source: vendor/current/nsswitch/libwbclient/tests/wbclient.c

Last change on this file was 988, checked in by Silvan Scherrer, 9 years ago

Samba Server: update vendor to version 4.4.3
File size: 25.4 KB
Line 
1/*
2 Unix SMB/CIFS implementation.
3 SMB torture tester
4 Copyright (C) Guenther Deschner 2009-2010
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18*/
19
20#include "lib/replace/replace.h"
21#include "libcli/util/ntstatus.h"
22#include "libcli/util/werror.h"
23#include "lib/util/data_blob.h"
24#include "lib/util/time.h"
25#include "libcli/resolve/resolve.h"
26#include "nsswitch/libwbclient/wbclient.h"
27#include "torture/smbtorture.h"
28#include "torture/winbind/proto.h"
29#include "lib/util/util_net.h"
30#include "lib/util/charset/charset.h"
31#include "libcli/auth/libcli_auth.h"
32#include "lib/param/param.h"
33#include "lib/util/samba_util.h"
34#include "lib/crypto/arcfour.h"
35#include "auth/credentials/credentials.h"
36#include "lib/cmdline/popt_common.h"
37
38#define WBC_ERROR_EQUAL(x,y) (x == y)
39
40#define torture_assert_wbc_equal(torture_ctx, got, expected, cmt, cmt_arg) \
41 do { wbcErr __got = got, __expected = expected; \
42 if (!WBC_ERROR_EQUAL(__got, __expected)) { \
43 torture_result(torture_ctx, TORTURE_FAIL, __location__": "#got" was %s, expected %s: " cmt, wbcErrorString(__got), wbcErrorString(__expected), cmt_arg); \
44 return false; \
45 } \
46 } while (0)
47
48#define torture_assert_wbc_ok(torture_ctx,expr,cmt,cmt_arg) \
49 torture_assert_wbc_equal(torture_ctx,expr,WBC_ERR_SUCCESS,cmt,cmt_arg)
50
51static bool test_wbc_ping(struct torture_context *tctx)
52{
53 torture_assert_wbc_ok(tctx, wbcPing(),
54 "%s", "wbcPing failed");
55
56 return true;
57}
58
59static bool test_wbc_pingdc(struct torture_context *tctx)
60{
61 struct wbcInterfaceDetails *details;
62
63 torture_assert_wbc_equal(tctx, wbcPingDc("random_string", NULL), WBC_ERR_DOMAIN_NOT_FOUND,
64 "%s", "wbcPingDc failed");
65 torture_assert_wbc_ok(tctx, wbcPingDc(NULL, NULL),
66 "%s", "wbcPingDc failed");
67
68 torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details),
69 "%s", "wbcInterfaceDetails failed");
70 torture_assert(tctx, details,
71 "wbcInterfaceDetails returned NULL pointer");
72 torture_assert(tctx, details->netbios_domain,
73 "wbcInterfaceDetails returned NULL netbios_domain");
74
75 torture_assert_wbc_ok(tctx, wbcPingDc(details->netbios_domain, NULL),
76 "wbcPingDc(%s) failed", details->netbios_domain);
77
78 torture_assert_wbc_ok(tctx, wbcPingDc("BUILTIN", NULL),
79 "%s", "wbcPingDc(BUILTIN) failed");
80
81 wbcFreeMemory(details);
82 return true;
83}
84
85static bool test_wbc_pingdc2(struct torture_context *tctx)
86{
87 struct wbcInterfaceDetails *details;
88 char *name = NULL;
89
90 torture_assert_wbc_equal(tctx, wbcPingDc2("random_string", NULL, &name),
91 WBC_ERR_DOMAIN_NOT_FOUND, "%s",
92 "wbcPingDc2 failed");
93 torture_assert_wbc_ok(tctx, wbcPingDc2(NULL, NULL, &name), "%s",
94 "wbcPingDc2 failed");
95
96 wbcFreeMemory(name);
97
98 torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details),
99 "%s", "wbcInterfaceDetails failed");
100 torture_assert(tctx, details,
101 "wbcInterfaceDetails returned NULL pointer");
102 torture_assert(tctx, details->netbios_domain,
103 "wbcInterfaceDetails returned NULL netbios_domain");
104
105 torture_assert_wbc_ok(tctx, wbcPingDc2(details->netbios_domain, NULL, &name),
106 "wbcPingDc2(%s) failed", details->netbios_domain);
