static bool test_wbc_pingdc(struct torture_context *tctx)
{
struct wbcInterfaceDetails *details;
torture_assert_wbc_equal(tctx, wbcPingDc("random_string", NULL), WBC_ERR_DOMAIN_NOT_FOUND,
"%s", "wbcPingDc failed");
torture_assert_wbc_ok(tctx, wbcPingDc(NULL, NULL),
"%s", "wbcPingDc failed");
torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details),
"%s", "wbcInterfaceDetails failed");
torture_assert(tctx, details,
"wbcInterfaceDetails returned NULL pointer");
torture_assert(tctx, details->netbios_domain,
"wbcInterfaceDetails returned NULL netbios_domain");
torture_assert_wbc_ok(tctx, wbcPingDc(details->netbios_domain, NULL),
"wbcPingDc(%s) failed", details->netbios_domain);
torture_assert_wbc_ok(tctx, wbcPingDc("BUILTIN", NULL),
"%s", "wbcPingDc(BUILTIN) failed");
wbcFreeMemory(details);
return true;
}
static bool test_wbc_pingdc(struct torture_context *tctx)
{
torture_assert_wbc_equal(tctx, wbcPingDc("random_string", NULL), WBC_ERR_NOT_IMPLEMENTED,
"wbcPingDc failed");
torture_assert_wbc_ok(tctx, wbcPingDc(NULL, NULL),
"wbcPingDc failed");
return true;
}
static bool test_wbc_getgroups(struct torture_context *tctx)
{
wbcErr ret;
uint32_t num_groups;
gid_t *groups;
ret = wbcGetGroups(getenv("USERNAME"), &num_groups, &groups);
torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
"wbcGetGroups failed");
wbcFreeMemory(groups);
return true;
}
static bool test_wbc_getgroups(struct torture_context *tctx)
{
wbcErr ret;
uint32_t num_groups;
gid_t *groups;
ret = wbcGetGroups(cli_credentials_get_username(cmdline_credentials), &num_groups, &groups);
torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
"wbcGetGroups for %s failed", cli_credentials_get_username(cmdline_credentials));
wbcFreeMemory(groups);
return true;
}
static bool test_wbc_authenticate_user_int(struct torture_context *tctx,
const char *correct_password)
{
struct wbcAuthUserParams params;
struct wbcAuthUserInfo *info = NULL;
struct wbcAuthErrorInfo *error = NULL;
wbcErr ret;
ret = wbcAuthenticateUser(cli_credentials_get_username(cmdline_credentials), correct_password);
torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
"wbcAuthenticateUser of %s failed",
cli_credentials_get_username(cmdline_credentials));
ZERO_STRUCT(params);
params.account_name = cli_credentials_get_username(cmdline_credentials);
params.level = WBC_AUTH_USER_LEVEL_PLAIN;
params.password.plaintext = correct_password;
ret = wbcAuthenticateUserEx(¶ms, &info, &error);
torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
"wbcAuthenticateUserEx of %s failed", params.account_name);
wbcFreeMemory(info);
info = NULL;
wbcFreeMemory(error);
error = NULL;
params.password.plaintext = "wrong";
ret = wbcAuthenticateUserEx(¶ms, &info, &error);
torture_assert_wbc_equal(tctx, ret, WBC_ERR_AUTH_ERROR,
"wbcAuthenticateUserEx for %s succeeded where it "
"should have failed", params.account_name);
wbcFreeMemory(info);
info = NULL;
wbcFreeMemory(error);
error = NULL;
return true;
}
static bool test_wbc_resolve_winsbyname(struct torture_context *tctx)
{
const char *name;
char *ip;
wbcErr ret;
name = torture_setting_string(tctx, "host", NULL);
ret = wbcResolveWinsByName(name, &ip);
if (is_ipaddress(name)) {
torture_assert_wbc_equal(tctx, ret, WBC_ERR_DOMAIN_NOT_FOUND, "wbcResolveWinsByName failed");
} else {
torture_assert_wbc_ok(tctx, ret, "wbcResolveWinsByName failed");
}
return true;
}
static bool test_wbc_logon_user(struct torture_context *tctx)
{
struct wbcLogonUserParams params;
struct wbcLogonUserInfo *info = NULL;
struct wbcAuthErrorInfo *error = NULL;
struct wbcUserPasswordPolicyInfo *policy = NULL;
struct wbcInterfaceDetails *iface;
struct wbcDomainSid sid;
enum wbcSidType sidtype;
char *sidstr;
wbcErr ret;
ZERO_STRUCT(params);
ret = wbcLogonUser(¶ms, &info, &error, &policy);
torture_assert_wbc_equal(tctx, ret, WBC_ERR_INVALID_PARAM,
"wbcLogonUser succeeded where it should "
"have failed");
params.username = getenv("USERNAME");
params.password = getenv("PASSWORD");
ret = wbcAddNamedBlob(¶ms.num_blobs, ¶ms.blobs,
"foo", 0, discard_const_p(uint8_t, "bar"), 4);
torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
"wbcAddNamedBlob failed");
ret = wbcLogonUser(¶ms, &info, &error, &policy);
torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
"wbcLogonUser failed");
wbcFreeMemory(info); info = NULL;
wbcFreeMemory(error); error = NULL;
wbcFreeMemory(policy); policy = NULL;
params.password = "******";
ret = wbcLogonUser(¶ms, &info, &error, &policy);
