BOOL torture_domain_open_samr(struct torture_context *torture)
{
NTSTATUS status;
const char *binding;
struct libnet_context *ctx;
struct event_context *evt_ctx=NULL;
TALLOC_CTX *mem_ctx;
struct policy_handle domain_handle, handle;
struct libnet_DomainOpen io;
struct samr_Close r;
const char *domain_name;
BOOL ret = True;
mem_ctx = talloc_init("test_domainopen_lsa");
binding = torture_setting_string(torture, "binding", NULL);
ctx = libnet_context_init(evt_ctx);
ctx->cred = cmdline_credentials;
/* we're accessing domain controller so the domain name should be
passed (it's going to be resolved to dc name and address) instead
of specific server name. */
domain_name = lp_workgroup();
/*
* Testing synchronous version
*/
printf("opening domain\n");
io.in.type = DOMAIN_SAMR;
io.in.domain_name = domain_name;
io.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
status = libnet_DomainOpen(ctx, mem_ctx, &io);
if (!NT_STATUS_IS_OK(status)) {
printf("Composite domain open failed - %s\n", nt_errstr(status));
ret = False;
goto done;
}
domain_handle = ctx->samr.handle;
r.in.handle = &domain_handle;
r.out.handle = &handle;
printf("closing domain handle\n");
status = dcerpc_samr_Close(ctx->samr.pipe, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
printf("Close failed - %s\n", nt_errstr(status));
ret = False;
goto done;
}
done:
talloc_free(mem_ctx);
talloc_free(ctx);
return ret;
}
int net_samsync_ldb(struct net_context *ctx, int argc, const char **argv)
{
NTSTATUS status;
struct libnet_context *libnetctx;
struct libnet_samsync_ldb r;
libnetctx = libnet_context_init(ctx->event_ctx, ctx->lp_ctx);
if (!libnetctx) {
return -1;
}
libnetctx->cred = ctx->credentials;
r.out.error_string = NULL;
r.in.machine_account = NULL;
r.in.binding_string = NULL;
/* Needed to override the ACLs on ldb */
r.in.session_info = system_session(libnetctx, ctx->lp_ctx);
status = libnet_samsync_ldb(libnetctx, libnetctx, &r);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("libnet_samsync_ldb returned %s: %s\n",
nt_errstr(status),
r.out.error_string));
return -1;
}
talloc_free(libnetctx);
return 0;
}
static bool test_NetShareDel(TALLOC_CTX *mem_ctx,
struct torture_context *tctx,
const char *host,
const char *sharename)
{
NTSTATUS status;
struct libnet_context* libnetctx;
struct libnet_DelShare r;
printf("Deleting share %s\n", sharename);
if (!(libnetctx = libnet_context_init(tctx->ev, tctx->lp_ctx))) {
return false;
}
libnetctx->cred = cmdline_credentials;
r.in.share_name = sharename;
r.in.server_name = host;
status = libnet_DelShare(libnetctx, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
d_printf("Failed to delete share: %s (%s)\n",
nt_errstr(status), r.out.error_string);
return false;
}
return true;
}
bool torture_delshare(struct torture_context *torture)
{
struct dcerpc_pipe *p;
struct dcerpc_binding *binding;
struct libnet_context* libnetctx;
const char *host;
NTSTATUS status;
bool ret = true;
struct libnet_DelShare share;
host = torture_setting_string(torture, "host", NULL);
status = torture_rpc_binding(torture, &binding);
torture_assert_ntstatus_ok(torture, status, "Failed to get binding");
libnetctx = libnet_context_init(torture->ev, torture->lp_ctx);
libnetctx->cred = popt_get_cmdline_credentials();
status = torture_rpc_connection(torture,
&p,
&ndr_table_srvsvc);
torture_assert_ntstatus_ok(torture, status, "Failed to get rpc connection");
if (!test_addshare(torture, p->binding_handle, torture, host, TEST_SHARENAME)) {
return false;
}
share.in.server_name = dcerpc_binding_get_string_option(binding, "host");
share.in.share_name = TEST_SHARENAME;
status = libnet_DelShare(libnetctx, torture, &share);
torture_assert_ntstatus_ok(torture, status, "Failed to delete share");
return ret;
}
static int net_export_keytab(struct net_context *ctx, int argc, const char **argv)
{
NTSTATUS status;
struct libnet_context *libnetctx;
struct libnet_export_keytab r;
switch (argc) {
case 0:
return net_export_keytab_usage(ctx, argc, argv);
break;
case 1:
r.in.keytab_name = argv[0];
break;
}
libnetctx = libnet_context_init(ctx->event_ctx, ctx->lp_ctx);
if (!libnetctx) {
return -1;
}
libnetctx->cred = ctx->credentials;
r.out.error_string = NULL;
status = libnet_export_keytab(libnetctx, ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("libnet_export_keytab returned %s: %s\n",
nt_errstr(status),
r.out.error_string));
return -1;
}
talloc_free(libnetctx);
return 0;
}
bool torture_domain_open_samr(struct torture_context *torture)
{
NTSTATUS status;
struct libnet_context *ctx;
TALLOC_CTX *mem_ctx;
struct policy_handle domain_handle, handle;
struct libnet_DomainOpen io;
struct samr_Close r;
const char *domain_name;
bool ret = true;
mem_ctx = talloc_init("test_domainopen_lsa");
ctx = libnet_context_init(torture->ev, torture->lp_ctx);
ctx->cred = cmdline_credentials;
/* we're accessing domain controller so the domain name should be
passed (it's going to be resolved to dc name and address) instead
of specific server name. */
domain_name = lpcfg_workgroup(torture->lp_ctx);
/*
* Testing synchronous version
*/
torture_comment(torture, "opening domain\n");
io.in.type = DOMAIN_SAMR;
io.in.domain_name = domain_name;
