Esempio n. 1
0
static bool test_handles_drsuapi(struct torture_context *torture)
{
	NTSTATUS status;
	struct dcerpc_pipe *p1, *p2;
	struct policy_handle handle;
	struct policy_handle handle2;
	struct GUID bind_guid;
	struct drsuapi_DsBind r;
	struct drsuapi_DsUnbind c;
	TALLOC_CTX *mem_ctx = talloc_new(torture);

	torture_comment(torture, "RPC-HANDLE-DRSUAPI\n");

	status = torture_rpc_connection(mem_ctx, &p1, &dcerpc_table_drsuapi);
	torture_assert_ntstatus_ok(torture, status, "opening drsuapi pipe1");

	status = torture_rpc_connection(mem_ctx, &p2, &dcerpc_table_drsuapi);
	torture_assert_ntstatus_ok(torture, status, "opening drsuapi pipe1");

	GUID_from_string(DRSUAPI_DS_BIND_GUID, &bind_guid);

	r.in.bind_guid = &bind_guid;
	r.in.bind_info = NULL;
	r.out.bind_handle = &handle;

	status = dcerpc_drsuapi_DsBind(p1, mem_ctx, &r);
	if (!NT_STATUS_IS_OK(status)) {
		torture_comment(torture, "drsuapi_DsBind not supported - skipping\n");
		talloc_free(mem_ctx);
		return true;
	}

	c.in.bind_handle = &handle;
	c.out.bind_handle = &handle2;

	status = dcerpc_drsuapi_DsUnbind(p2, mem_ctx, &c);
	torture_assert_ntstatus_equal(torture, status, NT_STATUS_NET_WRITE_FAULT, 
				      "closing policy handle on p2");
	torture_assert_int_equal(torture, p2->last_fault_code, DCERPC_FAULT_CONTEXT_MISMATCH, 
				      "closing policy handle on p2");

	status = dcerpc_drsuapi_DsUnbind(p1, mem_ctx, &c);
	torture_assert_ntstatus_ok(torture, status, "closing policy handle on p1");

	status = dcerpc_drsuapi_DsUnbind(p1, mem_ctx, &c);
	torture_assert_ntstatus_equal(torture, status, NT_STATUS_NET_WRITE_FAULT, 
				      "closing policy handle on p1 again");
	torture_assert_int_equal(torture, p1->last_fault_code, DCERPC_FAULT_CONTEXT_MISMATCH, 
				      "closing policy handle on p1 again");
	
	talloc_free(mem_ctx);

	return true;
}
Esempio n. 2
0
static bool test_handles_samr(struct torture_context *torture)
{
	NTSTATUS status;
	struct dcerpc_pipe *p1, *p2;
	struct dcerpc_binding_handle *b1, *b2;
	struct policy_handle handle;
	struct policy_handle handle2;
	struct samr_Connect r;
	struct samr_Close c;
	TALLOC_CTX *mem_ctx = talloc_new(torture);

	torture_comment(torture, "RPC-HANDLE-SAMR\n");

	status = torture_rpc_connection(torture, &p1, &ndr_table_samr);
	torture_assert_ntstatus_ok(torture, status, "opening samr pipe1");
	b1 = p1->binding_handle;

	status = torture_rpc_connection(torture, &p2, &ndr_table_samr);
	torture_assert_ntstatus_ok(torture, status, "opening samr pipe2");
	b2 = p2->binding_handle;

	r.in.system_name = 0;
	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
	r.out.connect_handle = &handle;

	torture_assert_ntstatus_ok(torture, dcerpc_samr_Connect_r(b1, mem_ctx, &r),
		"Connect failed");
	torture_assert_ntstatus_ok(torture, r.out.result, "opening policy handle on p1");

	c.in.handle = &handle;
	c.out.handle = &handle2;

	status = dcerpc_samr_Close_r(b2, mem_ctx, &c);
	torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
				      "closing policy handle on p2");

	torture_assert_ntstatus_ok(torture, dcerpc_samr_Close_r(b1, mem_ctx, &c),
		"Close failed");
	torture_assert_ntstatus_ok(torture, c.out.result, "closing policy handle on p1");

	status = dcerpc_samr_Close_r(b1, mem_ctx, &c);
	torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
				      "closing policy handle on p1 again");
	
	talloc_free(mem_ctx);

	return true;
}
Esempio n. 3
0
bool torture_delshare(struct torture_context *torture)
{
	struct dcerpc_pipe *p;
	struct dcerpc_binding *binding;
	struct libnet_context* libnetctx;
	const char *host;
	NTSTATUS  status;
	bool ret = true;
	struct libnet_DelShare share;

	host = torture_setting_string(torture, "host", NULL);
	status = torture_rpc_binding(torture, &binding);
	torture_assert_ntstatus_ok(torture, status, "Failed to get binding");

	libnetctx = libnet_context_init(torture->ev, torture->lp_ctx);
	libnetctx->cred = popt_get_cmdline_credentials();

	status = torture_rpc_connection(torture,
					&p,
					&ndr_table_srvsvc);

	torture_assert_ntstatus_ok(torture, status, "Failed to get rpc connection");

	if (!test_addshare(torture, p->binding_handle, torture, host, TEST_SHARENAME)) {
		return false;
	}

	share.in.server_name	= dcerpc_binding_get_string_option(binding, "host");
	share.in.share_name	= TEST_SHARENAME;

	status = libnet_DelShare(libnetctx, torture, &share);
	torture_assert_ntstatus_ok(torture, status, "Failed to delete share");

	return ret;
}
Esempio n. 4
0
BOOL torture_rpc_epmapper(struct torture_context *torture)
{
        NTSTATUS status;
        struct dcerpc_pipe *p;
	TALLOC_CTX *mem_ctx;
	BOOL ret = True;

	mem_ctx = talloc_init("torture_rpc_epmapper");

	status = torture_rpc_connection(mem_ctx, &p, &dcerpc_table_epmapper);
	if (!NT_STATUS_IS_OK(status)) {
		talloc_free(mem_ctx);
		return False;
	}

	if (!test_Lookup(p, mem_ctx)) {
		ret = False;
	}

	if (!test_Insert(p, mem_ctx)) {
		ret = False;
	}

	if (!test_InqObject(p, mem_ctx)) {
		ret = False;
	}

	talloc_free(mem_ctx);

	return ret;
}
Esempio n. 5
0
bool torture_usermod(struct torture_context *torture)
{
	NTSTATUS status;
	struct dcerpc_pipe *p;
	struct policy_handle h;
	struct lsa_String domain_name;
	struct dom_sid2 sid;
	uint32_t rid;
	int i;
	char *name;
	TALLOC_CTX *mem_ctx;
	bool ret = true;
	struct dcerpc_binding_handle *b;

	mem_ctx = talloc_init("test_userdel");

	status = torture_rpc_connection(torture,
					&p,
					&ndr_table_samr);

	torture_assert_ntstatus_ok(torture, status, "RPC connect");
	b = p->binding_handle;

	domain_name.string = lpcfg_workgroup(torture->lp_ctx);
	name = talloc_strdup(mem_ctx, TEST_USERNAME);

	if (!test_domain_open(torture, b, &domain_name, mem_ctx, &h, &sid)) {
		ret = false;
		goto done;
	}

	if (!test_user_create(torture, b, mem_ctx, &h, name, &rid)) {
		ret = false;
		goto done;
	}

	for (i = USER_FIELD_FIRST; i <= USER_FIELD_LAST; i++) {
		struct libnet_rpc_usermod m;

		if (!test_usermod(torture, p, mem_ctx, &h, i, &m, &name)) {
			ret = false;
			goto cleanup;
		}

		if (!test_compare(torture, p, mem_ctx, &h, &m, name)) {
			ret = false;
			goto cleanup;
		}
	}

cleanup:
	if (!test_user_cleanup(torture, b, mem_ctx, &h, TEST_USERNAME)) {
		ret = false;
		goto done;
	}

