/**
* Creates a Group object using SAMR interface
*
* @param group_name [in] Name of the group to create
* @param rid [out] RID of group created. May be NULL in
* which case RID is not required by caller
*/
bool test_group_create(struct torture_context *tctx,
struct dcerpc_binding_handle *b,
TALLOC_CTX *mem_ctx,
struct policy_handle *handle,
const char *group_name,
uint32_t *rid)
{
uint32_t group_rid;
struct lsa_String groupname;
struct samr_CreateDomainGroup r;
struct policy_handle group_handle;
groupname.string = group_name;
r.in.domain_handle = handle;
r.in.name = &groupname;
r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
r.out.group_handle = &group_handle;
/* use local variable in case caller
* don't care about the group RID */
r.out.rid = rid ? rid : &group_rid;
torture_comment(tctx, "creating group account %s\n", group_name);
torture_assert_ntstatus_ok(tctx,
dcerpc_samr_CreateDomainGroup_r(b, mem_ctx, &r),
"CreateGroup failed");
if (!NT_STATUS_IS_OK(r.out.result)) {
torture_comment(tctx, "CreateGroup failed - %s\n", nt_errstr(r.out.result));
if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_GROUP_EXISTS)) {
torture_comment(tctx,
"Group (%s) already exists - "
"attempting to delete and recreate group again\n",
group_name);
if (!test_group_cleanup(tctx, b, mem_ctx, handle, group_name)) {
return false;
}
torture_comment(tctx, "creating group account\n");
torture_assert_ntstatus_ok(tctx,
dcerpc_samr_CreateDomainGroup_r(b, mem_ctx, &r),
"CreateGroup failed");
torture_assert_ntstatus_ok(tctx, r.out.result,
"CreateGroup failed");
/* be nice and close opened handles */
test_samr_close_handle(tctx, b, mem_ctx, &group_handle);
return true;
}
return false;
}
/* be nice and close opened handles */
test_samr_close_handle(tctx, b, mem_ctx, &group_handle);
return true;
}
/**
* Creates new user using SAMR
*
* @param name [in] Username for user to create
* @param rid [out] If NULL, User's RID is not returned
*/
bool test_user_create(struct torture_context *tctx,
struct dcerpc_binding_handle *b,
TALLOC_CTX *mem_ctx,
struct policy_handle *domain_handle,
const char *name,
uint32_t *rid)
{
struct policy_handle user_handle;
struct lsa_String username;
struct samr_CreateUser r;
uint32_t user_rid;
username.string = name;
r.in.domain_handle = domain_handle;
r.in.account_name = &username;
r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
r.out.user_handle = &user_handle;
/* return user's RID only if requested */
r.out.rid = rid ? rid : &user_rid;
torture_comment(tctx, "creating user '%s'\n", username.string);
torture_assert_ntstatus_ok(tctx,
dcerpc_samr_CreateUser_r(b, mem_ctx, &r),
"CreateUser RPC call failed");
if (!NT_STATUS_IS_OK(r.out.result)) {
torture_comment(tctx, "CreateUser failed - %s\n", nt_errstr(r.out.result));
if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_USER_EXISTS)) {
torture_comment(tctx,
"User (%s) already exists - "
"attempting to delete and recreate account again\n",
username.string);
if (!test_user_cleanup(tctx, b, mem_ctx, domain_handle, username.string)) {
return false;
}
torture_comment(tctx, "creating user account\n");
torture_assert_ntstatus_ok(tctx,
dcerpc_samr_CreateUser_r(b, mem_ctx, &r),
"CreateUser RPC call failed");
torture_assert_ntstatus_ok(tctx, r.out.result,
"CreateUser failed");
/* be nice and close opened handles */
test_samr_close_handle(tctx, b, mem_ctx, &user_handle);
return true;
}
return false;
}
/* be nice and close opened handles */
test_samr_close_handle(tctx, b, mem_ctx, &user_handle);
return true;
}
bool torture_creategroup(struct torture_context *torture)
{
bool ret = true;
NTSTATUS status;
TALLOC_CTX *mem_ctx = NULL;
struct libnet_context *ctx;
struct libnet_CreateGroup req;
mem_ctx = talloc_init("test_creategroup");
ctx = libnet_context_init(torture->ev, torture->lp_ctx);
ctx->cred = popt_get_cmdline_credentials();
req.in.group_name = TEST_GROUPNAME;
req.in.domain_name = lpcfg_workgroup(torture->lp_ctx);
req.out.error_string = NULL;
status = libnet_CreateGroup(ctx, mem_ctx, &req);
if (!NT_STATUS_IS_OK(status)) {
torture_comment(torture, "libnet_CreateGroup call failed: %s\n", nt_errstr(status));
ret = false;
goto done;
}
if (!test_group_cleanup(torture, ctx->samr.pipe->binding_handle,
mem_ctx, &ctx->samr.handle, TEST_GROUPNAME)) {
torture_comment(torture, "cleanup failed\n");
ret = false;
goto done;
}
if (!test_samr_close_handle(torture,
ctx->samr.pipe->binding_handle, mem_ctx, &ctx->samr.handle)) {
torture_comment(torture, "domain close failed\n");
ret = false;
}
done:
talloc_free(ctx);
talloc_free(mem_ctx);
return ret;
}
/**
* Opens handle on Domain using SAMR
*
* @param _domain_handle [out] Ptr to storage to store Domain handle
* @param _dom_sid [out] If NULL, Domain SID won't be returned
*/