io.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
status = libnet_DomainOpen(ctx, mem_ctx, &io);
if (!NT_STATUS_IS_OK(status)) {
torture_comment(torture, "Composite domain open failed for domain '%s' - %s\n",
domain_name, nt_errstr(status));
ret = false;
goto done;
}
domain_handle = ctx->samr.handle;
r.in.handle = &domain_handle;
r.out.handle = &handle;
torture_comment(torture, "closing domain handle\n");
torture_assert_ntstatus_ok(torture,
dcerpc_samr_Close_r(ctx->samr.pipe->binding_handle, mem_ctx, &r),
"Close failed");
torture_assert_ntstatus_ok(torture, r.out.result,
"Close failed");
done:
talloc_free(mem_ctx);
talloc_free(ctx);
return ret;
}
int net_vampire(struct net_context *ctx, int argc, const char **argv)
{
NTSTATUS status;
struct libnet_context *libnetctx;
struct libnet_Vampire *r;
char *tmp, *targetdir = NULL;
const char *domain_name;
switch (argc) {
case 0: /* no args -> fail */
return net_vampire_usage(ctx, argc, argv);
case 1: /* only DOMAIN */
tmp = talloc_strdup(ctx, argv[0]);
break;
case 2: /* domain and target dir */
tmp = talloc_strdup(ctx, argv[0]);
targetdir = talloc_strdup(ctx, argv[1]);
break;
default: /* too many args -> fail */
return net_vampire_usage(ctx, argc, argv);
}
domain_name = tmp;
libnetctx = libnet_context_init(ctx->event_ctx, ctx->lp_ctx);
if (!libnetctx) {
return -1;
}
libnetctx->cred = ctx->credentials;
r = talloc(ctx, struct libnet_Vampire);
if (!r) {
return -1;
}
/* prepare parameters for the vampire */
r->in.netbios_name = lp_netbios_name(ctx->lp_ctx);
r->in.domain_name = domain_name;
r->in.targetdir = targetdir;
r->out.error_string = NULL;
/* do the domain vampire */
status = libnet_Vampire(libnetctx, r, r);
if (!NT_STATUS_IS_OK(status)) {
d_fprintf(stderr, "Vampire of domain failed: %s\n",
r->out.error_string ? r->out.error_string : nt_errstr(status));
talloc_free(r);
talloc_free(libnetctx);
return -1;
}
d_printf("Vampired domain %s (%s)\n", r->out.domain_name, dom_sid_string(ctx, r->out.domain_sid));
talloc_free(libnetctx);
return 0;
}
static int ejs_net_context(MprVarHandle eid, int argc, struct MprVar **argv)
{
TALLOC_CTX *event_mem_ctx = talloc_new(mprMemCtx());
struct cli_credentials *creds;
struct libnet_context *ctx;
struct MprVar obj;
struct event_context *ev;
if (!event_mem_ctx) {
ejsSetErrorMsg(eid, "talloc_new() failed");
return -1;
}
ev = event_context_find(event_mem_ctx);
ctx = libnet_context_init(ev);
/* IF we generated a new event context, it will be under here,
* and we need it to last as long as the libnet context, so
* make it a child */
talloc_steal(ctx, event_mem_ctx);
if (argc == 0 || (argc == 1 && argv[0]->type == MPR_TYPE_NULL)) {
creds = cli_credentials_init(ctx);
if (creds == NULL) {
ejsSetErrorMsg(eid, "cli_credential_init() failed");
talloc_free(ctx);
return -1;
}
cli_credentials_set_conf(creds);
cli_credentials_set_anonymous(creds);
} else if (argc == 1 && argv[0]->type == MPR_TYPE_OBJECT) {
/* get credential values from credentials object */
creds = mprGetPtr(argv[0], "creds");
if (creds == NULL) {
ejsSetErrorMsg(eid, "userAuth requires a 'creds' first parameter");
talloc_free(ctx);
return -1;
}
} else {
ejsSetErrorMsg(eid, "NetContext invalid arguments, this function requires an object.");
talloc_free(ctx);
return -1;
}
ctx->cred = creds;
obj = mprObject("NetCtx");
mprSetPtrChild(&obj, "ctx", ctx);
mprSetCFunction(&obj, "UserMgr", ejs_net_userman);
mprSetCFunction(&obj, "JoinDomain", ejs_net_join_domain);
mprSetCFunction(&obj, "SamSyncLdb", ejs_net_samsync_ldb);
mpr_Return(eid, obj);
return 0;
}
BOOL torture_listshares(struct torture_context *torture)
{
struct libnet_ListShares share;
NTSTATUS status;
uint32_t levels[] = { 0, 1, 2, 501, 502 };
int i;
BOOL ret = True;
struct libnet_context* libnetctx;
const char *binding;
struct dcerpc_binding *bind;
TALLOC_CTX *mem_ctx;
mem_ctx = talloc_init("test_listshares");
binding = torture_setting_string(torture, "binding", NULL);
status = dcerpc_parse_binding(mem_ctx, binding, &bind);
if (!NT_STATUS_IS_OK(status)) {
printf("Error while parsing the binding string\n");
ret = False;
goto done;
}
libnetctx = libnet_context_init(NULL);
if (!libnetctx) {
printf("Couldn't allocate libnet context\n");
ret = False;
goto done;
}
libnetctx->cred = cmdline_credentials;
printf("Testing libnet_ListShare\n");
share.in.server_name = talloc_asprintf(mem_ctx, "%s", bind->host);
for (i = 0; i < ARRAY_SIZE(levels); i++) {
share.in.level = levels[i];
printf("testing libnet_ListShare level %u\n", share.in.level);
status = libnet_ListShares(libnetctx, mem_ctx, &share);
if (!NT_STATUS_IS_OK(status)) {
printf("libnet_ListShare level %u failed - %s\n", share.in.level, share.out.error_string);
ret = False;
goto done;
}
printf("listing shares:\n");
test_displayshares(share);
}
done:
talloc_free(mem_ctx);
return ret;
}
BOOL torture_domain_open_lsa(struct torture_context *torture)
{
NTSTATUS status;
BOOL ret = True;
struct libnet_context *ctx;
struct libnet_DomainOpen r;
struct lsa_Close close;
struct dcerpc_binding *binding;
struct policy_handle h;
const char *bindstr;
bindstr = torture_setting_string(torture, "binding", NULL);