done:
	talloc_free(mem_ctx);
	return ret;
}
Esempio n. 6
0
BOOL torture_rpc_svcctl(struct torture_context *torture)
{
        NTSTATUS status;
        struct dcerpc_pipe *p;
		struct policy_handle h;
	TALLOC_CTX *mem_ctx;
	BOOL ret = True;

	mem_ctx = talloc_init("torture_rpc_svcctl");

	status = torture_rpc_connection(mem_ctx, &p, &dcerpc_table_svcctl);
	if (!NT_STATUS_IS_OK(status)) {
		talloc_free(mem_ctx);
		return False;
	}

	if (!test_OpenSCManager(p, mem_ctx, &h)) {
		ret = False;
	}

	if (!test_EnumServicesStatus(p, mem_ctx, &h)) {
		ret = False;
	}

	if (!test_CloseServiceHandle(p, mem_ctx, &h)) {
		ret = False;
	}

	talloc_free(mem_ctx);

	return ret;
}
Esempio n. 7
0
static bool test_handles_samr(struct torture_context *torture)
{
	NTSTATUS status;
	struct dcerpc_pipe *p1, *p2;
	struct policy_handle handle;
	struct policy_handle handle2;
	struct samr_Connect r;
	struct samr_Close c;
	TALLOC_CTX *mem_ctx = talloc_new(torture);

	torture_comment(torture, "RPC-HANDLE-SAMR\n");

	status = torture_rpc_connection(mem_ctx, &p1, &dcerpc_table_samr);
	torture_assert_ntstatus_ok(torture, status, "opening samr pipe1");

	status = torture_rpc_connection(mem_ctx, &p2, &dcerpc_table_samr);
	torture_assert_ntstatus_ok(torture, status, "opening samr pipe1");

	r.in.system_name = 0;
	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
	r.out.connect_handle = &handle;

	status = dcerpc_samr_Connect(p1, mem_ctx, &r);
	torture_assert_ntstatus_ok(torture, status, "opening policy handle on p1");

	c.in.handle = &handle;
	c.out.handle = &handle2;

	status = dcerpc_samr_Close(p2, mem_ctx, &c);
	torture_assert_ntstatus_equal(torture, status, NT_STATUS_NET_WRITE_FAULT, 
				      "closing policy handle on p2");
	torture_assert_int_equal(torture, p2->last_fault_code, DCERPC_FAULT_CONTEXT_MISMATCH, 
				      "closing policy handle on p2");

	status = dcerpc_samr_Close(p1, mem_ctx, &c);
	torture_assert_ntstatus_ok(torture, status, "closing policy handle on p1");

	status = dcerpc_samr_Close(p1, mem_ctx, &c);
	torture_assert_ntstatus_equal(torture, status, NT_STATUS_NET_WRITE_FAULT, 
				      "closing policy handle on p1 again");
	torture_assert_int_equal(torture, p1->last_fault_code, DCERPC_FAULT_CONTEXT_MISMATCH, 
				      "closing policy handle on p1 again");
	
	talloc_free(mem_ctx);

	return true;
}
Esempio n. 8
0
static bool test_random_uuid(struct torture_context *torture)
{
	NTSTATUS status;
	struct dcerpc_pipe *p1, *p2;
	struct rpc_request *req;
	struct GUID uuid;
	struct dssetup_DsRoleGetPrimaryDomainInformation r1;
	struct lsa_GetUserName r2;
	struct lsa_String *authority_name_p = NULL;
	struct lsa_String *account_name_p = NULL;

	torture_comment(torture, "RPC-OBJECTUUID-RANDOM\n");

	status = torture_rpc_connection(torture, &p1, &ndr_table_dssetup);
	torture_assert_ntstatus_ok(torture, status, "opening dsetup pipe1");

	status = torture_rpc_connection(torture, &p2, &ndr_table_lsarpc);
	torture_assert_ntstatus_ok(torture, status, "opening lsa pipe1");

	uuid = GUID_random();

	r1.in.level = DS_ROLE_BASIC_INFORMATION;
	status = dcerpc_ndr_request(p1, &uuid,
				    &ndr_table_dssetup,
				    NDR_DSSETUP_DSROLEGETPRIMARYDOMAININFORMATION,
				    torture, &r1);
	torture_assert_ntstatus_ok(torture, status, "DsRoleGetPrimaryDomainInformation failed");
	torture_assert_werr_ok(torture, r1.out.result, "DsRoleGetPrimaryDomainInformation failed");

	uuid = GUID_random();

	r2.in.system_name = "\\";
	r2.in.account_name = &account_name_p;
	r2.in.authority_name = &authority_name_p;
	r2.out.account_name = &account_name_p;
	r2.out.authority_name = &authority_name_p;

	status = dcerpc_ndr_request(p2, &uuid,
				    &ndr_table_lsarpc,
				    NDR_LSA_GETUSERNAME,
				    torture, &r2);
	torture_assert_ntstatus_ok(torture, status, "lsaClose failed");
	torture_assert_ntstatus_ok(torture, r2.out.result, "lsaClose failed");

	return true;
}
Esempio n. 9
0
static bool test_rpc_netservergetinfo(struct torture_context *tctx,
				      struct smbcli_state *cli)
{
	struct rap_WserverGetInfo r;
	struct dcerpc_pipe *p;
	struct dcerpc_binding_handle *b;
	struct srvsvc_NetSrvGetInfo s;
	union srvsvc_NetSrvInfo info;

	const char *server_name;

	torture_assert_ntstatus_ok(tctx,
		torture_rpc_connection(tctx, &p, &ndr_table_srvsvc),
		"failed to open srvsvc");

	b = p->binding_handle;

	s.in.server_unc = NULL;
	s.in.level = 101;
	s.out.info = &info;

	torture_assert_ntstatus_ok(tctx,
		dcerpc_srvsvc_NetSrvGetInfo_r(b, tctx, &s),
		"srvsvc_NetSrvGetInfo level 101 failed");
	torture_assert_werr_ok(tctx, s.out.result,
		"srvsvc_NetSrvGetInfo level 101 failed");

	r.in.bufsize = 0xffff;
	r.in.level = 0;

	torture_assert_ntstatus_ok(tctx,
		smbcli_rap_netservergetinfo(cli->tree, tctx, &r),
		"rap_netservergetinfo level 0 failed");
	torture_assert_int_equal(tctx, r.out.status, 0,
		"rap_netservergetinfo level 0 failed");

	server_name = talloc_strndup(tctx, info.info101->server_name, 16);

	torture_assert_str_equal(tctx, (const char *)r.out.info.info0.name, server_name, "server name");

	r.in.level = 1;

	torture_assert_ntstatus_ok(tctx,
		smbcli_rap_netservergetinfo(cli->tree, tctx, &r),
		"rap_netservergetinfo level 1 failed");
	torture_assert_int_equal(tctx, r.out.status, 0,
		"rap_netservergetinfo level 1 failed");

	torture_assert_str_equal(tctx, (const char *)r.out.info.info1.name, server_name, "server name");
	torture_assert_int_equal(tctx, r.out.info.info1.version_major, info.info101->version_major, "version major");
	torture_assert_int_equal(tctx, r.out.info.info1.version_minor, info.info101->version_minor, "version minor");
	torture_assert_int_equal(tctx, r.out.info.info1.servertype, info.info101->server_type, "server_type");
	torture_assert_str_equal(tctx, r.out.info.info1.comment, info.info101->comment, "comment");

	talloc_free(p);

	return true;
}
Esempio n. 10
0
/**
 * Create and initialize libnet_context Context.
 * Use this function in cases where we need to have SAMR and LSA pipes
 * of libnet_context to be connected before executing any other
 * libnet call
 *
 * @param rpc_connect [in] Connects SAMR and LSA pipes
 */
bool test_libnet_context_init(struct torture_context *tctx,
			      bool rpc_connect,
			      struct libnet_context **_net_ctx)
{
	NTSTATUS status;
	bool bret = true;
	struct libnet_context *net_ctx;

	net_ctx = libnet_context_init(tctx->ev, tctx->lp_ctx);
	torture_assert(tctx, net_ctx != NULL, "Failed to create libnet_context");

