static bool test_handles_samr(struct torture_context *torture)
{
NTSTATUS status;
struct dcerpc_pipe *p1, *p2;
struct dcerpc_binding_handle *b1, *b2;
struct policy_handle handle;
struct policy_handle handle2;
struct samr_Connect r;
struct samr_Close c;
TALLOC_CTX *mem_ctx = talloc_new(torture);
torture_comment(torture, "RPC-HANDLE-SAMR\n");
status = torture_rpc_connection(torture, &p1, &ndr_table_samr);
torture_assert_ntstatus_ok(torture, status, "opening samr pipe1");
b1 = p1->binding_handle;
status = torture_rpc_connection(torture, &p2, &ndr_table_samr);
torture_assert_ntstatus_ok(torture, status, "opening samr pipe2");
b2 = p2->binding_handle;
r.in.system_name = 0;
r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
r.out.connect_handle = &handle;
torture_assert_ntstatus_ok(torture, dcerpc_samr_Connect_r(b1, mem_ctx, &r),
"Connect failed");
torture_assert_ntstatus_ok(torture, r.out.result, "opening policy handle on p1");
c.in.handle = &handle;
c.out.handle = &handle2;
status = dcerpc_samr_Close_r(b2, mem_ctx, &c);
torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
"closing policy handle on p2");
torture_assert_ntstatus_ok(torture, dcerpc_samr_Close_r(b1, mem_ctx, &c),
"Close failed");
torture_assert_ntstatus_ok(torture, c.out.result, "closing policy handle on p1");
status = dcerpc_samr_Close_r(b1, mem_ctx, &c);
torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
"closing policy handle on p1 again");
talloc_free(mem_ctx);
return true;
}
bool torture_domain_open_samr(struct torture_context *torture)
{
NTSTATUS status;
struct libnet_context *ctx;
TALLOC_CTX *mem_ctx;
struct policy_handle domain_handle, handle;
struct libnet_DomainOpen io;
struct samr_Close r;
const char *domain_name;
bool ret = true;
mem_ctx = talloc_init("test_domainopen_lsa");
ctx = libnet_context_init(torture->ev, torture->lp_ctx);
ctx->cred = cmdline_credentials;
/* we're accessing domain controller so the domain name should be
passed (it's going to be resolved to dc name and address) instead
of specific server name. */
domain_name = lpcfg_workgroup(torture->lp_ctx);
/*
* Testing synchronous version
*/
torture_comment(torture, "opening domain\n");
io.in.type = DOMAIN_SAMR;
io.in.domain_name = domain_name;
io.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
status = libnet_DomainOpen(ctx, mem_ctx, &io);
if (!NT_STATUS_IS_OK(status)) {
torture_comment(torture, "Composite domain open failed for domain '%s' - %s\n",
domain_name, nt_errstr(status));
ret = false;
goto done;
}
domain_handle = ctx->samr.handle;
r.in.handle = &domain_handle;
r.out.handle = &handle;
torture_comment(torture, "closing domain handle\n");
torture_assert_ntstatus_ok(torture,
dcerpc_samr_Close_r(ctx->samr.pipe->binding_handle, mem_ctx, &r),
"Close failed");
torture_assert_ntstatus_ok(torture, r.out.result,
"Close failed");
done:
talloc_free(mem_ctx);
talloc_free(ctx);
return ret;
}
/**
* Closes SAMR handle obtained from Connect, Open User/Domain, etc
*/
bool test_samr_close_handle(struct torture_context *tctx,
struct dcerpc_binding_handle *b,
TALLOC_CTX *mem_ctx,
struct policy_handle *samr_handle)
{
struct samr_Close r;
r.in.handle = samr_handle;
r.out.handle = samr_handle;
torture_assert_ntstatus_ok(tctx,
dcerpc_samr_Close_r(b, mem_ctx, &r),
"Close SAMR handle RPC call failed");
torture_assert_ntstatus_ok(tctx, r.out.result,
"Close SAMR handle failed");
return true;
}
static bool test_cleanup(struct torture_context *tctx,
struct dcerpc_binding_handle *b, TALLOC_CTX *mem_ctx,
struct policy_handle *domain_handle)
{
struct samr_Close r;
struct policy_handle handle;
r.in.handle = domain_handle;
r.out.handle = &handle;
