source: trunk/server/source4/torture/rap/sam.c

Last change on this file was 745, checked in by Silvan Scherrer, 13 years ago

Samba Server: updated trunk to 3.6.0
File size: 9.8 KB
Line 
1/*
2 Unix SMB/CIFS implementation.
3 test suite for RAP sam operations
4
5 Copyright (C) Guenther Deschner 2010-2011
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
19*/
20
21#include "includes.h"
22#include "libcli/libcli.h"
23#include "torture/torture.h"
24#include "torture/util.h"
25#include "torture/smbtorture.h"
26#include "torture/util.h"
27#include "libcli/rap/rap.h"
28#include "torture/rap/proto.h"
29#include "../lib/crypto/crypto.h"
30#include "../libcli/auth/libcli_auth.h"
31#include "torture/rpc/torture_rpc.h"
32
33#define TEST_RAP_USER "torture_rap_user"
34
35static char *samr_rand_pass(TALLOC_CTX *mem_ctx, int min_len)
36{
37 size_t len = MAX(8, min_len);
38 char *s = generate_random_password(mem_ctx, len, len+6);
39 printf("Generated password '%s'\n", s);
40 return s;
41}
42
43static bool test_userpasswordset2_args(struct torture_context *tctx,
44 struct smbcli_state *cli,
45 const char *username,
46 const char **password)
47{
48 struct rap_NetUserPasswordSet2 r;
49 char *newpass = samr_rand_pass(tctx, 8);
50
51 ZERO_STRUCT(r);
52
53 r.in.UserName = username;
54
55 memcpy(r.in.OldPassword, *password, MIN(strlen(*password), 16));
56 memcpy(r.in.NewPassword, newpass, MIN(strlen(newpass), 16));
57 r.in.EncryptedPassword = 0;
58 r.in.RealPasswordLength = strlen(newpass);
59
60 torture_comment(tctx, "Testing rap_NetUserPasswordSet2(%s)\n", r.in.UserName);
61
62 torture_assert_ntstatus_ok(tctx,
63 smbcli_rap_netuserpasswordset2(cli->tree, tctx, &r),
64 "smbcli_rap_netuserpasswordset2 failed");
65 if (!W_ERROR_IS_OK(W_ERROR(r.out.status))) {
66 torture_warning(tctx, "RAP NetUserPasswordSet2 gave: %s\n",
67 win_errstr(W_ERROR(r.out.status)));
68 } else {
69 *password = newpass;
70 }
71
72 return true;
73}
74
75static bool test_userpasswordset2_crypt_args(struct torture_context *tctx,
76 struct smbcli_state *cli,
77 const char *username,
78 const char **password)
79{
80 struct rap_NetUserPasswordSet2 r;
81 char *newpass = samr_rand_pass(tctx, 8);
82
83 r.in.UserName = username;
84
85 E_deshash(*password, r.in.OldPassword);
86 E_deshash(newpass, r.in.NewPassword);
87
88 r.in.RealPasswordLength = strlen(newpass);
89 r.in.EncryptedPassword = 1;
90
91 torture_comment(tctx, "Testing rap_NetUserPasswordSet2(%s)\n", r.in.UserName);
92
93 torture_assert_ntstatus_ok(tctx,
94 smbcli_rap_netuserpasswordset2(cli->tree, tctx, &r),
95 "smbcli_rap_netuserpasswordset2 failed");
96 if (!W_ERROR_IS_OK(W_ERROR(r.out.status))) {
97 torture_warning(tctx, "RAP NetUserPasswordSet2 gave: %s\n",
98 win_errstr(W_ERROR(r.out.status)));
99 } else {
100 *password = newpass;
101 }
102
103 return true;
104}
105
106static bool test_userpasswordset2(struct torture_context *tctx,
107 struct smbcli_state *cli)
108{
109 struct test_join *join_ctx;
110 const char *password;
111 bool ret = true;
112
113 join_ctx = torture_create_testuser_max_pwlen(tctx, TEST_RAP_USER,
114 torture_setting_string(tctx, "workgroup", NULL),
115 ACB_NORMAL,
116 &password, 14);
117 if (join_ctx == NULL) {
118 torture_fail(tctx, "failed to create user\n");
119 }
120
121 ret &= test_userpasswordset2_args(tctx, cli, TEST_RAP_USER, &password);
