2 Unix SMB/CIFS implementation.
4 dcerpc torture tests, designed to walk Samba3 code paths
6 Copyright (C) Volker Lendecke 2006
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "libcli/raw/libcliraw.h"
24 #include "libcli/raw/raw_proto.h"
25 #include "torture/util.h"
26 #include "libcli/rap/rap.h"
27 #include "librpc/gen_ndr/ndr_lsa_c.h"
28 #include "librpc/gen_ndr/ndr_samr_c.h"
29 #include "librpc/gen_ndr/ndr_netlogon_c.h"
30 #include "librpc/gen_ndr/ndr_srvsvc_c.h"
31 #include "librpc/gen_ndr/ndr_spoolss_c.h"
32 #include "librpc/gen_ndr/ndr_winreg_c.h"
33 #include "librpc/gen_ndr/ndr_wkssvc_c.h"
34 #include "lib/cmdline/popt_common.h"
35 #include "torture/rpc/torture_rpc.h"
36 #include "libcli/libcli.h"
37 #include "libcli/smb_composite/smb_composite.h"
38 #include "libcli/auth/libcli_auth.h"
39 #include "../lib/crypto/crypto.h"
40 #include "libcli/security/security.h"
41 #include "param/param.h"
42 #include "lib/registry/registry.h"
43 #include "libcli/resolve/resolve.h"
44 #include "torture/ndr/ndr.h"
45 #include "libcli/smb2/smb2.h"
46 #include "libcli/smb2/smb2_calls.h"
47 #include "librpc/rpc/dcerpc.h"
48 #include "librpc/rpc/dcerpc_proto.h"
49 #include "libcli/smb/smbXcli_base.h"
52 * open pipe and bind, given an IPC$ context
55 static NTSTATUS
pipe_bind_smb(struct torture_context
*tctx
,
57 struct smbcli_tree
*tree
,
58 const char *pipe_name
,
59 const struct ndr_interface_table
*iface
,
60 struct dcerpc_pipe
**p
)
62 struct dcerpc_pipe
*result
;
65 if (!(result
= dcerpc_pipe_init(mem_ctx
, tctx
->ev
))) {
66 return NT_STATUS_NO_MEMORY
;
69 status
= dcerpc_pipe_open_smb(result
, tree
, pipe_name
);
70 if (!NT_STATUS_IS_OK(status
)) {
71 torture_comment(tctx
, "dcerpc_pipe_open_smb failed: %s\n",
77 status
= dcerpc_bind_auth_none(result
, iface
);
78 if (!NT_STATUS_IS_OK(status
)) {
79 torture_comment(tctx
, "dcerpc_bind_auth_none failed: %s\n", nt_errstr(status
));
88 static NTSTATUS
pipe_bind_smb2(struct torture_context
*tctx
,
90 struct smb2_tree
*tree
,
91 const char *pipe_name
,
92 const struct ndr_interface_table
*iface
,
93 struct dcerpc_pipe
**p
)
95 struct dcerpc_pipe
*result
;
98 if (!(result
= dcerpc_pipe_init(mem_ctx
, tctx
->ev
))) {
99 return NT_STATUS_NO_MEMORY
;
102 status
= dcerpc_pipe_open_smb2(result
, tree
, pipe_name
);
103 if (!NT_STATUS_IS_OK(status
)) {
104 torture_comment(tctx
, "dcerpc_pipe_open_smb2 failed: %s\n",
110 status
= dcerpc_bind_auth_none(result
, iface
);
111 if (!NT_STATUS_IS_OK(status
)) {
112 torture_comment(tctx
, "dcerpc_bind_auth_none failed: %s\n", nt_errstr(status
));
121 static NTSTATUS
pipe_bind_smb_auth(struct torture_context
*tctx
,
123 struct smbcli_tree
*tree
,
124 struct cli_credentials
*creds
,
127 const char *pipe_name
,
128 const struct ndr_interface_table
*iface
,
129 struct dcerpc_pipe
**p
)
131 struct dcerpc_pipe
*result
;
134 if (!(result
= dcerpc_pipe_init(mem_ctx
, tctx
->ev
))) {
135 return NT_STATUS_NO_MEMORY
;
138 status
= dcerpc_pipe_open_smb(result
, tree
, pipe_name
);
139 if (!NT_STATUS_IS_OK(status
)) {
140 torture_comment(tctx
, "dcerpc_pipe_open_smb failed: %s\n",
146 status
= dcerpc_bind_auth(result
, iface
, creds
,
147 lpcfg_gensec_settings(tctx
->lp_ctx
, tctx
->lp_ctx
),
148 auth_type
, auth_level
, NULL
);
149 if (!NT_STATUS_IS_OK(status
)) {
150 torture_comment(tctx
, "dcerpc_bind_auth failed: %s\n", nt_errstr(status
));
160 * This tests a RPC call using an invalid vuid
163 bool torture_bind_authcontext(struct torture_context
*torture
)
168 struct lsa_ObjectAttribute objectattr
;
169 struct lsa_OpenPolicy2 openpolicy
;
170 struct policy_handle handle
;
171 struct lsa_Close close_handle
;
172 struct smbcli_session
*tmp
;
174 struct smbcli_session
*session2
;
175 struct smbcli_state
*cli
;
176 struct dcerpc_pipe
*lsa_pipe
;
177 struct dcerpc_binding_handle
*lsa_handle
;
178 struct cli_credentials
*anon_creds
;
179 struct smb_composite_sesssetup setup
;
180 struct smbcli_options options
;
181 struct smbcli_session_options session_options
;
183 mem_ctx
= talloc_init("torture_bind_authcontext");
185 if (mem_ctx
== NULL
) {
186 torture_comment(torture
, "talloc_init failed\n");
190 lpcfg_smbcli_options(torture
->lp_ctx
, &options
);
191 lpcfg_smbcli_session_options(torture
->lp_ctx
, &session_options
);
193 status
= smbcli_full_connection(mem_ctx
, &cli
,
194 torture_setting_string(torture
, "host", NULL
),
195 lpcfg_smb_ports(torture
->lp_ctx
),
197 lpcfg_socket_options(torture
->lp_ctx
),
198 popt_get_cmdline_credentials(),
199 lpcfg_resolve_context(torture
->lp_ctx
),
200 torture
->ev
, &options
, &session_options
,
201 lpcfg_gensec_settings(torture
, torture
->lp_ctx
));
202 if (!NT_STATUS_IS_OK(status
)) {
203 torture_comment(torture
, "smbcli_full_connection failed: %s\n",
208 status
= pipe_bind_smb(torture
, mem_ctx
, cli
->tree
, "\\lsarpc",
209 &ndr_table_lsarpc
, &lsa_pipe
);
210 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
211 "pipe_bind_smb failed");
212 lsa_handle
= lsa_pipe
->binding_handle
;
214 openpolicy
.in
.system_name
=talloc_asprintf(
215 mem_ctx
, "\\\\%s", dcerpc_server_name(lsa_pipe
));
216 ZERO_STRUCT(objectattr
);
217 openpolicy
.in
.attr
= &objectattr
;
218 openpolicy
.in
.access_mask
= SEC_FLAG_MAXIMUM_ALLOWED
;
219 openpolicy
.out
.handle
= &handle
;
221 status
= dcerpc_lsa_OpenPolicy2_r(lsa_handle
, mem_ctx
, &openpolicy
);
223 if (!NT_STATUS_IS_OK(status
)) {
224 torture_comment(torture
, "dcerpc_lsa_OpenPolicy2 failed: %s\n",
228 if (!NT_STATUS_IS_OK(openpolicy
.out
.result
)) {
229 torture_comment(torture
, "dcerpc_lsa_OpenPolicy2 failed: %s\n",
230 nt_errstr(openpolicy
.out
.result
));
234 close_handle
.in
.handle
= &handle
;
235 close_handle
.out
.handle
= &handle
;
237 status
= dcerpc_lsa_Close_r(lsa_handle
, mem_ctx
, &close_handle
);
238 if (!NT_STATUS_IS_OK(status
)) {
239 torture_comment(torture
, "dcerpc_lsa_Close failed: %s\n",
243 if (!NT_STATUS_IS_OK(close_handle
.out
.result
)) {
244 torture_comment(torture
, "dcerpc_lsa_Close failed: %s\n",
245 nt_errstr(close_handle
.out
.result
));
249 session2
= smbcli_session_init(cli
->transport
, mem_ctx
, false, session_options
);
250 if (session2
== NULL
) {
251 torture_comment(torture
, "smbcli_session_init failed\n");
255 if (!(anon_creds
= cli_credentials_init_anon(mem_ctx
))) {
256 torture_comment(torture
, "create_anon_creds failed\n");
260 setup
.in
.sesskey
= cli
->transport
->negotiate
.sesskey
;
261 setup
.in
.capabilities
= cli
->transport
->negotiate
.capabilities
;
262 setup
.in
.workgroup
= "";
263 setup
.in
.credentials
= anon_creds
;
264 setup
.in
.gensec_settings
= lpcfg_gensec_settings(torture
, torture
->lp_ctx
);
266 status
= smb_composite_sesssetup(session2
, &setup
);
267 if (!NT_STATUS_IS_OK(status
)) {
268 torture_comment(torture
, "anon session setup failed: %s\n",
272 session2
->vuid
= setup
.out
.vuid
;
274 tmp
= cli
->tree
->session
;
275 tmp_vuid
= smb1cli_session_current_id(tmp
->smbXcli
);
276 smb1cli_session_set_id(tmp
->smbXcli
, session2
->vuid
);
277 cli
->tree
->session
= session2
;
279 status
= dcerpc_lsa_OpenPolicy2_r(lsa_handle
, mem_ctx
, &openpolicy
);
281 torture_assert(torture
, smbXcli_conn_is_connected(cli
->transport
->conn
),
282 "smb still connected");
283 torture_assert(torture
, !dcerpc_binding_handle_is_connected(lsa_handle
),
284 "dcerpc disonnected");
286 if (NT_STATUS_EQUAL(status
, NT_STATUS_INVALID_HANDLE
)) {
287 torture_comment(torture
, "dcerpc_lsa_OpenPolicy2 with wrong vuid gave %s, "
288 "expected NT_STATUS_CONNECTION_DISCONNECTED\n",
290 status
= NT_STATUS_CONNECTION_DISCONNECTED
;
292 if (NT_STATUS_EQUAL(status
, NT_STATUS_IO_DEVICE_ERROR
)) {
293 torture_comment(torture
, "dcerpc_lsa_OpenPolicy2 with wrong vuid gave %s, "
294 "expected NT_STATUS_CONNECTION_DISCONNECTED\n",
296 status
= NT_STATUS_CONNECTION_DISCONNECTED
;
299 torture_assert_ntstatus_equal(torture
, status
, NT_STATUS_CONNECTION_DISCONNECTED
,
300 "lsa connection disconnected");
302 smb1cli_session_set_id(tmp
->smbXcli
, tmp_vuid
);
303 cli
->tree
->session
= tmp
;
304 talloc_free(lsa_pipe
);
309 talloc_free(mem_ctx
);
314 * Bind to lsa using a specific auth method
317 static bool bindtest(struct torture_context
*tctx
,
318 struct smbcli_state
*cli
,
319 struct cli_credentials
*credentials
,
320 uint8_t auth_type
, uint8_t auth_level
)
326 struct dcerpc_pipe
*lsa_pipe
;
327 struct dcerpc_binding_handle
*lsa_handle
;
328 struct lsa_ObjectAttribute objectattr
;
329 struct lsa_OpenPolicy2 openpolicy
;
330 struct lsa_QueryInfoPolicy query
;
331 union lsa_PolicyInformation
*info
= NULL
;
332 struct policy_handle handle
;
333 struct lsa_Close close_handle
;
335 if ((mem_ctx
= talloc_init("bindtest")) == NULL
) {
336 torture_comment(tctx
, "talloc_init failed\n");
340 status
= pipe_bind_smb_auth(tctx
, mem_ctx
, cli
->tree
,
341 credentials
, auth_type
, auth_level
,
342 "\\lsarpc", &ndr_table_lsarpc
, &lsa_pipe
);
343 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
344 "pipe_bind_smb_auth failed");
345 lsa_handle
= lsa_pipe
->binding_handle
;
347 openpolicy
.in
.system_name
=talloc_asprintf(
348 mem_ctx
, "\\\\%s", dcerpc_server_name(lsa_pipe
));
349 ZERO_STRUCT(objectattr
);
350 openpolicy
.in
.attr
= &objectattr
;
351 openpolicy
.in
.access_mask
= SEC_FLAG_MAXIMUM_ALLOWED
;
352 openpolicy
.out
.handle
= &handle
;
354 status
= dcerpc_lsa_OpenPolicy2_r(lsa_handle
, mem_ctx
, &openpolicy
);
356 if (!NT_STATUS_IS_OK(status
)) {
357 torture_comment(tctx
, "dcerpc_lsa_OpenPolicy2 failed: %s\n",
361 if (!NT_STATUS_IS_OK(openpolicy
.out
.result
)) {
362 torture_comment(tctx
, "dcerpc_lsa_OpenPolicy2 failed: %s\n",
363 nt_errstr(openpolicy
.out
.result
));
367 query
.in
.handle
= &handle
;
368 query
.in
.level
= LSA_POLICY_INFO_DOMAIN
;
369 query
.out
.info
= &info
;
371 status
= dcerpc_lsa_QueryInfoPolicy_r(lsa_handle
, mem_ctx
, &query
);
372 if (!NT_STATUS_IS_OK(status
)) {
373 torture_comment(tctx
, "dcerpc_lsa_QueryInfoPolicy failed: %s\n",
377 if (!NT_STATUS_IS_OK(query
.out
.result
)) {
378 torture_comment(tctx
, "dcerpc_lsa_QueryInfoPolicy failed: %s\n",
379 nt_errstr(query
.out
.result
));
383 close_handle
.in
.handle
= &handle
;
384 close_handle
.out
.handle
= &handle
;
386 status
= dcerpc_lsa_Close_r(lsa_handle
, mem_ctx
, &close_handle
);
387 if (!NT_STATUS_IS_OK(status
)) {
388 torture_comment(tctx
, "dcerpc_lsa_Close failed: %s\n",
392 if (!NT_STATUS_IS_OK(close_handle
.out
.result
)) {
393 torture_comment(tctx
, "dcerpc_lsa_Close failed: %s\n",
394 nt_errstr(close_handle
.out
.result
));
401 talloc_free(mem_ctx
);
406 * test authenticated RPC binds with the variants Samba3 does support
409 static bool torture_bind_samba3(struct torture_context
*torture
)
414 struct smbcli_state
*cli
;
415 struct smbcli_options options
;
416 struct smbcli_session_options session_options
;
418 mem_ctx
= talloc_init("torture_bind_authcontext");
420 if (mem_ctx
== NULL
) {
421 torture_comment(torture
, "talloc_init failed\n");
425 lpcfg_smbcli_options(torture
->lp_ctx
, &options
);
426 lpcfg_smbcli_session_options(torture
->lp_ctx
, &session_options
);
428 status
= smbcli_full_connection(mem_ctx
, &cli
,
429 torture_setting_string(torture
, "host", NULL
),
430 lpcfg_smb_ports(torture
->lp_ctx
),
432 lpcfg_socket_options(torture
->lp_ctx
),
433 popt_get_cmdline_credentials(),
434 lpcfg_resolve_context(torture
->lp_ctx
),
435 torture
->ev
, &options
, &session_options
,
436 lpcfg_gensec_settings(torture
, torture
->lp_ctx
));
437 if (!NT_STATUS_IS_OK(status
)) {
438 torture_comment(torture
, "smbcli_full_connection failed: %s\n",
445 ret
&= bindtest(torture
, cli
, popt_get_cmdline_credentials(),
446 DCERPC_AUTH_TYPE_NTLMSSP
,
447 DCERPC_AUTH_LEVEL_INTEGRITY
);
448 ret
&= bindtest(torture
, cli
, popt_get_cmdline_credentials(),
449 DCERPC_AUTH_TYPE_NTLMSSP
,
450 DCERPC_AUTH_LEVEL_PRIVACY
);
451 ret
&= bindtest(torture
, cli
, popt_get_cmdline_credentials(),
452 DCERPC_AUTH_TYPE_SPNEGO
,
453 DCERPC_AUTH_LEVEL_INTEGRITY
);
454 ret
&= bindtest(torture
, cli
, popt_get_cmdline_credentials(),
455 DCERPC_AUTH_TYPE_SPNEGO
,
456 DCERPC_AUTH_LEVEL_PRIVACY
);
459 talloc_free(mem_ctx
);
464 * Lookup or create a user and return all necessary info
467 static bool get_usr_handle(struct torture_context
*tctx
,
468 struct smbcli_state
*cli
,
470 struct cli_credentials
*admin_creds
,
473 const char *username
,
475 struct dcerpc_pipe
**result_pipe
,
476 struct policy_handle
**result_handle
,
477 struct dom_sid
**sid_p
)
479 struct dcerpc_pipe
*samr_pipe
;
480 struct dcerpc_binding_handle
*samr_handle
;
482 struct policy_handle conn_handle
;
483 struct policy_handle domain_handle
;
484 struct policy_handle
*user_handle
;
485 struct samr_Connect2 conn
;
486 struct samr_EnumDomains enumdom
;
487 uint32_t resume_handle
= 0;
488 uint32_t num_entries
= 0;
489 struct samr_SamArray
*sam
= NULL
;
490 struct samr_LookupDomain l
;
491 struct dom_sid2
*sid
= NULL
;
493 struct lsa_String domain_name
;
494 struct lsa_String user_name
;
495 struct samr_OpenDomain o
;
496 struct samr_CreateUser2 c
;
497 uint32_t user_rid
,access_granted
;
499 if (admin_creds
!= NULL
) {
500 status
= pipe_bind_smb_auth(tctx
, mem_ctx
, cli
->tree
,
501 admin_creds
, auth_type
, auth_level
,
502 "\\samr", &ndr_table_samr
, &samr_pipe
);
503 torture_assert_ntstatus_ok(tctx
, status
, "pipe_bind_smb_auth failed");
505 /* We must have an authenticated SMB connection */
506 status
= pipe_bind_smb(tctx
, mem_ctx
, cli
->tree
,
507 "\\samr", &ndr_table_samr
, &samr_pipe
);
508 torture_assert_ntstatus_ok(tctx
, status
, "pipe_bind_smb_auth failed");
511 samr_pipe
->conn
->flags
|= DCERPC_DEBUG_PRINT_IN
| DCERPC_DEBUG_PRINT_OUT
;
513 samr_handle
= samr_pipe
->binding_handle
;
515 conn
.in
.system_name
= talloc_asprintf(
516 mem_ctx
, "\\\\%s", dcerpc_server_name(samr_pipe
));
517 conn
.in
.access_mask
= SEC_FLAG_MAXIMUM_ALLOWED
;
518 conn
.out
.connect_handle
= &conn_handle
;
520 torture_assert_ntstatus_ok(tctx
,
521 dcerpc_samr_Connect2_r(samr_handle
, mem_ctx
, &conn
),
522 "samr_Connect2 failed");
523 torture_assert_ntstatus_ok(tctx
, conn
.out
.result
,
524 "samr_Connect2 failed");
526 enumdom
.in
.connect_handle
= &conn_handle
;
527 enumdom
.in
.resume_handle
= &resume_handle
;
528 enumdom
.in
.buf_size
= (uint32_t)-1;
529 enumdom
.out
.resume_handle
= &resume_handle
;
530 enumdom
.out
.num_entries
= &num_entries
;
531 enumdom
.out
.sam
= &sam
;
533 torture_assert_ntstatus_ok(tctx
,
534 dcerpc_samr_EnumDomains_r(samr_handle
, mem_ctx
, &enumdom
),
535 "samr_EnumDomains failed");
536 torture_assert_ntstatus_ok(tctx
, enumdom
.out
.result
,
537 "samr_EnumDomains failed");
539 torture_assert_int_equal(tctx
, *enumdom
.out
.num_entries
, 2,
540 "samr_EnumDomains returned unexpected num_entries");
542 dom_idx
= strequal(sam
->entries
[0].name
.string
,
545 l
.in
.connect_handle
= &conn_handle
;
546 domain_name
.string
= sam
->entries
[dom_idx
].name
.string
;
547 *domain
= talloc_strdup(mem_ctx
, domain_name
.string
);
548 l
.in
.domain_name
= &domain_name
;
551 torture_assert_ntstatus_ok(tctx
,
552 dcerpc_samr_LookupDomain_r(samr_handle
, mem_ctx
, &l
),
553 "samr_LookupDomain failed");
554 torture_assert_ntstatus_ok(tctx
, l
.out
.result
,
555 "samr_LookupDomain failed");
557 o
.in
.connect_handle
= &conn_handle
;
558 o
.in
.access_mask
= SEC_FLAG_MAXIMUM_ALLOWED
;
559 o
.in
.sid
= *l
.out
.sid
;
560 o
.out
.domain_handle
= &domain_handle
;
562 torture_assert_ntstatus_ok(tctx
,
563 dcerpc_samr_OpenDomain_r(samr_handle
, mem_ctx
, &o
),
564 "samr_OpenDomain failed");
565 torture_assert_ntstatus_ok(tctx
, o
.out
.result
,
566 "samr_OpenDomain failed");
568 c
.in
.domain_handle
= &domain_handle
;
569 user_name
.string
= username
;
570 c
.in
.account_name
= &user_name
;
571 c
.in
.acct_flags
= ACB_NORMAL
;
572 c
.in
.access_mask
= SEC_FLAG_MAXIMUM_ALLOWED
;
573 user_handle
= talloc(mem_ctx
, struct policy_handle
);
574 c
.out
.user_handle
= user_handle
;
575 c
.out
.access_granted
= &access_granted
;
576 c
.out
.rid
= &user_rid
;
578 torture_assert_ntstatus_ok(tctx
,
579 dcerpc_samr_CreateUser2_r(samr_handle
, mem_ctx
, &c
),
580 "samr_CreateUser2 failed");
582 if (NT_STATUS_EQUAL(c
.out
.result
, NT_STATUS_USER_EXISTS
)) {
583 struct samr_LookupNames ln
;
584 struct samr_OpenUser ou
;
585 struct samr_Ids rids
, types
;
587 ln
.in
.domain_handle
= &domain_handle
;
589 ln
.in
.names
= &user_name
;
591 ln
.out
.types
= &types
;
593 torture_assert_ntstatus_ok(tctx
,
594 dcerpc_samr_LookupNames_r(samr_handle
, mem_ctx
, &ln
),
595 "samr_LookupNames failed");
596 torture_assert_ntstatus_ok(tctx
, ln
.out
.result
,
597 "samr_LookupNames failed");
599 ou
.in
.domain_handle
= &domain_handle
;
600 ou
.in
.access_mask
= SEC_FLAG_MAXIMUM_ALLOWED
;
601 user_rid
= ou
.in
.rid
= ln
.out
.rids
->ids
[0];
602 ou
.out
.user_handle
= user_handle
;
604 torture_assert_ntstatus_ok(tctx
,
605 dcerpc_samr_OpenUser_r(samr_handle
, mem_ctx
, &ou
),
606 "samr_OpenUser failed");
607 status
= ou
.out
.result
;
609 status
= c
.out
.result
;
612 torture_assert_ntstatus_ok(tctx
, status
,
