/* test operations against a WINS server */ static bool nbt_test_wins_name(struct torture_context *tctx, const char *address, struct nbt_name *name, uint16_t nb_flags, bool try_low_port, uint8_t register_rcode) { struct nbt_name_register_wins io; struct nbt_name_register name_register; struct nbt_name_query query; struct nbt_name_refresh_wins refresh; struct nbt_name_release release; struct nbt_name_request *req; NTSTATUS status; struct nbt_name_socket *nbtsock = torture_init_nbt_socket(tctx); const char *myaddress; struct socket_address *socket_address; struct interface *ifaces; bool low_port = try_low_port; load_interface_list(tctx, tctx->lp_ctx, &ifaces); myaddress = talloc_strdup(tctx, iface_list_best_ip(ifaces, address)); socket_address = socket_address_from_strings(tctx, nbtsock->sock->backend_name, myaddress, lpcfg_nbt_port(tctx->lp_ctx)); torture_assert(tctx, socket_address != NULL, "Error getting address"); /* we do the listen here to ensure the WINS server receives the packets from the right IP */ status = socket_listen(nbtsock->sock, socket_address, 0, 0); talloc_free(socket_address); if (!NT_STATUS_IS_OK(status)) { low_port = false; socket_address = socket_address_from_strings(tctx, nbtsock->sock->backend_name, myaddress, 0); torture_assert(tctx, socket_address != NULL, "Error getting address"); status = socket_listen(nbtsock->sock, socket_address, 0, 0); talloc_free(socket_address); torture_assert_ntstatus_ok(tctx, status, "socket_listen for WINS failed"); } torture_comment(tctx, "Testing name registration to WINS with name %s at %s nb_flags=0x%x\n", nbt_name_string(tctx, name), myaddress, nb_flags); torture_comment(tctx, "release the name\n"); release.in.name = *name; release.in.dest_port = lpcfg_nbt_port(tctx->lp_ctx); release.in.dest_addr = address; release.in.address = myaddress; release.in.nb_flags = nb_flags; release.in.broadcast = false; release.in.timeout = 3; release.in.retries = 0; status = nbt_name_release(nbtsock, tctx, &release); torture_assert_ntstatus_ok(tctx, status, talloc_asprintf(tctx, "Bad response from %s for name query", address)); CHECK_VALUE(tctx, release.out.rcode, 0); if (nb_flags & NBT_NM_GROUP) { /* ignore this for group names */ } else if (!low_port) { torture_comment(tctx, "no low port - skip: register the name with a wrong address\n"); } else { torture_comment(tctx, "register the name with a wrong address (makes the next request slow!)\n"); io.in.name = *name; io.in.wins_port = lpcfg_nbt_port(tctx->lp_ctx); io.in.wins_servers = const_str_list( str_list_make_single(tctx, address)); io.in.addresses = const_str_list( str_list_make_single(tctx, "127.64.64.1")); io.in.nb_flags = nb_flags; io.in.ttl = 300000; status = nbt_name_register_wins(nbtsock, tctx, &io); if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) { torture_assert_ntstatus_ok(tctx, status, talloc_asprintf(tctx, "No response from %s for name register\n", address)); } torture_assert_ntstatus_ok(tctx, status, talloc_asprintf(tctx, "Bad response from %s for name register\n", address)); CHECK_STRING(tctx, io.out.wins_server, address); CHECK_VALUE(tctx, io.out.rcode, 0); torture_comment(tctx, "register the name correct address\n"); name_register.in.name = *name; name_register.in.dest_port = lpcfg_nbt_port(tctx->lp_ctx); name_register.in.dest_addr = address; name_register.in.address = myaddress; name_register.in.nb_flags = nb_flags; name_register.in.register_demand= false; name_register.in.broadcast = false; name_register.in.multi_homed = true; name_register.in.ttl = 300000; name_register.in.timeout = 3; name_register.in.retries = 2; /* * test if the server ignores resent requests */ req = nbt_name_register_send(nbtsock, &name_register); while (true) { event_loop_once(nbtsock->event_ctx); if (req->state != NBT_REQUEST_WAIT) { break; } if (req->received_wack) { /* * if we received the wack response * we resend the request and the * server should ignore that * and not handle it as new request */ req->state = NBT_REQUEST_SEND; DLIST_ADD_END(nbtsock->send_queue, req, struct nbt_name_request *); EVENT_FD_WRITEABLE(nbtsock->fde); break; } } status = nbt_name_register_recv(req, tctx, &name_register); if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) { torture_assert_ntstatus_ok(tctx, status, talloc_asprintf(tctx, "No response from %s for name register\n", address)); } torture_assert_ntstatus_ok(tctx, status, talloc_asprintf(tctx, "Bad response from %s for name register\n", address)); CHECK_VALUE(tctx, name_register.out.rcode, 0); CHECK_STRING(tctx, name_register.out.reply_addr, myaddress); }
static bool test_fsrvp_sc_create(struct torture_context *tctx, struct dcerpc_pipe *p, const char *share, enum test_fsrvp_inject inject, struct fssagent_share_mapping_1 **sc_map) { struct fss_IsPathSupported r_pathsupport_get; struct fss_GetSupportedVersion r_version_get; struct fss_SetContext r_context_set; struct fss_StartShadowCopySet r_scset_start; struct fss_AddToShadowCopySet r_scset_add1; struct fss_AddToShadowCopySet r_scset_add2; struct fss_PrepareShadowCopySet r_scset_prep; struct fss_CommitShadowCopySet r_scset_commit; struct fss_ExposeShadowCopySet r_scset_expose; struct fss_GetShareMapping r_sharemap_get; struct dcerpc_binding_handle *b = p->binding_handle; NTSTATUS status; time_t start_time; TALLOC_CTX *tmp_ctx = talloc_new(tctx); struct fssagent_share_mapping_1 *map = NULL; int sleep_time; /* * PrepareShadowCopySet & CommitShadowCopySet often exceed the default * 60 second dcerpc request timeout against Windows Server "8" Beta. */ dcerpc_binding_handle_set_timeout(b, 240); ZERO_STRUCT(r_pathsupport_get); r_pathsupport_get.in.ShareName = share; status = dcerpc_fss_IsPathSupported_r(b, tmp_ctx, &r_pathsupport_get); torture_assert_ntstatus_ok(tctx, status, "IsPathSupported failed"); torture_assert_int_equal(tctx, r_pathsupport_get.out.result, 0, "failed IsPathSupported response"); torture_assert(tctx, r_pathsupport_get.out.SupportedByThisProvider, "path not supported"); ZERO_STRUCT(r_version_get); status = dcerpc_fss_GetSupportedVersion_r(b, tmp_ctx, &r_version_get); torture_assert_ntstatus_ok(tctx, status, "GetSupportedVersion failed"); torture_assert_int_equal(tctx, r_version_get.out.result, 0, "failed GetSupportedVersion response"); ZERO_STRUCT(r_context_set); r_context_set.in.Context = FSRVP_CTX_BACKUP; status = dcerpc_fss_SetContext_r(b, tmp_ctx, &r_context_set); torture_assert_ntstatus_ok(tctx, status, "SetContext failed"); torture_assert_int_equal(tctx, r_context_set.out.result, 0, "failed SetContext response"); if (inject == TEST_FSRVP_TOUT_SET_CTX) { sleep_time = lpcfg_parm_int(tctx->lp_ctx, NULL, "fss", "sequence timeout", 180); torture_comment(tctx, "sleeping for %d\n", sleep_time); smb_msleep((sleep_time * 1000) + 500); } ZERO_STRUCT(r_scset_start); r_scset_start.in.ClientShadowCopySetId = GUID_random(); status = dcerpc_fss_StartShadowCopySet_r(b, tmp_ctx, &r_scset_start); torture_assert_ntstatus_ok(tctx, status, "StartShadowCopySet failed"); if (inject == TEST_FSRVP_TOUT_SET_CTX) { /* expect error due to message sequence timeout after set_ctx */ torture_assert_int_equal(tctx, r_scset_start.out.result, FSRVP_E_BAD_STATE, "StartShadowCopySet timeout response"); goto done; } torture_assert_int_equal(tctx, r_scset_start.out.result, 0, "failed StartShadowCopySet response"); torture_comment(tctx, "%s: shadow-copy set created\n", GUID_string(tmp_ctx, r_scset_start.out.pShadowCopySetId)); if (inject == TEST_FSRVP_TOUT_START_SET) { sleep_time = lpcfg_parm_int(tctx->lp_ctx, NULL, "fss", "sequence timeout", 180); torture_comment(tctx, "sleeping for %d\n", sleep_time); smb_msleep((sleep_time * 1000) + 500); } ZERO_STRUCT(r_scset_add1); r_scset_add1.in.ClientShadowCopyId = GUID_random(); r_scset_add1.in.ShadowCopySetId = *r_scset_start.out.pShadowCopySetId; r_scset_add1.in.ShareName = share; status = dcerpc_fss_AddToShadowCopySet_r(b, tmp_ctx, &r_scset_add1); torture_assert_ntstatus_ok(tctx, status, "AddToShadowCopySet failed"); if (inject == TEST_FSRVP_TOUT_START_SET) { torture_assert_int_equal(tctx, r_scset_add1.out.result, HRES_ERROR_V(HRES_E_INVALIDARG), "AddToShadowCopySet timeout response"); goto done; } torture_assert_int_equal(tctx, r_scset_add1.out.result, 0, "failed AddToShadowCopySet response"); torture_comment(tctx, "%s(%s): %s added to shadow-copy set\n", GUID_string(tmp_ctx, r_scset_start.out.pShadowCopySetId), GUID_string(tmp_ctx, r_scset_add1.out.pShadowCopyId), r_scset_add1.in.ShareName); /* attempts to add the same share twice should fail */ ZERO_STRUCT(r_scset_add2); r_scset_add2.in.ClientShadowCopyId = GUID_random(); r_scset_add2.in.ShadowCopySetId = *r_scset_start.out.pShadowCopySetId; r_scset_add2.in.ShareName = share; status = dcerpc_fss_AddToShadowCopySet_r(b, tmp_ctx, &r_scset_add2); torture_assert_ntstatus_ok(tctx, status, "AddToShadowCopySet failed"); torture_assert_int_equal(tctx, r_scset_add2.out.result, FSRVP_E_OBJECT_ALREADY_EXISTS, "failed AddToShadowCopySet response"); if (inject == TEST_FSRVP_TOUT_ADD_TO_SET) { sleep_time = lpcfg_parm_int(tctx->lp_ctx, NULL, "fss", "sequence timeout", 1800); torture_comment(tctx, "sleeping for %d\n", sleep_time); smb_msleep((sleep_time * 1000) + 500); } start_time = time_mono(NULL); ZERO_STRUCT(r_scset_prep); r_scset_prep.in.ShadowCopySetId = *r_scset_start.out.pShadowCopySetId; // r_scset_prep.in.TimeOutInMilliseconds = (1800 * 1000); /* win8 */ r_scset_prep.in.TimeOutInMilliseconds = (240 * 1000); status = dcerpc_fss_PrepareShadowCopySet_r(b, tmp_ctx, &r_scset_prep); torture_assert_ntstatus_ok(tctx, status, "PrepareShadowCopySet failed"); if (inject == TEST_FSRVP_TOUT_ADD_TO_SET) { torture_assert_int_equal(tctx, r_scset_prep.out.result, HRES_ERROR_V(HRES_E_INVALIDARG), "PrepareShadowCopySet tout response"); goto done; } torture_assert_int_equal(tctx, r_scset_prep.out.result, 0, "failed PrepareShadowCopySet response"); torture_comment(tctx, "%s: prepare completed in %llu secs\n", GUID_string(tmp_ctx, r_scset_start.out.pShadowCopySetId), (unsigned long long)(time_mono(NULL) - start_time)); if (inject == TEST_FSRVP_TOUT_PREPARE) { sleep_time = lpcfg_parm_int(tctx->lp_ctx, NULL, "fss", "sequence timeout", 1800); torture_comment(tctx, "sleeping for %d\n", sleep_time); smb_msleep((sleep_time * 1000) + 500); } start_time = time_mono(NULL); ZERO_STRUCT(r_scset_commit); r_scset_commit.in.ShadowCopySetId = *r_scset_start.out.pShadowCopySetId; r_scset_commit.in.TimeOutInMilliseconds = (180 * 1000); /* win8 */ status = dcerpc_fss_CommitShadowCopySet_r(b, tmp_ctx, &r_scset_commit); torture_assert_ntstatus_ok(tctx, status, "CommitShadowCopySet failed"); if (inject == TEST_FSRVP_TOUT_PREPARE) { torture_assert_int_equal(tctx, r_scset_commit.out.result, HRES_ERROR_V(HRES_E_INVALIDARG), "CommitShadowCopySet tout response"); goto done; } torture_assert_int_equal(tctx, r_scset_commit.out.result, 0, "failed CommitShadowCopySet response"); torture_comment(tctx, "%s: commit completed in %llu secs\n", GUID_string(tmp_ctx, r_scset_start.out.pShadowCopySetId), (unsigned long long)(time_mono(NULL) - start_time)); if (inject == TEST_FSRVP_TOUT_COMMIT) { sleep_time = lpcfg_parm_int(tctx->lp_ctx, NULL, "fss", "sequence timeout", 180); torture_comment(tctx, "sleeping for %d\n", sleep_time); smb_msleep((sleep_time * 1000) + 500); } else if (inject == TEST_FSRVP_STOP_B4_EXPOSE) { /* return partial snapshot information */ map = talloc_zero(tctx, struct fssagent_share_mapping_1); map->ShadowCopySetId = *r_scset_start.out.pShadowCopySetId; map->ShadowCopyId = *r_scset_add1.out.pShadowCopyId; goto done; }
/** * Opens handle on Domain using SAMR * * @param _domain_handle [out] Ptr to storage to store Domain handle * @param _dom_sid [out] If NULL, Domain SID won't be returned */ bool test_domain_open(struct torture_context *tctx, struct dcerpc_binding_handle *b, struct lsa_String *domname, TALLOC_CTX *mem_ctx, struct policy_handle *_domain_handle, struct dom_sid2 *_dom_sid) { struct policy_handle connect_handle; struct policy_handle domain_handle; struct samr_Connect r1; struct samr_LookupDomain r2; struct dom_sid2 *sid = NULL; struct samr_OpenDomain r3; torture_comment(tctx, "connecting\n"); r1.in.system_name = 0; r1.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; r1.out.connect_handle = &connect_handle; torture_assert_ntstatus_ok(tctx, dcerpc_samr_Connect_r(b, mem_ctx, &r1), "Connect failed"); torture_assert_ntstatus_ok(tctx, r1.out.result, "Connect failed"); r2.in.connect_handle = &connect_handle; r2.in.domain_name = domname; r2.out.sid = &sid; torture_comment(tctx, "domain lookup on %s\n", domname->string); torture_assert_ntstatus_ok(tctx, dcerpc_samr_LookupDomain_r(b, mem_ctx, &r2), "LookupDomain failed"); torture_assert_ntstatus_ok(tctx, r2.out.result, "LookupDomain failed"); r3.in.connect_handle = &connect_handle; r3.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; r3.in.sid = *r2.out.sid; r3.out.domain_handle = &domain_handle; torture_comment(tctx, "opening domain %s\n", domname->string); torture_assert_ntstatus_ok(tctx, dcerpc_samr_OpenDomain_r(b, mem_ctx, &r3), "OpenDomain failed"); torture_assert_ntstatus_ok(tctx, r3.out.result, "OpenDomain failed"); *_domain_handle = domain_handle; if (_dom_sid) { *_dom_sid = **r2.out.sid; } /* Close connect_handle, we don't need it anymore */ test_samr_close_handle(tctx, b, mem_ctx, &connect_handle); return true; }
/* do some samr ops using the schannel connection */ static bool test_samr_ops(struct torture_context *tctx, struct dcerpc_binding_handle *b) { struct samr_GetDomPwInfo r; struct samr_PwInfo info; struct samr_Connect connect_r; struct samr_OpenDomain opendom; int i; struct lsa_String name; struct policy_handle handle; struct policy_handle domain_handle; name.string = lpcfg_workgroup(tctx->lp_ctx); r.in.domain_name = &name; r.out.info = &info; connect_r.in.system_name = 0; connect_r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; connect_r.out.connect_handle = &handle; printf("Testing Connect and OpenDomain on BUILTIN\n"); torture_assert_ntstatus_ok(tctx, dcerpc_samr_Connect_r(b, tctx, &connect_r), "Connect failed"); if (!NT_STATUS_IS_OK(connect_r.out.result)) { if (NT_STATUS_EQUAL(connect_r.out.result, NT_STATUS_ACCESS_DENIED)) { printf("Connect failed (expected, schannel mapped to anonymous): %s\n", nt_errstr(connect_r.out.result)); } else { printf("Connect failed - %s\n", nt_errstr(connect_r.out.result)); return false; } } else { opendom.in.connect_handle = &handle; opendom.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; opendom.in.sid = dom_sid_parse_talloc(tctx, "S-1-5-32"); opendom.out.domain_handle = &domain_handle; torture_assert_ntstatus_ok(tctx, dcerpc_samr_OpenDomain_r(b, tctx, &opendom), "OpenDomain failed"); if (!NT_STATUS_IS_OK(opendom.out.result)) { printf("OpenDomain failed - %s\n", nt_errstr(opendom.out.result)); return false; } } printf("Testing GetDomPwInfo with name %s\n", r.in.domain_name->string); /* do several ops to test credential chaining */ for (i=0;i<5;i++) { torture_assert_ntstatus_ok(tctx, dcerpc_samr_GetDomPwInfo_r(b, tctx, &r), "GetDomPwInfo failed"); if (!NT_STATUS_IS_OK(r.out.result)) { if (!NT_STATUS_EQUAL(r.out.result, NT_STATUS_ACCESS_DENIED)) { printf("GetDomPwInfo op %d failed - %s\n", i, nt_errstr(r.out.result)); return false; } } } return true; }