	/* Use command line credentials for testing */
	net_ctx->cred = cmdline_credentials;

	if (rpc_connect) {
		/* connect SAMR pipe */
		status = torture_rpc_connection(tctx,
						&net_ctx->samr.pipe,
						&ndr_table_samr);
		torture_assert_ntstatus_ok_goto(tctx, status, bret, done,
						"Failed to connect SAMR pipe");

		net_ctx->samr.samr_handle = net_ctx->samr.pipe->binding_handle;

		/* connect LSARPC pipe */
		status = torture_rpc_connection(tctx,
						&net_ctx->lsa.pipe,
						&ndr_table_lsarpc);
		torture_assert_ntstatus_ok_goto(tctx, status, bret, done,
						"Failed to connect LSA pipe");

		net_ctx->lsa.lsa_handle = net_ctx->lsa.pipe->binding_handle;
	}

	*_net_ctx = net_ctx;

done:
	if (!bret) {
		/* a previous call has failed,
		 * clean up memory before exit */
		talloc_free(net_ctx);
	}
	return bret;
}
Esempio n. 11
0
bool torture_useradd(struct torture_context *torture)
{
	NTSTATUS status;
	struct dcerpc_pipe *p;
	struct policy_handle h;
	struct lsa_String domain_name;
	struct dom_sid2 sid;
	const char *name = TEST_USERNAME;
	TALLOC_CTX *mem_ctx;
	bool ret = true;
	struct dcerpc_binding_handle *b;

	mem_ctx = talloc_init("test_useradd");

	status = torture_rpc_connection(torture,
					&p,
					&ndr_table_samr);

	torture_assert_ntstatus_ok(torture, status, "RPC connect failed");
	b = p->binding_handle;

	domain_name.string = lpcfg_workgroup(torture->lp_ctx);
	if (!test_domain_open(torture, b, &domain_name, mem_ctx, &h, &sid)) {
		ret = false;
		goto done;
	}

	if (!test_useradd(torture, p, mem_ctx, &h, name)) {
		ret = false;
		goto done;
	}

	if (!test_user_cleanup(torture, b, mem_ctx, &h, name)) {
		ret = false;
		goto done;
	}

	if (!test_domain_open(torture, b, &domain_name, mem_ctx, &h, &sid)) {
		ret = false;
		goto done;
	}

	if (!test_useradd_async(torture, p, mem_ctx, &h, name)) {
		ret = false;
		goto done;
	}

	if (!test_user_cleanup(torture, b, mem_ctx, &h, name)) {
		ret = false;
		goto done;
	}

done:
	talloc_free(mem_ctx);
	return ret;
}
Esempio n. 12
0
bool torture_groupinfo(struct torture_context *torture)
{
	NTSTATUS status;
	struct dcerpc_pipe *p;
	TALLOC_CTX *mem_ctx;
	bool ret = true;
	struct policy_handle h;
	struct lsa_String name;
	struct dom_sid2 sid;
	uint32_t rid;
	struct dcerpc_binding_handle *b;

	mem_ctx = talloc_init("test_userinfo");

	status = torture_rpc_connection(torture,
					&p,
					&ndr_table_samr);

	if (!NT_STATUS_IS_OK(status)) {
		return false;
	}
	b = p->binding_handle;

	name.string = lpcfg_workgroup(torture->lp_ctx);

	/*
	 * Testing synchronous version
	 */
	if (!test_domain_open(torture, b, &name, mem_ctx, &h, &sid)) {
		ret = false;
		goto done;
	}

	if (!test_group_create(torture, b, mem_ctx, &h, TEST_GROUPNAME, &rid)) {
		ret = false;
		goto done;
	}

	if (!test_groupinfo(torture, p, mem_ctx, &h, &sid, TEST_GROUPNAME, &rid)) {
		ret = false;
		goto done;
	}

	if (!test_group_cleanup(torture, b, mem_ctx, &h, TEST_GROUPNAME)) {
		ret = false;
		goto done;
	}

done:
	talloc_free(mem_ctx);

	return ret;
}
Esempio n. 13
0
static bool torture_rpc_spoolss_access_teardown_common(struct torture_context *tctx, struct torture_access_context *t)
{
    if (t->user.testuser) {
        torture_leave_domain(tctx, t->user.testuser);
    }

    /* remove membership ? */
    if (t->user.num_builtin_memberships) {
    }

    /* remove privs ? */
    if (t->user.num_privs) {
    }

    /* restore sd */
    if (t->user.sd && t->printername) {
        struct policy_handle handle;
        struct spoolss_SetPrinterInfoCtr info_ctr;
        struct spoolss_SetPrinterInfo3 info3;
        struct spoolss_DevmodeContainer devmode_ctr;
        struct sec_desc_buf secdesc_ctr;
        struct dcerpc_pipe *spoolss_pipe;
        struct dcerpc_binding_handle *b;

        torture_assert_ntstatus_ok(tctx,
                                   torture_rpc_connection(tctx, &spoolss_pipe, &ndr_table_spoolss),
                                   "Error connecting to server");

        b = spoolss_pipe->binding_handle;

        ZERO_STRUCT(info_ctr);
        ZERO_STRUCT(info3);
        ZERO_STRUCT(devmode_ctr);
        ZERO_STRUCT(secdesc_ctr);

        info_ctr.level = 3;
        info_ctr.info.info3 = &info3;
        secdesc_ctr.sd = t->sd_orig;

        torture_assert(tctx,
                       test_openprinter_handle(tctx, spoolss_pipe, "", t->printername, "", SEC_FLAG_MAXIMUM_ALLOWED, WERR_OK, &handle),
                       "failed to open printer");

        torture_assert(tctx,
                       test_SetPrinter(tctx, b, &handle, &info_ctr, &devmode_ctr, &secdesc_ctr, 0),
                       "failed to set sd");

        talloc_free(spoolss_pipe);
    }

    return true;
}
Esempio n. 14
0
static void reopen(struct torture_context *tctx, 
		   struct dcerpc_pipe **p, 
		   const struct ndr_interface_table *iface)
{
	NTSTATUS status;

	talloc_free(*p);

	status = torture_rpc_connection(tctx, p, iface);
	if (!NT_STATUS_IS_OK(status)) {
		printf("Failed to reopen '%s' - %s\n", iface->name, nt_errstr(status));
		exit(1);
	}
}
Esempio n. 15
0
BOOL torture_delshare(struct torture_context *torture)
{
	struct dcerpc_pipe *p;
	struct dcerpc_binding *bind;
	struct libnet_context* libnetctx;
	const char *host, *binding;
	TALLOC_CTX *mem_ctx;
	NTSTATUS  status;
	BOOL ret = True;
	struct libnet_DelShare share;
	
	mem_ctx = talloc_init("test_listshares");
	host = torture_setting_string(torture, "host", NULL);
	binding = torture_setting_string(torture, "binding", NULL);
	status = dcerpc_parse_binding(mem_ctx, binding, &bind);
	if (!NT_STATUS_IS_OK(status)) {
		printf("Error while parsing the binding string\n");
		ret = False;
		goto done;
	}

	libnetctx = libnet_context_init(NULL);
	libnetctx->cred = cmdline_credentials;

	status = torture_rpc_connection(mem_ctx,
					&p,
					&dcerpc_table_srvsvc);

	if (!test_addshare(p, mem_ctx, host, TEST_SHARENAME)) {
		ret = False;
		goto done;
	}

	share.in.server_name	= bind->host;
	share.in.share_name	= TEST_SHARENAME;

	status = libnet_DelShare(libnetctx, mem_ctx, &share);
	if (!NT_STATUS_IS_OK(status)) {
		ret = False;
		goto done;
	}


done:
	talloc_free(mem_ctx);
	return ret;
}
Esempio n. 16
0
static bool torture_rpc_setup (struct torture_context *tctx, void **data)
{
	NTSTATUS status;
	struct torture_rpc_tcase *tcase = talloc_get_type(
						tctx->active_tcase, struct torture_rpc_tcase);
	struct torture_rpc_tcase_data *tcase_data;