613 "samr_CreateUser failed");
615 *result_pipe
= samr_pipe
;
616 *result_handle
= user_handle
;
618 *sid_p
= dom_sid_add_rid(mem_ctx
, *l
.out
.sid
, user_rid
);
628 static bool create_user(struct torture_context
*tctx
,
629 TALLOC_CTX
*mem_ctx
, struct smbcli_state
*cli
,
630 struct cli_credentials
*admin_creds
,
631 const char *username
, const char *password
,
633 struct dom_sid
**user_sid
)
637 struct dcerpc_pipe
*samr_pipe
;
638 struct dcerpc_binding_handle
*samr_handle
;
639 struct policy_handle
*wks_handle
;
642 if (!(tmp_ctx
= talloc_new(mem_ctx
))) {
643 torture_comment(tctx
, "talloc_init failed\n");
647 ret
= get_usr_handle(tctx
, cli
, tmp_ctx
, admin_creds
,
648 DCERPC_AUTH_TYPE_NTLMSSP
,
649 DCERPC_AUTH_LEVEL_INTEGRITY
,
650 username
, domain_name
, &samr_pipe
, &wks_handle
,
653 torture_comment(tctx
, "get_usr_handle failed\n");
656 samr_handle
= samr_pipe
->binding_handle
;
659 struct samr_SetUserInfo2 sui2
;
660 struct samr_SetUserInfo sui
;
661 struct samr_QueryUserInfo qui
;
662 union samr_UserInfo u_info
;
663 union samr_UserInfo
*info
;
664 DATA_BLOB session_key
;
668 encode_pw_buffer(u_info
.info23
.password
.data
, password
,
671 status
= dcerpc_fetch_session_key(samr_pipe
, &session_key
);
672 if (!NT_STATUS_IS_OK(status
)) {
673 torture_comment(tctx
, "dcerpc_fetch_session_key failed\n");
676 arcfour_crypt_blob(u_info
.info23
.password
.data
, 516,
678 u_info
.info23
.info
.password_expired
= 0;
679 u_info
.info23
.info
.fields_present
= SAMR_FIELD_NT_PASSWORD_PRESENT
|
680 SAMR_FIELD_LM_PASSWORD_PRESENT
|
681 SAMR_FIELD_EXPIRED_FLAG
;
682 sui2
.in
.user_handle
= wks_handle
;
683 sui2
.in
.info
= &u_info
;
686 status
= dcerpc_samr_SetUserInfo2_r(samr_handle
, tmp_ctx
, &sui2
);
687 if (!NT_STATUS_IS_OK(status
)) {
688 torture_comment(tctx
, "samr_SetUserInfo(23) failed: %s\n",
692 if (!NT_STATUS_IS_OK(sui2
.out
.result
)) {
693 torture_comment(tctx
, "samr_SetUserInfo(23) failed: %s\n",
694 nt_errstr(sui2
.out
.result
));
698 u_info
.info16
.acct_flags
= ACB_NORMAL
;
699 sui
.in
.user_handle
= wks_handle
;
700 sui
.in
.info
= &u_info
;
703 status
= dcerpc_samr_SetUserInfo_r(samr_handle
, tmp_ctx
, &sui
);
704 if (!NT_STATUS_IS_OK(status
) || !NT_STATUS_IS_OK(sui
.out
.result
)) {
705 torture_comment(tctx
, "samr_SetUserInfo(16) failed\n");
709 qui
.in
.user_handle
= wks_handle
;
711 qui
.out
.info
= &info
;
713 status
= dcerpc_samr_QueryUserInfo_r(samr_handle
, tmp_ctx
, &qui
);
714 if (!NT_STATUS_IS_OK(status
) || !NT_STATUS_IS_OK(qui
.out
.result
)) {
715 torture_comment(tctx
, "samr_QueryUserInfo(21) failed\n");
719 info
->info21
.allow_password_change
= 0;
720 info
->info21
.force_password_change
= 0;
721 info
->info21
.account_name
.string
= NULL
;
722 info
->info21
.rid
= 0;
723 info
->info21
.acct_expiry
= 0;
724 info
->info21
.fields_present
= 0x81827fa; /* copy usrmgr.exe */
726 u_info
.info21
= info
->info21
;
727 sui
.in
.user_handle
= wks_handle
;
728 sui
.in
.info
= &u_info
;
731 status
= dcerpc_samr_SetUserInfo_r(samr_handle
, tmp_ctx
, &sui
);
732 if (!NT_STATUS_IS_OK(status
) || !NT_STATUS_IS_OK(sui
.out
.result
)) {
733 torture_comment(tctx
, "samr_SetUserInfo(21) failed\n");
738 *domain_name
= talloc_steal(mem_ctx
, *domain_name
);
739 *user_sid
= talloc_steal(mem_ctx
, *user_sid
);
742 talloc_free(tmp_ctx
);
750 static bool delete_user(struct torture_context
*tctx
,
751 struct smbcli_state
*cli
,
752 struct cli_credentials
*admin_creds
,
753 const char *username
)
758 struct dcerpc_pipe
*samr_pipe
;
759 struct dcerpc_binding_handle
*samr_handle
;
760 struct policy_handle
*user_handle
;
763 if ((mem_ctx
= talloc_init("leave")) == NULL
) {
764 torture_comment(tctx
, "talloc_init failed\n");
768 ret
= get_usr_handle(tctx
, cli
, mem_ctx
, admin_creds
,
769 DCERPC_AUTH_TYPE_NTLMSSP
,
770 DCERPC_AUTH_LEVEL_INTEGRITY
,
771 username
, &dom_name
, &samr_pipe
,
774 torture_comment(tctx
, "get_wks_handle failed\n");
777 samr_handle
= samr_pipe
->binding_handle
;
780 struct samr_DeleteUser d
;
782 d
.in
.user_handle
= user_handle
;
783 d
.out
.user_handle
= user_handle
;
785 status
= dcerpc_samr_DeleteUser_r(samr_handle
, mem_ctx
, &d
);
786 if (!NT_STATUS_IS_OK(status
)) {
787 torture_comment(tctx
, "samr_DeleteUser failed %s\n", nt_errstr(status
));
790 if (!NT_STATUS_IS_OK(d
.out
.result
)) {
791 torture_comment(tctx
, "samr_DeleteUser failed %s\n", nt_errstr(d
.out
.result
));
800 talloc_free(mem_ctx
);
805 * Do a Samba3-style join
808 static bool join3(struct torture_context
*tctx
,
809 struct smbcli_state
*cli
,
811 struct cli_credentials
*admin_creds
,
812 struct cli_credentials
*wks_creds
)
817 struct dcerpc_pipe
*samr_pipe
;
818 struct dcerpc_binding_handle
*samr_handle
;
819 struct policy_handle
*wks_handle
;
821 NTTIME last_password_change
;
823 if ((mem_ctx
= talloc_init("join3")) == NULL
) {
824 torture_comment(tctx
, "talloc_init failed\n");
828 ret
= get_usr_handle(
829 tctx
, cli
, mem_ctx
, admin_creds
,
830 DCERPC_AUTH_TYPE_NTLMSSP
,
831 DCERPC_AUTH_LEVEL_PRIVACY
,
832 talloc_asprintf(mem_ctx
, "%s$",
833 cli_credentials_get_workstation(wks_creds
)),
834 &dom_name
, &samr_pipe
, &wks_handle
, NULL
);
836 torture_comment(tctx
, "get_wks_handle failed\n");
839 samr_handle
= samr_pipe
->binding_handle
;
842 struct samr_QueryUserInfo q
;
843 union samr_UserInfo
*info
;
845 q
.in
.user_handle
= wks_handle
;
849 status
= dcerpc_samr_QueryUserInfo_r(samr_handle
, mem_ctx
, &q
);
850 if (!NT_STATUS_IS_OK(status
)) {
851 torture_warning(tctx
, "QueryUserInfo failed: %s\n",
855 if (!NT_STATUS_IS_OK(q
.out
.result
)) {
856 torture_warning(tctx
, "QueryUserInfo failed: %s\n",
857 nt_errstr(q
.out
.result
));
862 last_password_change
= info
->info21
.last_password_change
;
865 cli_credentials_set_domain(wks_creds
, dom_name
, CRED_SPECIFIED
);
868 struct samr_SetUserInfo2 sui2
;
869 union samr_UserInfo u_info
;
870 struct samr_UserInfo21
*i21
= &u_info
.info25
.info
;
871 DATA_BLOB session_key
;
872 DATA_BLOB confounded_session_key
= data_blob_talloc(
875 uint8_t confounder
[16];
879 i21
->full_name
.string
= talloc_asprintf(
881 cli_credentials_get_workstation(wks_creds
));
882 i21
->acct_flags
= ACB_WSTRUST
;
883 i21
->fields_present
= SAMR_FIELD_FULL_NAME
|
884 SAMR_FIELD_ACCT_FLAGS
| SAMR_FIELD_NT_PASSWORD_PRESENT
;
885 /* this would break the test result expectations
886 i21->fields_present |= SAMR_FIELD_EXPIRED_FLAG;
887 i21->password_expired = 1;
890 encode_pw_buffer(u_info
.info25
.password
.data
,
891 cli_credentials_get_password(wks_creds
),
893 status
= dcerpc_fetch_session_key(samr_pipe
, &session_key
);
894 if (!NT_STATUS_IS_OK(status
)) {
895 torture_comment(tctx
, "dcerpc_fetch_session_key failed: %s\n",
899 generate_random_buffer((uint8_t *)confounder
, 16);
902 MD5Update(&ctx
, confounder
, 16);
903 MD5Update(&ctx
, session_key
.data
, session_key
.length
);
904 MD5Final(confounded_session_key
.data
, &ctx
);
906 arcfour_crypt_blob(u_info
.info25
.password
.data
, 516,
907 &confounded_session_key
);
908 memcpy(&u_info
.info25
.password
.data
[516], confounder
, 16);
910 sui2
.in
.user_handle
= wks_handle
;
912 sui2
.in
.info
= &u_info
;
914 status
= dcerpc_samr_SetUserInfo2_r(samr_handle
, mem_ctx
, &sui2
);
915 if (!NT_STATUS_IS_OK(status
)) {
916 torture_comment(tctx
, "samr_SetUserInfo2(25) failed: %s\n",
920 if (!NT_STATUS_IS_OK(sui2
.out
.result
)) {
921 torture_comment(tctx
, "samr_SetUserInfo2(25) failed: %s\n",
922 nt_errstr(sui2
.out
.result
));
926 struct samr_SetUserInfo2 sui2
;
927 struct samr_SetUserInfo sui
;
928 union samr_UserInfo u_info
;
929 DATA_BLOB session_key
;
931 encode_pw_buffer(u_info
.info24
.password
.data
,
932 cli_credentials_get_password(wks_creds
),
934 /* just to make this test pass */
935 u_info
.info24
.password_expired
= 1;
937 status
= dcerpc_fetch_session_key(samr_pipe
, &session_key
);
938 if (!NT_STATUS_IS_OK(status
)) {
939 torture_comment(tctx
, "dcerpc_fetch_session_key failed\n");
942 arcfour_crypt_blob(u_info
.info24
.password
.data
, 516,
944 sui2
.in
.user_handle
= wks_handle
;
945 sui2
.in
.info
= &u_info
;
948 status
= dcerpc_samr_SetUserInfo2_r(samr_handle
, mem_ctx
, &sui2
);
949 if (!NT_STATUS_IS_OK(status
)) {
950 torture_comment(tctx
, "samr_SetUserInfo(24) failed: %s\n",
954 if (!NT_STATUS_IS_OK(sui2
.out
.result
)) {
955 torture_comment(tctx
, "samr_SetUserInfo(24) failed: %s\n",
956 nt_errstr(sui2
.out
.result
));
960 u_info
.info16
.acct_flags
= ACB_WSTRUST
;
961 sui
.in
.user_handle
= wks_handle
;
962 sui
.in
.info
= &u_info
;
965 status
= dcerpc_samr_SetUserInfo_r(samr_handle
, mem_ctx
, &sui
);
966 if (!NT_STATUS_IS_OK(status
) || !NT_STATUS_IS_OK(sui
.out
.result
)) {
967 torture_comment(tctx
, "samr_SetUserInfo(16) failed\n");
973 struct samr_QueryUserInfo q
;
974 union samr_UserInfo
*info
;
976 q
.in
.user_handle
= wks_handle
;
980 status
= dcerpc_samr_QueryUserInfo_r(samr_handle
, mem_ctx
, &q
);
981 if (!NT_STATUS_IS_OK(status
)) {
982 torture_warning(tctx
, "QueryUserInfo failed: %s\n",
986 if (!NT_STATUS_IS_OK(q
.out
.result
)) {
987 torture_warning(tctx
, "QueryUserInfo failed: %s\n",
988 nt_errstr(q
.out
.result
));
993 if (last_password_change
994 == info
->info21
.last_password_change
) {
995 torture_warning(tctx
, "last_password_change unchanged "
996 "during join, level25 must change "
1002 if (last_password_change
1003 != info
->info21
.last_password_change
) {
1004 torture_warning(tctx
, "last_password_change changed "
1005 "during join, level24 doesn't "
1015 talloc_free(mem_ctx
);
1020 * Do a ReqChallenge/Auth2 and get the wks creds
1023 static bool auth2(struct torture_context
*tctx
,
1024 struct smbcli_state
*cli
,
1025 struct cli_credentials
*wks_cred
)
1027 TALLOC_CTX
*mem_ctx
;
1028 struct dcerpc_pipe
*net_pipe
;
1029 struct dcerpc_binding_handle
*net_handle
;
1030 bool result
= false;
1032 struct netr_ServerReqChallenge r
;
1033 struct netr_Credential netr_cli_creds
;
1034 struct netr_Credential netr_srv_creds
;
1035 uint32_t negotiate_flags
;
1036 struct netr_ServerAuthenticate2 a
;
1037 struct netlogon_creds_CredentialState
*creds_state
;
1038 struct netr_Credential netr_cred
;
1039 struct samr_Password mach_pw
;
1041 mem_ctx
= talloc_new(NULL
);
1042 if (mem_ctx
== NULL
) {
1043 torture_comment(tctx
, "talloc_new failed\n");
1047 status
= pipe_bind_smb(tctx
, mem_ctx
, cli
->tree
, "\\netlogon",
1048 &ndr_table_netlogon
, &net_pipe
);
1049 torture_assert_ntstatus_ok_goto(tctx
, status
, result
, done
,
1050 "pipe_bind_smb failed");
1051 net_handle
= net_pipe
->binding_handle
;
1053 r
.in
.computer_name
= cli_credentials_get_workstation(wks_cred
);
1054 r
.in
.server_name
= talloc_asprintf(
1055 mem_ctx
, "\\\\%s", dcerpc_server_name(net_pipe
));
1056 if (r
.in
.server_name
== NULL
) {
1057 torture_comment(tctx
, "talloc_asprintf failed\n");
1060 generate_random_buffer(netr_cli_creds
.data
,
1061 sizeof(netr_cli_creds
.data
));
1062 r
.in
.credentials
= &netr_cli_creds
;
1063 r
.out
.return_credentials
= &netr_srv_creds
;
1065 status
= dcerpc_netr_ServerReqChallenge_r(net_handle
, mem_ctx
, &r
);
1066 if (!NT_STATUS_IS_OK(status
)) {
1067 torture_comment(tctx
, "netr_ServerReqChallenge failed: %s\n",
1071 if (!NT_STATUS_IS_OK(r
.out
.result
)) {
1072 torture_comment(tctx
, "netr_ServerReqChallenge failed: %s\n",
1073 nt_errstr(r
.out
.result
));
1077 negotiate_flags
= NETLOGON_NEG_AUTH2_ADS_FLAGS
;
1078 E_md4hash(cli_credentials_get_password(wks_cred
), mach_pw
.hash
);
1080 a
.in
.server_name
= talloc_asprintf(
1081 mem_ctx
, "\\\\%s", dcerpc_server_name(net_pipe
));
1082 a
.in
.account_name
= talloc_asprintf(
1083 mem_ctx
, "%s$", cli_credentials_get_workstation(wks_cred
));
1084 a
.in
.computer_name
= cli_credentials_get_workstation(wks_cred
);
1085 a
.in
.secure_channel_type
= SEC_CHAN_WKSTA
;
1086 a
.in
.negotiate_flags
= &negotiate_flags
;
1087 a
.out
.negotiate_flags
= &negotiate_flags
;
1088 a
.in
.credentials
= &netr_cred
;
1089 a
.out
.return_credentials
= &netr_cred
;
1091 creds_state
= netlogon_creds_client_init(mem_ctx
,
1094 a
.in
.secure_channel_type
,
1096 r
.out
.return_credentials
, &mach_pw
,
1097 &netr_cred
, negotiate_flags
);
1098 torture_assert(tctx
, (creds_state
!= NULL
), "memory allocation failed");
1100 status
= dcerpc_netr_ServerAuthenticate2_r(net_handle
, mem_ctx
, &a
);
1101 if (!NT_STATUS_IS_OK(status
)) {
1102 torture_comment(tctx
, "netr_ServerServerAuthenticate2 failed: %s\n",
1106 if (!NT_STATUS_IS_OK(a
.out
.result
)) {
1107 torture_comment(tctx
, "netr_ServerServerAuthenticate2 failed: %s\n",
1108 nt_errstr(a
.out
.result
));
1112 if (!netlogon_creds_client_check(creds_state
, a
.out
.return_credentials
)) {
1113 torture_comment(tctx
, "creds_client_check failed\n");
1117 cli_credentials_set_netlogon_creds(wks_cred
, creds_state
);
1122 talloc_free(mem_ctx
);
1127 * Do a couple of schannel protected Netlogon ops: Interactive and Network
1128 * login, and change the wks password
1131 static bool schan(struct torture_context
*tctx
,
1132 struct smbcli_state
*cli
,
1133 struct cli_credentials
*wks_creds
,
1134 struct cli_credentials
*user_creds
)
1136 TALLOC_CTX
*mem_ctx
;
1139 struct dcerpc_pipe
*net_pipe
;
1140 struct dcerpc_binding_handle
*net_handle
;
1143 mem_ctx
= talloc_new(NULL
);
1144 if (mem_ctx
== NULL
) {
1145 torture_comment(tctx
, "talloc_new failed\n");
1150 status
= pipe_bind_smb_auth(tctx
, mem_ctx
, cli
->tree
,
1152 DCERPC_AUTH_TYPE_SCHANNEL
,
1153 DCERPC_AUTH_LEVEL_PRIVACY
,
1154 "\\netlogon", &ndr_table_netlogon
, &net_pipe
);
1155 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
1156 "pipe_bind_smb_auth failed");
1157 net_pipe
->conn
->flags
|= (DCERPC_SIGN
| DCERPC_SEAL
);
1159 status
= pipe_bind_smb(tctx
, mem_ctx
, cli
->tree
,
1160 "\\netlogon", &ndr_table_netlogon
, &net_pipe
);
1161 torture_assert_ntstatus_ok_goto(tctx
, status
, ret
, done
,
1162 "pipe_bind_smb failed");
1165 net_pipe
->conn
->flags
|= DCERPC_DEBUG_PRINT_IN
|
1166 DCERPC_DEBUG_PRINT_OUT
;
1168 net_handle
= net_pipe
->binding_handle
;
1171 for (i
=2; i
<4; i
++) {
1173 DATA_BLOB chal
, nt_resp
, lm_resp
, names_blob
;
1174 struct netlogon_creds_CredentialState
*creds_state
;
1175 struct netr_Authenticator netr_auth
, netr_auth2
;
1176 struct netr_NetworkInfo ninfo
;
1177 struct netr_PasswordInfo pinfo
;
1178 struct netr_LogonSamLogon r
;
1179 union netr_LogonLevel logon
;
1180 union netr_Validation validation
;
1181 uint8_t authoritative
;
1182 struct netr_Authenticator return_authenticator
;
1184 flags
= CLI_CRED_LANMAN_AUTH
| CLI_CRED_NTLM_AUTH
|
1185 CLI_CRED_NTLMv2_AUTH
;
1187 chal
= data_blob_talloc(mem_ctx
, NULL
, 8);
1188 if (chal
.data
== NULL
) {
1189 torture_comment(tctx
, "data_blob_talloc failed\n");
1193 generate_random_buffer(chal
.data
, chal
.length
);
1194 names_blob
= NTLMv2_generate_names_blob(
1196 cli_credentials_get_workstation(wks_creds
),
1197 cli_credentials_get_domain(wks_creds
));
1198 status
= cli_credentials_get_ntlm_response(
1199 user_creds
, mem_ctx
, &flags
, chal
, NULL
, names_blob
,
1200 &lm_resp
, &nt_resp
, NULL
, NULL
);
1201 if (!NT_STATUS_IS_OK(status
)) {
1202 torture_comment(tctx
, "cli_credentials_get_ntlm_response failed:"
1203 " %s\n", nt_errstr(status
));
1207 creds_state
= cli_credentials_get_netlogon_creds(wks_creds
);
1208 netlogon_creds_client_authenticator(creds_state
, &netr_auth
);
1210 ninfo
.identity_info
.account_name
.string
=
1211 cli_credentials_get_username(user_creds
);
1212 ninfo
.identity_info
.domain_name
.string
=
1213 cli_credentials_get_domain(user_creds
);
1214 ninfo
.identity_info
.parameter_control
= 0;
1215 ninfo
.identity_info
.logon_id_low
= 0;
1216 ninfo
.identity_info
.logon_id_high
= 0;
1217 ninfo
.identity_info
.workstation
.string
=
1218 cli_credentials_get_workstation(user_creds
);
1219 memcpy(ninfo
.challenge
, chal
.data
, sizeof(ninfo
.challenge
));
1220 ninfo
.nt
.length
= nt_resp
.length
;
1221 ninfo
.nt
.data
= nt_resp
.data
;
1222 ninfo
.lm
.length
= lm_resp
.length
;
1223 ninfo
.lm
.data
= lm_resp
.data
;
1225 logon
.network
= &ninfo
;
1227 r
.in
.server_name
= talloc_asprintf(
1228 mem_ctx
, "\\\\%s", dcerpc_server_name(net_pipe
));
1229 ZERO_STRUCT(netr_auth2
);
1230 r
.in
.computer_name
=
1231 cli_credentials_get_workstation(wks_creds
);
1232 r
.in
.credential
= &netr_auth
;
1233 r
.in
.return_authenticator
= &netr_auth2
;
1234 r
.in
.logon_level
= NetlogonNetworkInformation
;
1235 r
.in
.validation_level
= i
;
1236 r
.in
.logon
= &logon
;
1237 r
.out
.validation
= &validation
;
1238 r
.out
.authoritative
= &authoritative
;
1239 r
.out
.return_authenticator
= &return_authenticator
;
1241 status
= dcerpc_netr_LogonSamLogon_r(net_handle
, mem_ctx
, &r
);
1242 if (!NT_STATUS_IS_OK(status
)) {
1243 torture_comment(tctx
, "netr_LogonSamLogon failed: %s\n",
1247 if (!NT_STATUS_IS_OK(r
.out
.result
)) {
1248 torture_comment(tctx
, "netr_LogonSamLogon failed: %s\n",
1249 nt_errstr(r
.out
.result
));
1253 if ((r
.out
.return_authenticator
== NULL
) ||
1254 (!netlogon_creds_client_check(creds_state
,
1255 &r
.out
.return_authenticator
->cred