107 wbcFreeMemory(name);
108
109 torture_assert_wbc_ok(tctx, wbcPingDc2("BUILTIN", NULL, &name),
110 "%s", "wbcPingDc2(BUILTIN) failed");
111 wbcFreeMemory(name);
112
113 wbcFreeMemory(details);
114
115 return true;
116}
117
118static bool test_wbc_library_details(struct torture_context *tctx)
119{
120 struct wbcLibraryDetails *details;
121
122 torture_assert_wbc_ok(tctx, wbcLibraryDetails(&details),
123 "%s", "wbcLibraryDetails failed");
124 torture_assert(tctx, details,
125 "wbcLibraryDetails returned NULL pointer");
126
127 wbcFreeMemory(details);
128
129 return true;
130}
131
132static bool test_wbc_interface_details(struct torture_context *tctx)
133{
134 struct wbcInterfaceDetails *details;
135
136 torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details),
137 "%s", "wbcInterfaceDetails failed");
138 torture_assert(tctx, details,
139 "wbcInterfaceDetails returned NULL pointer");
140
141 wbcFreeMemory(details);
142
143 return true;
144}
145
146static bool test_wbc_sidtypestring(struct torture_context *tctx)
147{
148 torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_USE_NONE),
149 "SID_NONE", "SID_NONE failed");
150 torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_USER),
151 "SID_USER", "SID_USER failed");
152 torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_DOM_GRP),
153 "SID_DOM_GROUP", "SID_DOM_GROUP failed");
154 torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_DOMAIN),
155 "SID_DOMAIN", "SID_DOMAIN failed");
156 torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_ALIAS),
157 "SID_ALIAS", "SID_ALIAS failed");
158 torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_WKN_GRP),
159 "SID_WKN_GROUP", "SID_WKN_GROUP failed");
160 torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_DELETED),
161 "SID_DELETED", "SID_DELETED failed");
162 torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_INVALID),
163 "SID_INVALID", "SID_INVALID failed");
164 torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_UNKNOWN),
165 "SID_UNKNOWN", "SID_UNKNOWN failed");
166 torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_COMPUTER),
167 "SID_COMPUTER", "SID_COMPUTER failed");
168 return true;
169}
170
171static bool test_wbc_sidtostring(struct torture_context *tctx)
172{
173 struct wbcDomainSid sid;
174 const char *sid_string = "S-1-5-32";
175 char *sid_string2;
176
177 torture_assert_wbc_ok(tctx, wbcStringToSid(sid_string, &sid),
178 "wbcStringToSid of %s failed", sid_string);
179 torture_assert_wbc_ok(tctx, wbcSidToString(&sid, &sid_string2),
180 "wbcSidToString of %s failed", sid_string);
181 torture_assert_str_equal(tctx, sid_string, sid_string2,
182 "sid strings differ");
183 wbcFreeMemory(sid_string2);
184
185 return true;
186}
187
188static bool test_wbc_guidtostring(struct torture_context *tctx)
189{
190 struct wbcGuid guid;
191 const char *guid_string = "f7cf07b4-1487-45c7-824d-8b18cc580811";
192 char *guid_string2;
193
194 torture_assert_wbc_ok(tctx, wbcStringToGuid(guid_string, &guid),
195 "wbcStringToGuid of %s failed", guid_string);
196 torture_assert_wbc_ok(tctx, wbcGuidToString(&guid, &guid_string2),
197 "wbcGuidToString of %s failed", guid_string);
198 torture_assert_str_equal(tctx, guid_string, guid_string2,
199 "guid strings differ");
200 wbcFreeMemory(guid_string2);
201
202 return true;
203}
204
205static bool test_wbc_domain_info(struct torture_context *tctx)
206{
