static bool test_NetWkstaTransportEnum(struct torture_context *tctx,
struct dcerpc_pipe *p)
{
NTSTATUS status;
struct wkssvc_NetWkstaTransportEnum r;
uint32_t resume_handle = 0;
union wkssvc_NetWkstaTransportCtr ctr;
struct wkssvc_NetWkstaTransportCtr0 ctr0;
ZERO_STRUCT(ctr0);
ctr.ctr0 = &ctr0;
r.in.server_name = dcerpc_server_name(p);
r.in.level = 0;
r.in.ctr = &ctr;
r.in.max_buffer = (uint32_t)-1;
r.in.resume_handle = &resume_handle;
r.out.ctr = &ctr;
r.out.resume_handle = &resume_handle;
status = dcerpc_wkssvc_NetWkstaTransportEnum(p, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "NetWkstaTransportEnum failed");
torture_assert_werr_ok(tctx, r.out.result, talloc_asprintf(tctx,
"NetWkstaTransportEnum level %u failed", r.in.level));
return true;
}
static bool test_openprinter(struct torture_context *tctx,
void *private_data)
{
struct torture_access_context *t =
(struct torture_access_context *)talloc_get_type_abort(private_data, struct torture_access_context);
struct dcerpc_pipe *p = t->spoolss_pipe;
bool ret = true;
const char *username = t->user.username;
const char *servername_slash = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
int i;
struct {
const char *name;
uint32_t access_mask;
const char *printername;
WERROR expected_result;
} checks[] = {
/* printserver handle tests */
{
.name = "0",
.access_mask = 0,
.printername = servername_slash,
.expected_result = WERR_OK
},
{
.name = "SEC_FLAG_MAXIMUM_ALLOWED",
static bool test_NetrUseEnum(struct torture_context *tctx,
struct dcerpc_pipe *p)
{
NTSTATUS status;
struct wkssvc_NetrUseEnum r;
uint32_t handle = 0;
uint32_t entries_read = 0;
struct wkssvc_NetrUseEnumInfo info;
struct wkssvc_NetrUseEnumCtr0 *use0;
struct wkssvc_NetrUseEnumCtr1 *use1;
struct wkssvc_NetrUseEnumCtr2 *use2;
uint32_t levels[] = { 0, 1, 2 };
int i;
struct dcerpc_binding_handle *b = p->binding_handle;
for (i=0; i<ARRAY_SIZE(levels); i++) {
ZERO_STRUCT(info);
info.level = levels[i];
switch (info.level) {
case 0:
use0 = talloc_zero(tctx, struct wkssvc_NetrUseEnumCtr0);
info.ctr.ctr0 = use0;
break;
case 1:
use1 = talloc_zero(tctx, struct wkssvc_NetrUseEnumCtr1);
info.ctr.ctr1 = use1;
break;
case 2:
use2 = talloc_zero(tctx, struct wkssvc_NetrUseEnumCtr2);
info.ctr.ctr2 = use2;
break;
default:
break;
}
r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
r.in.prefmaxlen = (uint32_t)-1;
r.in.info = r.out.info = &info;
r.in.resume_handle = r.out.resume_handle = &handle;
r.out.entries_read = &entries_read;
torture_comment(tctx, "Testing NetrUseEnum level %u\n",
levels[i]);
status = dcerpc_wkssvc_NetrUseEnum_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status,
"NetrUseEnum failed");
torture_assert_werr_ok(tctx, r.out.result,
"NetrUseEnum failed");
}
return true;
}
static void init_domain_recv_queryinfo(struct rpc_request *req)
{
struct init_domain_state *state =
talloc_get_type(req->async.private_data, struct init_domain_state);
struct lsa_DomainInfo *dominfo;
struct composite_context *ctx;
state->ctx->status = dcerpc_ndr_request_recv(req);
if (!composite_is_ok(state->ctx)) return;
state->ctx->status = state->queryinfo.out.result;
if (!composite_is_ok(state->ctx)) return;
dominfo = &state->queryinfo.out.info->account_domain;
if (strcasecmp(state->domain->info->name, dominfo->name.string) != 0) {
DEBUG(2, ("Expected domain name %s, DC %s said %s\n",
state->domain->info->name,
dcerpc_server_name(state->domain->lsa_pipe),
dominfo->name.string));
composite_error(state->ctx, NT_STATUS_INVALID_DOMAIN_STATE);
return;
}
if (!dom_sid_equal(state->domain->info->sid, dominfo->sid)) {
DEBUG(2, ("Expected domain sid %s, DC %s said %s\n",
dom_sid_string(state, state->domain->info->sid),
dcerpc_server_name(state->domain->lsa_pipe),
dom_sid_string(state, dominfo->sid)));
composite_error(state->ctx, NT_STATUS_INVALID_DOMAIN_STATE);
return;
}
state->domain->samr_binding = init_domain_binding(state, &dcerpc_table_samr);
/* We want to use the same flags as the LSA pipe did (so, if
* it needed schannel, then we need that here too) */
state->domain->samr_binding->flags = state->domain->lsa_binding->flags;
state->domain->samr_pipe = NULL;
ctx = wb_connect_samr_send(state, state->domain);
composite_continue(state->ctx, ctx, init_domain_recv_samr, state);
}
static bool test_NetrEnumerateComputerNames_level(struct torture_context *tctx,
struct dcerpc_pipe *p,
uint16_t level,
const char ***names,
int *num_names)
{
NTSTATUS status;
struct wkssvc_NetrEnumerateComputerNames r;
struct wkssvc_ComputerNamesCtr *ctr;
int i;
struct dcerpc_binding_handle *b = p->binding_handle;
ctr = talloc_zero(tctx, struct wkssvc_ComputerNamesCtr);
r.in.server_name = dcerpc_server_name(p);
r.in.name_type = level;
r.in.Reserved = 0;
r.out.ctr = &ctr;
torture_comment(tctx, "Testing NetrEnumerateComputerNames level %u\n",
r.in.name_type);
status = dcerpc_wkssvc_NetrEnumerateComputerNames_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status,
"NetrEnumerateComputerNames failed");
torture_assert_werr_ok(tctx, r.out.result,
"NetrEnumerateComputerNames failed");
if ((level == NetPrimaryComputerName) && ctr->count != 1) {
torture_comment(tctx,
"NetrEnumerateComputerNames did not return one "
"name but %u\n", ctr->count);
return false;
}
if (names && num_names) {
*num_names = 0;
*names = NULL;
for (i=0; i<ctr->count; i++) {
if (!add_string_to_array(tctx,
ctr->computer_name[i].string,
names,
num_names))
{
return false;
}
}
}
return true;
}
static bool test_JobDel(struct dcerpc_pipe *p, struct torture_context *tctx, uint32_t min_job_id,
uint32_t max_job_id)
{
NTSTATUS status;
struct atsvc_JobDel r;