))) {
1256 torture_comment(tctx
, "Credentials check failed!\n");
1260 netlogon_creds_client_authenticator(creds_state
, &netr_auth
);
1262 pinfo
.identity_info
= ninfo
.identity_info
;
1263 ZERO_STRUCT(pinfo
.lmpassword
.hash
);
1264 E_md4hash(cli_credentials_get_password(user_creds
),
1265 pinfo
.ntpassword
.hash
);
1267 netlogon_creds_arcfour_crypt(creds_state
, pinfo
.ntpassword
.hash
, 16);
1269 logon
.password
= &pinfo
;
1271 r
.in
.logon_level
= NetlogonInteractiveInformation
;
1272 r
.in
.logon
= &logon
;
1273 r
.out
.return_authenticator
= &return_authenticator
;
1275 status
= dcerpc_netr_LogonSamLogon_r(net_handle
, mem_ctx
, &r
);
1276 if (!NT_STATUS_IS_OK(status
)) {
1277 torture_comment(tctx
, "netr_LogonSamLogon failed: %s\n",
1281 if (!NT_STATUS_IS_OK(r
.out
.result
)) {
1282 torture_comment(tctx
, "netr_LogonSamLogon failed: %s\n",
1283 nt_errstr(r
.out
.result
));
1287 if ((r
.out
.return_authenticator
== NULL
) ||
1288 (!netlogon_creds_client_check(creds_state
,
1289 &r
.out
.return_authenticator
->cred
))) {
1290 torture_comment(tctx
, "Credentials check failed!\n");
1296 struct netr_ServerPasswordSet s
;
1297 char *password
= generate_random_password(wks_creds
, 8, 255);
1298 struct netlogon_creds_CredentialState
*creds_state
;
1299 struct netr_Authenticator credential
, return_authenticator
;
1300 struct samr_Password new_password
;
1302 s
.in
.server_name
= talloc_asprintf(
1303 mem_ctx
, "\\\\%s", dcerpc_server_name(net_pipe
));
1304 s
.in
.computer_name
= cli_credentials_get_workstation(wks_creds
);
1305 s
.in
.account_name
= talloc_asprintf(
1306 mem_ctx
, "%s$", s
.in
.computer_name
);
1307 s
.in
.secure_channel_type
= SEC_CHAN_WKSTA
;
1308 s
.in
.credential
= &credential
;
1309 s
.in
.new_password
= &new_password
;
1310 s
.out
.return_authenticator
= &return_authenticator
;
1312 E_md4hash(password
, new_password
.hash
);
1314 creds_state
= cli_credentials_get_netlogon_creds(wks_creds
);
1315 netlogon_creds_des_encrypt(creds_state
, &new_password
);
1316 netlogon_creds_client_authenticator(creds_state
, &credential
);
1318 status
= dcerpc_netr_ServerPasswordSet_r(net_handle
, mem_ctx
, &s
);
1319 if (!NT_STATUS_IS_OK(status
)) {
1320 torture_comment(tctx
, "ServerPasswordSet - %s\n", nt_errstr(status
));
1323 if (!NT_STATUS_IS_OK(s
.out
.result
)) {
1324 torture_comment(tctx
, "ServerPasswordSet - %s\n", nt_errstr(s
.out
.result
));
1328 if (!netlogon_creds_client_check(creds_state
,
1329 &s
.out
.return_authenticator
->cred
)) {
1330 torture_comment(tctx
, "Credential chaining failed\n");
1333 cli_credentials_set_password(wks_creds
, password
,
1339 talloc_free(mem_ctx
);
1344 * Delete the wks account again
1347 static bool leave(struct torture_context
*tctx
,
1348 struct smbcli_state
*cli
,
1349 struct cli_credentials
*admin_creds
,
1350 struct cli_credentials
*wks_creds
)
1352 char *wks_name
= talloc_asprintf(
1353 NULL
, "%s$", cli_credentials_get_workstation(wks_creds
));
1356 ret
= delete_user(tctx
, cli
, admin_creds
, wks_name
);
1357 talloc_free(wks_name
);
1362 * Test the Samba3 DC code a bit. Join, do some schan netlogon ops, leave
1365 static bool torture_netlogon_samba3(struct torture_context
*torture
)
1368 struct smbcli_state
*cli
;
1369 struct cli_credentials
*wks_creds
;
1370 const char *wks_name
;
1372 struct smbcli_options options
;
1373 struct smbcli_session_options session_options
;
1375 wks_name
= torture_setting_string(torture
, "wksname", NULL
);
1376 if (wks_name
== NULL
) {
1377 wks_name
= get_myname(torture
);
1380 lpcfg_smbcli_options(torture
->lp_ctx
, &options
);
1381 lpcfg_smbcli_session_options(torture
->lp_ctx
, &session_options
);
1383 status
= smbcli_full_connection(torture
, &cli
,
1384 torture_setting_string(torture
, "host", NULL
),
1385 lpcfg_smb_ports(torture
->lp_ctx
),
1387 lpcfg_socket_options(torture
->lp_ctx
),
1388 popt_get_cmdline_credentials(),
1389 lpcfg_resolve_context(torture
->lp_ctx
),
1390 torture
->ev
, &options
, &session_options
,
1391 lpcfg_gensec_settings(torture
, torture
->lp_ctx
));
1392 torture_assert_ntstatus_ok(torture
, status
, "smbcli_full_connection failed\n");
1394 wks_creds
= cli_credentials_init(torture
);
1395 if (wks_creds
== NULL
) {
1396 torture_fail(torture
, "cli_credentials_init failed\n");
1399 cli_credentials_set_conf(wks_creds
, torture
->lp_ctx
);
1400 cli_credentials_set_secure_channel_type(wks_creds
, SEC_CHAN_WKSTA
);
1401 cli_credentials_set_username(wks_creds
, wks_name
, CRED_SPECIFIED
);
1402 cli_credentials_set_workstation(wks_creds
, wks_name
, CRED_SPECIFIED
);
1403 cli_credentials_set_password(wks_creds
,
1404 generate_random_password(wks_creds
, 8, 255),
1407 torture_assert(torture
,
1408 join3(torture
, cli
, false, NULL
, wks_creds
),
1411 cli_credentials_set_domain(
1412 popt_get_cmdline_credentials(),
1413 cli_credentials_get_domain(wks_creds
),
1416 for (i
=0; i
<2; i
++) {
1418 /* Do this more than once, the routine "schan" changes
1419 * the workstation password using the netlogon
1420 * password change routine */
1424 torture_assert(torture
,
1425 auth2(torture
, cli
, wks_creds
),
1428 for (j
=0; j
<2; j
++) {
1429 torture_assert(torture
,
1430 schan(torture
, cli
, wks_creds
,
1431 popt_get_cmdline_credentials()),
1436 torture_assert(torture
,
1437 leave(torture
, cli
, NULL
, wks_creds
),
1444 * Do a simple join, testjoin and leave using specified smb and samr
1448 static bool test_join3(struct torture_context
*tctx
,
1450 struct cli_credentials
*smb_creds
,
1451 struct cli_credentials
*samr_creds
,
1452 const char *wks_name
)
1455 struct smbcli_state
*cli
;
1456 struct cli_credentials
*wks_creds
;
1457 struct smbcli_options options
;
1458 struct smbcli_session_options session_options
;
1460 lpcfg_smbcli_options(tctx
->lp_ctx
, &options
);
1461 lpcfg_smbcli_session_options(tctx
->lp_ctx
, &session_options
);
1463 status
= smbcli_full_connection(tctx
, &cli
,
1464 torture_setting_string(tctx
, "host", NULL
),
1465 lpcfg_smb_ports(tctx
->lp_ctx
),
1466 "IPC$", NULL
, lpcfg_socket_options(tctx
->lp_ctx
),
1467 smb_creds
, lpcfg_resolve_context(tctx
->lp_ctx
),
1468 tctx
->ev
, &options
, &session_options
,
1469 lpcfg_gensec_settings(tctx
, tctx
->lp_ctx
));
1470 torture_assert_ntstatus_ok(tctx
, status
,
1471 "smbcli_full_connection failed");
1473 wks_creds
= cli_credentials_init(cli
);
1474 torture_assert(tctx
, wks_creds
, "cli_credentials_init failed");
1476 cli_credentials_set_conf(wks_creds
, tctx
->lp_ctx
);
1477 cli_credentials_set_secure_channel_type(wks_creds
, SEC_CHAN_WKSTA
);
1478 cli_credentials_set_username(wks_creds
, wks_name
, CRED_SPECIFIED
);
1479 cli_credentials_set_workstation(wks_creds
, wks_name
, CRED_SPECIFIED
);
1480 cli_credentials_set_password(wks_creds
,
1481 generate_random_password(wks_creds
, 8, 255),
1484 torture_assert(tctx
,
1485 join3(tctx
, cli
, use_level25
, samr_creds
, wks_creds
),
1488 cli_credentials_set_domain(
1489 popt_get_cmdline_credentials(),
1490 cli_credentials_get_domain(wks_creds
),
1493 torture_assert(tctx
,
1494 auth2(tctx
, cli
, wks_creds
),
1497 torture_assert(tctx
,
1498 leave(tctx
, cli
, samr_creds
, wks_creds
),
1507 * Test the different session key variants. Do it by joining, this uses the
1508 * session key in the setpassword routine. Test the join by doing the auth2.
1511 static bool torture_samba3_sessionkey(struct torture_context
*torture
)
1513 struct cli_credentials
*anon_creds
;
1514 const char *wks_name
;
1516 wks_name
= torture_setting_string(torture
, "wksname", get_myname(torture
));
1518 if (!(anon_creds
= cli_credentials_init_anon(torture
))) {
1519 torture_fail(torture
, "create_anon_creds failed\n");
1522 cli_credentials_set_workstation(anon_creds
, wks_name
, CRED_SPECIFIED
);
1525 if (!torture_setting_bool(torture
, "samba3", false)) {
1527 /* Samba3 in the build farm right now does this happily. Need
1530 if (test_join3(torture
, false, anon_creds
, NULL
, wks_name
)) {
1531 torture_fail(torture
, "join using anonymous bind on an anonymous smb "
1532 "connection succeeded -- HUH??\n");
1536 torture_assert(torture
,
1537 test_join3(torture
, false, popt_get_cmdline_credentials(),
1539 "join using anonymous bind on an authenticated smb connection failed");
1542 * The following two are tests for setuserinfolevel 25
1545 torture_assert(torture
,
1546 test_join3(torture
, true, popt_get_cmdline_credentials(),
1548 "join using anonymous bind on an authenticated smb connection failed");
1554 * Sane wrapper around lsa_LookupNames
1557 static struct dom_sid
*name2sid(struct torture_context
*tctx
,
1558 TALLOC_CTX
*mem_ctx
,
1559 struct dcerpc_pipe
*p
,
1563 struct lsa_ObjectAttribute attr
;
1564 struct lsa_QosInfo qos
;
1565 struct lsa_OpenPolicy2 r
;
1568 struct policy_handle handle
;
1569 struct lsa_LookupNames l
;
1570 struct lsa_TransSidArray sids
;
1571 struct lsa_RefDomainList
*domains
= NULL
;
1572 struct lsa_String lsa_name
;
1574 struct dom_sid
*result
;
1575 TALLOC_CTX
*tmp_ctx
;
1576 struct dcerpc_binding_handle
*b
= p
->binding_handle
;
1578 if (!(tmp_ctx
= talloc_new(mem_ctx
))) {
1583 qos
.impersonation_level
= 2;
1584 qos
.context_mode
= 1;
1585 qos
.effective_only
= 0;
1588 attr
.root_dir
= NULL
;
1589 attr
.object_name
= NULL
;
1590 attr
.attributes
= 0;
1591 attr
.sec_desc
= NULL
;
1592 attr
.sec_qos
= &qos
;
1594 r
.in
.system_name
= "\\";
1596 r
.in
.access_mask
= SEC_FLAG_MAXIMUM_ALLOWED
;
1597 r
.out
.handle
= &handle
;
1599 status
= dcerpc_lsa_OpenPolicy2_r(b
, tmp_ctx
, &r
);
1600 if (!NT_STATUS_IS_OK(status
)) {
1601 torture_comment(tctx
, "OpenPolicy2 failed - %s\n", nt_errstr(status
));
1602 talloc_free(tmp_ctx
);
1605 if (!NT_STATUS_IS_OK(r
.out
.result
)) {
1606 torture_comment(tctx
, "OpenPolicy2 failed - %s\n", nt_errstr(r
.out
.result
));
1607 talloc_free(tmp_ctx
);
1614 lsa_name
.string
= talloc_asprintf(tmp_ctx
, "%s\\%s", domain
, name
);
1616 l
.in
.handle
= &handle
;
1618 l
.in
.names
= &lsa_name
;
1621 l
.in
.count
= &count
;
1622 l
.out
.count
= &count
;
1624 l
.out
.domains
= &domains
;
1626 status
= dcerpc_lsa_LookupNames_r(b
, tmp_ctx
, &l
);
1627 if (!NT_STATUS_IS_OK(status
)) {
1628 torture_comment(tctx
, "LookupNames of %s failed - %s\n", lsa_name
.string
,
1630 talloc_free(tmp_ctx
);
1633 if (!NT_STATUS_IS_OK(l
.out
.result
)) {
1634 torture_comment(tctx
, "LookupNames of %s failed - %s\n", lsa_name
.string
,
1635 nt_errstr(l
.out
.result
));
1636 talloc_free(tmp_ctx
);
1640 result
= dom_sid_add_rid(mem_ctx
, domains
->domains
[0].sid
,
1641 l
.out
.sids
->sids
[0].rid
);
1643 c
.in
.handle
= &handle
;
1644 c
.out
.handle
= &handle
;
1646 status
= dcerpc_lsa_Close_r(b
, tmp_ctx
, &c
);
1647 if (!NT_STATUS_IS_OK(status
)) {
1648 torture_comment(tctx
, "dcerpc_lsa_Close failed - %s\n", nt_errstr(status
));
1649 talloc_free(tmp_ctx
);
1652 if (!NT_STATUS_IS_OK(c
.out
.result
)) {
1653 torture_comment(tctx
, "dcerpc_lsa_Close failed - %s\n", nt_errstr(c
.out
.result
));
1654 talloc_free(tmp_ctx
);
1658 talloc_free(tmp_ctx
);
1663 * Find out the user SID on this connection
1666 static struct dom_sid
*whoami(struct torture_context
*tctx
,
1667 TALLOC_CTX
*mem_ctx
,
1668 struct smbcli_tree
*tree
)
1670 struct dcerpc_pipe
*lsa
;
1671 struct dcerpc_binding_handle
*lsa_handle
;
1672 struct lsa_GetUserName r
;
1674 struct lsa_String
*authority_name_p
= NULL
;
1675 struct lsa_String
*account_name_p
= NULL
;
1676 struct dom_sid
*result
;
1678 status
= pipe_bind_smb(tctx
, mem_ctx
, tree
, "\\pipe\\lsarpc",
1679 &ndr_table_lsarpc
, &lsa
);
1680 if (!NT_STATUS_IS_OK(status
)) {
1681 torture_warning(tctx
, "Could not bind to LSA: %s\n",
1685 lsa_handle
= lsa
->binding_handle
;
1687 r
.in
.system_name
= "\\";
1688 r
.in
.account_name
= &account_name_p
;
1689 r
.in
.authority_name
= &authority_name_p
;
1690 r
.out
.account_name
= &account_name_p
;
1692 status
= dcerpc_lsa_GetUserName_r(lsa_handle
, mem_ctx
, &r
);
1694 authority_name_p
= *r
.out
.authority_name
;
1696 if (!NT_STATUS_IS_OK(status
)) {
1697 torture_warning(tctx
, "GetUserName failed - %s\n",
1702 if (!NT_STATUS_IS_OK(r
.out
.result
)) {
1703 torture_warning(tctx
, "GetUserName failed - %s\n",
1704 nt_errstr(r
.out
.result
));
1709 result
= name2sid(tctx
, mem_ctx
, lsa
, account_name_p
->string
,
1710 authority_name_p
->string
);
1716 static int destroy_tree(struct smbcli_tree
*tree
)
1718 smb_tree_disconnect(tree
);
1723 * Do a tcon, given a session
1726 static NTSTATUS
secondary_tcon(struct torture_context
*tctx
,
1727 TALLOC_CTX
*mem_ctx
,
1728 struct smbcli_session
*session
,
1729 const char *sharename
,
1730 struct smbcli_tree
**res
)
1732 struct smbcli_tree
*result
;
1733 TALLOC_CTX
*tmp_ctx
;
1734 union smb_tcon tcon
;
1737 if (!(tmp_ctx
= talloc_new(mem_ctx
))) {
1738 return NT_STATUS_NO_MEMORY
;
1741 if (!(result
= smbcli_tree_init(session
, mem_ctx
, false))) {
1742 talloc_free(tmp_ctx
);
1743 return NT_STATUS_NO_MEMORY
;
1746 tcon
.generic
.level
= RAW_TCON_TCONX
;
1747 tcon
.tconx
.in
.flags
= TCONX_FLAG_EXTENDED_RESPONSE
;
1748 tcon
.tconx
.in
.flags
|= TCONX_FLAG_EXTENDED_SIGNATURES
;
1749 tcon
.tconx
.in
.password
= data_blob(NULL
, 0);
1750 tcon
.tconx
.in
.path
= sharename
;
1751 tcon
.tconx
.in
.device
= "?????";
1753 status
= smb_raw_tcon(result
, tmp_ctx
, &tcon
);
1754 if (!NT_STATUS_IS_OK(status
)) {
1755 torture_warning(tctx
, "smb_raw_tcon failed: %s\n",
1757 talloc_free(tmp_ctx
);
1761 result
->tid
= tcon
.tconx
.out
.tid
;
1763 if (tcon
.tconx
.out
.options
& SMB_EXTENDED_SIGNATURES
) {
1764 smb1cli_session_protect_session_key(result
->session
->smbXcli
);
1767 result
= talloc_steal(mem_ctx
, result
);
1768 talloc_set_destructor(result
, destroy_tree
);
1769 talloc_free(tmp_ctx
);
1771 return NT_STATUS_OK
;
1775 * Test the getusername behaviour
1778 static bool torture_samba3_rpc_getusername(struct torture_context
*torture
)
1781 struct smbcli_state
*cli
;
1783 struct dom_sid
*user_sid
;
1784 struct dom_sid
*created_sid
;
1785 struct cli_credentials
*anon_creds
;
1786 struct cli_credentials
*user_creds
;
1788 struct smbcli_options options
;
1789 struct smbcli_session_options session_options
;
1791 lpcfg_smbcli_options(torture
->lp_ctx
, &options
);
1792 lpcfg_smbcli_session_options(torture
->lp_ctx
, &session_options
);
1794 if (!(anon_creds
= cli_credentials_init_anon(torture
))) {
1795 torture_fail(torture
, "create_anon_creds failed\n");
1798 status
= smbcli_full_connection(
1799 torture
, &cli
, torture_setting_string(torture
, "host", NULL
),
1800 lpcfg_smb_ports(torture
->lp_ctx
), "IPC$", NULL
,
1801 lpcfg_socket_options(torture
->lp_ctx
), anon_creds
,
1802 lpcfg_resolve_context(torture
->lp_ctx
),
1803 torture
->ev
, &options
, &session_options
,
1804 lpcfg_gensec_settings(torture
, torture
->lp_ctx
));
1805 torture_assert_ntstatus_ok(torture
, status
, "anon smbcli_full_connection failed\n");
1807 if (!(user_sid
= whoami(torture
, torture
, cli
->tree
))) {
1808 torture_fail(torture
, "whoami on anon connection failed\n");
1811 torture_assert_sid_equal(torture
, user_sid
, dom_sid_parse_talloc(torture
, "s-1-5-7"),
1812 "Anon lsa_GetUserName returned unexpected SID");
1816 status
= smbcli_full_connection(
1817 torture
, &cli
, torture_setting_string(torture
, "host", NULL
),
1818 lpcfg_smb_ports(torture
->lp_ctx
),
1819 "IPC$", NULL
, lpcfg_socket_options(torture
->lp_ctx
),
1820 popt_get_cmdline_credentials(),
1821 lpcfg_resolve_context(torture
->lp_ctx
), torture
->ev
, &options
,
1822 &session_options
, lpcfg_gensec_settings(torture
, torture
->lp_ctx
));
1823 torture_assert_ntstatus_ok(torture
, status
, "smbcli_full_connection failed\n");
1825 if (!(user_sid
= whoami(torture
, torture
, cli
->tree
))) {
1826 torture_fail(torture
, "whoami on auth'ed connection failed\n");
1829 if (!(user_creds
= cli_credentials_init(torture
))) {
1830 torture_fail(torture
, "cli_credentials_init failed\n");
1833 cli_credentials_set_conf(user_creds
, torture
->lp_ctx
);
1834 cli_credentials_set_username(user_creds
, "torture_username",
1836 cli_credentials_set_password(user_creds
,
1837 generate_random_password(user_creds
, 8, 255),
1840 if (!create_user(torture
, torture
, cli
, NULL
,
1841 cli_credentials_get_username(user_creds
),
1842 cli_credentials_get_password(user_creds
),
1843 &domain_name
, &created_sid
)) {
1844 torture_fail(torture
, "create_user failed\n");
1847 cli_credentials_set_domain(user_creds
, domain_name
,
1851 struct smbcli_session
*session2
;
1852 struct smb_composite_sesssetup setup
;
1853 struct smbcli_tree
*tree
;
1855 session2
= smbcli_session_init(cli
->transport
, torture
, false, session_options
);
1856 if (session2
== NULL
) {
1857 torture_fail(torture
, "smbcli_session_init failed\n");
1860 setup
.in
.sesskey
= cli
->transport
->negotiate
.sesskey
;
1861 setup
.in
.capabilities
= cli
->transport
->negotiate
.capabilities
;
1862 setup
.in
.workgroup
= "";
1863 setup
.in
.credentials
= user_creds
;
1864 setup
.in
.gensec_settings
= lpcfg_gensec_settings(torture
, torture
->lp_ctx
);
1866 status
= smb_composite_sesssetup(session2
, &setup
);