	*data = tcase_data = talloc_zero(tctx, struct torture_rpc_tcase_data);
	tcase_data->credentials = popt_get_cmdline_credentials();
	
	status = torture_rpc_connection(tctx, 
				&(tcase_data->pipe),
				tcase->table);

	torture_assert_ntstatus_ok(tctx, status, "Error connecting to server");

	return NT_STATUS_IS_OK(status);
}
Esempio n. 17
0
bool torture_userdel(struct torture_context *torture)
{
	NTSTATUS status;
	struct dcerpc_pipe *p;
	struct policy_handle h;
	struct lsa_String domain_name;
	struct dom_sid2 sid;
	uint32_t rid;
	const char *name = TEST_USERNAME;
	TALLOC_CTX *mem_ctx;
	bool ret = true;
	struct dcerpc_binding_handle *b;

	mem_ctx = talloc_init("test_userdel");

	status = torture_rpc_connection(torture,
					&p,
					&ndr_table_samr);

	if (!NT_STATUS_IS_OK(status)) {
		return false;
	}
	b = p->binding_handle;

	domain_name.string = lpcfg_workgroup(torture->lp_ctx);
	if (!test_domain_open(torture, b, &domain_name, mem_ctx, &h, &sid)) {
		ret = false;
		goto done;
	}

	if (!test_user_create(torture, b, mem_ctx, &h, name, &rid)) {
		ret = false;
		goto done;
	}

	if (!test_userdel(torture, p, mem_ctx, &h, name)) {
		ret = false;
		goto done;
	}

done:
	talloc_free(mem_ctx);
	return ret;
}
Esempio n. 18
0
static bool test_handles_random_assoc(struct torture_context *torture)
{
	NTSTATUS status;
	struct dcerpc_pipe *p1, *p2, *p3;
	TALLOC_CTX *mem_ctx = talloc_new(torture);
	enum dcerpc_transport_t transport;
	uint32_t assoc_group_id;

	torture_comment(torture, "RPC-HANDLE-RANDOM-ASSOC\n");

	torture_comment(torture, "connect samr pipe1\n");
	status = torture_rpc_connection(torture, &p1, &ndr_table_samr);
	torture_assert_ntstatus_ok(torture, status, "opening samr pipe1");

	torture_comment(torture, "pipe1 uses assoc_group_id[0x%08X]\n",
			dcerpc_binding_get_assoc_group_id(p1->binding));

	transport	= p1->conn->transport.transport;
	/*
	 * We use ~p1->assoc_group_id instead of p1->assoc_group_id, because
	 * this way we are less likely to use an id which is already in use.
	 */
	assoc_group_id = dcerpc_binding_get_assoc_group_id(p1->binding);
	assoc_group_id = ~assoc_group_id;

	torture_comment(torture, "connect samr pipe2 with assoc_group_id[0x%08X]- should fail\n", ++assoc_group_id);
	status = torture_rpc_connection_transport(torture, &p2, &ndr_table_samr,
						  transport,
						  assoc_group_id);
	torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL,
				      "opening samr pipe2");

	torture_comment(torture, "connect samr pipe3 with assoc_group_id[0x%08X]- should fail\n", ++assoc_group_id);
	status = torture_rpc_connection_transport(torture, &p3, &ndr_table_samr,
						  transport,
						  assoc_group_id);
	torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL,
				      "opening samr pipe3");

	talloc_free(mem_ctx);

	return true;
}
Esempio n. 19
0
BOOL torture_rpc_dcom(void)
{
	NTSTATUS status;
	struct dcerpc_pipe *p;
	TALLOC_CTX *mem_ctx;
	BOOL ret = True;

	mem_ctx = talloc_init("torture_rpc_dcom");

	status = torture_rpc_connection(mem_ctx, &p, &dcerpc_table_IOXIDResolver);
	if (!NT_STATUS_IS_OK(status)) {
		ret = False;
	}

	printf("\n");

	talloc_free(mem_ctx);
	return ret;
}
Esempio n. 20
0
bool torture_domainopen(struct torture_context *torture)
{
	NTSTATUS status;
	struct libnet_context *net_ctx;
	TALLOC_CTX *mem_ctx;
	bool ret = true;
	struct policy_handle h;
	struct lsa_String name;

	mem_ctx = talloc_init("test_domain_open");

	net_ctx = libnet_context_init(torture->ev, torture->lp_ctx);

	status = torture_rpc_connection(torture, 
					&net_ctx->samr.pipe,
					&ndr_table_samr);
	
	if (!NT_STATUS_IS_OK(status)) {
		return false;
	}

	name.string = lp_workgroup(torture->lp_ctx);

	/*
	 * Testing synchronous version
	 */
	if (!test_domainopen(net_ctx, mem_ctx, &name, &h)) {
		ret = false;
		goto done;
	}

	if (!test_cleanup(net_ctx->samr.pipe, mem_ctx, &h)) {
		ret = false;
		goto done;
	}

done:
	talloc_free(mem_ctx);

	return ret;
}
Esempio n. 21
0
File: dfs.c Progetto: AllardJ/Tomato
bool torture_rpc_dfs(struct torture_context *torture)
{
	NTSTATUS status;
	struct dcerpc_pipe *p;
	bool ret = true;
	enum dfs_ManagerVersion version;
	const char *host = torture_setting_string(torture, "host", NULL);

	status = torture_rpc_connection(torture, &p, &ndr_table_netdfs);
	torture_assert_ntstatus_ok(torture, status, "Unable to connect");

	ret &= test_GetManagerVersion(p, torture, &version);
	ret &= test_ManagerInitialize(p, torture, host);
	ret &= test_Enum(p, torture);
	ret &= test_EnumEx(p, torture, host);
	ret &= test_StdRoot(p, torture, torture, host);
	ret &= test_FtRoot(p, torture, host);
	ret &= test_DcAddress(p, torture, host);

	return ret;
}
Esempio n. 22
0
BOOL torture_rpc_dssetup(struct torture_context *torture)
{
        NTSTATUS status;
        struct dcerpc_pipe *p;
	TALLOC_CTX *mem_ctx;
	BOOL ret = True;

	mem_ctx = talloc_init("torture_rpc_dssetup");

	status = torture_rpc_connection(mem_ctx, &p, &dcerpc_table_dssetup);
	if (!NT_STATUS_IS_OK(status)) {
		talloc_free(mem_ctx);

		return False;
	}

	ret &= test_DsRoleGetPrimaryDomainInformation(p, mem_ctx);

	talloc_free(mem_ctx);

	return ret;
}
Esempio n. 23
0
static bool test_handles_random_assoc(struct torture_context *torture)
{
	NTSTATUS status;
	struct dcerpc_pipe *p1, *p2, *p3;
	TALLOC_CTX *mem_ctx = talloc_new(torture);
	enum dcerpc_transport_t transport;
	uint32_t assoc_group_id;

	torture_comment(torture, "RPC-HANDLE-RANDOM-ASSOC\n");

	torture_comment(torture, "connect samr pipe1\n");
	status = torture_rpc_connection(mem_ctx, &p1, &dcerpc_table_samr);
	torture_assert_ntstatus_ok(torture, status, "opening samr pipe1");

	transport	= p1->conn->transport.transport,
	assoc_group_id	= p1->assoc_group_id;

	torture_comment(torture, "pip1 use assoc_group_id[0x%08X]\n", assoc_group_id);

	torture_comment(torture, "connect samr pipe2 with assoc_group_id[0x%08X]- should fail\n", ++assoc_group_id);
	status = torture_rpc_connection_transport(mem_ctx, &p2, &dcerpc_table_samr,
						  transport,
						  assoc_group_id);
	torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL,
				      "opening samr pipe2");