status = dcerpc_parse_binding(torture, bindstr, &binding);
if (!NT_STATUS_IS_OK(status)) {
d_printf("failed to parse binding string\n");
return False;
}
ctx = libnet_context_init(NULL);
if (ctx == NULL) {
d_printf("failed to create libnet context\n");
return False;
}
ctx->cred = cmdline_credentials;
ZERO_STRUCT(r);
r.in.type = DOMAIN_LSA;
r.in.domain_name = binding->host;
r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
status = libnet_DomainOpen(ctx, torture, &r);
if (!NT_STATUS_IS_OK(status)) {
d_printf("failed to open domain on lsa service: %s\n", nt_errstr(status));
ret = False;
goto done;
}
ZERO_STRUCT(close);
close.in.handle = &ctx->lsa.handle;
close.out.handle = &h;
status = dcerpc_lsa_Close(ctx->lsa.pipe, ctx, &close);
if (!NT_STATUS_IS_OK(status)) {
d_printf("failed to close domain on lsa service: %s\n", nt_errstr(status));
ret = False;
}
done:
talloc_free(ctx);
return ret;
}
bool torture_listshares(struct torture_context *torture)
{
struct libnet_ListShares share;
NTSTATUS status;
uint32_t levels[] = { 0, 1, 2, 501, 502 };
int i;
bool ret = true;
struct libnet_context* libnetctx;
struct dcerpc_binding *binding;
TALLOC_CTX *mem_ctx;
mem_ctx = talloc_init("test_listshares");
status = torture_rpc_binding(torture, &binding);
if (!NT_STATUS_IS_OK(status)) {
ret = false;
goto done;
}
libnetctx = libnet_context_init(torture->ev, torture->lp_ctx);
if (!libnetctx) {
torture_comment(torture, "Couldn't allocate libnet context\n");
ret = false;
goto done;
}
libnetctx->cred = popt_get_cmdline_credentials();
torture_comment(torture, "Testing libnet_ListShare\n");
share.in.server_name = dcerpc_binding_get_string_option(binding, "host");
for (i = 0; i < ARRAY_SIZE(levels); i++) {
share.in.level = levels[i];
torture_comment(torture, "Testing libnet_ListShare level %u\n", share.in.level);
status = libnet_ListShares(libnetctx, mem_ctx, &share);
if (!NT_STATUS_IS_OK(status)) {
torture_comment(torture, "libnet_ListShare level %u failed - %s\n", share.in.level, share.out.error_string);
ret = false;
goto done;
}
torture_comment(torture, "listing shares:\n");
test_displayshares(torture, share);
}
done:
talloc_free(mem_ctx);
return ret;
}
static bool torture_rpc_connect(struct torture_context *torture,
const enum libnet_RpcConnect_level level,
const char *bindstr, const char *hostname)
{
struct libnet_context *ctx;
ctx = libnet_context_init(torture->ev, torture->lp_ctx);
ctx->cred = cmdline_credentials;
torture_comment(torture, "Testing connection to LSA interface\n");
if (!test_connect_service(torture, ctx, &ndr_table_lsarpc, bindstr,
hostname, level, false, NT_STATUS_OK)) {
torture_comment(torture, "failed to connect LSA interface\n");
return false;
}
torture_comment(torture, "Testing connection to SAMR interface\n");
if (!test_connect_service(torture, ctx, &ndr_table_samr, bindstr,
hostname, level, false, NT_STATUS_OK)) {
torture_comment(torture, "failed to connect SAMR interface\n");
return false;
}
torture_comment(torture, "Testing connection to SRVSVC interface\n");
if (!test_connect_service(torture, ctx, &ndr_table_srvsvc, bindstr,
hostname, level, false, NT_STATUS_OK)) {
torture_comment(torture, "failed to connect SRVSVC interface\n");
return false;
}
torture_comment(torture, "Testing connection to LSA interface with wrong credentials\n");
if (!test_connect_service(torture, ctx, &ndr_table_lsarpc, bindstr,
hostname, level, true, NT_STATUS_LOGON_FAILURE)) {
torture_comment(torture, "failed to test wrong credentials on LSA interface\n");
return false;
}
torture_comment(torture, "Testing connection to SAMR interface with wrong credentials\n");
if (!test_connect_service(torture, ctx, &ndr_table_samr, bindstr,
hostname, level, true, NT_STATUS_LOGON_FAILURE)) {
torture_comment(torture, "failed to test wrong credentials on SAMR interface\n");
return false;
}
talloc_free(ctx);
return true;
}
BOOL torture_domain_open_lsa(struct torture_context *torture)
{
NTSTATUS status;
BOOL ret = True;
struct libnet_context *ctx;
struct libnet_DomainOpen r;
struct lsa_Close lsa_close;
struct policy_handle h;
const char *domain_name;
/* we're accessing domain controller so the domain name should be
passed (it's going to be resolved to dc name and address) instead
of specific server name. */
domain_name = lp_workgroup();
ctx = libnet_context_init(NULL);
if (ctx == NULL) {
d_printf("failed to create libnet context\n");
return False;
}
ctx->cred = cmdline_credentials;
ZERO_STRUCT(r);
r.in.type = DOMAIN_LSA;
r.in.domain_name = domain_name;
r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
status = libnet_DomainOpen(ctx, torture, &r);
if (!NT_STATUS_IS_OK(status)) {
d_printf("failed to open domain on lsa service: %s\n", nt_errstr(status));
ret = False;
goto done;
}
ZERO_STRUCT(lsa_close);
lsa_close.in.handle = &ctx->lsa.handle;
lsa_close.out.handle = &h;
status = dcerpc_lsa_Close(ctx->lsa.pipe, ctx, &lsa_close);
if (!NT_STATUS_IS_OK(status)) {
d_printf("failed to close domain on lsa service: %s\n", nt_errstr(status));
ret = False;
}
done:
talloc_free(ctx);
return ret;
}
static BOOL torture_rpc_connect(struct torture_context *torture,
const enum libnet_RpcConnect_level level,
