/**
* Creates a Group object using SAMR interface
*
* @param group_name [in] Name of the group to create
* @param rid [out] RID of group created. May be NULL in
* which case RID is not required by caller
*/
bool test_group_create(struct torture_context *tctx,
struct dcerpc_binding_handle *b,
TALLOC_CTX *mem_ctx,
struct policy_handle *handle,
const char *group_name,
uint32_t *rid)
{
uint32_t group_rid;
struct lsa_String groupname;
struct samr_CreateDomainGroup r;
struct policy_handle group_handle;
groupname.string = group_name;
r.in.domain_handle = handle;
r.in.name = &groupname;
r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
r.out.group_handle = &group_handle;
/* use local variable in case caller
* don't care about the group RID */
r.out.rid = rid ? rid : &group_rid;
torture_comment(tctx, "creating group account %s\n", group_name);
torture_assert_ntstatus_ok(tctx,
dcerpc_samr_CreateDomainGroup_r(b, mem_ctx, &r),
"CreateGroup failed");
if (!NT_STATUS_IS_OK(r.out.result)) {
torture_comment(tctx, "CreateGroup failed - %s\n", nt_errstr(r.out.result));
if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_GROUP_EXISTS)) {
torture_comment(tctx,
"Group (%s) already exists - "
"attempting to delete and recreate group again\n",
group_name);
if (!test_group_cleanup(tctx, b, mem_ctx, handle, group_name)) {
return false;
}
torture_comment(tctx, "creating group account\n");
torture_assert_ntstatus_ok(tctx,
dcerpc_samr_CreateDomainGroup_r(b, mem_ctx, &r),
"CreateGroup failed");
torture_assert_ntstatus_ok(tctx, r.out.result,
"CreateGroup failed");
/* be nice and close opened handles */
test_samr_close_handle(tctx, b, mem_ctx, &group_handle);
return true;
}
return false;
}
/* be nice and close opened handles */
test_samr_close_handle(tctx, b, mem_ctx, &group_handle);
return true;
}
bool torture_groupinfo(struct torture_context *torture)
{
NTSTATUS status;
struct dcerpc_pipe *p;
TALLOC_CTX *mem_ctx;
bool ret = true;
struct policy_handle h;
struct lsa_String name;
struct dom_sid2 sid;
uint32_t rid;
struct dcerpc_binding_handle *b;
mem_ctx = talloc_init("test_userinfo");
status = torture_rpc_connection(torture,
&p,
&ndr_table_samr);
if (!NT_STATUS_IS_OK(status)) {
return false;
}
b = p->binding_handle;
name.string = lpcfg_workgroup(torture->lp_ctx);
/*
* Testing synchronous version
*/
if (!test_domain_open(torture, b, &name, mem_ctx, &h, &sid)) {
ret = false;
goto done;
}
if (!test_group_create(torture, b, mem_ctx, &h, TEST_GROUPNAME, &rid)) {
ret = false;
goto done;
}
if (!test_groupinfo(torture, p, mem_ctx, &h, &sid, TEST_GROUPNAME, &rid)) {
ret = false;
goto done;
}
if (!test_group_cleanup(torture, b, mem_ctx, &h, TEST_GROUPNAME)) {
ret = false;
goto done;
}
done:
talloc_free(mem_ctx);
return ret;
}
bool test_group_create(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *handle, const char *name,
uint32_t *rid)
{
NTSTATUS status;
struct lsa_String groupname;
struct samr_CreateDomainGroup r;
struct policy_handle group_handle;
groupname.string = name;
r.in.domain_handle = handle;
r.in.name = &groupname;
r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
r.out.group_handle = &group_handle;
r.out.rid = rid;
printf("creating group account %s\n", name);
status = dcerpc_samr_CreateDomainGroup(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
printf("CreateGroup failed - %s\n", nt_errstr(status));
if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
printf("Group (%s) already exists - attempting to delete and recreate account again\n", name);
if (!test_group_cleanup(p, mem_ctx, handle, name)) {
return false;
}
printf("creating group account\n");