	torture_comment(torture, "connect samr pipe3 with assoc_group_id[0x%08X]- should fail\n", ++assoc_group_id);
	status = torture_rpc_connection_transport(mem_ctx, &p3, &dcerpc_table_samr,
						  transport,
						  assoc_group_id);
	torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL,
				      "opening samr pipe3");

	talloc_free(mem_ctx);

	return true;
}
Esempio n. 24
0
static bool torture_rpc_spoolss_access_setup_common(struct torture_context *tctx, struct torture_access_context *t)
{
    void *testuser;
    const char *testuser_passwd;
    struct cli_credentials *test_credentials;
    struct dom_sid *test_sid;
    struct dcerpc_pipe *p;
    const char *printername;
    const char *binding = torture_setting_string(tctx, "binding", NULL);
    struct dcerpc_pipe *spoolss_pipe;

    testuser = torture_create_testuser_max_pwlen(tctx, t->user.username,
               torture_setting_string(tctx, "workgroup", NULL),
               ACB_NORMAL,
               &testuser_passwd,
               32);
    if (!testuser) {
        torture_fail(tctx, "Failed to create test user");
    }

    test_credentials = cli_credentials_init(tctx);
    cli_credentials_set_workstation(test_credentials, "localhost", CRED_SPECIFIED);
    cli_credentials_set_domain(test_credentials, lpcfg_workgroup(tctx->lp_ctx),
                               CRED_SPECIFIED);
    cli_credentials_set_username(test_credentials, t->user.username, CRED_SPECIFIED);
    cli_credentials_set_password(test_credentials, testuser_passwd, CRED_SPECIFIED);
    test_sid = discard_const_p(struct dom_sid,
                               torture_join_user_sid(testuser));

    if (t->user.num_builtin_memberships) {
        struct dcerpc_pipe *samr_pipe = torture_join_samr_pipe(testuser);

        torture_assert(tctx,
                       spoolss_access_setup_membership(tctx, samr_pipe,
                               t->user.num_builtin_memberships,
                               t->user.builtin_memberships,
                               test_sid),
                       "failed to setup membership");
    }

    if (t->user.num_privs) {
        struct dcerpc_pipe *lsa_pipe;

        torture_assert_ntstatus_ok(tctx,
                                   torture_rpc_connection(tctx, &lsa_pipe, &ndr_table_lsarpc),
                                   "Error connecting to server");

        torture_assert(tctx,
                       spoolss_access_setup_privs(tctx, lsa_pipe,
                               t->user.num_privs,
                               t->user.privs,
                               test_sid,
                               &t->user.privs_present),
                       "failed to setup privs");
        talloc_free(lsa_pipe);
    }

    torture_assert_ntstatus_ok(tctx,
                               torture_rpc_connection(tctx, &spoolss_pipe, &ndr_table_spoolss),
                               "Error connecting to server");

    torture_assert(tctx,
                   test_EnumPrinters_findone(tctx, spoolss_pipe, &printername),
                   "failed to enumerate printers");

    if (t->user.sd && printername) {
        torture_assert(tctx,
                       spoolss_access_setup_sd(tctx, spoolss_pipe,
                                               printername,
                                               test_sid,
                                               &t->sd_orig),
                       "failed to setup sd");
    }

    talloc_free(spoolss_pipe);

    torture_assert_ntstatus_ok(tctx,
                               dcerpc_pipe_connect(tctx, &p, binding, &ndr_table_spoolss,
                                       test_credentials, tctx->ev, tctx->lp_ctx),
                               "Error connecting to server");

    t->spoolss_pipe = p;
    t->printername = printername;
    t->user.testuser = testuser;

    return true;
}
Esempio n. 25
0
static bool test_handles_mixed_shared(struct torture_context *torture)
{
	NTSTATUS status;
	struct dcerpc_pipe *p1, *p2, *p3, *p4, *p5, *p6;
	struct dcerpc_binding_handle *b1, *b2;
	struct policy_handle handle;
	struct policy_handle handle2;
	struct samr_Connect r;
	struct lsa_Close lc;
	struct samr_Close sc;
	TALLOC_CTX *mem_ctx = talloc_new(torture);
	enum dcerpc_transport_t transport;
	uint32_t assoc_group_id;

	torture_comment(torture, "RPC-HANDLE-MIXED-SHARED\n");

	torture_comment(torture, "connect samr pipe1\n");
	status = torture_rpc_connection(torture, &p1, &ndr_table_samr);
	torture_assert_ntstatus_ok(torture, status, "opening samr pipe1");
	b1 = p1->binding_handle;

	transport	= p1->conn->transport.transport;
	assoc_group_id	= dcerpc_binding_get_assoc_group_id(p1->binding);

	torture_comment(torture, "use assoc_group_id[0x%08X] for new connections\n", assoc_group_id);

	torture_comment(torture, "connect lsa pipe2\n");
	status = torture_rpc_connection_transport(torture, &p2, &ndr_table_lsarpc,
						  transport,
						  assoc_group_id);
	torture_assert_ntstatus_ok(torture, status, "opening lsa pipe2");
	b2 = p2->binding_handle;

	torture_comment(torture, "got assoc_group_id[0x%08X] for p2\n", 
			dcerpc_binding_get_assoc_group_id(p2->binding));
	r.in.system_name = 0;
	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
	r.out.connect_handle = &handle;

	torture_comment(torture, "samr_Connect to open a policy handle on samr p1\n");
	torture_assert_ntstatus_ok(torture, dcerpc_samr_Connect_r(b1, mem_ctx, &r),
		"Connect failed");
	torture_assert_ntstatus_ok(torture, r.out.result, "opening policy handle on p1");

	lc.in.handle 		= &handle;
	lc.out.handle		= &handle2;
	sc.in.handle		= &handle;
	sc.out.handle		= &handle2;

	torture_comment(torture, "use policy handle on lsa p2 - should fail\n");
	status = dcerpc_lsa_Close_r(b2, mem_ctx, &lc);
	torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
				      "closing handle on lsa p2");

	torture_comment(torture, "closing policy handle on samr p1\n");
	torture_assert_ntstatus_ok(torture, dcerpc_samr_Close_r(b1, mem_ctx, &sc),
		"Close failed");
	torture_assert_ntstatus_ok(torture, sc.out.result, "closing policy handle on p1");

	talloc_free(p1);
	talloc_free(p2);
	smb_msleep(10);

	torture_comment(torture, "connect samr pipe3 - should fail\n");
	status = torture_rpc_connection_transport(torture, &p3, &ndr_table_samr,
						  transport,
						  assoc_group_id);
	torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL,
				      "opening samr pipe3");

	torture_comment(torture, "connect lsa pipe4 - should fail\n");
	status = torture_rpc_connection_transport(torture, &p4, &ndr_table_lsarpc,
						  transport,
						  assoc_group_id);
	torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL,
				      "opening lsa pipe4");