r.in.servername = dcerpc_server_name(p);
r.in.min_job_id = min_job_id;
r.in.max_job_id = max_job_id;
status = dcerpc_atsvc_JobDel(p, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "JobDel failed");
return true;
}
static bool test_JobGetInfo(struct dcerpc_pipe *p, struct torture_context *tctx, uint32_t job_id)
{
NTSTATUS status;
struct atsvc_JobGetInfo r;
struct atsvc_JobInfo *info = talloc(tctx, struct atsvc_JobInfo);
if (!info) {
return false;
}
r.in.servername = dcerpc_server_name(p);
r.in.job_id = job_id;
r.out.job_info = &info;
status = dcerpc_atsvc_JobGetInfo(p, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "JobGetInfo failed");
return true;
}
static bool test_EnumPrinters(struct torture_context *tctx,
struct dcerpc_pipe *p,
struct test_spoolss_win_context *ctx,
uint32_t initial_blob_size)
{
NTSTATUS status;
struct spoolss_EnumPrinters ep;
DATA_BLOB blob = data_blob_talloc_zero(ctx, initial_blob_size);
uint32_t needed;
uint32_t count;
union spoolss_PrinterInfo *info;
struct dcerpc_binding_handle *b = p->binding_handle;
ep.in.flags = PRINTER_ENUM_NAME;
ep.in.server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
ep.in.level = 2;
ep.in.buffer = &blob;
ep.in.offered = initial_blob_size;
ep.out.needed = &needed;
ep.out.count = &count;
ep.out.info = &info;
status = dcerpc_spoolss_EnumPrinters_r(b, ctx, &ep);
torture_assert_ntstatus_ok(tctx, status, "EnumPrinters failed.");
if (W_ERROR_EQUAL(ep.out.result, WERR_INSUFFICIENT_BUFFER)) {
blob = data_blob_talloc_zero(ctx, needed);
ep.in.buffer = &blob;
ep.in.offered = needed;
status = dcerpc_spoolss_EnumPrinters_r(b, ctx, &ep);
torture_assert_ntstatus_ok(tctx, status,"EnumPrinters failed.");
}
torture_assert_werr_ok(tctx, ep.out.result, "EnumPrinters failed.");
ctx->printer_count = count;
ctx->printer_info = info;
torture_comment(tctx, "Found %d printer(s).\n", ctx->printer_count);
return true;
}
static bool test_NetrUseDel(struct torture_context *tctx,
struct dcerpc_pipe *p)
{
NTSTATUS status;
struct wkssvc_NetrUseDel r;
struct dcerpc_binding_handle *b = p->binding_handle;
r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
r.in.use_name = SMBTORTURE_USE_NAME;
r.in.force_cond = 0;
torture_comment(tctx, "Testing NetrUseDel\n");
status = dcerpc_wkssvc_NetrUseDel_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status,
"NetrUseDel failed");
torture_assert_werr_ok(tctx, r.out.result,
"NetrUseDel failed");
return true;
}
static bool test_NetrAddAlternateComputerName(struct torture_context *tctx,
struct dcerpc_pipe *p)
{
NTSTATUS status;
struct wkssvc_NetrAddAlternateComputerName r;
const char **names = NULL;
int num_names = 0;
int i;
struct dcerpc_binding_handle *b = p->binding_handle;
r.in.server_name = dcerpc_server_name(p);
r.in.NewAlternateMachineName = SMBTORTURE_ALTERNATE_NAME;
r.in.Account = NULL;
r.in.EncryptedPassword = NULL;
r.in.Reserved = 0;
torture_comment(tctx, "Testing NetrAddAlternateComputerName\n");
status = dcerpc_wkssvc_NetrAddAlternateComputerName_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status,
"NetrAddAlternateComputerName failed");
torture_assert_werr_ok(tctx, r.out.result,
"NetrAddAlternateComputerName failed");
if (!test_NetrEnumerateComputerNames_level(tctx, p,
NetAlternateComputerNames,
&names, &num_names))
{
return false;
}
for (i=0; i<num_names; i++) {
if (strequal(names[i], SMBTORTURE_ALTERNATE_NAME)) {
return true;
}
}
torture_comment(tctx, "new alternate name not set\n");
return false;
}
/* We should now have either an authenticated LSA pipe, or an error.
* On success, open a policy handle
*/
static void init_domain_recv_lsa_pipe(struct composite_context *ctx)
{
struct init_domain_state *state =
talloc_get_type(ctx->async.private_data,
struct init_domain_state);
struct tevent_req *subreq;
state->ctx->status = dcerpc_secondary_auth_connection_recv(ctx, state->domain,
&state->domain->libnet_ctx->lsa.pipe);
if (NT_STATUS_EQUAL(state->ctx->status, NT_STATUS_LOGON_FAILURE)) {
if (retry_with_schannel(state, state->domain->lsa_binding,
&ndr_table_lsarpc,
init_domain_recv_lsa_pipe)) {
return;
}
}
if (!composite_is_ok(state->ctx)) return;
talloc_steal(state->domain->libnet_ctx, state->domain->libnet_ctx->lsa.pipe);
talloc_reparent(state, state->domain->libnet_ctx->lsa.pipe, state->domain->lsa_binding);
state->domain->libnet_ctx->lsa.lsa_handle =
state->domain->libnet_ctx->lsa.pipe->binding_handle;
state->domain->libnet_ctx->lsa.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
state->domain->libnet_ctx->lsa.name = state->domain->info->name;
ZERO_STRUCT(state->domain->libnet_ctx->lsa.handle);
state->lsa_openpolicy.in.system_name =
talloc_asprintf(state, "\\\\%s",
dcerpc_server_name(state->domain->libnet_ctx->lsa.pipe));
ZERO_STRUCT(state->objectattr);
state->lsa_openpolicy.in.attr = &state->objectattr;
state->lsa_openpolicy.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
state->lsa_openpolicy.out.handle = &state->domain->libnet_ctx->lsa.handle;
subreq = dcerpc_lsa_OpenPolicy2_r_send(state,
state->ctx->event_ctx,
state->domain->libnet_ctx->lsa.pipe->binding_handle,
&state->lsa_openpolicy);
if (composite_nomem(subreq, state->ctx)) return;
tevent_req_set_callback(subreq, init_domain_recv_lsa_policy, state);
}
static bool test_NetrWkstaTransportDel(struct torture_context *tctx,
struct dcerpc_pipe *p)
{
NTSTATUS status;
struct wkssvc_NetrWkstaTransportDel r;
struct dcerpc_binding_handle *b = p->binding_handle;
r.in.server_name = dcerpc_server_name(p);
r.in.transport_name = SMBTORTURE_TRANSPORT_NAME;
r.in.unknown3 = 0;
torture_comment(tctx, "Testing NetrWkstaTransportDel\n");