torture_comment(tctx, "closing domain handle\n");
torture_assert_ntstatus_ok(tctx,
dcerpc_samr_Close_r(b, mem_ctx, &r),
"Close failed");
torture_assert_ntstatus_ok(tctx, r.out.result,
"Close failed");
return true;
}
static bool test_handles_mixed_shared(struct torture_context *torture)
{
NTSTATUS status;
struct dcerpc_pipe *p1, *p2, *p3, *p4, *p5, *p6;
struct dcerpc_binding_handle *b1, *b2;
struct policy_handle handle;
struct policy_handle handle2;
struct samr_Connect r;
struct lsa_Close lc;
struct samr_Close sc;
TALLOC_CTX *mem_ctx = talloc_new(torture);
enum dcerpc_transport_t transport;
uint32_t assoc_group_id;
torture_comment(torture, "RPC-HANDLE-MIXED-SHARED\n");
torture_comment(torture, "connect samr pipe1\n");
status = torture_rpc_connection(torture, &p1, &ndr_table_samr);
torture_assert_ntstatus_ok(torture, status, "opening samr pipe1");
b1 = p1->binding_handle;
transport = p1->conn->transport.transport;
assoc_group_id = dcerpc_binding_get_assoc_group_id(p1->binding);
torture_comment(torture, "use assoc_group_id[0x%08X] for new connections\n", assoc_group_id);
torture_comment(torture, "connect lsa pipe2\n");
status = torture_rpc_connection_transport(torture, &p2, &ndr_table_lsarpc,
transport,
assoc_group_id);
torture_assert_ntstatus_ok(torture, status, "opening lsa pipe2");
b2 = p2->binding_handle;
torture_comment(torture, "got assoc_group_id[0x%08X] for p2\n",
dcerpc_binding_get_assoc_group_id(p2->binding));
r.in.system_name = 0;
r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
r.out.connect_handle = &handle;
torture_comment(torture, "samr_Connect to open a policy handle on samr p1\n");
torture_assert_ntstatus_ok(torture, dcerpc_samr_Connect_r(b1, mem_ctx, &r),
"Connect failed");
torture_assert_ntstatus_ok(torture, r.out.result, "opening policy handle on p1");
lc.in.handle = &handle;
lc.out.handle = &handle2;
sc.in.handle = &handle;
sc.out.handle = &handle2;
torture_comment(torture, "use policy handle on lsa p2 - should fail\n");
status = dcerpc_lsa_Close_r(b2, mem_ctx, &lc);
torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
"closing handle on lsa p2");
torture_comment(torture, "closing policy handle on samr p1\n");
torture_assert_ntstatus_ok(torture, dcerpc_samr_Close_r(b1, mem_ctx, &sc),
"Close failed");
torture_assert_ntstatus_ok(torture, sc.out.result, "closing policy handle on p1");
talloc_free(p1);
talloc_free(p2);
smb_msleep(10);
torture_comment(torture, "connect samr pipe3 - should fail\n");
status = torture_rpc_connection_transport(torture, &p3, &ndr_table_samr,
transport,
assoc_group_id);
torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL,
"opening samr pipe3");
torture_comment(torture, "connect lsa pipe4 - should fail\n");
status = torture_rpc_connection_transport(torture, &p4, &ndr_table_lsarpc,
transport,
assoc_group_id);
torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL,
"opening lsa pipe4");
/*
* We use ~assoc_group_id instead of p1->assoc_group_id, because
* this way we are less likely to use an id which is already in use.
*/
assoc_group_id = ~assoc_group_id;
torture_comment(torture, "connect samr pipe5 with assoc_group_id[0x%08X]- should fail\n", ++assoc_group_id);
status = torture_rpc_connection_transport(torture, &p5, &ndr_table_samr,
transport,
assoc_group_id);
torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL,
"opening samr pipe5");
torture_comment(torture, "connect lsa pipe6 with assoc_group_id[0x%08X]- should fail\n", ++assoc_group_id);
status = torture_rpc_connection_transport(torture, &p6, &ndr_table_lsarpc,
transport,
assoc_group_id);
torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL,
"opening lsa pipe6");
talloc_free(mem_ctx);
return true;
}