1867 torture_assert_ntstatus_ok(torture
, status
, "session setup with new user failed");
1869 session2
->vuid
= setup
.out
.vuid
;
1871 if (!NT_STATUS_IS_OK(secondary_tcon(torture
, torture
, session2
,
1873 torture_fail(torture
, "secondary_tcon failed\n");
1876 if (!(user_sid
= whoami(torture
, torture
, tree
))) {
1877 torture_fail_goto(torture
, del
, "whoami on user connection failed\n");
1885 torture_comment(torture
, "Created %s, found %s\n",
1886 dom_sid_string(torture
, created_sid
),
1887 dom_sid_string(torture
, user_sid
));
1889 if (!dom_sid_equal(created_sid
, user_sid
)) {
1894 if (!delete_user(torture
, cli
,
1896 cli_credentials_get_username(user_creds
))) {
1897 torture_fail(torture
, "delete_user failed\n");
1903 static bool test_NetShareGetInfo(struct torture_context
*tctx
,
1904 struct dcerpc_pipe
*p
,
1905 const char *sharename
)
1908 struct srvsvc_NetShareGetInfo r
;
1909 union srvsvc_NetShareInfo info
;
1910 uint32_t levels
[] = { 0, 1, 2, 501, 502, 1004, 1005, 1006, 1007, 1501 };
1913 struct dcerpc_binding_handle
*b
= p
->binding_handle
;
1915 r
.in
.server_unc
= talloc_asprintf(tctx
, "\\\\%s",
1916 dcerpc_server_name(p
));
1917 r
.in
.share_name
= sharename
;
1920 for (i
=0;i
<ARRAY_SIZE(levels
);i
++) {
1921 r
.in
.level
= levels
[i
];
1923 torture_comment(tctx
, "Testing NetShareGetInfo level %u on share '%s'\n",
1924 r
.in
.level
, r
.in
.share_name
);
1926 status
= dcerpc_srvsvc_NetShareGetInfo_r(b
, tctx
, &r
);
1927 if (!NT_STATUS_IS_OK(status
)) {
1928 torture_warning(tctx
, "NetShareGetInfo level %u on share '%s' failed"
1929 " - %s\n", r
.in
.level
, r
.in
.share_name
,
1934 if (!W_ERROR_IS_OK(r
.out
.result
)) {
1935 torture_warning(tctx
, "NetShareGetInfo level %u on share '%s' failed "
1936 "- %s\n", r
.in
.level
, r
.in
.share_name
,
1937 win_errstr(r
.out
.result
));
1946 static bool test_NetShareEnum(struct torture_context
*tctx
,
1947 struct dcerpc_pipe
*p
,
1948 const char **one_sharename
)
1951 struct srvsvc_NetShareEnum r
;
1952 struct srvsvc_NetShareInfoCtr info_ctr
;
1953 struct srvsvc_NetShareCtr0 c0
;
1954 struct srvsvc_NetShareCtr1 c1
;
1955 struct srvsvc_NetShareCtr2 c2
;
1956 struct srvsvc_NetShareCtr501 c501
;
1957 struct srvsvc_NetShareCtr502 c502
;
1958 struct srvsvc_NetShareCtr1004 c1004
;
1959 struct srvsvc_NetShareCtr1005 c1005
;
1960 struct srvsvc_NetShareCtr1006 c1006
;
1961 struct srvsvc_NetShareCtr1007 c1007
;
1962 uint32_t totalentries
= 0;
1963 uint32_t levels
[] = { 0, 1, 2, 501, 502, 1004, 1005, 1006, 1007 };
1966 struct dcerpc_binding_handle
*b
= p
->binding_handle
;
1968 ZERO_STRUCT(info_ctr
);
1970 r
.in
.server_unc
= talloc_asprintf(tctx
,"\\\\%s",dcerpc_server_name(p
));
1971 r
.in
.info_ctr
= &info_ctr
;
1972 r
.in
.max_buffer
= (uint32_t)-1;
1973 r
.in
.resume_handle
= NULL
;
1974 r
.out
.totalentries
= &totalentries
;
1975 r
.out
.info_ctr
= &info_ctr
;
1977 for (i
=0;i
<ARRAY_SIZE(levels
);i
++) {
1978 info_ctr
.level
= levels
[i
];
1980 switch (info_ctr
.level
) {
1983 info_ctr
.ctr
.ctr0
= &c0
;
1987 info_ctr
.ctr
.ctr1
= &c1
;
1991 info_ctr
.ctr
.ctr2
= &c2
;
1995 info_ctr
.ctr
.ctr501
= &c501
;
1999 info_ctr
.ctr
.ctr502
= &c502
;
2003 info_ctr
.ctr
.ctr1004
= &c1004
;
2007 info_ctr
.ctr
.ctr1005
= &c1005
;
2011 info_ctr
.ctr
.ctr1006
= &c1006
;
2015 info_ctr
.ctr
.ctr1007
= &c1007
;
2019 torture_comment(tctx
, "Testing NetShareEnum level %u\n", info_ctr
.level
);
2021 status
= dcerpc_srvsvc_NetShareEnum_r(b
, tctx
, &r
);
2022 if (!NT_STATUS_IS_OK(status
)) {
2023 torture_warning(tctx
, "NetShareEnum level %u failed - %s\n",
2024 info_ctr
.level
, nt_errstr(status
));
2028 if (!W_ERROR_IS_OK(r
.out
.result
)) {
2029 torture_warning(tctx
, "NetShareEnum level %u failed - %s\n",
2030 info_ctr
.level
, win_errstr(r
.out
.result
));
2033 if (info_ctr
.level
== 0) {
2034 struct srvsvc_NetShareCtr0
*ctr
= r
.out
.info_ctr
->ctr
.ctr0
;
2035 if (ctr
->count
> 0) {
2036 *one_sharename
= ctr
->array
[0].name
;
2044 static bool torture_samba3_rpc_srvsvc(struct torture_context
*torture
)
2046 struct dcerpc_pipe
*p
;
2047 const char *sharename
= NULL
;
2050 torture_assert_ntstatus_ok(torture
,
2051 torture_rpc_connection(torture
, &p
, &ndr_table_srvsvc
),
2052 "failed to open srvsvc");
2054 ret
&= test_NetShareEnum(torture
, p
, &sharename
);
2055 if (sharename
== NULL
) {
2056 torture_comment(torture
, "did not get sharename\n");
2058 ret
&= test_NetShareGetInfo(torture
, p
, sharename
);
2065 * Do a ReqChallenge/Auth2 with a random wks name, make sure it returns
2066 * NT_STATUS_NO_SAM_ACCOUNT
2069 static bool torture_samba3_rpc_randomauth2(struct torture_context
*torture
)
2071 TALLOC_CTX
*mem_ctx
;
2072 struct dcerpc_pipe
*net_pipe
;
2073 struct dcerpc_binding_handle
*net_handle
;
2075 bool result
= false;
2077 struct netr_ServerReqChallenge r
;
2078 struct netr_Credential netr_cli_creds
;
2079 struct netr_Credential netr_srv_creds
;
2080 uint32_t negotiate_flags
;
2081 struct netr_ServerAuthenticate2 a
;
2082 struct netlogon_creds_CredentialState
*creds_state
;
2083 struct netr_Credential netr_cred
;
2084 struct samr_Password mach_pw
;
2085 struct smbcli_state
*cli
;
2087 if (!(mem_ctx
= talloc_new(torture
))) {
2088 torture_comment(torture
, "talloc_new failed\n");
2092 if (!(wksname
= generate_random_str_list(
2093 mem_ctx
, 14, "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"))) {
2094 torture_comment(torture
, "generate_random_str_list failed\n");
2098 if (!(torture_open_connection_share(
2100 torture
, torture_setting_string(torture
, "host", NULL
),
2101 "IPC$", torture
->ev
))) {
2102 torture_comment(torture
, "IPC$ connection failed\n");
2106 status
= pipe_bind_smb(torture
, mem_ctx
, cli
->tree
, "\\netlogon",
2107 &ndr_table_netlogon
, &net_pipe
);
2108 torture_assert_ntstatus_ok_goto(torture
, status
, result
, done
,
2109 "pipe_bind_smb failed");
2110 net_handle
= net_pipe
->binding_handle
;
2112 r
.in
.computer_name
= wksname
;
2113 r
.in
.server_name
= talloc_asprintf(
2114 mem_ctx
, "\\\\%s", dcerpc_server_name(net_pipe
));
2115 if (r
.in
.server_name
== NULL
) {
2116 torture_comment(torture
, "talloc_asprintf failed\n");
2119 generate_random_buffer(netr_cli_creds
.data
,
2120 sizeof(netr_cli_creds
.data
));
2121 r
.in
.credentials
= &netr_cli_creds
;
2122 r
.out
.return_credentials
= &netr_srv_creds
;
2124 status
= dcerpc_netr_ServerReqChallenge_r(net_handle
, mem_ctx
, &r
);
2125 if (!NT_STATUS_IS_OK(status
)) {
2126 torture_comment(torture
, "netr_ServerReqChallenge failed: %s\n",
2130 if (!NT_STATUS_IS_OK(r
.out
.result
)) {
2131 torture_comment(torture
, "netr_ServerReqChallenge failed: %s\n",
2132 nt_errstr(r
.out
.result
));
2136 negotiate_flags
= NETLOGON_NEG_AUTH2_FLAGS
;
2137 E_md4hash("foobar", mach_pw
.hash
);
2139 a
.in
.server_name
= talloc_asprintf(
2140 mem_ctx
, "\\\\%s", dcerpc_server_name(net_pipe
));
2141 a
.in
.account_name
= talloc_asprintf(
2142 mem_ctx
, "%s$", wksname
);
2143 a
.in
.computer_name
= wksname
;
2144 a
.in
.secure_channel_type
= SEC_CHAN_WKSTA
;
2145 a
.in
.negotiate_flags
= &negotiate_flags
;
2146 a
.out
.negotiate_flags
= &negotiate_flags
;
2147 a
.in
.credentials
= &netr_cred
;
2148 a
.out
.return_credentials
= &netr_cred
;
2150 creds_state
= netlogon_creds_client_init(mem_ctx
,
2153 a
.in
.secure_channel_type
,
2155 r
.out
.return_credentials
, &mach_pw
,
2156 &netr_cred
, negotiate_flags
);
2157 torture_assert(torture
, (creds_state
!= NULL
), "memory allocation failed");
2159 status
= dcerpc_netr_ServerAuthenticate2_r(net_handle
, mem_ctx
, &a
);
2160 if (!NT_STATUS_IS_OK(status
)) {
2163 if (!NT_STATUS_EQUAL(a
.out
.result
, NT_STATUS_NO_TRUST_SAM_ACCOUNT
)) {
2164 torture_comment(torture
, "dcerpc_netr_ServerAuthenticate2 returned %s, "
2165 "expected NT_STATUS_NO_TRUST_SAM_ACCOUNT\n",
2166 nt_errstr(a
.out
.result
));
2172 talloc_free(mem_ctx
);
2176 static struct security_descriptor
*get_sharesec(struct torture_context
*tctx
,
2177 TALLOC_CTX
*mem_ctx
,
2178 struct smbcli_session
*sess
,
2179 const char *sharename
)
2181 struct smbcli_tree
*tree
;
2182 TALLOC_CTX
*tmp_ctx
;
2183 struct dcerpc_pipe
*p
;
2184 struct dcerpc_binding_handle
*b
;
2186 struct srvsvc_NetShareGetInfo r
;
2187 union srvsvc_NetShareInfo info
;
2188 struct security_descriptor
*result
;
2190 if (!(tmp_ctx
= talloc_new(mem_ctx
))) {
2191 torture_comment(tctx
, "talloc_new failed\n");
2195 if (!NT_STATUS_IS_OK(secondary_tcon(tctx
, tmp_ctx
, sess
, "IPC$", &tree
))) {
2196 torture_comment(tctx
, "secondary_tcon failed\n");
2197 talloc_free(tmp_ctx
);
2201 status
= pipe_bind_smb(tctx
, mem_ctx
, tree
, "\\pipe\\srvsvc",
2202 &ndr_table_srvsvc
, &p
);
2203 if (!NT_STATUS_IS_OK(status
)) {
2204 torture_warning(tctx
, "could not bind to srvsvc pipe: %s\n",
2206 talloc_free(tmp_ctx
);
2209 b
= p
->binding_handle
;
2212 p
->conn
->flags
|= DCERPC_DEBUG_PRINT_IN
| DCERPC_DEBUG_PRINT_OUT
;
2215 r
.in
.server_unc
= talloc_asprintf(tmp_ctx
, "\\\\%s",
2216 dcerpc_server_name(p
));
2217 r
.in
.share_name
= sharename
;
2221 status
= dcerpc_srvsvc_NetShareGetInfo_r(b
, tmp_ctx
, &r
);
2222 if (!NT_STATUS_IS_OK(status
)) {
2223 torture_comment(tctx
, "srvsvc_NetShareGetInfo failed: %s\n",
2225 talloc_free(tmp_ctx
);
2228 if (!W_ERROR_IS_OK(r
.out
.result
)) {
2229 torture_comment(tctx
, "srvsvc_NetShareGetInfo failed: %s\n",
2230 win_errstr(r
.out
.result
));
2231 talloc_free(tmp_ctx
);
2235 result
= talloc_steal(mem_ctx
, info
.info502
->sd_buf
.sd
);
2236 talloc_free(tmp_ctx
);
2240 static NTSTATUS
set_sharesec(struct torture_context
*tctx
,
2241 TALLOC_CTX
*mem_ctx
,
2242 struct smbcli_session
*sess
,
2243 const char *sharename
,
2244 struct security_descriptor
*sd
)
2246 struct smbcli_tree
*tree
;
2247 TALLOC_CTX
*tmp_ctx
;
2248 struct dcerpc_pipe
*p
;
2249 struct dcerpc_binding_handle
*b
;
2251 struct sec_desc_buf i
;
2252 struct srvsvc_NetShareSetInfo r
;
2253 union srvsvc_NetShareInfo info
;
2256 if (!(tmp_ctx
= talloc_new(mem_ctx
))) {
2257 torture_comment(tctx
, "talloc_new failed\n");
2258 return NT_STATUS_NO_MEMORY
;
2261 if (!NT_STATUS_IS_OK(secondary_tcon(tctx
, tmp_ctx
, sess
, "IPC$", &tree
))) {
2262 torture_comment(tctx
, "secondary_tcon failed\n");
2263 talloc_free(tmp_ctx
);
2264 return NT_STATUS_UNSUCCESSFUL
;
2267 status
= pipe_bind_smb(tctx
, mem_ctx
, tree
, "\\pipe\\srvsvc",
2268 &ndr_table_srvsvc
, &p
);
2269 if (!NT_STATUS_IS_OK(status
)) {
2270 torture_warning(tctx
, "could not bind to srvsvc pipe: %s\n",
2272 talloc_free(tmp_ctx
);
2273 return NT_STATUS_UNSUCCESSFUL
;
2275 b
= p
->binding_handle
;
2278 p
->conn
->flags
|= DCERPC_DEBUG_PRINT_IN
| DCERPC_DEBUG_PRINT_OUT
;
2281 r
.in
.server_unc
= talloc_asprintf(tmp_ctx
, "\\\\%s",
2282 dcerpc_server_name(p
));
2283 r
.in
.share_name
= sharename
;
2288 r
.in
.parm_error
= &error
;
2290 status
= dcerpc_srvsvc_NetShareSetInfo_r(b
, tmp_ctx
, &r
);
2291 if (!NT_STATUS_IS_OK(status
)) {
2292 torture_comment(tctx
, "srvsvc_NetShareSetInfo failed: %s\n",
2295 if (!W_ERROR_IS_OK(r
.out
.result
)) {
2296 torture_comment(tctx
, "srvsvc_NetShareSetInfo failed: %s\n",
2297 win_errstr(r
.out
.result
));
2298 status
= werror_to_ntstatus(r
.out
.result
);
2300 talloc_free(tmp_ctx
);
2304 bool try_tcon(struct torture_context
*tctx
,
2305 TALLOC_CTX
*mem_ctx
,
2306 struct security_descriptor
*orig_sd
,
2307 struct smbcli_session
*session
,
2308 const char *sharename
, const struct dom_sid
*user_sid
,
2309 unsigned int access_mask
, NTSTATUS expected_tcon
,
2310 NTSTATUS expected_mkdir
)
2312 TALLOC_CTX
*tmp_ctx
;
2313 struct smbcli_tree
*rmdir_tree
, *tree
;
2314 struct dom_sid
*domain_sid
;
2316 struct security_descriptor
*sd
;
2320 if (!(tmp_ctx
= talloc_new(mem_ctx
))) {
2321 torture_comment(tctx
, "talloc_new failed\n");
2325 status
= secondary_tcon(tctx
, tmp_ctx
, session
, sharename
, &rmdir_tree
);
2326 if (!NT_STATUS_IS_OK(status
)) {
2327 torture_comment(tctx
, "first tcon to delete dir failed\n");
2328 talloc_free(tmp_ctx
);
2332 smbcli_rmdir(rmdir_tree
, "sharesec_testdir");
2334 if (!NT_STATUS_IS_OK(dom_sid_split_rid(tmp_ctx
, user_sid
,
2335 &domain_sid
, &rid
))) {
2336 torture_comment(tctx
, "dom_sid_split_rid failed\n");
2337 talloc_free(tmp_ctx
);
2341 sd
= security_descriptor_dacl_create(
2342 tmp_ctx
, 0, "S-1-5-32-544",
2343 dom_sid_string(mem_ctx
, dom_sid_add_rid(mem_ctx
, domain_sid
,
2345 dom_sid_string(mem_ctx
, user_sid
),
2346 SEC_ACE_TYPE_ACCESS_ALLOWED
, access_mask
, 0, NULL
);
2348 torture_comment(tctx
, "security_descriptor_dacl_create failed\n");
2349 talloc_free(tmp_ctx
);
2353 status
= set_sharesec(tctx
, mem_ctx
, session
, sharename
, sd
);
2354 if (!NT_STATUS_IS_OK(status
)) {
2355 torture_comment(tctx
, "custom set_sharesec failed: %s\n",
2357 talloc_free(tmp_ctx
);
2361 status
= secondary_tcon(tctx
, tmp_ctx
, session
, sharename
, &tree
);
2362 if (!NT_STATUS_EQUAL(status
, expected_tcon
)) {
2363 torture_comment(tctx
, "Expected %s, got %s\n", nt_errstr(expected_tcon
),
2369 if (!NT_STATUS_IS_OK(status
)) {
2370 /* An expected non-access, no point in trying to write */
2374 status
= smbcli_mkdir(tree
, "sharesec_testdir");
2375 if (!NT_STATUS_EQUAL(status
, expected_mkdir
)) {
2376 torture_warning(tctx
, "Expected %s, got %s\n",
2377 nt_errstr(expected_mkdir
), nt_errstr(status
));
2382 smbcli_rmdir(rmdir_tree
, "sharesec_testdir");
2384 status
= set_sharesec(tctx
, mem_ctx
, session
, sharename
, orig_sd
);
2385 if (!NT_STATUS_IS_OK(status
)) {
2386 torture_comment(tctx
, "custom set_sharesec failed: %s\n",
2388 talloc_free(tmp_ctx
);
2392 talloc_free(tmp_ctx
);
2396 static bool torture_samba3_rpc_sharesec(struct torture_context
*torture
)
2398 struct smbcli_state
*cli
= NULL
;
2399 struct security_descriptor
*sd
= NULL
;
2400 struct dom_sid
*user_sid
= NULL
;
2401 const char *testuser_passwd
= NULL
;
2402 struct cli_credentials
*test_credentials
= NULL
;
2403 struct smbcli_options options
;
2404 struct smbcli_session_options session_options
;
2406 struct test_join
*tj
= NULL
;
2407 struct dcerpc_pipe
*lsa_pipe
= NULL
;
2408 const char *priv_array
[1];
2410 /* Create a new user. The normal user has SeBackup and SeRestore
2411 privs so we can't lock them out with a share security descriptor. */
2412 tj
= torture_create_testuser(torture
,
2414 torture_setting_string(torture
, "workgroup", NULL
),
2418 torture_fail(torture
, "Creating sharesec_user failed\n");
2421 /* Give them SeDiskOperatorPrivilege but no other privs. */
2422 status
= torture_rpc_connection(torture
, &lsa_pipe
, &ndr_table_lsarpc
);
2423 if (!NT_STATUS_IS_OK(status
)) {
2424 torture_delete_testuser(torture
, tj
, "sharesec_user");
2426 torture_fail(torture
, "Error connecting to LSA pipe");
2429 priv_array
[0] = "SeDiskOperatorPrivilege";
2430 if (!torture_setup_privs(torture
,
2434 torture_join_user_sid(tj
))) {
2435 talloc_free(lsa_pipe
);
2436 torture_delete_testuser(torture
, tj
, "sharesec_user");
2438 torture_fail(torture
, "Failed to setup privs\n");
2440 talloc_free(lsa_pipe
);
2442 test_credentials
= cli_credentials_init(torture
);
2443 cli_credentials_set_workstation(test_credentials
, "localhost", CRED_SPECIFIED
);
2444 cli_credentials_set_domain(test_credentials
, lpcfg_workgroup(torture
->lp_ctx
),
2446 cli_credentials_set_username(test_credentials
, "sharesec_user", CRED_SPECIFIED
);
2447 cli_credentials_set_password(test_credentials
, testuser_passwd
, CRED_SPECIFIED
);
2449 ZERO_STRUCT(options
);
2450 ZERO_STRUCT(session_options
);
2451 lpcfg_smbcli_options(torture
->lp_ctx
, &options
);
2452 lpcfg_smbcli_session_options(torture
->lp_ctx
, &session_options
);
2454 status
= smbcli_full_connection(torture
,
2456 torture_setting_string(torture
, "host", NULL
),
2457 lpcfg_smb_ports(torture
->lp_ctx
),
2460 lpcfg_socket_options(torture
->lp_ctx
),
2462 lpcfg_resolve_context(torture
->lp_ctx
),
2466 lpcfg_gensec_settings(torture
, torture
->lp_ctx
));
2467 if (!NT_STATUS_IS_OK(status
)) {
2469 torture_delete_testuser(torture
, tj
, "sharesec_user");
2471 torture_fail(torture
, "Failed to open connection\n");
2474 if (!(user_sid
= whoami(torture
, torture
, cli
->tree
))) {
2476 torture_delete_testuser(torture
, tj
, "sharesec_user");
2478 torture_fail(torture
, "whoami failed\n");
2481 sd
= get_sharesec(torture
, torture
, cli
->session
,
2482 torture_setting_string(torture
, "share", NULL
));
2484 if (!try_tcon(torture
, torture
, sd
, cli
->session
,
2485 torture_setting_string(torture
, "share", NULL
),
2486 user_sid
, 0, NT_STATUS_ACCESS_DENIED
, NT_STATUS_OK
)) {
2488 torture_delete_testuser(torture
, tj
, "sharesec_user");
2490 torture_fail(torture
, "failed to test tcon with 0 access_mask");
2493 if (!try_tcon(torture
, torture
, sd
, cli
->session
,
2494 torture_setting_string(torture
, "share", NULL
),
2495 user_sid
, SEC_FILE_READ_DATA
, NT_STATUS_OK
,
2496 NT_STATUS_MEDIA_WRITE_PROTECTED
)) {
2498 torture_delete_testuser(torture
, tj
, "sharesec_user");
2500 torture_fail(torture
, "failed to test tcon with SEC_FILE_READ_DATA access_mask");
2503 /* sharesec_user doesn't have any rights on the underlying file system.