status = dcerpc_wkssvc_NetrWkstaTransportDel_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status,
"NetrWkstaTransportDel failed");
torture_assert_werr_ok(tctx, r.out.result,
"NetrWkstaTransportDel");
return true;
}
static bool test_NetrSetPrimaryComputername_name(struct torture_context *tctx,
struct dcerpc_pipe *p,
const char *name)
{
NTSTATUS status;
struct wkssvc_NetrSetPrimaryComputername r;
struct dcerpc_binding_handle *b = p->binding_handle;
r.in.server_name = dcerpc_server_name(p);
r.in.primary_name = name;
r.in.Account = NULL;
r.in.EncryptedPassword = NULL;
r.in.Reserved = 0;
status = dcerpc_wkssvc_NetrSetPrimaryComputername_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status,
"NetrSetPrimaryComputername failed");
torture_assert_werr_ok(tctx, r.out.result,
"NetrSetPrimaryComputername failed");
return true;
}
static bool test_NetrRenameMachineInDomain2_name(struct torture_context *tctx,
struct dcerpc_pipe *p,
const char *new_name)
{
NTSTATUS status;
struct wkssvc_NetrRenameMachineInDomain2 r;
struct dcerpc_binding_handle *b = p->binding_handle;
r.in.server_name = dcerpc_server_name(p);
r.in.NewMachineName = new_name;
r.in.Account = NULL;
r.in.EncryptedPassword = NULL;
r.in.RenameOptions = 0;
status = dcerpc_wkssvc_NetrRenameMachineInDomain2_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status,
"NetrRenameMachineInDomain2 failed");
torture_assert_werr_ok(tctx, r.out.result,
"NetrRenameMachineInDomain2 failed");
return true;
}
static bool test_NetrGetJoinInformation(struct torture_context *tctx,
struct dcerpc_pipe *p)
{
NTSTATUS status;
struct wkssvc_NetrGetJoinInformation r;
enum wkssvc_NetJoinStatus join_status;
const char *name_buffer = "";
struct dcerpc_binding_handle *b = p->binding_handle;
r.in.server_name = dcerpc_server_name(p);
r.in.name_buffer = r.out.name_buffer = &name_buffer;
r.out.name_type = &join_status;
torture_comment(tctx, "Testing NetrGetJoinInformation\n");
status = dcerpc_wkssvc_NetrGetJoinInformation_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status,
"NetrGetJoinInformation failed");
torture_assert_werr_ok(tctx, r.out.result,
"NetrGetJoinInformation failed");
return true;
}
static bool test_NetrRenameMachineInDomain(struct torture_context *tctx,
struct dcerpc_pipe *p)
{
NTSTATUS status;
struct wkssvc_NetrRenameMachineInDomain r;
struct dcerpc_binding_handle *b = p->binding_handle;
r.in.server_name = dcerpc_server_name(p);
r.in.NewMachineName = SMBTORTURE_MACHINE_NAME;
r.in.Account = NULL;
r.in.password = NULL;
r.in.RenameOptions = 0;
torture_comment(tctx, "Testing NetrRenameMachineInDomain\n");
status = dcerpc_wkssvc_NetrRenameMachineInDomain_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status,
"NetrRenameMachineInDomain failed");
torture_assert_werr_equal(tctx, r.out.result, WERR_NOT_SUPPORTED,
"NetrRenameMachineInDomain failed");
return true;
}
static void update_joblist(void)
{
TALLOC_CTX *mem_ctx = talloc_init("update_joblist");
NTSTATUS status;
struct atsvc_JobEnum r;
struct atsvc_enum_ctr ctr;
int i;
uint32_t resume_handle = 0;
gtk_list_store_clear(store_jobs);
ctr.entries_read = 0;
ctr.first_entry = NULL;
r.in.servername = dcerpc_server_name(at_pipe);
r.in.ctr = r.out.ctr = &ctr;
r.in.preferred_max_len = 0xffffffff;
r.in.resume_handle = r.out.resume_handle = &resume_handle;
status = dcerpc_atsvc_JobEnum(at_pipe, mem_ctx, &r);
if(!NT_STATUS_IS_OK(status)) {
gtk_show_ntstatus(mainwin, "Error while enumerating first job", status);
return;
}
for (i = 0; i < r.out.ctr->entries_read; i++) {
GtkTreeIter iter;
gtk_list_store_append(store_jobs, &iter);
gtk_list_store_set (store_jobs, &iter,
0, r.out.ctr->first_entry[i].flags,
1, r.out.ctr->first_entry[i].job_id,
2, r.out.ctr->first_entry[i].days_of_week, /*FIXME: Nicer format */
3, r.out.ctr->first_entry[i].job_time, /* FIXME: Nicer format */
4, r.out.ctr->first_entry[i].command,
-1);
}
talloc_free(mem_ctx);
}
static bool test_fsrvp_is_path_supported(struct torture_context *tctx,
struct dcerpc_pipe *p)
{
struct fss_IsPathSupported r;
struct dcerpc_binding_handle *b = p->binding_handle;
NTSTATUS status;
ZERO_STRUCT(r);
r.in.ShareName = talloc_asprintf(tctx,"\\\\%s\\%s\\",
dcerpc_server_name(p),
FSHARE);
status = dcerpc_fss_IsPathSupported_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status,
"IsPathSupported failed");
torture_assert(tctx, *r.out.SupportedByThisProvider,
"path not supported");
torture_comment(tctx, "path %s is supported by fsrvp server %s\n",
r.in.ShareName, *r.out.OwnerMachineName);
return true;
}
static bool test_NetWkstaTransportEnum(struct torture_context *tctx,
struct dcerpc_pipe *p)
{
NTSTATUS status;
struct wkssvc_NetWkstaTransportEnum r;
uint32_t resume_handle = 0;
struct wkssvc_NetWkstaTransportInfo info;
union wkssvc_NetWkstaTransportCtr ctr;
struct wkssvc_NetWkstaTransportCtr0 ctr0;
uint32_t total_entries = 0;
struct dcerpc_binding_handle *b = p->binding_handle;
ZERO_STRUCT(ctr0);
ctr.ctr0 = &ctr0;
info.level = 0;
info.ctr = ctr;
r.in.server_name = dcerpc_server_name(p);
r.in.info = &info;
r.in.max_buffer = (uint32_t)-1;
r.in.resume_handle = &resume_handle;
r.out.total_entries = &total_entries;
r.out.info = &info;
r.out.resume_handle = &resume_handle;
torture_comment(tctx, "Testing NetWkstaTransportEnum level 0\n");
status = dcerpc_wkssvc_NetWkstaTransportEnum_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status,
"NetWkstaTransportEnum failed");
torture_assert_werr_ok(tctx, r.out.result, talloc_asprintf(tctx,
"NetWkstaTransportEnum level %u failed",
info.level));
return true;
}
/* We should now have either an authenticated LSA pipe, or an error.
