source4/torture/rpc/samr_priv.c

   1 /*
   2  * Unix SMB/CIFS implementation.
   3  * test suite for samr rpc operations
   4  *
   5  * Copyright (c) 2011      Andreas Schneider
   6  *
   7  * This program is free software; you can redistribute it and/or modify
   8  * it under the terms of the GNU General Public License as published by
   9  * the Free Software Foundation; either version 3 of the License, or
  10  * (at your option) any later version.
  11  *
  12  * This program is distributed in the hope that it will be useful,
  13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15  * GNU General Public License for more details.
  16  *
  17  * You should have received a copy of the GNU General Public License
  18  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  19  */
  20
  21 #include "includes.h"
  22 #include "param/param.h"
  23 #include "torture/torture.h"
  24 #include "librpc/gen_ndr/ndr_samr_c.h"
  25 #include "librpc/rpc/dcerpc_proto.h"
  26 #include "torture/rpc/torture_rpc.h"
  27
  28 #define TEST_ACCOUNT_NAME "guru"
  29
  30 static void init_lsa_String(struct lsa_String *name, const char *s)
  31 {
  32         name->string = s;
  33 }
  34
  35 static bool test_samr_queryUserInfo(struct torture_context *tctx,
  36                                     struct dcerpc_binding_handle *b,
  37                                     struct policy_handle *user_handle)
  38 {
  39         struct samr_QueryUserInfo r;
  40         union samr_UserInfo *info;
  41         NTSTATUS status;
  42
  43         r.in.level = UserGeneralInformation;
  44         r.in.user_handle = user_handle;
  45         r.out.info = &info;
  46
  47         status = dcerpc_samr_QueryUserInfo_r(b,
  48                                              tctx,
  49                                              &r);
  50         torture_assert_ntstatus_ok(tctx, status, "queryUserInfo failed");
  51         if (!NT_STATUS_EQUAL(r.out.result, NT_STATUS_OK)) {
  52                 torture_comment(tctx, "queryUserInfo failed");
  53                 return false;
  54         }
  55
  56         return true;
  57 }
  58
  59 static bool test_LookupName(struct dcerpc_binding_handle *b,
  60                             struct torture_context *tctx,
  61                             struct policy_handle *domain_handle,
  62                             const char *name,
  63                             uint32_t *rid)
  64 {
  65         NTSTATUS status;
  66         struct samr_LookupNames n;
  67         struct lsa_String sname[1];
  68         struct samr_Ids rids, types;
  69
  70         init_lsa_String(&sname[0], name);
  71
  72         n.in.domain_handle = domain_handle;
  73         n.in.num_names = 1;
  74         n.in.names = sname;
  75         n.out.rids = &rids;
  76         n.out.types = &types;
  77
  78         status = dcerpc_samr_LookupNames_r(b, tctx, &n);
  79         if (!NT_STATUS_IS_OK(status)) {
  80                 return false;
  81         }
  82         if (!NT_STATUS_IS_OK(n.out.result)) {
  83                 return false;
  84         }
  85
  86         *rid = n.out.rids->ids[0];
  87         return true;
  88 }
  89
  90 static bool test_samr_OpenUser(struct torture_context *tctx,
  91                                struct dcerpc_binding_handle *b,
  92                                struct policy_handle *domain_handle,
  93                                const char *name,
  94                                struct policy_handle *user_handle,
  95                                bool expected)
  96 {
  97         struct samr_OpenUser r;
  98         uint32_t rid = 0;
  99         NTSTATUS status;
 100         bool ok;
 101
 102         ok = test_LookupName(b, tctx, domain_handle, name, &rid);
 103         if (!ok && expected) {
 104                 torture_comment(tctx, " - lookup name for %s failed\n", name);
 105                 return true;
 106         } else if (!ok) {
 107                 return false;
 108         }
 109
 110         r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
 111         r.in.domain_handle = domain_handle;
 112         r.in.rid = rid;
 113         r.out.user_handle = user_handle;
 114
 115         status = dcerpc_samr_OpenUser_r(b, tctx, &r);