2504 Go back to the normal user. */
2508 torture_delete_testuser(torture
, tj
, "sharesec_user");
2512 if (!(torture_open_connection_share(
2513 torture
, &cli
, torture
, torture_setting_string(torture
, "host", NULL
),
2514 "IPC$", torture
->ev
))) {
2515 torture_fail(torture
, "IPC$ connection failed\n");
2518 if (!(user_sid
= whoami(torture
, torture
, cli
->tree
))) {
2519 torture_fail(torture
, "whoami failed\n");
2521 torture_assert(torture
, try_tcon(
2522 torture
, torture
, sd
, cli
->session
,
2523 torture_setting_string(torture
, "share", NULL
),
2524 user_sid
, SEC_FILE_ALL
, NT_STATUS_OK
, NT_STATUS_OK
),
2525 "failed to test tcon with SEC_FILE_ALL access_mask")
2530 static bool torture_samba3_rpc_lsa(struct torture_context
*torture
)
2532 struct dcerpc_pipe
*p
;
2533 struct dcerpc_binding_handle
*b
;
2534 struct policy_handle lsa_handle
;
2536 torture_assert_ntstatus_ok(torture
,
2537 torture_rpc_connection(torture
, &p
, &ndr_table_lsarpc
),
2538 "failed to setup lsarpc");
2540 b
= p
->binding_handle
;
2543 struct lsa_ObjectAttribute attr
;
2544 struct lsa_OpenPolicy2 o
;
2545 o
.in
.system_name
= talloc_asprintf(
2546 torture
, "\\\\%s", dcerpc_server_name(p
));
2549 o
.in
.access_mask
= SEC_FLAG_MAXIMUM_ALLOWED
;
2550 o
.out
.handle
= &lsa_handle
;
2552 torture_assert_ntstatus_ok(torture
,
2553 dcerpc_lsa_OpenPolicy2_r(b
, torture
, &o
),
2554 "dcerpc_lsa_OpenPolicy2 failed");
2555 torture_assert_ntstatus_ok(torture
, o
.out
.result
,
2556 "dcerpc_lsa_OpenPolicy2 failed");
2561 int levels
[] = { 2,3,5,6 };
2563 for (i
=0; i
<ARRAY_SIZE(levels
); i
++) {
2564 struct lsa_QueryInfoPolicy r
;
2565 union lsa_PolicyInformation
*info
= NULL
;
2566 r
.in
.handle
= &lsa_handle
;
2567 r
.in
.level
= levels
[i
];
2570 torture_assert_ntstatus_ok(torture
,
2571 dcerpc_lsa_QueryInfoPolicy_r(b
, torture
, &r
),
2572 talloc_asprintf(torture
, "dcerpc_lsa_QueryInfoPolicy level %d failed", levels
[i
]));
2573 torture_assert_ntstatus_ok(torture
, r
.out
.result
,
2574 talloc_asprintf(torture
, "dcerpc_lsa_QueryInfoPolicy level %d failed", levels
[i
]));
2581 static NTSTATUS
get_servername(TALLOC_CTX
*mem_ctx
, struct smbcli_tree
*tree
,
2584 struct rap_WserverGetInfo r
;
2586 char servername
[17];
2587 size_t converted_size
;
2590 r
.in
.bufsize
= 0xffff;
2592 status
= smbcli_rap_netservergetinfo(tree
, mem_ctx
, &r
);
2593 if (!NT_STATUS_IS_OK(status
)) {
2597 memcpy(servername
, r
.out
.info
.info0
.name
, 16);
2598 servername
[16] = '\0';
2600 if (!pull_ascii_talloc(mem_ctx
, name
, servername
, &converted_size
)) {
2601 return NT_STATUS_NO_MEMORY
;
2604 return NT_STATUS_OK
;
2607 static bool rap_get_servername(struct torture_context
*tctx
,
2610 struct smbcli_state
*cli
;
2612 torture_assert(tctx
,
2613 torture_open_connection_share(tctx
, &cli
, tctx
, torture_setting_string(tctx
, "host", NULL
),
2615 "IPC$ connection failed");
2617 torture_assert_ntstatus_ok(tctx
,
2618 get_servername(tctx
, cli
->tree
, servername
),
2619 "get_servername failed");
2626 static bool find_printers(struct torture_context
*tctx
,
2627 struct dcerpc_pipe
*p
,
2628 const char ***printers
,
2629 size_t *num_printers
)
2631 struct srvsvc_NetShareEnum r
;
2632 struct srvsvc_NetShareInfoCtr info_ctr
;
2633 struct srvsvc_NetShareCtr1 c1_in
;
2634 struct srvsvc_NetShareCtr1
*c1
;
2635 uint32_t totalentries
= 0;
2637 struct dcerpc_binding_handle
*b
= p
->binding_handle
;
2641 info_ctr
.ctr
.ctr1
= &c1_in
;
2643 r
.in
.server_unc
= talloc_asprintf(
2644 tctx
, "\\\\%s", dcerpc_server_name(p
));
2645 r
.in
.info_ctr
= &info_ctr
;
2646 r
.in
.max_buffer
= (uint32_t)-1;
2647 r
.in
.resume_handle
= NULL
;
2648 r
.out
.totalentries
= &totalentries
;
2649 r
.out
.info_ctr
= &info_ctr
;
2651 torture_assert_ntstatus_ok(tctx
,
2652 dcerpc_srvsvc_NetShareEnum_r(b
, tctx
, &r
),
2653 "NetShareEnum level 1 failed");
2654 torture_assert_werr_ok(tctx
, r
.out
.result
,
2655 "NetShareEnum level 1 failed");
2659 c1
= r
.out
.info_ctr
->ctr
.ctr1
;
2660 for (i
=0; i
<c1
->count
; i
++) {
2661 if (c1
->array
[i
].type
!= STYPE_PRINTQ
) {
2664 if (!add_string_to_array(tctx
, c1
->array
[i
].name
,
2665 printers
, num_printers
)) {
2673 static bool enumprinters(struct torture_context
*tctx
,
2674 struct dcerpc_binding_handle
*b
,
2675 const char *servername
, int level
, int *num_printers
)
2677 struct spoolss_EnumPrinters r
;
2681 union spoolss_PrinterInfo
*info
;
2683 r
.in
.flags
= PRINTER_ENUM_LOCAL
;
2684 r
.in
.server
= talloc_asprintf(tctx
, "\\\\%s", servername
);
2688 r
.out
.needed
= &needed
;
2689 r
.out
.count
= &count
;
2692 torture_assert_ntstatus_ok(tctx
,
2693 dcerpc_spoolss_EnumPrinters_r(b
, tctx
, &r
),
2694 "dcerpc_spoolss_EnumPrinters failed");
2695 torture_assert_werr_equal(tctx
, r
.out
.result
, WERR_INSUFFICIENT_BUFFER
,
2696 "EnumPrinters unexpected return code should be WERR_INSUFFICIENT_BUFFER");
2698 blob
= data_blob_talloc_zero(tctx
, needed
);
2699 if (blob
.data
== NULL
) {
2703 r
.in
.buffer
= &blob
;
2704 r
.in
.offered
= needed
;
2706 torture_assert_ntstatus_ok(tctx
,
2707 dcerpc_spoolss_EnumPrinters_r(b
, tctx
, &r
),
2708 "dcerpc_spoolss_EnumPrinters failed");
2709 torture_assert_werr_ok(tctx
, r
.out
.result
,
2710 "dcerpc_spoolss_EnumPrinters failed");
2712 *num_printers
= count
;
2717 static bool getprinterinfo(struct torture_context
*tctx
,
2718 struct dcerpc_binding_handle
*b
,
2719 struct policy_handle
*handle
, int level
,
2720 union spoolss_PrinterInfo
**res
)
2722 struct spoolss_GetPrinter r
;
2726 r
.in
.handle
= handle
;
2730 r
.out
.needed
= &needed
;
2732 torture_assert_ntstatus_ok(tctx
,
2733 dcerpc_spoolss_GetPrinter_r(b
, tctx
, &r
),
2734 "dcerpc_spoolss_GetPrinter failed");
2735 torture_assert_werr_equal(tctx
, r
.out
.result
, WERR_INSUFFICIENT_BUFFER
,
2736 "GetPrinter unexpected return code should be WERR_INSUFFICIENT_BUFFER");
2738 r
.in
.handle
= handle
;
2740 blob
= data_blob_talloc_zero(tctx
, needed
);
2741 if (blob
.data
== NULL
) {
2744 r
.in
.buffer
= &blob
;
2745 r
.in
.offered
= needed
;
2747 torture_assert_ntstatus_ok(tctx
,
2748 dcerpc_spoolss_GetPrinter_r(b
, tctx
, &r
),
2749 "dcerpc_spoolss_GetPrinter failed");
2750 torture_assert_werr_ok(tctx
, r
.out
.result
,
2751 "dcerpc_spoolss_GetPrinter failed");
2754 *res
= talloc_steal(tctx
, r
.out
.info
);
2760 static bool torture_samba3_rpc_spoolss(struct torture_context
*torture
)
2762 struct dcerpc_pipe
*p
, *p2
;
2763 struct dcerpc_binding_handle
*b
;
2764 struct policy_handle server_handle
, printer_handle
;
2765 const char **printers
;
2766 size_t num_printers
;
2767 struct spoolss_UserLevel1 userlevel1
;
2770 torture_assert(torture
,
2771 rap_get_servername(torture
, &servername
),
2772 "failed to rap servername");
2774 torture_assert_ntstatus_ok(torture
,
2775 torture_rpc_connection(torture
, &p2
, &ndr_table_srvsvc
),
2776 "failed to setup srvsvc");
2778 torture_assert(torture
,
2779 find_printers(torture
, p2
, &printers
, &num_printers
),
2780 "failed to find printers via srvsvc");
2784 if (num_printers
== 0) {
2785 torture_skip(torture
, "Did not find printers\n");
2789 torture_assert_ntstatus_ok(torture
,
2790 torture_rpc_connection(torture
, &p
, &ndr_table_spoolss
),
2791 "failed to setup spoolss");
2793 b
= p
->binding_handle
;
2795 ZERO_STRUCT(userlevel1
);
2796 userlevel1
.client
= talloc_asprintf(
2797 torture
, "\\\\%s", lpcfg_netbios_name(torture
->lp_ctx
));
2798 userlevel1
.user
= cli_credentials_get_username(
2799 popt_get_cmdline_credentials());
2800 userlevel1
.build
= 2600;
2801 userlevel1
.major
= 3;
2802 userlevel1
.minor
= 0;
2803 userlevel1
.processor
= 0;
2806 struct spoolss_OpenPrinterEx r
;
2809 r
.in
.printername
= talloc_asprintf(torture
, "\\\\%s",
2811 r
.in
.datatype
= NULL
;
2812 r
.in
.access_mask
= 0;
2813 r
.in
.userlevel_ctr
.level
= 1;
2814 r
.in
.userlevel_ctr
.user_info
.level1
= &userlevel1
;
2815 r
.out
.handle
= &server_handle
;
2817 torture_assert_ntstatus_ok(torture
,
2818 dcerpc_spoolss_OpenPrinterEx_r(b
, torture
, &r
),
2819 "dcerpc_spoolss_OpenPrinterEx failed");
2820 torture_assert_werr_ok(torture
, r
.out
.result
,
2821 "dcerpc_spoolss_OpenPrinterEx failed");
2825 struct spoolss_ClosePrinter r
;
2827 r
.in
.handle
= &server_handle
;
2828 r
.out
.handle
= &server_handle
;
2830 torture_assert_ntstatus_ok(torture
,
2831 dcerpc_spoolss_ClosePrinter_r(b
, torture
, &r
),
2832 "dcerpc_spoolss_ClosePrinter failed");
2833 torture_assert_werr_ok(torture
, r
.out
.result
,
2834 "dcerpc_spoolss_ClosePrinter failed");
2838 struct spoolss_OpenPrinterEx r
;
2841 r
.in
.printername
= talloc_asprintf(
2842 torture
, "\\\\%s\\%s", servername
, printers
[0]);
2843 r
.in
.datatype
= NULL
;
2844 r
.in
.access_mask
= 0;
2845 r
.in
.userlevel_ctr
.level
= 1;
2846 r
.in
.userlevel_ctr
.user_info
.level1
= &userlevel1
;
2847 r
.out
.handle
= &printer_handle
;
2849 torture_assert_ntstatus_ok(torture
,
2850 dcerpc_spoolss_OpenPrinterEx_r(b
, torture
, &r
),
2851 "dcerpc_spoolss_OpenPrinterEx failed");
2852 torture_assert_werr_ok(torture
, r
.out
.result
,
2853 "dcerpc_spoolss_OpenPrinterEx failed");
2859 for (i
=0; i
<8; i
++) {
2860 torture_assert(torture
,
2861 getprinterinfo(torture
, b
, &printer_handle
, i
, NULL
),
2862 talloc_asprintf(torture
, "getprinterinfo %d failed", i
));
2867 struct spoolss_ClosePrinter r
;
2869 r
.in
.handle
= &printer_handle
;
2870 r
.out
.handle
= &printer_handle
;
2872 torture_assert_ntstatus_ok(torture
,
2873 dcerpc_spoolss_ClosePrinter_r(b
, torture
, &r
),
2874 "dcerpc_spoolss_ClosePrinter failed");
2875 torture_assert_werr_ok(torture
, r
.out
.result
,
2876 "dcerpc_spoolss_ClosePrinter failed");
2882 torture_assert(torture
,
2883 enumprinters(torture
, b
, servername
, 1, &num_enumerated
),
2884 "enumprinters failed");
2886 torture_assert_int_equal(torture
, num_printers
, num_enumerated
,
2887 "netshareenum / enumprinters lvl 1 numprinter mismatch");
2893 torture_assert(torture
,
2894 enumprinters(torture
, b
, servername
, 2, &num_enumerated
),
2895 "enumprinters failed");
2897 torture_assert_int_equal(torture
, num_printers
, num_enumerated
,
2898 "netshareenum / enumprinters lvl 2 numprinter mismatch");
2904 static bool torture_samba3_rpc_wkssvc(struct torture_context
*torture
)
2906 struct dcerpc_pipe
*p
;
2907 struct dcerpc_binding_handle
*b
;
2910 torture_assert(torture
,
2911 rap_get_servername(torture
, &servername
),
2912 "failed to rap servername");
2914 torture_assert_ntstatus_ok(torture
,
2915 torture_rpc_connection(torture
, &p
, &ndr_table_wkssvc
),
2916 "failed to setup wkssvc");
2918 b
= p
->binding_handle
;
2921 struct wkssvc_NetWkstaInfo100 wks100
;
2922 union wkssvc_NetWkstaInfo info
;
2923 struct wkssvc_NetWkstaGetInfo r
;
2925 r
.in
.server_name
= "\\foo";
2927 info
.info100
= &wks100
;
2930 torture_assert_ntstatus_ok(torture
,
2931 dcerpc_wkssvc_NetWkstaGetInfo_r(b
, torture
, &r
),
2932 "dcerpc_wkssvc_NetWksGetInfo failed");
2933 torture_assert_werr_ok(torture
, r
.out
.result
,
2934 "dcerpc_wkssvc_NetWksGetInfo failed");
2936 torture_assert_str_equal(torture
, servername
, r
.out
.info
->info100
->server_name
,
2937 "servername RAP / DCERPC inconsistency");
2943 static bool winreg_close(struct torture_context
*tctx
,
2944 struct dcerpc_binding_handle
*b
,
2945 struct policy_handle
*handle
)
2947 struct winreg_CloseKey c
;
2949 c
.in
.handle
= c
.out
.handle
= handle
;
2951 torture_assert_ntstatus_ok(tctx
,
2952 dcerpc_winreg_CloseKey_r(b
, tctx
, &c
),
2953 "winreg_CloseKey failed");
2954 torture_assert_werr_ok(tctx
, c
.out
.result
,
2955 "winreg_CloseKey failed");
2960 static bool enumvalues(struct torture_context
*tctx
,
2961 struct dcerpc_binding_handle
*b
,
2962 struct policy_handle
*handle
)
2964 uint32_t enum_index
= 0;
2967 struct winreg_EnumValue r
;
2968 struct winreg_ValNameBuf name
;
2969 enum winreg_Type type
= 0;
2972 uint32_t size
, length
;
2975 r
.in
.handle
= handle
;
2976 r
.in
.enum_index
= enum_index
;
2979 r
.in
.name
= r
.out
.name
= &name
;
2985 r
.in
.length
= &length
;
2987 status
= dcerpc_winreg_EnumValue_r(b
, tctx
, &r
);
2988 if (!NT_STATUS_IS_OK(status
) || !W_ERROR_IS_OK(r
.out
.result
)) {
2995 static bool enumkeys(struct torture_context
*tctx
,
2996 struct dcerpc_binding_handle
*b
,
2997 struct policy_handle
*handle
,
3000 struct winreg_EnumKey r
;
3001 struct winreg_StringBuf kclass
, name
;
3012 r
.in
.handle
= handle
;
3013 r
.in
.enum_index
= 0;
3015 r
.in
.keyclass
= &kclass
;
3017 r
.in
.last_changed_time
= &t
;
3020 struct winreg_OpenKey o
;
3021 struct policy_handle key_handle
;
3027 status
= dcerpc_winreg_EnumKey_r(b
, tctx
, &r
);
3028 if (!NT_STATUS_IS_OK(status
) || !W_ERROR_IS_OK(r
.out
.result
)) {
3029 /* We're done enumerating */
3033 for (i
=0; i
<10-depth
; i
++) {
3034 torture_comment(tctx
, " ");
3036 torture_comment(tctx
, "%s\n", r
.out
.name
->name
);
3038 o
.in
.parent_handle
= handle
;
3039 o
.in
.keyname
.name
= r
.out
.name
->name
;
3041 o
.in
.access_mask
= SEC_FLAG_MAXIMUM_ALLOWED
;
3042 o
.out
.handle
= &key_handle
;
3044 status
= dcerpc_winreg_OpenKey_r(b
, tctx
, &o
);
3045 if (NT_STATUS_IS_OK(status
) && W_ERROR_IS_OK(o
.out
.result
)) {
3046 enumkeys(tctx
, b
, &key_handle
, depth
-1);
3047 enumvalues(tctx
, b
, &key_handle
);
3048 torture_assert(tctx
, winreg_close(tctx
, b
, &key_handle
), "");
3051 r
.in
.enum_index
+= 1;
3057 typedef NTSTATUS (*winreg_open_fn
)(struct dcerpc_binding_handle
*, TALLOC_CTX
*, void *);
3059 static bool test_Open3(struct torture_context
*tctx
,
3060 struct dcerpc_binding_handle
*b
,
3061 const char *name
, winreg_open_fn open_fn
)
3063 struct policy_handle handle
;
3064 struct winreg_OpenHKLM r
;
3066 r
.in
.system_name
= 0;
3067 r
.in
.access_mask
= SEC_FLAG_MAXIMUM_ALLOWED
;
3068 r
.out
.handle
= &handle
;
3070 torture_assert_ntstatus_ok(tctx
,
3071 open_fn(b
, tctx
, &r
),
3072 talloc_asprintf(tctx
, "%s failed", name
));
3073 torture_assert_werr_ok(tctx
, r
.out
.result
,
3074 talloc_asprintf(tctx
, "%s failed", name