const char *bindstr, const char *hostname)
{
struct libnet_context *ctx;
ctx = libnet_context_init(NULL);
ctx->cred = cmdline_credentials;
d_printf("Testing connection to LSA interface\n");
if (!test_connect_service(ctx, &dcerpc_table_lsarpc, bindstr,
hostname, level, False, NT_STATUS_OK)) {
d_printf("failed to connect LSA interface\n");
return False;
}
d_printf("Testing connection to SAMR interface\n");
if (!test_connect_service(ctx, &dcerpc_table_samr, bindstr,
hostname, level, False, NT_STATUS_OK)) {
d_printf("failed to connect SAMR interface\n");
return False;
}
d_printf("Testing connection to SRVSVC interface\n");
if (!test_connect_service(ctx, &dcerpc_table_srvsvc, bindstr,
hostname, level, False, NT_STATUS_OK)) {
d_printf("failed to connect SRVSVC interface\n");
return False;
}
d_printf("Testing connection to LSA interface with wrong credentials\n");
if (!test_connect_service(ctx, &dcerpc_table_lsarpc, bindstr,
hostname, level, True, NT_STATUS_LOGON_FAILURE)) {
d_printf("failed to test wrong credentials on LSA interface\n");
return False;
}
d_printf("Testing connection to SAMR interface with wrong credentials\n");
if (!test_connect_service(ctx, &dcerpc_table_samr, bindstr,
hostname, level, True, NT_STATUS_LOGON_FAILURE)) {
d_printf("failed to test wrong credentials on SAMR interface\n");
return False;
}
talloc_free(ctx);
return True;
}
BOOL torture_delshare(struct torture_context *torture)
{
struct dcerpc_pipe *p;
struct dcerpc_binding *bind;
struct libnet_context* libnetctx;
const char *host, *binding;
TALLOC_CTX *mem_ctx;
NTSTATUS status;
BOOL ret = True;
struct libnet_DelShare share;
mem_ctx = talloc_init("test_listshares");
host = torture_setting_string(torture, "host", NULL);
binding = torture_setting_string(torture, "binding", NULL);
status = dcerpc_parse_binding(mem_ctx, binding, &bind);
if (!NT_STATUS_IS_OK(status)) {
printf("Error while parsing the binding string\n");
ret = False;
goto done;
}
libnetctx = libnet_context_init(NULL);
libnetctx->cred = cmdline_credentials;
status = torture_rpc_connection(mem_ctx,
&p,
&dcerpc_table_srvsvc);
if (!test_addshare(p, mem_ctx, host, TEST_SHARENAME)) {
ret = False;
goto done;
}
share.in.server_name = bind->host;
share.in.share_name = TEST_SHARENAME;
status = libnet_DelShare(libnetctx, mem_ctx, &share);
if (!NT_STATUS_IS_OK(status)) {
ret = False;
goto done;
}
done:
talloc_free(mem_ctx);
return ret;
}
/**
* Create and initialize libnet_context Context.
* Use this function in cases where we need to have SAMR and LSA pipes
* of libnet_context to be connected before executing any other
* libnet call
*
* @param rpc_connect [in] Connects SAMR and LSA pipes
*/
bool test_libnet_context_init(struct torture_context *tctx,
bool rpc_connect,
struct libnet_context **_net_ctx)
{
NTSTATUS status;
bool bret = true;
struct libnet_context *net_ctx;
net_ctx = libnet_context_init(tctx->ev, tctx->lp_ctx);
torture_assert(tctx, net_ctx != NULL, "Failed to create libnet_context");
/* Use command line credentials for testing */
net_ctx->cred = cmdline_credentials;
if (rpc_connect) {
/* connect SAMR pipe */
status = torture_rpc_connection(tctx,
&net_ctx->samr.pipe,
&ndr_table_samr);
torture_assert_ntstatus_ok_goto(tctx, status, bret, done,
"Failed to connect SAMR pipe");
net_ctx->samr.samr_handle = net_ctx->samr.pipe->binding_handle;
/* connect LSARPC pipe */
status = torture_rpc_connection(tctx,
&net_ctx->lsa.pipe,
&ndr_table_lsarpc);
torture_assert_ntstatus_ok_goto(tctx, status, bret, done,
"Failed to connect LSA pipe");
net_ctx->lsa.lsa_handle = net_ctx->lsa.pipe->binding_handle;
}
*_net_ctx = net_ctx;
done:
if (!bret) {
/* a previous call has failed,
* clean up memory before exit */
talloc_free(net_ctx);
}
return bret;
}
bool torture_creategroup(struct torture_context *torture)
{
bool ret = true;
NTSTATUS status;
TALLOC_CTX *mem_ctx = NULL;
struct libnet_context *ctx;
struct libnet_CreateGroup req;
mem_ctx = talloc_init("test_creategroup");
ctx = libnet_context_init(torture->ev, torture->lp_ctx);
ctx->cred = popt_get_cmdline_credentials();
req.in.group_name = TEST_GROUPNAME;
req.in.domain_name = lpcfg_workgroup(torture->lp_ctx);
req.out.error_string = NULL;
status = libnet_CreateGroup(ctx, mem_ctx, &req);
if (!NT_STATUS_IS_OK(status)) {
torture_comment(torture, "libnet_CreateGroup call failed: %s\n", nt_errstr(status));
ret = false;
goto done;
}
if (!test_group_cleanup(torture, ctx->samr.pipe->binding_handle,
mem_ctx, &ctx->samr.handle, TEST_GROUPNAME)) {
torture_comment(torture, "cleanup failed\n");
ret = false;
goto done;
}
if (!test_samr_close_handle(torture,
ctx->samr.pipe->binding_handle, mem_ctx, &ctx->samr.handle)) {
torture_comment(torture, "domain close failed\n");
ret = false;
}
done:
talloc_free(ctx);
talloc_free(mem_ctx);
return ret;
}
static int net_password_change(struct net_context *ctx, int argc, const char **argv)
{
NTSTATUS status;
struct libnet_context *libnetctx;
union libnet_ChangePassword r;
char *password_prompt = NULL;
const char *new_password;
if (argc > 0 && argv[0]) {
new_password = argv[0];
} else {
password_prompt = talloc_asprintf(ctx, "Enter new password for account [%s\\%s]:",