torture_assert_wbc_equal(tctx, ret, WBC_ERR_AUTH_ERROR,
"wbcLogonUser should have failed with "
"WBC_ERR_AUTH_ERROR");
wbcFreeMemory(info); info = NULL;
wbcFreeMemory(error); error = NULL;
wbcFreeMemory(policy); policy = NULL;
ret = wbcAddNamedBlob(¶ms.num_blobs, ¶ms.blobs,
"membership_of", 0,
discard_const_p(uint8_t, "S-1-2-3-4"),
strlen("S-1-2-3-4")+1);
torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
"wbcAddNamedBlob failed");
params.password = getenv("PASSWORD");
ret = wbcLogonUser(¶ms, &info, &error, &policy);
torture_assert_wbc_equal(tctx, ret, WBC_ERR_AUTH_ERROR,
"wbcLogonUser should have failed with "
"WBC_ERR_AUTH_ERROR");
wbcFreeMemory(info); info = NULL;
wbcFreeMemory(error); error = NULL;
wbcFreeMemory(policy); policy = NULL;
wbcFreeMemory(params.blobs);
params.blobs = NULL; params.num_blobs = 0;
ret = wbcInterfaceDetails(&iface);
torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
"wbcInterfaceDetails failed");
ret = wbcLookupName(iface->netbios_domain, getenv("USERNAME"), &sid,
&sidtype);
wbcFreeMemory(iface);
torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
"wbcLookupName failed");
ret = wbcSidToString(&sid, &sidstr);
torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
"wbcSidToString failed");
ret = wbcAddNamedBlob(¶ms.num_blobs, ¶ms.blobs,
"membership_of", 0,
(uint8_t *)sidstr, strlen(sidstr)+1);
torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
"wbcAddNamedBlob failed");
wbcFreeMemory(sidstr);
params.password = getenv("PASSWORD");
ret = wbcLogonUser(¶ms, &info, &error, &policy);
torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
"wbcLogonUser failed");
wbcFreeMemory(info); info = NULL;
wbcFreeMemory(error); error = NULL;
wbcFreeMemory(policy); policy = NULL;
wbcFreeMemory(params.blobs);
params.blobs = NULL; params.num_blobs = 0;
return true;
}
static bool test_wbc_change_password(struct torture_context *tctx)
{
wbcErr ret;
const char *oldpass = getenv("PASSWORD");
const char *newpass = "******";
struct samr_CryptPassword new_nt_password;
struct samr_CryptPassword new_lm_password;
struct samr_Password old_nt_hash_enc;
struct samr_Password old_lanman_hash_enc;
uint8_t old_nt_hash[16];
uint8_t old_lanman_hash[16];
uint8_t new_nt_hash[16];
uint8_t new_lanman_hash[16];
struct wbcChangePasswordParams params;
if (oldpass == NULL) {
torture_skip(tctx,
"skipping wbcChangeUserPassword test as old password cannot be retrieved\n");
}
ZERO_STRUCT(params);
E_md4hash(oldpass, old_nt_hash);
E_md4hash(newpass, new_nt_hash);
if (lpcfg_client_lanman_auth(tctx->lp_ctx) &&
E_deshash(newpass, new_lanman_hash) &&
E_deshash(oldpass, old_lanman_hash)) {
/* E_deshash returns false for 'long' passwords (> 14
DOS chars). This allows us to match Win2k, which
does not store a LM hash for these passwords (which
would reduce the effective password length to 14) */
encode_pw_buffer(new_lm_password.data, newpass, STR_UNICODE);
arcfour_crypt(new_lm_password.data, old_nt_hash, 516);
E_old_pw_hash(new_nt_hash, old_lanman_hash,
old_lanman_hash_enc.hash);
params.old_password.response.old_lm_hash_enc_length =
sizeof(old_lanman_hash_enc.hash);
params.old_password.response.old_lm_hash_enc_data =
old_lanman_hash_enc.hash;
params.new_password.response.lm_length =
sizeof(new_lm_password.data);
params.new_password.response.lm_data =
new_lm_password.data;
} else {
ZERO_STRUCT(new_lm_password);
ZERO_STRUCT(old_lanman_hash_enc);
}
encode_pw_buffer(new_nt_password.data, newpass, STR_UNICODE);
arcfour_crypt(new_nt_password.data, old_nt_hash, 516);
E_old_pw_hash(new_nt_hash, old_nt_hash, old_nt_hash_enc.hash);
params.old_password.response.old_nt_hash_enc_length =
sizeof(old_nt_hash_enc.hash);
params.old_password.response.old_nt_hash_enc_data =
old_nt_hash_enc.hash;
params.new_password.response.nt_length = sizeof(new_nt_password.data);
params.new_password.response.nt_data = new_nt_password.data;
params.level = WBC_CHANGE_PASSWORD_LEVEL_RESPONSE;
params.account_name = getenv("USERNAME");
params.domain_name = "SAMBA-TEST";
ret = wbcChangeUserPasswordEx(¶ms, NULL, NULL, NULL);
torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
"wbcChangeUserPassword failed");
if (!test_wbc_authenticate_user_int(tctx, "Koo8irei")) {
return false;
}
ret = wbcChangeUserPassword(getenv("USERNAME"), "Koo8irei",
getenv("PASSWORD"));
torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
"wbcChangeUserPassword failed");
return test_wbc_authenticate_user_int(tctx, getenv("PASSWORD"));
}