));
3076 enumkeys(tctx
, b
, &handle
, 4);
3078 torture_assert(tctx
,
3079 winreg_close(tctx
, b
, &handle
),
3080 "dcerpc_CloseKey failed");
3085 static bool torture_samba3_rpc_winreg(struct torture_context
*torture
)
3087 struct dcerpc_pipe
*p
;
3088 struct dcerpc_binding_handle
*b
;
3094 {"OpenHKLM", (winreg_open_fn
)dcerpc_winreg_OpenHKLM_r
},
3095 {"OpenHKU", (winreg_open_fn
)dcerpc_winreg_OpenHKU_r
},
3096 {"OpenHKPD", (winreg_open_fn
)dcerpc_winreg_OpenHKPD_r
},
3097 {"OpenHKPT", (winreg_open_fn
)dcerpc_winreg_OpenHKPT_r
},
3098 {"OpenHKCR", (winreg_open_fn
)dcerpc_winreg_OpenHKCR_r
}};
3103 torture_assert_ntstatus_ok(torture
,
3104 torture_rpc_connection(torture
, &p
, &ndr_table_winreg
),
3105 "failed to setup winreg");
3107 b
= p
->binding_handle
;
3110 ret
= test_Open3(torture
, b
, open_fns
[0].name
, open_fns
[0].fn
);
3112 for (i
= 0; i
< ARRAY_SIZE(open_fns
); i
++) {
3113 if (!test_Open3(torture
, b
, open_fns
[i
].name
, open_fns
[i
].fn
))
3120 static bool get_shareinfo(struct torture_context
*tctx
,
3121 struct dcerpc_binding_handle
*b
,
3122 const char *servername
,
3124 struct srvsvc_NetShareInfo502
**info502
)
3126 struct srvsvc_NetShareGetInfo r
;
3127 union srvsvc_NetShareInfo info
;
3129 r
.in
.server_unc
= talloc_asprintf(tctx
, "\\\\%s", servername
);
3130 r
.in
.share_name
= share
;
3134 torture_assert_ntstatus_ok(tctx
,
3135 dcerpc_srvsvc_NetShareGetInfo_r(b
, tctx
, &r
),
3136 "srvsvc_NetShareGetInfo failed");
3137 torture_assert_werr_ok(tctx
, r
.out
.result
,
3138 "srvsvc_NetShareGetInfo failed");
3140 *info502
= talloc_move(tctx
, &info
.info502
);
3146 * Get us a handle on HKLM\
3149 static bool get_hklm_handle(struct torture_context
*tctx
,
3150 struct dcerpc_binding_handle
*b
,
3151 struct policy_handle
*handle
)
3153 struct winreg_OpenHKLM r
;
3154 struct policy_handle result
;
3156 r
.in
.system_name
= 0;
3157 r
.in
.access_mask
= SEC_FLAG_MAXIMUM_ALLOWED
;
3158 r
.out
.handle
= &result
;
3160 torture_assert_ntstatus_ok(tctx
,
3161 dcerpc_winreg_OpenHKLM_r(b
, tctx
, &r
),
3163 torture_assert_werr_ok(tctx
, r
.out
.result
,
3171 static bool torture_samba3_createshare(struct torture_context
*tctx
,
3172 struct dcerpc_binding_handle
*b
,
3173 const char *sharename
)
3175 struct policy_handle hklm
;
3176 struct policy_handle new_handle
;
3177 struct winreg_CreateKey c
;
3178 struct winreg_CloseKey cl
;
3179 enum winreg_CreateAction action_taken
= REG_ACTION_NONE
;
3184 ZERO_STRUCT(new_handle
);
3186 c
.in
.handle
= &hklm
;
3187 c
.in
.name
.name
= talloc_asprintf(
3188 tctx
, "software\\samba\\smbconf\\%s", sharename
);
3189 torture_assert(tctx
, c
.in
.name
.name
, "talloc_asprintf failed");
3191 c
.in
.keyclass
.name
= "";
3193 c
.in
.access_mask
= SEC_FLAG_MAXIMUM_ALLOWED
;
3194 c
.in
.secdesc
= NULL
;
3195 c
.in
.action_taken
= &action_taken
;
3196 c
.out
.new_handle
= &new_handle
;
3197 c
.out
.action_taken
= &action_taken
;
3199 torture_assert_ntstatus_ok(tctx
,
3200 dcerpc_winreg_CreateKey_r(b
, tctx
, &c
),
3202 torture_assert_werr_ok(tctx
, c
.out
.result
,
3205 cl
.in
.handle
= &new_handle
;
3206 cl
.out
.handle
= &new_handle
;
3208 torture_assert_ntstatus_ok(tctx
,
3209 dcerpc_winreg_CloseKey_r(b
, tctx
, &cl
),
3211 torture_assert_werr_ok(tctx
, cl
.out
.result
,
3217 static bool torture_samba3_deleteshare(struct torture_context
*tctx
,
3218 struct dcerpc_binding_handle
*b
,
3219 const char *sharename
)
3221 struct policy_handle hklm
;
3222 struct winreg_DeleteKey d
;
3224 torture_assert(tctx
,
3225 get_hklm_handle(tctx
, b
, &hklm
),
3226 "get_hklm_handle failed");
3228 d
.in
.handle
= &hklm
;
3229 d
.in
.key
.name
= talloc_asprintf(
3230 tctx
, "software\\samba\\smbconf\\%s", sharename
);
3231 torture_assert(tctx
, d
.in
.key
.name
, "talloc_asprintf failed");
3233 torture_assert_ntstatus_ok(tctx
,
3234 dcerpc_winreg_DeleteKey_r(b
, tctx
, &d
),
3235 "DeleteKey failed");
3236 torture_assert_werr_ok(tctx
, d
.out
.result
,
3237 "DeleteKey failed");
3242 static bool torture_samba3_setconfig(struct torture_context
*tctx
,
3243 struct dcerpc_binding_handle
*b
,
3244 const char *sharename
,
3245 const char *parameter
,
3248 struct policy_handle hklm
, key_handle
;
3249 struct winreg_OpenKey o
;
3250 struct winreg_SetValue s
;
3254 torture_assert(tctx
,
3255 get_hklm_handle(tctx
, b
, &hklm
),
3256 "get_hklm_handle failed");
3258 o
.in
.parent_handle
= &hklm
;
3259 o
.in
.keyname
.name
= talloc_asprintf(
3260 tctx
, "software\\samba\\smbconf\\%s", sharename
);
3261 torture_assert(tctx
, o
.in
.keyname
.name
, "talloc_asprintf failed");
3264 o
.in
.access_mask
= SEC_FLAG_MAXIMUM_ALLOWED
;
3265 o
.out
.handle
= &key_handle
;
3267 torture_assert_ntstatus_ok(tctx
,
3268 dcerpc_winreg_OpenKey_r(b
, tctx
, &o
),
3270 torture_assert_werr_ok(tctx
, o
.out
.result
,
3273 torture_assert(tctx
,
3274 reg_string_to_val(tctx
, "REG_SZ", value
, &type
, &val
),
3275 "reg_string_to_val failed");
3277 s
.in
.handle
= &key_handle
;
3278 s
.in
.name
.name
= parameter
;
3280 s
.in
.data
= val
.data
;
3281 s
.in
.size
= val
.length
;
3283 torture_assert_ntstatus_ok(tctx
,
3284 dcerpc_winreg_SetValue_r(b
, tctx
, &s
),
3286 torture_assert_werr_ok(tctx
, s
.out
.result
,
3292 static bool torture_samba3_regconfig(struct torture_context
*torture
)
3294 struct srvsvc_NetShareInfo502
*i
= NULL
;
3295 const char *comment
= "Dummer Kommentar";
3296 struct dcerpc_pipe
*srvsvc_pipe
, *winreg_pipe
;
3298 torture_assert_ntstatus_ok(torture
,
3299 torture_rpc_connection(torture
, &srvsvc_pipe
, &ndr_table_srvsvc
),
3300 "failed to setup srvsvc");
3302 torture_assert_ntstatus_ok(torture
,
3303 torture_rpc_connection(torture
, &winreg_pipe
, &ndr_table_winreg
),
3304 "failed to setup winreg");
3306 torture_assert(torture
,
3307 torture_samba3_createshare(torture
, winreg_pipe
->binding_handle
, "blubber"),
3308 "torture_samba3_createshare failed");
3310 torture_assert(torture
,
3311 torture_samba3_setconfig(torture
, winreg_pipe
->binding_handle
, "blubber", "comment", comment
),
3312 "torture_samba3_setconfig failed");
3314 torture_assert(torture
,
3315 get_shareinfo(torture
, srvsvc_pipe
->binding_handle
, dcerpc_server_name(srvsvc_pipe
), "blubber", &i
),
3316 "get_shareinfo failed");
3318 torture_assert_str_equal(torture
, comment
, i
->comment
,
3319 "got unexpected comment");
3321 torture_assert(torture
,
3322 torture_samba3_deleteshare(torture
, winreg_pipe
->binding_handle
, "blubber"),
3323 "torture_samba3_deleteshare failed");
3329 * Test that even with a result of 0 rids the array is returned as a
3330 * non-NULL pointer. Yes, XP does notice.
3333 bool torture_samba3_getaliasmembership_0(struct torture_context
*torture
)
3335 struct dcerpc_pipe
*p
;
3336 struct dcerpc_binding_handle
*b
;
3337 struct samr_Connect2 c
;
3338 struct samr_OpenDomain o
;
3340 struct lsa_SidPtr ptr
;
3341 struct lsa_SidArray sids
;
3342 struct samr_GetAliasMembership g
;
3343 struct samr_Ids rids
;
3344 struct policy_handle samr
, domain
;
3346 torture_assert_ntstatus_ok(torture
,
3347 torture_rpc_connection(torture
, &p
, &ndr_table_samr
),
3348 "failed to setup samr");
3350 b
= p
->binding_handle
;
3352 c
.in
.system_name
= NULL
;
3353 c
.in
.access_mask
= SAMR_ACCESS_LOOKUP_DOMAIN
;
3354 c
.out
.connect_handle
= &samr
;
3355 torture_assert_ntstatus_ok(torture
,
3356 dcerpc_samr_Connect2_r(b
, torture
, &c
),
3358 torture_assert_ntstatus_ok(torture
, c
.out
.result
,
3360 dom_sid_parse("S-1-5-32", &sid
);
3361 o
.in
.connect_handle
= &samr
;
3362 o
.in
.access_mask
= SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS
;
3364 o
.out
.domain_handle
= &domain
;
3365 torture_assert_ntstatus_ok(torture
,
3366 dcerpc_samr_OpenDomain_r(b
, torture
, &o
),
3368 torture_assert_ntstatus_ok(torture
, o
.out
.result
,
3370 dom_sid_parse("S-1-2-3-4-5", &sid
);
3374 g
.in
.domain_handle
= &domain
;
3377 torture_assert_ntstatus_ok(torture
,
3378 dcerpc_samr_GetAliasMembership_r(b
, torture
, &g
),
3380 torture_assert_ntstatus_ok(torture
, g
.out
.result
,
3382 if (rids
.ids
== NULL
) {
3383 /* This is the piece to test here */
3384 torture_fail(torture
,
3385 "torture_samba3_getaliasmembership_0: "
3386 "Server returns NULL rids array\n");
3393 * Test smb reauthentication while rpc pipe is in use.
3395 static bool torture_rpc_smb_reauth1(struct torture_context
*torture
)
3397 TALLOC_CTX
*mem_ctx
;
3400 struct smbcli_state
*cli
;
3401 struct smbcli_options options
;
3402 struct smbcli_session_options session_options
;
3404 struct dcerpc_pipe
*lsa_pipe
;
3405 struct dcerpc_binding_handle
*lsa_handle
;
3406 struct lsa_GetUserName r
;
3407 struct lsa_String
*authority_name_p
= NULL
;
3408 char *authority_name_saved
= NULL
;
3409 struct lsa_String
*account_name_p
= NULL
;
3410 char *account_name_saved
= NULL
;
3411 struct cli_credentials
*anon_creds
= NULL
;
3412 struct smb_composite_sesssetup io
;
3414 mem_ctx
= talloc_init("torture_samba3_reauth");
3415 torture_assert(torture
, (mem_ctx
!= NULL
), "talloc_init failed");
3417 lpcfg_smbcli_options(torture
->lp_ctx
, &options
);
3418 lpcfg_smbcli_session_options(torture
->lp_ctx
, &session_options
);
3420 status
= smbcli_full_connection(mem_ctx
, &cli
,
3421 torture_setting_string(torture
, "host", NULL
),
3422 lpcfg_smb_ports(torture
->lp_ctx
),
3424 lpcfg_socket_options(torture
->lp_ctx
),
3425 popt_get_cmdline_credentials(),
3426 lpcfg_resolve_context(torture
->lp_ctx
),
3427 torture
->ev
, &options
, &session_options
,
3428 lpcfg_gensec_settings(torture
, torture
->lp_ctx
));
3429 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
3430 "smbcli_full_connection failed");
3432 status
= pipe_bind_smb(torture
, mem_ctx
, cli
->tree
, "\\lsarpc",
3433 &ndr_table_lsarpc
, &lsa_pipe
);
3434 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
3435 "pipe_bind_smb failed");
3436 lsa_handle
= lsa_pipe
->binding_handle
;
3438 /* lsa getusername */
3441 r
.in
.system_name
= "\\";
3442 r
.in
.account_name
= &account_name_p
;
3443 r
.in
.authority_name
= &authority_name_p
;
3444 r
.out
.account_name
= &account_name_p
;
3446 status
= dcerpc_lsa_GetUserName_r(lsa_handle
, mem_ctx
, &r
);
3448 authority_name_p
= *r
.out
.authority_name
;
3450 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
3451 "GetUserName failed");
3452 torture_assert_ntstatus_ok_goto(torture
, r
.out
.result
, ret
, done
,
3453 "GetUserName failed");
3455 torture_comment(torture
, "lsa_GetUserName gave '%s\\%s'\n",
3456 authority_name_p
->string
,
3457 account_name_p
->string
);
3459 account_name_saved
= talloc_strdup(mem_ctx
, account_name_p
->string
);
3460 torture_assert_goto(torture
, (account_name_saved
!= NULL
), ret
, done
,
3462 authority_name_saved
= talloc_strdup(mem_ctx
, authority_name_p
->string
);
3463 torture_assert_goto(torture
, (authority_name_saved
!= NULL
), ret
, done
,
3466 /* smb re-authenticate as anonymous */
3468 anon_creds
= cli_credentials_init_anon(mem_ctx
);
3471 io
.in
.sesskey
= cli
->transport
->negotiate
.sesskey
;
3472 io
.in
.capabilities
= cli
->transport
->negotiate
.capabilities
;
3473 io
.in
.credentials
= anon_creds
;
3474 io
.in
.workgroup
= lpcfg_workgroup(torture
->lp_ctx
);
3475 io
.in
.gensec_settings
= lpcfg_gensec_settings(torture
, torture
->lp_ctx
);
3477 status
= smb_composite_sesssetup(cli
->session
, &io
);
3478 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
3479 "session reauth to anon failed");
3481 /* re-do lsa getusername after reauth */
3483 TALLOC_FREE(authority_name_p
);
3484 TALLOC_FREE(account_name_p
);
3486 r
.in
.system_name
= "\\";
3487 r
.in
.account_name
= &account_name_p
;
3488 r
.in
.authority_name
= &authority_name_p
;
3489 r
.out
.account_name
= &account_name_p
;
3491 status
= dcerpc_lsa_GetUserName_r(lsa_handle
, mem_ctx
, &r
);
3493 authority_name_p
= *r
.out
.authority_name
;
3495 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
3496 "GetUserName failed");
3497 torture_assert_ntstatus_ok_goto(torture
, r
.out
.result
, ret
, done
,
3498 "GetUserName failed");
3500 torture_assert_goto(torture
, (strcmp(authority_name_p
->string
, authority_name_saved
) == 0),
3501 ret
, done
, "authority_name not equal after reauth to anon");
3502 torture_assert_goto(torture
, (strcmp(account_name_p
->string
, account_name_saved
) == 0),
3503 ret
, done
, "account_name not equal after reauth to anon");
3505 /* smb re-auth again to the original user */
3508 io
.in
.sesskey
= cli
->transport
->negotiate
.sesskey
;
3509 io
.in
.capabilities
= cli
->transport
->negotiate
.capabilities
;
3510 io
.in
.credentials
= popt_get_cmdline_credentials();
3511 io
.in
.workgroup
= lpcfg_workgroup(torture
->lp_ctx
);
3512 io
.in
.gensec_settings
= lpcfg_gensec_settings(torture
, torture
->lp_ctx
);
3514 status
= smb_composite_sesssetup(cli
->session
, &io
);
3515 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
3516 "session reauth to anon failed");
3518 /* re-do lsa getusername */
3520 TALLOC_FREE(authority_name_p
);
3521 TALLOC_FREE(account_name_p
);
3523 r
.in
.system_name
= "\\";
3524 r
.in
.account_name
= &account_name_p
;
3525 r
.in
.authority_name
= &authority_name_p
;
3526 r
.out
.account_name
= &account_name_p
;
3528 status
= dcerpc_lsa_GetUserName_r(lsa_handle
, mem_ctx
, &r
);
3530 authority_name_p
= *r
.out
.authority_name
;
3532 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
3533 "GetUserName failed");
3534 torture_assert_ntstatus_ok_goto(torture
, r
.out
.result
, ret
, done
,
3535 "GetUserName failed");
3537 torture_assert_goto(torture
, (strcmp(authority_name_p
->string
, authority_name_saved
) == 0),
3538 ret
, done
, "authority_name not equal after reauth to anon");
3539 torture_assert_goto(torture
, (strcmp(account_name_p
->string
, account_name_saved
) == 0),
3540 ret
, done
, "account_name not equal after reauth to anon");
3545 talloc_free(mem_ctx
);
3550 * Test smb reauthentication while rpc pipe is in use.
3551 * Open a second lsa bind after reauth to anon.
3552 * Do lsa getusername on that second bind.