 116         torture_assert_ntstatus_ok(tctx, status, "CreateUser failed");
 117         if (!NT_STATUS_IS_OK(r.out.result)) {
 118                 torture_comment(tctx, "CreateUser failed");
 119                 return false;
 120         }
 121
 122         return true;
 123 }
 124
 125 static bool test_samr_openDomain(struct torture_context *tctx,
 126                                  struct dcerpc_binding_handle *b,
 127                                  struct policy_handle *connect_handle,
 128                                  const char *domain,
 129                                  struct policy_handle *domain_handle)
 130 {
 131         struct samr_LookupDomain r;
 132         struct samr_OpenDomain r2;
 133         struct lsa_String n;
 134         struct dom_sid *sid;
 135         NTSTATUS status;
 136
 137         r.in.connect_handle = connect_handle;
 138         init_lsa_String(&n, domain);
 139         r.in.domain_name = &n;
 140         r.out.sid = &sid;
 141
 142         status = dcerpc_samr_LookupDomain_r(b, tctx, &r);
 143         torture_assert_ntstatus_ok(tctx, status, "LookupDomain failed");
 144         if (!NT_STATUS_IS_OK(r.out.result)) {
 145                 torture_comment(tctx, "LookupDomain failed - %s\n", nt_errstr(r.out.result));
 146                 return false;
 147         }
 148
 149         r2.in.connect_handle = connect_handle;
 150         r2.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
 151         r2.in.sid = sid;
 152         r2.out.domain_handle = domain_handle;
 153
 154         status = dcerpc_samr_OpenDomain_r(b, tctx, &r2);
 155         torture_assert_ntstatus_ok(tctx, status, "OpenDomain failed");
 156         if (!NT_STATUS_IS_OK(r2.out.result)) {
 157                 torture_comment(tctx, "OpenDomain failed - %s\n", nt_errstr(r.out.result));
 158                 return false;
 159         }
 160
 161         return true;
 162 }
 163
 164 static bool test_samr_Connect(struct torture_context *tctx,
 165                               struct dcerpc_binding_handle *b,
 166                               struct policy_handle *connect_handle)
 167 {
 168         struct samr_Connect r;
 169         NTSTATUS status;
 170
 171         r.in.system_name = 0;
 172         r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
 173         r.out.connect_handle = connect_handle;
 174
 175         status = dcerpc_samr_Connect_r(b, tctx, &r);
 176         torture_assert_ntstatus_ok(tctx, status, "SAMR connect failed");
 177         if (!NT_STATUS_IS_OK(r.out.result)) {
 178                 torture_comment(tctx, "Connect failed - %s\n", nt_errstr(r.out.result));
 179                 return false;
 180         }
 181
 182         return true;
 183 }
 184
 185 static bool test_samr_userinfo_getinfo(struct torture_context *tctx,
 186                                        struct dcerpc_pipe *p,
 187                                        bool expected)
 188 {
 189         const char *name;
 190         struct dcerpc_pipe *p2 = NULL;
 191         struct dcerpc_binding_handle *b;
 192         struct policy_handle connect_handle;
 193         struct policy_handle domain_handle;
 194         struct policy_handle user_handle;
 195         NTSTATUS status;
 196         uint32_t i = 0;
 197         bool ok;
 198
 199         status = torture_rpc_connection(tctx, &p2, &ndr_table_samr);
 200         torture_assert_ntstatus_ok(tctx, status,
 201                         "Creating secondary connection failed");
 202         b = p2->binding_handle;
 203
 204         torture_comment(tctx, " - 2nd connect\n");
 205         /* connect */
 206         ZERO_STRUCT(connect_handle);
 207         ok = test_samr_Connect(tctx, b, &connect_handle);
 208         torture_assert(tctx, ok, "Unable to connect to domain");
 209
 210         torture_comment(tctx, " - 2nd open domain\n");
 211         /* open domain */
 212         ZERO_STRUCT(domain_handle);
 213         ok = test_samr_openDomain(tctx,
 214                                   b,
 215                                   &connect_handle,
 216                                   torture_setting_string(tctx, "workgroup",
 217                                                          lpcfg_workgroup(tctx->lp_ctx)),
 218                                   &domain_handle);