/* try a netlogon SamLogon */ bool test_netlogon_ex_ops(struct dcerpc_pipe *p, struct torture_context *tctx, struct cli_credentials *credentials, struct netlogon_creds_CredentialState *creds) { NTSTATUS status; struct netr_LogonSamLogonEx r; struct netr_NetworkInfo ninfo; union netr_LogonLevel logon; union netr_Validation validation; uint8_t authoritative = 0; uint32_t _flags = 0; DATA_BLOB names_blob, chal, lm_resp, nt_resp; int i; int flags = CLI_CRED_NTLM_AUTH; struct dcerpc_binding_handle *b = p->binding_handle; if (lpcfg_client_lanman_auth(tctx->lp_ctx)) { flags |= CLI_CRED_LANMAN_AUTH; } if (lpcfg_client_ntlmv2_auth(tctx->lp_ctx)) { flags |= CLI_CRED_NTLMv2_AUTH; } cli_credentials_get_ntlm_username_domain(cmdline_credentials, tctx, &ninfo.identity_info.account_name.string, &ninfo.identity_info.domain_name.string); generate_random_buffer(ninfo.challenge, sizeof(ninfo.challenge)); chal = data_blob_const(ninfo.challenge, sizeof(ninfo.challenge)); names_blob = NTLMv2_generate_names_blob(tctx, cli_credentials_get_workstation(credentials), cli_credentials_get_domain(credentials)); status = cli_credentials_get_ntlm_response(cmdline_credentials, tctx, &flags, chal, names_blob, &lm_resp, &nt_resp, NULL, NULL); torture_assert_ntstatus_ok(tctx, status, "cli_credentials_get_ntlm_response failed"); ninfo.lm.data = lm_resp.data; ninfo.lm.length = lm_resp.length; ninfo.nt.data = nt_resp.data; ninfo.nt.length = nt_resp.length; ninfo.identity_info.parameter_control = 0; ninfo.identity_info.logon_id_low = 0; ninfo.identity_info.logon_id_high = 0; ninfo.identity_info.workstation.string = cli_credentials_get_workstation(credentials); logon.network = &ninfo; r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p)); r.in.computer_name = cli_credentials_get_workstation(credentials); r.in.logon_level = 2; r.in.logon= &logon; r.in.flags = &_flags; r.out.validation = &validation; r.out.authoritative = &authoritative; r.out.flags = &_flags; torture_comment(tctx, "Testing LogonSamLogonEx with name %s\n", ninfo.identity_info.account_name.string); for (i=2;i<3;i++) { r.in.validation_level = i; torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogonEx_r(b, tctx, &r), "LogonSamLogon failed"); torture_assert_ntstatus_ok(tctx, r.out.result, "LogonSamLogon failed"); } return true; }
static bool torture_rpc_spoolss_access_setup_common(struct torture_context *tctx, struct torture_access_context *t) { void *testuser; const char *testuser_passwd; struct cli_credentials *test_credentials; struct dom_sid *test_sid; struct dcerpc_pipe *p; const char *printername; const char *binding = torture_setting_string(tctx, "binding", NULL); struct dcerpc_pipe *spoolss_pipe; testuser = torture_create_testuser_max_pwlen(tctx, t->user.username, torture_setting_string(tctx, "workgroup", NULL), ACB_NORMAL, &testuser_passwd, 32); if (!testuser) { torture_fail(tctx, "Failed to create test user"); } test_credentials = cli_credentials_init(tctx); cli_credentials_set_workstation(test_credentials, "localhost", CRED_SPECIFIED); cli_credentials_set_domain(test_credentials, lpcfg_workgroup(tctx->lp_ctx), CRED_SPECIFIED); cli_credentials_set_username(test_credentials, t->user.username, CRED_SPECIFIED); cli_credentials_set_password(test_credentials, testuser_passwd, CRED_SPECIFIED); test_sid = discard_const_p(struct dom_sid, torture_join_user_sid(testuser)); if (t->user.num_builtin_memberships) { struct dcerpc_pipe *samr_pipe = torture_join_samr_pipe(testuser); torture_assert(tctx, spoolss_access_setup_membership(tctx, samr_pipe, t->user.num_builtin_memberships, t->user.builtin_memberships, test_sid), "failed to setup membership"); } if (t->user.num_privs) { struct dcerpc_pipe *lsa_pipe; torture_assert_ntstatus_ok(tctx, torture_rpc_connection(tctx, &lsa_pipe, &ndr_table_lsarpc), "Error connecting to server"); torture_assert(tctx, spoolss_access_setup_privs(tctx, lsa_pipe, t->user.num_privs, t->user.privs, test_sid, &t->user.privs_present), "failed to setup privs"); talloc_free(lsa_pipe); } torture_assert_ntstatus_ok(tctx, torture_rpc_connection(tctx, &spoolss_pipe, &ndr_table_spoolss), "Error connecting to server"); torture_assert(tctx, test_EnumPrinters_findone(tctx, spoolss_pipe, &printername), "failed to enumerate printers"); if (t->user.sd && printername) { torture_assert(tctx, spoolss_access_setup_sd(tctx, spoolss_pipe, printername, test_sid, &t->sd_orig), "failed to setup sd"); } talloc_free(spoolss_pipe); torture_assert_ntstatus_ok(tctx, dcerpc_pipe_connect(tctx, &p, binding, &ndr_table_spoolss, test_credentials, tctx->ev, tctx->lp_ctx), "Error connecting to server"); t->spoolss_pipe = p; t->printername = printername; t->user.testuser = testuser; return true; }
static bool test_handles_lsa(struct torture_context *torture) { NTSTATUS status; struct dcerpc_pipe *p1, *p2; struct policy_handle handle; struct policy_handle handle2; struct lsa_ObjectAttribute attr; struct lsa_QosInfo qos; struct lsa_OpenPolicy r; struct lsa_Close c; uint16_t system_name = '\\'; TALLOC_CTX *mem_ctx = talloc_new(torture); torture_comment(torture, "RPC-HANDLE-LSARPC\n"); status = torture_rpc_connection(torture, &p1, &ndr_table_lsarpc); torture_assert_ntstatus_ok(torture, status, "opening lsa pipe1"); status = torture_rpc_connection(torture, &p2, &ndr_table_lsarpc); torture_assert_ntstatus_ok(torture, status, "opening lsa pipe1"); qos.len = 0; qos.impersonation_level = 2; qos.context_mode = 1; qos.effective_only = 0; attr.len = 0; attr.root_dir = NULL; attr.object_name = NULL; attr.attributes = 0; attr.sec_desc = NULL; attr.sec_qos = &qos; r.in.system_name = &system_name; r.in.attr = &attr; r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; r.out.handle = &handle; status = dcerpc_lsa_OpenPolicy(p1, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { torture_comment(torture, "lsa_OpenPolicy not supported - skipping\n"); talloc_free(mem_ctx); return true; } c.in.handle = &handle; c.out.handle = &handle2; status = dcerpc_lsa_Close(p2, mem_ctx, &c); torture_assert_ntstatus_equal(torture, status, NT_STATUS_NET_WRITE_FAULT, "closing policy handle on p2"); torture_assert_int_equal(torture, p2->last_fault_code, DCERPC_FAULT_CONTEXT_MISMATCH, "closing policy handle on p2"); status = dcerpc_lsa_Close(p1, mem_ctx, &c); torture_assert_ntstatus_ok(torture, status, "closing policy handle on p1"); status = dcerpc_lsa_Close(p1, mem_ctx, &c); torture_assert_ntstatus_equal(torture, status, NT_STATUS_NET_WRITE_FAULT, "closing policy handle on p1 again"); torture_assert_int_equal(torture, p1->last_fault_code, DCERPC_FAULT_CONTEXT_MISMATCH, "closing policy handle on p1 again"); talloc_free(mem_ctx); return true; }
static bool test_Map_tcpip(struct torture_context *tctx, struct dcerpc_binding_handle *h, struct ndr_syntax_id map_syntax) { struct epm_Map r; struct GUID uuid; struct policy_handle entry_handle; struct ndr_syntax_id syntax; struct dcerpc_binding map_binding; struct epm_twr_t map_tower; struct epm_twr_p_t towers[20]; struct epm_tower t; uint32_t num_towers; uint32_t port; uint32_t i; long int p; const char *tmp; const char *ip; char *ptr; NTSTATUS status; torture_comment(tctx, "Testing epm_Map\n"); ZERO_STRUCT(uuid); ZERO_STRUCT(entry_handle); r.in.object = &uuid; r.in.map_tower = &map_tower; r.in.entry_handle = &entry_handle; r.out.entry_handle = &entry_handle; r.in.max_towers = 10; r.out.towers = towers; r.out.num_towers = &num_towers; /* Create map tower */ map_binding.transport = NCACN_IP_TCP; map_binding.object = map_syntax; map_binding.host = "0.0.0.0"; map_binding.endpoint = "135"; status = dcerpc_binding_build_tower(tctx, &map_binding, &map_tower.tower); torture_assert_ntstatus_ok(tctx, status, "epm_Map_tcpip failed: can't create map_tower"); torture_comment(tctx, "epm_Map request for '%s':\n", ndr_interface_name(&map_syntax.uuid, map_syntax.if_version)); display_tower(tctx, &r.in.map_tower->tower); status = dcerpc_epm_Map_r(h, tctx, &r); torture_assert_ntstatus_ok(tctx, status, "epm_Map_simple failed"); torture_assert(tctx, r.out.result == EPMAPPER_STATUS_OK, "epm_Map_tcpip failed: result is not EPMAPPER_STATUS_OK"); /* Check the result */ t = r.out.towers[0].twr->tower; /* Check if we got the correct RPC interface identifier */ dcerpc_floor_get_lhs_data(&t.floors[0], &syntax); torture_assert(tctx, ndr_syntax_id_equal(&syntax, &map_syntax), "epm_Map_tcpip failed: Interface identifier mismatch"); torture_comment(tctx, "epm_Map_tcpip response for '%s':\n", ndr_interface_name(&syntax.uuid, syntax.if_version)); dcerpc_floor_get_lhs_data(&t.floors[1], &syntax); torture_assert(tctx, ndr_syntax_id_equal(&syntax, &ndr_transfer_syntax_ndr), "epm_Map_tcpip failed: floor 2 is not NDR encoded"); torture_assert(tctx, t.floors[2].lhs.protocol == EPM_PROTOCOL_NCACN, "epm_Map_tcpip failed: floor 3 is not NCACN_IP_TCP"); tmp = dcerpc_floor_get_rhs_data(tctx, &t.floors[3]); p = strtol(tmp, &ptr, 10); port = p & 0xffff; torture_assert(tctx, port > 1024 && port < 65535, "epm_Map_tcpip failed"); ip = dcerpc_floor_get_rhs_data(tctx, &t.floors[4]); torture_assert(tctx, is_ipaddress(ip), "epm_Map_tcpip failed"); for (i = 0; i < *r.out.num_towers; i++) { if (r.out.towers[i].twr) { display_tower(tctx, &t); } } return true; }
static bool test_LookupSidsReply(struct torture_context *tctx, struct dcerpc_pipe *p) { struct policy_handle *handle; struct dom_sid **sids; uint32_t num_sids = 1; struct lsa_LookupSids r; struct lsa_SidArray sidarray; struct lsa_RefDomainList *domains = NULL; struct lsa_TransNameArray names; uint32_t count = 0; uint32_t i; const char *dom_sid = "S-1-5-21-1111111111-2222222222-3333333333"; const char *dom_admin_sid; struct dcerpc_binding_handle *b = p->binding_handle; if (p->binding->transport != NCACN_NP && p->binding->transport != NCALRPC) { torture_comment(tctx, "test_LookupSidsReply is only available " "over NCACN_NP or NCALRPC"); return true; } if (!open_policy(tctx, b, &handle)) { return false; } dom_admin_sid = talloc_asprintf(tctx, "%s-%d", dom_sid, 512); sids = talloc_array(tctx, struct dom_sid *, num_sids); sids[0] = dom_sid_parse_talloc(tctx, dom_admin_sid); names.count = 0; names.names = NULL; sidarray.num_sids = num_sids; sidarray.sids = talloc_array(tctx, struct lsa_SidPtr, num_sids); for (i=0; i<num_sids; i++) { sidarray.sids[i].sid = sids[i]; } r.in.handle = handle; r.in.sids = &sidarray; r.in.names = &names; r.in.level = LSA_LOOKUP_NAMES_ALL; r.in.count = &count; r.out.names = &names; r.out.count = &count; r.out.domains = &domains; torture_assert_ntstatus_ok(tctx, dcerpc_lsa_LookupSids_r(b, tctx, &r), "LookupSids failed"); torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_NONE_MAPPED, "unexpected error code"); torture_assert_int_equal(tctx, names.count, num_sids, "unexpected names count"); torture_assert(tctx, names.names, "unexpected names pointer"); torture_assert_str_equal(tctx, names.names[0].name.string, dom_admin_sid, "unexpected names[0].string"); #if 0 /* vista sp1 passes, w2k3 sp2 fails */ torture_assert_int_equal(tctx, domains->count, num_sids, "unexpected domains count"); torture_assert(tctx, domains->domains, "unexpected domains pointer"); torture_assert_str_equal(tctx, dom_sid_string(tctx, domains->domains[0].sid), dom_sid, "unexpected domain sid"); #endif return true; }
/* basic testing of all RAW_SEARCH_* calls using a single file */ static bool test_one_file(struct torture_context *tctx, struct smbcli_state *cli) { bool ret = true; int fnum; const char *fname = "\\torture_search.txt"; const char *fname2 = "\\torture_search-NOTEXIST.txt"; NTSTATUS status; int i; union smb_fileinfo all_info, alt_info, name_info, internal_info; union smb_search_data *s; fnum = create_complex_file(cli, tctx, fname); if (fnum == -1) { printf("ERROR: open of %s failed (%s)\n", fname, smbcli_errstr(cli->tree)); ret = false; goto done; } /* call all the levels */ for (i=0;i<ARRAY_SIZE(levels);i++) { NTSTATUS expected_status; uint32_t cap = cli->transport->negotiate.capabilities; torture_comment(tctx, "testing %s\n", levels[i].name); levels[i].status = torture_single_search(cli, tctx, fname, levels[i].level, levels[i].data_level, 0, &levels[i].data); /* see if this server claims to support this level */ if ((cap & levels[i].capability_mask) != levels[i].capability_mask) { printf("search level %s(%d) not supported by server\n", levels[i].name, (int)levels[i].level); continue; } if (!NT_STATUS_IS_OK(levels[i].status)) { printf("search level %s(%d) failed - %s\n", levels[i].name, (int)levels[i].level, nt_errstr(levels[i].status)); ret = false; continue; } status = torture_single_search(cli, tctx, fname2, levels[i].level, levels[i].data_level, 0, &levels[i].data); expected_status = NT_STATUS_NO_SUCH_FILE; if (levels[i].level == RAW_SEARCH_SEARCH || levels[i].level == RAW_SEARCH_FFIRST || levels[i].level == RAW_SEARCH_FUNIQUE) { expected_status = STATUS_NO_MORE_FILES; } if (!NT_STATUS_EQUAL(status, expected_status)) { printf("search level %s(%d) should fail with %s - %s\n", levels[i].name, (int)levels[i].level, nt_errstr(expected_status), nt_errstr(status)); ret = false; } } /* get the all_info file into to check against */ all_info.generic.level = RAW_FILEINFO_ALL_INFO; all_info.generic.in.file.path = fname; status = smb_raw_pathinfo(cli->tree, tctx, &all_info); torture_assert_ntstatus_ok(tctx, status, "RAW_FILEINFO_ALL_INFO failed"); alt_info.generic.level = RAW_FILEINFO_ALT_NAME_INFO; alt_info.generic.in.file.path = fname; status = smb_raw_pathinfo(cli->tree, tctx, &alt_info); torture_assert_ntstatus_ok(tctx, status, "RAW_FILEINFO_ALT_NAME_INFO failed"); internal_info.generic.level = RAW_FILEINFO_INTERNAL_INFORMATION; internal_info.generic.in.file.path = fname; status = smb_raw_pathinfo(cli->tree, tctx, &internal_info); torture_assert_ntstatus_ok(tctx, status, "RAW_FILEINFO_INTERNAL_INFORMATION failed"); name_info.generic.level = RAW_FILEINFO_NAME_INFO; name_info.generic.in.file.path = fname; status = smb_raw_pathinfo(cli->tree, tctx, &name_info); torture_assert_ntstatus_ok(tctx, status, "RAW_FILEINFO_NAME_INFO failed"); #define CHECK_VAL(name, sname1, field1, v, sname2, field2) do { \ s = find(name); \ if (s) { \ if ((s->sname1.field1) != (v.sname2.out.field2)) { \ printf("(%s) %s/%s [0x%x] != %s/%s [0x%x]\n", \ __location__, \ #sname1, #field1, (int)s->sname1.field1, \ #sname2, #field2, (int)v.sname2.out.field2); \ ret = false; \ } \ }} while (0) #define CHECK_TIME(name, sname1, field1, v, sname2, field2) do { \ s = find(name); \ if (s) { \ if (s->sname1.field1 != (~1 & nt_time_to_unix(v.sname2.out.field2))) { \ printf("(%s) %s/%s [%s] != %s/%s [%s]\n", \ __location__, \ #sname1, #field1, timestring(tctx, s->sname1.field1), \ #sname2, #field2, nt_time_string(tctx, v.sname2.out.field2)); \ ret = false; \ } \ }} while (0) #define CHECK_NTTIME(name, sname1, field1, v, sname2, field2) do { \ s = find(name); \ if (s) { \ if (s->sname1.field1 != v.sname2.out.field2) { \ printf("(%s) %s/%s [%s] != %s/%s [%s]\n", \ __location__, \ #sname1, #field1, nt_time_string(tctx, s->sname1.field1), \ #sname2, #field2, nt_time_string(tctx, v.sname2.out.field2)); \ ret = false; \ } \ }} while (0) #define CHECK_STR(name, sname1, field1, v, sname2, field2) do { \ s = find(name); \ if (s) { \ if (!s->sname1.field1 || strcmp(s->sname1.field1, v.sname2.out.field2.s)) { \ printf("(%s) %s/%s [%s] != %s/%s [%s]\n", \ __location__, \ #sname1, #field1, s->sname1.field1, \ #sname2, #field2, v.sname2.out.field2.s); \ ret = false; \ } \ }} while (0) #define CHECK_WSTR(name, sname1, field1, v, sname2, field2, flags) do { \ s = find(name); \ if (s) { \ if (!s->sname1.field1.s || \ strcmp(s->sname1.field1.s, v.sname2.out.field2.s) || \ wire_bad_flags(&s->sname1.field1, flags, cli->transport)) { \ printf("(%s) %s/%s [%s] != %s/%s [%s]\n", \ __location__, \ #sname1, #field1, s->sname1.field1.s, \ #sname2, #field2, v.sname2.out.field2.s); \ ret = false; \ } \ }} while (0) #define CHECK_NAME(name, sname1, field1, fname, flags) do { \ s = find(name); \ if (s) { \ if (!s->sname1.field1.s || \ strcmp(s->sname1.field1.s, fname) || \ wire_bad_flags(&s->sname1.field1, flags, cli->transport)) { \ printf("(%s) %s/%s [%s] != %s\n", \ __location__, \ #sname1, #field1, s->sname1.field1.s, \ fname); \ ret = false; \ } \ }} while (0) #define CHECK_UNIX_NAME(name, sname1, field1, fname, flags) do { \ s = find(name); \ if (s) { \ if (!s->sname1.field1 || \ strcmp(s->sname1.field1, fname)) { \ printf("(%s) %s/%s [%s] != %s\n", \ __location__, \ #sname1, #field1, s->sname1.field1, \ fname); \ ret = false; \ } \ }} while (0) /* check that all the results are as expected */ CHECK_VAL("SEARCH", search, attrib, all_info, all_info, attrib&0xFFF); CHECK_VAL("STANDARD", standard, attrib, all_info, all_info, attrib&0xFFF); CHECK_VAL("EA_SIZE", ea_size, attrib, all_info, all_info, attrib&0xFFF); CHECK_VAL("DIRECTORY_INFO", directory_info, attrib, all_info, all_info, attrib); CHECK_VAL("FULL_DIRECTORY_INFO", full_directory_info, attrib, all_info, all_info, attrib); CHECK_VAL("BOTH_DIRECTORY_INFO", both_directory_info, attrib, all_info, all_info, attrib); CHECK_VAL("ID_FULL_DIRECTORY_INFO", id_full_directory_info, attrib, all_info, all_info, attrib); CHECK_VAL("ID_BOTH_DIRECTORY_INFO", id_both_directory_info, attrib, all_info, all_info, attrib); CHECK_TIME("SEARCH", search, write_time, all_info, all_info, write_time); CHECK_TIME("STANDARD", standard, write_time, all_info, all_info, write_time); CHECK_TIME("EA_SIZE", ea_size, write_time, all_info, all_info, write_time); CHECK_TIME("STANDARD", standard, create_time, all_info, all_info, create_time); CHECK_TIME("EA_SIZE", ea_size, create_time, all_info, all_info, create_time); CHECK_TIME("STANDARD", standard, access_time, all_info, all_info, access_time); CHECK_TIME("EA_SIZE", ea_size, access_time, all_info, all_info, access_time); CHECK_NTTIME("DIRECTORY_INFO", directory_info, write_time, all_info, all_info, write_time); CHECK_NTTIME("FULL_DIRECTORY_INFO", full_directory_info, write_time, all_info, all_info, write_time); CHECK_NTTIME("BOTH_DIRECTORY_INFO", both_directory_info, write_time, all_info, all_info, write_time); CHECK_NTTIME("ID_FULL_DIRECTORY_INFO", id_full_directory_info, write_time, all_info, all_info, write_time); CHECK_NTTIME("ID_BOTH_DIRECTORY_INFO", id_both_directory_info, write_time, all_info, all_info, write_time); CHECK_NTTIME("DIRECTORY_INFO", directory_info, create_time, all_info, all_info, create_time); CHECK_NTTIME("FULL_DIRECTORY_INFO", full_directory_info, create_time, all_info, all_info, create_time); CHECK_NTTIME("BOTH_DIRECTORY_INFO", both_directory_info, create_time, all_info, all_info, create_time); CHECK_NTTIME("ID_FULL_DIRECTORY_INFO", id_full_directory_info, create_time, all_info, all_info, create_time); CHECK_NTTIME("ID_BOTH_DIRECTORY_INFO", id_both_directory_info, create_time, all_info, all_info, create_time); CHECK_NTTIME("DIRECTORY_INFO", directory_info, access_time, all_info, all_info, access_time); CHECK_NTTIME("FULL_DIRECTORY_INFO", full_directory_info, access_time, all_info, all_info, access_time); CHECK_NTTIME("BOTH_DIRECTORY_INFO", both_directory_info, access_time, all_info, all_info, access_time); CHECK_NTTIME("ID_FULL_DIRECTORY_INFO", id_full_directory_info, access_time, all_info, all_info, access_time); CHECK_NTTIME("ID_BOTH_DIRECTORY_INFO", id_both_directory_info, access_time, all_info, all_info, access_time); CHECK_NTTIME("DIRECTORY_INFO", directory_info, change_time, all_info, all_info, change_time); CHECK_NTTIME("FULL_DIRECTORY_INFO", full_directory_info, change_time, all_info, all_info, change_time); CHECK_NTTIME("BOTH_DIRECTORY_INFO", both_directory_info, change_time, all_info, all_info, change_time); CHECK_NTTIME("ID_FULL_DIRECTORY_INFO", id_full_directory_info, change_time, all_info, all_info, change_time); CHECK_NTTIME("ID_BOTH_DIRECTORY_INFO", id_both_directory_info, change_time, all_info, all_info, change_time); CHECK_VAL("SEARCH", search, size, all_info, all_info, size); CHECK_VAL("STANDARD", standard, size, all_info, all_info, size); CHECK_VAL("EA_SIZE", ea_size, size, all_info, all_info, size); CHECK_VAL("DIRECTORY_INFO", directory_info, size, all_info, all_info, size); CHECK_VAL("FULL_DIRECTORY_INFO", full_directory_info, size, all_info, all_info, size); CHECK_VAL("BOTH_DIRECTORY_INFO", both_directory_info, size, all_info, all_info, size); CHECK_VAL("ID_FULL_DIRECTORY_INFO", id_full_directory_info, size, all_info, all_info, size); CHECK_VAL("ID_BOTH_DIRECTORY_INFO", id_both_directory_info, size, all_info, all_info, size); CHECK_VAL("UNIX_INFO", unix_info, size, all_info, all_info, size); CHECK_VAL("STANDARD", standard, alloc_size, all_info, all_info, alloc_size); CHECK_VAL("EA_SIZE", ea_size, alloc_size, all_info, all_info, alloc_size); CHECK_VAL("DIRECTORY_INFO", directory_info, alloc_size, all_info, all_info, alloc_size); CHECK_VAL("FULL_DIRECTORY_INFO", full_directory_info, alloc_size, all_info, all_info, alloc_size); CHECK_VAL("BOTH_DIRECTORY_INFO", both_directory_info, alloc_size, all_info, all_info, alloc_size); CHECK_VAL("ID_FULL_DIRECTORY_INFO", id_full_directory_info, alloc_size, all_info, all_info, alloc_size); CHECK_VAL("ID_BOTH_DIRECTORY_INFO", id_both_directory_info, alloc_size, all_info, all_info, alloc_size); CHECK_VAL("UNIX_INFO", unix_info, alloc_size, all_info, all_info, alloc_size); CHECK_VAL("EA_SIZE", ea_size, ea_size, all_info, all_info, ea_size); CHECK_VAL("FULL_DIRECTORY_INFO", full_directory_info, ea_size, all_info, all_info, ea_size); CHECK_VAL("BOTH_DIRECTORY_INFO", both_directory_info, ea_size, all_info, all_info, ea_size); CHECK_VAL("ID_FULL_DIRECTORY_INFO", id_full_directory_info, ea_size, all_info, all_info, ea_size); CHECK_VAL("ID_BOTH_DIRECTORY_INFO", id_both_directory_info, ea_size, all_info, all_info, ea_size); CHECK_STR("SEARCH", search, name, alt_info, alt_name_info, fname); CHECK_WSTR("BOTH_DIRECTORY_INFO", both_directory_info, short_name, alt_info, alt_name_info, fname, STR_UNICODE); CHECK_NAME("STANDARD", standard, name, fname+1, 0); CHECK_NAME("EA_SIZE", ea_size, name, fname+1, 0); CHECK_NAME("DIRECTORY_INFO", directory_info, name, fname+1, STR_TERMINATE_ASCII); CHECK_NAME("FULL_DIRECTORY_INFO", full_directory_info, name, fname+1, STR_TERMINATE_ASCII); CHECK_NAME("NAME_INFO", name_info, name, fname+1, STR_TERMINATE_ASCII); CHECK_NAME("BOTH_DIRECTORY_INFO", both_directory_info, name, fname+1, STR_TERMINATE_ASCII); CHECK_NAME("ID_FULL_DIRECTORY_INFO", id_full_directory_info, name, fname+1, STR_TERMINATE_ASCII); CHECK_NAME("ID_BOTH_DIRECTORY_INFO", id_both_directory_info, name, fname+1, STR_TERMINATE_ASCII); CHECK_UNIX_NAME("UNIX_INFO", unix_info, name, fname+1, STR_TERMINATE_ASCII); CHECK_VAL("ID_FULL_DIRECTORY_INFO", id_full_directory_info, file_id, internal_info, internal_information, file_id); CHECK_VAL("ID_BOTH_DIRECTORY_INFO", id_both_directory_info, file_id, internal_info, internal_information, file_id); done: smb_raw_exit(cli->session); smbcli_unlink(cli->tree, fname); return ret; }
bool torture_net_become_dc(struct torture_context *torture) { bool ret = true; NTSTATUS status; struct libnet_BecomeDC b; struct libnet_UnbecomeDC u; struct libnet_vampire_cb_state *s; struct ldb_message *msg; int ldb_ret; uint32_t i; char *private_dir; const char *address; struct nbt_name name; const char *netbios_name; struct cli_credentials *machine_account; struct test_join *tj; struct loadparm_context *lp_ctx; struct ldb_context *ldb; struct libnet_context *ctx; struct dsdb_schema *schema; char *location = NULL; torture_assert_ntstatus_ok(torture, torture_temp_dir(torture, "libnet_BecomeDC", &location), "torture_temp_dir should return NT_STATUS_OK" ); netbios_name = lpcfg_parm_string(torture->lp_ctx, NULL, "become dc", "smbtorture dc"); if (!netbios_name || !netbios_name[0]) { netbios_name = "smbtorturedc"; } make_nbt_name_server(&name, torture_setting_string(torture, "host", NULL)); /* do an initial name resolution to find its IP */ status = resolve_name_ex(lpcfg_resolve_context(torture->lp_ctx), 0, 0, &name, torture, &address, torture->ev); torture_assert_ntstatus_ok(torture, status, talloc_asprintf(torture, "Failed to resolve %s - %s\n", name.name, nt_errstr(status))); /* Join domain as a member server. */ tj = torture_join_domain(torture, netbios_name, ACB_WSTRUST, &machine_account); torture_assert(torture, tj, talloc_asprintf(torture, "%s failed to join domain as workstation\n", netbios_name)); s = libnet_vampire_cb_state_init(torture, torture->lp_ctx, torture->ev, netbios_name, torture_join_dom_netbios_name(tj), torture_join_dom_dns_name(tj), location); torture_assert(torture, s, "libnet_vampire_cb_state_init"); ctx = libnet_context_init(torture->ev, torture->lp_ctx); ctx->cred = cmdline_credentials; ZERO_STRUCT(b); b.in.domain_dns_name = torture_join_dom_dns_name(tj); b.in.domain_netbios_name = torture_join_dom_netbios_name(tj); b.in.domain_sid = torture_join_sid(tj); b.in.source_dsa_address = address; b.in.dest_dsa_netbios_name = netbios_name; b.in.callbacks.private_data = s; b.in.callbacks.check_options = libnet_vampire_cb_check_options; b.in.callbacks.prepare_db = libnet_vampire_cb_prepare_db; b.in.callbacks.schema_chunk = libnet_vampire_cb_schema_chunk; b.in.callbacks.config_chunk = libnet_vampire_cb_store_chunk; b.in.callbacks.domain_chunk = libnet_vampire_cb_store_chunk; status = libnet_BecomeDC(ctx, s, &b); torture_assert_ntstatus_ok_goto(torture, status, ret, cleanup, talloc_asprintf(torture, "libnet_BecomeDC() failed - %s %s\n", nt_errstr(status), b.out.error_string)); ldb = libnet_vampire_cb_ldb(s); msg = ldb_msg_new(s); torture_assert_int_equal_goto(torture, (msg?1:0), 1, ret, cleanup, "ldb_msg_new() failed\n"); msg->dn = ldb_dn_new(msg, ldb, "@ROOTDSE"); torture_assert_int_equal_goto(torture, (msg->dn?1:0), 1, ret, cleanup, "ldb_msg_new(@ROOTDSE) failed\n"); ldb_ret = ldb_msg_add_string(msg, "isSynchronized", "TRUE"); torture_assert_int_equal_goto(torture, ldb_ret, LDB_SUCCESS, ret, cleanup, "ldb_msg_add_string(msg, isSynchronized, TRUE) failed\n"); for (i=0; i < msg->num_elements; i++) { msg->elements[i].flags = LDB_FLAG_MOD_REPLACE; } torture_comment(torture, "mark ROOTDSE with isSynchronized=TRUE\n"); ldb_ret = ldb_modify(libnet_vampire_cb_ldb(s), msg); torture_assert_int_equal_goto(torture, ldb_ret, LDB_SUCCESS, ret, cleanup, "ldb_modify() failed\n"); /* commit the transaction now we know the secrets were written * out properly */ ldb_ret = ldb_transaction_commit(ldb); torture_assert_int_equal_goto(torture, ldb_ret, LDB_SUCCESS, ret, cleanup, "ldb_transaction_commit() failed\n"); /* reopen the ldb */ talloc_unlink(s, ldb); lp_ctx = libnet_vampire_cb_lp_ctx(s); private_dir = talloc_asprintf(s, "%s/%s", location, "private"); lpcfg_set_cmdline(lp_ctx, "private dir", private_dir); torture_comment(torture, "Reopen the SAM LDB with system credentials and all replicated data: %s\n", private_dir); ldb = samdb_connect(s, torture->ev, lp_ctx, system_session(lp_ctx), 0); torture_assert_goto(torture, ldb != NULL, ret, cleanup, talloc_asprintf(torture, "Failed to open '%s/sam.ldb'\n", private_dir)); torture_assert_goto(torture, dsdb_uses_global_schema(ldb), ret, cleanup, "Uses global schema"); schema = dsdb_get_schema(ldb, s); torture_assert_goto(torture, schema != NULL, ret, cleanup, "Failed to get loaded dsdb_schema\n"); /* Make sure we get this from the command line */ if (lpcfg_parm_bool(torture->lp_ctx, NULL, "become dc", "do not unjoin", false)) { talloc_free(s); return ret; } cleanup: ZERO_STRUCT(u); u.in.domain_dns_name = torture_join_dom_dns_name(tj); u.in.domain_netbios_name = torture_join_dom_netbios_name(tj); u.in.source_dsa_address = address; u.in.dest_dsa_netbios_name = netbios_name; status = libnet_UnbecomeDC(ctx, s, &u); torture_assert_ntstatus_ok(torture, status, talloc_asprintf(torture, "libnet_UnbecomeDC() failed - %s %s\n", nt_errstr(status), u.out.error_string)); /* Leave domain. */ torture_leave_domain(torture, tj); talloc_free(s); return ret; }
static bool test_CreateSecret_basic(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle) { NTSTATUS status; struct lsa_CreateSecret r; struct lsa_SetSecret r3; struct lsa_QuerySecret r4; struct policy_handle sec_handle; struct lsa_DeleteObject d; struct lsa_DATA_BUF buf1; struct lsa_DATA_BUF_PTR bufp1; DATA_BLOB enc_key; DATA_BLOB session_key; NTTIME old_mtime, new_mtime; DATA_BLOB blob1; const char *secret1 = "abcdef12345699qwerty"; char *secret2; char *secname; struct dcerpc_binding_handle *b = p->binding_handle; secname = talloc_asprintf(tctx, "torturesecret-%u", (unsigned int)random()); torture_comment(tctx, "Testing CreateSecret of %s\n", secname); init_lsa_String(&r.in.name, secname); r.in.handle = handle; r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; r.out.sec_handle = &sec_handle; torture_assert_ntstatus_ok(tctx, dcerpc_lsa_CreateSecret_r(b, tctx, &r), "CreateSecret failed"); torture_assert_ntstatus_ok(tctx, r.out.result, "CreateSecret failed"); status = dcerpc_fetch_session_key(p, &session_key); torture_assert_ntstatus_ok(tctx, status, "dcerpc_fetch_session_key failed"); enc_key = sess_encrypt_string(secret1, &session_key); r3.in.sec_handle = &sec_handle; r3.in.new_val = &buf1; r3.in.old_val = NULL; r3.in.new_val->data = enc_key.data; r3.in.new_val->length = enc_key.length; r3.in.new_val->size = enc_key.length; torture_comment(tctx, "Testing SetSecret\n"); torture_assert_ntstatus_ok(tctx, dcerpc_lsa_SetSecret_r(b, tctx, &r3), "SetSecret failed"); torture_assert_ntstatus_ok(tctx, r3.out.result, "SetSecret failed"); r3.in.sec_handle = &sec_handle; r3.in.new_val = &buf1; r3.in.old_val = NULL; r3.in.new_val->data = enc_key.data; r3.in.new_val->length = enc_key.length; r3.in.new_val->size = enc_key.length; /* break the encrypted data */ enc_key.data[0]++; torture_comment(tctx, "Testing SetSecret with broken key\n"); torture_assert_ntstatus_ok(tctx, dcerpc_lsa_SetSecret_r(b, tctx, &r3), "SetSecret failed"); torture_assert_ntstatus_equal(tctx, r3.out.result, NT_STATUS_UNKNOWN_REVISION, "SetSecret should have failed UNKNOWN_REVISION"); data_blob_free(&enc_key); ZERO_STRUCT(new_mtime); ZERO_STRUCT(old_mtime); /* fetch the secret back again */ r4.in.sec_handle = &sec_handle; r4.in.new_val = &bufp1; r4.in.new_mtime = &new_mtime; r4.in.old_val = NULL; r4.in.old_mtime = NULL; bufp1.buf = NULL; torture_comment(tctx, "Testing QuerySecret\n"); torture_assert_ntstatus_ok(tctx, dcerpc_lsa_QuerySecret_r(b, tctx, &r4), "QuerySecret failed"); torture_assert_ntstatus_ok(tctx, r4.out.result, "QuerySecret failed"); if (r4.out.new_val == NULL || r4.out.new_val->buf == NULL) torture_fail(tctx, "No secret buffer returned"); blob1.data = r4.out.new_val->buf->data; blob1.length = r4.out.new_val->buf->size; secret2 = sess_decrypt_string(tctx, &blob1, &session_key); torture_assert_str_equal(tctx, secret1, secret2, "Returned secret invalid"); d.in.handle = &sec_handle; d.out.handle = &sec_handle; torture_assert_ntstatus_ok(tctx, dcerpc_lsa_DeleteObject_r(b, tctx, &d), "DeleteObject failed"); torture_assert_ntstatus_ok(tctx, d.out.result, "delete should have returned OKINVALID_HANDLE"); return true; }