3554 static bool torture_rpc_smb_reauth2(struct torture_context
*torture
)
3556 TALLOC_CTX
*mem_ctx
;
3559 struct smbcli_state
*cli
;
3560 struct smbcli_options options
;
3561 struct smbcli_session_options session_options
;
3563 struct dcerpc_pipe
*lsa_pipe
;
3564 struct dcerpc_binding_handle
*lsa_handle
;
3565 struct lsa_GetUserName r
;
3566 struct lsa_String
*authority_name_p
= NULL
;
3567 char *authority_name_saved
= NULL
;
3568 struct lsa_String
*account_name_p
= NULL
;
3569 char *account_name_saved
= NULL
;
3570 struct cli_credentials
*anon_creds
= NULL
;
3571 struct smb_composite_sesssetup io
;
3573 mem_ctx
= talloc_init("torture_samba3_reauth");
3574 torture_assert(torture
, (mem_ctx
!= NULL
), "talloc_init failed");
3576 lpcfg_smbcli_options(torture
->lp_ctx
, &options
);
3577 lpcfg_smbcli_session_options(torture
->lp_ctx
, &session_options
);
3579 status
= smbcli_full_connection(mem_ctx
, &cli
,
3580 torture_setting_string(torture
, "host", NULL
),
3581 lpcfg_smb_ports(torture
->lp_ctx
),
3583 lpcfg_socket_options(torture
->lp_ctx
),
3584 popt_get_cmdline_credentials(),
3585 lpcfg_resolve_context(torture
->lp_ctx
),
3586 torture
->ev
, &options
, &session_options
,
3587 lpcfg_gensec_settings(torture
, torture
->lp_ctx
));
3588 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
3589 "smbcli_full_connection failed");
3591 /* smb re-authenticate as anonymous */
3593 anon_creds
= cli_credentials_init_anon(mem_ctx
);
3596 io
.in
.sesskey
= cli
->transport
->negotiate
.sesskey
;
3597 io
.in
.capabilities
= cli
->transport
->negotiate
.capabilities
;
3598 io
.in
.credentials
= anon_creds
;
3599 io
.in
.workgroup
= lpcfg_workgroup(torture
->lp_ctx
);
3600 io
.in
.gensec_settings
= lpcfg_gensec_settings(torture
, torture
->lp_ctx
);
3602 status
= smb_composite_sesssetup(cli
->session
, &io
);
3603 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
3604 "session reauth to anon failed");
3606 /* open the lsa pipe */
3608 status
= pipe_bind_smb(torture
, mem_ctx
, cli
->tree
, "\\lsarpc",
3609 &ndr_table_lsarpc
, &lsa_pipe
);
3610 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
3611 "pipe_bind_smb failed");
3612 lsa_handle
= lsa_pipe
->binding_handle
;
3614 /* lsa getusername */
3617 r
.in
.system_name
= "\\";
3618 r
.in
.account_name
= &account_name_p
;
3619 r
.in
.authority_name
= &authority_name_p
;
3620 r
.out
.account_name
= &account_name_p
;
3622 status
= dcerpc_lsa_GetUserName_r(lsa_handle
, mem_ctx
, &r
);
3624 authority_name_p
= *r
.out
.authority_name
;
3626 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
3627 "GetUserName failed");
3628 torture_assert_ntstatus_ok_goto(torture
, r
.out
.result
, ret
, done
,
3629 "GetUserName failed");
3631 torture_comment(torture
, "lsa_GetUserName gave '%s\\%s'\n",
3632 authority_name_p
->string
,
3633 account_name_p
->string
);
3635 account_name_saved
= talloc_strdup(mem_ctx
, account_name_p
->string
);
3636 torture_assert_goto(torture
, (account_name_saved
!= NULL
), ret
, done
,
3638 authority_name_saved
= talloc_strdup(mem_ctx
, authority_name_p
->string
);
3639 torture_assert_goto(torture
, (authority_name_saved
!= NULL
), ret
, done
,
3642 /* smb re-auth again to the original user */
3645 io
.in
.sesskey
= cli
->transport
->negotiate
.sesskey
;
3646 io
.in
.capabilities
= cli
->transport
->negotiate
.capabilities
;
3647 io
.in
.credentials
= popt_get_cmdline_credentials();
3648 io
.in
.workgroup
= lpcfg_workgroup(torture
->lp_ctx
);
3649 io
.in
.gensec_settings
= lpcfg_gensec_settings(torture
, torture
->lp_ctx
);
3651 status
= smb_composite_sesssetup(cli
->session
, &io
);
3652 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
3653 "session reauth to anon failed");
3655 /* re-do lsa getusername after reauth */
3657 TALLOC_FREE(authority_name_p
);
3658 TALLOC_FREE(account_name_p
);
3660 r
.in
.system_name
= "\\";
3661 r
.in
.account_name
= &account_name_p
;
3662 r
.in
.authority_name
= &authority_name_p
;
3663 r
.out
.account_name
= &account_name_p
;
3665 status
= dcerpc_lsa_GetUserName_r(lsa_handle
, mem_ctx
, &r
);
3667 authority_name_p
= *r
.out
.authority_name
;
3669 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
3670 "GetUserName failed");
3671 torture_assert_ntstatus_ok_goto(torture
, r
.out
.result
, ret
, done
,
3672 "GetUserName failed");
3674 torture_assert_goto(torture
, (strcmp(authority_name_p
->string
, authority_name_saved
) == 0),
3675 ret
, done
, "authority_name not equal after reauth to anon");
3676 torture_assert_goto(torture
, (strcmp(account_name_p
->string
, account_name_saved
) == 0),
3677 ret
, done
, "account_name not equal after reauth to anon");
3682 talloc_free(mem_ctx
);
3687 * Test smb2 reauthentication while rpc pipe is in use.
3689 static bool torture_rpc_smb2_reauth1(struct torture_context
*torture
)
3691 TALLOC_CTX
*mem_ctx
;
3694 struct smbcli_options options
;
3696 struct dcerpc_pipe
*lsa_pipe
;
3697 struct dcerpc_binding_handle
*lsa_handle
;
3698 struct lsa_GetUserName r
;
3699 struct lsa_String
*authority_name_p
= NULL
;
3700 char *authority_name_saved
= NULL
;
3701 struct lsa_String
*account_name_p
= NULL
;
3702 char *account_name_saved
= NULL
;
3703 struct cli_credentials
*anon_creds
= NULL
;
3704 const char *host
= torture_setting_string(torture
, "host", NULL
);
3705 struct smb2_tree
*tree
;
3707 mem_ctx
= talloc_init("torture_samba3_reauth");
3708 torture_assert(torture
, (mem_ctx
!= NULL
), "talloc_init failed");
3710 lpcfg_smbcli_options(torture
->lp_ctx
, &options
);
3712 status
= smb2_connect(mem_ctx
,
3714 lpcfg_smb_ports(torture
->lp_ctx
),
3716 lpcfg_resolve_context(torture
->lp_ctx
),
3717 popt_get_cmdline_credentials(),
3721 lpcfg_socket_options(torture
->lp_ctx
),
3722 lpcfg_gensec_settings(torture
, torture
->lp_ctx
)
3724 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
3725 "smb2_connect failed");
3727 status
= pipe_bind_smb2(torture
, mem_ctx
, tree
, "lsarpc",
3728 &ndr_table_lsarpc
, &lsa_pipe
);
3729 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
3730 "pipe_bind_smb2 failed");
3731 lsa_handle
= lsa_pipe
->binding_handle
;
3733 /* lsa getusername */
3736 r
.in
.system_name
= "\\";
3737 r
.in
.account_name
= &account_name_p
;
3738 r
.in
.authority_name
= &authority_name_p
;
3739 r
.out
.account_name
= &account_name_p
;
3741 status
= dcerpc_lsa_GetUserName_r(lsa_handle
, mem_ctx
, &r
);
3743 authority_name_p
= *r
.out
.authority_name
;
3745 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
3746 "GetUserName failed");
3747 torture_assert_ntstatus_ok_goto(torture
, r
.out
.result
, ret
, done
,
3748 "GetUserName failed");
3750 torture_comment(torture
, "lsa_GetUserName gave '%s\\%s'\n",
3751 authority_name_p
->string
,
3752 account_name_p
->string
);
3754 account_name_saved
= talloc_strdup(mem_ctx
, account_name_p
->string
);
3755 torture_assert_goto(torture
, (account_name_saved
!= NULL
), ret
, done
,
3757 authority_name_saved
= talloc_strdup(mem_ctx
, authority_name_p
->string
);
3758 torture_assert_goto(torture
, (authority_name_saved
!= NULL
), ret
, done
,
3761 /* smb re-authenticate as anonymous */
3763 anon_creds
= cli_credentials_init_anon(mem_ctx
);
3765 status
= smb2_session_setup_spnego(tree
->session
,
3767 0 /* previous_session_id */);
3768 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
3769 "session reauth to anon failed");
3771 /* re-do lsa getusername after reauth */
3773 TALLOC_FREE(authority_name_p
);
3774 TALLOC_FREE(account_name_p
);
3776 r
.in
.system_name
= "\\";
3777 r
.in
.account_name
= &account_name_p
;
3778 r
.in
.authority_name
= &authority_name_p
;
3779 r
.out
.account_name
= &account_name_p
;
3781 status
= dcerpc_lsa_GetUserName_r(lsa_handle
, mem_ctx
, &r
);
3783 authority_name_p
= *r
.out
.authority_name
;
3785 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
3786 "GetUserName failed");
3787 torture_assert_ntstatus_ok_goto(torture
, r
.out
.result
, ret
, done
,
3788 "GetUserName failed");
3790 torture_assert_goto(torture
, (strcmp(authority_name_p
->string
, authority_name_saved
) == 0),
3791 ret
, done
, "authority_name not equal after reauth to anon");
3792 torture_assert_goto(torture
, (strcmp(account_name_p
->string
, account_name_saved
) == 0),
3793 ret
, done
, "account_name not equal after reauth to anon");
3795 /* smb re-auth again to the original user */
3797 status
= smb2_session_setup_spnego(tree
->session
,
3798 popt_get_cmdline_credentials(),
3799 0 /* previous_session_id */);
3800 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
3801 "session reauth to anon failed");
3803 /* re-do lsa getusername */
3805 TALLOC_FREE(authority_name_p
);
3806 TALLOC_FREE(account_name_p
);
3808 r
.in
.system_name
= "\\";
3809 r
.in
.account_name
= &account_name_p
;
3810 r
.in
.authority_name
= &authority_name_p
;
3811 r
.out
.account_name
= &account_name_p
;
3813 status
= dcerpc_lsa_GetUserName_r(lsa_handle
, mem_ctx
, &r
);
3815 authority_name_p
= *r
.out
.authority_name
;
3817 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
3818 "GetUserName failed");
3819 torture_assert_ntstatus_ok_goto(torture
, r
.out
.result
, ret
, done
,
3820 "GetUserName failed");
3822 torture_assert_goto(torture
, (strcmp(authority_name_p
->string
, authority_name_saved
) == 0),
3823 ret
, done
, "authority_name not equal after reauth to anon");
3824 torture_assert_goto(torture
, (strcmp(account_name_p
->string
, account_name_saved
) == 0),
3825 ret
, done
, "account_name not equal after reauth to anon");
3830 talloc_free(mem_ctx
);
3835 * Test smb2 reauthentication while rpc pipe is in use.
3836 * Open a second lsa bind after reauth to anon.
3837 * Do lsa getusername on that second bind.
3839 static bool torture_rpc_smb2_reauth2(struct torture_context
*torture
)
3841 TALLOC_CTX
*mem_ctx
;
3844 struct smbcli_options options
;
3846 struct dcerpc_pipe
*lsa_pipe
;
3847 struct dcerpc_binding_handle
*lsa_handle
;
3848 struct lsa_GetUserName r
;
3849 struct lsa_String
*authority_name_p
= NULL
;
3850 char *authority_name_saved
= NULL
;
3851 struct lsa_String
*account_name_p
= NULL
;
3852 char *account_name_saved
= NULL
;
3853 struct cli_credentials
*anon_creds
= NULL
;
3854 const char *host
= torture_setting_string(torture
, "host", NULL
);
3855 struct smb2_tree
*tree
;
3857 mem_ctx
= talloc_init("torture_samba3_reauth");
3858 torture_assert(torture
, (mem_ctx
!= NULL
), "talloc_init failed");
3860 lpcfg_smbcli_options(torture
->lp_ctx
, &options
);
3862 status
= smb2_connect(mem_ctx
,
3864 lpcfg_smb_ports(torture
->lp_ctx
),
3866 lpcfg_resolve_context(torture
->lp_ctx
),
3867 popt_get_cmdline_credentials(),
3871 lpcfg_socket_options(torture
->lp_ctx
),
3872 lpcfg_gensec_settings(torture
, torture
->lp_ctx
)
3874 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
3875 "smb2_connect failed");
3877 /* smb re-authenticate as anonymous */
3879 anon_creds
= cli_credentials_init_anon(mem_ctx
);
3881 status
= smb2_session_setup_spnego(tree
->session
,
3883 0 /* previous_session_id */);
3884 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
3885 "session reauth to anon failed");
3887 /* open the lsa pipe */
3889 status
= pipe_bind_smb2(torture
, mem_ctx
, tree
, "lsarpc",
3890 &ndr_table_lsarpc
, &lsa_pipe
);
3891 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
3892 "pipe_bind_smb2 failed");
3893 lsa_handle
= lsa_pipe
->binding_handle
;
3895 /* lsa getusername */
3898 r
.in
.system_name
= "\\";
3899 r
.in
.account_name
= &account_name_p
;
3900 r
.in
.authority_name
= &authority_name_p
;
3901 r
.out
.account_name
= &account_name_p
;
3903 status
= dcerpc_lsa_GetUserName_r(lsa_handle
, mem_ctx
, &r
);
3905 authority_name_p
= *r
.out
.authority_name
;
3907 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
3908 "GetUserName failed");
3909 torture_assert_ntstatus_ok_goto(torture
, r
.out
.result
, ret
, done
,
3910 "GetUserName failed");
3912 torture_comment(torture
, "lsa_GetUserName gave '%s\\%s'\n",
3913 authority_name_p
->string
,
3914 account_name_p
->string
);
3916 account_name_saved
= talloc_strdup(mem_ctx
, account_name_p
->string
);
3917 torture_assert_goto(torture
, (account_name_saved
!= NULL
), ret
, done
,
3919 authority_name_saved
= talloc_strdup(mem_ctx
, authority_name_p
->string
);
3920 torture_assert_goto(torture
, (authority_name_saved
!= NULL
), ret
, done
,
3923 /* smb re-auth again to the original user */
3925 status
= smb2_session_setup_spnego(tree
->session
,
3926 popt_get_cmdline_credentials(),
3927 0 /* previous_session_id */);
3928 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
3929 "session reauth to anon failed");
3931 /* re-do lsa getusername */
3933 TALLOC_FREE(authority_name_p
);
3934 TALLOC_FREE(account_name_p
);
3936 r
.in
.system_name
= "\\";
3937 r
.in
.account_name
= &account_name_p
;
3938 r
.in
.authority_name
= &authority_name_p
;
3939 r
.out
.account_name
= &account_name_p
;
3941 status
= dcerpc_lsa_GetUserName_r(lsa_handle
, mem_ctx
, &r
);
3943 authority_name_p
= *r
.out
.authority_name
;
3945 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
3946 "GetUserName failed");
3947 torture_assert_ntstatus_ok_goto(torture
, r
.out
.result
, ret
, done
,
3948 "GetUserName failed");
3950 torture_assert_goto(torture
, (strcmp(authority_name_p
->string
, authority_name_saved
) == 0),
3951 ret
, done
, "authority_name not equal after reauth to anon");
3952 torture_assert_goto(torture
, (strcmp(account_name_p
->string
, account_name_saved
) == 0),
3953 ret
, done
, "account_name not equal after reauth to anon");
3958 talloc_free(mem_ctx
);
3962 static bool torture_rpc_smb1_pipe_name(struct torture_context
*torture
)
3964 TALLOC_CTX
*mem_ctx
;
3967 struct smbcli_state
*cli
;
3968 struct smbcli_options options
;
3969 struct smbcli_session_options session_options
;
3974 mem_ctx
= talloc_init("torture_samba3_smb1_pipe_name");
3975 torture_assert(torture
, (mem_ctx
!= NULL
), "talloc_init failed");
3977 lpcfg_smbcli_options(torture
->lp_ctx
, &options
);
3978 lpcfg_smbcli_session_options(torture
->lp_ctx
, &session_options
);
3980 status
= smbcli_full_connection(mem_ctx
, &cli
,
3981 torture_setting_string(torture
, "host", NULL
),
3982 lpcfg_smb_ports(torture
->lp_ctx
),
3984 lpcfg_socket_options(torture
->lp_ctx
),
3985 popt_get_cmdline_credentials(),
3986 lpcfg_resolve_context(torture
->lp_ctx
),
3987 torture
->ev
, &options
, &session_options
,
3988 lpcfg_gensec_settings(torture
, torture
->lp_ctx
));
3989 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
3990 "smbcli_full_connection failed");
3993 io
.generic
.level
= RAW_OPEN_NTCREATEX
;
3994 io
.ntcreatex
.in
.access_mask
= DESIRED_ACCESS_PIPE
;
3995 io
.ntcreatex
.in
.share_access
= NTCREATEX_SHARE_ACCESS_READ
|
3996 NTCREATEX_SHARE_ACCESS_WRITE
;
3997 io
.ntcreatex
.in
.open_disposition
= NTCREATEX_DISP_OPEN
;
3998 io
.ntcreatex
.in
.impersonation
= NTCREATEX_IMPERSONATION_IMPERSONATION
;
3999 io
.ntcreatex
.in
.security_flags
= 0;
4001 io
.ntcreatex
.in
.fname
= "__none__";
4002 status
= smb_raw_open(cli
->tree
, torture
, &io
);
4003 torture_assert_ntstatus_equal_goto(torture
, status
, NT_STATUS_OBJECT_NAME_NOT_FOUND
,
4005 "smb_raw_open for '__none__'");
4007 io
.ntcreatex
.in
.fname
= "pipe\\srvsvc";
4008 status
= smb_raw_open(cli
->tree
, torture
, &io
);
4009 torture_assert_ntstatus_equal_goto(torture
, status
, NT_STATUS_OBJECT_NAME_NOT_FOUND
,
4011 "smb_raw_open for 'pipe\\srvsvc'");
4013 io
.ntcreatex
.in
.fname
= "\\pipe\\srvsvc";
4014 status
= smb_raw_open(cli
->tree
, torture
, &io
);
4015 torture_assert_ntstatus_equal_goto(torture
, status
, NT_STATUS_OBJECT_NAME_NOT_FOUND
,
4017 "smb_raw_open for '\\pipe\\srvsvc'");
4019 io
.ntcreatex
.in
.fname
= "srvsvc";
4020 status
= smb_raw_open(cli
->tree
, torture
, &io
);
4021 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
4022 "smb2_create failed for 'srvsvc'");
4023 fnum
= io
.ntcreatex
.out
.file
.fnum
;
4025 cl
.generic
.level
= RAW_CLOSE_CLOSE
;
4026 cl
.close
.in
.file
.fnum
= fnum
;
4027 status
= smb_raw_close(cli
->tree
, &cl
);
4028 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
4029 "smb_raw_close failed");
4031 io
.ntcreatex
.in
.fname
= "\\srvsvc";
4032 status
= smb_raw_open(cli
->tree
, torture
, &io
);
4033 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
4034 "smb2_create failed for '\\srvsvc'");
4035 fnum
= io
.ntcreatex
.out
.file
.fnum
;
4037 cl
.generic
.level
= RAW_CLOSE_CLOSE
;
4038 cl
.close
.in
.file
.fnum
= fnum
;
4039 status
= smb_raw_close(cli
->tree
, &cl
);
4040 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
4041 "smb_raw_close failed");
4043 io
.ntcreatex
.in
.fname
= "\\\\\\\\\\srvsvc";
4044 status
= smb_raw_open(cli
->tree
, torture
, &io
);
4045 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
4046 "smb2_create failed for '\\\\\\\\\\srvsvc'");
4047 fnum
= io
.ntcreatex
.out
.file
.fnum
;
4049 cl
.generic
.level
= RAW_CLOSE_CLOSE
;
4050 cl
.close
.in
.file
.fnum
= fnum
;
4051 status
= smb_raw_close(cli
->tree
, &cl
);
4052 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
4053 "smb_raw_close failed");
4056 io
.generic
.level
= RAW_OPEN_NTTRANS_CREATE
;
4057 io
.nttrans
.in
.access_mask
= DESIRED_ACCESS_PIPE
;
4058 io
.nttrans
.in
.share_access
= NTCREATEX_SHARE_ACCESS_READ
|
4059 NTCREATEX_SHARE_ACCESS_WRITE
;
4060 io
.nttrans
.in
.open_disposition
= NTCREATEX_DISP_OPEN
;
4061 io
.nttrans
.in
.impersonation
= NTCREATEX_IMPERSONATION_IMPERSONATION
;
4062 io
.nttrans
.in