* On success, open a policy handle
*/
static void init_domain_recv_lsa_pipe(struct composite_context *ctx)
{
struct rpc_request *req;
struct init_domain_state *state =
talloc_get_type(ctx->async.private_data,
struct init_domain_state);
state->ctx->status = dcerpc_secondary_connection_recv(ctx,
&state->domain->lsa_pipe);
if (NT_STATUS_EQUAL(state->ctx->status, NT_STATUS_LOGON_FAILURE)) {
if (retry_with_schannel(state, state->domain->lsa_binding,
init_domain_recv_lsa_pipe)) {
return;
}
}
if (!composite_is_ok(state->ctx)) return;
talloc_steal(state->domain, state->domain->lsa_pipe);
talloc_steal(state->domain->lsa_pipe, state->domain->lsa_binding);
state->domain->lsa_policy_handle = talloc(state, struct policy_handle);
if (composite_nomem(state->domain->lsa_policy_handle, state->ctx)) return;
state->lsa_openpolicy.in.system_name =
talloc_asprintf(state, "\\\\%s",
dcerpc_server_name(state->domain->lsa_pipe));
ZERO_STRUCT(state->objectattr);
state->lsa_openpolicy.in.attr = &state->objectattr;
state->lsa_openpolicy.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
state->lsa_openpolicy.out.handle = state->domain->lsa_policy_handle;
req = dcerpc_lsa_OpenPolicy2_send(state->domain->lsa_pipe, state,
&state->lsa_openpolicy);
composite_continue_rpc(state->ctx, req, init_domain_recv_lsa_policy, state);
}
static bool test_NetWkstaGetInfo(struct torture_context *tctx,
struct dcerpc_pipe *p)
{
NTSTATUS status;
struct wkssvc_NetWkstaGetInfo r;
union wkssvc_NetWkstaInfo info;
uint16_t levels[] = {100, 101, 102, 502};
int i;
r.in.server_name = dcerpc_server_name(p);
r.out.info = &info;
for (i=0;i<ARRAY_SIZE(levels);i++) {
r.in.level = levels[i];
torture_comment(tctx, "testing NetWkstaGetInfo level %u\n", r.in.level);
status = dcerpc_wkssvc_NetWkstaGetInfo(p, tctx, &r);
torture_assert_ntstatus_ok(tctx, status,
talloc_asprintf(tctx, "NetWkstaGetInfo level %u failed", r.in.level));
torture_assert_werr_ok(tctx, r.out.result,
talloc_asprintf(tctx, "NetWkstaGetInfo level %u failed", r.in.level));
}
return true;
}
static bool test_NetrWorkstationStatisticsGet(struct torture_context *tctx,
struct dcerpc_pipe *p)
{
NTSTATUS status;
struct wkssvc_NetrWorkstationStatisticsGet r;
struct wkssvc_NetrWorkstationStatistics *info;
struct dcerpc_binding_handle *b = p->binding_handle;
ZERO_STRUCT(r);
info = talloc_zero(tctx, struct wkssvc_NetrWorkstationStatistics);
r.in.server_name = dcerpc_server_name(p);
r.out.info = &info;
torture_comment(tctx, "Testing NetrWorkstationStatisticsGet\n");
status = dcerpc_wkssvc_NetrWorkstationStatisticsGet_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status,
"NetrWorkstationStatisticsGet failed");
torture_assert_werr_ok(tctx, r.out.result,
"NetrWorkstationStatisticsGet failed");
return true;
}
static bool test_schannel_anonymous_setPassword(struct torture_context *tctx,
uint32_t dcerpc_flags,
bool use2)
{
NTSTATUS status, result;
const char *binding = torture_setting_string(tctx, "binding", NULL);
struct dcerpc_binding *b;
struct dcerpc_pipe *p = NULL;
struct cli_credentials *credentials;
bool ok = true;
credentials = cli_credentials_init(NULL);
torture_assert(tctx, credentials != NULL, "Bad credentials");
cli_credentials_set_anonymous(credentials);
status = dcerpc_parse_binding(tctx, binding, &b);
torture_assert_ntstatus_ok(tctx, status, "Bad binding string");
status = dcerpc_binding_set_flags(b, dcerpc_flags, DCERPC_AUTH_OPTIONS);
torture_assert_ntstatus_ok(tctx, status, "set flags");
status = dcerpc_pipe_connect_b(tctx,
&p,
b,
&ndr_table_netlogon,
credentials,
tctx->ev,
tctx->lp_ctx);
torture_assert_ntstatus_ok(tctx, status, "Failed to connect without schannel");
if (use2) {
struct netr_ServerPasswordSet2 r = {};
struct netr_Authenticator credential = {};
struct netr_Authenticator return_authenticator = {};
struct netr_CryptPassword new_password = {};
r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
r.in.secure_channel_type = 0;
r.in.computer_name = TEST_MACHINE_NAME;
r.in.credential = &credential;
r.in.new_password = &new_password;
r.out.return_authenticator = &return_authenticator;
status = dcerpc_netr_ServerPasswordSet2_r(p->binding_handle, tctx, &r);
result = r.out.result;
} else {
struct netr_ServerPasswordSet r = {};
struct netr_Authenticator credential = {};
struct netr_Authenticator return_authenticator = {};
struct samr_Password new_password = {};
r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
r.in.secure_channel_type = 0;
r.in.computer_name = TEST_MACHINE_NAME;
r.in.credential = &credential;
r.in.new_password = &new_password;
r.out.return_authenticator = &return_authenticator;
status = dcerpc_netr_ServerPasswordSet_r(p->binding_handle, tctx, &r);
result = r.out.result;
}
torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet failed");
if (NT_STATUS_IS_OK(result)) {
torture_fail(tctx, "unexpectedly received NT_STATUS_OK");
}
return ok;
}
/*
try a netlogon SamLogon
*/
bool test_netlogon_ex_ops(struct dcerpc_pipe *p, struct torture_context *tctx,
struct cli_credentials *credentials,
struct netlogon_creds_CredentialState *creds)
{
NTSTATUS status;
struct netr_LogonSamLogonEx r;
struct netr_NetworkInfo ninfo;
union netr_LogonLevel logon;
union netr_Validation validation;
uint8_t authoritative = 0;
uint32_t _flags = 0;
DATA_BLOB names_blob, chal, lm_resp, nt_resp;
int i;
int flags = CLI_CRED_NTLM_AUTH;
struct dcerpc_binding_handle *b = p->binding_handle;
struct netr_UserSessionKey key;
struct netr_LMSessionKey LMSessKey;
uint32_t validation_levels[] = { 2, 3 };
struct netr_SamBaseInfo *base = NULL;
const char *crypto_alg = "";
bool can_do_validation_6 = true;
enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE;
if (lpcfg_client_lanman_auth(tctx->lp_ctx)) {
flags |= CLI_CRED_LANMAN_AUTH;
}
if (lpcfg_client_ntlmv2_auth(tctx->lp_ctx)) {