207 struct wbcDomainInfo *info;
208 struct wbcInterfaceDetails *details;
209
210 torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details),
211 "%s", "wbcInterfaceDetails failed");
212 torture_assert_wbc_ok(
213 tctx, wbcDomainInfo(details->netbios_domain, &info),
214 "%s", "wbcDomainInfo failed");
215 wbcFreeMemory(details);
216
217 torture_assert(tctx, info,
218 "wbcDomainInfo returned NULL pointer");
219 wbcFreeMemory(info);
220
221 return true;
222}
223
224static bool test_wbc_users(struct torture_context *tctx)
225{
226 const char *domain_name = NULL;
227 uint32_t num_users;
228 const char **users;
229 int i;
230 struct wbcInterfaceDetails *details;
231
232 torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details),
233 "%s", "wbcInterfaceDetails failed");
234
235 domain_name = talloc_strdup(tctx, details->netbios_domain);
236 wbcFreeMemory(details);
237
238 torture_assert_wbc_ok(tctx, wbcListUsers(domain_name, &num_users, &users),
239 "%s", "wbcListUsers failed");
240 torture_assert(tctx, !(num_users > 0 && !users),
241 "wbcListUsers returned invalid results");
242
243 for (i=0; i < MIN(num_users,100); i++) {
244
245 struct wbcDomainSid sid, *sids;
246 enum wbcSidType name_type;
247 char *domain;
248 char *name;
249 char *sid_string;
250 uint32_t num_sids;
251
252 torture_assert_wbc_ok(tctx, wbcLookupName(domain_name, users[i], &sid, &name_type),
253 "wbcLookupName of %s failed", users[i]);
254 torture_assert_int_equal(tctx, name_type, WBC_SID_NAME_USER,
255 "wbcLookupName expected WBC_SID_NAME_USER");
256 wbcSidToString(&sid, &sid_string);
257 torture_assert_wbc_ok(tctx, wbcLookupSid(&sid, &domain, &name, &name_type),
258 "wbcLookupSid of %s failed", sid_string);
259 torture_assert_int_equal(tctx, name_type, WBC_SID_NAME_USER,
260 "wbcLookupSid of expected WBC_SID_NAME_USER");
261 torture_assert(tctx, name,
262 "wbcLookupSid returned no name");
263 wbcFreeMemory(domain);
264 wbcFreeMemory(name);
265 torture_assert_wbc_ok(tctx, wbcLookupUserSids(&sid, true, &num_sids, &sids),
266 "wbcLookupUserSids of %s failed", sid_string);
267 torture_assert_wbc_ok(
268 tctx, wbcGetDisplayName(&sid, &domain, &name,
269 &name_type),
270 "wbcGetDisplayName of %s failed", sid_string);
271 wbcFreeMemory(domain);
272 wbcFreeMemory(name);
273 wbcFreeMemory(sids);
274 wbcFreeMemory(sid_string);
275 }
276 wbcFreeMemory(users);
277
278 return true;
279}
280
281static bool test_wbc_groups(struct torture_context *tctx)
282{
283 const char *domain_name = NULL;
284 uint32_t num_groups;
285 const char **groups;
286 int i;
287 struct wbcInterfaceDetails *details;
288
289 torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details),
290 "%s", "wbcInterfaceDetails failed");
291
292 domain_name = talloc_strdup(tctx, details->netbios_domain);
293 wbcFreeMemory(details);
294
295 torture_assert_wbc_ok(tctx, wbcListGroups(domain_name, &num_groups, &groups),
296 "wbcListGroups in %s failed", domain_name);
297 torture_assert(tctx, !(num_groups > 0 && !groups),
298 "wbcListGroups returned invalid results");
299
300 for (i=0; i < MIN(num_groups,100); i++) {
301
302 struct wbcDomainSid sid;
303 enum wbcSidType name_type;
304 char *domain;
305 char *name;
306 char *sid_string;
307
308 torture_assert_wbc_ok(tctx, wbcLookupName(domain_name, groups[i], &sid, &name_type),
309 "wbcLookupName for %s failed", domain_name);
310 wbcSidToString(&sid, &sid_string);