static bool test_PACVerify(struct torture_context *tctx, struct dcerpc_pipe *p, struct cli_credentials *credentials) { NTSTATUS status; struct netr_LogonSamLogon r; union netr_LogonLevel logon; union netr_Validation validation; uint8_t authoritative; struct netr_Authenticator return_authenticator; struct netr_GenericInfo generic; struct netr_Authenticator auth, auth2; struct netlogon_creds_CredentialState *creds; struct gensec_security *gensec_client_context; struct gensec_security *gensec_server_context; DATA_BLOB client_to_server, server_to_client, pac_wrapped, payload; struct PAC_Validate pac_wrapped_struct; enum ndr_err_code ndr_err; struct auth_session_info *session_info; char *tmp_dir; TALLOC_CTX *tmp_ctx = talloc_new(tctx); torture_assert(tctx, tmp_ctx != NULL, "talloc_new() failed"); if (!test_SetupCredentials2(p, tctx, NETLOGON_NEG_AUTH2_ADS_FLAGS, credentials, SEC_CHAN_BDC, &creds)) { return false; } status = torture_temp_dir(tctx, "PACVerify", &tmp_dir); torture_assert_ntstatus_ok(tctx, status, "torture_temp_dir failed"); status = gensec_client_start(tctx, &gensec_client_context, tctx->ev, lp_gensec_settings(tctx, tctx->lp_ctx)); torture_assert_ntstatus_ok(tctx, status, "gensec_client_start (client) failed"); status = gensec_set_target_hostname(gensec_client_context, TEST_MACHINE_NAME); status = gensec_set_credentials(gensec_client_context, cmdline_credentials); torture_assert_ntstatus_ok(tctx, status, "gensec_set_credentials (client) failed"); status = gensec_start_mech_by_sasl_name(gensec_client_context, "GSSAPI"); torture_assert_ntstatus_ok(tctx, status, "gensec_start_mech_by_sasl_name (client) failed"); status = gensec_server_start(tctx, tctx->ev, lp_gensec_settings(tctx, tctx->lp_ctx), NULL, &gensec_server_context); torture_assert_ntstatus_ok(tctx, status, "gensec_server_start (server) failed"); status = gensec_set_credentials(gensec_server_context, credentials); torture_assert_ntstatus_ok(tctx, status, "gensec_set_credentials (server) failed"); status = gensec_start_mech_by_sasl_name(gensec_server_context, "GSSAPI"); torture_assert_ntstatus_ok(tctx, status, "gensec_start_mech_by_sasl_name (server) failed"); server_to_client = data_blob(NULL, 0); do { /* Do a client-server update dance */ status = gensec_update(gensec_client_context, tmp_ctx, server_to_client, &client_to_server); if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { ; torture_assert_ntstatus_ok(tctx, status, "gensec_update (client) failed"); } status = gensec_update(gensec_server_context, tmp_ctx, client_to_server, &server_to_client); if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { ; torture_assert_ntstatus_ok(tctx, status, "gensec_update (server) failed"); } if (NT_STATUS_IS_OK(status)) { break; } } while (1); /* Extract the PAC using Samba's code */ status = gensec_session_info(gensec_server_context, &session_info); torture_assert_ntstatus_ok(tctx, status, "gensec_session_info failed"); pac_wrapped_struct.ChecksumLength = session_info->server_info->pac_srv_sig.signature.length; pac_wrapped_struct.SignatureType = session_info->server_info->pac_kdc_sig.type; pac_wrapped_struct.SignatureLength = session_info->server_info->pac_kdc_sig.signature.length; pac_wrapped_struct.ChecksumAndSignature = payload = data_blob_talloc(tmp_ctx, NULL, pac_wrapped_struct.ChecksumLength + pac_wrapped_struct.SignatureLength); memcpy(&payload.data[0], session_info->server_info->pac_srv_sig.signature.data, pac_wrapped_struct.ChecksumLength); memcpy(&payload.data[pac_wrapped_struct.ChecksumLength], session_info->server_info->pac_kdc_sig.signature.data, pac_wrapped_struct.SignatureLength); ndr_err = ndr_push_struct_blob(&pac_wrapped, tmp_ctx, lp_iconv_convenience(tctx->lp_ctx), &pac_wrapped_struct, (ndr_push_flags_fn_t)ndr_push_PAC_Validate); torture_assert(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), "ndr_push_struct_blob of PACValidate structure failed"); torture_assert(tctx, (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR), "not willing to even try a PACValidate without RC4 encryption"); netlogon_creds_arcfour_crypt(creds, pac_wrapped.data, pac_wrapped.length); generic.length = pac_wrapped.length; generic.data = pac_wrapped.data; /* Validate it over the netlogon pipe */ generic.identity_info.parameter_control = 0; generic.identity_info.logon_id_high = 0; generic.identity_info.logon_id_low = 0; generic.identity_info.domain_name.string = session_info->server_info->domain_name; generic.identity_info.account_name.string = session_info->server_info->account_name; generic.identity_info.workstation.string = TEST_MACHINE_NAME; generic.package_name.string = "Kerberos"; logon.generic = &generic; ZERO_STRUCT(auth2); netlogon_creds_client_authenticator(creds, &auth); r.in.credential = &auth; r.in.return_authenticator = &auth2; r.in.logon = &logon; r.in.logon_level = NetlogonGenericInformation; r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p)); r.in.computer_name = cli_credentials_get_workstation(credentials); r.in.validation_level = NetlogonValidationGenericInfo2; r.out.validation = &validation; r.out.authoritative = &authoritative; r.out.return_authenticator = &return_authenticator; status = dcerpc_netr_LogonSamLogon(p, tctx, &r); torture_assert_ntstatus_ok(tctx, status, "LogonSamLogon failed"); /* This will break the signature nicely (even in the crypto wrapping), check we get a logon failure */ generic.data[generic.length-1]++; logon.generic = &generic; ZERO_STRUCT(auth2); netlogon_creds_client_authenticator(creds, &auth); r.in.credential = &auth; r.in.return_authenticator = &auth2; r.in.logon_level = NetlogonGenericInformation; r.in.logon = &logon; r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p)); r.in.computer_name = cli_credentials_get_workstation(credentials); r.in.validation_level = NetlogonValidationGenericInfo2; status = dcerpc_netr_LogonSamLogon(p, tctx, &r); torture_assert_ntstatus_equal(tctx, status, NT_STATUS_LOGON_FAILURE, "LogonSamLogon failed"); torture_assert(tctx, netlogon_creds_client_check(creds, &r.out.return_authenticator->cred), "Credential chaining failed"); /* This will break the parsing nicely (even in the crypto wrapping), check we get INVALID_PARAMETER */ generic.length--; logon.generic = &generic; ZERO_STRUCT(auth2); netlogon_creds_client_authenticator(creds, &auth); r.in.credential = &auth; r.in.return_authenticator = &auth2; r.in.logon_level = NetlogonGenericInformation; r.in.logon = &logon; r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p)); r.in.computer_name = cli_credentials_get_workstation(credentials); r.in.validation_level = NetlogonValidationGenericInfo2; status = dcerpc_netr_LogonSamLogon(p, tctx, &r); torture_assert_ntstatus_equal(tctx, status, NT_STATUS_INVALID_PARAMETER, "LogonSamLogon failed"); torture_assert(tctx, netlogon_creds_client_check(creds, &r.out.return_authenticator->cred), "Credential chaining failed"); pac_wrapped_struct.ChecksumLength = session_info->server_info->pac_srv_sig.signature.length; pac_wrapped_struct.SignatureType = session_info->server_info->pac_kdc_sig.type; /* Break the SignatureType */ pac_wrapped_struct.SignatureType++; pac_wrapped_struct.SignatureLength = session_info->server_info->pac_kdc_sig.signature.length; pac_wrapped_struct.ChecksumAndSignature = payload = data_blob_talloc(tmp_ctx, NULL, pac_wrapped_struct.ChecksumLength + pac_wrapped_struct.SignatureLength); memcpy(&payload.data[0], session_info->server_info->pac_srv_sig.signature.data, pac_wrapped_struct.ChecksumLength); memcpy(&payload.data[pac_wrapped_struct.ChecksumLength], session_info->server_info->pac_kdc_sig.signature.data, pac_wrapped_struct.SignatureLength); ndr_err = ndr_push_struct_blob(&pac_wrapped, tmp_ctx, lp_iconv_convenience(tctx->lp_ctx), &pac_wrapped_struct, (ndr_push_flags_fn_t)ndr_push_PAC_Validate); torture_assert(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), "ndr_push_struct_blob of PACValidate structure failed"); torture_assert(tctx, (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR), "not willing to even try a PACValidate without RC4 encryption"); netlogon_creds_arcfour_crypt(creds, pac_wrapped.data, pac_wrapped.length); generic.length = pac_wrapped.length; generic.data = pac_wrapped.data; logon.generic = &generic; ZERO_STRUCT(auth2); netlogon_creds_client_authenticator(creds, &auth); r.in.credential = &auth; r.in.return_authenticator = &auth2; r.in.logon_level = NetlogonGenericInformation; r.in.logon = &logon; r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p)); r.in.computer_name = cli_credentials_get_workstation(credentials); r.in.validation_level = NetlogonValidationGenericInfo2; status = dcerpc_netr_LogonSamLogon(p, tctx, &r); torture_assert_ntstatus_equal(tctx, status, NT_STATUS_LOGON_FAILURE, "LogonSamLogon failed"); torture_assert(tctx, netlogon_creds_client_check(creds, &r.out.return_authenticator->cred), "Credential chaining failed"); pac_wrapped_struct.ChecksumLength = session_info->server_info->pac_srv_sig.signature.length; pac_wrapped_struct.SignatureType = session_info->server_info->pac_kdc_sig.type; pac_wrapped_struct.SignatureLength = session_info->server_info->pac_kdc_sig.signature.length; pac_wrapped_struct.ChecksumAndSignature = payload = data_blob_talloc(tmp_ctx, NULL, pac_wrapped_struct.ChecksumLength + pac_wrapped_struct.SignatureLength); memcpy(&payload.data[0], session_info->server_info->pac_srv_sig.signature.data, pac_wrapped_struct.ChecksumLength); memcpy(&payload.data[pac_wrapped_struct.ChecksumLength], session_info->server_info->pac_kdc_sig.signature.data, pac_wrapped_struct.SignatureLength); /* Break the signature length */ pac_wrapped_struct.SignatureLength++; ndr_err = ndr_push_struct_blob(&pac_wrapped, tmp_ctx, lp_iconv_convenience(tctx->lp_ctx), &pac_wrapped_struct, (ndr_push_flags_fn_t)ndr_push_PAC_Validate); torture_assert(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), "ndr_push_struct_blob of PACValidate structure failed"); torture_assert(tctx, (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR), "not willing to even try a PACValidate without RC4 encryption"); netlogon_creds_arcfour_crypt(creds, pac_wrapped.data, pac_wrapped.length); generic.length = pac_wrapped.length; generic.data = pac_wrapped.data; logon.generic = &generic; ZERO_STRUCT(auth2); netlogon_creds_client_authenticator(creds, &auth); r.in.credential = &auth; r.in.return_authenticator = &auth2; r.in.logon_level = NetlogonGenericInformation; r.in.logon = &logon; r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p)); r.in.computer_name = cli_credentials_get_workstation(credentials); r.in.validation_level = NetlogonValidationGenericInfo2; status = dcerpc_netr_LogonSamLogon(p, tctx, &r); torture_assert_ntstatus_equal(tctx, status, NT_STATUS_INVALID_PARAMETER, "LogonSamLogon failed"); torture_assert(tctx, netlogon_creds_client_check(creds, &r.out.return_authenticator->cred), "Credential chaining failed"); return true; }
bool torture_samba3_closeerr(struct torture_context *tctx) { struct smbcli_state *cli = NULL; bool result = false; NTSTATUS status; const char *dname = "closeerr.dir"; const char *fname = "closeerr.dir\\closerr.txt"; int fnum; if (!torture_open_connection(&cli, tctx, 0)) { goto fail; } smbcli_deltree(cli->tree, dname); torture_assert_ntstatus_ok( tctx, smbcli_mkdir(cli->tree, dname), talloc_asprintf(tctx, "smbcli_mdir failed: (%s)\n", smbcli_errstr(cli->tree))); fnum = smbcli_open(cli->tree, fname, O_CREAT|O_RDWR, DENY_NONE); torture_assert(tctx, fnum != -1, talloc_asprintf(tctx, "smbcli_open failed: %s\n", smbcli_errstr(cli->tree))); smbcli_close(cli->tree, fnum); fnum = smbcli_nt_create_full(cli->tree, fname, 0, SEC_RIGHTS_FILE_ALL, FILE_ATTRIBUTE_NORMAL, NTCREATEX_SHARE_ACCESS_DELETE, NTCREATEX_DISP_OPEN, 0, 0); torture_assert(tctx, fnum != -1, talloc_asprintf(tctx, "smbcli_open failed: %s\n", smbcli_errstr(cli->tree))); status = smbcli_nt_delete_on_close(cli->tree, fnum, true); torture_assert_ntstatus_ok(tctx, status, "setting delete_on_close on file failed !"); status = smbcli_chmod(cli->tree, dname, 0); torture_assert_ntstatus_ok(tctx, status, "smbcli_chmod on file failed !"); status = smbcli_close(cli->tree, fnum); smbcli_chmod(cli->tree, dname, UNIX_R_USR|UNIX_W_USR|UNIX_X_USR); smbcli_deltree(cli->tree, dname); torture_assert_ntstatus_equal(tctx, status, NT_STATUS_ACCESS_DENIED, "smbcli_close"); result = true; fail: if (cli) { torture_close_connection(cli); } return result; }
static bool spoolss_access_setup_privs(struct torture_context *tctx, struct dcerpc_pipe *p, uint32_t num_privs, const char **privs, struct dom_sid *user_sid, bool *privs_present) { struct dcerpc_binding_handle *b = p->binding_handle; struct policy_handle *handle; int i; torture_assert(tctx, test_lsa_OpenPolicy2(b, tctx, &handle), "failed to open policy"); for (i=0; i < num_privs; i++) { struct lsa_LookupPrivValue r; struct lsa_LUID luid; struct lsa_String name; init_lsa_String(&name, privs[i]); r.in.handle = handle; r.in.name = &name; r.out.luid = &luid; torture_assert_ntstatus_ok(tctx, dcerpc_lsa_LookupPrivValue_r(b, tctx, &r), "lsa_LookupPrivValue failed"); if (!NT_STATUS_IS_OK(r.out.result)) { torture_comment(tctx, "lsa_LookupPrivValue failed for '%s' with %s\n", privs[i], nt_errstr(r.out.result)); *privs_present = false; return true; } } *privs_present = true; { struct lsa_AddAccountRights r; struct lsa_RightSet rights; rights.count = num_privs; rights.names = talloc_zero_array(tctx, struct lsa_StringLarge, rights.count); for (i=0; i < rights.count; i++) { init_lsa_StringLarge(&rights.names[i], privs[i]); } r.in.handle = handle; r.in.sid = user_sid; r.in.rights = &rights; torture_assert_ntstatus_ok(tctx, dcerpc_lsa_AddAccountRights_r(b, tctx, &r), "lsa_AddAccountRights failed"); torture_assert_ntstatus_ok(tctx, r.out.result, "lsa_AddAccountRights failed"); } test_lsa_Close(b, tctx, handle); return true; }
bool torture_rpc_alter_context(struct torture_context *torture) { NTSTATUS status; struct dcerpc_pipe *p, *p2, *p3; struct policy_handle *handle; struct ndr_interface_table tmptbl; bool ret = true; torture_comment(torture, "opening LSA connection\n"); status = torture_rpc_connection(torture, &p, &ndr_table_lsarpc); torture_assert_ntstatus_ok(torture, status, "connecting"); torture_comment(torture, "Testing change of primary context\n"); status = dcerpc_alter_context(p, torture, &p->syntax, &p->transfer_syntax); torture_assert_ntstatus_ok(torture, status, "dcerpc_alter_context failed"); if (!test_lsa_OpenPolicy2(p->binding_handle, torture, &handle)) { ret = false; } torture_comment(torture, "Testing change of primary context\n"); status = dcerpc_alter_context(p, torture, &p->syntax, &p->transfer_syntax); torture_assert_ntstatus_ok(torture, status, "dcerpc_alter_context failed"); torture_comment(torture, "Opening secondary DSSETUP context\n"); status = dcerpc_secondary_context(p, &p2, &ndr_table_dssetup); torture_assert_ntstatus_ok(torture, status, "dcerpc_alter_context failed"); torture_comment(torture, "Testing change of primary context\n"); status = dcerpc_alter_context(p2, torture, &p2->syntax, &p2->transfer_syntax); torture_assert_ntstatus_ok(torture, status, "dcerpc_alter_context failed"); tmptbl = ndr_table_dssetup; tmptbl.syntax_id.if_version += 100; torture_comment(torture, "Opening bad secondary connection\n"); status = dcerpc_secondary_context(p, &p3, &tmptbl); torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_UNSUPPORTED_NAME_SYNTAX, "dcerpc_alter_context with wrong version should fail"); torture_comment(torture, "Testing DSSETUP pipe operations\n"); ret &= test_DsRoleGetPrimaryDomainInformation(torture, p2); if (handle) { ret &= test_lsa_Close(p->binding_handle, torture, handle); } torture_comment(torture, "Testing change of primary context\n"); status = dcerpc_alter_context(p, torture, &p->syntax, &p->transfer_syntax); torture_assert_ntstatus_ok(torture, status, "dcerpc_alter_context failed"); ret &= test_lsa_OpenPolicy2(p->binding_handle, torture, &handle); if (handle) { ret &= test_lsa_Close(p->binding_handle, torture, handle); } torture_comment(torture, "Testing change of primary context\n"); status = dcerpc_alter_context(p, torture, &p2->syntax, &p2->transfer_syntax); if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROTOCOL_ERROR)) { ret &= test_lsa_OpenPolicy2_ex(p->binding_handle, torture, &handle, NT_STATUS_IO_DEVICE_ERROR); torture_assert(torture, !dcerpc_binding_handle_is_connected(p->binding_handle), "dcerpc disonnected"); return ret; } torture_assert_ntstatus_ok(torture, status, "dcerpc_alter_context failed"); torture_comment(torture, "Testing DSSETUP pipe operations - should fault\n"); ret &= test_DsRoleGetPrimaryDomainInformation_ext(torture, p, NT_STATUS_RPC_BAD_STUB_DATA); ret &= test_lsa_OpenPolicy2(p->binding_handle, torture, &handle); if (handle) { ret &= test_lsa_Close(p->binding_handle, torture, handle); } torture_comment(torture, "Testing DSSETUP pipe operations\n"); ret &= test_DsRoleGetPrimaryDomainInformation(torture, p2); return ret; }