	/*
	 * We use ~assoc_group_id instead of p1->assoc_group_id, because
	 * this way we are less likely to use an id which is already in use.
	 */
	assoc_group_id = ~assoc_group_id;
	torture_comment(torture, "connect samr pipe5 with assoc_group_id[0x%08X]- should fail\n", ++assoc_group_id);
	status = torture_rpc_connection_transport(torture, &p5, &ndr_table_samr,
						  transport,
						  assoc_group_id);
	torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL,
				      "opening samr pipe5");

	torture_comment(torture, "connect lsa pipe6 with assoc_group_id[0x%08X]- should fail\n", ++assoc_group_id);
	status = torture_rpc_connection_transport(torture, &p6, &ndr_table_lsarpc,
						  transport,
						  assoc_group_id);
	torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL,
				      "opening lsa pipe6");

	talloc_free(mem_ctx);

	return true;
}
Esempio n. 26
0
static bool test_handles_lsa(struct torture_context *torture)
{
	NTSTATUS status;
	struct dcerpc_pipe *p1, *p2;
	struct dcerpc_binding_handle *b1, *b2;
	struct policy_handle handle;
	struct policy_handle handle2;
	struct lsa_ObjectAttribute attr;
	struct lsa_QosInfo qos;
	struct lsa_OpenPolicy r;
	struct lsa_Close c;
	uint16_t system_name = '\\';
	TALLOC_CTX *mem_ctx = talloc_new(torture);

	torture_comment(torture, "RPC-HANDLE-LSARPC\n");

	status = torture_rpc_connection(torture, &p1, &ndr_table_lsarpc);
	torture_assert_ntstatus_ok(torture, status, "opening lsa pipe1");
	b1 = p1->binding_handle;

	status = torture_rpc_connection(torture, &p2, &ndr_table_lsarpc);
	torture_assert_ntstatus_ok(torture, status, "opening lsa pipe1");
	b2 = p2->binding_handle;

	qos.len = 0;
	qos.impersonation_level = 2;
	qos.context_mode = 1;
	qos.effective_only = 0;

	attr.len = 0;
	attr.root_dir = NULL;
	attr.object_name = NULL;
	attr.attributes = 0;
	attr.sec_desc = NULL;
	attr.sec_qos = &qos;

	r.in.system_name = &system_name;
	r.in.attr = &attr;
	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
	r.out.handle = &handle;

	torture_assert_ntstatus_ok(torture, dcerpc_lsa_OpenPolicy_r(b1, mem_ctx, &r),
		"OpenPolicy failed");
	if (!NT_STATUS_IS_OK(r.out.result)) {
		torture_comment(torture, "lsa_OpenPolicy not supported - skipping\n");
		talloc_free(mem_ctx);
		return true;
	}

	c.in.handle = &handle;
	c.out.handle = &handle2;

	status = dcerpc_lsa_Close_r(b2, mem_ctx, &c);
	torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
				      "closing policy handle on p2");

	torture_assert_ntstatus_ok(torture, dcerpc_lsa_Close_r(b1, mem_ctx, &c),
		"Close failed");
	torture_assert_ntstatus_ok(torture, c.out.result, "closing policy handle on p1");

	status = dcerpc_lsa_Close_r(b1, mem_ctx, &c);
	torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
				      "closing policy handle on p1 again");

	talloc_free(mem_ctx);

	return true;
}
Esempio n. 27
0
static bool test_handles_lsa_shared(struct torture_context *torture)
{
	NTSTATUS status;
	struct dcerpc_pipe *p1, *p2, *p3, *p4, *p5;
	struct dcerpc_binding_handle *b1, *b2, *b3, *b4;
	struct policy_handle handle;
	struct policy_handle handle2;
	struct lsa_ObjectAttribute attr;
	struct lsa_QosInfo qos;
	struct lsa_OpenPolicy r;
	struct lsa_Close c;
	struct lsa_QuerySecurity qsec;
	struct sec_desc_buf *sdbuf = NULL;
	uint16_t system_name = '\\';
	TALLOC_CTX *mem_ctx = talloc_new(torture);
	enum dcerpc_transport_t transport;
	uint32_t assoc_group_id;

	torture_comment(torture, "RPC-HANDLE-LSARPC-SHARED\n");

	torture_comment(torture, "connect lsa pipe1\n");
	status = torture_rpc_connection(torture, &p1, &ndr_table_lsarpc);
	torture_assert_ntstatus_ok(torture, status, "opening lsa pipe1");
	b1 = p1->binding_handle;

	transport	= p1->conn->transport.transport;
	assoc_group_id	= dcerpc_binding_get_assoc_group_id(p1->binding);

	torture_comment(torture, "use assoc_group_id[0x%08X] for new connections\n", assoc_group_id);

	torture_comment(torture, "connect lsa pipe2\n");
	status = torture_rpc_connection_transport(torture, &p2, &ndr_table_lsarpc,
						  transport,
						  assoc_group_id);
	torture_assert_ntstatus_ok(torture, status, "opening lsa pipe2");
	b2 = p2->binding_handle;

	torture_comment(torture, "got assoc_group_id[0x%08X] for p2\n", 
			dcerpc_binding_get_assoc_group_id(p2->binding));

	qos.len = 0;
	qos.impersonation_level = 2;
	qos.context_mode = 1;
	qos.effective_only = 0;

	attr.len = 0;
	attr.root_dir = NULL;
	attr.object_name = NULL;
	attr.attributes = 0;
	attr.sec_desc = NULL;
	attr.sec_qos = &qos;

	r.in.system_name = &system_name;
	r.in.attr = &attr;
	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
	r.out.handle = &handle;

	torture_comment(torture, "open lsa policy handle\n");
	torture_assert_ntstatus_ok(torture, dcerpc_lsa_OpenPolicy_r(b1, mem_ctx, &r),
		"OpenPolicy failed");
	if (!NT_STATUS_IS_OK(r.out.result)) {
		torture_comment(torture, "lsa_OpenPolicy not supported - skipping\n");
		talloc_free(mem_ctx);
		return true;
	}

	/*
	 * connect p3 after the policy handle is opened
	 */
	torture_comment(torture, "connect lsa pipe3 after the policy handle is opened\n");
	status = torture_rpc_connection_transport(torture, &p3, &ndr_table_lsarpc,
						  transport,
						  assoc_group_id);
	torture_assert_ntstatus_ok(torture, status, "opening lsa pipe3");
	b3 = p3->binding_handle;

	qsec.in.handle 		= &handle;
	qsec.in.sec_info	= 0;
	qsec.out.sdbuf		= &sdbuf;
	c.in.handle = &handle;
	c.out.handle = &handle2;

	/*
	 * use policy handle on all 3 connections
	 */
	torture_comment(torture, "use the policy handle on p1,p2,p3\n");
	torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b1, mem_ctx, &qsec),
		"QuerySecurity failed");
	torture_assert_ntstatus_equal(torture, qsec.out.result, NT_STATUS_OK,
				      "use policy handle on p1");

	torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b2, mem_ctx, &qsec),
		"QuerySecurity failed");
	torture_assert_ntstatus_equal(torture, qsec.out.result, NT_STATUS_OK,
				      "use policy handle on p2");

	torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b3, mem_ctx, &qsec),
		"QuerySecurity failed");
	torture_assert_ntstatus_equal(torture, qsec.out.result, NT_STATUS_OK,
				      "use policy handle on p3");

	/*
	 * close policy handle on connection 2 and the others get a fault
	 */
	torture_comment(torture, "close the policy handle on p2 others get a fault\n");
	torture_assert_ntstatus_ok(torture, dcerpc_lsa_Close_r(b2, mem_ctx, &c),
		"Close failed");
	torture_assert_ntstatus_equal(torture, c.out.result, NT_STATUS_OK,
				      "closing policy handle on p2");

	status = dcerpc_lsa_Close_r(b1, mem_ctx, &c);

	torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
				      "closing policy handle on p1 again");

	status = dcerpc_lsa_Close_r(b3, mem_ctx, &c);
	torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
				      "closing policy handle on p3");

	status = dcerpc_lsa_Close_r(b2, mem_ctx, &c);
	torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
				      "closing policy handle on p2 again");

	/*
	 * open a new policy handle on p3
	 */
	torture_comment(torture, "open a new policy handle on p3\n");
	torture_assert_ntstatus_ok(torture, dcerpc_lsa_OpenPolicy_r(b3, mem_ctx, &r),
		"OpenPolicy failed");
	torture_assert_ntstatus_equal(torture, r.out.result, NT_STATUS_OK,
				      "open policy handle on p3");

	/*
	 * use policy handle on all 3 connections
	 */
	torture_comment(torture, "use the policy handle on p1,p2,p3\n");
	torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b1, mem_ctx, &qsec),
		"Query Security failed");
	torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK, 
				      "use policy handle on p1");

	torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b2, mem_ctx, &qsec),
		"Query Security failed");
	torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK, 
				      "use policy handle on p2");

	torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b3, mem_ctx, &qsec),
		"Query Security failed");
	torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK, 
				      "use policy handle on p3");