status = dcerpc_samr_CreateDomainGroup(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
printf("CreateGroup failed - %s\n", nt_errstr(status));
return false;
}
return true;
}
return false;
}
return true;
}
bool torture_creategroup(struct torture_context *torture)
{
bool ret = true;
NTSTATUS status;
TALLOC_CTX *mem_ctx = NULL;
struct libnet_context *ctx;
struct libnet_CreateGroup req;
mem_ctx = talloc_init("test_creategroup");
ctx = libnet_context_init(torture->ev, torture->lp_ctx);
ctx->cred = popt_get_cmdline_credentials();
req.in.group_name = TEST_GROUPNAME;
req.in.domain_name = lpcfg_workgroup(torture->lp_ctx);
req.out.error_string = NULL;
status = libnet_CreateGroup(ctx, mem_ctx, &req);
if (!NT_STATUS_IS_OK(status)) {
torture_comment(torture, "libnet_CreateGroup call failed: %s\n", nt_errstr(status));
ret = false;
goto done;
}
if (!test_group_cleanup(torture, ctx->samr.pipe->binding_handle,
mem_ctx, &ctx->samr.handle, TEST_GROUPNAME)) {
torture_comment(torture, "cleanup failed\n");
ret = false;
goto done;
}
if (!test_samr_close_handle(torture,
ctx->samr.pipe->binding_handle, mem_ctx, &ctx->samr.handle)) {
torture_comment(torture, "domain close failed\n");
ret = false;
}
done:
talloc_free(ctx);
talloc_free(mem_ctx);
return ret;
}
bool torture_groupadd(struct torture_context *torture)
{
NTSTATUS status;
struct dcerpc_pipe *p;
struct policy_handle h;
struct lsa_String domain_name;
struct dom_sid2 sid;
const char *name = TEST_GROUPNAME;
TALLOC_CTX *mem_ctx;
bool ret = true;
struct dcerpc_binding_handle *b;
mem_ctx = talloc_init("test_groupadd");
status = torture_rpc_connection(torture,
&p,
&ndr_table_samr);
torture_assert_ntstatus_ok(torture, status, "RPC connection");
b = p->binding_handle;
domain_name.string = lpcfg_workgroup(torture->lp_ctx);
if (!test_domain_open(torture, b, &domain_name, mem_ctx, &h, &sid)) {
ret = false;
goto done;
}
if (!test_groupadd(p, mem_ctx, &h, name)) {
ret = false;
goto done;
}
if (!test_group_cleanup(torture, b, mem_ctx, &h, name)) {
ret = false;
goto done;
}
done:
talloc_free(mem_ctx);
return ret;
}
bool torture_groupinfo_api(struct torture_context *torture)
{
const char *name = TEST_GROUPNAME;
bool ret = true;
NTSTATUS status;
TALLOC_CTX *mem_ctx = NULL, *prep_mem_ctx;
struct libnet_context *ctx = NULL;
struct dcerpc_pipe *p;
struct policy_handle h;
struct lsa_String domain_name;
struct libnet_GroupInfo req;
prep_mem_ctx = talloc_init("prepare torture group info");
status = torture_rpc_connection(torture,
&p,
&ndr_table_samr);
if (!NT_STATUS_IS_OK(status)) {
return false;
}
domain_name.string = lpcfg_workgroup(torture->lp_ctx);
if (!test_domain_open(torture, p->binding_handle, &domain_name, prep_mem_ctx, &h, NULL)) {
ret = false;
goto done;
}
if (!test_group_create(torture, p->binding_handle, prep_mem_ctx, &h, name, NULL)) {
ret = false;
goto done;
}
mem_ctx = talloc_init("torture group info");
if (!test_libnet_context_init(torture, true, &ctx)) {
return false;
}
ZERO_STRUCT(req);
req.in.domain_name = domain_name.string;
req.in.level = GROUP_INFO_BY_NAME;
req.in.data.group_name = name;
status = libnet_GroupInfo(ctx, mem_ctx, &req);
if (!NT_STATUS_IS_OK(status)) {
torture_comment(torture, "libnet_GroupInfo call failed: %s\n", nt_errstr(status));
ret = false;
goto done;
}
if (!test_group_cleanup(torture, ctx->samr.pipe->binding_handle,
mem_ctx, &ctx->samr.handle, TEST_GROUPNAME)) {
torture_comment(torture, "cleanup failed\n");
ret = false;
goto done;
}
if (!test_samr_close_handle(torture,
ctx->samr.pipe->binding_handle, mem_ctx, &ctx->samr.handle)) {
torture_comment(torture, "domain close failed\n");
ret = false;
}
done:
talloc_free(ctx);
talloc_free(mem_ctx);
return ret;
}