flags |= CLI_CRED_NTLMv2_AUTH;
}
cli_credentials_get_ntlm_username_domain(cmdline_credentials, tctx,
&ninfo.identity_info.account_name.string,
&ninfo.identity_info.domain_name.string);
generate_random_buffer(ninfo.challenge,
sizeof(ninfo.challenge));
chal = data_blob_const(ninfo.challenge,
sizeof(ninfo.challenge));
names_blob = NTLMv2_generate_names_blob(tctx, cli_credentials_get_workstation(credentials),
cli_credentials_get_domain(credentials));
status = cli_credentials_get_ntlm_response(cmdline_credentials, tctx,
&flags,
chal,
names_blob,
&lm_resp, &nt_resp,
NULL, NULL);
torture_assert_ntstatus_ok(tctx, status,
"cli_credentials_get_ntlm_response failed");
ninfo.lm.data = lm_resp.data;
ninfo.lm.length = lm_resp.length;
ninfo.nt.data = nt_resp.data;
ninfo.nt.length = nt_resp.length;
ninfo.identity_info.parameter_control = 0;
ninfo.identity_info.logon_id_low = 0;
ninfo.identity_info.logon_id_high = 0;
ninfo.identity_info.workstation.string = cli_credentials_get_workstation(credentials);
logon.network = &ninfo;
r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
r.in.computer_name = cli_credentials_get_workstation(credentials);
r.in.logon_level = NetlogonNetworkInformation;
r.in.logon= &logon;
r.in.flags = &_flags;
r.out.validation = &validation;
r.out.authoritative = &authoritative;
r.out.flags = &_flags;
/*
- retrieve level6
- save usrsession and lmsession key
- retrieve level 2
- calculate, compare
- retrieve level 3
- calculate, compare
*/
if (creds) {
if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
crypto_alg = "AES";
} else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
crypto_alg = "ARCFOUR";
}
}
dcerpc_binding_handle_auth_info(b, NULL, &auth_level);
if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
r.in.validation_level = 6;
torture_comment(tctx,
"Testing LogonSamLogonEx with name %s using %s and validation_level: %d\n",
ninfo.identity_info.account_name.string, crypto_alg,
r.in.validation_level);
torture_assert_ntstatus_ok(tctx,
dcerpc_netr_LogonSamLogonEx_r(b, tctx, &r),
"LogonSamLogonEx failed");
} else {
torture_comment(tctx,
"Skip auth_level[%u] Testing LogonSamLogonEx with name %s using %s and validation_level: %d\n",
auth_level, ninfo.identity_info.account_name.string, crypto_alg,
r.in.validation_level);
r.out.result = NT_STATUS_INVALID_INFO_CLASS;
}
if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_INVALID_INFO_CLASS)) {
can_do_validation_6 = false;
} else {
torture_assert_ntstatus_ok(tctx, r.out.result,
"LogonSamLogonEx failed");
key = r.out.validation->sam6->base.key;
LMSessKey = r.out.validation->sam6->base.LMSessKey;
DEBUG(1,("unencrypted session keys from validation_level 6:\n"));
dump_data(1, r.out.validation->sam6->base.key.key, 16);
dump_data(1, r.out.validation->sam6->base.LMSessKey.key, 8);
}
for (i=0; i < ARRAY_SIZE(validation_levels); i++) {
r.in.validation_level = validation_levels[i];
torture_comment(tctx,
"Testing LogonSamLogonEx with name %s using %s and validation_level: %d\n",
ninfo.identity_info.account_name.string, crypto_alg,
r.in.validation_level);
torture_assert_ntstatus_ok(tctx,
dcerpc_netr_LogonSamLogonEx_r(b, tctx, &r),
"LogonSamLogonEx failed");
torture_assert_ntstatus_ok(tctx, r.out.result,
"LogonSamLogonEx failed");
if (creds == NULL) {
/* when this test is called without creds no point in
* testing the session keys */
continue;
}
switch (validation_levels[i]) {
case 2:
base = &r.out.validation->sam2->base;
break;
case 3:
base = &r.out.validation->sam3->base;
break;
default:
break;
}
DEBUG(1,("encrypted keys validation_level %d:\n",
validation_levels[i]));
dump_data(1, base->key.key, 16);
dump_data(1, base->LMSessKey.key, 8);
if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
netlogon_creds_aes_decrypt(creds, base->key.key, 16);
netlogon_creds_aes_decrypt(creds, base->LMSessKey.key, 8);
} else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
netlogon_creds_arcfour_crypt(creds, base->key.key, 16);
netlogon_creds_arcfour_crypt(creds, base->LMSessKey.key, 8);
}
DEBUG(1,("decryped keys validation_level %d\n",
validation_levels[i]));
dump_data(1, base->key.key, 16);
dump_data(1, base->LMSessKey.key, 8);
if (!can_do_validation_6) {
/* we cant compare against unencrypted keys */
continue;
}
torture_assert_mem_equal(tctx,
base->key.key,
key.key,
16,
"unexpected user session key\n");
torture_assert_mem_equal(tctx,
base->LMSessKey.key,
LMSessKey.key,
8,
"unexpected LM session key\n");
}
return true;
}
NTSTATUS libnet_SamSync_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_SamSync *r)
{
NTSTATUS nt_status, dbsync_nt_status;
TALLOC_CTX *samsync_ctx, *loop_ctx, *delta_ctx;
struct netlogon_creds_CredentialState *creds;
struct netr_DatabaseSync dbsync;
struct netr_Authenticator credential, return_authenticator;
struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
struct cli_credentials *machine_account;
struct dcerpc_pipe *p;
struct libnet_context *machine_net_ctx;
struct libnet_RpcConnect *c;
struct libnet_SamSync_state *state;
const enum netr_SamDatabaseID database_ids[] = {SAM_DATABASE_DOMAIN, SAM_DATABASE_BUILTIN, SAM_DATABASE_PRIVS};
unsigned int i;
samsync_ctx = talloc_named(mem_ctx, 0, "SamSync top context");
if (!r->in.machine_account) {
machine_account = cli_credentials_init(samsync_ctx);
if (!machine_account) {
talloc_free(samsync_ctx);
return NT_STATUS_NO_MEMORY;
}
cli_credentials_set_conf(machine_account, ctx->lp_ctx);
nt_status = cli_credentials_set_machine_account(machine_account, ctx->lp_ctx);
if (!NT_STATUS_IS_OK(nt_status)) {
r->out.error_string = talloc_strdup(mem_ctx, "Could not obtain machine account password - are we joined to the domain?");
talloc_free(samsync_ctx);
return nt_status;
}
} else {
machine_account = r->in.machine_account;
}
/* We cannot do this unless we are a BDC. Check, before we get odd errors later */