	/*
	 * close policy handle on connection 2 and the others get a fault
	 */
	torture_comment(torture, "close the policy handle on p2 others get a fault\n");
	torture_assert_ntstatus_ok(torture, dcerpc_lsa_Close_r(b2, mem_ctx, &c),
		"Close failed");
	torture_assert_ntstatus_equal(torture, c.out.result, NT_STATUS_OK,
				      "closing policy handle on p2");

	status = dcerpc_lsa_Close_r(b1, mem_ctx, &c);
	torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
				      "closing policy handle on p1 again");

	status = dcerpc_lsa_Close_r(b3, mem_ctx, &c);
	torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
				      "closing policy handle on p3");

	status = dcerpc_lsa_Close_r(b2, mem_ctx, &c);
	torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
				      "closing policy handle on p2 again");

	/*
	 * open a new policy handle
	 */
	torture_comment(torture, "open a new policy handle on p1 and use it\n");
	torture_assert_ntstatus_ok(torture, dcerpc_lsa_OpenPolicy_r(b1, mem_ctx, &r),
		"OpenPolicy failed");
	torture_assert_ntstatus_equal(torture, r.out.result, NT_STATUS_OK,
				      "open 2nd policy handle on p1");

	torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b1, mem_ctx, &qsec),
		"QuerySecurity failed");
	torture_assert_ntstatus_equal(torture, qsec.out.result, NT_STATUS_OK,
				      "QuerySecurity handle on p1");

	/* close first connection */
	torture_comment(torture, "disconnect p1\n");
	talloc_free(p1);
	smb_msleep(5);

	/*
	 * and it's still available on p2,p3
	 */
	torture_comment(torture, "use policy handle on p2,p3\n");
	torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b2, mem_ctx, &qsec),
		"QuerySecurity failed");
	torture_assert_ntstatus_equal(torture, qsec.out.result, NT_STATUS_OK,
				      "QuerySecurity handle on p2 after p1 was disconnected");

	torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b3, mem_ctx, &qsec),
		"QuerySecurity failed");
	torture_assert_ntstatus_equal(torture, qsec.out.result, NT_STATUS_OK,
				      "QuerySecurity handle on p3 after p1 was disconnected");

	/*
	 * now open p4
	 * and use the handle on it
	 */
	torture_comment(torture, "connect lsa pipe4 and use policy handle\n");
	status = torture_rpc_connection_transport(torture, &p4, &ndr_table_lsarpc,
						  transport,
						  assoc_group_id);
	torture_assert_ntstatus_ok(torture, status, "opening lsa pipe4");
	b4 = p4->binding_handle;

	torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b4, mem_ctx, &qsec),
		"QuerySecurity failed");
	torture_assert_ntstatus_equal(torture, qsec.out.result, NT_STATUS_OK,
				      "using policy handle on p4");

	/*
	 * now close p2,p3,p4
	 * without closing the policy handle
	 */
	torture_comment(torture, "disconnect p2,p3,p4\n");
	talloc_free(p2);
	talloc_free(p3);
	talloc_free(p4);
	smb_msleep(10);

	/*
	 * now open p5
	 */
	torture_comment(torture, "connect lsa pipe5 - should fail\n");
	status = torture_rpc_connection_transport(torture, &p5, &ndr_table_lsarpc,
						  transport,
						  assoc_group_id);
	torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL,
				      "opening lsa pipe5");

	talloc_free(mem_ctx);

	return true;
}
Esempio n. 28
0
/* Get the SID from a user */
static const struct dom_sid *get_user_sid(struct torture_context *tctx,
					struct dcerpc_pipe *p,
					TALLOC_CTX *mem_ctx,
					const char *user)
{
	struct lsa_ObjectAttribute attr;
	struct lsa_QosInfo qos;
	struct lsa_OpenPolicy2 r;
	struct lsa_Close c;
	NTSTATUS status;
	struct policy_handle handle;
	struct lsa_LookupNames l;
	struct lsa_TransSidArray sids;
	struct lsa_RefDomainList *domains = NULL;
	struct lsa_String lsa_name;
	uint32_t count = 0;
	struct dom_sid *result;
	TALLOC_CTX *tmp_ctx;
	struct dcerpc_pipe *p2;
	struct dcerpc_binding_handle *b;

	const char *domain = cli_credentials_get_domain(cmdline_credentials);

	torture_assert_ntstatus_ok(tctx,
				torture_rpc_connection(tctx, &p2, &ndr_table_lsarpc),
				"could not open lsarpc pipe");
	b = p2->binding_handle;

	if (!(tmp_ctx = talloc_new(mem_ctx))) {
		return NULL;
	}
	qos.len = 0;
	qos.impersonation_level = 2;
	qos.context_mode = 1;
	qos.effective_only = 0;

	attr.len = 0;
	attr.root_dir = NULL;
	attr.object_name = NULL;
	attr.attributes = 0;
	attr.sec_desc = NULL;
	attr.sec_qos = &qos;

	r.in.system_name = "\\";
	r.in.attr = &attr;
	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
	r.out.handle = &handle;

	status = dcerpc_lsa_OpenPolicy2_r(b, tmp_ctx, &r);
	if (!NT_STATUS_IS_OK(status)) {
		torture_comment(tctx,
				"OpenPolicy2 failed - %s\n",
				nt_errstr(status));
		talloc_free(tmp_ctx);
		return NULL;
	}
	if (!NT_STATUS_IS_OK(r.out.result)) {
		torture_comment(tctx,
				"OpenPolicy2_ failed - %s\n",
				nt_errstr(r.out.result));
		talloc_free(tmp_ctx);
		return NULL;
	}

	sids.count = 0;
	sids.sids = NULL;

	lsa_name.string = talloc_asprintf(tmp_ctx, "%s\\%s", domain, user);

	l.in.handle = &handle;
	l.in.num_names = 1;
	l.in.names = &lsa_name;
	l.in.sids = &sids;
	l.in.level = 1;
	l.in.count = &count;
	l.out.count = &count;
	l.out.sids = &sids;
	l.out.domains = &domains;

	status = dcerpc_lsa_LookupNames_r(b, tmp_ctx, &l);
	if (!NT_STATUS_IS_OK(status)) {
		torture_comment(tctx,
				"LookupNames of %s failed - %s\n",
				lsa_name.string,
				nt_errstr(status));
		talloc_free(tmp_ctx);
		return NULL;
	}

	if (domains->count == 0) {
		return NULL;
	}

	result = dom_sid_add_rid(mem_ctx,
				 domains->domains[0].sid,
				 l.out.sids->sids[0].rid);
	c.in.handle = &handle;
	c.out.handle = &handle;

	status = dcerpc_lsa_Close_r(b, tmp_ctx, &c);

	if (!NT_STATUS_IS_OK(status)) {
		torture_comment(tctx,
				"dcerpc_lsa_Close failed - %s\n",
				nt_errstr(status));
		talloc_free(tmp_ctx);
		return NULL;
	}

	if (!NT_STATUS_IS_OK(c.out.result)) {
		torture_comment(tctx,
				"dcerpc_lsa_Close failed - %s\n",
				nt_errstr(c.out.result));
		talloc_free(tmp_ctx);
		return NULL;
	}

	talloc_free(tmp_ctx);
	talloc_free(p2);

	torture_comment(tctx, "Get_user_sid finished\n");
	return result;
}
Esempio n. 29
0
struct test_join *torture_create_testuser(struct torture_context *torture,
					  const char *username, 
					  const char *domain,
					  uint16_t acct_type,
					  const char **random_password)
{
	NTSTATUS status;
	struct samr_Connect c;
	struct samr_CreateUser2 r;
	struct samr_OpenDomain o;
	struct samr_LookupDomain l;
	struct dom_sid2 *sid = NULL;
	struct samr_GetUserPwInfo pwp;
	struct samr_PwInfo info;
	struct samr_SetUserInfo s;
	union samr_UserInfo u;
	struct policy_handle handle;
	struct policy_handle domain_handle;
	uint32_t access_granted;
	uint32_t rid;
	DATA_BLOB session_key;
	struct lsa_String name;
	
	int policy_min_pw_len = 0;
	struct test_join *join;
	char *random_pw;
	const char *dc_binding = torture_setting_string(torture, "dc_binding", NULL);

	join = talloc(NULL, struct test_join);
	if (join == NULL) {
		return NULL;
	}

	ZERO_STRUCTP(join);

	printf("Connecting to SAMR\n");
	
	if (dc_binding) {
		status = dcerpc_pipe_connect(join,
					     &join->p,
					     dc_binding,
					     &ndr_table_samr,
					     cmdline_credentials, NULL, torture->lp_ctx);
					     