311 torture_assert_wbc_ok(tctx, wbcLookupSid(&sid, &domain, &name, &name_type),
312 "wbcLookupSid of %s failed", sid_string);
313 wbcFreeMemory(sid_string);
314 torture_assert(tctx, name,
315 "wbcLookupSid returned no name");
316 }
317 wbcFreeMemory(groups);
318
319 return true;
320}
321
322static bool test_wbc_trusts(struct torture_context *tctx)
323{
324 struct wbcDomainInfo *domains;
325 size_t num_domains;
326 int i;
327
328 torture_assert_wbc_ok(tctx, wbcListTrusts(&domains, &num_domains),
329 "%s", "wbcListTrusts failed");
330 torture_assert(tctx, !(num_domains > 0 && !domains),
331 "wbcListTrusts returned invalid results");
332
333 for (i=0; i < MIN(num_domains,100); i++) {
334
335 struct wbcAuthErrorInfo *error;
336 /*
337 struct wbcDomainSid sid;
338 enum wbcSidType name_type;
339 char *domain;
340 char *name;
341 */
342 torture_assert_wbc_ok(tctx, wbcCheckTrustCredentials(domains[i].short_name, &error),
343 "%s", "wbcCheckTrustCredentials failed");
344 /*
345 torture_assert_wbc_ok(tctx, wbcLookupName(domains[i].short_name, NULL, &sid, &name_type),
346 "wbcLookupName failed");
347 torture_assert_int_equal(tctx, name_type, WBC_SID_NAME_DOMAIN,
348 "wbcLookupName expected WBC_SID_NAME_DOMAIN");
349 torture_assert_wbc_ok(tctx, wbcLookupSid(&sid, &domain, &name, &name_type),
350 "wbcLookupSid failed");
351 torture_assert_int_equal(tctx, name_type, WBC_SID_NAME_DOMAIN,
352 "wbcLookupSid expected WBC_SID_NAME_DOMAIN");
353 torture_assert(tctx, name,
354 "wbcLookupSid returned no name");
355 */
356 }
357 wbcFreeMemory(domains);
358
359 return true;
360}
361
362static bool test_wbc_lookupdc(struct torture_context *tctx)
363{
364 const char *domain_name = NULL;
365 struct wbcInterfaceDetails *details;
366 struct wbcDomainControllerInfo *dc_info;
367
368 torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details),
369 "%s", "wbcInterfaceDetails failed");
370
371 domain_name = talloc_strdup(tctx, details->netbios_domain);
372 wbcFreeMemory(details);
373
374 torture_assert_wbc_ok(tctx, wbcLookupDomainController(domain_name, 0, &dc_info),
375 "wbcLookupDomainController for %s failed", domain_name);
376 wbcFreeMemory(dc_info);
377
378 return true;
379}
380
381static bool test_wbc_lookupdcex(struct torture_context *tctx)
382{
383 const char *domain_name = NULL;
384 struct wbcInterfaceDetails *details;
385 struct wbcDomainControllerInfoEx *dc_info;
386
387 torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details),
388 "%s", "wbcInterfaceDetails failed");
389
390 domain_name = talloc_strdup(tctx, details->netbios_domain);
391 wbcFreeMemory(details);
392
393 torture_assert_wbc_ok(tctx, wbcLookupDomainControllerEx(domain_name, NULL, NULL, 0, &dc_info),
394 "wbcLookupDomainControllerEx for %s failed", domain_name);
395 wbcFreeMemory(dc_info);
396
397 return true;
398}
399
400static bool test_wbc_resolve_winsbyname(struct torture_context *tctx)
401{
402 const char *name;
403 char *ip;
404 wbcErr ret;
405
406 name = torture_setting_string(tctx, "host", NULL);
407
408 torture_comment(tctx, "test-WinsByName: host='%s'\n", name);
409
410 ret = wbcResolveWinsByName(name, &ip);
411
412 if (is_ipaddress(name)) {
413 torture_assert_wbc_equal(tctx, ret, WBC_ERR_DOMAIN_NOT_FOUND, "wbcResolveWinsByName of %s failed", name);
414 } else {
415 torture_assert_wbc_ok(tctx, ret, "wbcResolveWinsByName for %s failed", name);
416 }
417
418 return true;
419}
420
421static bool test_wbc_resolve_winsbyip(struct torture_context *tctx)