122 ret &= test_userpasswordset2_crypt_args(tctx, cli, TEST_RAP_USER, &password);
123
124 torture_leave_domain(tctx, join_ctx);
125
126 return ret;
127}
128
129static bool test_oemchangepassword_args(struct torture_context *tctx,
130 struct smbcli_state *cli,
131 const char *username,
132 const char **password)
133{
134 struct rap_NetOEMChangePassword r;
135
136 const char *oldpass = *password;
137 char *newpass = samr_rand_pass(tctx, 9);
138 uint8_t old_pw_hash[16];
139 uint8_t new_pw_hash[16];
140
141 r.in.UserName = username;
142
143 E_deshash(oldpass, old_pw_hash);
144 E_deshash(newpass, new_pw_hash);
145
146 encode_pw_buffer(r.in.crypt_password, newpass, STR_ASCII);
147 arcfour_crypt(r.in.crypt_password, old_pw_hash, 516);
148 E_old_pw_hash(new_pw_hash, old_pw_hash, r.in.password_hash);
149
150 torture_comment(tctx, "Testing rap_NetOEMChangePassword(%s)\n", r.in.UserName);
151
152 torture_assert_ntstatus_ok(tctx,
153 smbcli_rap_netoemchangepassword(cli->tree, tctx, &r),
154 "smbcli_rap_netoemchangepassword failed");
155 if (!W_ERROR_IS_OK(W_ERROR(r.out.status))) {
156 torture_warning(tctx, "RAP NetOEMChangePassword gave: %s\n",
157 win_errstr(W_ERROR(r.out.status)));
158 } else {
159 *password = newpass;
160 }
161
162 return true;
163}
164
165static bool test_oemchangepassword(struct torture_context *tctx,
166 struct smbcli_state *cli)
167{
168
169 struct test_join *join_ctx;
170 const char *password;
171 bool ret;
172
173 join_ctx = torture_create_testuser_max_pwlen(tctx, TEST_RAP_USER,
174 torture_setting_string(tctx, "workgroup", NULL),
175 ACB_NORMAL,
176 &password, 14);
177 if (join_ctx == NULL) {
178 torture_fail(tctx, "failed to create user\n");
179 }
180
181 ret = test_oemchangepassword_args(tctx, cli, TEST_RAP_USER, &password);
182
183 torture_leave_domain(tctx, join_ctx);
184
185 return ret;
186}
187
188static bool test_usergetinfo_byname(struct torture_context *tctx,
189 struct smbcli_state *cli,
190 const char *UserName)
191{
192 struct rap_NetUserGetInfo r;
193 int i;
194 uint16_t levels[] = { 0, 1, 2, 10, 11 };
195
196 for (i=0; i < ARRAY_SIZE(levels); i++) {
197
198 r.in.UserName = UserName;
199 r.in.level = levels[i];
200 r.in.bufsize = 8192;
201
202 torture_comment(tctx,
203 "Testing rap_NetUserGetInfo(%s) level %d\n", r.in.UserName, r.in.level);
204
205 torture_assert_ntstatus_ok(tctx,
206 smbcli_rap_netusergetinfo(cli->tree, tctx, &r),
207 "smbcli_rap_netusergetinfo failed");
208 torture_assert_werr_ok(tctx, W_ERROR(r.out.status),
209 "smbcli_rap_netusergetinfo failed");
210 }
211
212 return true;
213}
214
215static bool test_usergetinfo(struct torture_context *tctx,
216 struct smbcli_state *cli)
217{
218
219 struct test_join *join_ctx;
220 const char *password;
221 bool ret;
222
223 join_ctx = torture_create_testuser_max_pwlen(tctx, TEST_RAP_USER,
224 torture_setting_string(tctx, "workgroup", NULL),
225 ACB_NORMAL,
226 &password, 14);
227 if (join_ctx == NULL) {
228 torture_fail(tctx, "failed to create user\n");
229 }
230
231 ret = test_usergetinfo_byname(tctx, cli, TEST_RAP_USER);
232
233 torture_leave_domain(tctx, join_ctx);
234
235 return ret;
236}
237
238static bool test_useradd(struct torture_context *tctx,
239 struct smbcli_state *cli)
240{
241
242 struct rap_NetUserAdd r;
243 struct rap_NetUserInfo1 info1;
244 int i;