if (cli_credentials_get_secure_channel_type(machine_account) != SEC_CHAN_BDC) {
r->out.error_string
= talloc_asprintf(mem_ctx,
"Our join to domain %s is not as a BDC (%d), please rejoin as a BDC",
cli_credentials_get_domain(machine_account),
cli_credentials_get_secure_channel_type(machine_account));
talloc_free(samsync_ctx);
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
}
c = talloc_zero(samsync_ctx, struct libnet_RpcConnect);
if (!c) {
r->out.error_string = NULL;
talloc_free(samsync_ctx);
return NT_STATUS_NO_MEMORY;
}
c->level = LIBNET_RPC_CONNECT_DC_INFO;
if (r->in.binding_string) {
c->in.binding = r->in.binding_string;
c->in.name = NULL;
} else {
c->in.binding = NULL;
c->in.name = cli_credentials_get_domain(machine_account);
}
/* prepare connect to the NETLOGON pipe of PDC */
c->in.dcerpc_iface = &ndr_table_netlogon;
/* We must do this as the machine, not as any command-line
* user. So we override the credentials in the
* libnet_context */
machine_net_ctx = talloc(samsync_ctx, struct libnet_context);
if (!machine_net_ctx) {
r->out.error_string = NULL;
talloc_free(samsync_ctx);
return NT_STATUS_NO_MEMORY;
}
*machine_net_ctx = *ctx;
machine_net_ctx->cred = machine_account;
/* connect to the NETLOGON pipe of the PDC */
nt_status = libnet_RpcConnect(machine_net_ctx, samsync_ctx, c);
if (!NT_STATUS_IS_OK(nt_status)) {
if (r->in.binding_string) {
r->out.error_string = talloc_asprintf(mem_ctx,
"Connection to NETLOGON pipe of DC %s failed: %s",
r->in.binding_string, c->out.error_string);
} else {
r->out.error_string = talloc_asprintf(mem_ctx,
"Connection to NETLOGON pipe of DC for %s failed: %s",
c->in.name, c->out.error_string);
}
talloc_free(samsync_ctx);
return nt_status;
}
/* This makes a new pipe, on which we can do schannel. We
* should do this in the RpcConnect code, but the abstaction
* layers do not suit yet */
nt_status = dcerpc_secondary_connection(c->out.dcerpc_pipe, &p,
c->out.dcerpc_pipe->binding);
if (!NT_STATUS_IS_OK(nt_status)) {
r->out.error_string = talloc_asprintf(mem_ctx,
"Secondary connection to NETLOGON pipe of DC %s failed: %s",
dcerpc_server_name(p), nt_errstr(nt_status));
talloc_free(samsync_ctx);
return nt_status;
}
nt_status = dcerpc_bind_auth_schannel(samsync_ctx, p, &ndr_table_netlogon,
machine_account, ctx->lp_ctx, DCERPC_AUTH_LEVEL_PRIVACY);
if (!NT_STATUS_IS_OK(nt_status)) {
r->out.error_string = talloc_asprintf(mem_ctx,
"SCHANNEL authentication to NETLOGON pipe of DC %s failed: %s",
dcerpc_server_name(p), nt_errstr(nt_status));
talloc_free(samsync_ctx);
return nt_status;
}
state = talloc(samsync_ctx, struct libnet_SamSync_state);
if (!state) {
r->out.error_string = NULL;
talloc_free(samsync_ctx);
return nt_status;
}
state->domain_name = c->out.domain_name;
state->domain_sid = c->out.domain_sid;
state->realm = c->out.realm;
state->domain_guid = c->out.guid;
state->machine_net_ctx = machine_net_ctx;
state->netlogon_pipe = p;
/* initialise the callback layer. It may wish to contact the
* server with ldap, now we know the name */
if (r->in.init_fn) {
char *error_string;
nt_status = r->in.init_fn(samsync_ctx,
r->in.fn_ctx,
state,
&error_string);
if (!NT_STATUS_IS_OK(nt_status)) {
r->out.error_string = talloc_steal(mem_ctx, error_string);
talloc_free(samsync_ctx);
return nt_status;
}
}
/* get NETLOGON credentials */
nt_status = dcerpc_schannel_creds(p->conn->security_state.generic_state, samsync_ctx, &creds);
if (!NT_STATUS_IS_OK(nt_status)) {
r->out.error_string = talloc_strdup(mem_ctx, "Could not obtain NETLOGON credentials from DCERPC/GENSEC layer");
talloc_free(samsync_ctx);
return nt_status;
}
/* Setup details for the synchronisation */
ZERO_STRUCT(return_authenticator);
dbsync.in.logon_server = talloc_asprintf(samsync_ctx, "\\\\%s", dcerpc_server_name(p));
dbsync.in.computername = cli_credentials_get_workstation(machine_account);
dbsync.in.preferredmaximumlength = (uint32_t)-1;
dbsync.in.return_authenticator = &return_authenticator;
dbsync.out.return_authenticator = &return_authenticator;
dbsync.out.delta_enum_array = &delta_enum_array;
for (i=0;i< ARRAY_SIZE(database_ids); i++) {
uint32_t sync_context = 0;
dbsync.in.database_id = database_ids[i];
dbsync.in.sync_context = &sync_context;
dbsync.out.sync_context = &sync_context;
do {
uint32_t d;
loop_ctx = talloc_named(samsync_ctx, 0, "DatabaseSync loop context");
netlogon_creds_client_authenticator(creds, &credential);
dbsync.in.credential = &credential;
dbsync_nt_status = dcerpc_netr_DatabaseSync_r(p->binding_handle, loop_ctx, &dbsync);
if (NT_STATUS_IS_OK(dbsync_nt_status) && !NT_STATUS_IS_OK(dbsync.out.result)) {
dbsync_nt_status = dbsync.out.result;
}
if (!NT_STATUS_IS_OK(dbsync_nt_status) &&
!NT_STATUS_EQUAL(dbsync_nt_status, STATUS_MORE_ENTRIES)) {
r->out.error_string = talloc_asprintf(mem_ctx, "DatabaseSync failed - %s", nt_errstr(nt_status));
talloc_free(samsync_ctx);
return nt_status;
}
if (!netlogon_creds_client_check(creds, &dbsync.out.return_authenticator->cred)) {
r->out.error_string = talloc_strdup(mem_ctx, "Credential chaining on incoming DatabaseSync failed");
talloc_free(samsync_ctx);
return NT_STATUS_ACCESS_DENIED;
}
dbsync.in.sync_context = dbsync.out.sync_context;
/* For every single remote 'delta' entry: */
for (d=0; d < delta_enum_array->num_deltas; d++) {
char *error_string = NULL;
delta_ctx = talloc_named(loop_ctx, 0, "DatabaseSync delta context");
/* 'Fix' elements, by decrypting and
* de-obfuscating the data */
nt_status = samsync_fix_delta(delta_ctx,
creds,
dbsync.in.database_id,
&delta_enum_array->delta_enum[d]);
if (!NT_STATUS_IS_OK(nt_status)) {
r->out.error_string = talloc_steal(mem_ctx, error_string);
talloc_free(samsync_ctx);
return nt_status;
}
/* Now call the callback. This will
* do something like print the data or