422{
423 const char *ip;
424 const char *host;
425 struct nbt_name nbt_name;
426 char *name;
427 wbcErr ret;
428 NTSTATUS status;
429
430 host = torture_setting_string(tctx, "host", NULL);
431
432 torture_comment(tctx, "test-WinsByIp: host='%s'\n", host);
433
434 make_nbt_name_server(&nbt_name, host);
435
436 status = resolve_name_ex(lpcfg_resolve_context(tctx->lp_ctx),
437 0, 0, &nbt_name, tctx, &ip, tctx->ev);
438 torture_assert_ntstatus_ok(tctx, status,
439 talloc_asprintf(tctx,"Failed to resolve %s: %s",
440 nbt_name.name, nt_errstr(status)));
441
442 torture_comment(tctx, "test-WinsByIp: ip='%s'\n", ip);
443
444 ret = wbcResolveWinsByIP(ip, &name);
445
446 torture_assert_wbc_ok(tctx, ret, "wbcResolveWinsByIP for %s failed", ip);
447
448 wbcFreeMemory(name);
449
450 return true;
451}
452
453static bool test_wbc_lookup_rids(struct torture_context *tctx)
454{
455 struct wbcDomainSid builtin;
456 uint32_t rids[2] = { 544, 545 };
457 const char *domain_name, **names;
458 enum wbcSidType *types;
459 wbcErr ret;
460
461 wbcStringToSid("S-1-5-32", &builtin);
462
463 ret = wbcLookupRids(&builtin, 2, rids, &domain_name, &names,
464 &types);
465 torture_assert_wbc_ok(tctx, ret, "%s", "wbcLookupRids for 544 and 545 failed");
466
467 torture_assert_str_equal(
468 tctx, names[0], "Administrators",
469 "S-1-5-32-544 not mapped to 'Administrators'");
470 torture_assert_str_equal(
471 tctx, names[1], "Users", "S-1-5-32-545 not mapped to 'Users'");
472
473 wbcFreeMemory(discard_const_p(char ,domain_name));
474 wbcFreeMemory(names);
475 wbcFreeMemory(types);
476
477 return true;
478}
479
480static bool test_wbc_get_sidaliases(struct torture_context *tctx)
481{
482 struct wbcDomainSid builtin;
483 struct wbcDomainInfo *info;
484 struct wbcInterfaceDetails *details;
485 struct wbcDomainSid sids[2];
486 uint32_t *rids;
487 uint32_t num_rids;
488 wbcErr ret;
489
490 torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details),
491 "%s", "wbcInterfaceDetails failed");
492 torture_assert_wbc_ok(
493 tctx, wbcDomainInfo(details->netbios_domain, &info),
494 "wbcDomainInfo of %s failed", details->netbios_domain);
495 wbcFreeMemory(details);
496
497 sids[0] = info->sid;
498 sids[0].sub_auths[sids[0].num_auths++] = 500;
499 sids[1] = info->sid;
500 sids[1].sub_auths[sids[1].num_auths++] = 512;
501 wbcFreeMemory(info);
502
503 torture_assert_wbc_ok(
504 tctx, wbcStringToSid("S-1-5-32", &builtin),
505 "wbcStringToSid of %s failed", "S-1-5-32");
506
507 ret = wbcGetSidAliases(&builtin, sids, 2, &rids, &num_rids);
508 torture_assert_wbc_ok(tctx, ret, "%s", "wbcGetSidAliases failed");
509
510 wbcFreeMemory(rids);
511
512 return true;
513}
514
515static bool test_wbc_authenticate_user_int(struct torture_context *tctx,
516 const char *correct_password)
517{
518 struct wbcAuthUserParams params;
519 struct wbcAuthUserInfo *info = NULL;
520 struct wbcAuthErrorInfo *error = NULL;
521 wbcErr ret;
522
523 ret = wbcAuthenticateUser(cli_credentials_get_username(cmdline_credentials), correct_password);
524 torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
525 "wbcAuthenticateUser of %s failed",
526 cli_credentials_get_username(cmdline_credentials));
527
528 ZERO_STRUCT(params);
529 params.account_name = cli_credentials_get_username(cmdline_credentials);
530 params.level = WBC_AUTH_USER_LEVEL_PLAIN;
531 params.password.plaintext = correct_password;
532