245 uint16_t levels[] = { 1 };
246 const char *username = TEST_RAP_USER;
247
248 for (i=0; i < ARRAY_SIZE(levels); i++) {
249
250 const char *pwd;
251
252 pwd = generate_random_password(tctx, 9, 16);
253
254 r.in.level = levels[i];
255 r.in.bufsize = 0xffff;
256 r.in.pwdlength = strlen(pwd);
257 r.in.unknown = 0;
258
259 switch (r.in.level) {
260 case 1:
261 ZERO_STRUCT(info1);
262
263 info1.Name = username;
264 memcpy(info1.Password, pwd, MIN(strlen(pwd), 16));
265 info1.Priv = USER_PRIV_USER;
266 info1.Flags = 0x21;
267 info1.HomeDir = "home_dir";
268 info1.Comment = "comment";
269 info1.ScriptPath = "logon_script";
270
271 r.in.info.info1 = info1;
272 break;
273 }
274
275 torture_comment(tctx,
276 "Testing rap_NetUserAdd(%s) level %d\n", username, r.in.level);
277
278 torture_assert_ntstatus_ok(tctx,
279 smbcli_rap_netuseradd(cli->tree, tctx, &r),
280 "smbcli_rap_netuseradd failed");
281 torture_assert_werr_ok(tctx, W_ERROR(r.out.status),
282 "smbcli_rap_netuseradd failed");
283
284 torture_assert_ntstatus_ok(tctx,
285 smbcli_rap_netuseradd(cli->tree, tctx, &r),
286 "2nd smbcli_rap_netuseradd failed");
287 torture_assert_werr_equal(tctx, W_ERROR(r.out.status), WERR_USEREXISTS,
288 "2nd smbcli_rap_netuseradd failed");
289
290 {
291 struct rap_NetUserDelete d;
292
293 d.in.UserName = username;
294
295 smbcli_rap_netuserdelete(cli->tree, tctx, &d);
296 }
297 }
298
299 return true;
300}
301
302static bool test_userdelete(struct torture_context *tctx,
303 struct smbcli_state *cli)
304{
305
306 struct rap_NetUserDelete r;
307
308 {
309 struct rap_NetUserAdd a;
310 const char *pwd;
311
312 ZERO_STRUCT(a.in.info.info1);
313
314 pwd = generate_random_password(tctx, 9, 16);
315
316 a.in.level = 1;
317 a.in.bufsize = 0xffff;
318 a.in.pwdlength = strlen(pwd);
319 a.in.unknown = 0;
320 a.in.info.info1.Name = TEST_RAP_USER;
321 a.in.info.info1.Priv = USER_PRIV_USER;
322
323 memcpy(a.in.info.info1.Password, pwd, MIN(strlen(pwd), 16));
324
325 torture_assert_ntstatus_ok(tctx,
326 smbcli_rap_netuseradd(cli->tree, tctx, &a),
327 "smbcli_rap_netuseradd failed");
328 }
329
330 r.in.UserName = TEST_RAP_USER;
331
332 torture_comment(tctx,
333 "Testing rap_NetUserDelete(%s)\n", r.in.UserName);
334
335 torture_assert_ntstatus_ok(tctx,
336 smbcli_rap_netuserdelete(cli->tree, tctx, &r),
337 "smbcli_rap_netuserdelete failed");
338 torture_assert_werr_ok(tctx, W_ERROR(r.out.status),
339 "smbcli_rap_netuserdelete failed");
340
341 torture_assert_ntstatus_ok(tctx,
342 smbcli_rap_netuserdelete(cli->tree, tctx, &r),
343 "2nd smbcli_rap_netuserdelete failed");
344 torture_assert_werr_equal(tctx, W_ERROR(r.out.status), WERR_USER_NOT_FOUND,
345 "2nd smbcli_rap_netuserdelete failed");
346
347 return true;
348}
349
350struct torture_suite *torture_rap_sam(TALLOC_CTX *mem_ctx)
351{
352 struct torture_suite *suite = torture_suite_create(mem_ctx, "sam");
353
354 torture_suite_add_1smb_test(suite, "userpasswordset2", test_userpasswordset2);
355 torture_suite_add_1smb_test(suite, "oemchangepassword", test_oemchangepassword);
356 torture_suite_add_1smb_test(suite, "usergetinfo", test_usergetinfo);
357 torture_suite_add_1smb_test(suite, "useradd", test_useradd);
358 torture_suite_add_1smb_test(suite, "userdelete", test_userdelete);
359
360 return suite;
361}
Note: See TracBrowser for help on using the repository browser.