static bool spoolss_access_setup_sd(struct torture_context *tctx, struct dcerpc_pipe *p, const char *printername, const struct dom_sid *user_sid, struct security_descriptor **sd_orig) { struct dcerpc_binding_handle *b = p->binding_handle; struct policy_handle handle; union spoolss_PrinterInfo info; struct spoolss_SetPrinterInfoCtr info_ctr; struct spoolss_SetPrinterInfo3 info3; struct spoolss_DevmodeContainer devmode_ctr; struct sec_desc_buf secdesc_ctr; struct security_ace *ace; struct security_descriptor *sd; torture_assert(tctx, test_openprinter_handle(tctx, p, "", printername, "", SEC_FLAG_MAXIMUM_ALLOWED, WERR_OK, &handle), "failed to open printer"); torture_assert(tctx, test_GetPrinter_level(tctx, b, &handle, 3, &info), "failed to get sd"); sd = security_descriptor_copy(tctx, info.info3.secdesc); *sd_orig = security_descriptor_copy(tctx, info.info3.secdesc); ace = talloc_zero(tctx, struct security_ace); ace->type = SEC_ACE_TYPE_ACCESS_ALLOWED; ace->flags = 0; ace->access_mask = PRINTER_ALL_ACCESS; ace->trustee = *user_sid; torture_assert_ntstatus_ok(tctx, security_descriptor_dacl_add(sd, ace), "failed to add new ace"); ace = talloc_zero(tctx, struct security_ace); ace->type = SEC_ACE_TYPE_ACCESS_ALLOWED; ace->flags = SEC_ACE_FLAG_OBJECT_INHERIT | SEC_ACE_FLAG_CONTAINER_INHERIT | SEC_ACE_FLAG_INHERIT_ONLY; ace->access_mask = SEC_GENERIC_ALL; ace->trustee = *user_sid; torture_assert_ntstatus_ok(tctx, security_descriptor_dacl_add(sd, ace), "failed to add new ace"); ZERO_STRUCT(info3); ZERO_STRUCT(info_ctr); ZERO_STRUCT(devmode_ctr); ZERO_STRUCT(secdesc_ctr); info_ctr.level = 3; info_ctr.info.info3 = &info3; secdesc_ctr.sd = sd; torture_assert(tctx, test_SetPrinter(tctx, b, &handle, &info_ctr, &devmode_ctr, &secdesc_ctr, 0), "failed to set sd"); return true; }
static bool test_ReadEventLog(struct torture_context *tctx, struct dcerpc_pipe *p) { NTSTATUS status; struct eventlog_ReadEventLogW r; struct eventlog_CloseEventLog cr; struct policy_handle handle; if (!get_policy_handle(tctx, p, &handle)) return false; r.in.offset = 0; r.in.handle = &handle; r.in.flags = EVENTLOG_BACKWARDS_READ|EVENTLOG_SEQUENTIAL_READ; while (1) { DATA_BLOB blob; struct eventlog_Record rec; struct ndr_pull *ndr; /* Read first for number of bytes in record */ r.in.number_of_bytes = 0; r.out.data = NULL; status = dcerpc_eventlog_ReadEventLogW(p, tctx, &r); if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_END_OF_FILE)) { break; } torture_assert_ntstatus_ok(tctx, status, "ReadEventLog failed"); torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_BUFFER_TOO_SMALL, "ReadEventLog failed"); /* Now read the actual record */ r.in.number_of_bytes = *r.out.real_size; r.out.data = talloc_size(tctx, r.in.number_of_bytes); status = dcerpc_eventlog_ReadEventLogW(p, tctx, &r); torture_assert_ntstatus_ok(tctx, status, "ReadEventLog failed"); /* Decode a user-marshalled record */ blob.length = *r.out.sent_size; blob.data = talloc_steal(tctx, r.out.data); ndr = ndr_pull_init_blob(&blob, tctx); status = ndr_pull_eventlog_Record( ndr, NDR_SCALARS|NDR_BUFFERS, &rec); NDR_PRINT_DEBUG(eventlog_Record, &rec); torture_assert_ntstatus_ok(tctx, status, "ReadEventLog failed parsing event log record"); r.in.offset++; } cr.in.handle = cr.out.handle = &handle; torture_assert_ntstatus_ok(tctx, dcerpc_eventlog_CloseEventLog(p, tctx, &cr), "CloseEventLog failed"); return true; }
static bool test_handles_lsa_shared(struct torture_context *torture) { NTSTATUS status; struct dcerpc_pipe *p1, *p2, *p3, *p4, *p5; struct policy_handle handle; struct policy_handle handle2; struct lsa_ObjectAttribute attr; struct lsa_QosInfo qos; struct lsa_OpenPolicy r; struct lsa_Close c; struct lsa_QuerySecurity qsec; struct sec_desc_buf *sdbuf = NULL; uint16_t system_name = '\\'; TALLOC_CTX *mem_ctx = talloc_new(torture); enum dcerpc_transport_t transport; uint32_t assoc_group_id; torture_comment(torture, "RPC-HANDLE-LSARPC-SHARED\n"); torture_comment(torture, "connect lsa pipe1\n"); status = torture_rpc_connection(torture, &p1, &ndr_table_lsarpc); torture_assert_ntstatus_ok(torture, status, "opening lsa pipe1"); transport = p1->conn->transport.transport, assoc_group_id = p1->assoc_group_id; torture_comment(torture, "use assoc_group_id[0x%08X] for new connections\n", assoc_group_id); torture_comment(torture, "connect lsa pipe2\n"); status = torture_rpc_connection_transport(torture, &p2, &ndr_table_lsarpc, transport, assoc_group_id); torture_assert_ntstatus_ok(torture, status, "opening lsa pipe2"); torture_comment(torture, "got assoc_group_id[0x%08X] for p2\n", p2->assoc_group_id); qos.len = 0; qos.impersonation_level = 2; qos.context_mode = 1; qos.effective_only = 0; attr.len = 0; attr.root_dir = NULL; attr.object_name = NULL; attr.attributes = 0; attr.sec_desc = NULL; attr.sec_qos = &qos; r.in.system_name = &system_name; r.in.attr = &attr; r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; r.out.handle = &handle; torture_comment(torture, "open lsa policy handle\n"); status = dcerpc_lsa_OpenPolicy(p1, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { torture_comment(torture, "lsa_OpenPolicy not supported - skipping\n"); talloc_free(mem_ctx); return true; } /* * connect p3 after the policy handle is opened */ torture_comment(torture, "connect lsa pipe3 after the policy handle is opened\n"); status = torture_rpc_connection_transport(torture, &p3, &ndr_table_lsarpc, transport, assoc_group_id); torture_assert_ntstatus_ok(torture, status, "opening lsa pipe3"); qsec.in.handle = &handle; qsec.in.sec_info = 0; qsec.out.sdbuf = &sdbuf; c.in.handle = &handle; c.out.handle = &handle2; /* * use policy handle on all 3 connections */ torture_comment(torture, "use the policy handle on p1,p2,p3\n"); status = dcerpc_lsa_QuerySecurity(p1, mem_ctx, &qsec); torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK, "use policy handle on p1"); status = dcerpc_lsa_QuerySecurity(p2, mem_ctx, &qsec); torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK, "use policy handle on p2"); status = dcerpc_lsa_QuerySecurity(p3, mem_ctx, &qsec); torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK, "use policy handle on p3"); /* * close policy handle on connection 2 and the others get a fault */ torture_comment(torture, "close the policy handle on p2 others get a fault\n"); status = dcerpc_lsa_Close(p2, mem_ctx, &c); torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK, "closing policy handle on p2"); status = dcerpc_lsa_Close(p1, mem_ctx, &c); torture_assert_ntstatus_equal(torture, status, NT_STATUS_NET_WRITE_FAULT, "closing policy handle on p1 again"); torture_assert_int_equal(torture, p1->last_fault_code, DCERPC_FAULT_CONTEXT_MISMATCH, "closing policy handle on p1 again"); status = dcerpc_lsa_Close(p3, mem_ctx, &c); torture_assert_ntstatus_equal(torture, status, NT_STATUS_NET_WRITE_FAULT, "closing policy handle on p3"); torture_assert_int_equal(torture, p1->last_fault_code, DCERPC_FAULT_CONTEXT_MISMATCH, "closing policy handle on p3"); status = dcerpc_lsa_Close(p2, mem_ctx, &c); torture_assert_ntstatus_equal(torture, status, NT_STATUS_NET_WRITE_FAULT, "closing policy handle on p2 again"); torture_assert_int_equal(torture, p1->last_fault_code, DCERPC_FAULT_CONTEXT_MISMATCH, "closing policy handle on p2 again"); /* * open a new policy handle on p3 */ torture_comment(torture, "open a new policy handle on p3\n"); status = dcerpc_lsa_OpenPolicy(p3, mem_ctx, &r); torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK, "open policy handle on p3"); /* * use policy handle on all 3 connections */ torture_comment(torture, "use the policy handle on p1,p2,p3\n"); status = dcerpc_lsa_QuerySecurity(p1, mem_ctx, &qsec); torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK, "use policy handle on p1"); status = dcerpc_lsa_QuerySecurity(p2, mem_ctx, &qsec); torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK, "use policy handle on p2"); status = dcerpc_lsa_QuerySecurity(p3, mem_ctx, &qsec); torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK, "use policy handle on p3"); /* * close policy handle on connection 2 and the others get a fault */ torture_comment(torture, "close the policy handle on p2 others get a fault\n"); status = dcerpc_lsa_Close(p2, mem_ctx, &c); torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK, "closing policy handle on p2"); status = dcerpc_lsa_Close(p1, mem_ctx, &c); torture_assert_ntstatus_equal(torture, status, NT_STATUS_NET_WRITE_FAULT, "closing policy handle on p1 again"); torture_assert_int_equal(torture, p1->last_fault_code, DCERPC_FAULT_CONTEXT_MISMATCH, "closing policy handle on p1 again"); status = dcerpc_lsa_Close(p3, mem_ctx, &c); torture_assert_ntstatus_equal(torture, status, NT_STATUS_NET_WRITE_FAULT, "closing policy handle on p3"); torture_assert_int_equal(torture, p1->last_fault_code, DCERPC_FAULT_CONTEXT_MISMATCH, "closing policy handle on p3"); status = dcerpc_lsa_Close(p2, mem_ctx, &c); torture_assert_ntstatus_equal(torture, status, NT_STATUS_NET_WRITE_FAULT, "closing policy handle on p2 again"); torture_assert_int_equal(torture, p1->last_fault_code, DCERPC_FAULT_CONTEXT_MISMATCH, "closing policy handle on p2 again"); /* * open a new policy handle */ torture_comment(torture, "open a new policy handle on p1 and use it\n"); status = dcerpc_lsa_OpenPolicy(p1, mem_ctx, &r); torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK, "open 2nd policy handle on p1"); status = dcerpc_lsa_QuerySecurity(p1, mem_ctx, &qsec); torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK, "QuerySecurity handle on p1"); /* close first connection */ torture_comment(torture, "disconnect p1\n"); talloc_free(p1); msleep(5); /* * and it's still available on p2,p3 */ torture_comment(torture, "use policy handle on p2,p3\n"); status = dcerpc_lsa_QuerySecurity(p2, mem_ctx, &qsec); torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK, "QuerySecurity handle on p2 after p1 was disconnected"); status = dcerpc_lsa_QuerySecurity(p3, mem_ctx, &qsec); torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK, "QuerySecurity handle on p3 after p1 was disconnected"); /* * now open p4 * and use the handle on it */ torture_comment(torture, "connect lsa pipe4 and use policy handle\n"); status = torture_rpc_connection_transport(torture, &p4, &ndr_table_lsarpc, transport, assoc_group_id); torture_assert_ntstatus_ok(torture, status, "opening lsa pipe4"); status = dcerpc_lsa_QuerySecurity(p4, mem_ctx, &qsec); torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK, "using policy handle on p4"); /* * now close p2,p3,p4 * without closing the policy handle */ torture_comment(torture, "disconnect p2,p3,p4\n"); talloc_free(p2); talloc_free(p3); talloc_free(p4); msleep(10); /* * now open p5 */ torture_comment(torture, "connect lsa pipe5 - should fail\n"); status = torture_rpc_connection_transport(torture, &p5, &ndr_table_lsarpc, transport, assoc_group_id); torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL, "opening lsa pipe5"); talloc_free(mem_ctx); return true; }
/* * Test that a ticket obtained for the DNS service will be accepted on the Samba DLZ side * */ static bool test_dlz_bind9_gensec(struct torture_context *tctx, const char *mech) { NTSTATUS status; struct gensec_security *gensec_client_context; DATA_BLOB client_to_server, server_to_client; void *dbdata; const char *argv[] = { "samba_dlz", "-H", lpcfg_private_path(tctx, tctx->lp_ctx, "dns/sam.ldb"), NULL }; tctx_static = tctx; torture_assert_int_equal(tctx, dlz_create("samba_dlz", 3, argv, &dbdata, "log", dlz_bind9_log_wrapper, "writeable_zone", dlz_bind9_writeable_zone_hook, NULL), ISC_R_SUCCESS, "Failed to create samba_dlz"); torture_assert_int_equal(tctx, dlz_configure((void*)tctx, dbdata), ISC_R_SUCCESS, "Failed to configure samba_dlz"); status = gensec_client_start(tctx, &gensec_client_context, lpcfg_gensec_settings(tctx, tctx->lp_ctx)); torture_assert_ntstatus_ok(tctx, status, "gensec_client_start (client) failed"); /* * dlz_bind9 use the special dns/host.domain account */ status = gensec_set_target_hostname(gensec_client_context, talloc_asprintf(tctx, "%s.%s", torture_setting_string(tctx, "host", NULL), lpcfg_dnsdomain(tctx->lp_ctx))); torture_assert_ntstatus_ok(tctx, status, "gensec_set_target_hostname (client) failed"); status = gensec_set_target_service(gensec_client_context, "dns"); torture_assert_ntstatus_ok(tctx, status, "gensec_set_target_service failed"); status = gensec_set_credentials(gensec_client_context, cmdline_credentials); torture_assert_ntstatus_ok(tctx, status, "gensec_set_credentials (client) failed"); status = gensec_start_mech_by_sasl_name(gensec_client_context, mech); torture_assert_ntstatus_ok(tctx, status, "gensec_start_mech_by_sasl_name (client) failed"); server_to_client = data_blob(NULL, 0); /* Do one step of the client-server update dance */ status = gensec_update(gensec_client_context, tctx, server_to_client, &client_to_server); if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {; torture_assert_ntstatus_ok(tctx, status, "gensec_update (client) failed"); } torture_assert_int_equal(tctx, dlz_ssumatch(cli_credentials_get_username(cmdline_credentials), lpcfg_dnsdomain(tctx->lp_ctx), "127.0.0.1", "type", "key", client_to_server.length, client_to_server.data, dbdata), ISC_TRUE, "Failed to check key for update rights samba_dlz"); dlz_destroy(dbdata); return true; }