cli_credentials_get_domain(ctx->credentials),
cli_credentials_get_username(ctx->credentials));
new_password = getpass(password_prompt);
}
libnetctx = libnet_context_init(ctx->event_ctx, ctx->lp_ctx);
if (!libnetctx) {
return -1;
}
libnetctx->cred = ctx->credentials;
/* prepare password change */
r.generic.level = LIBNET_CHANGE_PASSWORD_GENERIC;
r.generic.in.account_name = cli_credentials_get_username(ctx->credentials);
r.generic.in.domain_name = cli_credentials_get_domain(ctx->credentials);
r.generic.in.oldpassword = cli_credentials_get_password(ctx->credentials);
r.generic.in.newpassword = new_password;
/* do password change */
status = libnet_ChangePassword(libnetctx, ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("net_password_change: %s\n",r.generic.out.error_string));
return -1;
}
talloc_free(libnetctx);
return 0;
}
bool torture_domainopen(struct torture_context *torture)
{
NTSTATUS status;
struct libnet_context *net_ctx;
TALLOC_CTX *mem_ctx;
bool ret = true;
struct policy_handle h;
struct lsa_String name;
mem_ctx = talloc_init("test_domain_open");
net_ctx = libnet_context_init(torture->ev, torture->lp_ctx);
status = torture_rpc_connection(torture,
&net_ctx->samr.pipe,
&ndr_table_samr);
if (!NT_STATUS_IS_OK(status)) {
return false;
}
name.string = lp_workgroup(torture->lp_ctx);
/*
* Testing synchronous version
*/
if (!test_domainopen(net_ctx, mem_ctx, &name, &h)) {
ret = false;
goto done;
}
if (!test_cleanup(net_ctx->samr.pipe, mem_ctx, &h)) {
ret = false;
goto done;
}
done:
talloc_free(mem_ctx);
return ret;
}
static bool test_NetShareAdd(TALLOC_CTX *mem_ctx,
struct torture_context *tctx,
const char *host,
const char *sharename,
const char *dir)
{
NTSTATUS status;
struct srvsvc_NetShareInfo2 i;
struct libnet_context* libnetctx;
struct libnet_AddShare r;
printf("Creating share %s\n", sharename);
if (!(libnetctx = libnet_context_init(tctx->ev, tctx->lp_ctx))) {
return false;
}
libnetctx->cred = cmdline_credentials;
i.name = sharename;
i.type = STYPE_DISKTREE;
i.path = dir;
i.max_users = (uint32_t) -1;
i.comment = "created by smbtorture";
i.password = NULL;
i.permissions = 0x0;
i.current_users = 0x0;
r.level = 2;
r.in.server_name = host;
r.in.share = i;
status = libnet_AddShare(libnetctx, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
d_printf("Failed to add new share: %s (%s)\n",
nt_errstr(status), r.out.error_string);
return false;
}
return true;
}
int net_samdump(struct net_context *ctx, int argc, const char **argv)
{
NTSTATUS status;
struct libnet_context *libnetctx;
struct libnet_SamDump r;
int rc;
switch (argc) {
case 0:
break;
case 1:
default:
rc = net_run_function(ctx, argc, argv, net_samdump_functable,
net_samdump_usage);
return rc;
}
libnetctx = libnet_context_init(ctx->event_ctx, ctx->lp_ctx);
if (!libnetctx) {
return -1;
}
libnetctx->cred = ctx->credentials;
r.out.error_string = NULL;
r.in.machine_account = NULL;
r.in.binding_string = NULL;
status = libnet_SamDump(libnetctx, ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("libnet_SamDump returned %s: %s\n",
nt_errstr(status),
r.out.error_string));
return -1;
}
talloc_free(libnetctx);
return 0;
}
static int net_user_delete(struct net_context *ctx, int argc, const char **argv)
{
NTSTATUS status;
struct libnet_context *lnet_ctx;
struct libnet_DeleteUser r;
char *user_name;
/* command line argument preparation */
switch (argc) {
case 0:
return net_user_usage(ctx, argc, argv);
break;
case 1:
user_name = talloc_strdup(ctx, argv[0]);
break;
default:
return net_user_usage(ctx, argc, argv);
}
/* libnet context init and its params */
lnet_ctx = libnet_context_init(ctx->event_ctx, ctx->lp_ctx);
if (!lnet_ctx) return -1;
lnet_ctx->cred = ctx->credentials;
/* calling DeleteUser function */
r.in.user_name = user_name;
r.in.domain_name = cli_credentials_get_domain(lnet_ctx->cred);
status = libnet_DeleteUser(lnet_ctx, ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("Failed to delete user account: %s\n",
r.out.error_string));
return -1;
}
talloc_free(lnet_ctx);
return 0;
}
bool torture_domain_close_lsa(struct torture_context *torture)
{
bool ret = true;
NTSTATUS status;
TALLOC_CTX *mem_ctx=NULL;
struct libnet_context *ctx;
struct lsa_String domain_name;
struct dcerpc_binding *binding;
uint32_t access_mask;
struct policy_handle h;
struct dcerpc_pipe *p;
struct libnet_DomainClose r;
status = torture_rpc_binding(torture, &binding);
if (!NT_STATUS_IS_OK(status)) {
return false;
}
ctx = libnet_context_init(torture->ev, torture->lp_ctx);
if (ctx == NULL) {
d_printf("failed to create libnet context\n");
ret = false;
goto done;
}
ctx->cred = cmdline_credentials;
mem_ctx = talloc_init("torture_domain_close_lsa");
status = dcerpc_pipe_connect_b(mem_ctx, &p, binding, &ndr_table_lsarpc,
cmdline_credentials, torture->ev, torture->lp_ctx);
if (!NT_STATUS_IS_OK(status)) {
d_printf("failed to connect to server: %s\n", nt_errstr(status));
ret = false;
goto done;
}
domain_name.string = lp_workgroup(torture->lp_ctx);
if (!test_opendomain_lsa(p, torture, &h, &domain_name, &access_mask)) {
d_printf("failed to open domain on lsa service\n");
ret = false;
goto done;
}
ctx->lsa.pipe = p;
ctx->lsa.name = domain_name.string;