 219         torture_assert(tctx, ok, "Unable to open to domain");
 220
 221         /* create user */
 222         name = talloc_asprintf(tctx,
 223                                "%s%04d",
 224                                TEST_ACCOUNT_NAME,
 225                                i);
 226
 227         torture_comment(tctx, " - 2nd open user\n");
 228         ZERO_STRUCT(user_handle);
 229         ok = test_samr_OpenUser(tctx,
 230                                 b,
 231                                 &domain_handle,
 232                                 name,
 233                                 &user_handle,
 234                                 expected);
 235         torture_assert(tctx, ok, "Unable to open user");
 236
 237         if (!expected) {
 238                 torture_comment(tctx, " - 2nd query user\n");
 239                 ok = test_samr_queryUserInfo(tctx, b, &user_handle);
 240                 torture_assert(tctx, ok, "Unable to query user");
 241
 242                 test_samr_handle_Close(b, tctx, &user_handle);
 243         }
 244
 245         test_samr_handle_Close(b, tctx, &domain_handle);
 246         test_samr_handle_Close(b, tctx, &connect_handle);
 247
 248         talloc_free(p2);
 249
 250         return true;
 251 }
 252
 253 #define NUM_RUNS 20
 254 static bool torture_rpc_samr_caching(struct torture_context *tctx,
 255                                      struct dcerpc_pipe *p)
 256 {
 257         struct test_join *join;
 258         const char *password = NULL;
 259         const char *name;
 260         NTSTATUS status;
 261         uint32_t i = 0;
 262         bool ok;
 263
 264         torture_comment(tctx, ">>> Testing User Info Caching\n");
 265
 266         /* create user */
 267         name = talloc_asprintf(tctx,
 268                                "%s%04d",
 269                                TEST_ACCOUNT_NAME,
 270                                i);
 271
 272         torture_comment(tctx, "- Creating user %s\n", name);
 273
 274         join = torture_create_testuser(tctx,
 275                                        name,
 276                                        torture_setting_string(tctx, "workgroup",
 277                                                               lpcfg_workgroup(tctx->lp_ctx)),
 278                                        ACB_NORMAL,
 279                                        &password);
 280         if (join == NULL) {
 281                 return false;
 282         }
 283
 284         torture_comment(tctx, "- Query user information\n");
 285         for (i = 0; i < NUM_RUNS; i++) {
 286                 ok = test_samr_userinfo_getinfo(tctx, p, false);
 287                 torture_assert(tctx, ok, "test_samr_userinfo_getinfo failed");
 288         }
 289
 290         torture_comment(tctx, "- Delete user\n");
 291         status = torture_delete_testuser(tctx,
 292                                          join,
 293                                          name);
 294         if (!NT_STATUS_IS_OK(status)) {
 295                 torture_comment(tctx, "DeleteUser failed - %s\n",
 296                                       nt_errstr(status));
 297                 return false;
 298         }
 299
 300         torture_comment(tctx, "- Try to query user information again (should fail)\n");
 301         for (i = 0; i < NUM_RUNS; i++) {
 302                 ok = test_samr_userinfo_getinfo(tctx,
 303                                                 p,
 304                                                 true);
 305                 torture_assert(tctx, ok, "test_samr_userinfo_getinfo failed");
 306         }
 307
 308         return true;
 309 }
 310 #undef NUM_RUNS
 311
 312 struct torture_suite *torture_rpc_samr_priv(TALLOC_CTX *mem_ctx)
 313 {
 314         struct torture_suite *suite =
 315                 torture_suite_create(mem_ctx, "samr.priv");
 316         struct torture_rpc_tcase *tcase;
 317
 318         tcase = torture_suite_add_rpc_iface_tcase(suite,
 319                                                   "samr",
 320                                                   &ndr_table_samr);
 321
 322         torture_rpc_tcase_add_test(tcase,
 323                                    "caching",
 324                                    torture_rpc_samr_caching);
 325
 326         return suite;
 327 }