533 ret = wbcAuthenticateUserEx(&params, &info, &error);
534 torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
535 "wbcAuthenticateUserEx of %s failed", params.account_name);
536 wbcFreeMemory(info);
537 info = NULL;
538
539 wbcFreeMemory(error);
540 error = NULL;
541
542 params.password.plaintext = "wrong";
543 ret = wbcAuthenticateUserEx(&params, &info, &error);
544 torture_assert_wbc_equal(tctx, ret, WBC_ERR_AUTH_ERROR,
545 "wbcAuthenticateUserEx for %s succeeded where it "
546 "should have failed", params.account_name);
547 wbcFreeMemory(info);
548 info = NULL;
549
550 wbcFreeMemory(error);
551 error = NULL;
552
553 return true;
554}
555
556static bool test_wbc_authenticate_user(struct torture_context *tctx)
557{
558 return test_wbc_authenticate_user_int(tctx, cli_credentials_get_password(cmdline_credentials));
559}
560
561static bool test_wbc_change_password(struct torture_context *tctx)
562{
563 wbcErr ret;
564 const char *oldpass = cli_credentials_get_password(cmdline_credentials);
565 const char *newpass = "Koo8irei%$";
566
567 struct samr_CryptPassword new_nt_password;
568 struct samr_CryptPassword new_lm_password;
569 struct samr_Password old_nt_hash_enc;
570 struct samr_Password old_lanman_hash_enc;
571
572 uint8_t old_nt_hash[16];
573 uint8_t old_lanman_hash[16];
574 uint8_t new_nt_hash[16];
575 uint8_t new_lanman_hash[16];
576
577 struct wbcChangePasswordParams params;
578
579 if (oldpass == NULL) {
580 torture_skip(tctx,
581 "skipping wbcChangeUserPassword test as old password cannot be retrieved\n");
582 }
583
584 ZERO_STRUCT(params);
585
586 E_md4hash(oldpass, old_nt_hash);
587 E_md4hash(newpass, new_nt_hash);
588
589 if (lpcfg_client_lanman_auth(tctx->lp_ctx) &&
590 E_deshash(newpass, new_lanman_hash) &&
591 E_deshash(oldpass, old_lanman_hash)) {
592
593 /* E_deshash returns false for 'long' passwords (> 14
594 DOS chars). This allows us to match Win2k, which
595 does not store a LM hash for these passwords (which
596 would reduce the effective password length to 14) */
597
598 encode_pw_buffer(new_lm_password.data, newpass, STR_UNICODE);
599 arcfour_crypt(new_lm_password.data, old_nt_hash, 516);
600 E_old_pw_hash(new_nt_hash, old_lanman_hash,
601 old_lanman_hash_enc.hash);
602
603 params.old_password.response.old_lm_hash_enc_length =
604 sizeof(old_lanman_hash_enc.hash);
605 params.old_password.response.old_lm_hash_enc_data =
606 old_lanman_hash_enc.hash;
607 params.new_password.response.lm_length =
608 sizeof(new_lm_password.data);
609 params.new_password.response.lm_data =
610 new_lm_password.data;
611 } else {
612 ZERO_STRUCT(new_lm_password);
613 ZERO_STRUCT(old_lanman_hash_enc);
614 }
615
616 encode_pw_buffer(new_nt_password.data, newpass, STR_UNICODE);
617
618 arcfour_crypt(new_nt_password.data, old_nt_hash, 516);
619 E_old_pw_hash(new_nt_hash, old_nt_hash, old_nt_hash_enc.hash);
620
621 params.old_password.response.old_nt_hash_enc_length =
622 sizeof(old_nt_hash_enc.hash);
623 params.old_password.response.old_nt_hash_enc_data =
624 old_nt_hash_enc.hash;
625 params.new_password.response.nt_length = sizeof(new_nt_password.data);
626 params.new_password.response.nt_data = new_nt_password.data;
627
628 params.level = WBC_CHANGE_PASSWORD_LEVEL_RESPONSE;
629 params.account_name = cli_credentials_get_username(cmdline_credentials);
630 params.domain_name = cli_credentials_get_domain(cmdline_credentials);
631
632 ret = wbcChangeUserPasswordEx(&params, NULL, NULL, NULL);