* write to an ldb */
nt_status = r->in.delta_fn(delta_ctx,
r->in.fn_ctx,
dbsync.in.database_id,
&delta_enum_array->delta_enum[d],
&error_string);
if (!NT_STATUS_IS_OK(nt_status)) {
r->out.error_string = talloc_steal(mem_ctx, error_string);
talloc_free(samsync_ctx);
return nt_status;
}
talloc_free(delta_ctx);
}
talloc_free(loop_ctx);
} while (NT_STATUS_EQUAL(dbsync_nt_status, STATUS_MORE_ENTRIES));
if (!NT_STATUS_IS_OK(dbsync_nt_status)) {
r->out.error_string = talloc_asprintf(mem_ctx, "libnet_SamSync_netlogon failed: unexpected inconsistancy. Should not get error %s here", nt_errstr(nt_status));
talloc_free(samsync_ctx);
return dbsync_nt_status;
}
nt_status = NT_STATUS_OK;
}
talloc_free(samsync_ctx);
return nt_status;
}
static bool test_WinXP(struct torture_context *tctx, struct dcerpc_pipe *p)
{
bool ret = true;
struct test_spoolss_win_context *ctx, *tmp_ctx;
struct policy_handle handle01, handle02, handle03, handle04;
/* Sometimes a handle stays unused. In order to make this clear in the
* code, the unused_handle structures are used for that. */
struct policy_handle unused_handle1, unused_handle2;
char *server_name;
uint32_t i;
struct dcerpc_binding_handle *b = p->binding_handle;
ctx = talloc_zero(tctx, struct test_spoolss_win_context);
tmp_ctx = talloc_zero(tctx, struct test_spoolss_win_context);
ret &= test_OpenPrinterSequence(tctx, p, &handle01);
ret &= test_GetPrinterData(tctx, b, &handle01,"UISingleJobStatusString",
WERR_INVALID_PARAMETER, 0);
torture_comment(tctx, "Skip RemoteFindNextPrinterChangeNotifyEx test\n");
server_name = talloc_asprintf(ctx, "\\\\%s", dcerpc_server_name(p));
ret &= test_OpenPrinterEx(tctx, b, &unused_handle1, server_name, 0);
ret &= test_EnumPrinters(tctx, p, ctx, 1024);
ret &= test_OpenPrinterEx(tctx, b, &handle02, server_name, 0);
ret &= test_GetPrinterData(tctx, b, &handle02, "MajorVersion", WERR_OK,
3);
ret &= test_ClosePrinter(tctx, b, &handle02);
/* If no printers were found, skip all tests that need a printer */
if (ctx->printer_count == 0) {
goto end_testWinXP;
}
ret &= test_OpenPrinterEx(tctx, b, &handle02,
ctx->printer_info[0].info2.printername,
PRINTER_ACCESS_USE);
ret &= test_GetPrinter(tctx, b, &handle02, ctx, 2, 0);
torture_assert_str_equal(tctx, ctx->current_info->info2.printername,
ctx->printer_info[0].info2.printername,
"GetPrinter returned unexpected printername");
/*FIXME: Test more components of the PrinterInfo2 struct */
ret &= test_OpenPrinterEx(tctx, b, &handle03,
ctx->printer_info[0].info2.printername, 0);
ret &= test_GetPrinter(tctx, b, &handle03, ctx, 0, 1164);
ret &= test_GetPrinter(tctx, b, &handle03, ctx, 2, 0);
ret &= test_OpenPrinterEx(tctx, b, &handle04,
ctx->printer_info[0].info2.printername, 0);
ret &= test_GetPrinter(tctx, b, &handle04, ctx, 2, 0);
ret &= test_ClosePrinter(tctx, b, &handle04);
ret &= test_OpenPrinterEx(tctx, b, &handle04,
ctx->printer_info[0].info2.printername, 0);
ret &= test_GetPrinter(tctx, b, &handle04, ctx, 2, 4096);
ret &= test_ClosePrinter(tctx, b, &handle04);
ret &= test_OpenPrinterAsAdmin(tctx, b,
ctx->printer_info[0].info2.printername);
ret &= test_OpenPrinterEx(tctx, b, &handle04,
ctx->printer_info[0].info2.printername, PRINTER_READ);
ret &= test_GetPrinterData(tctx, b, &handle04,"UISingleJobStatusString",
WERR_FILE_NOT_FOUND, 0);
torture_comment(tctx, "Skip RemoteFindNextPrinterChangeNotifyEx test\n");
ret &= test_OpenPrinterEx(tctx, b, &unused_handle2,
ctx->printer_info[0].info2.printername, 0);
ret &= test_EnumJobs(tctx, b, &handle04);
ret &= test_GetPrinter(tctx, b, &handle04, ctx, 2, 4096);
ret &= test_ClosePrinter(tctx, b, &unused_handle2);
ret &= test_ClosePrinter(tctx, b, &handle04);
ret &= test_EnumPrinters(tctx, p, ctx, 1556);
ret &= test_GetPrinterDriver2(tctx, b, ctx, &handle03);
ret &= test_EnumForms(tctx, b, &handle03, 0);
ret &= test_EnumPrinterKey(tctx, b, &handle03, "", ctx);
for (i=0; ctx->printer_keys && ctx->printer_keys[i] != NULL; i++) {
ret &= test_EnumPrinterKey(tctx, b, &handle03,
ctx->printer_keys[i],
tmp_ctx);
ret &= test_EnumPrinterDataEx(tctx, b, &handle03,
ctx->printer_keys[i], 0,
WERR_OK);
}
ret &= test_EnumPrinterDataEx(tctx, b, &handle03, "", 0,
WERR_INVALID_PARAMETER);
ret &= test_GetPrinter(tctx, b, &handle03, tmp_ctx, 2, 0);
ret &= test_OpenPrinterEx(tctx, b, &unused_handle2,
ctx->printer_info[0].info2.printername, 0);
ret &= test_ClosePrinter(tctx, b, &unused_handle2);
ret &= test_GetPrinter(tctx, b, &handle03, tmp_ctx, 2, 2556);
ret &= test_OpenPrinterEx(tctx, b, &unused_handle2,
ctx->printer_info[0].info2.printername, 0);
ret &= test_ClosePrinter(tctx, b, &unused_handle2);
ret &= test_OpenPrinterEx(tctx, b, &unused_handle2,
ctx->printer_info[0].info2.printername, 0);
ret &= test_ClosePrinter(tctx, b, &unused_handle2);
ret &= test_GetPrinter(tctx, b, &handle03, tmp_ctx, 7, 0);
ret &= test_OpenPrinterEx(tctx, b, &unused_handle2,
ctx->printer_info[0].info2.printername, 0);
ret &= test_ClosePrinter(tctx, b, &unused_handle2);
ret &= test_ClosePrinter(tctx, b, &handle03);
ret &= test_OpenPrinterEx(tctx, b, &unused_handle2,
ctx->printer_info[0].info2.printername, 0);
ret &= test_ClosePrinter(tctx, b, &unused_handle2);
ret &= test_OpenPrinterEx(tctx, b, &handle03, server_name, 0);
ret &= test_GetPrinterData(tctx, b, &handle03, "W3SvcInstalled",
WERR_OK, 0);
ret &= test_ClosePrinter(tctx, b, &handle03);
ret &= test_ClosePrinter(tctx, b, &unused_handle1);
ret &= test_ClosePrinter(tctx, b, &handle02);
ret &= test_OpenPrinterEx(tctx, b, &handle02,
ctx->printer_info[0].info2.sharename, 0);
ret &= test_GetPrinter(tctx, b, &handle02, tmp_ctx, 2, 0);
ret &= test_ClosePrinter(tctx, b, &handle02);
end_testWinXP:
ret &= test_ClosePrinter(tctx, b, &handle01);
talloc_free(tmp_ctx);
talloc_free(ctx);
return ret;
}
.version = WITNESS_V1,
.net_name = NULL,
.ip_address = NULL,