	} else {
		status = torture_rpc_connection(torture, 
						&join->p, 
						&ndr_table_samr);
	}
	if (!NT_STATUS_IS_OK(status)) {
		return NULL;
	}

	c.in.system_name = NULL;
	c.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
	c.out.connect_handle = &handle;

	status = dcerpc_samr_Connect(join->p, join, &c);
	if (!NT_STATUS_IS_OK(status)) {
		const char *errstr = nt_errstr(status);
		if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
			errstr = dcerpc_errstr(join, join->p->last_fault_code);
		}
		printf("samr_Connect failed - %s\n", errstr);
		return NULL;
	}

	printf("Opening domain %s\n", domain);

	name.string = domain;
	l.in.connect_handle = &handle;
	l.in.domain_name = &name;
	l.out.sid = &sid;

	status = dcerpc_samr_LookupDomain(join->p, join, &l);
	if (!NT_STATUS_IS_OK(status)) {
		printf("LookupDomain failed - %s\n", nt_errstr(status));
		goto failed;
	}

	talloc_steal(join, *l.out.sid);
	join->dom_sid = *l.out.sid;
	join->dom_netbios_name = talloc_strdup(join, domain);
	if (!join->dom_netbios_name) goto failed;

	o.in.connect_handle = &handle;
	o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
	o.in.sid = *l.out.sid;
	o.out.domain_handle = &domain_handle;

	status = dcerpc_samr_OpenDomain(join->p, join, &o);
	if (!NT_STATUS_IS_OK(status)) {
		printf("OpenDomain failed - %s\n", nt_errstr(status));
		goto failed;
	}

	printf("Creating account %s\n", username);

again:
	name.string = username;
	r.in.domain_handle = &domain_handle;
	r.in.account_name = &name;
	r.in.acct_flags = acct_type;
	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
	r.out.user_handle = &join->user_handle;
	r.out.access_granted = &access_granted;
	r.out.rid = &rid;

	status = dcerpc_samr_CreateUser2(join->p, join, &r);

	if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
		status = DeleteUser_byname(join->p, join, &domain_handle, name.string);
		if (NT_STATUS_IS_OK(status)) {
			goto again;
		}
	}

	if (!NT_STATUS_IS_OK(status)) {
		printf("CreateUser2 failed - %s\n", nt_errstr(status));
		goto failed;
	}

	join->user_sid = dom_sid_add_rid(join, join->dom_sid, rid);

	pwp.in.user_handle = &join->user_handle;
	pwp.out.info = &info;

	status = dcerpc_samr_GetUserPwInfo(join->p, join, &pwp);
	if (NT_STATUS_IS_OK(status)) {
		policy_min_pw_len = pwp.out.info->min_password_length;
	}

	random_pw = generate_random_str(join, MAX(8, policy_min_pw_len));

	printf("Setting account password '%s'\n", random_pw);

	ZERO_STRUCT(u);
	s.in.user_handle = &join->user_handle;
	s.in.info = &u;
	s.in.level = 24;

	encode_pw_buffer(u.info24.password.data, random_pw, STR_UNICODE);
	u.info24.password_expired = 0;

	status = dcerpc_fetch_session_key(join->p, &session_key);
	if (!NT_STATUS_IS_OK(status)) {
		printf("SetUserInfo level %u - no session key - %s\n",
		       s.in.level, nt_errstr(status));
		torture_leave_domain(torture, join);
		goto failed;
	}

	arcfour_crypt_blob(u.info24.password.data, 516, &session_key);

	status = dcerpc_samr_SetUserInfo(join->p, join, &s);
	if (!NT_STATUS_IS_OK(status)) {
		printf("SetUserInfo failed - %s\n", nt_errstr(status));
		goto failed;
	}

	ZERO_STRUCT(u);
	s.in.user_handle = &join->user_handle;
	s.in.info = &u;
	s.in.level = 21;

	u.info21.acct_flags = acct_type | ACB_PWNOEXP;
	u.info21.fields_present = SAMR_FIELD_ACCT_FLAGS | SAMR_FIELD_DESCRIPTION | SAMR_FIELD_COMMENT | SAMR_FIELD_FULL_NAME;

	u.info21.comment.string = talloc_asprintf(join, 
						  "Tortured by Samba4: %s", 
						  timestring(join, time(NULL)));
	
	u.info21.full_name.string = talloc_asprintf(join, 
						    "Torture account for Samba4: %s", 
						    timestring(join, time(NULL)));
	
	u.info21.description.string = talloc_asprintf(join, 
					 "Samba4 torture account created by host %s: %s", 
					 lp_netbios_name(torture->lp_ctx), 
					 timestring(join, time(NULL)));

	printf("Resetting ACB flags, force pw change time\n");

	status = dcerpc_samr_SetUserInfo(join->p, join, &s);
	if (!NT_STATUS_IS_OK(status)) {
		printf("SetUserInfo failed - %s\n", nt_errstr(status));
		goto failed;
	}

	if (random_password) {
		*random_password = random_pw;
	}

	return join;

failed:
	torture_leave_domain(torture, join);
	return NULL;
}
Esempio n. 30
0
/*
  work out how many calls there are for an interface
 */
static BOOL test_num_calls(const struct dcerpc_interface_table *iface,
			   TALLOC_CTX *mem_ctx,
			   struct dcerpc_syntax_id *id)
{
	struct dcerpc_pipe *p;
	NTSTATUS status;
	int i;
	DATA_BLOB stub_in, stub_out;
	int idl_calls;
	struct dcerpc_interface_table tbl;

	/* FIXME: This should be fixed when torture_rpc_connection 
	 * takes a dcerpc_syntax_id */
	tbl.name = iface->name;
	tbl.syntax_id = *id;

	status = torture_rpc_connection(mem_ctx, &p, iface);
	if (!NT_STATUS_IS_OK(status)) {
		char *uuid_str = GUID_string(mem_ctx, &id->uuid);
		printf("Failed to connect to '%s' on '%s' - %s\n", 
		       uuid_str, iface->name, nt_errstr(status));
		talloc_free(uuid_str);
		return False;
	}

	/* make null calls */
	stub_in = data_blob(NULL, 1000);
	memset(stub_in.data, 0xFF, stub_in.length);

	for (i=0;i<200;i++) {
		status = dcerpc_request(p, NULL, False, i, mem_ctx, &stub_in, &stub_out);
		if (!NT_STATUS_IS_OK(status) &&
		    p->last_fault_code == DCERPC_FAULT_OP_RNG_ERROR) {
			break;
		}

		if (!NT_STATUS_IS_OK(status) && p->last_fault_code == 5) {
			printf("\tpipe disconnected at %d\n", i);
			goto done;
		}

		if (!NT_STATUS_IS_OK(status) && p->last_fault_code == 0x80010111) {
			printf("\terr 0x80010111 at %d\n", i);
			goto done;
		}
	}

	printf("\t%d calls available\n", i);
	idl_calls = idl_num_calls(&id->uuid, id->if_version);
	if (idl_calls == -1) {
		printf("\tinterface not known in local IDL\n");
	} else if (i != idl_calls) {
		printf("\tWARNING: local IDL defines %u calls\n", idl_calls);
	} else {
		printf("\tOK: matches num_calls in local IDL\n");
	}

done:
	talloc_free(p);
	return True;
}