static bool test_handles_mixed_shared(struct torture_context *torture) { NTSTATUS status; struct dcerpc_pipe *p1, *p2, *p3, *p4, *p5, *p6; struct policy_handle handle; struct policy_handle handle2; struct samr_Connect r; struct lsa_Close lc; struct samr_Close sc; TALLOC_CTX *mem_ctx = talloc_new(torture); enum dcerpc_transport_t transport; uint32_t assoc_group_id; torture_comment(torture, "RPC-HANDLE-MIXED-SHARED\n"); torture_comment(torture, "connect samr pipe1\n"); status = torture_rpc_connection(torture, &p1, &ndr_table_samr); torture_assert_ntstatus_ok(torture, status, "opening samr pipe1"); transport = p1->conn->transport.transport, assoc_group_id = p1->assoc_group_id; torture_comment(torture, "use assoc_group_id[0x%08X] for new connections\n", assoc_group_id); torture_comment(torture, "connect lsa pipe2\n"); status = torture_rpc_connection_transport(torture, &p2, &ndr_table_lsarpc, transport, assoc_group_id); torture_assert_ntstatus_ok(torture, status, "opening lsa pipe2"); torture_comment(torture, "got assoc_group_id[0x%08X] for p2\n", p2->assoc_group_id); r.in.system_name = 0; r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; r.out.connect_handle = &handle; torture_comment(torture, "samr_Connect to open a policy handle on samr p1\n"); status = dcerpc_samr_Connect(p1, mem_ctx, &r); torture_assert_ntstatus_ok(torture, status, "opening policy handle on p1"); lc.in.handle = &handle; lc.out.handle = &handle2; sc.in.handle = &handle; sc.out.handle = &handle2; torture_comment(torture, "use policy handle on lsa p2 - should fail\n"); status = dcerpc_lsa_Close(p2, mem_ctx, &lc); torture_assert_ntstatus_equal(torture, status, NT_STATUS_NET_WRITE_FAULT, "closing handle on lsa p2"); torture_assert_int_equal(torture, p2->last_fault_code, DCERPC_FAULT_CONTEXT_MISMATCH, "closing handle on lsa p2"); torture_comment(torture, "closing policy handle on samr p1\n"); status = dcerpc_samr_Close(p1, mem_ctx, &sc); torture_assert_ntstatus_ok(torture, status, "closing policy handle on p1"); talloc_free(p1); talloc_free(p2); msleep(10); torture_comment(torture, "connect samr pipe3 - should fail\n"); status = torture_rpc_connection_transport(torture, &p3, &ndr_table_samr, transport, assoc_group_id); torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL, "opening samr pipe3"); torture_comment(torture, "connect lsa pipe4 - should fail\n"); status = torture_rpc_connection_transport(torture, &p4, &ndr_table_lsarpc, transport, assoc_group_id); torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL, "opening lsa pipe4"); torture_comment(torture, "connect samr pipe5 with assoc_group_id[0x%08X]- should fail\n", ++assoc_group_id); status = torture_rpc_connection_transport(torture, &p5, &ndr_table_samr, transport, assoc_group_id); torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL, "opening samr pipe5"); torture_comment(torture, "connect lsa pipe6 with assoc_group_id[0x%08X]- should fail\n", ++assoc_group_id); status = torture_rpc_connection_transport(torture, &p6, &ndr_table_lsarpc, transport, assoc_group_id); torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL, "opening lsa pipe6"); talloc_free(mem_ctx); return true; }
/* * Test some updates */ static bool test_dlz_bind9_update01(struct torture_context *tctx) { NTSTATUS status; struct gensec_security *gensec_client_context; DATA_BLOB client_to_server, server_to_client; void *dbdata; void *version = NULL; const char *argv[] = { "samba_dlz", "-H", lpcfg_private_path(tctx, tctx->lp_ctx, "dns/sam.ldb"), NULL }; struct test_expected_rr *expected1 = NULL; char *name = NULL; char *data0 = NULL; char *data1 = NULL; char *data2 = NULL; bool ret = false; tctx_static = tctx; torture_assert_int_equal(tctx, dlz_create("samba_dlz", 3, argv, &dbdata, "log", dlz_bind9_log_wrapper, "writeable_zone", dlz_bind9_writeable_zone_hook, "putrr", dlz_bind9_putrr_hook, "putnamedrr", dlz_bind9_putnamedrr_hook, NULL), ISC_R_SUCCESS, "Failed to create samba_dlz"); torture_assert_int_equal(tctx, dlz_configure((void*)tctx, dbdata), ISC_R_SUCCESS, "Failed to configure samba_dlz"); expected1 = talloc_zero(tctx, struct test_expected_rr); torture_assert(tctx, expected1 != NULL, "talloc failed"); expected1->tctx = tctx; expected1->query_name = __func__; name = talloc_asprintf(expected1, "%s.%s", expected1->query_name, lpcfg_dnsdomain(tctx->lp_ctx)); torture_assert(tctx, name != NULL, "talloc failed"); expected1->num_records = 2; expected1->records = talloc_zero_array(expected1, struct test_expected_record, expected1->num_records); torture_assert(tctx, expected1->records != NULL, "talloc failed"); expected1->records[0].name = expected1->query_name; expected1->records[0].type = "a"; expected1->records[0].ttl = 3600; expected1->records[0].data = "127.1.2.3"; expected1->records[0].printed = false; data0 = talloc_asprintf(expected1, "%s.\t" "%u\t" "%s\t" "%s\t" "%s", name, (unsigned)expected1->records[0].ttl, "in", expected1->records[0].type, expected1->records[0].data); torture_assert(tctx, data0 != NULL, "talloc failed"); expected1->records[1].name = expected1->query_name; expected1->records[1].type = "a"; expected1->records[1].ttl = 3600; expected1->records[1].data = "127.3.2.1"; expected1->records[1].printed = false; data1 = talloc_asprintf(expected1, "%s.\t" "%u\t" "%s\t" "%s\t" "%s", name, (unsigned)expected1->records[1].ttl, "in", expected1->records[1].type, expected1->records[1].data); torture_assert(tctx, data1 != NULL, "talloc failed"); data2 = talloc_asprintf(expected1, "%s.\t" "0\t" "in\t" "a\t" "127.3.3.3", name); torture_assert(tctx, data2 != NULL, "talloc failed"); /* * Prepare session info */ status = gensec_client_start(tctx, &gensec_client_context, lpcfg_gensec_settings(tctx, tctx->lp_ctx)); torture_assert_ntstatus_ok(tctx, status, "gensec_client_start (client) failed"); /* * dlz_bind9 use the special dns/host.domain account */ status = gensec_set_target_hostname(gensec_client_context, talloc_asprintf(tctx, "%s.%s", torture_setting_string(tctx, "host", NULL), lpcfg_dnsdomain(tctx->lp_ctx))); torture_assert_ntstatus_ok(tctx, status, "gensec_set_target_hostname (client) failed"); status = gensec_set_target_service(gensec_client_context, "dns"); torture_assert_ntstatus_ok(tctx, status, "gensec_set_target_service failed"); status = gensec_set_credentials(gensec_client_context, cmdline_credentials); torture_assert_ntstatus_ok(tctx, status, "gensec_set_credentials (client) failed"); status = gensec_start_mech_by_sasl_name(gensec_client_context, "GSS-SPNEGO"); torture_assert_ntstatus_ok(tctx, status, "gensec_start_mech_by_sasl_name (client) failed"); server_to_client = data_blob(NULL, 0); /* Do one step of the client-server update dance */ status = gensec_update(gensec_client_context, tctx, server_to_client, &client_to_server); if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {; torture_assert_ntstatus_ok(tctx, status, "gensec_update (client) failed"); } torture_assert_int_equal(tctx, dlz_ssumatch(cli_credentials_get_username(cmdline_credentials), name, "127.0.0.1", expected1->records[0].type, "key", client_to_server.length, client_to_server.data, dbdata), ISC_TRUE, "Failed to check key for update rights samba_dlz"); /* * We test the following: * * 1. lookup the records => NOT_FOUND * 2. delete all records => NOT_FOUND * 3. delete 1st record => NOT_FOUND * 4. create 1st record => SUCCESS * 5. lookup the records => found 1st * 6. create 2nd record => SUCCESS * 7. lookup the records => found 1st and 2nd * 8. delete unknown record => NOT_FOUND * 9. lookup the records => found 1st and 2nd * 10. delete 1st record => SUCCESS * 11. lookup the records => found 2nd * 12. delete 2nd record => SUCCESS * 13. lookup the records => NOT_FOUND * 14. create 1st record => SUCCESS * 15. lookup the records => found 1st * 16. create 2nd record => SUCCESS * 17. lookup the records => found 1st and 2nd * 18. update 1st record => SUCCESS * 19. lookup the records => found 1st and 2nd * 20. delete all unknown type records => NOT_FOUND * 21. lookup the records => found 1st and 2nd * 22. delete all records => SUCCESS * 23. lookup the records => NOT_FOUND */ /* Step 1. */ expected1->num_rr = 0; expected1->records[0].printed = false; expected1->records[1].printed = false; torture_assert_int_equal(tctx, dlz_lookup(lpcfg_dnsdomain(tctx->lp_ctx), expected1->query_name, dbdata, (dns_sdlzlookup_t *)expected1), ISC_R_NOTFOUND, "Found hostname"); torture_assert_int_equal(tctx, expected1->num_rr, 0, "Got wrong record count"); /* Step 2. */ torture_assert_int_equal(tctx, dlz_newversion(lpcfg_dnsdomain(tctx->lp_ctx), dbdata, &version), ISC_R_SUCCESS, "Failed to start transaction"); torture_assert_int_equal_goto(tctx, dlz_delrdataset(name, expected1->records[0].type, dbdata, version), ISC_R_NOTFOUND, ret, cancel_version, talloc_asprintf(tctx, "Deleted name[%s] type[%s]\n", name, expected1->records[0].type)); dlz_closeversion(lpcfg_dnsdomain(tctx->lp_ctx), false, dbdata, &version); /* Step 3. */ torture_assert_int_equal(tctx, dlz_newversion(lpcfg_dnsdomain(tctx->lp_ctx), dbdata, &version), ISC_R_SUCCESS, "Failed to start transaction"); torture_assert_int_equal_goto(tctx, dlz_subrdataset(name, data0, dbdata, version), ISC_R_NOTFOUND, ret, cancel_version, talloc_asprintf(tctx, "Deleted name[%s] data[%s]\n", name, data0)); dlz_closeversion(lpcfg_dnsdomain(tctx->lp_ctx), false, dbdata, &version); /* Step 4. */ torture_assert_int_equal(tctx, dlz_newversion(lpcfg_dnsdomain(tctx->lp_ctx), dbdata, &version), ISC_R_SUCCESS, "Failed to start transaction"); torture_assert_int_equal_goto(tctx, dlz_addrdataset(name, data0, dbdata, version), ISC_R_SUCCESS, ret, cancel_version, talloc_asprintf(tctx, "Failed to add name[%s] data[%s]\n", name, data0)); dlz_closeversion(lpcfg_dnsdomain(tctx->lp_ctx), true, dbdata, &version); /* Step 5. */ expected1->num_rr = 0; expected1->records[0].printed = false; expected1->records[1].printed = false; torture_assert_int_equal(tctx, dlz_lookup(lpcfg_dnsdomain(tctx->lp_ctx), expected1->query_name, dbdata, (dns_sdlzlookup_t *)expected1), ISC_R_SUCCESS, "Not found hostname"); torture_assert(tctx, expected1->records[0].printed, talloc_asprintf(tctx, "Failed to have putrr callback run name[%s] for type %s", expected1->records[0].name, expected1->records[0].type)); torture_assert_int_equal(tctx, expected1->num_rr, 1, "Got wrong record count"); /* Step 6. */ torture_assert_int_equal(tctx, dlz_newversion(lpcfg_dnsdomain(tctx->lp_ctx), dbdata, &version), ISC_R_SUCCESS, "Failed to start transaction"); torture_assert_int_equal_goto(tctx, dlz_addrdataset(name, data1, dbdata, version), ISC_R_SUCCESS, ret, cancel_version, talloc_asprintf(tctx, "Failed to add name[%s] data[%s]\n", name, data1)); dlz_closeversion(lpcfg_dnsdomain(tctx->lp_ctx), true, dbdata, &version); /* Step 7. */ expected1->num_rr = 0; expected1->records[0].printed = false; expected1->records[1].printed = false; torture_assert_int_equal(tctx, dlz_lookup(lpcfg_dnsdomain(tctx->lp_ctx), expected1->query_name, dbdata, (dns_sdlzlookup_t *)expected1), ISC_R_SUCCESS, "Not found hostname"); torture_assert(tctx, expected1->records[0].printed, talloc_asprintf(tctx, "Failed to have putrr callback run name[%s] for type %s", expected1->records[0].name, expected1->records[0].type)); torture_assert(tctx, expected1->records[1].printed, talloc_asprintf(tctx, "Failed to have putrr callback run name[%s] for type %s", expected1->records[1].name, expected1->records[1].type)); torture_assert_int_equal(tctx, expected1->num_rr, 2, "Got wrong record count"); /* Step 8. */ torture_assert_int_equal(tctx, dlz_newversion(lpcfg_dnsdomain(tctx->lp_ctx), dbdata, &version), ISC_R_SUCCESS, "Failed to start transaction"); torture_assert_int_equal_goto(tctx, dlz_subrdataset(name, data2, dbdata, version), ISC_R_NOTFOUND, ret, cancel_version, talloc_asprintf(tctx, "Deleted name[%s] data[%s]\n", name, data2)); dlz_closeversion(lpcfg_dnsdomain(tctx->lp_ctx), true, dbdata, &version); /* Step 9. */ expected1->num_rr = 0; expected1->records[0].printed = false; expected1->records[1].printed = false; torture_assert_int_equal(tctx, dlz_lookup(lpcfg_dnsdomain(tctx->lp_ctx), expected1->query_name, dbdata, (dns_sdlzlookup_t *)expected1), ISC_R_SUCCESS, "Not found hostname"); torture_assert(tctx, expected1->records[0].printed, talloc_asprintf(tctx, "Failed to have putrr callback run name[%s] for type %s", expected1->records[0].name, expected1->records[0].type)); torture_assert(tctx, expected1->records[1].printed, talloc_asprintf(tctx, "Failed to have putrr callback run name[%s] for type %s", expected1->records[1].name, expected1->records[1].type)); torture_assert_int_equal(tctx, expected1->num_rr, 2, "Got wrong record count"); /* Step 10. */ torture_assert_int_equal(tctx, dlz_newversion(lpcfg_dnsdomain(tctx->lp_ctx), dbdata, &version), ISC_R_SUCCESS, "Failed to start transaction"); torture_assert_int_equal_goto(tctx, dlz_subrdataset(name, data0, dbdata, version), ISC_R_SUCCESS, ret, cancel_version, talloc_asprintf(tctx, "Failed to delete name[%s] data[%s]\n", name, data0)); dlz_closeversion(lpcfg_dnsdomain(tctx->lp_ctx), true, dbdata, &version); /* Step 11. */ expected1->num_rr = 0; expected1->records[0].printed = false; expected1->records[1].printed = false; torture_assert_int_equal(tctx, dlz_lookup(lpcfg_dnsdomain(tctx->lp_ctx), expected1->query_name, dbdata, (dns_sdlzlookup_t *)expected1), ISC_R_SUCCESS, "Not found hostname"); torture_assert(tctx, expected1->records[1].printed, talloc_asprintf(tctx, "Failed to have putrr callback run name[%s] for type %s", expected1->records[1].name, expected1->records[1].type)); torture_assert_int_equal(tctx, expected1->num_rr, 1, "Got wrong record count"); /* Step 12. */ torture_assert_int_equal(tctx, dlz_newversion(lpcfg_dnsdomain(tctx->lp_ctx), dbdata, &version), ISC_R_SUCCESS, "Failed to start transaction"); torture_assert_int_equal_goto(tctx, dlz_subrdataset(name, data1, dbdata, version), ISC_R_SUCCESS, ret, cancel_version, talloc_asprintf(tctx, "Failed to delete name[%s] data[%s]\n", name, data1)); dlz_closeversion(lpcfg_dnsdomain(tctx->lp_ctx), true, dbdata, &version); /* Step 13. */ expected1->num_rr = 0; expected1->records[0].printed = false; expected1->records[1].printed = false; torture_assert_int_equal(tctx, dlz_lookup(lpcfg_dnsdomain(tctx->lp_ctx), expected1->query_name, dbdata, (dns_sdlzlookup_t *)expected1), ISC_R_NOTFOUND, "Found hostname"); torture_assert_int_equal(tctx, expected1->num_rr, 0, "Got wrong record count"); /* Step 14. */ torture_assert_int_equal(tctx, dlz_newversion(lpcfg_dnsdomain(tctx->lp_ctx), dbdata, &version), ISC_R_SUCCESS, "Failed to start transaction"); torture_assert_int_equal_goto(tctx, dlz_addrdataset(name, data0, dbdata, version), ISC_R_SUCCESS, ret, cancel_version, talloc_asprintf(tctx, "Failed to add name[%s] data[%s]\n", name, data0)); dlz_closeversion(lpcfg_dnsdomain(tctx->lp_ctx), true, dbdata, &version); /* Step 15. */ expected1->num_rr = 0; expected1->records[0].printed = false; expected1->records[1].printed = false; torture_assert_int_equal(tctx, dlz_lookup(lpcfg_dnsdomain(tctx->lp_ctx), expected1->query_name, dbdata, (dns_sdlzlookup_t *)expected1), ISC_R_SUCCESS, "Not found hostname"); torture_assert(tctx, expected1->records[0].printed, talloc_asprintf(tctx, "Failed to have putrr callback run name[%s] for type %s", expected1->records[0].name, expected1->records[0].type)); torture_assert_int_equal(tctx, expected1->num_rr, 1, "Got wrong record count"); /* Step 16. */ torture_assert_int_equal(tctx, dlz_newversion(lpcfg_dnsdomain(tctx->lp_ctx), dbdata, &version), ISC_R_SUCCESS, "Failed to start transaction"); torture_assert_int_equal_goto(tctx, dlz_addrdataset(name, data1, dbdata, version), ISC_R_SUCCESS, ret, cancel_version, talloc_asprintf(tctx, "Failed to add name[%s] data[%s]\n", name, data1)); dlz_closeversion(lpcfg_dnsdomain(tctx->lp_ctx), true, dbdata, &version); /* Step 17. */ expected1->num_rr = 0; expected1->records[0].printed = false; expected1->records[1].printed = false; torture_assert_int_equal(tctx, dlz_lookup(lpcfg_dnsdomain(tctx->lp_ctx), expected1->query_name, dbdata, (dns_sdlzlookup_t *)expected1), ISC_R_SUCCESS, "Not found