.security_flags
= 0;
4064 io
.nttrans
.in
.fname
= "__none__";
4065 status
= smb_raw_open(cli
->tree
, torture
, &io
);
4066 torture_assert_ntstatus_equal_goto(torture
, status
, NT_STATUS_OBJECT_NAME_NOT_FOUND
,
4068 "smb_raw_open for '__none__'");
4070 io
.nttrans
.in
.fname
= "pipe\\srvsvc";
4071 status
= smb_raw_open(cli
->tree
, torture
, &io
);
4072 torture_assert_ntstatus_equal_goto(torture
, status
, NT_STATUS_OBJECT_NAME_NOT_FOUND
,
4074 "smb_raw_open for 'pipe\\srvsvc'");
4076 io
.nttrans
.in
.fname
= "\\pipe\\srvsvc";
4077 status
= smb_raw_open(cli
->tree
, torture
, &io
);
4078 torture_assert_ntstatus_equal_goto(torture
, status
, NT_STATUS_OBJECT_NAME_NOT_FOUND
,
4080 "smb_raw_open for '\\pipe\\srvsvc'");
4082 io
.nttrans
.in
.fname
= "srvsvc";
4083 status
= smb_raw_open(cli
->tree
, torture
, &io
);
4084 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
4085 "smb2_create failed for 'srvsvc'");
4086 fnum
= io
.nttrans
.out
.file
.fnum
;
4088 cl
.generic
.level
= RAW_CLOSE_CLOSE
;
4089 cl
.close
.in
.file
.fnum
= fnum
;
4090 status
= smb_raw_close(cli
->tree
, &cl
);
4091 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
4092 "smb_raw_close failed");
4094 io
.nttrans
.in
.fname
= "\\srvsvc";
4095 status
= smb_raw_open(cli
->tree
, torture
, &io
);
4096 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
4097 "smb2_create failed for '\\srvsvc'");
4098 fnum
= io
.nttrans
.out
.file
.fnum
;
4100 cl
.generic
.level
= RAW_CLOSE_CLOSE
;
4101 cl
.close
.in
.file
.fnum
= fnum
;
4102 status
= smb_raw_close(cli
->tree
, &cl
);
4103 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
4104 "smb_raw_close failed");
4106 io
.nttrans
.in
.fname
= "\\\\\\\\\\srvsvc";
4107 status
= smb_raw_open(cli
->tree
, torture
, &io
);
4108 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
4109 "smb2_create failed for '\\\\\\\\\\srvsvc'");
4110 fnum
= io
.nttrans
.out
.file
.fnum
;
4112 cl
.generic
.level
= RAW_CLOSE_CLOSE
;
4113 cl
.close
.in
.file
.fnum
= fnum
;
4114 status
= smb_raw_close(cli
->tree
, &cl
);
4115 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
4116 "smb_raw_close failed");
4119 io
.generic
.level
= RAW_OPEN_OPENX
;
4120 io
.openx
.in
.open_mode
= OPENX_MODE_ACCESS_RDWR
;
4121 io
.openx
.in
.open_func
= OPENX_OPEN_FUNC_OPEN
;
4123 io
.openx
.in
.fname
= "__none__";
4124 status
= smb_raw_open(cli
->tree
, torture
, &io
);
4125 torture_assert_ntstatus_equal_goto(torture
, status
, NT_STATUS_OBJECT_PATH_SYNTAX_BAD
,
4127 "smb_raw_open for '__none__'");
4129 io
.openx
.in
.fname
= "srvsvc";
4130 status
= smb_raw_open(cli
->tree
, torture
, &io
);
4131 torture_assert_ntstatus_equal_goto(torture
, status
, NT_STATUS_OBJECT_PATH_SYNTAX_BAD
,
4133 "smb_raw_open for 'srvsvc'");
4135 io
.openx
.in
.fname
= "\\srvsvc";
4136 status
= smb_raw_open(cli
->tree
, torture
, &io
);
4137 torture_assert_ntstatus_equal_goto(torture
, status
, NT_STATUS_OBJECT_PATH_SYNTAX_BAD
,
4139 "smb_raw_open for '\\srvsvc'");
4141 io
.openx
.in
.fname
= "\\pipesrvsvc";
4142 status
= smb_raw_open(cli
->tree
, torture
, &io
);
4143 torture_assert_ntstatus_equal_goto(torture
, status
, NT_STATUS_OBJECT_PATH_SYNTAX_BAD
,
4145 "smb_raw_open for '\\pipesrvsvc'");
4147 io
.openx
.in
.fname
= "pipe\\__none__";
4148 status
= smb_raw_open(cli
->tree
, torture
, &io
);
4149 torture_assert_ntstatus_equal_goto(torture
, status
, NT_STATUS_OBJECT_NAME_NOT_FOUND
,
4151 "smb_raw_open for 'pipe\\__none__'");
4153 io
.openx
.in
.fname
= "\\pipe\\__none__";
4154 status
= smb_raw_open(cli
->tree
, torture
, &io
);
4155 torture_assert_ntstatus_equal_goto(torture
, status
, NT_STATUS_OBJECT_NAME_NOT_FOUND
,
4157 "smb_raw_open for '\\pipe\\__none__'");
4159 io
.openx
.in
.fname
= "pipe\\srvsvc";
4160 status
= smb_raw_open(cli
->tree
, torture
, &io
);
4161 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
4162 "smb2_create failed for 'pipe\\srvsvc'");
4163 fnum
= io
.openx
.out
.file
.fnum
;
4165 cl
.generic
.level
= RAW_CLOSE_CLOSE
;
4166 cl
.close
.in
.file
.fnum
= fnum
;
4167 status
= smb_raw_close(cli
->tree
, &cl
);
4168 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
4169 "smb_raw_close failed");
4171 io
.openx
.in
.fname
= "\\pipe\\srvsvc";
4172 status
= smb_raw_open(cli
->tree
, torture
, &io
);
4173 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
4174 "smb2_create failed for '\\pipe\\srvsvc'");
4175 fnum
= io
.openx
.out
.file
.fnum
;
4177 cl
.generic
.level
= RAW_CLOSE_CLOSE
;
4178 cl
.close
.in
.file
.fnum
= fnum
;
4179 status
= smb_raw_close(cli
->tree
, &cl
);
4180 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
4181 "smb_raw_close failed");
4183 io
.openx
.in
.fname
= "\\\\\\\\\\pipe\\srvsvc";
4184 status
= smb_raw_open(cli
->tree
, torture
, &io
);
4185 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
4186 "smb2_create failed for '\\\\\\\\\\pipe\\srvsvc'");
4187 fnum
= io
.openx
.out
.file
.fnum
;
4189 cl
.generic
.level
= RAW_CLOSE_CLOSE
;
4190 cl
.close
.in
.file
.fnum
= fnum
;
4191 status
= smb_raw_close(cli
->tree
, &cl
);
4192 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
4193 "smb_raw_close failed");
4195 io
.openx
.in
.fname
= "\\\\\\\\\\pipe\\\\\\\\\\srvsvc";
4196 status
= smb_raw_open(cli
->tree
, torture
, &io
);
4197 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
4198 "smb2_create failed for '\\\\\\\\\\pipe\\\\\\\\\\srvsvc'");
4199 fnum
= io
.openx
.out
.file
.fnum
;
4201 cl
.generic
.level
= RAW_CLOSE_CLOSE
;
4202 cl
.close
.in
.file
.fnum
= fnum
;
4203 status
= smb_raw_close(cli
->tree
, &cl
);
4204 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
4205 "smb_raw_close failed");
4209 talloc_free(mem_ctx
);
4213 static bool torture_rpc_smb2_pipe_name(struct torture_context
*torture
)
4215 TALLOC_CTX
*mem_ctx
;
4218 struct smbcli_options options
;
4219 const char *host
= torture_setting_string(torture
, "host", NULL
);
4220 struct smb2_tree
*tree
;
4221 struct smb2_handle h
;
4222 struct smb2_create io
;
4224 mem_ctx
= talloc_init("torture_samba3_smb2_pipe_name");
4225 torture_assert(torture
, (mem_ctx
!= NULL
), "talloc_init failed");
4227 lpcfg_smbcli_options(torture
->lp_ctx
, &options
);
4229 status
= smb2_connect(mem_ctx
,
4231 lpcfg_smb_ports(torture
->lp_ctx
),
4233 lpcfg_resolve_context(torture
->lp_ctx
),
4234 popt_get_cmdline_credentials(),
4238 lpcfg_socket_options(torture
->lp_ctx
),
4239 lpcfg_gensec_settings(torture
, torture
->lp_ctx
)
4241 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
4242 "smb2_connect failed");
4245 io
.in
.oplock_level
= 0;
4246 io
.in
.desired_access
= DESIRED_ACCESS_PIPE
;
4247 io
.in
.impersonation_level
= SMB2_IMPERSONATION_IMPERSONATION
;
4248 io
.in
.file_attributes
= 0;
4249 io
.in
.create_disposition
= NTCREATEX_DISP_OPEN
;
4250 io
.in
.share_access
=
4251 NTCREATEX_SHARE_ACCESS_READ
|
4252 NTCREATEX_SHARE_ACCESS_WRITE
;
4253 io
.in
.create_options
= 0;
4255 io
.in
.fname
= "__none__";
4256 status
= smb2_create(tree
, tree
, &io
);
4257 torture_assert_ntstatus_equal_goto(torture
, status
, NT_STATUS_OBJECT_NAME_NOT_FOUND
,
4259 "smb2_create for '__none__'");
4261 io
.in
.fname
= "\\srvsvc";
4262 status
= smb2_create(tree
, tree
, &io
);
4263 torture_assert_ntstatus_equal_goto(torture
, status
, NT_STATUS_OBJECT_NAME_NOT_FOUND
,
4265 "smb2_create for '\\srvsvc'");
4267 io
.in
.fname
= "\\pipe\\srvsvc";
4268 status
= smb2_create(tree
, tree
, &io
);
4269 torture_assert_ntstatus_equal_goto(torture
, status
, NT_STATUS_OBJECT_NAME_NOT_FOUND
,
4271 "smb2_create for '\\pipe\\srvsvc'");
4273 io
.in
.fname
= "pipe\\srvsvc";
4274 status
= smb2_create(tree
, tree
, &io
);
4275 torture_assert_ntstatus_equal_goto(torture
, status
, NT_STATUS_OBJECT_NAME_NOT_FOUND
,
4277 "smb2_create for 'pipe\\srvsvc'");
4279 io
.in
.fname
= "srvsvc";
4280 status
= smb2_create(tree
, tree
, &io
);
4281 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
4282 "smb2_create failed for 'srvsvc'");
4284 h
= io
.out
.file
.handle
;
4286 status
= smb2_util_close(tree
, h
);
4287 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
4288 "smb2_util_close failed");
4292 talloc_free(mem_ctx
);
4297 * Test behaviour of a waiting read call on a pipe when
4298 * the pipe handle is closed:
4299 * - open a pipe via smb2
4300 * - trigger a read which hangs since there is nothing to read
4301 * - close the pipe file handle
4302 * - wait for the read to return and check the status
4303 * (STATUS_PIPE_BROKEN)
4305 static bool torture_rpc_smb2_pipe_read_close(struct torture_context
*torture
)
4307 TALLOC_CTX
*mem_ctx
;
4310 struct smbcli_options options
;
4311 const char *host
= torture_setting_string(torture
, "host", NULL
);
4312 struct smb2_tree
*tree
;
4313 struct smb2_handle h
;
4314 struct smb2_request
*smb2req
;
4315 struct smb2_create io
;
4316 struct smb2_read rd
;
4318 mem_ctx
= talloc_init("torture_samba3_pipe_read_close");
4319 torture_assert(torture
, (mem_ctx
!= NULL
), "talloc_init failed");
4321 lpcfg_smbcli_options(torture
->lp_ctx
, &options
);
4323 status
= smb2_connect(mem_ctx
,
4325 lpcfg_smb_ports(torture
->lp_ctx
),
4327 lpcfg_resolve_context(torture
->lp_ctx
),
4328 popt_get_cmdline_credentials(),
4332 lpcfg_socket_options(torture
->lp_ctx
),
4333 lpcfg_gensec_settings(torture
, torture
->lp_ctx
)
4335 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
4336 "smb2_connect failed");
4339 io
.in
.oplock_level
= 0;
4340 io
.in
.desired_access
= DESIRED_ACCESS_PIPE
;
4341 io
.in
.impersonation_level
= SMB2_IMPERSONATION_IMPERSONATION
;
4342 io
.in
.file_attributes
= 0;
4343 io
.in
.create_disposition
= NTCREATEX_DISP_OPEN
;
4344 io
.in
.share_access
=
4345 NTCREATEX_SHARE_ACCESS_READ
|
4346 NTCREATEX_SHARE_ACCESS_WRITE
;
4347 io
.in
.create_options
= 0;
4348 io
.in
.fname
= "lsarpc";
4350 status
= smb2_create(tree
, tree
, &io
);
4351 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
4352 "smb2_create failed for 'lsarpc'");
4354 h
= io
.out
.file
.handle
;
4357 rd
.in
.file
.handle
= h
;
4358 rd
.in
.length
= 1024;
4360 rd
.in
.min_count
= 0;
4362 smb2req
= smb2_read_send(tree
, &rd
);
4363 torture_assert_goto(torture
, (smb2req
!= NULL
), ret
, done
,
4364 "smb2_read_send failed");
4366 status
= smb2_util_close(tree
, h
);
4367 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
4368 "smb2_util_close failed");
4370 status
= smb2_read_recv(smb2req
, mem_ctx
, &rd
);
4371 torture_assert_ntstatus_equal_goto(torture
, status
, NT_STATUS_PIPE_BROKEN
, ret
, done
,
4372 "smb2_read_recv: unexpected return code");
4376 talloc_free(mem_ctx
);
4381 * Test behaviour of a waiting read call on a pipe when
4382 * the tree is disconnected.
4383 * - open a pipe via smb2
4384 * - trigger a read which hangs since there is nothing to read
4385 * - do a tree disconnect
4386 * - wait for the read to return and check the status
4387 * (STATUS_PIPE_BROKEN)
4389 static bool torture_rpc_smb2_pipe_read_tdis(struct torture_context
*torture
)
4391 TALLOC_CTX
*mem_ctx
;
4394 struct smbcli_options options
;
4395 const char *host
= torture_setting_string(torture
, "host", NULL
);
4396 struct smb2_tree
*tree
;
4397 struct smb2_handle h
;
4398 struct smb2_request
*smb2req
;
4399 struct smb2_create io
;
4400 struct smb2_read rd
;
4402 mem_ctx
= talloc_init("torture_samba3_pipe_read_tdis");
4403 torture_assert(torture
, (mem_ctx
!= NULL
), "talloc_init failed");
4405 lpcfg_smbcli_options(torture
->lp_ctx
, &options
);
4407 status
= smb2_connect(mem_ctx
,
4409 lpcfg_smb_ports(torture
->lp_ctx
),
4411 lpcfg_resolve_context(torture
->lp_ctx
),
4412 popt_get_cmdline_credentials(),
4416 lpcfg_socket_options(torture
->lp_ctx
),
4417 lpcfg_gensec_settings(torture
, torture
->lp_ctx
)
4419 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
4420 "smb2_connect failed");
4423 io
.in
.oplock_level
= 0;
4424 io
.in
.desired_access
= DESIRED_ACCESS_PIPE
;
4425 io
.in
.impersonation_level
= SMB2_IMPERSONATION_IMPERSONATION
;
4426 io
.in
.file_attributes
= 0;
4427 io
.in
.create_disposition
= NTCREATEX_DISP_OPEN
;
4428 io
.in
.share_access
=
4429 NTCREATEX_SHARE_ACCESS_READ
|
4430 NTCREATEX_SHARE_ACCESS_WRITE
;
4431 io
.in
.create_options
= 0;
4432 io
.in
.fname
= "lsarpc";
4434 status
= smb2_create(tree
, tree
, &io
);
4435 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
4436 "smb2_create failed for 'lsarpc'");
4438 h
= io
.out
.file
.handle
;
4441 rd
.in
.file
.handle
= h
;
4442 rd
.in
.length
= 1024;
4444 rd
.in
.min_count
= 0;
4446 smb2req
= smb2_read_send(tree
, &rd
);
4447 torture_assert_goto(torture
, (smb2req
!= NULL
), ret
, done
,
4448 "smb2_read_send failed");
4450 status
= smb2_tdis(tree
);
4451 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
4452 "smb2_tdis failed");
4454 status
= smb2_read_recv(smb2req
, mem_ctx
, &rd
);
4455 torture_assert_ntstatus_equal_goto(torture
, status
, NT_STATUS_PIPE_BROKEN
, ret
, done
,
4456 "smb2_read_recv: unexpected return code");
4460 talloc_free(mem_ctx
);
4465 * Test behaviour of a waiting read call on a pipe when
4467 * - open a pipe via smb2
4468 * - trigger a read which hangs since there is nothing to read
4470 * - wait for the read to return and check the status
4471 * (STATUS_PIPE_BROKEN)
4473 static bool torture_rpc_smb2_pipe_read_logoff(struct torture_context
*torture
)
4475 TALLOC_CTX
*mem_ctx
;
4478 struct smbcli_options options
;
4479 const char *host
= torture_setting_string(torture
, "host", NULL
);
4480 struct smb2_tree
*tree
;
4481 struct smb2_handle h
;
4482 struct smb2_request
*smb2req
;
4483 struct smb2_create io
;
4484 struct smb2_read rd
;
4486 mem_ctx
= talloc_init("torture_samba3_pipe_read_tdis");
4487 torture_assert(torture
, (mem_ctx
!= NULL
), "talloc_init failed");
4489 lpcfg_smbcli_options(torture
->lp_ctx
, &options
);
4491 status
= smb2_connect(mem_ctx
,
4493 lpcfg_smb_ports(torture
->lp_ctx
),
4495 lpcfg_resolve_context(torture
->lp_ctx
),
4496 popt_get_cmdline_credentials(),
4500 lpcfg_socket_options(torture
->lp_ctx
),
4501 lpcfg_gensec_settings(torture
, torture
->lp_ctx
)
4503 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
4504 "smb2_connect failed");
4507 io
.in
.oplock_level
= 0;
4508 io
.in
.desired_access
= DESIRED_ACCESS_PIPE
;
4509 io
.in
.impersonation_level
= SMB2_IMPERSONATION_IMPERSONATION
;
4510 io
.in
.file_attributes
= 0;
4511 io
.in
.create_disposition
= NTCREATEX_DISP_OPEN
;
4512 io
.in
.share_access
=
4513 NTCREATEX_SHARE_ACCESS_READ
|
4514 NTCREATEX_SHARE_ACCESS_WRITE
;
4515 io
.in
.create_options
= 0;
4516 io
.in
.fname
= "lsarpc";
4518 status
= smb2_create(tree
, tree
, &io
);
4519 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
4520 "smb2_create failed for 'lsarpc'");
4522 h
= io
.out
.file
.handle
;
4525 rd
.in
.file
.handle
= h
;
4526 rd
.in
.length
= 1024;
4528 rd
.in
.min_count
= 0;
4530 smb2req
= smb2_read_send(tree
, &rd
);
4531 torture_assert_goto(torture
, (smb2req
!= NULL
), ret
, done
,
4532 "smb2_read_send failed");
4534 status
= smb2_logoff(tree
->session
);
4535 torture_assert_ntstatus_ok_goto(torture
, status
, ret
, done
,
4536 "smb2_logoff failed");
4538 status
= smb2_read_recv(smb2req
, mem_ctx
, &rd
);
4539 torture_assert_ntstatus_equal_goto(torture
, status
, NT_STATUS_PIPE_BROKEN
, ret
, done
,
4540 "smb2_read_recv: unexpected return code");
4544 talloc_free(mem_ctx
);
4549 struct torture_suite
*torture_rpc_samba3(TALLOC_CTX
*mem_ctx
)
4551 struct torture_suite
*suite
= torture_suite_create(mem_ctx
, "samba3");
4553 torture_suite_add_simple_test(suite
, "bind", torture_bind_samba3
);
4554 torture_suite_add_simple_test(suite
, "netlogon", torture_netlogon_samba3
);
4555 torture_suite_add_simple_test(suite
, "sessionkey", torture_samba3_sessionkey
);
4556 torture_suite_add_simple_test(suite
, "srvsvc", torture_samba3_rpc_srvsvc
);
4557 torture_suite_add_simple_test(suite
, "sharesec", torture_samba3_rpc_sharesec
);
4558 torture_suite_add_simple_test(suite
, "getusername", torture_samba3_rpc_getusername
);
4559 torture_suite_add_simple_test(suite
, "randomauth2", torture_samba3_rpc_randomauth2
);
4560 torture_suite_add_simple_test(suite
, "lsa", torture_samba3_rpc_lsa
);
4561 torture_suite_add_simple_test(suite
, "spoolss", torture_samba3_rpc_spoolss
);
4562 torture_suite_add_simple_test(suite
, "wkssvc", torture_samba3_rpc_wkssvc
);
4563 torture_suite_add_simple_test(suite
, "winreg", torture_samba3_rpc_winreg
);
4564 torture_suite_add_simple_test(suite
, "getaliasmembership-0", torture_samba3_getaliasmembership_0
);
4565 torture_suite_add_simple_test(suite
, "regconfig", torture_samba3_regconfig
);
4566 torture_suite_add_simple_test(suite
, "smb-reauth1", torture_rpc_smb_reauth1
);
4567 torture_suite_add_simple_test(suite
, "smb-reauth2", torture_rpc_smb_reauth2
);
4568 torture_suite_add_simple_test(suite
, "smb2-reauth1", torture_rpc_smb2_reauth1
);
4569 torture_suite_add_simple_test(suite
, "smb2-reauth2", torture_rpc_smb2_reauth2
);
4570 torture_suite_add_simple_test(suite
, "smb1-pipe-name", torture_rpc_smb1_pipe_name
);
4571 torture_suite_add_simple_test(suite
, "smb2-pipe-name", torture_rpc_smb2_pipe_name
);
4572 torture_suite_add_simple_test(suite
, "smb2-pipe-read-close", torture_rpc_smb2_pipe_read_close
);
4573 torture_suite_add_simple_test(suite
, "smb2-pipe-read-tdis", torture_rpc_smb2_pipe_read_tdis
);
4574 torture_suite_add_simple_test(suite
, "smb2-pipe-read-logoff", torture_rpc_smb2_pipe_read_logoff
);
4576 suite
->description
= talloc_strdup(suite
, "samba3 DCERPC interface tests");