633 torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
634 "wbcChangeUserPassword for %s failed", params.account_name);
635
636 if (!test_wbc_authenticate_user_int(tctx, newpass)) {
637 return false;
638 }
639
640 ret = wbcChangeUserPassword(cli_credentials_get_username(cmdline_credentials), newpass,
641 cli_credentials_get_password(cmdline_credentials));
642 torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
643 "wbcChangeUserPassword for %s failed", params.account_name);
644
645 return test_wbc_authenticate_user_int(tctx, cli_credentials_get_password(cmdline_credentials));
646}
647
648static bool test_wbc_logon_user(struct torture_context *tctx)
649{
650 struct wbcLogonUserParams params;
651 struct wbcLogonUserInfo *info = NULL;
652 struct wbcAuthErrorInfo *error = NULL;
653 struct wbcUserPasswordPolicyInfo *policy = NULL;
654 struct wbcInterfaceDetails *iface;
655 struct wbcDomainSid sid;
656 enum wbcSidType sidtype;
657 char *sidstr;
658 wbcErr ret;
659
660 ZERO_STRUCT(params);
661
662 ret = wbcLogonUser(&params, &info, &error, &policy);
663 torture_assert_wbc_equal(tctx, ret, WBC_ERR_INVALID_PARAM,
664 "%s", "wbcLogonUser succeeded for NULL where it should "
665 "have failed");
666
667 params.username = cli_credentials_get_username(cmdline_credentials);
668 params.password = cli_credentials_get_password(cmdline_credentials);
669
670 ret = wbcAddNamedBlob(&params.num_blobs, &params.blobs,
671 "foo", 0, discard_const_p(uint8_t, "bar"), 4);
672 torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
673 "%s", "wbcAddNamedBlob failed");
674
675 ret = wbcLogonUser(&params, &info, &error, &policy);
676 torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
677 "wbcLogonUser for %s failed", params.username);
678 wbcFreeMemory(info); info = NULL;
679 wbcFreeMemory(error); error = NULL;
680 wbcFreeMemory(policy); policy = NULL;
681
682 params.password = "wrong";
683
684 ret = wbcLogonUser(&params, &info, &error, &policy);
685 torture_assert_wbc_equal(tctx, ret, WBC_ERR_AUTH_ERROR,
686 "wbcLogonUser for %s should have failed with "
687 "WBC_ERR_AUTH_ERROR", params.username);
688 wbcFreeMemory(info); info = NULL;
689 wbcFreeMemory(error); error = NULL;
690 wbcFreeMemory(policy); policy = NULL;
691
692 ret = wbcAddNamedBlob(&params.num_blobs, &params.blobs,
693 "membership_of", 0,
694 discard_const_p(uint8_t, "S-1-2-3-4"),
695 strlen("S-1-2-3-4")+1);
696 torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
697 "%s", "wbcAddNamedBlob failed");
698 params.password = cli_credentials_get_password(cmdline_credentials);
699 ret = wbcLogonUser(&params, &info, &error, &policy);
700 torture_assert_wbc_equal(tctx, ret, WBC_ERR_AUTH_ERROR,
701 "wbcLogonUser for %s should have failed with "
702 "WBC_ERR_AUTH_ERROR", params.username);
703 wbcFreeMemory(info); info = NULL;
704 wbcFreeMemory(error); error = NULL;
705 wbcFreeMemory(policy); policy = NULL;
706 wbcFreeMemory(params.blobs);
707 params.blobs = NULL; params.num_blobs = 0;
708
709 ret = wbcInterfaceDetails(&iface);
710 torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
711 "%s", "wbcInterfaceDetails failed");
712
713 ret = wbcLookupName(iface->netbios_domain, cli_credentials_get_username(cmdline_credentials), &sid,
714 &sidtype);
715 wbcFreeMemory(iface);
716 torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
717 "wbcLookupName for %s failed", cli_credentials_get_username(cmdline_credentials));