ctx->lsa.access_mask = access_mask;
ctx->lsa.handle = h;
/* we have to use pipe's event context, otherwise the call will
hang indefinitely */
ctx->event_ctx = p->conn->event_ctx;
ZERO_STRUCT(r);
r.in.type = DOMAIN_LSA;
r.in.domain_name = domain_name.string;
status = libnet_DomainClose(ctx, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
ret = false;
goto done;
}
done:
talloc_free(mem_ctx);
talloc_free(ctx);
return ret;
}
static int net_password_set(struct net_context *ctx, int argc, const char **argv)
{
NTSTATUS status;
struct libnet_context *libnetctx;
union libnet_SetPassword r;
char *password_prompt = NULL;
char *p;
char *tmp;
const char *account_name;
const char *domain_name;
const char *new_password = NULL;
switch (argc) {
case 0: /* no args -> fail */
return net_password_set_usage(ctx, argc, argv);
case 1: /* only DOM\\user; prompt for password */
tmp = talloc_strdup(ctx, argv[0]);
break;
case 2: /* DOM\\USER and password */
tmp = talloc_strdup(ctx, argv[0]);
new_password = argv[1];
break;
default: /* too mayn args -> fail */
DEBUG(0,("net_password_set: too many args [%d]\n",argc));
return net_password_usage(ctx, argc, argv);
}
if ((p = strchr_m(tmp,'\\'))) {
*p = 0;
domain_name = tmp;
account_name = talloc_strdup(ctx, p+1);
} else {
account_name = tmp;
domain_name = cli_credentials_get_domain(ctx->credentials);
}
if (!new_password) {
password_prompt = talloc_asprintf(ctx, "Enter new password for account [%s\\%s]:",
domain_name, account_name);
new_password = getpass(password_prompt);
}
libnetctx = libnet_context_init(ctx->event_ctx, ctx->lp_ctx);
if (!libnetctx) {
return -1;
}
libnetctx->cred = ctx->credentials;
/* prepare password change */
r.generic.level = LIBNET_SET_PASSWORD_GENERIC;
r.generic.in.account_name = account_name;
r.generic.in.domain_name = domain_name;
r.generic.in.newpassword = new_password;
/* do password change */
status = libnet_SetPassword(libnetctx, ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("net_password_set: %s\n",r.generic.out.error_string));
return -1;
}
talloc_free(libnetctx);
return 0;
}
bool torture_domain_list(struct torture_context *torture)
{
bool ret = true;
NTSTATUS status;
TALLOC_CTX *mem_ctx = NULL;
struct dcerpc_binding *binding;
struct libnet_context *ctx;
struct libnet_DomainList r;
int i;
status = torture_rpc_binding(torture, &binding);
if (!NT_STATUS_IS_OK(status)) {
return false;
}
ctx = libnet_context_init(torture->ev, torture->lp_ctx);
if (ctx == NULL) {
torture_comment(torture, "failed to create libnet context\n");
ret = false;
goto done;
}
ctx->cred = cmdline_credentials;
mem_ctx = talloc_init("torture_domain_close_samr");
/*
* querying the domain list using default buffer size
*/
ZERO_STRUCT(r);
r.in.hostname = dcerpc_binding_get_string_option(binding, "host");
status = libnet_DomainList(ctx, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
ret = false;
goto done;
}
torture_comment(torture, "Received list or domains (everything in one piece):\n");
for (i = 0; i < r.out.count; i++) {
torture_comment(torture, "Name[%d]: %s\n", i, r.out.domains[i].name);
}
/*
* querying the domain list using specified (much smaller) buffer size
*/
ctx->samr.buf_size = 32;
ZERO_STRUCT(r);
r.in.hostname = dcerpc_binding_get_string_option(binding, "host");
status = libnet_DomainList(ctx, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
ret = false;
goto done;
}
torture_comment(torture, "Received list or domains (collected in more than one round):\n");
for (i = 0; i < r.out.count; i++) {
torture_comment(torture, "Name[%d]: %s\n", i, r.out.domains[i].name);
}
done:
torture_comment(torture, "\nStatus: %s\n", nt_errstr(status));
talloc_free(mem_ctx);
talloc_free(ctx);
return ret;
}
_PUBLIC_ struct test_join *torture_join_domain(struct torture_context *tctx,
const char *machine_name,
uint32_t acct_flags,
struct cli_credentials **machine_credentials)
{
NTSTATUS status;
struct libnet_context *libnet_ctx;
struct libnet_JoinDomain *libnet_r;
struct test_join *tj;
struct samr_SetUserInfo s;
union samr_UserInfo u;
tj = talloc(tctx, struct test_join);
if (!tj) return NULL;
libnet_r = talloc(tj, struct libnet_JoinDomain);
if (!libnet_r) {
talloc_free(tj);
return NULL;
}
libnet_ctx = libnet_context_init(tctx->ev, tctx->lp_ctx);
if (!libnet_ctx) {
talloc_free(tj);
return NULL;
}
tj->libnet_r = libnet_r;
libnet_ctx->cred = cmdline_credentials;
libnet_r->in.binding = torture_setting_string(tctx, "binding", NULL);
if (!libnet_r->in.binding) {
libnet_r->in.binding = talloc_asprintf(libnet_r, "ncacn_np:%s", torture_setting_string(tctx, "host", NULL));
}
libnet_r->in.level = LIBNET_JOINDOMAIN_SPECIFIED;
libnet_r->in.netbios_name = machine_name;
libnet_r->in.account_name = talloc_asprintf(libnet_r, "%s$", machine_name);
if (!libnet_r->in.account_name) {
talloc_free(tj);
return NULL;
}
libnet_r->in.acct_type = acct_flags;
libnet_r->in.recreate_account = true;
status = libnet_JoinDomain(libnet_ctx, libnet_r, libnet_r);
if (!NT_STATUS_IS_OK(status)) {
if (libnet_r->out.error_string) {
DEBUG(0, ("Domain join failed - %s\n", libnet_r->out.error_string));
} else {
DEBUG(0, ("Domain join failed - %s\n", nt_errstr(status)));