hostname"); torture_assert(tctx, expected1->records[0].printed, talloc_asprintf(tctx, "Failed to have putrr callback run name[%s] for type %s", expected1->records[0].name, expected1->records[0].type)); torture_assert(tctx, expected1->records[1].printed, talloc_asprintf(tctx, "Failed to have putrr callback run name[%s] for type %s", expected1->records[1].name, expected1->records[1].type)); torture_assert_int_equal(tctx, expected1->num_rr, 2, "Got wrong record count"); /* Step 18. */ torture_assert_int_equal(tctx, dlz_newversion(lpcfg_dnsdomain(tctx->lp_ctx), dbdata, &version), ISC_R_SUCCESS, "Failed to start transaction"); torture_assert_int_equal_goto(tctx, dlz_addrdataset(name, data0, dbdata, version), ISC_R_SUCCESS, ret, cancel_version, talloc_asprintf(tctx, "Failed to update name[%s] data[%s]\n", name, data0)); dlz_closeversion(lpcfg_dnsdomain(tctx->lp_ctx), true, dbdata, &version); /* Step 19. */ expected1->num_rr = 0; expected1->records[0].printed = false; expected1->records[1].printed = false; torture_assert_int_equal(tctx, dlz_lookup(lpcfg_dnsdomain(tctx->lp_ctx), expected1->query_name, dbdata, (dns_sdlzlookup_t *)expected1), ISC_R_SUCCESS, "Not found hostname"); torture_assert(tctx, expected1->records[0].printed, talloc_asprintf(tctx, "Failed to have putrr callback run name[%s] for type %s", expected1->records[0].name, expected1->records[0].type)); torture_assert(tctx, expected1->records[1].printed, talloc_asprintf(tctx, "Failed to have putrr callback run name[%s] for type %s", expected1->records[1].name, expected1->records[1].type)); torture_assert_int_equal(tctx, expected1->num_rr, 2, "Got wrong record count"); /* Step 20. */ torture_assert_int_equal(tctx, dlz_newversion(lpcfg_dnsdomain(tctx->lp_ctx), dbdata, &version), ISC_R_SUCCESS, "Failed to start transaction"); torture_assert_int_equal_goto(tctx, dlz_delrdataset(name, "txt", dbdata, version), ISC_R_FAILURE, ret, cancel_version, talloc_asprintf(tctx, "Deleted name[%s] type[%s]\n", name, "txt")); dlz_closeversion(lpcfg_dnsdomain(tctx->lp_ctx), false, dbdata, &version); /* Step 21. */ expected1->num_rr = 0; expected1->records[0].printed = false; expected1->records[1].printed = false; torture_assert_int_equal(tctx, dlz_lookup(lpcfg_dnsdomain(tctx->lp_ctx), expected1->query_name, dbdata, (dns_sdlzlookup_t *)expected1), ISC_R_SUCCESS, "Not found hostname"); torture_assert(tctx, expected1->records[0].printed, talloc_asprintf(tctx, "Failed to have putrr callback run name[%s] for type %s", expected1->records[0].name, expected1->records[0].type)); torture_assert(tctx, expected1->records[1].printed, talloc_asprintf(tctx, "Failed to have putrr callback run name[%s] for type %s", expected1->records[1].name, expected1->records[1].type)); torture_assert_int_equal(tctx, expected1->num_rr, 2, "Got wrong record count"); /* Step 22. */ torture_assert_int_equal(tctx, dlz_newversion(lpcfg_dnsdomain(tctx->lp_ctx), dbdata, &version), ISC_R_SUCCESS, "Failed to start transaction"); torture_assert_int_equal_goto(tctx, dlz_delrdataset(name, expected1->records[0].type, dbdata, version), ISC_R_SUCCESS, ret, cancel_version, talloc_asprintf(tctx, "Failed to delete name[%s] type[%s]\n", name, expected1->records[0].type)); dlz_closeversion(lpcfg_dnsdomain(tctx->lp_ctx), true, dbdata, &version); /* Step 23. */ expected1->num_rr = 0; expected1->records[0].printed = false; expected1->records[1].printed = false; torture_assert_int_equal(tctx, dlz_lookup(lpcfg_dnsdomain(tctx->lp_ctx), expected1->query_name, dbdata, (dns_sdlzlookup_t *)expected1), ISC_R_NOTFOUND, "Found hostname"); torture_assert_int_equal(tctx, expected1->num_rr, 0, "Got wrong record count"); dlz_destroy(dbdata); return true; cancel_version: dlz_closeversion(lpcfg_dnsdomain(tctx->lp_ctx), false, dbdata, &version); return ret; }
/* test a schannel connection with the given flags */ static bool test_schannel(struct torture_context *tctx, uint16_t acct_flags, uint32_t dcerpc_flags, int i) { struct test_join *join_ctx; NTSTATUS status; const char *binding = torture_setting_string(tctx, "binding", NULL); struct dcerpc_binding *b; struct dcerpc_pipe *p = NULL; struct dcerpc_pipe *p_netlogon = NULL; struct dcerpc_pipe *p_netlogon2 = NULL; struct dcerpc_pipe *p_netlogon3 = NULL; struct dcerpc_pipe *p_samr2 = NULL; struct dcerpc_pipe *p_lsa = NULL; struct netlogon_creds_CredentialState *creds; struct cli_credentials *credentials; join_ctx = torture_join_domain(tctx, talloc_asprintf(tctx, "%s%d", TEST_MACHINE_NAME, i), acct_flags, &credentials); torture_assert(tctx, join_ctx != NULL, "Failed to join domain"); status = dcerpc_parse_binding(tctx, binding, &b); torture_assert_ntstatus_ok(tctx, status, "Bad binding string"); b->flags &= ~DCERPC_AUTH_OPTIONS; b->flags |= dcerpc_flags; status = dcerpc_pipe_connect_b(tctx, &p, b, &ndr_table_samr, credentials, tctx->ev, tctx->lp_ctx); torture_assert_ntstatus_ok(tctx, status, "Failed to connect with schannel"); torture_assert(tctx, test_samr_ops(tctx, p->binding_handle), "Failed to process schannel secured SAMR ops"); /* Also test that when we connect to the netlogon pipe, that * the credentials we setup on the first pipe are valid for * the second */ /* Swap the binding details from SAMR to NETLOGON */ status = dcerpc_epm_map_binding(tctx, b, &ndr_table_netlogon, tctx->ev, tctx->lp_ctx); torture_assert_ntstatus_ok(tctx, status, "epm map"); status = dcerpc_secondary_connection(p, &p_netlogon, b); torture_assert_ntstatus_ok(tctx, status, "seconday connection"); status = dcerpc_bind_auth(p_netlogon, &ndr_table_netlogon, credentials, lpcfg_gensec_settings(tctx, tctx->lp_ctx), DCERPC_AUTH_TYPE_SCHANNEL, dcerpc_auth_level(p->conn), NULL); torture_assert_ntstatus_ok(tctx, status, "bind auth"); status = dcerpc_schannel_creds(p_netlogon->conn->security_state.generic_state, tctx, &creds); torture_assert_ntstatus_ok(tctx, status, "schannel creds"); /* do a couple of logins */ torture_assert(tctx, test_netlogon_ops(p_netlogon, tctx, credentials, creds), "Failed to process schannel secured NETLOGON ops"); torture_assert(tctx, test_netlogon_ex_ops(p_netlogon, tctx, credentials, creds), "Failed to process schannel secured NETLOGON EX ops"); /* Swap the binding details from SAMR to LSARPC */ status = dcerpc_epm_map_binding(tctx, b, &ndr_table_lsarpc, tctx->ev, tctx->lp_ctx); torture_assert_ntstatus_ok(tctx, status, "epm map"); status = dcerpc_secondary_connection(p, &p_lsa, b); torture_assert_ntstatus_ok(tctx, status, "seconday connection"); status = dcerpc_bind_auth(p_lsa, &ndr_table_lsarpc, credentials, lpcfg_gensec_settings(tctx, tctx->lp_ctx), DCERPC_AUTH_TYPE_SCHANNEL, dcerpc_auth_level(p->conn), NULL); torture_assert_ntstatus_ok(tctx, status, "bind auth"); torture_assert(tctx, test_lsa_ops(tctx, p_lsa), "Failed to process schannel secured LSA ops"); /* Drop the socket, we want to start from scratch */ talloc_free(p); p = NULL; /* Now see what we are still allowed to do */ status = dcerpc_parse_binding(tctx, binding, &b); torture_assert_ntstatus_ok(tctx, status, "Bad binding string"); b->flags &= ~DCERPC_AUTH_OPTIONS; b->flags |= dcerpc_flags; status = dcerpc_pipe_connect_b(tctx, &p_samr2, b, &ndr_table_samr, credentials, tctx->ev, tctx->lp_ctx); torture_assert_ntstatus_ok(tctx, status, "Failed to connect with schannel"); /* do a some SAMR operations. We have *not* done a new serverauthenticate */ torture_assert (tctx, test_samr_ops(tctx, p_samr2->binding_handle), "Failed to process schannel secured SAMR ops (on fresh connection)"); /* Swap the binding details from SAMR to NETLOGON */ status = dcerpc_epm_map_binding(tctx, b, &ndr_table_netlogon, tctx->ev, tctx->lp_ctx); torture_assert_ntstatus_ok(tctx, status, "epm"); status = dcerpc_secondary_connection(p_samr2, &p_netlogon2, b); torture_assert_ntstatus_ok(tctx, status, "seconday connection"); /* and now setup an SCHANNEL bind on netlogon */ status = dcerpc_bind_auth(p_netlogon2, &ndr_table_netlogon, credentials, lpcfg_gensec_settings(tctx, tctx->lp_ctx), DCERPC_AUTH_TYPE_SCHANNEL, dcerpc_auth_level(p_samr2->conn), NULL); torture_assert_ntstatus_ok(tctx, status, "auth failed"); /* Try the schannel-only SamLogonEx operation */ torture_assert(tctx, test_netlogon_ex_ops(p_netlogon2, tctx, credentials, creds), "Failed to process schannel secured NETLOGON EX ops (on fresh connection)"); /* And the more traditional style, proving that the * credentials chaining state is fully present */ torture_assert(tctx, test_netlogon_ops(p_netlogon2, tctx, credentials, creds), "Failed to process schannel secured NETLOGON ops (on fresh connection)"); /* Drop the socket, we want to start from scratch (again) */ talloc_free(p_samr2); /* We don't want schannel for this test */ b->flags &= ~DCERPC_AUTH_OPTIONS; status = dcerpc_pipe_connect_b(tctx, &p_netlogon3, b, &ndr_table_netlogon, credentials, tctx->ev, tctx->lp_ctx); torture_assert_ntstatus_ok(tctx, status, "Failed to connect without schannel"); torture_assert(tctx, !test_netlogon_ex_ops(p_netlogon3, tctx, credentials, creds), "Processed NOT schannel secured NETLOGON EX ops without SCHANNEL (unsafe)"); /* Required because the previous call will mark the current context as having failed */ tctx->last_result = TORTURE_OK; tctx->last_reason = NULL; torture_assert(tctx, test_netlogon_ops(p_netlogon3, tctx, credentials, creds), "Failed to processed NOT schannel secured NETLOGON ops without new ServerAuth"); torture_leave_domain(tctx, join_ctx); return true; }
/* Test rename on files open with share delete and no share delete. */ BOOL torture_test_rename(struct torture_context *tctx, struct smbcli_state *cli1) { const char *fname = "\\test.txt"; const char *fname1 = "\\test1.txt"; int fnum1; smbcli_unlink(cli1->tree, fname); smbcli_unlink(cli1->tree, fname1); fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, SEC_RIGHTS_FILE_READ, FILE_ATTRIBUTE_NORMAL, NTCREATEX_SHARE_ACCESS_READ, NTCREATEX_DISP_OVERWRITE_IF, 0, 0); torture_assert(tctx, fnum1 != -1, talloc_asprintf(tctx, "First open failed - %s", smbcli_errstr(cli1->tree))); torture_assert(tctx, NT_STATUS_IS_ERR(smbcli_rename(cli1->tree, fname, fname1)), "First rename succeeded - this should have failed !"); torture_assert_ntstatus_ok(tctx, smbcli_close(cli1->tree, fnum1), talloc_asprintf(tctx, "close - 1 failed (%s)", smbcli_errstr(cli1->tree))); smbcli_unlink(cli1->tree, fname); smbcli_unlink(cli1->tree, fname1); fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, SEC_RIGHTS_FILE_READ, FILE_ATTRIBUTE_NORMAL, NTCREATEX_SHARE_ACCESS_DELETE|NTCREATEX_SHARE_ACCESS_READ, NTCREATEX_DISP_OVERWRITE_IF, 0, 0); torture_assert(tctx, fnum1 != -1, talloc_asprintf(tctx, "Second open failed - %s", smbcli_errstr(cli1->tree))); torture_assert_ntstatus_ok(tctx, smbcli_rename(cli1->tree, fname, fname1), talloc_asprintf(tctx, "Second rename failed - this should have succeeded - %s", smbcli_errstr(cli1->tree))); torture_assert_ntstatus_ok(tctx, smbcli_close(cli1->tree, fnum1), talloc_asprintf(tctx, "close - 2 failed (%s)", smbcli_errstr(cli1->tree))); smbcli_unlink(cli1->tree, fname); smbcli_unlink(cli1->tree, fname1); fnum1 = smbcli_nt_create_full(cli1->tree, fname, 0, SEC_STD_READ_CONTROL, FILE_ATTRIBUTE_NORMAL, NTCREATEX_SHARE_ACCESS_NONE, NTCREATEX_DISP_OVERWRITE_IF, 0, 0); torture_assert(tctx, fnum1 != -1, talloc_asprintf(tctx, "Third open failed - %s", smbcli_errstr(cli1->tree))); torture_assert_ntstatus_ok(tctx, smbcli_rename(cli1->tree, fname, fname1), talloc_asprintf(tctx, "Third rename failed - this should have succeeded - %s", smbcli_errstr(cli1->tree))); torture_assert_ntstatus_ok(tctx, smbcli_close(cli1->tree, fnum1), talloc_asprintf(tctx, "close - 3 failed (%s)", smbcli_errstr(cli1->tree))); smbcli_unlink(cli1->tree, fname); smbcli_unlink(cli1->tree, fname1); return true; }
static bool torture_ntlmssp_self_check(struct torture_context *tctx) { struct gensec_security *gensec_security; struct gensec_ntlmssp_state *gensec_ntlmssp_state; DATA_BLOB data; DATA_BLOB sig, expected_sig; TALLOC_CTX *mem_ctx = tctx; torture_assert_ntstatus_ok(tctx, gensec_client_start(mem_ctx, &gensec_security, tctx->ev, lp_gensec_settings(tctx, tctx->lp_ctx)), "gensec client start"); gensec_set_credentials(gensec_security, cmdline_credentials); gensec_want_feature(gensec_security, GENSEC_FEATURE_SIGN); gensec_want_feature(gensec_security, GENSEC_FEATURE_SEAL); torture_assert_ntstatus_ok(tctx, gensec_start_mech_by_oid(gensec_security, GENSEC_OID_NTLMSSP), "Failed to start GENSEC for NTLMSSP"); gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data; gensec_ntlmssp_state->session_key = strhex_to_data_blob(tctx, "0102030405060708090a0b0c0d0e0f00"); dump_data_pw("NTLMSSP session key: \n", gensec_ntlmssp_state->session_key.data, gensec_ntlmssp_state->session_key.length); gensec_ntlmssp_state->neg_flags = NTLMSSP_NEGOTIATE_SIGN | NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_KEY_EXCH | NTLMSSP_NEGOTIATE_NTLM2; torture_assert_ntstatus_ok(tctx, ntlmssp_sign_init(gensec_ntlmssp_state), "Failed to sign_init"); data = strhex_to_data_blob(tctx, "6a43494653"); gensec_ntlmssp_sign_packet(gensec_security, gensec_security, data.data, data.length, data.data, data.length, &sig); expected_sig = strhex_to_data_blob(tctx, "01000000e37f97f2544f4d7e00000000"); dump_data_pw("NTLMSSP calc sig: ", sig.data, sig.length); dump_data_pw("NTLMSSP expected sig: ", expected_sig.data, expected_sig.length); torture_assert_int_equal(tctx, sig.length, expected_sig.length, "Wrong sig length"); torture_assert_mem_equal(tctx, sig.data, expected_sig.data, sig.length, "data mismatch"); torture_assert_ntstatus_equal(tctx, gensec_ntlmssp_check_packet(gensec_security, gensec_security, data.data, data.length, data.data, data.length, &sig), NT_STATUS_ACCESS_DENIED, "Check of just signed packet (should fail, wrong end)"); gensec_ntlmssp_state->session_key = data_blob(NULL, 0); torture_assert_ntstatus_equal(tctx, gensec_ntlmssp_check_packet(gensec_security, gensec_security, data.data, data.length, data.data, data.length, &sig), NT_STATUS_NO_USER_SESSION_KEY, "Check of just signed packet without a session key should fail"); talloc_free(gensec_security); torture_assert_ntstatus_ok(tctx, gensec_client_start(mem_ctx, &gensec_security, tctx->ev, lp_gensec_settings(tctx, tctx->lp_ctx)), "Failed to start GENSEC for NTLMSSP"); gensec_set_credentials(gensec_security, cmdline_credentials); gensec_want_feature(gensec_security, GENSEC_FEATURE_SIGN); gensec_want_feature(gensec_security, GENSEC_FEATURE_SEAL); torture_assert_ntstatus_ok(tctx, gensec_start_mech_by_oid(gensec_security, GENSEC_OID_NTLMSSP), "GENSEC start mech by oid"); gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data; gensec_ntlmssp_state->session_key = strhex_to_data_blob(tctx, "0102030405e538b0"); dump_data_pw("NTLMSSP session key: \n", gensec_ntlmssp_state->session_key.data, gensec_ntlmssp_state->session_key.length); gensec_ntlmssp_state->neg_flags = NTLMSSP_NEGOTIATE_SIGN | NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_KEY_EXCH; torture_assert_ntstatus_ok(tctx, ntlmssp_sign_init(gensec_ntlmssp_state), "Failed to sign_init"); data = strhex_to_data_blob(tctx, "6a43494653"); gensec_ntlmssp_sign_packet(gensec_security, gensec_security, data.data, data.length, data.data, data.length, &sig); expected_sig = strhex_to_data_blob(tctx, "0100000078010900397420fe0e5a0f89"); dump_data_pw("NTLMSSP calc sig: ", sig.data, sig.length); dump_data_pw("NTLMSSP expected sig: ", expected_sig.data, expected_sig.length); torture_assert_int_equal(tctx, sig.length, expected_sig.length, "Wrong sig length"); torture_assert_mem_equal(tctx, sig.data+8, expected_sig.data+8, sig.length-8, "data mismatch"); torture_assert_ntstatus_equal(tctx, gensec_ntlmssp_check_packet(gensec_security, gensec_security, data.data, data.length, data.data, data.length, &sig), NT_STATUS_ACCESS_DENIED, "Check of just signed packet (should fail, wrong end)"); sig.length /= 2; torture_assert_ntstatus_equal(tctx, gensec_ntlmssp_check_packet(gensec_security, gensec_security, data.data, data.length, data.data, data.length, &sig), NT_STATUS_ACCESS_DENIED, "Check of just signed packet with short sig"); talloc_free(gensec_security); return true; }