718
719 ret = wbcSidToString(&sid, &sidstr);
720 torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
721 "%s", "wbcSidToString failed");
722
723 ret = wbcAddNamedBlob(&params.num_blobs, &params.blobs,
724 "membership_of", 0,
725 (uint8_t *)sidstr, strlen(sidstr)+1);
726 torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
727 "%s", "wbcAddNamedBlob failed");
728 wbcFreeMemory(sidstr);
729 params.password = cli_credentials_get_password(cmdline_credentials);
730 ret = wbcLogonUser(&params, &info, &error, &policy);
731 torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
732 "wbcLogonUser for %s failed", params.username);
733 wbcFreeMemory(info); info = NULL;
734 wbcFreeMemory(error); error = NULL;
735 wbcFreeMemory(policy); policy = NULL;
736 wbcFreeMemory(params.blobs);
737 params.blobs = NULL; params.num_blobs = 0;
738
739 return true;
740}
741
742static bool test_wbc_getgroups(struct torture_context *tctx)
743{
744 wbcErr ret;
745 uint32_t num_groups;
746 gid_t *groups;
747
748 ret = wbcGetGroups(cli_credentials_get_username(cmdline_credentials), &num_groups, &groups);
749 torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
750 "wbcGetGroups for %s failed", cli_credentials_get_username(cmdline_credentials));
751 wbcFreeMemory(groups);
752 return true;
753}
754
755struct torture_suite *torture_wbclient(void)
756{
757 struct torture_suite *suite = torture_suite_create(talloc_autofree_context(), "wbclient");
758
759 torture_suite_add_simple_test(suite, "wbcPing", test_wbc_ping);
760 torture_suite_add_simple_test(suite, "wbcPingDc", test_wbc_pingdc);
761 torture_suite_add_simple_test(suite, "wbcPingDc2", test_wbc_pingdc2);
762 torture_suite_add_simple_test(suite, "wbcLibraryDetails", test_wbc_library_details);
763 torture_suite_add_simple_test(suite, "wbcInterfaceDetails", test_wbc_interface_details);
764 torture_suite_add_simple_test(suite, "wbcSidTypeString", test_wbc_sidtypestring);
765 torture_suite_add_simple_test(suite, "wbcSidToString", test_wbc_sidtostring);
766 torture_suite_add_simple_test(suite, "wbcGuidToString", test_wbc_guidtostring);
767 torture_suite_add_simple_test(suite, "wbcDomainInfo", test_wbc_domain_info);
768 torture_suite_add_simple_test(suite, "wbcListUsers", test_wbc_users);
769 torture_suite_add_simple_test(suite, "wbcListGroups", test_wbc_groups);
770 torture_suite_add_simple_test(suite, "wbcListTrusts", test_wbc_trusts);
771 torture_suite_add_simple_test(suite, "wbcLookupDomainController", test_wbc_lookupdc);
772 torture_suite_add_simple_test(suite, "wbcLookupDomainControllerEx", test_wbc_lookupdcex);
773 torture_suite_add_simple_test(suite, "wbcResolveWinsByName", test_wbc_resolve_winsbyname);
774 torture_suite_add_simple_test(suite, "wbcResolveWinsByIP", test_wbc_resolve_winsbyip);
775 torture_suite_add_simple_test(suite, "wbcLookupRids",
776 test_wbc_lookup_rids);
777 torture_suite_add_simple_test(suite, "wbcGetSidAliases",
778 test_wbc_get_sidaliases);
779 torture_suite_add_simple_test(suite, "wbcAuthenticateUser",
780 test_wbc_authenticate_user);
781 torture_suite_add_simple_test(suite, "wbcLogonUser",
782 test_wbc_logon_user);
783 torture_suite_add_simple_test(suite, "wbcChangeUserPassword",
784 test_wbc_change_password);
785 torture_suite_add_simple_test(suite, "wbcGetGroups",
786 test_wbc_getgroups);
787
788 return suite;
789}
Note: See TracBrowser for help on using the repository browser.