}
talloc_free(tj);
return NULL;
}
tj->p = libnet_r->out.samr_pipe;
tj->user_handle = *libnet_r->out.user_handle;
tj->dom_sid = libnet_r->out.domain_sid;
talloc_steal(tj, libnet_r->out.domain_sid);
tj->dom_netbios_name = libnet_r->out.domain_name;
talloc_steal(tj, libnet_r->out.domain_name);
tj->dom_dns_name = libnet_r->out.realm;
talloc_steal(tj, libnet_r->out.realm);
tj->user_guid = libnet_r->out.account_guid;
tj->netbios_name = talloc_strdup(tj, machine_name);
if (!tj->netbios_name) {
talloc_free(tj);
return NULL;
}
ZERO_STRUCT(u);
s.in.user_handle = &tj->user_handle;
s.in.info = &u;
s.in.level = 21;
u.info21.fields_present = SAMR_FIELD_DESCRIPTION | SAMR_FIELD_COMMENT | SAMR_FIELD_FULL_NAME;
u.info21.comment.string = talloc_asprintf(tj,
"Tortured by Samba4: %s",
timestring(tj, time(NULL)));
u.info21.full_name.string = talloc_asprintf(tj,
"Torture account for Samba4: %s",
timestring(tj, time(NULL)));
u.info21.description.string = talloc_asprintf(tj,
"Samba4 torture account created by host %s: %s",
lp_netbios_name(tctx->lp_ctx), timestring(tj, time(NULL)));
status = dcerpc_samr_SetUserInfo(tj->p, tj, &s);
if (!NT_STATUS_IS_OK(status)) {
printf("SetUserInfo (non-critical) failed - %s\n", nt_errstr(status));
}
*machine_credentials = cli_credentials_init(tj);
cli_credentials_set_conf(*machine_credentials, tctx->lp_ctx);
cli_credentials_set_workstation(*machine_credentials, machine_name, CRED_SPECIFIED);
cli_credentials_set_domain(*machine_credentials, libnet_r->out.domain_name, CRED_SPECIFIED);
if (libnet_r->out.realm) {
cli_credentials_set_realm(*machine_credentials, libnet_r->out.realm, CRED_SPECIFIED);
}
cli_credentials_set_username(*machine_credentials, libnet_r->in.account_name, CRED_SPECIFIED);
cli_credentials_set_password(*machine_credentials, libnet_r->out.join_password, CRED_SPECIFIED);
cli_credentials_set_kvno(*machine_credentials, libnet_r->out.kvno);
if (acct_flags & ACB_SVRTRUST) {
cli_credentials_set_secure_channel_type(*machine_credentials,
SEC_CHAN_BDC);
} else if (acct_flags & ACB_WSTRUST) {
cli_credentials_set_secure_channel_type(*machine_credentials,
SEC_CHAN_WKSTA);
} else {
DEBUG(0, ("Invalid account type specificed to torture_join_domain\n"));
talloc_free(*machine_credentials);
return NULL;
}
return tj;
}
struct composite_context *wb_init_domain_send(TALLOC_CTX *mem_ctx,
struct wbsrv_service *service,
struct wb_dom_info *dom_info)
{
struct composite_context *result, *ctx;
struct init_domain_state *state;
result = composite_create(mem_ctx, service->task->event_ctx);
if (result == NULL) goto failed;
state = talloc_zero(result, struct init_domain_state);
if (state == NULL) goto failed;
state->ctx = result;
result->private_data = state;
state->service = service;
state->domain = talloc(state, struct wbsrv_domain);
if (state->domain == NULL) goto failed;
state->domain->service = service;
state->domain->info = talloc_reference(state->domain, dom_info);
if (state->domain->info == NULL) goto failed;
state->domain->dc_name = dom_info->dc->name;
state->domain->dc_address = dom_info->dc->address;
state->domain->libnet_ctx = libnet_context_init(service->task->event_ctx,
service->task->lp_ctx);
if (state->domain->libnet_ctx == NULL) goto failed;
talloc_steal(state->domain, state->domain->libnet_ctx);
/* Create a credentials structure */
state->domain->libnet_ctx->cred = cli_credentials_init(state->domain);
if (state->domain->libnet_ctx->cred == NULL) goto failed;
cli_credentials_set_conf(state->domain->libnet_ctx->cred, service->task->lp_ctx);
/* Connect the machine account to the credentials */
state->ctx->status =
cli_credentials_set_machine_account(state->domain->libnet_ctx->cred, state->domain->libnet_ctx->lp_ctx);
if (!NT_STATUS_IS_OK(state->ctx->status)) goto failed;
state->domain->netlogon_binding = init_domain_binding(state, &ndr_table_netlogon);
state->domain->netlogon_pipe = NULL;
state->domain->netlogon_queue = tevent_queue_create(state->domain,
"netlogon_queue");
if (state->domain->netlogon_queue == NULL) goto failed;
/* We start the queue when the connection is usable */
tevent_queue_stop(state->domain->netlogon_queue);
if ((!cli_credentials_is_anonymous(state->domain->libnet_ctx->cred)) &&
((lpcfg_server_role(service->task->lp_ctx) == ROLE_DOMAIN_MEMBER) ||
(lpcfg_server_role(service->task->lp_ctx) == ROLE_ACTIVE_DIRECTORY_DC)) &&
(dom_sid_equal(state->domain->info->sid,
state->service->primary_sid))) {
uint32_t flags = DCERPC_SCHANNEL | DCERPC_SCHANNEL_AUTO;
/* For debugging, it can be a real pain if all the traffic is encrypted */
if (lpcfg_winbind_sealed_pipes(service->task->lp_ctx)) {
flags |= DCERPC_SIGN | DCERPC_SEAL;
} else {
flags |= DCERPC_SIGN;
}
state->ctx->status = dcerpc_binding_set_flags(state->domain->netlogon_binding,
flags, 0);
if (!NT_STATUS_IS_OK(state->ctx->status)) goto failed;
}
/* No encryption on anonymous pipes */
ctx = dcerpc_pipe_connect_b_send(state, state->domain->netlogon_binding,
&ndr_table_netlogon,
state->domain->libnet_ctx->cred,
service->task->event_ctx,
service->task->lp_ctx);
if (composite_nomem(ctx, state->ctx)) {
goto failed;
}
composite_continue(state->ctx, ctx, init_domain_recv_netlogonpipe,