bool test_domain_open(struct torture_context *tctx,
struct dcerpc_binding_handle *b,
struct lsa_String *domname,
TALLOC_CTX *mem_ctx,
struct policy_handle *_domain_handle,
struct dom_sid2 *_dom_sid)
{
struct policy_handle connect_handle;
struct policy_handle domain_handle;
struct samr_Connect r1;
struct samr_LookupDomain r2;
struct dom_sid2 *sid = NULL;
struct samr_OpenDomain r3;
torture_comment(tctx, "connecting\n");
r1.in.system_name = 0;
r1.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
r1.out.connect_handle = &connect_handle;
torture_assert_ntstatus_ok(tctx,
dcerpc_samr_Connect_r(b, mem_ctx, &r1),
"Connect failed");
torture_assert_ntstatus_ok(tctx, r1.out.result,
"Connect failed");
r2.in.connect_handle = &connect_handle;
r2.in.domain_name = domname;
r2.out.sid = &sid;
torture_comment(tctx, "domain lookup on %s\n", domname->string);
torture_assert_ntstatus_ok(tctx,
dcerpc_samr_LookupDomain_r(b, mem_ctx, &r2),
"LookupDomain failed");
torture_assert_ntstatus_ok(tctx, r2.out.result,
"LookupDomain failed");
r3.in.connect_handle = &connect_handle;
r3.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
r3.in.sid = *r2.out.sid;
r3.out.domain_handle = &domain_handle;
torture_comment(tctx, "opening domain %s\n", domname->string);
torture_assert_ntstatus_ok(tctx,
dcerpc_samr_OpenDomain_r(b, mem_ctx, &r3),
"OpenDomain failed");
torture_assert_ntstatus_ok(tctx, r3.out.result,
"OpenDomain failed");
*_domain_handle = domain_handle;
if (_dom_sid) {
*_dom_sid = **r2.out.sid;
}
/* Close connect_handle, we don't need it anymore */
test_samr_close_handle(tctx, b, mem_ctx, &connect_handle);
return true;
}
bool torture_groupinfo_api(struct torture_context *torture)
{
const char *name = TEST_GROUPNAME;
bool ret = true;
NTSTATUS status;
TALLOC_CTX *mem_ctx = NULL, *prep_mem_ctx;
struct libnet_context *ctx = NULL;
struct dcerpc_pipe *p;
struct policy_handle h;
struct lsa_String domain_name;
struct libnet_GroupInfo req;
prep_mem_ctx = talloc_init("prepare torture group info");
status = torture_rpc_connection(torture,
&p,
&ndr_table_samr);
if (!NT_STATUS_IS_OK(status)) {
return false;
}
domain_name.string = lpcfg_workgroup(torture->lp_ctx);
if (!test_domain_open(torture, p->binding_handle, &domain_name, prep_mem_ctx, &h, NULL)) {
ret = false;
goto done;
}
if (!test_group_create(torture, p->binding_handle, prep_mem_ctx, &h, name, NULL)) {
ret = false;
goto done;
}
mem_ctx = talloc_init("torture group info");
if (!test_libnet_context_init(torture, true, &ctx)) {
return false;
}
ZERO_STRUCT(req);
req.in.domain_name = domain_name.string;
req.in.level = GROUP_INFO_BY_NAME;
req.in.data.group_name = name;
status = libnet_GroupInfo(ctx, mem_ctx, &req);
if (!NT_STATUS_IS_OK(status)) {
torture_comment(torture, "libnet_GroupInfo call failed: %s\n", nt_errstr(status));
ret = false;
goto done;
}
if (!test_group_cleanup(torture, ctx->samr.pipe->binding_handle,
mem_ctx, &ctx->samr.handle, TEST_GROUPNAME)) {
torture_comment(torture, "cleanup failed\n");
ret = false;
goto done;
}
if (!test_samr_close_handle(torture,
ctx->samr.pipe->binding_handle, mem_ctx, &ctx->samr.handle)) {
torture_comment(torture, "domain close failed\n");
ret = false;
}
done:
talloc_free(ctx);
talloc_free(mem_ctx);
return ret;
}
bool torture_grouplist(struct torture_context *torture)
{
bool ret = true;
NTSTATUS status;
TALLOC_CTX *mem_ctx = NULL;
struct libnet_context *ctx;
struct lsa_String domain_name;
struct libnet_GroupList req;
int i;
ctx = libnet_context_init(torture->ev, torture->lp_ctx);
ctx->cred = popt_get_cmdline_credentials();
domain_name.string = lpcfg_workgroup(torture->lp_ctx);
mem_ctx = talloc_init("torture group list");
ZERO_STRUCT(req);
torture_comment(torture, "listing group accounts:\n");
do {
req.in.domain_name = domain_name.string;
req.in.page_size = 128;
req.in.resume_index = req.out.resume_index;
status = libnet_GroupList(ctx, mem_ctx, &req);
if (!NT_STATUS_IS_OK(status) &&
!NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) break;
for (i = 0; i < req.out.count; i++) {
torture_comment(torture, "\tgroup: %s, sid=%s\n",
req.out.groups[i].groupname, req.out.groups[i].sid);
}
} while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES));
if (!(NT_STATUS_IS_OK(status) ||
NT_STATUS_EQUAL(status, NT_STATUS_NO_MORE_ENTRIES))) {
torture_comment(torture, "libnet_GroupList call failed: %s\n", nt_errstr(status));
ret = false;
goto done;
}
if (!test_samr_close_handle(torture,
ctx->samr.pipe->binding_handle, mem_ctx, &ctx->samr.handle)) {
torture_comment(torture, "domain close failed\n");
ret = false;
}
if (!test_lsa_close_handle(torture,
ctx->lsa.pipe->binding_handle, mem_ctx, &ctx->lsa.handle)) {
torture_comment(torture, "lsa domain close failed\n");
ret = false;
}
talloc_free(ctx);
done:
talloc_free(mem_ctx);
return ret;
}
