture_context *tctx,
435 struct dcerpc_binding_handle *b,
437 struct policy_handle *samr_handle)
441 r.in.handle = samr_handle;
442 r.out.handle = samr_handle;
444 torture_assert_ntstatus_ok(tctx,
445 dcerpc_samr_Close_r(b, mem_ctx, &r),
446 "Close SAMR handle RPC call failed");
447 torture_assert_ntstatus_ok(tctx, r.out.result,
448 "Close SAMR handle failed");
454 * Closes LSA handle obtained from Connect, Open Group, etc
456 bool test_lsa_close_handle(struct torture_context *tctx,
457 struct dcerpc_binding_handle *b,
459 struct policy_handle *lsa_handle)
463 r.in.handle = lsa_handle;
464 r.out.handle = lsa_handle;
466 torture_assert_ntstatus_ok(tctx,
467 dcerpc_lsa_Close_r(b, mem_ctx, &r),
468 "Close LSA handle RPC call failed");
469 torture_assert_ntstatus_ok(tctx, r.out.result,
470 "Close LSA handle failed");
476 * Create and initialize libnet_context Context.
477 * Use this function in cases where we need to have SAMR and LSA pipes
478 * of libnet_context to be connected before executing any other
481 * @param rpc_connect [in] Connects SAMR and LSA pipes
483 bool test_libnet_context_init(struct torture_context *tctx,
485 struct libnet_context **_net_ctx)
489 struct libnet_context *net_ctx;
491 net_ctx = libnet_context_init(tctx->ev, tctx->lp_ctx);
492 torture_assert(tctx, net_ctx != NULL, "Failed to create libnet_context");
494 /* Use command line credentials for testing */
495 net_ctx->cred = cmdline_credentials;
498 /* connect SAMR pipe */
499 status = torture_rpc_connection(tctx,
502 torture_assert_ntstatus_ok_goto(tctx, status, bret, done,
503 "Failed to connect SAMR pipe");
505 net_ctx->samr.samr_handle = net_ctx->samr.pipe->binding_handle;
507 /* connect LSARPC pipe */
508 status = torture_rpc_connection(tctx,
511 torture_assert_ntstatus_ok_goto(tctx, status, bret, done,
512 "Failed to connect LSA pipe");
514 net_ctx->lsa.lsa_handle = net_ctx->lsa.pipe->binding_handle;
521 /* a previous call has failed,
522 * clean up memory before exit */
523 talloc_free(net_ctx);
529 void msg_handler(struct monitor_msg *m)
531 struct msg_rpc_open_user *msg_open;
532 struct msg_rpc_query_user *msg_query;
533 struct msg_rpc_close_user *msg_close;
534 struct msg_rpc_create_user *msg_create;
537 case mon_SamrOpenUser:
538 msg_open = (struct msg_rpc_open_user*)m->data;
539 printf("monitor_msg: user opened (rid=%d, access_mask=0x%08x)\n",
540 msg_open->rid, msg_open->access_mask);
542 case mon_SamrQueryUser:
543 msg_query = (struct msg_rpc_query_user*)m->data;
544 printf("monitor_msg: user queried (level=%d)\n", msg_query->level);
546 case mon_SamrCloseUser:
547 msg_close = (struct msg_rpc_close_user*)m->data;
548 printf("monitor_msg: user closed (rid=%d)\n", msg_close->rid);
550 case mon_SamrCreateUser:
551 msg_create = (struct msg_rpc_create_user*)m->data;
552 printf("monitor_msg: user created (rid=%d)\n", msg_create->rid);