state);
return result;
failed:
talloc_free(result);
return NULL;
}
bool torture_domain_close_samr(struct torture_context *torture)
{
bool ret = true;
NTSTATUS status;
TALLOC_CTX *mem_ctx = NULL;
struct libnet_context *ctx;
struct lsa_String domain_name;
struct dcerpc_binding *binding;
uint32_t access_mask;
struct policy_handle h;
struct dcerpc_pipe *p;
struct libnet_DomainClose r;
struct dom_sid *sid;
status = torture_rpc_binding(torture, &binding);
if (!NT_STATUS_IS_OK(status)) {
return false;
}
ctx = libnet_context_init(torture->ev, torture->lp_ctx);
if (ctx == NULL) {
d_printf("failed to create libnet context\n");
ret = false;
goto done;
}
ctx->cred = cmdline_credentials;
mem_ctx = talloc_init("torture_domain_close_samr");
status = dcerpc_pipe_connect_b(mem_ctx, &p, binding, &ndr_table_samr,
ctx->cred, torture->ev, torture->lp_ctx);
if (!NT_STATUS_IS_OK(status)) {
d_printf("failed to connect to server: %s\n", nt_errstr(status));
ret = false;
goto done;
}
domain_name.string = talloc_strdup(mem_ctx, lp_workgroup(torture->lp_ctx));
if (!test_opendomain_samr(p, torture, &h, &domain_name, &access_mask, &sid)) {
d_printf("failed to open domain on samr service\n");
ret = false;
goto done;
}
ctx->samr.pipe = p;
ctx->samr.name = talloc_steal(ctx, domain_name.string);
ctx->samr.access_mask = access_mask;
ctx->samr.handle = h;
ctx->samr.sid = talloc_steal(ctx, sid);
/* we have to use pipe's event context, otherwise the call will
hang indefinitely - this wouldn't be the case if pipe was opened
by means of libnet call */
ctx->event_ctx = p->conn->event_ctx;
ZERO_STRUCT(r);
r.in.type = DOMAIN_SAMR;
r.in.domain_name = domain_name.string;
status = libnet_DomainClose(ctx, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
ret = false;
goto done;
}
done:
talloc_free(mem_ctx);
talloc_free(ctx);
return ret;
}
BOOL torture_domain_close_samr(struct torture_context *torture)
{
BOOL ret = True;
NTSTATUS status;
TALLOC_CTX *mem_ctx = NULL;
struct libnet_context *ctx;
struct lsa_String domain_name;
struct dcerpc_binding *binding;
const char *bindstr;
uint32_t access_mask;
struct policy_handle h;
struct dcerpc_pipe *p;
struct libnet_DomainClose r;
bindstr = torture_setting_string(torture, "binding", NULL);
status = dcerpc_parse_binding(torture, bindstr, &binding);
if (!NT_STATUS_IS_OK(status)) {
d_printf("failed to parse binding string\n");
return False;
}
ctx = libnet_context_init(NULL);
if (ctx == NULL) {
d_printf("failed to create libnet context\n");
ret = False;
goto done;
}
ctx->cred = cmdline_credentials;
mem_ctx = talloc_init("torture_domain_close_samr");
status = dcerpc_pipe_connect(mem_ctx, &p, bindstr, &dcerpc_table_samr,
ctx->cred, NULL);
if (!NT_STATUS_IS_OK(status)) {
d_printf("failed to connect to server %s: %s\n", bindstr,
nt_errstr(status));
ret = False;
goto done;
}
domain_name.string = lp_workgroup();
if (!test_opendomain_samr(p, torture, &h, &domain_name, &access_mask)) {
d_printf("failed to open domain on samr service\n");
ret = False;
goto done;
}
ctx->samr.pipe = p;
ctx->samr.name = domain_name.string;
ctx->samr.access_mask = access_mask;
ctx->samr.handle = h;
/* we have to use pipe's event context, otherwise the call will
hang indefinitely - this wouldn't be the case if pipe was opened
by means of libnet call */
ctx->event_ctx = p->conn->event_ctx;
ZERO_STRUCT(r);
r.in.type = DOMAIN_SAMR;
r.in.domain_name = domain_name.string;
status = libnet_DomainClose(ctx, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
ret = False;
goto done;
}
done:
talloc_free(mem_ctx);
talloc_free(ctx);
return ret;
}
BOOL torture_domain_list(struct torture_context *torture)
{
BOOL ret = True;
NTSTATUS status;
TALLOC_CTX *mem_ctx = NULL;
const char *bindstr;
struct dcerpc_binding *binding;
struct libnet_context *ctx;
struct libnet_DomainList r;
int i;
bindstr = torture_setting_string(torture, "binding", NULL);
status = dcerpc_parse_binding(torture, bindstr, &binding);
if (!NT_STATUS_IS_OK(status)) {
d_printf("failed to parse binding string\n");
return False;
}
ctx = libnet_context_init(NULL);
if (ctx == NULL) {
d_printf("failed to create libnet context\n");
ret = False;
goto done;
}
ctx->cred = cmdline_credentials;
mem_ctx = talloc_init("torture_domain_close_samr");
/*
* querying the domain list using default buffer size
*/
ZERO_STRUCT(r);
r.in.hostname = binding->host;
status = libnet_DomainList(ctx, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
ret = False;
goto done;
}
d_printf("Received list or domains (everything in one piece):\n");
for (i = 0; i < r.out.count; i++) {
d_printf("Name[%d]: %s\n", i, r.out.domains[i].name);
}
/*
* querying the domain list using specified (much smaller) buffer size
*/
ctx->samr.buf_size = 32;
ZERO_STRUCT(r);
r.in.hostname = binding->host;
status = libnet_DomainList(ctx, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
ret = False;
goto done;
}
d_printf("Received list or domains (collected in more than one round):\n");
for (i = 0; i < r.out.count; i++) {
d_printf("Name[%d]: %s\n", i, r.out.domains[i].name);
}
done:
d_printf("\nStatus: %s\n", nt_errstr(status));
talloc_free(mem_ctx);
talloc_free(ctx);
return ret;
}