static bool test_compound_break(struct torture_context *tctx, struct smb2_tree *tree) { const char *fname1 = "some-file.pptx"; NTSTATUS status; bool ret = true; union smb_open io1; struct smb2_create io2; struct smb2_getinfo gf; struct smb2_request *req[2]; struct smb2_handle h1; struct smb2_handle h; tree->session->transport->oplock.handler = torture_oplock_handler; tree->session->transport->oplock.private_data = tree; ZERO_STRUCT(break_info); /* base ntcreatex parms */ ZERO_STRUCT(io1.smb2); io1.generic.level = RAW_OPEN_SMB2; io1.smb2.in.desired_access = (SEC_STD_SYNCHRONIZE| SEC_STD_READ_CONTROL| SEC_FILE_READ_ATTRIBUTE| SEC_FILE_READ_EA| SEC_FILE_READ_DATA); io1.smb2.in.alloc_size = 0; io1.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL; io1.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ| NTCREATEX_SHARE_ACCESS_WRITE| NTCREATEX_SHARE_ACCESS_DELETE; io1.smb2.in.create_disposition = NTCREATEX_DISP_OPEN_IF; io1.smb2.in.create_options = 0; io1.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS; io1.smb2.in.security_flags = 0; io1.smb2.in.fname = fname1; torture_comment(tctx, "TEST2: open a file with an batch " "oplock (share mode: all)\n"); io1.smb2.in.oplock_level = SMB2_OPLOCK_LEVEL_BATCH; status = smb2_create(tree, tctx, &(io1.smb2)); torture_assert_ntstatus_ok(tctx, status, "Error opening the file"); h1 = io1.smb2.out.file.handle; torture_comment(tctx, "TEST2: Opening second time with compound\n"); ZERO_STRUCT(io2); io2.in.desired_access = (SEC_STD_SYNCHRONIZE| SEC_FILE_READ_ATTRIBUTE| SEC_FILE_READ_EA); io2.in.alloc_size = 0; io2.in.file_attributes = FILE_ATTRIBUTE_NORMAL; io2.in.share_access = NTCREATEX_SHARE_ACCESS_READ| NTCREATEX_SHARE_ACCESS_WRITE| NTCREATEX_SHARE_ACCESS_DELETE; io2.in.create_disposition = NTCREATEX_DISP_OPEN; io2.in.create_options = 0; io2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS; io2.in.security_flags = 0; io2.in.fname = fname1; io2.in.oplock_level = 0; smb2_transport_compound_start(tree->session->transport, 2); req[0] = smb2_create_send(tree, &io2); smb2_transport_compound_set_related(tree->session->transport, true); h.data[0] = UINT64_MAX; h.data[1] = UINT64_MAX; ZERO_STRUCT(gf); gf.in.file.handle = h; gf.in.info_type = SMB2_GETINFO_FILE; gf.in.info_class = 0x16; gf.in.output_buffer_length = 0x1000; gf.in.input_buffer_length = 0; req[1] = smb2_getinfo_send(tree, &gf); status = smb2_create_recv(req[0], tree, &io2); CHECK_STATUS(status, NT_STATUS_OK); status = smb2_getinfo_recv(req[1], tree, &gf); CHECK_STATUS(status, NT_STATUS_OK); done: smb2_util_close(tree, h1); smb2_util_unlink(tree, fname1); return ret; }
/** * Removes user by RDN through SAMR interface. * * @param domain_handle [in] Domain handle * @param user_rdn [in] User's RDN in ldap database */ bool test_user_cleanup(struct torture_context *tctx, struct dcerpc_binding_handle *b, TALLOC_CTX *mem_ctx, struct policy_handle *domain_handle, const char *user_rdn) { struct samr_LookupNames r1; struct samr_OpenUser r2; struct samr_DeleteUser r3; struct lsa_String names[2]; uint32_t rid; struct policy_handle user_handle; struct samr_Ids rids, types; const char *account_name; if (!_get_account_name_for_user_rdn(tctx, user_rdn, mem_ctx, &account_name)) { torture_result(tctx, TORTURE_FAIL, __location__": Failed to find samAccountName for %s", user_rdn); return false; } names[0].string = account_name; r1.in.domain_handle = domain_handle; r1.in.num_names = 1; r1.in.names = names; r1.out.rids = &rids; r1.out.types = &types; torture_comment(tctx, "user account lookup '%s'\n", account_name); torture_assert_ntstatus_ok(tctx, dcerpc_samr_LookupNames_r(b, mem_ctx, &r1), "LookupNames failed"); torture_assert_ntstatus_ok(tctx, r1.out.result, "LookupNames failed"); rid = r1.out.rids->ids[0]; r2.in.domain_handle = domain_handle; r2.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; r2.in.rid = rid; r2.out.user_handle = &user_handle; torture_comment(tctx, "opening user account\n"); torture_assert_ntstatus_ok(tctx, dcerpc_samr_OpenUser_r(b, mem_ctx, &r2), "OpenUser failed"); torture_assert_ntstatus_ok(tctx, r2.out.result, "OpenUser failed"); r3.in.user_handle = &user_handle; r3.out.user_handle = &user_handle; torture_comment(tctx, "deleting user account\n"); torture_assert_ntstatus_ok(tctx, dcerpc_samr_DeleteUser_r(b, mem_ctx, &r3), "DeleteUser failed"); torture_assert_ntstatus_ok(tctx, r3.out.result, "DeleteUser failed"); return true; }
static bool spoolss_access_setup_membership(struct torture_context *tctx, struct dcerpc_pipe *p, uint32_t num_members, uint32_t *members, struct dom_sid *user_sid) { struct dcerpc_binding_handle *b = p->binding_handle; struct policy_handle connect_handle, domain_handle; int i; torture_comment(tctx, "Setting up BUILTIN membership for %s\n", dom_sid_string(tctx, user_sid)); for (i=0; i < num_members; i++) { torture_comment(tctx, "adding user to S-1-5-32-%d\n", members[i]); } { struct samr_Connect2 r; r.in.system_name = ""; r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; r.out.connect_handle = &connect_handle; torture_assert_ntstatus_ok(tctx, dcerpc_samr_Connect2_r(b, tctx, &r), "samr_Connect2 failed"); torture_assert_ntstatus_ok(tctx, r.out.result, "samr_Connect2 failed"); } { struct samr_OpenDomain r; r.in.connect_handle = &connect_handle; r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; r.in.sid = dom_sid_parse_talloc(tctx, "S-1-5-32"); r.out.domain_handle = &domain_handle; torture_assert_ntstatus_ok(tctx, dcerpc_samr_OpenDomain_r(b, tctx, &r), "samr_OpenDomain failed"); torture_assert_ntstatus_ok(tctx, r.out.result, "samr_OpenDomain failed"); } for (i=0; i < num_members; i++) { struct policy_handle alias_handle; { struct samr_OpenAlias r; r.in.domain_handle = &domain_handle; r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; r.in.rid = members[i]; r.out.alias_handle = &alias_handle; torture_assert_ntstatus_ok(tctx, dcerpc_samr_OpenAlias_r(b, tctx, &r), "samr_OpenAlias failed"); torture_assert_ntstatus_ok(tctx, r.out.result, "samr_OpenAlias failed"); } { struct samr_AddAliasMember r; r.in.alias_handle = &alias_handle; r.in.sid = user_sid; torture_assert_ntstatus_ok(tctx, dcerpc_samr_AddAliasMember_r(b, tctx, &r), "samr_AddAliasMember failed"); torture_assert_ntstatus_ok(tctx, r.out.result, "samr_AddAliasMember failed"); } test_samr_handle_Close(b, tctx, &alias_handle); } test_samr_handle_Close(b, tctx, &domain_handle); test_samr_handle_Close(b, tctx, &connect_handle); return true; }
bool torture_samba3_hide(struct torture_context *torture) { struct smbcli_state *cli; const char *fname = "test.txt"; int fnum; NTSTATUS status; struct smbcli_tree *hideunread; struct smbcli_tree *hideunwrite; if (!torture_open_connection_share( torture, &cli, torture, torture_setting_string(torture, "host", NULL), torture_setting_string(torture, "share", NULL), torture->ev)) { torture_fail(torture, "torture_open_connection_share failed\n"); } status = smbcli_setup_unix(cli->tree); if (!NT_STATUS_IS_OK(status)) { torture_fail(torture, talloc_asprintf(torture, "smbcli_setup_unix failed %s\n", nt_errstr(status))); } status = torture_second_tcon(torture, cli->session, "hideunread", &hideunread); torture_assert_ntstatus_ok(torture, status, "second_tcon(hideunread) failed\n"); status = torture_second_tcon(torture, cli->session, "hideunwrite", &hideunwrite); torture_assert_ntstatus_ok(torture, status, "second_tcon(hideunwrite) failed\n"); status = smbcli_unlink(cli->tree, fname); if (NT_STATUS_EQUAL(status, NT_STATUS_CANNOT_DELETE)) { smbcli_setatr(cli->tree, fname, 0, -1); smbcli_unlink(cli->tree, fname); } fnum = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE); if (fnum == -1) { torture_fail(torture, talloc_asprintf(torture, "Failed to create %s - %s\n", fname, smbcli_errstr(cli->tree))); } smbcli_close(cli->tree, fnum); if (!smbcli_file_exists(cli->tree, fname)) { torture_fail(torture, talloc_asprintf(torture, "%s does not exist\n", fname)); } /* R/W file should be visible everywhere */ status = smbcli_chmod(cli->tree, fname, UNIX_R_USR|UNIX_W_USR); torture_assert_ntstatus_ok(torture, status, "smbcli_chmod failed\n"); if (!is_writeable(torture, cli->tree, fname)) { torture_fail(torture, "File not writable\n"); } if (!is_readable(cli->tree, fname)) { torture_fail(torture, "File not readable\n"); } if (!is_visible(cli->tree, fname)) { torture_fail(torture, "r/w file not visible via normal share\n"); } if (!is_visible(hideunread, fname)) { torture_fail(torture, "r/w file not visible via hide unreadable\n"); } if (!is_visible(hideunwrite, fname)) { torture_fail(torture, "r/w file not visible via hide unwriteable\n"); } /* R/O file should not be visible via hide unwriteable files */ status = smbcli_chmod(cli->tree, fname, UNIX_R_USR); torture_assert_ntstatus_ok(torture, status, "smbcli_chmod failed\n"); if (is_writeable(torture, cli->tree, fname)) { torture_fail(torture, "r/o is writable\n"); } if (!is_readable(cli->tree, fname)) { torture_fail(torture, "r/o not readable\n"); } if (!is_visible(cli->tree, fname)) { torture_fail(torture, "r/o file not visible via normal share\n"); } if (!is_visible(hideunread, fname)) { torture_fail(torture, "r/o file not visible via hide unreadable\n"); } if (is_visible(hideunwrite, fname)) { torture_fail(torture, "r/o file visible via hide unwriteable\n"); } /* inaccessible file should be only visible on normal share */ status = smbcli_chmod(cli->tree, fname, 0); torture_assert_ntstatus_ok(torture, status, "smbcli_chmod failed\n"); if (is_writeable(torture, cli->tree, fname)) { torture_fail(torture, "inaccessible file is writable\n"); } if (is_readable(cli->tree, fname)) { torture_fail(torture, "inaccessible file is readable\n"); } if (!is_visible(cli->tree, fname)) { torture_fail(torture, "inaccessible file not visible via normal share\n"); } if (is_visible(hideunread, fname)) { torture_fail(torture, "inaccessible file visible via hide unreadable\n"); } if (is_visible(hideunwrite, fname)) { torture_fail(torture, "inaccessible file visible via hide unwriteable\n"); } smbcli_chmod(cli->tree, fname, UNIX_R_USR|UNIX_W_USR); smbcli_unlink(cli->tree, fname); return true; }
static bool torture_locktest7(struct torture_context *tctx, struct smbcli_state *cli1) { const char *fname = BASEDIR "\\lockt7.lck"; int fnum1; int fnum2 = -1; size_t size; uint8_t buf[200]; bool correct = false; torture_assert(tctx, torture_setup_dir(cli1, BASEDIR), talloc_asprintf(tctx, "Unable to set up %s", BASEDIR)); fnum1 = smbcli_open(cli1->tree, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE); memset(buf, 0, sizeof(buf)); torture_assert(tctx, smbcli_write(cli1->tree, fnum1, 0, buf, 0, sizeof(buf)) == sizeof(buf), "Failed to create file"); cli1->session->pid = 1; torture_assert_ntstatus_ok(tctx, smbcli_lock(cli1->tree, fnum1, 130, 4, 0, READ_LOCK), talloc_asprintf(tctx, "Unable to apply read lock on range 130:4, error was %s", smbcli_errstr(cli1->tree))); torture_comment(tctx, "pid1 successfully locked range 130:4 for READ\n"); torture_assert(tctx, smbcli_read(cli1->tree, fnum1, buf, 130, 4) == 4, talloc_asprintf(tctx, "pid1 unable to read the range 130:4, error was %s)", smbcli_errstr(cli1->tree))); torture_comment(tctx, "pid1 successfully read the range 130:4\n"); if (smbcli_write(cli1->tree, fnum1, 0, buf, 130, 4) != 4) { torture_comment(tctx, "pid1 unable to write to the range 130:4, error was %s\n", smbcli_errstr(cli1->tree)); torture_assert_ntstatus_equal(tctx, smbcli_nt_error(cli1->tree), NT_STATUS_FILE_LOCK_CONFLICT, "Incorrect error (should be NT_STATUS_FILE_LOCK_CONFLICT)"); } else { torture_fail(tctx, "pid1 successfully wrote to the range 130:4 (should be denied)"); } cli1->session->pid = 2; if (smbcli_read(cli1->tree, fnum1, buf, 130, 4) != 4) { torture_comment(tctx, "pid2 unable to read the range 130:4, error was %s\n", smbcli_errstr(cli1->tree)); } else { torture_comment(tctx, "pid2 successfully read the range 130:4\n"); } if (smbcli_write(cli1->tree, fnum1, 0, buf, 130, 4) != 4) { torture_comment(tctx, "pid2 unable to write to the range 130:4, error was %s\n", smbcli_errstr(cli1->tree)); torture_assert_ntstatus_equal(tctx, smbcli_nt_error(cli1->tree), NT_STATUS_FILE_LOCK_CONFLICT, "Incorrect error (should be NT_STATUS_FILE_LOCK_CONFLICT)"); } else { torture_fail(tctx, "pid2 successfully wrote to the range 130:4 (should be denied)"); } cli1->session->pid = 1; smbcli_unlock(cli1->tree, fnum1, 130, 4); torture_assert_ntstatus_ok(tctx, smbcli_lock(cli1->tree, fnum1, 130, 4, 0, WRITE_LOCK), talloc_asprintf(tctx, "Unable to apply write lock on range 130:4, error was %s", smbcli_errstr(cli1->tree))); torture_comment(tctx, "pid1 successfully locked range 130:4 for WRITE\n"); torture_assert(tctx, smbcli_read(cli1->tree, fnum1, buf, 130, 4) == 4, talloc_asprintf(tctx, "pid1 unable to read the range 130:4, error was %s", smbcli_errstr(cli1->tree))); torture_comment(tctx, "pid1 successfully read the range 130:4\n"); torture_assert(tctx, smbcli_write(cli1->tree, fnum1, 0, buf, 130, 4) == 4, talloc_asprintf(tctx, "pid1 unable to write to the range 130:4, error was %s", smbcli_errstr(cli1->tree))); torture_comment(tctx, "pid1 successfully wrote to the range 130:4\n"); cli1->session->pid = 2; if (smbcli_read(cli1->tree, fnum1, buf, 130, 4) != 4) { torture_comment(tctx, "pid2 unable to read the range 130:4, error was %s\n", smbcli_errstr(cli1->tree)); torture_assert_ntstatus_equal(tctx, smbcli_nt_error(cli1->tree), NT_STATUS_FILE_LOCK_CONFLICT, "Incorrect error (should be NT_STATUS_FILE_LOCK_CONFLICT)"); } else { torture_fail(tctx, "pid2 successfully read the range 130:4 (should be denied)"); } if (smbcli_write(cli1->tree, fnum1, 0, buf, 130, 4) != 4) { torture_comment(tctx, "pid2 unable to write to the range 130:4, error was %s\n", smbcli_errstr(cli1->tree)); if (!NT_STATUS_EQUAL(smbcli_nt_error(cli1->tree), NT_STATUS_FILE_LOCK_CONFLICT)) { torture_comment(tctx, "Incorrect error (should be NT_STATUS_FILE_LOCK_CONFLICT) (%s)\n", __location__); goto fail; } } else { torture_comment(tctx, "pid2 successfully wrote to the range 130:4 (should be denied) (%s)\n", __location__); goto fail; } torture_comment(tctx, "Testing truncate of locked file.\n"); fnum2 = smbcli_open(cli1->tree, fname, O_RDWR|O_TRUNC, DENY_NONE); torture_assert(tctx, fnum2 != -1, "Unable to truncate locked file"); torture_comment(tctx, "Truncated locked file.\n"); torture_assert_ntstatus_ok(tctx, smbcli_getatr(cli1->tree, fname, NULL, &size, NULL), talloc_asprintf(tctx, "getatr failed (%s)", smbcli_errstr(cli1->tree))); torture_assert(tctx, size == 0, talloc_asprintf(tctx, "Unable to truncate locked file. Size was %u", (unsigned)size)); cli1->session->pid = 1; smbcli_unlock(cli1->tree, fnum1, 130, 4); correct = true; fail: smbcli_close(cli1->tree, fnum1); smbcli_close(cli1->tree, fnum2); smbcli_unlink(cli1->tree, fname); return correct; }