.client_computer_name = lpcfg_netbios_name(tctx->lp_ctx),
.expected_status = NT_STATUS_OK,
.expected_result = WERR_INVALID_PARAMETER
},{
.version = WITNESS_V2,
.net_name = NULL,
.ip_address = NULL,
.client_computer_name = lpcfg_netbios_name(tctx->lp_ctx),
.expected_status = NT_STATUS_OK,
.expected_result = WERR_REVISION_MISMATCH
},{
.version = WITNESS_V1,
.net_name = dcerpc_server_name(p),
.ip_address = NULL,
.client_computer_name = lpcfg_netbios_name(tctx->lp_ctx),
.expected_status = NT_STATUS_OK,
.expected_result = WERR_INVALID_PARAMETER
}
};
for (i=0; i < ARRAY_SIZE(tests); i++) {
ZERO_STRUCT(r);
r.out.context_handle = &context_handle;
r.in.version = tests[i].version;
static bool find_sofs_share(struct torture_context *tctx,
const char **sofs_sharename)
{
struct dcerpc_pipe *p;
struct dcerpc_binding_handle *b;
struct srvsvc_NetShareEnumAll r;
struct srvsvc_NetShareInfoCtr info_ctr;
struct srvsvc_NetShareCtr1 ctr1;
uint32_t resume_handle = 0;
uint32_t totalentries = 0;
int i;
torture_assert_ntstatus_ok(tctx,
torture_rpc_connection_transport(tctx, &p, &ndr_table_srvsvc,
NCACN_NP, 0, 0),
"failed to setup srvsvc connection");
b = p->binding_handle;
ZERO_STRUCT(ctr1);
info_ctr.level = 1;
info_ctr.ctr.ctr1 = &ctr1;
r.in.server_unc = dcerpc_server_name(p);
r.in.max_buffer = -1;
r.in.info_ctr = &info_ctr;
r.in.resume_handle = &resume_handle;
r.out.totalentries = &totalentries;
r.out.info_ctr = &info_ctr;
r.out.resume_handle = &resume_handle;
torture_assert_ntstatus_ok(tctx,
dcerpc_srvsvc_NetShareEnumAll_r(b, tctx, &r),
"failed to call srvsvc_NetShareEnumAll");
torture_assert_werr_ok(tctx,
r.out.result,
"failed to call srvsvc_NetShareEnumAll");
for (i=0; i < r.out.info_ctr->ctr.ctr1->count; i++) {
if (r.out.info_ctr->ctr.ctr1->array[i].type == STYPE_CLUSTER_SOFS) {
*sofs_sharename = talloc_strdup(tctx, r.out.info_ctr->ctr.ctr1->array[i].name);
if (*sofs_sharename == NULL) {
return false;
}
torture_comment(tctx, "using SOFS share: %s\n", *sofs_sharename);
return true;
}
if (r.out.info_ctr->ctr.ctr1->array[i].type == STYPE_DISKTREE) {
*sofs_sharename = talloc_strdup(tctx, r.out.info_ctr->ctr.ctr1->array[i].name);
if (*sofs_sharename == NULL) {
return false;
}
torture_comment(tctx, "assuming SOFS share: %s\n", *sofs_sharename);
return true;
}
}
return false;
}
static bool test_NetrUnjoinDomain2(struct torture_context *tctx,
struct dcerpc_pipe *p)
{
NTSTATUS status;
struct wkssvc_NetrUnjoinDomain2 r;
const char *domain_admin_account = NULL;
const char *domain_admin_password = NULL;
struct wkssvc_PasswordBuffer *pwd_buf;
enum wkssvc_NetJoinStatus join_status;
const char *join_name = NULL;
WERROR expected_err;
DATA_BLOB session_key;
struct dcerpc_binding_handle *b = p->binding_handle;
/* FIXME: this test assumes to join workstations / servers and does not
* handle DCs (WERR_SETUP_DOMAIN_CONTROLLER) */
if (!test_GetJoinInformation(tctx, p, &join_status, &join_name))
{
return false;
}
switch (join_status) {
case NET_SETUP_UNJOINED:
expected_err = WERR_SETUP_NOT_JOINED;
break;
case NET_SETUP_DOMAIN_NAME:
case NET_SETUP_UNKNOWN_STATUS:
case NET_SETUP_WORKGROUP_NAME:
default:
expected_err = WERR_OK;
break;
}
domain_admin_account = torture_setting_string(tctx, "domain_admin_account", NULL);
domain_admin_password = torture_setting_string(tctx, "domain_admin_password", NULL);
if ((domain_admin_account == NULL) ||
(domain_admin_password == NULL)) {
torture_comment(tctx, "not enough input parameter\n");
return false;
}
status = dcerpc_fetch_session_key(p, &session_key);
if (!NT_STATUS_IS_OK(status)) {
return false;
}
encode_wkssvc_join_password_buffer(tctx, domain_admin_password,
&session_key, &pwd_buf);
r.in.server_name = dcerpc_server_name(p);
r.in.account = domain_admin_account;
r.in.encrypted_password = pwd_buf;
r.in.unjoin_flags = 0;
torture_comment(tctx, "Testing NetrUnjoinDomain2 (assuming non-DC)\n");
status = dcerpc_wkssvc_NetrUnjoinDomain2_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status,
"NetrUnjoinDomain2 failed");
torture_assert_werr_equal(tctx, r.out.result, expected_err,
"NetrUnjoinDomain2 failed");
if (!test_GetJoinInformation(tctx, p, &join_status, &join_name))
{
return false;
}
switch (join_status) {
case NET_SETUP_UNJOINED:
case NET_SETUP_WORKGROUP_NAME:
break;
case NET_SETUP_UNKNOWN_STATUS:
case NET_SETUP_DOMAIN_NAME:
default:
torture_comment(tctx,
"Unjoin verify failed: got %d\n", join_status);
return false;
}
return true;
}
static bool test_NetrUseGetInfo(struct torture_context *tctx,
struct dcerpc_pipe *p)
{
NTSTATUS status;
struct wkssvc_NetrUseEnum r;
uint32_t handle = 0;
uint32_t entries_read = 0;
struct wkssvc_NetrUseEnumInfo info;
struct wkssvc_NetrUseEnumCtr0 *use0;
uint32_t levels[] = { 0, 1, 2 };
const char *use_name = NULL;
int i, k;
struct dcerpc_binding_handle *b = p->binding_handle;
ZERO_STRUCT(info);
info.level = 0;
use0 = talloc_zero(tctx, struct wkssvc_NetrUseEnumCtr0);
info.ctr.ctr0 = use0;
r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
r.in.prefmaxlen = (uint32_t)-1;
r.in.info = r.out.info = &info;
r.in.resume_handle = r.out.resume_handle = &handle;
r.out.entries_read = &entries_read;
status = dcerpc_wkssvc_NetrUseEnum_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status,
"NetrUseEnum failed");
torture_assert_werr_ok(tctx, r.out.result,
"NetrUseEnum failed");
for (k=0; k < r.out.info->ctr.ctr0->count; k++) {
use_name = r.out.info->ctr.ctr0->array[k].local;
for (i=0; i<ARRAY_SIZE(levels); i++) {
if (!test_NetrUseGetInfo_level(tctx, p, use_name,
levels[i],
WERR_OK))
{
if (levels[i] != 0) {
return false;
}
}
}
use_name = r.out.info->ctr.ctr0->array[k].remote;
for (i=0; i<ARRAY_SIZE(levels); i++) {
if (!test_NetrUseGetInfo_level(tctx, p, use_name,
levels[i],
WERR_NOT_CONNECTED))
{
if (levels[i] != 0) {
return false;
}
}
}
}
return true;
}
